CN106341366A - Method and device for backuping multiple key servers and key server - Google Patents
Method and device for backuping multiple key servers and key server Download PDFInfo
- Publication number
- CN106341366A CN106341366A CN201510391503.0A CN201510391503A CN106341366A CN 106341366 A CN106341366 A CN 106341366A CN 201510391503 A CN201510391503 A CN 201510391503A CN 106341366 A CN106341366 A CN 106341366A
- Authority
- CN
- China
- Prior art keywords
- key
- group
- current
- information
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 230000001360 synchronised effect Effects 0.000 claims description 17
- 230000005540 biological transmission Effects 0.000 claims description 8
- 230000008859 change Effects 0.000 claims description 4
- 230000000977 initiatory effect Effects 0.000 claims description 3
- 238000012790 confirmation Methods 0.000 abstract description 4
- 238000004891 communication Methods 0.000 abstract description 2
- 230000008569 process Effects 0.000 description 8
- 238000005538 encapsulation Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/40—Support for services or applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1073—Registration or de-registration
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Storage Device Security (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and device for backuping multiple key servers and a key server, and relates to the technical field of communication. The method disclosed by the invention comprises the steps that a GM (Group Member) configures multiple KSs (Key Servers), the GM initiates a first stage of IKE (Internet Key Exchange) negotiation to all of the KSs, generates a key of the first stage and sends a group identifier (ID) to all of the KSs; the GM receives safety policies fed back by each KS, selects a KS from the KSs which receive the safety policies to act as the current KS, sends a confirmation message to the current KS, and synchronizes the selected current KS and safety policy information thereof to all the other KSs; and the GM receives a TEK (Traffic Encryption Key) and a KEK (Key Encryption Key) which are fed back by the current KS, and synchronizes the TEK and the KEK of the current KS to all the other KSs. According to the technical scheme disclosed by the invention, a synchronization message is forwarded to all KSs through the GM, so that a purpose that the multiple KSs are consistent in data.
Description
Technical field
The application is related to communication technical field, particularly to a kind of get vpn (group encrypted
Transport virtual private network, group encryption transfer of virtual private network) in many key
The scheme that server (ks, key server) backs up.
Background technology
(group encrypted transport virtual private network, group encryption passes get vpn
Defeated virtual private networks) it is a kind of ipsec security model based on group, same group of member
Gm (group member, group membership) shares the information such as identical security strategy and key.ks(key
Server, key server) to manage the information such as security strategy and the key of each group by different groups,
Ks is responsible for for the information such as security strategy and key being handed down to the gm to register, and is responsible in key life
Before phase time-out, by rekey message informing gm more new key.
As shown in figure 1, interaction is as follows between traditional gm and ks:
1st, the ike that gm initiates the first stage to ks consults, and generates the key of first stage, for adding
The close message interacting between gm and ks below;
2nd, gm is to ks transmission group id;
3rd, group id that ks sends according to gm, inquires about locally configured information, and sending to gm should
Organize corresponding security strategy and (include traffic flow information interested, encryption, identifying algorithm, encapsulation mode
Deng);
4th, after gm receives security strategy, send to ks and confirm message;
5th, after ks receives the confirmation message that gm sends, key information, tek (tranfic are sent to gm
Encrytion key, the key of encryption flow, for encrypting the flow between gm) and kek (key
Encrytion key, the key of encryption key, for encrypting the rekey message that ks sends to gm);
6th, before key lifetimes expire, ks can send rekey message Lai Geng Xinmi City to gm
Key, if gm does not receive rekey message always, it will again initiate a registration process to ks,
Reacquire security strategy and key.
In get vpn network, ks manages the information such as all security strategies and key concentratedly, once
Ks breaks down, and will directly influence the encryption business of correlation, disposes multiple stage ks, provides ks's
Backup is just particularly important.
Content of the invention
The technical problem to be solved is to provide a kind of method of multi-key cipher server ks backup
And equipment, key server, to solve the problems, such as that between many ks, data may be inconsistent.
In order to solve above-mentioned technical problem, the invention discloses a kind of side of multi-key cipher server ks backup
Method, the method includes:
After group membership gm configures multiple ks, described group membership gm all initiates the first rank to all ks
The key of section exchanges ike to be consulted, and generates the key of first stage, and to all ks transmission group mark respectively
Know id;
After described gm receives the security strategy of each ks feedback, select from the ks receiving security strategy
One ks is current ks, sends to described current ks and confirms message, and the current ks by selection
It is synchronized to other all ks with its security policy information;
Described gm receives the encryption key tek of flow and the key of encryption key of current ks feedback
After kek, tek and kek of current ks is synchronized to other all ks.
