WO2009103214A1 - Procédé de communication à authentification de réseau et système de réseau maillé - Google Patents

Procédé de communication à authentification de réseau et système de réseau maillé Download PDF

Info

Publication number
WO2009103214A1
WO2009103214A1 PCT/CN2008/073615 CN2008073615W WO2009103214A1 WO 2009103214 A1 WO2009103214 A1 WO 2009103214A1 CN 2008073615 W CN2008073615 W CN 2008073615W WO 2009103214 A1 WO2009103214 A1 WO 2009103214A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
identifier
mkd
network
network device
Prior art date
Application number
PCT/CN2008/073615
Other languages
English (en)
Chinese (zh)
Inventor
樊唱东
莫良耀
冯丹凤
张慧敏
张炜
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2009103214A1 publication Critical patent/WO2009103214A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Definitions

  • the present invention relates to a network authentication communication method and a mesh network system, and more particularly to a method for authenticating a network device in a wireless mesh network and establishing a key for secure communication between devices, and a network capable of implementing the method Network system.
  • FIG. 1 is a schematic diagram of a network topology structure of an existing mesh network.
  • the mesh network includes four logical network devices. They are Terminal (Station, abbreviated as STA), Mesh Point (MP), Mesh Access Point (MAP), and Mesh Point with a Portal. , referred to as: MPP).
  • STA Terminal
  • MP Mesh Point
  • MAP Mesh Access Point
  • MPP Mesh Point with a Portal
  • the 802.Hi standard for access authentication and communication security between STAs and APs provides a mature solution, so mutual authentication and communication security between nodes in MAP, MP, and MPP in mesh networks. It is an urgent problem to be solved in a mesh network.
  • the main idea of the existing wireless mesh network security framework in 802. lis is to divide the devices of the entire wireless mesh network according to the main logical functions of the device, as shown in Figure 2, which is a logical function partition structure of the existing wireless mesh network. schematic diagram.
  • MAP can be seen as The function of the MP logical node is added on the basis of the 802.11AP (Access Point); the MPP can be regarded as the function of adding the MP logical node on the basis of the portal.
  • MKD Mesh Key Distributor
  • FIG. 3A shows a mesh key hierarchy diagram of an existing wireless mesh network.
  • MSK indicates the main session key (Main Session Key)
  • PSK indicates the pre-shared key
  • indicates the pairwise master key (Pairwise Master Key)
  • MKDK indicates the mesh key distribution key ( Mesh Key Distribution Key)
  • PTK stands for Pairwise Transient Key
  • PMK-MKD stands for Mesh Key Distributor PMK shared with MKD
  • PMK-MA stands for PMK shared with MA (Mesh Authent icator PMK )
  • MPTK-KD represent Mesh PTK for Key Distribution for key distribution.
  • Figure 3B shows a flow chart of initial authentication of an existing MP node.
  • Figure 3C shows the security association flow chart after the existing two MP nodes are authenticated.
  • the existing security mechanism is bound to the MAC address of the radio that the device is requesting authentication when performing the authentication establishment key hierarchy.
  • each radio has an independent media access control (Media Access). Controlling, referred to as: MAC) address.
  • MAC media access control
  • each key level is bound to the MAC address of the radio module.
  • one network device may be connected to multiple radio modules, and several radio modules work on different channels at the same time. If a network device, such as an MP device, a MAP device, or an MPP device, has multiple RF modules, each RF module establishes security with the RF module of other network devices. When fully associated, it is necessary to establish their respective key levels through authentication. Therefore, a network device having multiple radio frequency modules needs to perform multiple authentications when performing authentication based on an existing security mechanism.
  • the MKD indexes the MKDK through the MAC address obtained in the handshake message with the MP device. Therefore, the index of the MKDK is also one-to-one corresponding to each RF module in the network device. . If the network device has multiple radio modules, you need to re-authenticate the security association between each radio and the MKD node and establish a different MKDK. Therefore, for multi-radio devices, multiple authentications are required when performing security association with MKD.
  • the access server (Acces s Server, hereinafter referred to as AS) may cause confusion of authentication behavior, thereby causing charging. pickle.
