CN1571407A - A safety authentication method based on media gateway control protocol - Google Patents
A safety authentication method based on media gateway control protocol Download PDFInfo
- Publication number
- CN1571407A CN1571407A CN 03149503 CN03149503A CN1571407A CN 1571407 A CN1571407 A CN 1571407A CN 03149503 CN03149503 CN 03149503 CN 03149503 A CN03149503 A CN 03149503A CN 1571407 A CN1571407 A CN 1571407A
- Authority
- CN
- China
- Prior art keywords
- mgc
- algorithm
- random number
- digital signature
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention discloses a safety certification method based on media gateway control protocol. The method is that MGC and share cryptographic key corresponding MG are set in advance at the MG and MGC. When the safety certification is doing between the MG and MGC, they each utilize the cryptographic key generation algorithm, digital signature algorithm, random number generated by MGC, and the share cryptographic key which are confirmed by both sides to finger out the own signature in this certification process. Then, the fingered out own signature is compared with the signature transmitted from the other party to ensure the other party is legal. Thus the safety identity certification of the other party is completed. This method can ensure illegal media gateway can not rightly access the media gateway controller to use.
Description
Technical field
The present invention relates to a kind of authentication techniques, be meant a kind of safety certifying method especially based on MGCP.
Background technology
In next generation network (NGN), there are a lot of support media gateway control protocols, as: MGCP agreement and the media gateway of agreement (MG) H.248, these gateway devices are distributed in enterprise or the user family, have broad covered area, quantity many, based on the characteristics of dynamic IP.Here, described MGCP agreement is a kind of media gateway controlling standard that internet engineering task group (IETF) is formulated, and described H.248 agreement is a kind of MGCP that International Telecommunication Union formulates.If media gateway is not carried out the safety management authentication, then following problem can occur:
1) counterfeit media gateway pretend to be real media gateway to converse, and cost of the phone call counts on the account of real media gateway correspondence, makes the fail safe of user's cost of the phone call can not get guaranteeing.
2) Media Gateway Controller (MGC) is attacked, security of system can't be guaranteed, and causes the illegal fake equipment that reaches to be included into management easily; When illegal and fake equipment are managed by more including in, will flood legitimate device fall, even can cause the paralysis of whole network system.
At present, mention in MGCP, can support the authentication to the initiator, have two kinds to realize thoughts for initiator's authentication: a kind of is to carry out address verification, only accepts the information from source address that is:; Another kind is to transmit communication key in call establishment, carries out authentication with this key.
For above-mentioned two kinds of realization thoughts, in MGCP, concrete solution is not proposed all up to now, therefore can't implement at all.On the other hand, say, promptly allow to implement that because the fail safe advised of MGCP at present is very poor, for the address verification mode, illegal side is as long as forge a certain legal IP address, just be easy to realize authentication based on source address from security standpoint; And for the key authentication mode, it is very unsafe carrying out authentication by transmission security key in calling procedure, as long as a certain disabled user is truncated to this enciphered message and obtains key, can be forged into validated user at an easy rate equally.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of safety certifying method based on MGCP, can guarantee that illegal media gateway can't correctly be linked in the Media Gateway Controller to use.
For achieving the above object, technical scheme of the present invention is achieved in that
A kind of safety certifying method based on MGCP is provided with the shared key K of MGC and corresponding MG in advance in media gateway (MG) and Media Gateway Controller (MGC)
i, when carrying out safety certification between MG and the MGC, this method further comprises:
A.MGC generates random number R and, then according to the random number R and that is generated, shared key K
iAnd selected key schedule and Digital Signature Algorithm calculate the signature word that self is used to authenticate;
Signature word that b.MGC calculates step a and the random number R and that is generated send to MG;
After c.MG receives, earlier according to sharing key K
i, random number R and and selected key schedule and Digital Signature Algorithm, calculate the signature word of self current use, judge then whether the signature word that calculates is consistent with the signature word of being received, if, then the other side is legal MGC side, MG calculates the signature word that self is used to authenticate again, and the signature word that is used to authenticate that will calculate sends to MGC; Otherwise the other side is illegal MGC side, finishes the current authentication flow process;
After d.MGC receives, calculate the signature word of self current use, and judge whether the signature word that calculates is consistent with the signature word of being received, if then the other side is legal MG side; Otherwise the other side is illegal MG side.