Alternatively, said method also includes:
Before key lifetimes expire, if described gm does not receive the renewal that current ks sends always
Key message, then send key updating request message to all ks;
It is current ks that described gm reselects a ks from the ks receiving renewal key message, and
The current ks reselecting and its security policy information are synchronized to other all ks.
Alternatively, said method also includes:
Each ks receives group id that gm sends, and inquires about the corresponding locally configured information of this group id;
If described ks inquires the corresponding locally configured information of this group id, send this group to gm right
The security strategy answered;
If described ks does not inquire the corresponding locally configured information of this group id, this group of blotter
Id, is preserved when receiving this group id corresponding information.
Alternatively, in said method, after described this group id of ks blotter, if in setting duration not
Receive any information of this group, then delete this group id of blotter.
The invention also discloses a kind of equipment of multi-key cipher server ks backup, this equipment includes:
First module, when being configured with multiple ks, the key all initiating the first stage to all ks is handed over
Change ike to consult, generate the key of first stage, and transmission group identifies id respectively to all ks;
Second unit, after receiving the security strategy of each ks feedback, from the ks of the security strategy receiving
Select one to be current ks, send to described current ks and confirm message, and the current ks by selection
It is synchronized to other all ks with its security policy information;
Unit the 3rd, is receiving the key tek of the encryption flow that current ks feeds back and the close of encryption key
After key kek, tek and kek of current ks is synchronized to other all ks.
Alternatively, the said equipment also includes:
Unit the 3rd, before key lifetimes expire, if do not receive current ks always send more
New key message, then send key updating request message to all ks;
Now, described second unit, reselects a ks from the ks of the renewal key message receiving
For current ks, and the current ks reselecting and its security policy information are synchronized to other all ks.
The invention also discloses a kind of key server ks, comprising:
First module, receives the group mark id that group membership gm sends, inquires about this group id corresponding local
The information of configuration;
Second unit, when inquiring the corresponding locally configured information of this group id, sending to gm should
Organize corresponding security strategy;
Do not inquiring the corresponding locally configured information of this group id, then this group id of blotter, due-in
Preserved during to the corresponding information of this group id.
Alternatively, in above-mentioned server, described second unit, after this group id of blotter, if setting
Do not receive any information of this group in timing is long, then delete this group id of blotter.
Technical scheme is passed through gm and is forwarded synchronization message to all ks, reaches many ks data one
The purpose causing.Compared with prior art, the application has the advantage that
Do not need between ks to dispose specific redundancy backup agreement again, reduce the equipment requirements to ks, lead to
Cross gm and forward synchronization message to all ks, you can realize many ks data unanimously, facilitate feasible, easily
In realization;
As long as one ks equipment of configuration, you can realize the unification of all ks data it is not necessary to every ks
All go to carry out mass data configuration and synchronization, more intelligent;
When key information, choose the information such as ks to change when, gm can notify other ks immediately, real
Now quick real-time synchronization;
Between gm and ks during link failure, the ks of backup directly can carry out rekey, and not
Gm is needed again to initiate the log-on consultation of a new round to ks.
Brief description
Fig. 1 is interaction schematic diagram between traditional gm and ks involved in the present invention;
Fig. 2 is the flow chart that in the embodiment of the present invention, gm backs up to the many ks of ks registration process;
Fig. 3 is the flow chart of many ks backups during rekey in the embodiment of the present invention.
Specific embodiment
For making the object, technical solutions and advantages of the present invention become more apparent, below in conjunction with accompanying drawing pair
Technical solution of the present invention is described in further detail.It should be noted that in the case of not conflicting, this
Feature in the embodiment and embodiment of application can arbitrarily be mutually combined.
Embodiment 1
The present embodiment provides a kind of method of multi-key cipher server ks backup, and main inclusion is following to be operated:
After group membership gm configures multiple ks, the key that gm all initiates the first stage to all ks is handed over
Change ike to consult, generate the key of first stage, and transmission group identifies id respectively to all ks;
After gm receives the security strategy of each ks feedback, from the ks receiving security strategy, select one
Ks is current ks, sends to current ks and confirms message, and by the current ks of selection and its safety
Policy information is synchronized to other all ks;
After gm receives tek and kek of current ks feedback, tek and kek of current ks is same
Walk other all ks.