  • An embodiment of the present invention provides a network authentication communication method, including: the network device calculates and records a secondary key and a corresponding key identifier according to the key credential information and the device identifier of the network device;
  • the radio frequency module in the network device establishes a security association with the mesh key distribution node MKD according to the key identifier.
  • An embodiment of the present invention provides a mesh network system including an MKD and a network device, where The MKD includes:
  • a first distribution module configured to calculate and record the secondary keys MKDK and PMK-MKD and corresponding key identifiers MKDKName and PMK-MKDName according to the key credential information and the device identifier of the network device;
  • a second distribution module configured to establish a security association with the network device according to the secondary key obtained by the first distribution module and the corresponding key identifier
  • the network device includes:
  • a first device module configured to calculate and record secondary keys MKDK and PMK-MKD and corresponding key identifiers MKDKName and PMK-MKDName according to the key credential information and the device identifier of the network device;
  • radio frequency modules configured to establish a security association with the MKD according to the secondary key obtained by the first device module and the corresponding key identifier.
  • One embodiment of the present invention provides a method for providing a key and a key identification for a multi-radio network device in a mesh network, including:
  • the mesh key distribution node obtains the key credential information and the identifier of the multi-radio network device; and calculates the second-level key and the corresponding key identifier according to the key credential information and the identifier of the multi-radio network device.
  • An embodiment of the present invention provides a mesh key distribution node device, including: a module for obtaining key credential information; and
  • a module for calculating a secondary key and a corresponding key identifier according to the key credential information and the identifier of the multi-radio network device And a module for calculating a secondary key and a corresponding key identifier according to the key credential information and the identifier of the multi-radio network device.
  • the calculation process of the secondary key It only associates with the device ID and is not bound to each RF module in the device. Therefore, it is not necessary for each RF module to perform repeated initial authentication processes, so that network devices with multiple RF modules can communicate with other networks only after one initial authentication.
  • the device establishes a security association. This eliminates duplicate certification and improves the efficiency of authentication.
  • FIG. 1 is a schematic diagram of a network topology structure of an existing mesh network
  • FIG. 2 is a schematic diagram of a logical function division structure of an existing wireless mesh network
  • FIG. 3A is a mesh key hierarchy of an existing wireless mesh network.
  • FIG. 3B is a flowchart of initial authentication of an existing MP node;
  • FIG. 3C is a flowchart of security association after initial authentication of two existing MP nodes;
  • FIG. 1 is a schematic diagram of a network topology structure of an existing mesh network
  • FIG. 2 is a schematic diagram of a logical function division structure of an existing wireless mesh network
  • FIG. 3A is a mesh key hierarchy of an existing wireless mesh network.
  • FIG. 3B is a flowchart of initial authentication of an existing MP node
  • FIG. 3C is a flowchart of security association after initial authentication of two existing MP nodes;
  • FIG. 4 is a network according to Embodiment 1 of the network authentication communication method of the present invention
  • Figure 5 is a signaling diagram of the network authentication communication method according to Embodiment 1 of the network authentication communication method of the present invention
  • Figure 6 is a key hierarchy of the network authentication communication method embodiment 1 of the present invention
  • FIG. 7 is a schematic diagram of a frame format of a multi-hop behavior frame according to Embodiment 1 of the network authentication communication method of the present invention
  • FIG. 8 is a flowchart of a four-step handshake process according to Embodiment 1 of the network authentication communication method of the present invention
