WO2011134608A9 - Verfahren und vorrichtungen mit schlüsselverteilerfunktion zur verbesserung von geschwindigkeit und qualität eines handovers - Google Patents
Verfahren und vorrichtungen mit schlüsselverteilerfunktion zur verbesserung von geschwindigkeit und qualität eines handovers Download PDFInfo
- Publication number
- WO2011134608A9 WO2011134608A9 PCT/EP2011/001932 EP2011001932W WO2011134608A9 WO 2011134608 A9 WO2011134608 A9 WO 2011134608A9 EP 2011001932 W EP2011001932 W EP 2011001932W WO 2011134608 A9 WO2011134608 A9 WO 2011134608A9
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- network
- node
- key
- mapi
- access node
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims description 27
- 238000004891 communication Methods 0.000 claims abstract description 26
- 101000979001 Homo sapiens Methionine aminopeptidase 2 Proteins 0.000 claims abstract description 23
- 101000969087 Homo sapiens Microtubule-associated protein 2 Proteins 0.000 claims abstract description 23
- 230000006870 function Effects 0.000 claims abstract description 16
- 230000004044 response Effects 0.000 claims abstract description 8
- 102100021118 Microtubule-associated protein 2 Human genes 0.000 claims abstract 5
- 108010041420 microbial alkaline proteinase inhibitor Proteins 0.000 claims description 43
- 230000008569 process Effects 0.000 claims description 11
- 238000003860 storage Methods 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 2
- 238000009795 derivation Methods 0.000 claims description 2
- 238000012795 verification Methods 0.000 claims description 2
- FGUUSXIOTUKUDN-IBGZPJMESA-N C1(=CC=CC=C1)N1C2=C(NC([C@H](C1)NC=1OC(=NN=1)C1=CC=CC=C1)=O)C=CC=C2 Chemical compound C1(=CC=CC=C1)N1C2=C(NC([C@H](C1)NC=1OC(=NN=1)C1=CC=CC=C1)=O)C=CC=C2 FGUUSXIOTUKUDN-IBGZPJMESA-N 0.000 claims 2
- 101000969594 Homo sapiens Modulator of apoptosis 1 Proteins 0.000 abstract 1
- 102100021440 Modulator of apoptosis 1 Human genes 0.000 abstract 1
- 102100023174 Methionine aminopeptidase 2 Human genes 0.000 description 18
- HONKEGXLWUDTCF-YFKPBYRVSA-N (2s)-2-amino-2-methyl-4-phosphonobutanoic acid Chemical compound OC(=O)[C@](N)(C)CCP(O)(O)=O HONKEGXLWUDTCF-YFKPBYRVSA-N 0.000 description 12
- 101000616438 Homo sapiens Microtubule-associated protein 4 Proteins 0.000 description 12
- 102100021794 Microtubule-associated protein 4 Human genes 0.000 description 12
- 108090001040 Microtubule-associated protein 1B Proteins 0.000 description 8
- 102000004866 Microtubule-associated protein 1B Human genes 0.000 description 8
- 101100131116 Oryza sativa subsp. japonica MPK3 gene Proteins 0.000 description 8
- 101100456045 Schizosaccharomyces pombe (strain 972 / ATCC 24843) map3 gene Proteins 0.000 description 8
- 238000009826 distribution Methods 0.000 description 8
- 235000008694 Humulus lupulus Nutrition 0.000 description 6
- 230000001934 delay Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000001133 acceleration Effects 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000005315 distribution function Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/061—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/0005—Control or signalling for completing the hand-off
- H04W36/0011—Control or signalling for completing the hand-off for data sessions of end-to-end connection
- H04W36/0016—Hand-off preparation specially adapted for end-to-end data sessions
Definitions
- the invention relates to a network access node for a wirelessly integrated into the network terminal, a network that at least one of these
- Network access node includes, a method for
- the invention can be used in a voice-over-IP application and a video-on-demand application,
- Wireless networks are becoming increasingly popular in the home and office space.
- a basic standard for such networks is the IEEE 802.11 standard.
- Mesh networks are wireless networks with flexible topology.
- Nodes of a mesh network have features to detect topology changes or to set up fallback routes.
- VoIP Voice over IP
- VoD Video on Demand
- Endpoints of real-time communication are usually this way called “stations” or “clients”, ie non-mesh terminals.
- the speed of handover is critical to the quality and performance of such real-time applications using wireless connections, especially for real-time applications.
- handover operations should therefore be carried out from one access node to another as quickly as possible and without packet losses
- 802.11 networks use fixed access nodes that usually communicate with each other over wired links.
- Access node with which a terminal needs to re-associate, therefore takes time and the handover experiences a delay.