Wherein, the calculating of described signature word further comprises: the random number R and that MG or MGC generate according to MGC earlier, shared key K
iAnd selected key schedule calculates KI; Calculate the signature word according to the current KI that calculates, random number R and and selected Digital Signature Algorithm again.
When MG started registration, this method further comprised: MG sends the access request command that carries MG sign (MGID) at least to MGC.Can encrypt according to predefined cryptographic algorithm described MGID; If MGID encrypts, after then MGC receives and inserts request command, described MGID is decrypted according to predefined decipherment algorithm.
Described selected key schedule and Digital Signature Algorithm is: set according to key schedule that MG and MGC supported and Digital Signature Algorithm in advance.
If carry key schedule or Digital Signature Algorithm corresponding algorithm sign that the MG side is supported in the described access request command, then described selected key schedule and Digital Signature Algorithm are that MGC determines according to the algorithm sign that inserts in the request command, this algorithm deterministic process further comprises: after MGC receives the access request command that MG sends, judge whether to carry the algorithm sign, if carry the algorithm sign that MG supports, then MGC selectes the key schedule and the Digital Signature Algorithm that will use according to the algorithm that MG supports, and selected key schedule and Digital Signature Algorithm corresponding algorithm sign are sent to MG; Otherwise MGC directly adopts predefined key schedule and Digital Signature Algorithm.
In the such scheme, the shared key K of described MG and MGC
iBe stored in the position that is difficult for being read in MG and the MGC equipment.
This method further comprises: an additional authentication parameter is set.So, MG and MGC are respectively according to the random number R and of MGC generation, shared key K
i, key schedule and the additional authentication calculation of parameter KI determined.And, the random number R and that MG and MGC generate according to MGC respectively, shared key K
i, Digital Signature Algorithm and the additional authentication calculation of parameter signature word determined.
The described additional authentication parameter that is provided with is: a random number is set in MGC equipment, and MGC sends to MG with clear-text way at reserved field with this random number.Or be: a random number is set in MG equipment, and MG sends to MGC with clear-text way at reserved field with this random number.
Described be provided with the additional authentication parameter can also for: corresponding counter or clock are set in MG and MGC equipment respectively, with the current time stamp value of current Counter Value or clock correspondence as the additional authentication parameter.Or, in MGC equipment, be provided with and corresponding counter of the current MG that communicates by letter or clock, with the current time stamp value of current Counter Value or clock correspondence as the additional authentication parameter; And MGC sends to MG with current Counter Value.Wherein, described counter initial value is 0 or 1; MGC is placed on current Counter Value in the reserved field of MGC request command and sends to MG.So, in such scheme, MGC is after calculating the word of self signing among the step a, and step a further comprises: MGC adds 1 with current Counter Value.MG is after the compute authentication key, and this method further comprises: MG adds 1 with current Counter Value.
When cycle of carrying out during authentication, can repeat the step a~d in the such scheme.
Therefore, the safety certifying method based on MGCP provided by the present invention has following advantage and characteristics:
1) shares key K in MGC side and MG side
iUtilize and to share key as seed key, can be when MG and MGC authenticate mutually, further calculate the KI and the signature word of MGC side and MG side respectively, owing to should share only storage respectively in MGC and MG equipment of key, and need not transmit mutually, therefore can guarantee the confidentiality of KI and signature word.
2) when each authentication, another parameter Ra nd of compute authentication key and signature word is the random number that is produced at random by MGC, thereby has realized the generation of dynamic key, also realized simultaneously the bi-directional authentification between MG and the MGC, and then can prevent effectively that the forgery incident of MG from taking place.
3) the present invention also can be in each safety certification process, a disposable additional authentication parameter is set again, such as: random number of regeneration is as the additional authentication parameter, or counter or clock are set, utilize Counter Value or time stamp value as the additional authentication parameter, the possibility of bi-directional authentification can not only be guaranteed by different additional authentication parameter values, and illegal person's repeat attack can be prevented.