  • 8 is a signaling diagram of the four-step handshake process according to Embodiment 1 of the network authentication communication method of the present invention
  • FIG. 9 is a flowchart of Embodiment 2 of the network authentication communication method of the present invention
  • FIG. 10 is a mesh network system of the present invention; Schematic.
  • the mesh network includes: network devices such as MP, MAP, and ⁇ .
  • the MP is used to support the routing function of the mesh network interconnection, and can obtain the same wireless coverage with low transmission power through wireless multi-hop communication;
  • the MAP has the function of the MP and the function of the AP in the traditional WLAN, It provides relay/gateway functions, supports mesh network interconnection, and provides access functions for user terminals.
  • MPP can also implement bandwidth management to implement Layer 2 and Layer 3 conversion.
  • the MP is taken as an example.
  • the principles are the same and will not be described again.
  • This embodiment provides a network authentication communication method, as shown in FIG. 4, including:
  • Step 101 The authentication server (Authenticating Server, AS for short) performs initial authentication on the MP, and returns the key credential information after the authentication is passed.
  • the specific process can be completed by using steps 3-1 to 3-9 in the flow shown in Figure 5 of the signaling. Including the following steps:
  • the MP acts as the Supplicant to access the mesh network, and finds an MP node that has been authenticated as a Mesh Authenticator (MA) in the neighboring MP, and initiates an authentication request.
  • MA Mesh Authenticator
  • the MA issues an Extensible Authentication Protocol (EAP) packet (EAP-Packet) to query the identity of the newly accessed MP;
  • EAP Extensible Authentication Protocol
  • the MA node encapsulates the identity information of the MP in an action frame format and forwards it to the yang;
  • MKD encapsulates the identity information of the MP and sends it to the AS by using the remote authentication dialing user service (Remote Authentication Dial In User Service, Radius) / Diameter protocol;
  • the AS selects a pre-registered authentication protocol according to the identity information of the MP, and performs mutual authentication with the MP;
  • the AS After the authentication is completed, the AS returns the response information based on the authentication result. If it fails, return a failure message (EAP-Failure); if successful, return a success message (EAP-Success) and return Key certificate information after authentication, such as MSK.
  • MKD encapsulates the authentication result into a behavior frame and sends it to the MA
  • the MA forwards the authentication result to the newly accessed MP.
  • Step 102 The MKD and the MP calculate and record the secondary key PMK-MKD, MKDK, and the key identifiers PMK-MKDName and MKDKName 0 for uniquely identifying the secondary key according to the MSK obtained in the initial authentication process.
  • the specific calculation method can be performed by using the following key derivation formula:
  • PMK-MKD KDF (MSK, MeshlDlength
  • MKDK KDF (MSK, MeshlDlength
  • PMK-MKDName Truncate-128 (SHA-256 ( "MKD Key Name”
  • MKDKName Truncate-128 (SHA-256 ( "MKD Key Name”
  • MKDD-ID indicates the MAC address of the MKD
  • MPTKANonce is the random number generated at the time of initial authentication.
  • the network identifier MeshID of the mesh network, the NAS identifier MKD-NAS-ID of the mesh key distribution node (MKD), the domain identifier MKDD-ID of the mesh key distribution node, and the SP-ID of the multi-radio device identifier are connected.
  • the generated partial stream lengths are taken as the secondary keys PMK-MKD and MKDK, respectively, and the relevant fields for calculating the secondary key, such as Mesh-ID, MKD, are used.
  • -NAS-ID, MKDD-ID, SP-ID, etc. for hash processing taking part of the fixed length as the key identifier PMK-MKDName bound to the secondary key And MKDKName, which identify the secondary keys PMK-MKD and MKDK, respectively.
  • the "Dev_ID" field used in this embodiment is used to identify a network device MP.
  • the user name (User_Name) in the device authentication information, the primary MAC address identifier of the MP, or the initial authentication in the MP may be used.
  • the MP sends the user name to the AS in the initial authentication process, so that the AS obtains the user name of the MP.
  • the primary MAC address is obtained by the AS from the information exchanged with the MP. If the primary MAC address identifier is selected, the MP needs to be obtained.
  • the MP uses the radio module with the primary MAC address identifier for authentication during initial authentication.