- the IEEE 802. RF standard shows handover mechanisms in 802.11 networks and is documented in the IEEE Trial Use Recommended Practice for Multi-Vendor Access Point
- the 802.21 standard concerns communication and
- FIG. 2 schematically shows a communication in a handover process according to the IEEE 802. Ilr standard
- Each access node calculates after its initials
- This access node MAPI is also called PMK-R0 keyholder.
- the PMK-RO key is then used to derive a so-called PMK-RI key, which forms the basis for protecting communication with the PMK-RO key
- Access node MAP2 forms.
- the new mesh-capable access node MAP2 receives a
- the new access node MAP2 establishes a service using the mobility domain controller MDC in a step SO
- the access node MAPI forwards the PMK-RO key in a step S3 PMK-Rl key and sends in a step S4 the PMK-Rl key to the new access node MAP2.
- the new access node MAP2 then sends an authentication response to the terminal in a step S5, followed by the terminal in a step S6 with the new
- the object of the invention is the speed
- the invention relates to a network access node for a wirelessly integrated into the network terminal, comprising:
- a memory device having at least a first key and address codes of second access nodes for the terminal in the network
- processors having functions for:
- Terminal and the second access node, from the first key e) secure association of the terminal under
- Access node through the data communication device with addressing by the address codes over secure connections.
- the second keys further comprise the key used for step e).
- the first key is a PMK-R0 key and the second keys are PMK-Rl keys.
- the invention thus enables distribution of second keys such as PMK-Rl keys to adjacent ones
- Access node of the network access node or even all access nodes with a shared with the network access node mobility domain no additional delay is caused by the
- the network access node is advantageously a node of a Meshnet zwerks.
- the second key may be proprietary features of the
- Encoding terminal in particular a MAC address.
- the first and second keys are in particular pairwise symmetric keys, eg PMK-R0 and PMK-Rl keys.
- the address codes are in particular address codes of all
- Access nodes having a common mobility domain with the network access node.
- the address codes can also address codes of second
- Second keys can thus be distributed to neighbors of the network access node so that the PMK-Rl keys are distributed to neighboring ones
- Access node of the network access node is advantageously caused a relatively low bandwidth requirement.
- the number of second keys to be derived and distributed is thus relatively small for the network access node.
- the sending of PMK-Rl keys could, for example, be realized by means of EAPOL key frames.
- the actual frame format for key exchange is not part of the IEEE 802.11r standard.
- Mobility domain becomes in a Meshnetzwerk when using a reactive or hybrid routing protocol
- the network access node While the terminal is active in a mobility domain, the network access node according to the invention distributes
- An inventive meshnetwork includes
- At least one network access node according to the invention and a plurality, in particular more than 3, in particular more than 4, in particular more than 9 of the second
- the network according to the invention is constructed by secure connections under the network access nodes and second access nodes, optionally via the forwarding nodes, and has secure connections to at least one, preferably a mobility domain controller and at least one, preferably an authentication server.
- a mobility domain controller and at least one, preferably an authentication server.
- the network access node according to the invention, the cluster is defined in particular such that between the
- Network access node and every second access node with a radio cell in the cluster a connection over a maximum of three, in particular a maximum of two, in particular a maximum of one node is constructed.
- Access nodes can according to the invention
- the network For sending at least some of the second keys, the network preferably has a function for
- a network access node according to the invention as a PMK-R0 keyholder can then be provided with functions to determine neighboring access nodes by means of a metric to be defined and send them their PMK-RI key, which functions are executed specifically after each handover procedure also neighbors of a new access node in the case of one
- Access node functionality also called forwarders, forward data to improve connectivity in the network, especially the mesh network.
- Maximum numbers for the number of hops can be adjusted to increase the number of hops in the network
- network access nodes do not communicate with each other directly wirelessly, i. if a client is in the middle between two access nodes and sees both, but the access nodes are not each other.
- the network according to the invention has connections under access nodes of the network with security relationships.
- Authentication server and / or the mobility domain controller to be trained, especially in smaller mesh networks hardware resources such as a
- Key management can be optimized depending on a scenario in the network.
- FIG. 1 schematically illustrates a network access node
- FIG. 2 schematically illustrates communication in a handover process in accordance with the IEEE 802. Ilr standard
- FIG. Fig. 3 schematically illustrates a communication according to the invention
- Fig. 4 illustrates a network of the invention in connection with a terminal.
- a processor 3 via a bus 4 with a memory device 1 and a
- Storage means stores a PMK-RO key and address codes of second access nodes MAP2, MAPn of a network with the network access node.
- Fig. 4 shows a mesh network of the invention in connection with a terminal STA. The network has five mesh-ready access nodes MAPI, MAP2, MAP3, MAP4, MAP5 and three
- FIG. 3 illustrates the communication in the network shown in FIG.
- the station STA is initially authenticated via the access node MAPI, where this forwards the authentication information to the authentication server AS.