4) when MGC side and MG side were supported more than one key schedules and Digital Signature Algorithm at the same time or separately, the present invention also was furnished with negotiating algorithm mechanism, made both sides' selection more flexible, reliable, convenient.
5) the present invention is applicable to various MGCPs, and is as: MGCP agreement, the authentication registration process of agreement H.248, applied widely.
Description of drawings
The schematic flow sheet that Fig. 1 realizes for the inventive method.
Embodiment
The present invention is further described in more detail below in conjunction with drawings and the specific embodiments.
Basic thought of the present invention is: when utilizing MGCP to carry out safety certification between MG and MGC, by the MGCP security mechanisms is replenished, realize the authentication of identity.Specifically be exactly: shared key is set respectively in MG side and MGC side, MG and MGC utilize random number and the shared key that key schedule, Digital Signature Algorithm, MGC that both sides determine produce respectively then, calculate in this verification process self KI and signature word, and the signature that will calculate is from issuing the other side, the signature word that sends over by signature word that self is calculated and the other side compares then, whether with definite the other side is legal side, thereby finishes the authentication of the other side's secure identity.
Therefore, the prerequisite of the present invention's realization is: MG side and MGC side are shared a key K
i, key length is at least 128bit, and this key is stored in MGC and the MG equipment safely in advance.Safe storage described here is meant: this key adopts physics location mode, and this key anyone can not read writing the back.When a plurality of MG linked to each other with same MGC, different MG was shared different key K with MGC respectively
i, that is to say, can not adopt identical key K between the different MG
i
And, in MG and MGC equipment, keep a cover key schedule and a Digital Signature Algorithm at least, and require MG and MGC both sides to have identical key schedule and the Digital Signature Algorithm of a cover at least.In implementation procedure of the present invention, the key schedule f1 that utilizes both sides to support finishes the generation of dynamic key, and the Digital Signature Algorithm f2 that utilizes both sides to support realizes the identification authentication between MG and the MGC.
Referring to shown in Figure 1, the specific implementation process of safety certifying method of the present invention may further comprise the steps:
When step 101:MG carries out normal registration, send out the access request command in start-up time to MGC earlier, in this access request command, comprise MG sign (MGID) at least.Here, at the MGCP agreement, inserting request command can be special domain IP agreement (RSIP) order.This MGID can encrypt, and also can not encrypt, if MGID is encrypted, then needs to preestablish cryptographic algorithm, and is stored in respectively in MG and the MGC equipment, and MGID adopts this predefined cryptographic algorithm to encrypt.
If MG or MGC allow to support simultaneously many cover key schedules or Digital Signature Algorithm, that is to say, either party supports more than one key schedule or Digital Signature Algorithm MG or MGC, in this case, can preestablish the algorithm that adopts between MG and the MGC, also can between MG and MGC, carry out negotiating algorithm, to determine current key schedule that will adopt of both sides or Digital Signature Algorithm, carry out negotiating algorithm if desired, then also will carry the algorithm sign (ID) that MG supports in this access request command, this algorithm sign can be the key schedule that the MG side is supported, or Digital Signature Algorithm, or key schedule and Digital Signature Algorithm corresponding algorithm sign.
After step 102~104:MGC receives the access request command that MG sends, send to MG earlier and confirm response message ACK;
Then, MGC judges to insert in the request command whether carried the algorithm sign, comprises the algorithm sign in the request command if insert, and illustrates that both sides need carry out negotiating algorithm, and then MGC selectes key schedule f1 and the Digital Signature Algorithm f2 that this authentication will be adopted; If do not comprise the algorithm sign in the access request command, then MGC adopts predefined key schedule and Digital Signature Algorithm, respectively as key schedule f1 and Digital Signature Algorithm f2;
MGC produces a random number R and, utilizes selected key schedule f1, and MGC calculates the KI K of this verification process of MGC side according to formula (1)
AUTH:
K
AUTH=f1 (K
i, Rand) (1) and then according to the K that obtains
AUTHDigital Signature Algorithm f2 with selected calculates the signature word MGC that the MGC side is used to authenticate according to formula (2)
AUTH, this MGC
AUTHBe used to differentiate whether MGC is legal.