  • the pre-shared PSK may be used instead of the above key derivation formula.
  • the MSK in the calculation is performed.
  • PSK is the key credential information shared by MP and MKD in advance, so there is no need to pass the initial authentication process.
  • the secondary key PMK-MKD and MKDK generated by the authentication and the corresponding key identifiers PMK-MKDName and MKDKName are only related to the device information of the MP. Associated with, regardless of the MAC address of each RF module.
  • the secondary key is stored and managed by the device management layer of the MP, and each of the internal RF modules of the MP shares the authenticated secondary key information.
  • Figure 6 shows the corresponding key hierarchy.
  • the PMK-MKD and MKDK calculated by MSK or PSK belong to the device management layer.
  • the device management layer generates and stores PMK-MKD and MKDK, and the device management layer completes the authentication.
  • Key certificate management; PMK-MA, PTK and MPTK-KD calculated by PMK and MKDK belong to the RF management layer, and the RF management layer generates and stores the respective PMK-MA, PTK and MPTK-KD, and the RF management layer is used to manage each RF session level key.
  • Step 103 Each radio frequency module in the MP establishes a security association with another device and the MKD.
  • the generated session key information PMK-MA, PTK, MPTK-KD, etc. after the establishment of the security association is independently maintained by each radio frequency module.
  • establishing a security association with other devices is consistent with the existing solution, and the following steps are mainly included in FIG. 3C:
  • the MP node uses the peer link open (Peer link open) frame to inform the other party that the existing PMK-MA can be used for the session connection, and the upper layer key PMK corresponding to the key.
  • the key identifier of the MKD is PMK-MKDName; then the two parties negotiate which PMK-MA to use according to the key agreement rule in the 11 s draft;
  • the MKD obtains the corresponding key PMK-MKD according to the PMK-MKDName provided in the key request of the MP2, and generates PMK-MA1 according to the MAC address of the radio frequency module communicated by the two parties, and responds by the key.
  • the message is returned to MP2;
  • MP1 and MP2 confirm the negotiated PMK-MA key and establish a secure link. Thereafter, a security association can be established through an associated process.
  • the MP establishes a security association with the MKD, the four-step handshake process as described below can be employed.
  • a multihop action frame can be used for transmission, and its frame format is as shown in FIG. 7.
  • MKD can be simultaneously included with MP.
  • Multiple network devices communicate, so a key identification field is added to the Key Holder Security element to indicate the MKDK's key identifier MKDKName.
  • the key identifier MKDKName in the key identifier field is used to find the MKDK corresponding to a certain network device.
  • the mesh identifier Me sh ID in the multi-hop behavior frame represents an identifier of a mesh network.
  • the flowchart of the four-step handshake process is as shown in FIG. 8A.
  • the signaling diagram is as shown in FIG. 8B, and includes: Step 110:
  • the MP sets the handshake sequence "HandShakeSequence" field in the first handshake message to 1; in the "MA-ID" In the field, fill in the MAC address of the RF module that wants to establish a security association with the MKD in the MP; fill in the MAC address of the MKD in the "MKD-ID” field; fill in the random number generated by the MP in the "MANonce” field;
  • the identifier of the generated MKDK key is MKDKName.
  • Step 111 After receiving the first handshake message, the MKD generates a random number in the "MKDNonce" field, and obtains a secondary key MKDK corresponding to the MP according to the key identifier MKDKName index, according to MA-Nonce, MKD-Nonce. , MA-ID, MKD-ID, etc. calculate the session key information MPTK-KD, and calculate the MIC code, set "HandShakeSequence" to 2 in the second handshake message, fill in MA-Nonce, MKD-Nonce, MA-ID , MKD-ID, MKDKName, Message Integrity Check (MIC) and other information, and sent to the MP.
  • MKDNonce the key identifier MKDKName index
  • Step 112 After receiving the second handshake message, the MP checks the consistency of the MKDKName, the MA-ID, the MKD-ID, and the MA-Nonce. If the MKD-Nonce is generated, the MPTK-KD is calculated according to the MKD-Nonce generated by the MKD. Checking, verifying correctly, returning the third handshake message, including MA-Nonce, MKD-Nonce, MA-ID, MKD-ID, MKDK-Name, MIC, etc., to MKD;