Based on said method, key updating operation can also be included, that is, before key lifetimes expire,
If gm does not receive the renewal key message that current ks sends always, send key more to all ks
New request message.It is current ks that gm reselects a ks from the ks receiving renewal key message,
And the current ks reselecting and its security policy information are synchronized to other all ks.
For the operation of above-mentioned gm side, the operation of ks side includes: group id that ks sends according to gm,
Inquire about locally configured information, send the corresponding security strategy of this group to gm and (include data interested
Stream information, encryption, identifying algorithm, encapsulation mode etc.);If the not corresponding safe plan of this group on ks
Slightly, then the Given information such as blotter group id.As any in do not received this group always in follow-up setting duration
Information, then delete the information of blotter.
It is noted that the ike that gm all initiates the first stage to all ks consults, and issue group id
Afterwards, when selecting current ks, can be to randomly choose or select according to default selection strategy.
For example, randomly choose a ks from the ks replying confirmation message as current ks.Or press
According to default selection strategy, first is replied and confirms that the ks of message is chosen as current ks.
In the same manner, gm sends key updating request message to all ks, is used for reselecting current ks
When or random selection or according to default selection strategy select.For example, from response gm rekey
Randomly choosing a ks in the ks of message is current ks.Or according to default selection strategy, gm
Current ks can be chosen as with the ks of the first rekey message receiving.
Below in conjunction with the accompanying drawings and concrete application, the detailed implementation process of said method is described.Taking Fig. 2 as a example
The detailed process that gm backs up to the many ks of ks registration process is described, this process comprises the steps:
Step 201, after gm configures multiple ks, gm initiates the ike of first stage to all ks
Consult, generate the key of first stage, for encrypting the message interacting between gm and ks below;
Step 202, gm is to all ks transmission groups id;
Step 203, group id that each ks sends according to gm, inquire about this locally configured group id
Corresponding information, if inquired, goes to step 204;If inquiry is less than going to step 205;
Step 204, ks sends the corresponding security strategy of this group to gm and (includes data flow letter interested
Breath, encryption, identifying algorithm, encapsulation mode etc.);
Step 205, the Given information such as ks blotter group id, such as it is successfully received the information of this group, turn
To step 208;As subsequently do not received any information of this group, then go to step 206;
Step 206, ks deletes the information of blotter;
Step 207, gm replys to ks and confirms message, is defined by the ks of first reply, chooses this
ks;
Step 208, gm sends synchronization message to other all ks, informs the ks and safety having chosen
The information such as strategy;
Step 209, other ks record, according to group id, the synchronizing information that gm sends, and choose
Ks and security strategy etc.;
Step 210, after the ks choosing receives the confirmation message that gm sends, to gm send tek and
kek;
Step 211, tek and kek receiving is sent to other all ks by gm;
Step 212, after other ks receive tek the and kek message that gm sends, according to group id note
The information such as lower tek and kek of record, on so all ks, the information of storage is all consistent.
Carry out the detailed process of many ks backup, this mistake with gm in explanation key updating process shown in Fig. 3
Journey comprises the steps:
Step 301, before secret key lifetime expires, the ks choosing can send rekey message to gm
Carry out more new key;
Step 302, if gm does not receive the rekey message choosing ks to send always, goes to step
303;If gm receives the rekey message choosing ks to send, go to step 306;
Step 303, gm does not receive rekey message always, then gm can send rekey to all ks
Request message;
Step 304, the ks receiving rekey request message can respond gm rekey message
Step 305, gm can be defined by the rekey message that first receives, and chooses this ks;
Step 306, gm sends synchronization message to other all ks, informs ks, the peace currently chosen
The information such as strategy, more new key entirely;
Step 307, other ks update locally store information according to the synchronization message receiving, and make to own
On ks, the information of storage is all consistent.
Embodiment 2
The present embodiment provides a kind of equipment of multi-key cipher server ks backup, it is possible to achieve said method,
It is mainly included as lower unit:
First module, when being configured with multiple ks, the ike all initiating the first stage to ks consults,
Generate the key of first stage, and to all ks transmission group id respectively;
Second unit, after receiving the security strategy of each ks feedback, from the ks of the security strategy receiving
Select one be current ks, to current ks send confirm message, and by the current ks of selection and its
Security policy information is synchronized to other all ks;
Unit the 3rd, after tek and kek receiving current ks feedback, by the tek of current ks
It is synchronized to other all ks with kek.
In addition, the said equipment can also include key updating operation, now increase by Unit the 3rd, it is main
Before key lifetimes expire, if do not receive the renewal key message that current ks sends always,
Send key updating request message to all ks.So, second unit is it is possible to from the renewal receiving
Reselecting a ks in the ks of key message is current ks, and by the current ks reselecting and
Its security policy information is synchronized to other all ks.
It is noted that second unit, when selecting current ks, can randomly choose, or according to pre-
If selection strategy select.For example, when selecting after ike in the first stage consults, can be true from replying
Recognize and randomly choose a ks in the ks of message as current ks, or according to default selection strategy,
First is replied and confirms that the ks of message is chosen as current ks.When selecting in the key updating stage, permissible
Randomly choosing a ks from the ks responding gm rekey message is current ks.Or according to default
Selection strategy, second unit can be chosen as current ks with the ks of the rekey message that first receives.
Embodiment 3
The present embodiment provides a kind of key server ks, and it mainly includes first module and second unit.
First module, receives the group mark id that group membership gm sends, inquires about this group id corresponding local
The information of configuration;
Second unit, when inquiring the corresponding locally configured information of this group id, sending to gm should
Organize corresponding security strategy;
Do not inquiring the corresponding locally configured information of this group id, then this group id of blotter, due-in
Preserved during to the corresponding information of this group id.
Preferably, above-mentioned second unit, after this group id of blotter, if do not receive setting in duration
Any information of this group, then delete this group id of blotter.
It is noted that the equipment providing in above-described embodiment 2 can provide in conjunction with above-described embodiment 3
Ks can be found in above-described embodiment 1 implementing the scheme in above-described embodiment 1, concrete operations details
Corresponding contents, will not be described here.
One of ordinary skill in the art will appreciate that all or part of step in said method can pass through program
Complete to instruct related hardware, described program can be stored in computer-readable recording medium, such as read-only
Memorizer, disk or CD etc..Alternatively, all or part of step of above-described embodiment can also use
One or more integrated circuits are realizing.Correspondingly, each module/unit in above-described embodiment can adopt
The form of hardware is realized, it would however also be possible to employ the form of software function module is realized.The application is not restricted to appoint
The combination of the hardware and software of what particular form.
The above, the only preferred embodiments of the present invention, it is not intended to limit the protection model of the present invention
Enclose.All any modification, equivalent substitution and improvement within the spirit and principles in the present invention, done etc.,
Should be included within the scope of the present invention.
Claims (8)
1. a kind of method of multi-key cipher server ks backup is it is characterised in that the method includes:
After group membership gm configures multiple ks, described group membership gm all initiates the first rank to all ks
The key of section exchanges ike to be consulted, and generates the key of first stage, and to all ks transmission group mark respectively
Know id;
After described gm receives the security strategy of each ks feedback, select from the ks receiving security strategy
One ks is current ks, sends to described current ks and confirms message, and the current ks by selection
It is synchronized to other all ks with its security policy information;
Described gm receives the encryption key tek of flow and the key of encryption key of current ks feedback
After kek, tek and kek of current ks is synchronized to other all ks.
2. the method for claim 1 is it is characterised in that the method also includes:
Before key lifetimes expire, if described gm does not receive the renewal that current ks sends always
Key message, then send key updating request message to all ks;
It is current ks that described gm reselects a ks from the ks receiving renewal key message, and
The current ks reselecting and its security policy information are synchronized to other all ks.
3. method as claimed in claim 1 or 2 is it is characterised in that the method also includes:
Each ks receives group id that gm sends, and inquires about the corresponding locally configured information of this group id;
If described ks inquires the corresponding locally configured information of this group id, send this group to gm right
The security strategy answered;
If described ks does not inquire the corresponding locally configured information of this group id, this group of blotter
Id, is preserved when receiving this group id corresponding information.
4. method as claimed in claim 3 it is characterised in that
After described this group id of ks blotter, if not receiving any information of this group setting in duration,
Delete this group id of blotter.
5. a kind of equipment of multi-key cipher server ks backup is it is characterised in that this equipment includes:
First module, when being configured with multiple ks, the key all initiating the first stage to all ks is handed over
Change ike to consult, generate the key of first stage, and transmission group identifies id respectively to all ks;
Second unit, after receiving the security strategy of each ks feedback, from the ks of the security strategy receiving
Select one to be current ks, send to described current ks and confirm message, and the current ks by selection
It is synchronized to other all ks with its security policy information;
Unit the 3rd, is receiving the key tek of the encryption flow that current ks feeds back and the close of encryption key
After key kek, tek and kek of current ks is synchronized to other all ks.