- the access node MAPI the access node
- the initial network access node MAPI In its function as a PMK-R0 keyholder, the initial network access node MAPI locally stores the PMK-RO key in its memory device 1.
- the network access node MAPI derives four further PMK-Rl keys for the access nodes MAP3, MAP2, MAP4 and MAP5 directly after the authentication of the STA.
- the PMK-Rl key forms the basis for the protection of the communication relationship between the initial network access node MAPI and now with the
- Mobility Domain Controller MDC Establishing a security relationship with all these access nodes using the Mobility Domain Controller MDC will transfer MAPI's PMK-RI keys to the
- Access node MAP4 initiates, this already has the appropriate PMK-Rl key.
- the new access node MAP4 can thus handle the handover without further
- the steps are carried out: 512 deriving further PMK-Rl keys through the initial network access node MAPI and
- the initial network access node does not transmit the PMK-Rl key of station STA to all other active ones after the initial authentication
- Access node of the mobility domain but only to
- the initial access node MAPI calculates the PMK-Rl key directly after the initial authentication of the station STA, for example for the adjacent access nodes MAP3 and MAP4 and transmits them to them.
- a later handover of the station to the new access node MAP4 can be carried out without further communication with the MDC and the PMK-R0 keyholder.
- the access node MAPI as the PMK-RO keyholder must be notified so that it can derive another PMK-RI key and distribute it to further access nodes adjacent to the new access node MAP4.
- these are the access nodes MAP2 and MAP5.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/318,949 US20120284773A1 (en) | 2010-04-26 | 2011-04-15 | Network Access Points in Key Distribution Function |
CN2011800023991A CN102474522A (zh) | 2010-04-26 | 2011-04-15 | 具有密钥分配功能的网络接入节点 |
EP11715180A EP2564570A1 (de) | 2010-04-26 | 2011-04-15 | Verfahren und vorrichtungen mit schlüsselverteilerfunktion zur verbesserung von geschwindigkeit und qualität eines handovers |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102010018285.0 | 2010-04-26 | ||
DE102010018285A DE102010018285A1 (de) | 2010-04-26 | 2010-04-26 | Netzwerkzugangsknoten mit Schlüsselverteilerfunktion |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2011134608A1 WO2011134608A1 (de) | 2011-11-03 |
WO2011134608A9 true WO2011134608A9 (de) | 2012-04-19 |
Family
ID=44263215
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2011/001932 WO2011134608A1 (de) | 2010-04-26 | 2011-04-15 | Verfahren und vorrichtungen mit schlüsselverteilerfunktion zur verbesserung von geschwindigkeit und qualität eines handovers |
Country Status (5)
Country | Link |
---|---|
US (1) | US20120284773A1 (de) |
EP (1) | EP2564570A1 (de) |
CN (1) | CN102474522A (de) |
DE (1) | DE102010018285A1 (de) |
WO (1) | WO2011134608A1 (de) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10212597B2 (en) * | 2013-10-30 | 2019-02-19 | Nec Corporation | Apparatus, system and method for secure direct communication in proximity based services |
WO2015167462A1 (en) * | 2014-04-29 | 2015-11-05 | Hewlett-Packard Development Company, L.P. | Network re-convergence point |
WO2017171835A1 (en) * | 2016-03-31 | 2017-10-05 | Ruckus Wireless, Inc. | Key management for fast transitions |
US10165608B2 (en) * | 2016-06-02 | 2018-12-25 | Cisco Technology, Inc. | System and method to provide fast mobility in a residential Wi-Fi network environment |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7263357B2 (en) * | 2003-01-14 | 2007-08-28 | Samsung Electronics Co., Ltd. | Method for fast roaming in a wireless network |
US7787627B2 (en) * | 2005-11-30 | 2010-08-31 | Intel Corporation | Methods and apparatus for providing a key management system for wireless communication networks |
US8948395B2 (en) * | 2006-08-24 | 2015-02-03 | Qualcomm Incorporated | Systems and methods for key management for wireless communications systems |
US7499547B2 (en) * | 2006-09-07 | 2009-03-03 | Motorola, Inc. | Security authentication and key management within an infrastructure based wireless multi-hop network |
FR2911036A1 (fr) * | 2006-12-29 | 2008-07-04 | France Telecom | Procede d'itinerance dans un reseau sans fil. |
US7961684B2 (en) * | 2007-07-13 | 2011-06-14 | Intel Corporation | Fast transitioning resource negotiation |