  • Step 113 The MKD also performs a session parameter consistency check and a MIC check on the third handshake message. After the verification is passed, the fourth handshake message is sent to confirm the third handshake message.
  • Step 201 When the AS performs initial authentication on the MP, the MP sends the MAC address of all the radio frequency modules as the identity information to the MKD. .
  • Step 202 The itMKD associates the received itMAC address with the i-device identifier of the i ⁇ MP.
  • Step 203 The MKD and the MP calculate and record the secondary key and the corresponding key identifier according to the obtained MSK. Specifically, the user name of the MP, the primary MAC address identifier of the MP, or the MAC address identifier of the radio module that is initially authenticated in the MP may be used as the Dev_ID field in the key derivation formula. See step 102 for a specific key derivation formula.
  • Step 204 After completing the calculation of the secondary key, a security association is also established. Specifically, the MP establishes a security association with other MPs, and the specific process is consistent with the prior art. For details, refer to FIG. 3C and related descriptions, and details are not described herein again. In addition, when each radio module in the MP establishes a security association with the MKD, the four-step handshake process as described in step 105 can still be used.
  • the key identifier MKDKName is not required to be indexed in the multi-hop behavior frame to index the secondary key MKDK, but the MAC address associated with the MP in the MKD and the device identifier of the MP are Find the MKDK corresponding to the MP, and then establish a security association with the radio module in the MKDK according to the MKDK.
  • the network device 20 includes an MKD 10 and a network device 20, where the network device 20 may be MP, MAP or MPP. Its working principle is as follows:
  • the first distribution module 11 in the MKD 10 and the first device module 21 in the network device 20 calculate and record the secondary keys MKDK and PMK-MKD and corresponding keys according to the key credential information and the device identification of the network device 20. Identifies MKDKName and PMK-MKDName. Among them, each of the MKD1 and the network device 20 can be used.
  • the PSK shared first is calculated.
  • the AS 30 may be further provided. Before the second level key is calculated, the first authentication module 31 in the AS 30 performs initial authentication on the network device 20.
  • the network device 20 and the AS 30 respectively generate corresponding MSKs; and the second authentication module 32
  • the MSK generated after the first authentication module 31 of the AS 30 is authenticated is sent to the MKD 10 as key credential information.
  • the first distribution module 11 in the MKD 10 and the first device module 21 in the network device 20 are further calculated according to the respective MSK and the device identification of the network device 20.
  • two secondary keys PMK-MKD and MKDK in the key hierarchy between the network device 20 and the MKD 10 are established.
  • a specific key derivation formula refer to method embodiment 1.
  • a security association is also established.
  • the network device 20 is required to establish a security association with other network devices, and the specific process is consistent with the prior art. For details, refer to FIG. 3C and related descriptions, and details are not described herein.
  • the network device 20 is also required to be established with the MKD10.
  • the security association is as follows:
  • the second distribution module 12 in the MKD 10 establishes a security association with the network device 20 according to the secondary key obtained by the first distribution module 11 and the corresponding key identifier.
  • the network device 20 is further provided with multiple radio frequencies.
  • the module, as shown in FIG. 10, is represented by the radio frequency module 22.
  • the radio frequency module 22 is configured to establish a security association with the MKD 10 according to the secondary key obtained by the first device module 21 and the corresponding key identifier.
  • the calculation process of the key hierarchy is re-divided, so that the calculation process of the secondary key is only related to the device identification, and is not bound to each radio module in the device, so Each RF module performs a repeated initial authentication process, so that the network device with multiple RF modules can establish a security association with other network devices after an initial authentication. This eliminates duplicate certification and improves the efficiency of authentication.