6. equipment as claimed in claim 5 is it is characterised in that this equipment also includes:
Unit the 3rd, before key lifetimes expire, if do not receive current ks always send more
New key message, then send key updating request message to all ks;
Now, described second unit, reselects a ks from the ks of the renewal key message receiving
For current ks, and the current ks reselecting and its security policy information are synchronized to other all ks.
7. a kind of key server ks is it is characterised in that include:
First module, receives the group mark id that group membership gm sends, inquires about this group id corresponding local
The information of configuration;
Second unit, when inquiring the corresponding locally configured information of this group id, sending to gm should
Organize corresponding security strategy;
Do not inquiring the corresponding locally configured information of this group id, then this group id of blotter, due-in
Preserved during to the corresponding information of this group id.
8. server as claimed in claim 7 it is characterised in that
Described second unit, after this group id of blotter, if it is any not receive this group in setting duration
Information, then delete this group id of blotter.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510391503.0A CN106341366A (en) | 2015-07-06 | 2015-07-06 | Method and device for backuping multiple key servers and key server |
PCT/CN2016/074472 WO2017004993A1 (en) | 2015-07-06 | 2016-02-24 | Method and apparatus for backing up multiple key servers, and key server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510391503.0A CN106341366A (en) | 2015-07-06 | 2015-07-06 | Method and device for backuping multiple key servers and key server |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106341366A true CN106341366A (en) | 2017-01-18 |
Family
ID=57684816
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510391503.0A Pending CN106341366A (en) | 2015-07-06 | 2015-07-06 | Method and device for backuping multiple key servers and key server |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN106341366A (en) |
WO (1) | WO2017004993A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109274494A (en) * | 2018-11-27 | 2019-01-25 | 新华三技术有限公司 | A kind of method and device of key maintenance |
Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101183984A (en) * | 2007-12-14 | 2008-05-21 | 华为技术有限公司 | Network management system, management method and equipment |
CN101309167A (en) * | 2008-06-27 | 2008-11-19 | 华中科技大学 | Disaster allowable system and method based on cluster backup |
US7496579B2 (en) * | 2006-03-30 | 2009-02-24 | International Business Machines Corporation | Transitioning of database service responsibility responsive to server failure in a partially clustered computing environment |
CN101686244A (en) * | 2008-09-23 | 2010-03-31 | 阿里巴巴集团控股有限公司 | Method and system for transmitting service information |
CN101729610A (en) * | 2009-12-15 | 2010-06-09 | 中兴通讯股份有限公司 | Method and system for backing up DHCP SERVER |
CN101729559A (en) * | 2009-12-03 | 2010-06-09 | 中兴通讯股份有限公司 | Method and system for realizing backup of DHCP server |
CN102467508A (en) * | 2010-11-04 | 2012-05-23 | 中兴通讯股份有限公司 | Method for providing database service and database system |
CN102904901A (en) * | 2012-10-29 | 2013-01-30 | 杭州华三通信技术有限公司 | Method for synchronizing IPsec SA, group member and group secret server |
CN103269276A (en) * | 2013-05-22 | 2013-08-28 | 杭州华三通信技术有限公司 | Method and equipment for achieving group member equipment communication |
CN103546420A (en) * | 2012-07-09 | 2014-01-29 | 杭州华三通信技术有限公司 | Method for registering Group Members (GMs) to Key Server (KS) in Group Encrypted Transport Virtual Private Network (GET VPN) and GMs and KS |
CN103812674A (en) * | 2012-11-07 | 2014-05-21 | 北京信威通信技术股份有限公司 | Method for main and standby server replacement |
CN104270350A (en) * | 2014-09-19 | 2015-01-07 | 杭州华三通信技术有限公司 | Key information transmission method and equipment |
CN104486438A (en) * | 2014-12-22 | 2015-04-01 | 华为技术有限公司 | Disaster-tolerant method and disaster-tolerant device of distributed storage system |
-
2015
- 2015-07-06 CN CN201510391503.0A patent/CN106341366A/en active Pending
-
2016
- 2016-02-24 WO PCT/CN2016/074472 patent/WO2017004993A1/en active Application Filing
Patent Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7496579B2 (en) * | 2006-03-30 | 2009-02-24 | International Business Machines Corporation | Transitioning of database service responsibility responsive to server failure in a partially clustered computing environment |
CN101183984A (en) * | 2007-12-14 | 2008-05-21 | 华为技术有限公司 | Network management system, management method and equipment |
CN101309167A (en) * | 2008-06-27 | 2008-11-19 | 华中科技大学 | Disaster allowable system and method based on cluster backup |
CN101686244A (en) * | 2008-09-23 | 2010-03-31 | 阿里巴巴集团控股有限公司 | Method and system for transmitting service information |
CN101729559A (en) * | 2009-12-03 | 2010-06-09 | 中兴通讯股份有限公司 | Method and system for realizing backup of DHCP server |
CN101729610A (en) * | 2009-12-15 | 2010-06-09 | 中兴通讯股份有限公司 | Method and system for backing up DHCP SERVER |
CN102467508A (en) * | 2010-11-04 | 2012-05-23 | 中兴通讯股份有限公司 | Method for providing database service and database system |
CN103546420A (en) * | 2012-07-09 | 2014-01-29 | 杭州华三通信技术有限公司 | Method for registering Group Members (GMs) to Key Server (KS) in Group Encrypted Transport Virtual Private Network (GET VPN) and GMs and KS |
CN102904901A (en) * | 2012-10-29 | 2013-01-30 | 杭州华三通信技术有限公司 | Method for synchronizing IPsec SA, group member and group secret server |
CN103812674A (en) * | 2012-11-07 | 2014-05-21 | 北京信威通信技术股份有限公司 | Method for main and standby server replacement |
CN103269276A (en) * | 2013-05-22 | 2013-08-28 | 杭州华三通信技术有限公司 | Method and equipment for achieving group member equipment communication |
CN104270350A (en) * | 2014-09-19 | 2015-01-07 | 杭州华三通信技术有限公司 | Key information transmission method and equipment |
CN104486438A (en) * | 2014-12-22 | 2015-04-01 | 华为技术有限公司 | Disaster-tolerant method and disaster-tolerant device of distributed storage system |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109274494A (en) * | 2018-11-27 | 2019-01-25 | 新华三技术有限公司 | A kind of method and device of key maintenance |
CN109274494B (en) * | 2018-11-27 | 2022-06-21 | 新华三技术有限公司 | Method and device for maintaining secret key |
Also Published As
Publication number | Publication date |
---|---|
WO2017004993A1 (en) | 2017-01-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR102245688B1 (en) | Key generation method, user equipment, apparatus, computer readable storage medium, and communication system | |
US7720995B2 (en) | Conditional BGP advertising for dynamic group VPN (DGVPN) clients | |
KR102123210B1 (en) | Mtc key management for key derivation at both ue and network | |
WO2017114123A1 (en) | Key configuration method and key management center, and network element | |
TW201919363A (en) | Method and system for quantum key distribution and data processing | |
EP2858393A1 (en) | Subscription manager secure routing device switching method and device | |
CN102447690B (en) | Key management method and network equipment | |
CN103703698A (en) | Machine-to-machine node erase procedure | |
CN103684752A (en) | Communication node, secret key synchronizing method and secret key synchronizing system | |
CN101536463A (en) | Generating keys for protection in next generation mobile networks | |
CN102884756B (en) | Communicator and communication means | |
CN109698746B (en) | Method and system for generating sub-keys of binding equipment based on master key negotiation | |
CN102036230A (en) | Method for implementing local route service, base station and system | |
CN101039181B (en) | Method for preventing service function entity of general authentication framework from attack | |
CN110808834B (en) | Quantum key distribution method and quantum key distribution system | |
CN115632779B (en) | Quantum encryption communication method and system based on power distribution network | |
CN108353279A (en) | A kind of authentication method and Verification System | |
CN107306261A (en) | A kind of encryption communication method and device, system | |
CN115567205A (en) | Method and system for realizing encryption and decryption of network session data stream by quantum key distribution | |
CN101527708B (en) | Method and device for restoring connection | |
CN102904792B (en) | Service carrying method and router | |
CN102970277B (en) | Method and system for building multi-source safety relevance | |
CN114375036A (en) | Method and device for data synchronization of 5G network, UDM device and storage medium | |
EP2987293A1 (en) | A method of and a device handling charging data in an ip-based network | |
EP2330789B1 (en) | System and method for accessing private digital content |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170118 |
|
RJ01 | Rejection of invention patent application after publication |