US8249256B2 (en) * | 2007-11-06 | 2012-08-21 | Motorola Solutions, Inc. | Method for providing fast secure handoff in a wireless mesh network |
CN101534238B (zh) * | 2008-03-14 | 2011-06-08 | 华为技术有限公司 | 无线Mesh网络中通知代理更新的方法、节点和系统 |
US8474023B2 (en) * | 2008-05-30 | 2013-06-25 | Juniper Networks, Inc. | Proactive credential caching |
JP4465015B2 (ja) * | 2008-06-20 | 2010-05-19 | 株式会社エヌ・ティ・ティ・ドコモ | 移動通信方法 |
-
2010
- 2010-04-26 DE DE102010018285A patent/DE102010018285A1/de not_active Withdrawn
-
2011
- 2011-04-15 CN CN2011800023991A patent/CN102474522A/zh active Pending
- 2011-04-15 WO PCT/EP2011/001932 patent/WO2011134608A1/de active Application Filing
- 2011-04-15 EP EP11715180A patent/EP2564570A1/de not_active Withdrawn
- 2011-04-15 US US13/318,949 patent/US20120284773A1/en not_active Abandoned
Also Published As
Publication number | Publication date |
---|---|
CN102474522A (zh) | 2012-05-23 |
DE102010018285A1 (de) | 2011-10-27 |
EP2564570A1 (de) | 2013-03-06 |
WO2011134608A1 (de) | 2011-11-03 |
US20120284773A1 (en) | 2012-11-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE112005002297B4 (de) | Verfahren und System zum Unterstützen einer schnellen Übergabe von mobilen Teilnehmerstationen in drahtlosen Breitbandnetzen | |
DE60218289T2 (de) | Verfahren zum speichern und verteilen von verschlüsselungsschlüsseln | |
DE102006038591B4 (de) | Verfahren und Anordnung zum Bereitstellen eines drahtlosen Mesh-Netzwerks | |
EP1794949B1 (de) | Verfahren zum verteilen von software und konfigurationsdaten sowie entsprechendes datennetz | |
DE112008001844B4 (de) | Verhandlung über Ressourcen für schnelle Übergänge | |
DE60030527T2 (de) | Rpcu (radio port control unit) und entsprechendes verfahren | |
EP3398362A1 (de) | Kommunikationssystem für die Kommunikation in einem Kommunikationsnetzwerk mit Subnetzwerken | |
EP2239978A1 (de) | Mobilfunksystem und entsprechendes Weiterreichungsverfahren | |
DE10138718A1 (de) | Verfahren zur Übermittlung von Chiffrierungsinformationen an Teilnehmer einer Multicast-Gruppe | |
EP1743502A1 (de) | Aufbau von multihop-kommunikationsverbindungen in abhängigkeit von begrenzungswerten | |
WO2011134608A9 (de) | Verfahren und vorrichtungen mit schlüsselverteilerfunktion zur verbesserung von geschwindigkeit und qualität eines handovers | |
EP2497248B1 (de) | Verfahren und vorrichtungen mit schlüsselverteilerfunktion zur verbesserung von geschwindigkeit und qualität eines handovers | |
DE10204624C1 (de) | Verfahren zur Weiterführung einer Kommunikationsverbindung unter Einbeziehung mehrerer Funk-Kommunikationssysteme | |
WO2008098827A1 (de) | Verfahren und anordnung zum bereitstellen eines drahtlosen mesh-netzwerks | |
DE102006040313B3 (de) | Verfahren und Anordnung zur automatischen Konfiguration eines lokalen Funknetzwerkes | |
DE102006054091A1 (de) | Bootstrapping-Verfahren | |
WO2001039432A2 (de) | Verfahren zur steuerung von funkstationen | |
DE102007003492B4 (de) | Verfahren und Anordnung zum Bereitstellen eines drahtlosen Mesh-Netzwerks | |
DE60037674T2 (de) | Verfahren und gerät zur durchführung von sicherheitsprozeduren unter einbeziehung von mobilstationen in hybriden, zellularen telekommunikationssystemen | |
EP3599738B1 (de) | Erstes fahrzeugseitiges endgerät, verfahren zum betreiben des ersten endgeräts, zweites fahrzeugseitiges endgerät und verfahren zum betreiben des zweiten fahrzeugseitigen endgeräts | |
DE10310522B4 (de) | Verfahren zum unterbrechungsfreien Übertragen von Daten in einem Bluetooth-Kommunikationsnetz | |
EP2477373B1 (de) | Endpunkte und System zur sicheren Übertragung von Daten zwischen sicheren Netzwerken | |
DE102004047366A1 (de) | Verfahren zum Verteilen von Daten auf Anforderung sowie entsprechendes Datennetz | |
EP4064747A1 (de) | Verfahren und datenkommunikationssystem zum selektiven synchronisieren von datenverbindungs-informationen zwischen firewalls eines ip-basierten kernnetzes eines mobilfunknetzes | |
CH716446B1 (de) | Mobilfunk-Kommunikationsgerät mit zwei zeitgesteuerten integrierten Teilnehmer-Identitätsmodulen. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201180002399.1 Country of ref document: CN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13318949 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 5002/KOLNP/2011 Country of ref document: IN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 11715180 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2011715180 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |