CN101335985B - Method and system for safe fast switching - Google Patents
Method and system for safe fast switching Download PDFInfo
- Publication number
- CN101335985B CN101335985B CN2007101235911A CN200710123591A CN101335985B CN 101335985 B CN101335985 B CN 101335985B CN 2007101235911 A CN2007101235911 A CN 2007101235911A CN 200710123591 A CN200710123591 A CN 200710123591A CN 101335985 B CN101335985 B CN 101335985B
- Authority
- CN
- China
- Prior art keywords
- message
- nar
- mobile node
- key
- handover
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 76
- 230000008569 process Effects 0.000 claims abstract description 28
- 230000004044 response Effects 0.000 claims description 11
- 230000003993 interaction Effects 0.000 claims description 8
- 230000011664 signaling Effects 0.000 claims description 6
- 230000002452 interceptive effect Effects 0.000 claims 1
- 230000005540 biological transmission Effects 0.000 abstract description 8
- 230000007246 mechanism Effects 0.000 abstract description 5
- HDDSHPAODJUKPD-UHFFFAOYSA-N fenbendazole Chemical compound C1=C2NC(NC(=O)OC)=NC2=CC=C1SC1=CC=CC=C1 HDDSHPAODJUKPD-UHFFFAOYSA-N 0.000 abstract 1
- 229940092174 safe-guard Drugs 0.000 abstract 1
- 238000012795 verification Methods 0.000 description 27
- 238000010586 diagram Methods 0.000 description 22
- 101000852224 Mus musculus THO complex subunit 5 homolog Proteins 0.000 description 5
- 102100036436 THO complex subunit 5 homolog Human genes 0.000 description 5
- 238000013475 authorization Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000005538 encapsulation Methods 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000005457 optimization Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/0005—Control or signalling for completing the hand-off
- H04W36/0011—Control or signalling for completing the hand-off for data sessions of end-to-end connection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/0005—Control or signalling for completing the hand-off
- H04W36/0011—Control or signalling for completing the hand-off for data sessions of end-to-end connection
- H04W36/0016—Hand-off preparation specially adapted for end-to-end data sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W80/00—Wireless network protocols or protocol adaptations to wireless operation
- H04W80/04—Network layer protocols, e.g. mobile IP [Internet Protocol]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to a safe and fast switch method and a system, comprising: building a safe union between a moving node and an access router of objective network before fast switch; using the safe union to ensure the moving node safely accessed to NAR in the fast switch process of the moving node. The device comprises: a safe union building unit and a safe guard protection executing unit. According to the invention, through adjusting the required parameters in key generation in the fast switch process (namely first building the safe union between the moving node and NAR), the process of generating the sharing key is optimized in the fast switch, thereby ensuring the safe mechanism in data transmission not to affect the fast switch flow, and causing he switch process in a controlled range of the network.
Description
Technical field
The present invention relates to mobile communication technology, particularly relate to a kind of method and system of switching safely and fast.
Background technology
Mobile IP the 6th version (MIPv6, Mobile IP version 6) agreement is the Internet engineering duty group (IETF, Internet Engineering Task Force) mobility solution of Ti Chuing, this scheme can make mobile node (MN, Mobile Node) in moving process, keeps communication not to be interrupted, but also brought switching delay and security problems simultaneously.
There is the period that can't determine to send or receive packet in MN in handoff procedure, be called as switching delay during this period of time.Cause the main cause of switching delay to have link switchover to exist and postpone, and the operating process of MIPv6 agreement, for example move detect, new Care-of Address (CoA, Care-of Address) configuration, Binding Update etc.Using in (for example Voice over IP VoIP) in real time, switching delay often is unacceptable.
Defined fast moving IP (FMIP, Fast Mobile IP) agreement in the MIP working group of IETF, its essential idea be relevant information is carried out pre-configured, thereby reduce switching delay, improve performance of handoffs.
In the FMIP agreement, mainly defined two types switching, be respectively that prediction (Predictive) type switches and reaction (Reactive) type switches.
Switch for forecasting type, MN predicts in moving process and is about to the switching carried out, and it is informed primary access router (PAR, Previous Access Router).This PAR by with new couple in router (NAR, New Access Router) or the couple in router (AR of objective network, Access Router) mutual between obtains this MN and use new CoA under NAR, thus the delay of having avoided the address configuration process to cause.Simultaneously, MN sends to the packet of PAR in handoff procedure, is sent to NAR by PAR by tunnel mode and cushions, and has guaranteed that MN can receive packet after switching to new link, and has avoided losing of packet.
If the excessive velocities that MN moves, MN has little time to finish the reciprocal process that obtains new CoA on old link, and this MN has just arrived new link, and switching in this case is called response type and switches.Can not reduce switching delay though above-mentioned response type switches, can avoid owing to switch the packet loss phenomenon that causes.
At present; MN and AR use authentication (AAA; Authentication; Authorization and Accounting) server is set up the technical scheme of Security Association; this scheme does not have above-mentioned two kinds of switch application in the FMIP agreement; that is to say; in handoff procedure; by handover key (HK; Handover Key) guarantees the integrality of message; and, do not obtain practical application thereby generate the scheme of sharing key in the public key exchange of finishing under the protection of FMIP agreement between MN and the NAR.
The implementation procedure of switching fast under quick down switching of handover key, predictive mode and the reaction pattern is described respectively below.
The IKMP that utilizes AAA to assist generates the HK between MN and the AR, and this HK is used to protect FMIP protocol signaling message.Therefore, this IKMP has been specified message and the necessary precondition hypothesis between MN and the AR.It is shared between MN and aaa server that this agreement hypothesis is switched master key (HMK, HandoverMaster Key), and existing Security Association exists between AR and the aaa server.Under this hypothesis, be illustrated in figure 1 as handover key product process schematic diagram in the prior art, specifically comprise the steps:
Step 101: at first, MN generates one according to HMK and switches Integrity Key (HIK, HandoverIntegrity Key), and formula is: HIK=gprf+ (HMK, " Handover Integrity Key "); Then, MN sends handover key request (being HK Req) message and gives AR, this message is carried random number nonce1, the MN ID of message id, pseudo-random function, CoA, MN generation and the message authentication code (MAC, Message Authentication Code) that uses HIK to generate.
After step 102:AR receives above-mentioned HK Req message, this message is packaged into authentication request (being AAA Request) forwards by aaa protocol gives aaa server.
After step 103:AAA server received this AAA Request message, the MAC that uses HIK to generate carried out verification of correctness.If the MAC of this message is incorrect, then aaa server returns the message of authentication failed; Otherwise aaa server sends authentication response (being AAA Response) message of verification succeeds and gives AR, the random number nonce2 that aaa server produced when this message was carried the HK of aaa server generation and generated this HK.Wherein, the generation formula of HK is: HK=gprf+ (HMK, MN nonce|AAA nonce|MN ID|AR ID| " Handover Key ").
Step 104: after this AR receives the AAA Response message of verification succeeds, intercept the HK that this message is carried, remainder with this message is packaged into handover key response (being HK Resp) message again, and send to MN, the MAC that this HK Resp message also carries message id (with consistent among the HK Req), pseudo-random function, verification succeeds state information, Security Parameter Index (SPI, Security Parameter Index) and uses HK to generate.
Be illustrated in figure 2 as the quick switching flow schematic diagram of predictive mode in the prior art, specifically comprise the steps:
Step 201:MN sends quick Binding Update (FBU; Fast Binding Update) message is given PAR; this message is carried MN public keys (PK, Public Key) and HK Req message, and the MAC that this HK Req message uses the shared key HK between MN and the PAR to generate protects.
After step 202:PAR receives this FBU message, the MAC that at first uses HK to generate carries out verification of correctness, and if the verification passes, then PAR sends to switch and initiates (HI, Handover Initiate) message comprises MN PK to NAR in the HK Req message that this message is carried.
Step 203:NAR obtains MN PK from the HI message that receives, and generates the HK Resp message of carrying NAR PK, confirms that by switching (HAck, Handover Acknowledgement) message sends to PAR then.
Step 204:PAR adds the MAC that generates with HK in the HK Resp message that receives, and sends to MN by quick binding acknowledgement (FBAck, Fast Binding Acknowledgement).
Step 205:MN carries out verification of correctness to the MAC of the FBAck message that receives, and if the verification passes, then MN adopts asymmetric key mechanisms, promptly uses MN PK and NAR PK to generate and shares key.When MN entered the new link at NAR place, MN sent quick neighbours' bulletin (FNA, FastNeighbor Advertisement) message and gives NAR, and the MAC that this message uses above-mentioned shared key to generate protects, thereby MN finishes the switching to NAR by PAR.
Be illustrated in figure 3 as the quick switching flow schematic diagram of reaction pattern in the prior art, specifically comprise the steps:
Step 301: if the handoff failure of above-mentioned predictive mode when MN arrives the new link at NAR place, sends FNA message to NAR, this message is carried MN PK and HK Req.
Step 302:NAR sends to PAR to HK Req by FBU message after receiving this FNA message, and this message also carries NARPK.
After step 303:PAR receives this FBU message, check the MAC among the HK Req, and send carry HK Resp FBAck message to NAR, this message also carries NAR PK.
After step 304:NAR receives this HK Resp message, give MN with this forwards.At this moment, MN finishes the switching to NAR by PAR.
By above-mentioned disclosed technical scheme as can be known, also there is following defective in prior art:
1. the security mechanism of prior art also not exclusively generates shared key according to existing AAA framework, and the difference of this asymmetric key generting machanism and current mechanism is bigger, is unfavorable for implementing; Simultaneously, the amount of calculation that generates this shared key is bigger, will consume a large amount of computational resources of MN and AR;
2. in handoff procedure, aaa server is unknowable fully to above-mentioned shared key, is unfavorable for the management that operator switches MN;
3. in the quick switching of existing predictive mode,, then can't switch, and waste NAR sharing the computational resource of key if MN does not receive the FBAck message that PAR sends;
4. in the quick switching of existing reaction pattern, safety problem will cause switching delay.
Summary of the invention
The embodiment of the invention provides a kind of method and system of switching safely and fast, guarantees safe quick switching by the Security Association between the couple in router of setting up mobile node and objective network, reduces switching delay.
The embodiment of the invention provides a kind of method of switching safely and fast, and said method comprises step:
Before switching fast, set up the Security Association between the couple in router NAR of mobile node and objective network;
In the fast handover procedures of above-mentioned mobile node, utilize above-mentioned Security Association to guarantee that this mobile node safety is linked into above-mentioned NAR.
In addition, the embodiment of the invention also provides a kind of system of switching safely and fast, and said system comprises:
Security Association is set up the unit, is used for before switching fast, sets up the Security Association between the couple in router NAR of mobile node and objective network;
The safeguard protection performance element is used for the fast handover procedures at mobile node, utilizes above-mentioned Security Association to protect the Signalling exchange of this mobile node signaling in fast handover procedures, and makes this mobile node safety be linked into above-mentioned NAR.
By such scheme as can be known, the embodiment of the invention is before mobile node switches, set up the Security Association (such as shared handover key, handover key etc.) between the couple in router of mobile node and objective network earlier, after switching to the target networking, utilize above-mentioned Security Association to guarantee that above-mentioned mobile node safety is linked into the couple in router of objective network.Promptly key generates required parameter in the handoff procedure by adjusting, and realizes the optimization to the product process of sharing key, thereby reduces the influence of security mechanism to quick switching, reduces switching delay, guarantees that simultaneously handoff procedure is in the controlled range of network.
Description of drawings
Fig. 1 is a handover key product process schematic diagram in the prior art;
Fig. 2 is the quick switching flow schematic diagram of predictive mode in the prior art;
Fig. 3 is the quick switching flow schematic diagram of reaction pattern in the prior art;
The flow chart of the method that Fig. 4 switches safely and fast for the embodiment of the invention;
Fig. 5 is the quick switching flow schematic diagram of the predictive mode of the embodiment of the invention one;
Fig. 6 is the quick switching flow schematic diagram of the predictive mode of the embodiment of the invention two;
Fig. 7 is the quick switching flow schematic diagram of the reaction pattern of the embodiment of the invention three;
Fig. 8 is the quick switching flow schematic diagram of the predictive mode of the embodiment of the invention four;
Fig. 9 is the quick switching flow schematic diagram of the predictive mode of the embodiment of the invention five;
Figure 10 is the quick switching flow schematic diagram of the reaction pattern of the embodiment of the invention six;
Figure 11 is the quick switching flow schematic diagram of the predictive mode of the embodiment of the invention seven;
Figure 12 is the quick switching flow schematic diagram of the predictive mode of the embodiment of the invention eight.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is a part of embodiment of the present invention, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
Be illustrated in figure 4 as the flow chart of the method that the embodiment of the invention switches safely and fast, specifically comprise the steps:
Step 401: before switching fast, set up the Security Association between the couple in router of mobile node and objective network;
Step 402: in the fast handover procedures of this mobile node, utilize above-mentioned Security Association to guarantee that this mobile node safety switches to this couple in router.
The embodiment of the invention is adjusted parameter required when generating key by in handoff procedure, realizes the optimization to the product process of sharing key.
Be illustrated in figure 5 as the quick switching flow schematic diagram of predictive mode of the embodiment of the invention one.Compared with prior art, the MN in the present embodiment finishes switching with a plurality of candidate AR and prepares before the decision switching target, specifically comprise the steps:
Step 501:MN obtains the sign (AP-ID of surrounding access points, Access Point-Identifier), send request broker route announcement (RtSolPr to PAR then, Router Solicitation for ProxyAdvertisement) message is to obtain the AR-Info corresponding with target AP-ID.
After step 502:PAR receives above-mentioned RtSolPr message, act on behalf of route announcement (PrRtAdv, Proxy Router Advertisement) message, wherein comprise the AR-Info corresponding with target AP-ID to the MN transmission.
After step 503:MN receives above-mentioned PrRtAdv message, send handover key request (HK_REQ) message to NAR, the identify label that this message is carried can be media access control layer sign (the MAC ID of mobile node, Media Access Control Identifier), perhaps network access identifier (NAI, Net Access Identifier).This message uses the former Security Association between MN and the AAA to carry out integrity protection.
The mode that above-mentioned HK_REQ message is sent to NAR has following three kinds:
1. be that the packet mode of NAR address sends with source address as former Care-of Address (pCoA, previous Care-of Address), destination address, this method can be used in the simple IP network;
2. the mode with nested the Internet (IP-in-IP) sends, outside ip address is respectively pCoA and the PAR address of MN, implicit IP address is respectively pCoA and the NAR address of MN, and this method can be used in multicast Internet protocol (MIP, the Multicast Internet Protocol) network;
3. represent that with destination address head the mode of IP bag destination sends, the address of IP head is respectively pCoA and the PAR address of MN, after PAR receives the IP bag, according to the nose heave neotectonics IP bag of destination address, and with its address (being the NAR address) of mailing to the expression of destination address head, this method can be used in the MIP network.
After step 504:NAR receives above-mentioned HK_REQ message, by authentication authorization request (AAREQ) message it is encapsulated, and be transmitted to aaa server.
After step 505:AAA server receives above-mentioned AA REQ message, the MAC correctness of the HK_REQ message of its encapsulation is verified, and the Certificate Authority that will carry the checking result is responded (AARSP) message and is sent to NAR.If the verification passes, then carry new handover key (nHK, new Handover Key) between MN and the NAR in the AA RSP message.
Step 506:NAR writes down identify label and the nHK of this MN, and sends HK_RSP message to MN, and notice MN successfully sets up Security Association.
When step 507:MN decision was switched fast, MN sent FBU message to PAR, and this message uses the message authentication code pHK_MAC of former handover key (pHK, the previous Handover Key) generation of being shared by MN and PAR to carry out integrity protection.
Step 508:PAR verifies that to the correctness of above-mentioned pHK_MAC if the verification passes, PAR and NAR finish the mutual of HI message and HAck message, and send the FBAck message of carrying pHK_MAC to MN.
After step 509:MN arrives new link, send FNA message to NAR, the identify label of carrying MN in this message, and use nHK to generate MAC and protect.At this moment, MN finishes the fast handover procedures to NAR by PAR.
By above-mentioned steps as seen, the technical scheme of embodiment one can be divided into two stages realizations: before MN determines switching target, MN attempts can providing all NAR of corresponding informance to carry out the cipher key interaction process with PrRtAdv message, is finished the foundation of Security Association again by the NAR visited aaa server; After MN determined switching target, MN was with former Security Association protection FBU message, with corresponding new Security Association protection FNA message.
Understandable, the embodiment of the invention can also further be revised as: add MN and the NAR configuration to new Care-of Address (nCoA, New Care-of Address) information in step 503 and step 506.Can guarantee the uniqueness of nCoA in the HI/HAck interaction message of PAR and NAR thus, thereby avoid the switching delay that may cause by the nCoA conflict.
Fig. 6 is the quick switching flow schematic diagram of the predictive mode of the embodiment of the invention two.The step 601 of present embodiment is identical with corresponding step among the embodiment one to step 602, step 607 to step 609, and step 603 is as follows with the corresponding step difference of embodiment one to step 606:
After step 603:MN receives above-mentioned PrRtAdv message, send handover key request (HK_REQ) message to PAR, the identify label that this message is carried can be media access control layer sign (the MAC ID of mobile node, Media Access Control Identifier), perhaps network access identifier (NAI, Net Access Identifier).This message uses the former Security Association between MN and the AAA to carry out integrity protection.
Above-mentioned HK_REQ message is sent to three kinds of modes of NAR, with embodiment one, repeats no more.
After step 604:PAR receives above-mentioned HK_REQ message, by authentication authorization request (AAREQ) message it is encapsulated, and be transmitted to aaa server.
After step 605:AAA server receives above-mentioned AA REQ message, the MAC correctness of the HK_REQ message of its encapsulation is verified, and the Certificate Authority that will carry the checking result is responded (AA RSP) message and is sent to PAR.If the verification passes, then carry new handover key (nHK, new Handover Key) between MN and the NAR in the AA RSP message.
Step 605 ': aaa server sends AA RSP message to NAR, and this message is carried the handover key nHK between MN and the NAR.
Step 606:PAR writes down identify label and the nHK of this MN, and sends HK_RSP message to MN, and notice MN successfully sets up Security Association.
By above-mentioned steps as seen, embodiment two is with the difference of embodiment one, the cipher key interaction process of MN and NAR is indirectly to finish with aaa server mutual (undertaken by PAR, and NAR having neither part nor lot in) by MN, again by aaa server for the delivering key of each NAR generation to each NAR.Therefore, when MN need set up Security Association with a plurality of NAR, MN and aaa server only need be finished reciprocal process one time, have saved signaling consumption.
If the quick switching flow shown in the above-mentioned predictive mode embodiment is not finished smoothly, with embodiment one is example, promptly only finished the foundation of phase I Security Association, and MN is not able to do in time to send the new link that FBU message has just arrived the NAR place to PAR, so, switching mode will be converted to reaction pattern by the predictive mode among the embodiment one.
Fig. 7 is the quick switching flow schematic diagram of the reaction pattern of the embodiment of the invention three.Present embodiment is based on the phase I of above-mentioned predictive mode embodiment (promptly finishing the foundation of Security Association), because MN did not send FBU message to PAR before the new link that arrives the NAR place, therefore changes reaction pattern over to, and its concrete steps are as follows:
Step 701:MN sends initiatively neighbours' bulletin (UNA, Unsolicited NeighborAdvertisement) message to NAR, and this message is carried the MAC that is generated by nHK.
Step 702:MN sends FBU message to PAR; this message is carried pCoA, and uses the MAC that is generated by pHK to carry out integrity protection, because MN has arrived the new link at NAR place; therefore, this message can be that nCoA, destination address are the IP message transmission of PAR with source address.
After step 703:PAR receives above-mentioned FBU message, pHK_MAC is carried out verification of correctness, and the FBAck message that will carry this checking result sends to MN, because MN has arrived the new link at NAR place, therefore, this message can be that nCoA, destination address are the IP message transmission of MN with source address.Simultaneously, PAR will mail to the data cached nCoA that is forwarded to MN by the IP-in-IP tunnel of pCoA.
Fig. 8 is the quick switching flow schematic diagram of the predictive mode of the embodiment of the invention four.Compared with prior art, in the present embodiment, before MN decision switching target, PAR obtains the random number (AAA nonce) of aaa server earlier, and is ready for follow-up switching, specifically comprises the steps:
Step 801:PAR passes through link layer triggers (during for example the media-independent among the IEEE 802.21 switches, candidate network query requests (MIH_MN_HO_Candidate_Query request) message when MN switches) know that MN will switch, but there is not clear and definite switching target, at this moment, PAR sends AAA REQ message, acquisition request AAA nonce to aaa server.In actual applications, this step should occur in after the transmission of PrRtAdv message, before FBU message sends.
After step 802:AAA server is received AAA REQ message, the AAA RSP message that generates is sent to PAR, this message is carried AAA nonce and corresponding AAA nonce Index thereof, after PAR receives this message, AAA nonce and the corresponding AAA nonce Index thereof that therefrom extracts preserved.
Step 803: when the MN decision was switched fast, this MN sent FBU message to PAR, and this message is carried the nHK_Req that the request aaa server generates nHK, and the MAC that uses pHK to generate carries out integrity protection.
Step 804:PAR carries out verification of correctness to the MAC of this MN, if the verification passes, then sends HI message to NAR, and this message is carried nHK_Req and AAA nonce Index.Wherein, the necessary encipherment protection of this HI message, its concrete encryption is same as the prior art, does not repeat them here.
Step 804 ': PAR sends the affirmation message FAck of FBU to MN, and this message is carried AAAnonce, and the MAC that generates with pHK carries out integrity protection.MN carries out verification of correctness to the MAC of this message, if the verification passes, then can utilize following formula to generate nHK.
HK=gprf+(HMK,MN?nonce|AAA?nonce|MN?ID|AR?ID|“HandoverKey”)
Step 805 ': NAR obtains the nHK_Req that this message is carried after receiving above-mentioned HI message, and generates AAA REQ message and send to aaa server, and this message is carried AAA nonce Index.Simultaneously, in step 805, NAR sends HAck message to PAR.
After step 806:PAR receives above-mentioned HAck message, send FBAck message to MN, and the MAC that uses pHK to generate protects.
Step 806 ': aaa server inquires corresponding AAA nonce by this Index after receiving the AAA REQ message of carrying AAA nonce Index, and the formula in 904 generates nHK set by step, sends then and carries the AAA RSP message of nHK to NAR.
When step 807:MN arrives the new link at NAR place, send FNA message to NAR, the MAC that this message uses nHK to generate protects.At this moment, MN finishes the fast handover procedures to NAR by PAR.
If the quick switching flow shown in the present embodiment is not finished smoothly, promptly MN did not send FBU message to PAR before the new link that arrives the NAR place, then changed reaction pattern over to, and specific implementation can be referring to embodiments of the invention three.
In the present embodiment, PAR obtains the random number (nonce) of AAA in advance to AAA, and after MN sends FBU, return AAA nonce parameter by an acknowledge message, thus allow MN under the situation of not receiving quick binding acknowledgement FBAck, generate new handover key, finish switching flow.
Fig. 9 is the quick switching flow schematic diagrames of embodiment five predictive modes.In the embodiment of the invention, when the MN decision is switched, finish the foundation of interim Security Association, thereby realize switching safely and fast with target NAR.
Preparation before the MN decision is switched comprises the steps:
At first, MN and PAR generate HK according to the handover key product process of prior art;
Then, MN and PAR derive standard handover key (SHK, Standard HandoverKey) and interim handover key (THK, Temporary Handover Key) more respectively, and both computing formula are as follows:
SHK=gprf(HK,MN?pCoA|PAR?IP|“normal?handover?key”)
THK=gprf(HK,MN?pCoA|NAR?IP|“temporary?handover?key”)
Present embodiment specifically comprises the steps:
When step 901:MN decision will be switched fast, MN sent FBU message to PAR, and the MAC that this message uses SHK to generate carries out integrity protection.
Step 902:PAR carries out verification of correctness to its MAC after receiving this FBU message, and if the verification passes, then PAR sends HI message to NAR, and this message is carried THK.The necessary encipherment protection of HI message, its encryption technology is same as the prior art, repeats no more herein.
Step 903:NAR extracts THK after receiving this HI message from this message, and sends HAck message to PAR.
After step 904:PAR receives this HAck message, send FBAck message to MN, this message is used SHK to generate MAC and is protected.
After step 905:MN arrived the new link at NAR place, MN sent FNA message to NAR, and the MAC that this message uses THK to generate protects.At this moment, MN finishes the fast handover procedures to NAR by PAR.
Step 906: after handoff procedure finished, MN or PAR obtained new SHK and THK by the handover key product process shown in the prior art immediately, are used to switch next time.
By above-mentioned steps as can be known, present embodiment has increased SHK and THK on the basis of existing handover key generation technique key generates level, and wherein, SHK is used to set up the Security Association between MN and the PAR, THK passes to NAR by PAR, is used to set up the interim Security Association between MN and the NAR.Above-mentioned two Security Association common guarantee the MN in the present embodiment switch to NAR fast from PAR safety.
If the quick switching flow shown in the present embodiment is not finished smoothly, be the computational process that MN and PAR have finished SHK and THK, but MN is not able to do in time to send the new link that FBU message has just arrived the NAR place to PAR, so, switching mode will be converted to corresponding reaction pattern by the predictive mode among the embodiment five.
Figure 10 is the quick switching flow schematic diagram of the reaction pattern of the embodiment of the invention six.Present embodiment comprises the steps:
Step 1001:MN sends UNA message to NAR.Optionally, this message can utilize the MAC of THK generation to carry out integrity protection.
Step 1002:MN sends FBU message to PAR; this message is carried pCoA, and uses the MAC of pHK generation to carry out integrity protection, because MN has arrived the new link at NAR place; therefore, this message can be that nCoA, destination address are the IP message transmission of PAR with source address.
Step 1003:PAR carries out verification of correctness to its MAC after receiving this FBU message.If the verification passes, then send carry the checking result FBAck message to NAR because MN has arrived the new link at NAR place, therefore, this message can be that nCoA, destination address are that the IP message of MN sends with source address.Simultaneously, PAR is the data cached nCoA that is forwarded to MN by the IP-in-IP tunnel that mails to pCoA.At this moment, MN finishes the fast handover procedures to NAR by PAR.
Step 1004: after handoff procedure finishes, MN or NAR will initiate the generative process of new HK, and MN and PAR derive SHK and THK more respectively.
Figure 11 is the quick switching flow schematic diagram of the predictive mode of embodiment seven.In the present embodiment, after the MN decision is switched, successively set up a plurality of Security Associations with target NAR, guarantee MN in handoff procedure, it is effectively that a key must be arranged among a plurality of keys that generated, thereby realizes the quick switching of safety.
At first, definition nHK ' shares key between MN and the PAR, and nHK shares key between MN and the NAR.
Then, the computing formula of definition nHK ' and nHK is as follows:
Formula 111:
nHK’=gprf+(HMK,MN?nonce|MN?ID|AR?ID|“Handover?Key”)
Formula 112:
nHK=prf(nHK’,NAR?nonce)
Present embodiment comprises the steps:
Step 1101: when the MN decision is switched fast, send FBU message to PAR, this message is carried the request aaa server and is generated the nHK_Req of nHK and use the MAC of pHK generation to carry out integrity protection.
Step 1102:PAR carries out verification of correctness to the MAC of this MN, if the verification passes, then sends and carries the HI message of nHK_Req to NAR.The necessary encipherment protection of this message, its concrete encryption is same as the prior art, does not repeat them here.
Step 1103 ': NAR obtains the nHK_Req that this message is carried after receiving above-mentioned HI message, and generates AAA REQ message and send to aaa server, and this message is carried NAR nonce.Simultaneously, in step 1103, NAR sends HAck message to PAR, and this message is carried the random number N AR nonce of the NAR that is used to generate nHK.
After step 1104:PAR receives above-mentioned HAck message, send FBAck message to MN, and the MAC that uses pHK to generate protects.
Step 1104 ': after aaa server receives the AAA REQ message of carrying NAR nonce, generate nHK ', and transmission is carried the AAA RSP message of this nHK ' to NAR according to formula 111.This NAR generates nHK according to formula 112 after receiving this message.
When step 1105:MN arrived the new link at NAR place, if MN has received the FBAck message that PAR sends, then MN sent to the MAC that the FNA message of NAR uses nHK to generate and protects; If MN does not receive the FBAck message that PAR sends, then MN sends to the MAC that the FNA message of NAR uses nHK ' to generate and protects.Therefore accordingly, if carried FBU in the FNA message that NAR receives, then NAR thinks that MN does not receive FBAck message, uses MAC that nHK ' generates that the MAC of FBU is carried out verification of correctness; Therefore if do not carry FBU in the FNA message that NAR receives, then NAR thinks that MN has received FBAck message, uses MAC that nHK generates that the MAC of FBU is carried out verification of correctness.At this moment, MN finishes the fast handover procedures to NAR by PAR.
By above-mentioned steps as can be known, in the present embodiment, MN carries out interacting message via PAR and NAR, generates the first handover key nHK ' and the second handover key nHK; NAR receives the first handover key nHK ' that aaa server generates, and generates the second handover key nHK in view of the above, thereby has set up two Security Associations between MN and NAR.When the MN decision was switched, MN sent FNA message to NAR, and NAR judges the content of this message, and which handover key decision uses.Therefore, present embodiment has been avoided the switching problem that is brought by FBAck message in the prior art, has guaranteed the quick switching of safety.
If the quick switching flow shown in the present embodiment is not finished smoothly; be that MN did not send FBU message to PAR before the new link that arrives the NAR place; then switch mode is converted to reaction pattern by the predictive mode of present embodiment; its specific implementation and embodiments of the invention three are similar, and difference only is that MN sends to the MAC that the UNA message of NAR uses nHK ' to generate and protects.NAR then decides the MAC of its correctness of checking to use which key (nHK or nHK ') to generate by the sign position of judging UNA; The MAC that NAR also can use two keys (nHK or nHK ') to generate respectively carries out verification of correctness to UNA message, will be as the shared key between NAR and this MN by the corresponding secret key of checking.
The embodiment of the invention can also be divided into two stages and carry out: the phase I, before MN decision switching target, PAR obtains the random number (AAA nonce) of aaa server earlier; Second stage, after MN decision switching target, MN and target NAR successively set up a plurality of Security Associations, guarantee MN in handoff procedure, and it is effectively that a key must be arranged among a plurality of keys that generated, thereby realizes the quick switching of safety.
Figure 12 is the quick switching flow schematic diagram of the predictive mode of embodiment eight.The phase I of present embodiment is identical with the embodiment of the invention four, and step 1201 is identical to step 804 with step 801 to step 1204.The second stage of present embodiment specifically comprises the steps:
Step 1205 ': after NAR receives HI message, obtain the nHK_Req that this message is carried, and generate AAA REQ message and send to aaa server, this message is carried AAA nonce Index.Simultaneously, in step 1205, NAR sends HAck message to PAR.
After step 1206:PAR received above-mentioned HAck message, the FBAck message that AAA nonce is carried in transmission was to MN, and the MAC that uses pHK to generate protects.
Step 1206 ': aaa server inquires corresponding AAA nonce by this Index after receiving above-mentioned AAA REQ message, and generates nHK ' according to formula 111, sends the AAA RSP message of carrying nHK ' and AAA nonce then and gives NAR.After NAR receives this message, generate nHK according to formula 112.
When step 1207:MN arrived the new link at NAR place, if MN has received the FBAck message that PAR sends, then MN sent to the MAC that the FNA message of NAR uses nHK to generate and protects; If MN does not receive the FBAck message that PAR sends, then MN sends to the MAC that the FNA message of NAR uses nHK ' to generate and protects.Therefore accordingly, if carried FBU in the FNA message that NAR receives, then NAR thinks that MN does not receive FBAck message, uses MAC that nHK ' generates that the MAC of FBU is carried out verification of correctness; Therefore if do not carry FBU in the FNA message that NAR receives, then NAR thinks that MN has received FBAck message, uses MAC that nHK generates that the MAC of FBU is carried out verification of correctness.At this moment, MN finishes the fast handover procedures to NAR by PAR.
If the quick switching flow shown in the present embodiment is not finished smoothly, be that MN did not send FBU message to PAR before the new link that arrives the NAR place, then switch mode is converted to reaction pattern by the predictive mode of present embodiment, and its specific implementation is identical with embodiments of the invention six.
In addition, the embodiment of the invention also provides a kind of system for switching safely and fast, and this system comprises: Security Association is set up unit and safeguard protection performance element.Wherein, above-mentioned Security Association is set up the unit, is used for before switching fast, sets up the Security Association between the couple in router NAR of mobile node and objective network; Above-mentioned safeguard protection performance element is used for the fast handover procedures at mobile node, uses above-mentioned Security Association to guarantee that this mobile node safety is linked into above-mentioned NAR.
That is to say that above-mentioned Security Association is set up the unit and is responsible for setting up Security Association before switching generation, this Security Association is set up ground process may need independent messaging, also may together send with other message; Above-mentioned safeguard protection performance element at first will be set up the unit from Security Association and obtain key, uses this key that the signaling message that quick switching needs is carried out integrity protection (promptly calculating message authentication code) then, and message authentication code and this message are together sent.Be responsible for various quick switchings simultaneously and trigger on message ground relatively, and the content that gives information, and responsible messaging.
More than above-mentioned only be preferred implementation of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (10)
1. a method of switching safely and fast is characterized in that, comprising:
Before switching fast, set up the Security Association between the couple in router NAR of mobile node and objective network, specifically comprise: described mobile node and at least one NAR carry out cipher key interaction, generate Security Association, and described NAR initiatively or the passive access aaa server finish the foundation of described Security Association; Perhaps PAR obtains mobile node to aaa server in advance and generates the required key information of key, and after mobile node sends quick binding update messages by acknowledge message " return " key" information, mobile node generates handover key according to described key information, finishes the foundation of Security Association; Perhaps calculate standard handover key and interim handover key between mobile node and the PAR; When mobile node will switch, described PAR sent to NAR to described interim handover key in handoff trigger message, set up the Security Association between described mobile node and the described NAR; Perhaps described mobile node carries out interacting message by PAR and NAR, and generates first and second handover key after obtaining to generate the required key information of key; Perhaps described aaa server generates first handover key according to receiving secret key request message, and feeds back the generation result and give described NAR, and described NAR generates second handover key according to key information again, finishes the foundation of a plurality of Security Associations;
In the fast handover procedures of described mobile node, utilize described Security Association to guarantee that this mobile node safety is linked into described NAR.
2. according to the described method of switching safely and fast of claim 1, it is characterized in that,
The process that described NAR active visited aaa server is finished described Security Association foundation is:
Described mobile node sends at least one NAR with the handover key request message and carries out cipher key interaction, the message authentication code that comprises the identify label of mobile node in this handover key request message and utilize the key between described mobile node and the aaa server to generate;
Described NAR is transmitted to aaa server with described handover key request message;
If described aaa server verifies that the message authentication code in the described handover key request message is correct, then, comprise the handover key between this mobile node and the NAR in this checking message to described NAR feedback checking message;
Described NAR writes down the handover key of described mobile node, generates message authentication code according to described handover key, and the response of feedback handover key, and this handover key response comprises the message authentication code that generates according to described handover key;
If described mobile node checking is correct according to the message authentication code that described handover key generates, then finishes Security Association and set up; Perhaps
The process that described NAR passive access aaa server is finished described Security Association foundation is:
Described mobile node sends to aaa server by source network couple in router PAR with the handover key request message and carries out cipher key interaction, the message authentication code that comprises the identify label of mobile node in this handover key request message and utilize the key between described mobile node and the aaa server to generate;
After described aaa server verifies that the message authentication code in the described handover key request message is correct, utilize the handover key response message of the message authentication code subtend mobile node feedback that self generates to carry out integrity protection; And described handover key response message fed back to mobile node by PAR; And described aaa server generates the handover key of each NAR correspondence according to cipher key interaction information, and described handover key is handed down to NAR respectively;
Described mobile node generates the handover key corresponding with each NAR after verifying that the message authentication code of described aaa server generation is correct, finishes the foundation of Security Association.
3. according to the described method of switching safely and fast of claim 2, it is characterized in that described mobile node sends to all NAR with the handover key request message and comprises following arbitrary mode at least:
With source address is former Care-of Address, and destination address is that the packet of the address of NAR sends;
Utilize the mode of nested the Internet to send;
Utilize destination address head to send as the destination address of IP bag.
4. according to the described method of switching safely and fast of claim 2, it is characterized in that, switch fast for predictive mode, switch to fast among the NAR at described mobile node, the detailed process of utilizing described Security Association to guarantee that this mobile node safety is linked into described NAR is:
Described mobile node sends quick binding update messages to PAR, and the Message Authentication Code that this message uses the handover key between described mobile node and the described PAR to produce carries out integrity protection;
After described PAR verifies described Message Authentication Code, and with NAR mutual after, feedback is carried the quick binding acknowledgement message of the message authentication code of handover key and is given mobile node;
Described mobile node adopts it and the message authentication code of handover key generation between the described NAR to protect quick neighbours' announcement message.
5. according to the described method of switching safely and fast of claim 2, it is characterized in that, switch fast for reaction pattern, when mobile node inserts NAR, send neighbours' announcement message of not having request to NAR earlier, the Message Authentication Code that utilizes the handover key between mobile node and the described NAR to generate in this message is protected;
Send quick binding update messages to PAR again, carry former Care-of Address in this message, adopt former handover key to generate Message Authentication Code to this message and carry out integrity protection;
Described PAR feeds back quick binding acknowledgement message after verifying that described Message Authentication Code is correct, and is the new Care-of Address that the packet of former Care-of Address is forwarded to mobile node with destination address.
6. according to the described method of switching safely and fast of claim 2, it is characterized in that described handover key request message also comprises the new address information that is used to dispose mobile node; The new Care-of Address that comprises mobile node in the described handover key response message.
7. according to the described method of switching safely and fast of claim 1, it is characterized in that the process of the foundation of finishing Security Association in switching fast for predictive mode is:
The key information that mobile node needed when PAR obtained switching to aaa server;
When described mobile node switches, obtain the key information that needs when switching to described PAR by quick binding update messages; Carry the handover key request message in the wherein said quick binding update messages, and utilize the handover key between this mobile node and the PAR to protect this message;
Described mobile node generates new handover key according to described key information, and by handoff trigger message secret key request message and key information sign is sent to aaa server;
Behind the described aaa server authentication secret request message, find key information according to the key information sign, generate new handover key, and described new handover key is handed down to NAR, Security Association is set up and is finished;
For the process of finishing Security Association foundation in the quick switching of reaction pattern be:
Mobile node sends neighbours' announcement message of not having request to NAR, and this message is used the handover key protection between that described mobile node generates in advance and the NAR or do not protected;
Send quick binding update messages to PAR, carry former Care-of Address in this message, adopt former handover key to generate Message Authentication Code to this message and carry out integrity protection;
Described PAR feeds back quick binding acknowledgement message, and the packet of the former Care-of Address of destination address is forwarded to the new Care-of Address of mobile node after checking.
8. according to the described method of switching safely and fast of claim 1, it is characterized in that,
Process for the foundation of finishing Security Association in the quick switching of predictive mode is:
Mobile node sends the quick binding update messages that carries the handover key request message to PAR, and this updating message uses the handover key between described mobile node and the PAR to generate message authentication code, and described mobile node generates first handover key simultaneously;
Behind the described PAR good authentication message authentication code, described handover key request message is sent to described NAR, consult handover key information simultaneously; And the handover key information of consulting sent to described mobile node, described mobile node generates second handover key according to described handover key information;
Described NAR sends to aaa server to handoff request message, after the described aaa server checking handoff request message, generates first handover key and feeds back to described NAR;
Described NAR generates second handover key according to first handover key and handover key information;
When mobile node arrives NAR, use first or second handover key to protect neighbours' announcement message according to whether receiving that quick binding message decides, finish the foundation of a plurality of Security Associations;
For the process of finishing Security Association foundation in the quick switching of reaction pattern be:
Mobile node sends neighbours' announcement message of not having request to NAR, and this message is used the handover key protection between that described mobile node generates in advance and the NAR or do not protected;
Send quick binding update messages to PAR again, carry former Care-of Address in this message, adopt former handover key to generate Message Authentication Code to this message and carry out integrity protection;
Described PAR feeds back quick binding acknowledgement message after checking, and is the new Care-of Address that the packet of former Care-of Address is forwarded to mobile node with destination address.
9. the described according to Claim 8 method of switching safely and fast is characterized in that the mode of described while arranging key information comprises:
PAR obtains arranging key information to the aaa server request in advance, and described arranging key information is sent to NAR; Perhaps
Described NAR generates a key information earlier, and described key information is fed back to PAR.
10. a system of switching safely and fast is characterized in that, comprising:
Security Association is set up the unit, is used for before switching fast, sets up the Security Association between the couple in router NAR of mobile node and objective network; Specifically comprise: described mobile node and at least one NAR carry out cipher key interaction, generate Security Association, and described NAR initiatively or the passive access aaa server finish the foundation of described Security Association; Perhaps PAR obtains mobile node to aaa server in advance and generates the required key information of key, and after mobile node sends quick binding update messages by acknowledge message " return " key" information, mobile node generates handover key according to described key information, finishes the foundation of Security Association; Perhaps calculate standard handover key and interim handover key between mobile node and the PAR; When mobile node will switch, described PAR sent to NAR to described interim handover key in handoff trigger message, set up the Security Association between described mobile node and the described NAR; Perhaps described mobile node carries out interacting message by PAR and NAR, and generates first and second handover key after obtaining to generate the required key information of key; Perhaps described aaa server generates first handover key according to receiving secret key request message, and feeds back the generation result and give described NAR, and described NAR generates second handover key according to key information again, finishes the foundation of a plurality of Security Associations;
The safeguard protection performance element is used for the fast handover procedures at mobile node, uses described Security Association to protect the secure interactive of this mobile node signaling in fast handover procedures, and makes this mobile node safety be linked into described NAR.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101235911A CN101335985B (en) | 2007-06-29 | 2007-06-29 | Method and system for safe fast switching |
| PCT/CN2008/071483 WO2009003404A1 (en) | 2007-06-29 | 2008-06-30 | A method and an apparatus for fast handover |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101235911A CN101335985B (en) | 2007-06-29 | 2007-06-29 | Method and system for safe fast switching |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101335985A CN101335985A (en) | 2008-12-31 |
| CN101335985B true CN101335985B (en) | 2011-05-11 |
Family
ID=40198225
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007101235911A Expired - Fee Related CN101335985B (en) | 2007-06-29 | 2007-06-29 | Method and system for safe fast switching |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101335985B (en) |
| WO (1) | WO2009003404A1 (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120268291A1 (en) * | 2011-04-19 | 2012-10-25 | John Christopher Boot | Systems and method for transmitting data in an advanced metering infrastructure |
| WO2015013964A1 (en) * | 2013-08-01 | 2015-02-05 | Nokia Corporation | Methods, apparatuses and computer program products for fast handover |
| EP3182665A1 (en) * | 2014-08-13 | 2017-06-21 | Yulong Computer Telecommunication Scientific (Shenzhen) Co., Ltd. | Switching method and switching system between heterogeneous networks |
| CN109379391B (en) * | 2018-12-25 | 2021-06-01 | 北京物芯科技有限责任公司 | Communication method, device, equipment and storage medium based on IPSec |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003100751A1 (en) * | 2002-05-23 | 2003-12-04 | Mitsubishi Denki Kabushiki Kaisha | Data conversion device and data conversion method |
| US20040240412A1 (en) * | 2003-05-27 | 2004-12-02 | Winget Nancy Cam | Facilitating 802.11 roaming by pre-establishing session keys |
| CN1750533A (en) * | 2004-09-15 | 2006-03-22 | 华为技术有限公司 | Method for realizing safety coalition backup and switching |
| CN1937836A (en) * | 2005-09-19 | 2007-03-28 | 华为技术有限公司 | Method for updating safety alliance information after mobile terminal switching |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040236939A1 (en) * | 2003-02-20 | 2004-11-25 | Docomo Communications Laboratories Usa, Inc. | Wireless network handoff key |
| CN1186906C (en) * | 2003-05-14 | 2005-01-26 | 东南大学 | Wireless LAN safety connecting-in control method |
| KR20070034060A (en) * | 2004-06-30 | 2007-03-27 | 마츠시타 덴끼 산교 가부시키가이샤 | Communication handover method, communication message processing method, and communication control method |
| WO2006102565A2 (en) * | 2005-03-23 | 2006-09-28 | Nortel Networks Limited | Optimized derivation of handover keys in mobile ipv6 |
| JP2008541655A (en) * | 2005-05-16 | 2008-11-20 | トムソン ライセンシング | Secure handoff over wireless local area network |
-
2007
- 2007-06-29 CN CN2007101235911A patent/CN101335985B/en not_active Expired - Fee Related
-
2008
- 2008-06-30 WO PCT/CN2008/071483 patent/WO2009003404A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003100751A1 (en) * | 2002-05-23 | 2003-12-04 | Mitsubishi Denki Kabushiki Kaisha | Data conversion device and data conversion method |
| US20040240412A1 (en) * | 2003-05-27 | 2004-12-02 | Winget Nancy Cam | Facilitating 802.11 roaming by pre-establishing session keys |
| CN1750533A (en) * | 2004-09-15 | 2006-03-22 | 华为技术有限公司 | Method for realizing safety coalition backup and switching |
| CN1937836A (en) * | 2005-09-19 | 2007-03-28 | 华为技术有限公司 | Method for updating safety alliance information after mobile terminal switching |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101335985A (en) | 2008-12-31 |
| WO2009003404A1 (en) | 2009-01-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP5004037B2 (en) | Method for creating a security association in a mobile IP network | |
| CN101542967B (en) | MIH pre-authentication | |
| WO2007082007A2 (en) | Systems and methods for mobility management on wireless networks | |
| Chuang et al. | A lightweight mutual authentication mechanism for network mobility in IEEE 802.16 e wireless networks | |
| KR20080011004A (en) | Security management method in a mobile communication system using proxy mobile internet protocol and system thereof | |
| EP2471289A2 (en) | Pre-registration security support in multi-technology interworking | |
| WO2009078615A2 (en) | Integrated handover authenticating method for next generation network (ngn) with wireless access technologies and mobile ip based mobility control | |
| CN101335985B (en) | Method and system for safe fast switching | |
| Sajjad et al. | A comprehensive review of enhancements and prospects of fast handovers for mobile IPv6 protocol | |
| CN101304365B (en) | Authentication method and authentication system | |
| You et al. | SPFP: Ticket-based secure handover for fast proxy mobile IPv6 in 5G networks | |
| CN102026190B (en) | Rapid and safe heterogeneous wireless network switching method | |
| Kim et al. | Diffie-Hellman key based authentication in proxy mobile IPv6 | |
| Chai et al. | Security analysis of fast inter-LMA domain handover scheme in proxy mobile IPv6 networks | |
| You et al. | ESS-FH: Enhanced security scheme for fast handover in hierarchical mobile IPv6 | |
| Lin et al. | Mobile intelligent agent technologies to support intelligent handover strategy | |
| CN101111058A (en) | Method and system for preventing package loss in switching course | |
| Hussein | Performance evaluation of mobile Internet protocol version 6 | |
| Im et al. | Security-effective fast authentication mechanism for network mobility in proxy mobile IPv6 networks | |
| CN101431753B (en) | Protection method and apparatus for mobile IPv6 fast switching | |
| You et al. | Enhancing MISP with fast mobile IPv6 security | |
| CN101860846A (en) | Position prejudgment-based prequalification fast switching method | |
| KR20080010990A (en) | Method for serving mobile node supporting mobile ip in mobile telecommunication system using proxy mobile ip and therefor system | |
| Mei et al. | A secure fast handover scheme based on AAA protocol in mobile IPv6 networks | |
| Chai et al. | On security-effective and global mobility management for FPMIPv6 networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: SHENZHEN TINNO WIRELESS TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: HUAWEI TECHNOLOGY CO., LTD. Effective date: 20140617 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 518129 SHENZHEN, GUANGDONG PROVINCE TO: 518053 SHENZHEN, GUANGDONG PROVINCE |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20140617 Address after: 4, A, building 518053, building H-3, East China Town, 1, Xiangshan East Street, Shenzhen, Guangdong, Nanshan District Patentee after: Shenzhen Tinno Wireless Technology Co., Ltd. Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Patentee before: Huawei Technologies Co., Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20110511 Termination date: 20190629 |