MGC
AUTH=f2(K
AUTH,Rand) (2)
Calculate signature word MGC
AUTHAfter, MGC sends the MGC request command to MG, comprises parameter Ra nd, MGC at least in this MGC request command
AUTHAnd reservation (Reserved) field, wherein, the Reserved field is optional, can select to carry one or more parameters as required, such as: MG and MGC both sides need carry out under the situation of negotiating algorithm, this Reserved field can comprise what MGC selected, just specifies the algorithm sign of the key schedule f1 and the Digital Signature Algorithm f2 of MG use.Here, for the MGCP agreement, the MGC request command can be the RQNT order.
Step 105~107:MG receives Rand, the MGC that MGC sends
AUTHAfter the Reserved field, definite earlier algorithm that should use, specific practice is: if carry the algorithm sign of selected key schedule f1 of MGC and Digital Signature Algorithm f2 in the Reserved field, then MG uses this key schedule f1 and Digital Signature Algorithm f2; Otherwise, use predefined key schedule and Digital Signature Algorithm, respectively as key schedule f1 and Digital Signature Algorithm f2; Take out Rand then, calculate the KI K of the current use of MG side according to key schedule f1 according to formula (3)
RES
K
RES=f1 (K
i, after Rand) (3) obtain KI, calculate the signature word MG of the current use of MG side again according to formula (4) according to Digital Signature Algorithm f2
RES
MG
RES=f2(K
RES,Rand) (4)
Judge MGC
AUTHWhether equal MG
RES, if then explanation is the information that legal MGC sends, and calculates the signature word MG that the MG side is used to authenticate according to formula (5) again
AUTH, this MG
AUTHBe used for allowing MGC confirm whether MG is legal;
MG
AUTH=f2 (K
RES, Rand) (5) calculate MG
AUTHAfter, MG sends out message to MGC, with the MG that calculates
AUTHNotice MGC, MG also sends the response message ACK of authentication success to MGC simultaneously.Here, the MG of step 106
AUTHThe response message of notification message and step 107 can merge, and promptly adopts a response message to send, and comprises the MG that calculates in this response message
AUTHWith the authentication successful information.
If MGC
AUTHBe not equal to MG
RES, then finish current flow process, or return step 103 and authenticate again, in this case, MG can send out this authentification failure of message informing MGC, also can not notify.
Step 108~109:MGC receives MG
AUTHxAfter, calculate the signature word MGC of self current use according to formula (6)
RES
MGC
RES=f2(K
AUTH,Rand) (6)
Judge MG then
AUTHWhether equal MGC
RES, if then explanation is the information that legal MG sends, MGC replys the response message to the success of MG authentication.If MG
AUTHBe not equal to MGC
RES, then finish current flow process, or return step 103 and authenticate again, in this case, MGC can send out this authentification failure of message informing MG, also can not notify.
Can finish the safety identification authentication process that MG inserts MGC by above-mentioned steps 101~109.For the subsequent cycle authentication, such as: required authentication during communication, or re-authentication process, but repeated execution of steps 103~109, but involved algorithm is selected and can be ignored in the step 103, that is to say, behind definite through consultation for the first time employed algorithm, do not need later on to consult again, directly adopt the algorithm of determining.As seen, can realize between MG and the MGC dynamic key management by above-mentioned steps, also realize bi-directional authentification simultaneously, that is: share key and only produce we based on the MGCP agreement, do not transmit, both sides only pass through the legitimacy of relatively determining the other side's identity of signature word.
In order to ensure fail safe higher between MG and the MGC, the additional authentication parameter of mutual correspondence can be set respectively in MGC and each MG in advance again, MG and MGC are when the signature word that calculates separately, except the random number of utilizing shared key, MGC to generate, key schedule and the Digital Signature Algorithm that both sides determine, also to utilize this additional authentication parameter.This additional authentication parameter can have multiple implementation, such as: generate a random number more separately, with this random number as the additional authentication parameter; A counter is set separately, and the currency that utilizes this counter is as the additional authentication parameter; Clock is set separately, with the time stamp value as additional authentication parameter or the like.Is example counter to be set and to utilize Counter Value as the additional authentication parameter, and following dual mode is arranged:
First kind of mode is provided with the counter of a correspondence respectively in MGC and MG equipment, the initial value of this counter is made as 0 or 1, because MGC corresponding a plurality of MG simultaneously, so a plurality of counters will be set, the corresponding MG of each counter.Like this, will increase Counter Value COUNT-MG or COUNT-MGC in the calculating of formula (2), formula (4), formula (5) and formula (6), then formula (2), formula (4), formula (5), formula (6) become formula (2 '), formula (4 '), formula (5 '), formula (6 ') respectively:
MGC
AUTH=f2(K
AUTH,COUNT-MGC,Rand) (2’)
MG
RES=f2(K
RES,COUNT-MG,Rand) (4’)
MG
AUTH=f2(K
RES,COUNT-MG,Rand) (5’)
MGC
RES=f2 (K
AUTH, COUNT-MGC, Rand) (6 ') in step 103, MGC calculates the signature word MGC that is used to authenticate simultaneously
AUTHAfter, Counter Value COUNT-MGC that self is current adds 1; In step 105, MG calculates after the KI of self current use, and Counter Value COUNT-MG that also will self is current adds 1.
The second way only is provided with this counter at MG or MGC one side, and same, the initial value of this counter is made as 0 or 1.In this case, just need be between MG and MGC current Counter Value be issued the other side during pass-along message.Such as: only a plurality of counters are set in the MGC side, the corresponding MG of each counter, when MGC and certain MG carried out safety certification, MGC can be placed on the current Counter Value of the current MG of correspondence and send to current MG in the Reserved field.
When if the additional authentication parameter that is provided with is random number, this random number will be expressly to send the other side to; When if the additional authentication parameter that is provided with is time stamp, the example of setting, application mode and corresponding use and above-mentioned counter is similar substantially, does not just need initialization, does not also need to send to the other side.
Scheme described above is not only applicable to the MGCP agreement, communicates by agreement H.248 between MG and MGC, is suitable for adopting the H.248 verification process of agreement fully yet.In a word, the above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention.
Claims (20)
1, a kind of safety certifying method based on MGCP is characterized in that: the shared key K that MGC and corresponding MG are set in media gateway (MG) and Media Gateway Controller (MGC) in advance
i, when carrying out safety certification between MG and the MGC, this method further comprises:
A.MGC generates random number R and, then according to the random number R and that is generated, shared key K
iAnd selected key schedule and Digital Signature Algorithm calculate the signature word that self is used to authenticate;
Signature word that b.MGC calculates step a and the random number R and that is generated send to MG;
After c.MG receives, earlier according to sharing key K
i, random number R and and selected key schedule and Digital Signature Algorithm, calculate the signature word of self current use, judge then whether the signature word that calculates is consistent with the signature word of being received, if, then the other side is legal MGC side, MG calculates the signature word that self is used to authenticate again, and the signature word that is used to authenticate that will calculate sends to MGC; Otherwise the other side is illegal MGC side, finishes the current authentication flow process;
After d.MGC receives, calculate the signature word of self current use, and judge whether the signature word that calculates is consistent with the signature word of being received, if then the other side is legal MG side; Otherwise the other side is illegal MG side.
2, method according to claim 1 is characterized in that, the calculating of described signature word further comprises: the random number R and that MG or MGC generate according to MGC earlier, shared key K
iAnd selected key schedule calculates KI; Calculate the signature word according to the current KI that calculates, random number R and and selected Digital Signature Algorithm again.
3, method according to claim 1 is characterized in that, when MG started registration, this method further comprised: MG sends the access request command that carries MG sign (MGID) at least to MGC.
4, method according to claim 3 is characterized in that, this method further comprises: described MGID is encrypted according to predefined cryptographic algorithm.
5, method according to claim 4 is characterized in that, this method further comprises: MGC is decrypted according to predefined decipherment algorithm described MGID after receiving and inserting request command.
6, method according to claim 1 is characterized in that, described selected key schedule and Digital Signature Algorithm is: set according to key schedule that MG and MGC supported and Digital Signature Algorithm in advance.
7, method according to claim 3 is characterized in that, further carries key schedule or Digital Signature Algorithm corresponding algorithm sign that the MG side is supported in the described access request command.
8, method according to claim 7, it is characterized in that, described selected key schedule and Digital Signature Algorithm are that MGC determines according to the algorithm sign that inserts in the request command, this algorithm deterministic process further comprises: after MGC receives the access request command that MG sends, judge whether to carry the algorithm sign, if carry the algorithm sign that MG supports, then MGC selectes the key schedule and the Digital Signature Algorithm that will use according to the algorithm that MG supports, and selected key schedule and Digital Signature Algorithm corresponding algorithm sign are sent to MG; Otherwise MGC directly adopts predefined key schedule and Digital Signature Algorithm.
9, method according to claim 1 is characterized in that, the shared key K of described MG and MGC
iBe stored in the position that is difficult for being read in MG and the MGC equipment.
10, method according to claim 1 is characterized in that, this method further comprises: an additional authentication parameter is set.
11, method according to claim 10 is characterized in that, the random number R and that MG and MGC generate according to MGC respectively, shared key K
i, key schedule and the additional authentication calculation of parameter KI determined.
12, method according to claim 10 is characterized in that, the random number R and that MG and MGC generate according to MGC respectively, shared key K
i, Digital Signature Algorithm and the additional authentication calculation of parameter signature word determined.
13, method according to claim 10 is characterized in that, the described additional authentication parameter that is provided with is: a random number is set in MGC equipment, and MGC sends to MG with clear-text way at reserved field with this random number.
14, method according to claim 10 is characterized in that, the described additional authentication parameter that is provided with is: a random number is set in MG equipment, and MG sends to MGC with clear-text way at reserved field with this random number.
15, method according to claim 10, it is characterized in that, the described additional authentication parameter that is provided with is: corresponding counter or clock are set in MG and MGC equipment respectively, with the current time stamp value of current Counter Value or clock correspondence as the additional authentication parameter.
16, method according to claim 10, it is characterized in that, the described additional authentication parameter that is provided with is: in MGC equipment, be provided with and corresponding counter of the current MG that communicates by letter or clock, with the current time stamp value of current Counter Value or clock correspondence as the additional authentication parameter; And MGC sends to MG with current Counter Value.
According to claim 15 or 16 described methods, it is characterized in that 17, described counter initial value is 0 or 1.
18, method according to claim 16 is characterized in that, MGC is placed on current Counter Value in the reserved field of MGC request command and sends to MG.
According to claim 15 or 16 described methods, it is characterized in that 19, MGC is after calculating the word of self signing among the step a, step a further comprises: MGC adds 1 with current Counter Value.
20, method according to claim 15 is characterized in that, MG is after the compute authentication key, and this method further comprises: MG adds 1 with current Counter Value.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB031495036A CN100450109C (en) | 2003-07-14 | 2003-07-14 | A safety authentication method based on media gateway control protocol |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB031495036A CN100450109C (en) | 2003-07-14 | 2003-07-14 | A safety authentication method based on media gateway control protocol |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1571407A true CN1571407A (en) | 2005-01-26 |
CN100450109C CN100450109C (en) | 2009-01-07 |
Family
ID=34472562
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB031495036A Expired - Fee Related CN100450109C (en) | 2003-07-14 | 2003-07-14 | A safety authentication method based on media gateway control protocol |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN100450109C (en) |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101217374B (en) * | 2008-01-18 | 2010-06-23 | 北京工业大学 | A protection method on user privacy in three-party conversation |
CN101841813A (en) * | 2010-04-07 | 2010-09-22 | 北京傲天动联技术有限公司 | Anti-attack wireless control system |
CN101198015B (en) * | 2007-12-27 | 2011-06-15 | 上海全景数字技术有限公司 | Digital television authentication system and encryption method thereof |
CN101217364B (en) * | 2007-12-28 | 2012-03-21 | 中国科学院计算技术研究所 | An organization structure and maintenance method of security context in media accessing control system |
CN101325582B (en) * | 2007-06-15 | 2012-08-08 | 华为技术有限公司 | Method, system and apparatus for protecting proxy mobile internet protocol signalling |
CN102640448A (en) * | 2009-05-13 | 2012-08-15 | 敬畏技术有限责任公司 | System and method for securely identifying and authenticating devices in a symmetric encryption system |
CN102801529A (en) * | 2012-08-27 | 2012-11-28 | 飞天诚信科技股份有限公司 | Card safety communication method |
CN103560875A (en) * | 2013-08-27 | 2014-02-05 | 兴唐通信科技有限公司 | Dedicated channel key negotiation method based on H.248 protocol |
US9130961B2 (en) | 2010-02-11 | 2015-09-08 | Huawei Technologies Co., Ltd. | Operating method, apparatus and system for media stream transmission key |
CN105409157A (en) * | 2013-07-29 | 2016-03-16 | 阿尔卡特朗讯 | Adaptive traffic encryption for optical networks |
CN105453621A (en) * | 2013-08-08 | 2016-03-30 | 三星电子株式会社 | Method and device for registering and certifying device in wireless communication system |
CN106470104A (en) * | 2015-08-20 | 2017-03-01 | 阿里巴巴集团控股有限公司 | For generating method, device, terminal unit and the system of shared key |
CN109087412A (en) * | 2018-06-06 | 2018-12-25 | 咕咚网络(北京)有限公司 | The connection method of door lock terminal and gateway in a kind of Wireless Networking door-locking system |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5991407A (en) * | 1995-10-17 | 1999-11-23 | Nokia Telecommunications Oy | Subscriber authentication in a mobile communications system |
CN1177445C (en) * | 2001-09-29 | 2004-11-24 | 华为技术有限公司 | Safe identification method of PC customer's terminal |
-
2003
- 2003-07-14 CN CNB031495036A patent/CN100450109C/en not_active Expired - Fee Related
Cited By (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101325582B (en) * | 2007-06-15 | 2012-08-08 | 华为技术有限公司 | Method, system and apparatus for protecting proxy mobile internet protocol signalling |
CN101198015B (en) * | 2007-12-27 | 2011-06-15 | 上海全景数字技术有限公司 | Digital television authentication system and encryption method thereof |
CN101217364B (en) * | 2007-12-28 | 2012-03-21 | 中国科学院计算技术研究所 | An organization structure and maintenance method of security context in media accessing control system |
CN101217374B (en) * | 2008-01-18 | 2010-06-23 | 北京工业大学 | A protection method on user privacy in three-party conversation |
CN102640448A (en) * | 2009-05-13 | 2012-08-15 | 敬畏技术有限责任公司 | System and method for securely identifying and authenticating devices in a symmetric encryption system |
US9130961B2 (en) | 2010-02-11 | 2015-09-08 | Huawei Technologies Co., Ltd. | Operating method, apparatus and system for media stream transmission key |
USRE48132E1 (en) | 2010-02-11 | 2020-07-28 | Huawei Technologies Co., Ltd. | Operating method, apparatus and system for media stream transmission key |
CN101841813B (en) * | 2010-04-07 | 2013-08-21 | 北京傲天动联技术股份有限公司 | Anti-attack wireless control system |
CN101841813A (en) * | 2010-04-07 | 2010-09-22 | 北京傲天动联技术有限公司 | Anti-attack wireless control system |
CN102801529A (en) * | 2012-08-27 | 2012-11-28 | 飞天诚信科技股份有限公司 | Card safety communication method |
WO2014032493A1 (en) * | 2012-08-27 | 2014-03-06 | 飞天诚信科技股份有限公司 | Safe communication method with card |
CN102801529B (en) * | 2012-08-27 | 2015-11-04 | 飞天诚信科技股份有限公司 | A kind of method of card safety communication |
CN105409157A (en) * | 2013-07-29 | 2016-03-16 | 阿尔卡特朗讯 | Adaptive traffic encryption for optical networks |
CN105453621B (en) * | 2013-08-08 | 2019-03-12 | 三星电子株式会社 | Method and apparatus for registering and verifying equipment in a wireless communication system |
US10178550B2 (en) | 2013-08-08 | 2019-01-08 | Samsung Electronics Co., Ltd. | Method and device for registering and certifying device in wireless communication system |
CN105453621A (en) * | 2013-08-08 | 2016-03-30 | 三星电子株式会社 | Method and device for registering and certifying device in wireless communication system |
US10911436B2 (en) | 2013-08-08 | 2021-02-02 | Samsung Electronics Co., Ltd. | Method and device for registering and certifying device in wireless communication system |
CN103560875B (en) * | 2013-08-27 | 2016-08-17 | 兴唐通信科技有限公司 | Designated lane cryptographic key negotiation method based on H.248 agreement and device |
CN103560875A (en) * | 2013-08-27 | 2014-02-05 | 兴唐通信科技有限公司 | Dedicated channel key negotiation method based on H.248 protocol |
CN106470104A (en) * | 2015-08-20 | 2017-03-01 | 阿里巴巴集团控股有限公司 | For generating method, device, terminal unit and the system of shared key |
CN106470104B (en) * | 2015-08-20 | 2020-02-07 | 阿里巴巴集团控股有限公司 | Method, device, terminal equipment and system for generating shared key |
TWI710244B (en) * | 2015-08-20 | 2020-11-11 | 香港商阿里巴巴集團服務有限公司 | Method, device, terminal equipment and system for generating shared key |
CN109087412A (en) * | 2018-06-06 | 2018-12-25 | 咕咚网络(北京)有限公司 | The connection method of door lock terminal and gateway in a kind of Wireless Networking door-locking system |
Also Published As
Publication number | Publication date |
---|---|
CN100450109C (en) | 2009-01-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN100346249C (en) | Method for generating digital certificate and applying the generated digital certificate | |
CN106533655B (en) | Method for safe communication of ECU (electronic control Unit) in vehicle interior network | |
Aiello et al. | Just fast keying: Key agreement in a hostile internet | |
US6038322A (en) | Group key distribution | |
CN1270471C (en) | Administration and utilization of secret fresh random numbers in networked environment | |
CN1219260C (en) | Method for controlling storage and access of security file system | |
CN1640092A (en) | System and method for providing key management protocol with client verification of authorization | |
CN103532713B (en) | Sensor authentication and shared key production method and system and sensor | |
CN1659821A (en) | Method for secure data exchange between two devices | |
CN1864384A (en) | System and method for protecting network management frames | |
CN1805341A (en) | Network authentication and key allocation method across secure domains | |
CN1234662A (en) | Enciphered ignition treatment method and apparatus thereof | |
CN1902853A (en) | Method and apparatus for verifiable generation of public keys | |
CN1611031A (en) | Method and system for providing client privacy when requesting content from a public server | |
CN1571407A (en) | A safety authentication method based on media gateway control protocol | |
CN1694395A (en) | Data authentication method and agent based system | |
CN100403742C (en) | A method of safety authentication between media gateway and media gateway controller | |
CN1992593A (en) | H.323 protocol-based terminal access method for packet network | |
CN1571335A (en) | A source authentication method applied in multicast communication system | |
CN1976338A (en) | Coordinate access control system of ternary structure | |
CN100461780C (en) | A safety authentication method based on media gateway control protocol | |
CN1943207A (en) | Fast and secure connectivity for a mobile node | |
CN1728637A (en) | Method for identifying physical uniqueness of networked terminal, and access authentication system for terminals | |
CN1881870A (en) | Method for safety communication between devices | |
KR100553792B1 (en) | Apparatus and method having a function of client-to-clinet authenticattion |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C17 | Cessation of patent right | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090107 Termination date: 20130714 |