Abstract

L'invention porte sur un procédé de communication à authentification de réseau et sur un système de réseau maillé, le procédé comprenant les opérations suivantes : l'équipement de réseau calcule et enregistre la clé secondaire et l'identification de clé correspondante selon les informations de certificat de clé et l'identification d'équipement de l'équipement de réseau ; le module radiofréquence (RF) dans l'équipement de réseau établit une association de sécurité avec le distributeur de clé de maille (MKD) selon l'identification de clé. Le système comprend un MKD et des équipements de réseau. Par application de l'invention, en raison de la division du processus de calcul de la hiérarchie de clé de façon renouvelée, le processus de calcul de la clé secondaire est uniquement associé à l'identification d'équipement, au lieu d'être lié à chaque module RF de l'équipement. Par conséquent, il n'est pas nécessaire de répéter le processus d'authentification initial par chaque module RF, et une association de sécurité peut être établie entre l'équipement de réseau qui comprend de multiples modules RF et l'autre équipement de réseau simplement par une authentification initiale unique. L'authentification répétée est évitée, et l'efficacité de l'authentification est améliorée.
PCT/CN2008/073615 2008-02-20 2008-12-19 Procédé de communication à authentification de réseau et système de réseau maillé WO2009103214A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200810082212.3 2008-02-20
CN200810082212.3A CN101516090B (zh) 2008-02-20 2008-02-20 网络认证通信方法及网状网络系统

Publications (1)

Publication Number Publication Date
WO2009103214A1 true WO2009103214A1 (fr) 2009-08-27

Family

ID=40985057

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/073615 WO2009103214A1 (fr) 2008-02-20 2008-12-19 Procédé de communication à authentification de réseau et système de réseau maillé

Country Status (2)

Country Link
CN (1) CN101516090B (fr)
WO (1) WO2009103214A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103312495A (zh) * 2013-06-25 2013-09-18 杭州华三通信技术有限公司 一种成组ca的形成方法和装置
CN104968032A (zh) * 2015-05-04 2015-10-07 广东欧珀移动通信有限公司 一种mp节点进网方法、mp节点及mpp节点

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102056163B (zh) * 2009-11-03 2013-06-05 杭州华三通信技术有限公司 分布式mesh网络密钥管理方法和无线接入点设备
CN103490887B (zh) 2012-06-14 2017-06-13 中兴通讯股份有限公司 一种网络设备及其认证和密钥管理方法
US9253185B2 (en) * 2012-12-12 2016-02-02 Nokia Technologies Oy Cloud centric application trust validation
CN103368942A (zh) * 2013-05-25 2013-10-23 中山市中商港科技有限公司 一种云数据安全存储及管理的方法
CN104283853B (zh) 2013-07-08 2018-04-10 华为技术有限公司 一种提高信息安全性的方法、终端设备及网络设备
CN105744524B (zh) * 2016-05-06 2019-03-22 重庆邮电大学 一种wia-pa工业无线网络中移动设备入网认证方法
CN107979498B (zh) * 2018-01-03 2020-12-11 深圳市吉祥腾达科技有限公司 一种mesh网络集群及基于所述集群的大文件传输方法
CN108964912B (zh) * 2018-10-18 2022-02-18 深信服科技股份有限公司 Psk生成方法、装置、用户设备、服务器和存储介质
DE112020006159T5 (de) * 2019-12-17 2022-11-03 Microchip Technology Incorporated Protokoll zur gegenseitigen authentifizierung für systeme mit kommunikationsverbindungen mit niedrigem durchsatz und vorrichtungen zum durchführen desselben
CN114697958A (zh) * 2020-12-30 2022-07-01 中兴通讯股份有限公司 无线接入点的入网方法、系统、ap及存储介质

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1996837A (zh) * 2006-01-05 2007-07-11 恩益禧电子股份有限公司 微控制器和这些控制器之间的鉴别方法
US20080016338A1 (en) * 2006-07-17 2008-01-17 Sheng Sun System and method for secure wireless multi-hop network formation
US20080031155A1 (en) * 2006-08-02 2008-02-07 Motorola, Inc. Managing establishment and removal of security associations in a wireless mesh network

