CN106341366A - Method and device for backuping multiple key servers and key server - Google Patents

Method and device for backuping multiple key servers and key server Download PDF

Info

Publication number
CN106341366A
CN106341366A CN201510391503.0A CN201510391503A CN106341366A CN 106341366 A CN106341366 A CN 106341366A CN 201510391503 A CN201510391503 A CN 201510391503A CN 106341366 A CN106341366 A CN 106341366A
Authority
CN
China
Prior art keywords
key
group
current
information
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510391503.0A
Other languages
Chinese (zh)
Inventor
李莹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201510391503.0A priority Critical patent/CN106341366A/en
Priority to PCT/CN2016/074472 priority patent/WO2017004993A1/en
Publication of CN106341366A publication Critical patent/CN106341366A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/40Support for services or applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1073Registration or de-registration

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method and device for backuping multiple key servers and a key server, and relates to the technical field of communication. The method disclosed by the invention comprises the steps that a GM (Group Member) configures multiple KSs (Key Servers), the GM initiates a first stage of IKE (Internet Key Exchange) negotiation to all of the KSs, generates a key of the first stage and sends a group identifier (ID) to all of the KSs; the GM receives safety policies fed back by each KS, selects a KS from the KSs which receive the safety policies to act as the current KS, sends a confirmation message to the current KS, and synchronizes the selected current KS and safety policy information thereof to all the other KSs; and the GM receives a TEK (Traffic Encryption Key) and a KEK (Key Encryption Key) which are fed back by the current KS, and synchronizes the TEK and the KEK of the current KS to all the other KSs. According to the technical scheme disclosed by the invention, a synchronization message is forwarded to all KSs through the GM, so that a purpose that the multiple KSs are consistent in data.

Description

A kind of method and apparatus of multi-key cipher server backup, key server
Technical field
The application is related to communication technical field, particularly to a kind of get vpn (group encrypted Transport virtual private network, group encryption transfer of virtual private network) in many key The scheme that server (ks, key server) backs up.
Background technology
(group encrypted transport virtual private network, group encryption passes get vpn Defeated virtual private networks) it is a kind of ipsec security model based on group, same group of member Gm (group member, group membership) shares the information such as identical security strategy and key.ks(key Server, key server) to manage the information such as security strategy and the key of each group by different groups, Ks is responsible for for the information such as security strategy and key being handed down to the gm to register, and is responsible in key life Before phase time-out, by rekey message informing gm more new key.
As shown in figure 1, interaction is as follows between traditional gm and ks:
1st, the ike that gm initiates the first stage to ks consults, and generates the key of first stage, for adding The close message interacting between gm and ks below;
2nd, gm is to ks transmission group id;
3rd, group id that ks sends according to gm, inquires about locally configured information, and sending to gm should Organize corresponding security strategy and (include traffic flow information interested, encryption, identifying algorithm, encapsulation mode Deng);
4th, after gm receives security strategy, send to ks and confirm message;
5th, after ks receives the confirmation message that gm sends, key information, tek (tranfic are sent to gm Encrytion key, the key of encryption flow, for encrypting the flow between gm) and kek (key Encrytion key, the key of encryption key, for encrypting the rekey message that ks sends to gm);
6th, before key lifetimes expire, ks can send rekey message Lai Geng Xinmi City to gm Key, if gm does not receive rekey message always, it will again initiate a registration process to ks, Reacquire security strategy and key.
In get vpn network, ks manages the information such as all security strategies and key concentratedly, once Ks breaks down, and will directly influence the encryption business of correlation, disposes multiple stage ks, provides ks's Backup is just particularly important.
Content of the invention
The technical problem to be solved is to provide a kind of method of multi-key cipher server ks backup And equipment, key server, to solve the problems, such as that between many ks, data may be inconsistent.
In order to solve above-mentioned technical problem, the invention discloses a kind of side of multi-key cipher server ks backup Method, the method includes:
After group membership gm configures multiple ks, described group membership gm all initiates the first rank to all ks The key of section exchanges ike to be consulted, and generates the key of first stage, and to all ks transmission group mark respectively Know id;
After described gm receives the security strategy of each ks feedback, select from the ks receiving security strategy One ks is current ks, sends to described current ks and confirms message, and the current ks by selection It is synchronized to other all ks with its security policy information;
Described gm receives the encryption key tek of flow and the key of encryption key of current ks feedback After kek, tek and kek of current ks is synchronized to other all ks.
Alternatively, said method also includes:
Before key lifetimes expire, if described gm does not receive the renewal that current ks sends always Key message, then send key updating request message to all ks;
It is current ks that described gm reselects a ks from the ks receiving renewal key message, and The current ks reselecting and its security policy information are synchronized to other all ks.
Alternatively, said method also includes:
Each ks receives group id that gm sends, and inquires about the corresponding locally configured information of this group id;
If described ks inquires the corresponding locally configured information of this group id, send this group to gm right The security strategy answered;
If described ks does not inquire the corresponding locally configured information of this group id, this group of blotter Id, is preserved when receiving this group id corresponding information.
Alternatively, in said method, after described this group id of ks blotter, if in setting duration not Receive any information of this group, then delete this group id of blotter.
The invention also discloses a kind of equipment of multi-key cipher server ks backup, this equipment includes:
First module, when being configured with multiple ks, the key all initiating the first stage to all ks is handed over Change ike to consult, generate the key of first stage, and transmission group identifies id respectively to all ks;
Second unit, after receiving the security strategy of each ks feedback, from the ks of the security strategy receiving Select one to be current ks, send to described current ks and confirm message, and the current ks by selection It is synchronized to other all ks with its security policy information;
Unit the 3rd, is receiving the key tek of the encryption flow that current ks feeds back and the close of encryption key After key kek, tek and kek of current ks is synchronized to other all ks.
Alternatively, the said equipment also includes:
Unit the 3rd, before key lifetimes expire, if do not receive current ks always send more New key message, then send key updating request message to all ks;
Now, described second unit, reselects a ks from the ks of the renewal key message receiving For current ks, and the current ks reselecting and its security policy information are synchronized to other all ks.
The invention also discloses a kind of key server ks, comprising:
First module, receives the group mark id that group membership gm sends, inquires about this group id corresponding local The information of configuration;
Second unit, when inquiring the corresponding locally configured information of this group id, sending to gm should Organize corresponding security strategy;
Do not inquiring the corresponding locally configured information of this group id, then this group id of blotter, due-in Preserved during to the corresponding information of this group id.
Alternatively, in above-mentioned server, described second unit, after this group id of blotter, if setting Do not receive any information of this group in timing is long, then delete this group id of blotter.
Technical scheme is passed through gm and is forwarded synchronization message to all ks, reaches many ks data one The purpose causing.Compared with prior art, the application has the advantage that
Do not need between ks to dispose specific redundancy backup agreement again, reduce the equipment requirements to ks, lead to Cross gm and forward synchronization message to all ks, you can realize many ks data unanimously, facilitate feasible, easily In realization;
As long as one ks equipment of configuration, you can realize the unification of all ks data it is not necessary to every ks All go to carry out mass data configuration and synchronization, more intelligent;
When key information, choose the information such as ks to change when, gm can notify other ks immediately, real Now quick real-time synchronization;
Between gm and ks during link failure, the ks of backup directly can carry out rekey, and not Gm is needed again to initiate the log-on consultation of a new round to ks.
Brief description
Fig. 1 is interaction schematic diagram between traditional gm and ks involved in the present invention;
Fig. 2 is the flow chart that in the embodiment of the present invention, gm backs up to the many ks of ks registration process;
Fig. 3 is the flow chart of many ks backups during rekey in the embodiment of the present invention.
Specific embodiment
For making the object, technical solutions and advantages of the present invention become more apparent, below in conjunction with accompanying drawing pair Technical solution of the present invention is described in further detail.It should be noted that in the case of not conflicting, this Feature in the embodiment and embodiment of application can arbitrarily be mutually combined.
Embodiment 1
The present embodiment provides a kind of method of multi-key cipher server ks backup, and main inclusion is following to be operated:
After group membership gm configures multiple ks, the key that gm all initiates the first stage to all ks is handed over Change ike to consult, generate the key of first stage, and transmission group identifies id respectively to all ks;
After gm receives the security strategy of each ks feedback, from the ks receiving security strategy, select one Ks is current ks, sends to current ks and confirms message, and by the current ks of selection and its safety Policy information is synchronized to other all ks;
After gm receives tek and kek of current ks feedback, tek and kek of current ks is same Walk other all ks.
Based on said method, key updating operation can also be included, that is, before key lifetimes expire, If gm does not receive the renewal key message that current ks sends always, send key more to all ks New request message.It is current ks that gm reselects a ks from the ks receiving renewal key message, And the current ks reselecting and its security policy information are synchronized to other all ks.
For the operation of above-mentioned gm side, the operation of ks side includes: group id that ks sends according to gm, Inquire about locally configured information, send the corresponding security strategy of this group to gm and (include data interested Stream information, encryption, identifying algorithm, encapsulation mode etc.);If the not corresponding safe plan of this group on ks Slightly, then the Given information such as blotter group id.As any in do not received this group always in follow-up setting duration Information, then delete the information of blotter.
It is noted that the ike that gm all initiates the first stage to all ks consults, and issue group id Afterwards, when selecting current ks, can be to randomly choose or select according to default selection strategy. For example, randomly choose a ks from the ks replying confirmation message as current ks.Or press According to default selection strategy, first is replied and confirms that the ks of message is chosen as current ks.
In the same manner, gm sends key updating request message to all ks, is used for reselecting current ks When or random selection or according to default selection strategy select.For example, from response gm rekey Randomly choosing a ks in the ks of message is current ks.Or according to default selection strategy, gm Current ks can be chosen as with the ks of the first rekey message receiving.
Below in conjunction with the accompanying drawings and concrete application, the detailed implementation process of said method is described.Taking Fig. 2 as a example The detailed process that gm backs up to the many ks of ks registration process is described, this process comprises the steps:
Step 201, after gm configures multiple ks, gm initiates the ike of first stage to all ks Consult, generate the key of first stage, for encrypting the message interacting between gm and ks below;
Step 202, gm is to all ks transmission groups id;
Step 203, group id that each ks sends according to gm, inquire about this locally configured group id Corresponding information, if inquired, goes to step 204;If inquiry is less than going to step 205;
Step 204, ks sends the corresponding security strategy of this group to gm and (includes data flow letter interested Breath, encryption, identifying algorithm, encapsulation mode etc.);
Step 205, the Given information such as ks blotter group id, such as it is successfully received the information of this group, turn To step 208;As subsequently do not received any information of this group, then go to step 206;
Step 206, ks deletes the information of blotter;
Step 207, gm replys to ks and confirms message, is defined by the ks of first reply, chooses this ks;
Step 208, gm sends synchronization message to other all ks, informs the ks and safety having chosen The information such as strategy;
Step 209, other ks record, according to group id, the synchronizing information that gm sends, and choose Ks and security strategy etc.;
Step 210, after the ks choosing receives the confirmation message that gm sends, to gm send tek and kek;
Step 211, tek and kek receiving is sent to other all ks by gm;
Step 212, after other ks receive tek the and kek message that gm sends, according to group id note The information such as lower tek and kek of record, on so all ks, the information of storage is all consistent.
Carry out the detailed process of many ks backup, this mistake with gm in explanation key updating process shown in Fig. 3 Journey comprises the steps:
Step 301, before secret key lifetime expires, the ks choosing can send rekey message to gm Carry out more new key;
Step 302, if gm does not receive the rekey message choosing ks to send always, goes to step 303;If gm receives the rekey message choosing ks to send, go to step 306;
Step 303, gm does not receive rekey message always, then gm can send rekey to all ks Request message;
Step 304, the ks receiving rekey request message can respond gm rekey message
Step 305, gm can be defined by the rekey message that first receives, and chooses this ks;
Step 306, gm sends synchronization message to other all ks, informs ks, the peace currently chosen The information such as strategy, more new key entirely;
Step 307, other ks update locally store information according to the synchronization message receiving, and make to own On ks, the information of storage is all consistent.
Embodiment 2
The present embodiment provides a kind of equipment of multi-key cipher server ks backup, it is possible to achieve said method, It is mainly included as lower unit:
First module, when being configured with multiple ks, the ike all initiating the first stage to ks consults, Generate the key of first stage, and to all ks transmission group id respectively;
Second unit, after receiving the security strategy of each ks feedback, from the ks of the security strategy receiving Select one be current ks, to current ks send confirm message, and by the current ks of selection and its Security policy information is synchronized to other all ks;
Unit the 3rd, after tek and kek receiving current ks feedback, by the tek of current ks It is synchronized to other all ks with kek.
In addition, the said equipment can also include key updating operation, now increase by Unit the 3rd, it is main Before key lifetimes expire, if do not receive the renewal key message that current ks sends always, Send key updating request message to all ks.So, second unit is it is possible to from the renewal receiving Reselecting a ks in the ks of key message is current ks, and by the current ks reselecting and Its security policy information is synchronized to other all ks.
It is noted that second unit, when selecting current ks, can randomly choose, or according to pre- If selection strategy select.For example, when selecting after ike in the first stage consults, can be true from replying Recognize and randomly choose a ks in the ks of message as current ks, or according to default selection strategy, First is replied and confirms that the ks of message is chosen as current ks.When selecting in the key updating stage, permissible Randomly choosing a ks from the ks responding gm rekey message is current ks.Or according to default Selection strategy, second unit can be chosen as current ks with the ks of the rekey message that first receives.
Embodiment 3
The present embodiment provides a kind of key server ks, and it mainly includes first module and second unit.
First module, receives the group mark id that group membership gm sends, inquires about this group id corresponding local The information of configuration;
Second unit, when inquiring the corresponding locally configured information of this group id, sending to gm should Organize corresponding security strategy;
Do not inquiring the corresponding locally configured information of this group id, then this group id of blotter, due-in Preserved during to the corresponding information of this group id.
Preferably, above-mentioned second unit, after this group id of blotter, if do not receive setting in duration Any information of this group, then delete this group id of blotter.
It is noted that the equipment providing in above-described embodiment 2 can provide in conjunction with above-described embodiment 3 Ks can be found in above-described embodiment 1 implementing the scheme in above-described embodiment 1, concrete operations details Corresponding contents, will not be described here.
One of ordinary skill in the art will appreciate that all or part of step in said method can pass through program Complete to instruct related hardware, described program can be stored in computer-readable recording medium, such as read-only Memorizer, disk or CD etc..Alternatively, all or part of step of above-described embodiment can also use One or more integrated circuits are realizing.Correspondingly, each module/unit in above-described embodiment can adopt The form of hardware is realized, it would however also be possible to employ the form of software function module is realized.The application is not restricted to appoint The combination of the hardware and software of what particular form.
The above, the only preferred embodiments of the present invention, it is not intended to limit the protection model of the present invention Enclose.All any modification, equivalent substitution and improvement within the spirit and principles in the present invention, done etc., Should be included within the scope of the present invention.

Claims (8)

1. a kind of method of multi-key cipher server ks backup is it is characterised in that the method includes:
After group membership gm configures multiple ks, described group membership gm all initiates the first rank to all ks The key of section exchanges ike to be consulted, and generates the key of first stage, and to all ks transmission group mark respectively Know id;
After described gm receives the security strategy of each ks feedback, select from the ks receiving security strategy One ks is current ks, sends to described current ks and confirms message, and the current ks by selection It is synchronized to other all ks with its security policy information;
Described gm receives the encryption key tek of flow and the key of encryption key of current ks feedback After kek, tek and kek of current ks is synchronized to other all ks.
2. the method for claim 1 is it is characterised in that the method also includes:
Before key lifetimes expire, if described gm does not receive the renewal that current ks sends always Key message, then send key updating request message to all ks;
It is current ks that described gm reselects a ks from the ks receiving renewal key message, and The current ks reselecting and its security policy information are synchronized to other all ks.
3. method as claimed in claim 1 or 2 is it is characterised in that the method also includes:
Each ks receives group id that gm sends, and inquires about the corresponding locally configured information of this group id;
If described ks inquires the corresponding locally configured information of this group id, send this group to gm right The security strategy answered;
If described ks does not inquire the corresponding locally configured information of this group id, this group of blotter Id, is preserved when receiving this group id corresponding information.
4. method as claimed in claim 3 it is characterised in that
After described this group id of ks blotter, if not receiving any information of this group setting in duration, Delete this group id of blotter.
5. a kind of equipment of multi-key cipher server ks backup is it is characterised in that this equipment includes:
First module, when being configured with multiple ks, the key all initiating the first stage to all ks is handed over Change ike to consult, generate the key of first stage, and transmission group identifies id respectively to all ks;
Second unit, after receiving the security strategy of each ks feedback, from the ks of the security strategy receiving Select one to be current ks, send to described current ks and confirm message, and the current ks by selection It is synchronized to other all ks with its security policy information;
Unit the 3rd, is receiving the key tek of the encryption flow that current ks feeds back and the close of encryption key After key kek, tek and kek of current ks is synchronized to other all ks.
6. equipment as claimed in claim 5 is it is characterised in that this equipment also includes:
Unit the 3rd, before key lifetimes expire, if do not receive current ks always send more New key message, then send key updating request message to all ks;
Now, described second unit, reselects a ks from the ks of the renewal key message receiving For current ks, and the current ks reselecting and its security policy information are synchronized to other all ks.
7. a kind of key server ks is it is characterised in that include:
First module, receives the group mark id that group membership gm sends, inquires about this group id corresponding local The information of configuration;
Second unit, when inquiring the corresponding locally configured information of this group id, sending to gm should Organize corresponding security strategy;
Do not inquiring the corresponding locally configured information of this group id, then this group id of blotter, due-in Preserved during to the corresponding information of this group id.
8. server as claimed in claim 7 it is characterised in that
Described second unit, after this group id of blotter, if it is any not receive this group in setting duration Information, then delete this group id of blotter.
CN201510391503.0A 2015-07-06 2015-07-06 Method and device for backuping multiple key servers and key server Pending CN106341366A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201510391503.0A CN106341366A (en) 2015-07-06 2015-07-06 Method and device for backuping multiple key servers and key server
PCT/CN2016/074472 WO2017004993A1 (en) 2015-07-06 2016-02-24 Method and apparatus for backing up multiple key servers, and key server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510391503.0A CN106341366A (en) 2015-07-06 2015-07-06 Method and device for backuping multiple key servers and key server

Publications (1)

Publication Number Publication Date
CN106341366A true CN106341366A (en) 2017-01-18

Family

ID=57684816

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510391503.0A Pending CN106341366A (en) 2015-07-06 2015-07-06 Method and device for backuping multiple key servers and key server

Country Status (2)

Country Link
CN (1) CN106341366A (en)
WO (1) WO2017004993A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109274494A (en) * 2018-11-27 2019-01-25 新华三技术有限公司 A kind of method and device of key maintenance

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101183984A (en) * 2007-12-14 2008-05-21 华为技术有限公司 Network management system, management method and equipment
CN101309167A (en) * 2008-06-27 2008-11-19 华中科技大学 Disaster allowable system and method based on cluster backup
US7496579B2 (en) * 2006-03-30 2009-02-24 International Business Machines Corporation Transitioning of database service responsibility responsive to server failure in a partially clustered computing environment
CN101686244A (en) * 2008-09-23 2010-03-31 阿里巴巴集团控股有限公司 Method and system for transmitting service information
CN101729610A (en) * 2009-12-15 2010-06-09 中兴通讯股份有限公司 Method and system for backing up DHCP SERVER
CN101729559A (en) * 2009-12-03 2010-06-09 中兴通讯股份有限公司 Method and system for realizing backup of DHCP server
CN102467508A (en) * 2010-11-04 2012-05-23 中兴通讯股份有限公司 Method for providing database service and database system
CN102904901A (en) * 2012-10-29 2013-01-30 杭州华三通信技术有限公司 Method for synchronizing IPsec SA, group member and group secret server
CN103269276A (en) * 2013-05-22 2013-08-28 杭州华三通信技术有限公司 Method and equipment for achieving group member equipment communication
CN103546420A (en) * 2012-07-09 2014-01-29 杭州华三通信技术有限公司 Method for registering Group Members (GMs) to Key Server (KS) in Group Encrypted Transport Virtual Private Network (GET VPN) and GMs and KS
CN103812674A (en) * 2012-11-07 2014-05-21 北京信威通信技术股份有限公司 Method for main and standby server replacement
CN104270350A (en) * 2014-09-19 2015-01-07 杭州华三通信技术有限公司 Key information transmission method and equipment
CN104486438A (en) * 2014-12-22 2015-04-01 华为技术有限公司 Disaster-tolerant method and disaster-tolerant device of distributed storage system

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7496579B2 (en) * 2006-03-30 2009-02-24 International Business Machines Corporation Transitioning of database service responsibility responsive to server failure in a partially clustered computing environment
CN101183984A (en) * 2007-12-14 2008-05-21 华为技术有限公司 Network management system, management method and equipment
CN101309167A (en) * 2008-06-27 2008-11-19 华中科技大学 Disaster allowable system and method based on cluster backup
CN101686244A (en) * 2008-09-23 2010-03-31 阿里巴巴集团控股有限公司 Method and system for transmitting service information
CN101729559A (en) * 2009-12-03 2010-06-09 中兴通讯股份有限公司 Method and system for realizing backup of DHCP server
CN101729610A (en) * 2009-12-15 2010-06-09 中兴通讯股份有限公司 Method and system for backing up DHCP SERVER
CN102467508A (en) * 2010-11-04 2012-05-23 中兴通讯股份有限公司 Method for providing database service and database system
CN103546420A (en) * 2012-07-09 2014-01-29 杭州华三通信技术有限公司 Method for registering Group Members (GMs) to Key Server (KS) in Group Encrypted Transport Virtual Private Network (GET VPN) and GMs and KS
CN102904901A (en) * 2012-10-29 2013-01-30 杭州华三通信技术有限公司 Method for synchronizing IPsec SA, group member and group secret server
CN103812674A (en) * 2012-11-07 2014-05-21 北京信威通信技术股份有限公司 Method for main and standby server replacement
CN103269276A (en) * 2013-05-22 2013-08-28 杭州华三通信技术有限公司 Method and equipment for achieving group member equipment communication
CN104270350A (en) * 2014-09-19 2015-01-07 杭州华三通信技术有限公司 Key information transmission method and equipment
CN104486438A (en) * 2014-12-22 2015-04-01 华为技术有限公司 Disaster-tolerant method and disaster-tolerant device of distributed storage system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109274494A (en) * 2018-11-27 2019-01-25 新华三技术有限公司 A kind of method and device of key maintenance
CN109274494B (en) * 2018-11-27 2022-06-21 新华三技术有限公司 Method and device for maintaining secret key

Also Published As

Publication number Publication date
WO2017004993A1 (en) 2017-01-12

Similar Documents

Publication Publication Date Title
KR102245688B1 (en) Key generation method, user equipment, apparatus, computer readable storage medium, and communication system
US7720995B2 (en) Conditional BGP advertising for dynamic group VPN (DGVPN) clients
KR102123210B1 (en) Mtc key management for key derivation at both ue and network
WO2017114123A1 (en) Key configuration method and key management center, and network element
TW201919363A (en) Method and system for quantum key distribution and data processing
EP2858393A1 (en) Subscription manager secure routing device switching method and device
CN102447690B (en) Key management method and network equipment
CN103703698A (en) Machine-to-machine node erase procedure
CN103684752A (en) Communication node, secret key synchronizing method and secret key synchronizing system
CN101536463A (en) Generating keys for protection in next generation mobile networks
CN102884756B (en) Communicator and communication means
CN109698746B (en) Method and system for generating sub-keys of binding equipment based on master key negotiation
CN102036230A (en) Method for implementing local route service, base station and system
CN101039181B (en) Method for preventing service function entity of general authentication framework from attack
CN110808834B (en) Quantum key distribution method and quantum key distribution system
CN115632779B (en) Quantum encryption communication method and system based on power distribution network
CN108353279A (en) A kind of authentication method and Verification System
CN107306261A (en) A kind of encryption communication method and device, system
CN115567205A (en) Method and system for realizing encryption and decryption of network session data stream by quantum key distribution
CN101527708B (en) Method and device for restoring connection
CN102904792B (en) Service carrying method and router
CN102970277B (en) Method and system for building multi-source safety relevance
CN114375036A (en) Method and device for data synchronization of 5G network, UDM device and storage medium
EP2987293A1 (en) A method of and a device handling charging data in an ip-based network
EP2330789B1 (en) System and method for accessing private digital content

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170118

RJ01 Rejection of invention patent application after publication