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101047978A (zh) * 2006-03-27 2007-10-03 华为技术有限公司 对用户设备中的密钥进行更新的方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1996837A (zh) * 2006-01-05 2007-07-11 恩益禧电子股份有限公司 微控制器和这些控制器之间的鉴别方法
US20080016338A1 (en) * 2006-07-17 2008-01-17 Sheng Sun System and method for secure wireless multi-hop network formation
US20080031155A1 (en) * 2006-08-02 2008-02-07 Motorola, Inc. Managing establishment and removal of security associations in a wireless mesh network

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103312495A (zh) * 2013-06-25 2013-09-18 杭州华三通信技术有限公司 一种成组ca的形成方法和装置
CN103312495B (zh) * 2013-06-25 2016-07-06 杭州华三通信技术有限公司 一种成组ca的形成方法和装置
CN104968032A (zh) * 2015-05-04 2015-10-07 广东欧珀移动通信有限公司 一种mp节点进网方法、mp节点及mpp节点
CN104968032B (zh) * 2015-05-04 2018-05-29 广东欧珀移动通信有限公司 一种mp节点进网方法、mp节点及mpp节点
CN108834198A (zh) * 2015-05-04 2018-11-16 广东欧珀移动通信有限公司 Mp节点进网方法、mp节点及mpp节点和介质产品
CN108834198B (zh) * 2015-05-04 2021-03-12 Oppo广东移动通信有限公司 Mp节点进网方法、mp节点及mpp节点和介质产品

Also Published As

Publication number Publication date
CN101516090A (zh) 2009-08-26
CN101516090B (zh) 2013-09-11

Similar Documents

Publication Publication Date Title
WO2009103214A1 (fr) Procédé de communication à authentification de réseau et système de réseau maillé
RU2446606C1 (ru) Способ доступа с аутентификацией и система доступа с аутентификацией в беспроводной многоскачковой сети
KR101054202B1 (ko) 인프라스트럭쳐 기반의 무선 멀티홉 네트워크 내의 보안 인증 및 키 관리
US8374582B2 (en) Access method and system for cellular mobile communication network
US7814322B2 (en) Discovery and authentication scheme for wireless mesh networks
CN101222331B (zh) 一种认证服务器及网状网中双向认证的方法及系统
US20170257818A1 (en) Wireless extender secure discovery and provisioning
US20100293378A1 (en) Method, device and system of id based wireless multi-hop network authentication access
US9515824B2 (en) Provisioning devices for secure wireless local area networks
CN101375545A (zh) 用于提供无线网状网的方法和设备
WO2014040481A1 (fr) Procédé et système d'authentification pour un réseau sans fil maillé
CN102215487A (zh) 通过公共无线网络安全地接入专用网络的方法和系统
US20110035592A1 (en) Authentication method selection using a home enhanced node b profile
CN102421095B (zh) 无线网状网的接入认证方法
WO2012174959A1 (fr) Procédé, système et passerelle d'authentification de groupe dans une communication entre machines
WO2009152749A1 (fr) Procédé, système et appareil d'authentification d'association
CN101527907B (zh) 无线局域网接入认证方法及无线局域网系统
KR20090002328A (ko) 무선 센서 네트워크에서의 새로운 장치 참여 방법
KR100686736B1 (ko) 인증을 통한 이동 애드혹 네트워크에의 참여 방법
US20230308868A1 (en) Method, devices and system for performing key management
Bansal et al. Threshold based Authorization model for Authentication of a node in Wireless Mesh Networks
WO2024026735A1 (fr) Procédé et appareil d'authentification, dispositif et support de stockage
Liu et al. The Wi-Fi device authentication method based on information hiding
Safdar et al. Existing wireless network security mechanisms and their limitations for ad hoc networks
CN116847350A (zh) 一种d2d通信方法、终端及介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08872577

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08872577

Country of ref document: EP

Kind code of ref document: A1