Security assurance method and security management server of host identity tag

A technology for managing server and host identification, applied in the direction of digital transmission system, electrical components, transmission system, etc., can solve the problems of decreased security, failure to consider HIT security guarantee, security cannot be guaranteed, etc., to achieve safe use guarantee Effect

Active Publication Date: 2011-02-02
HUAWEI TECH CO LTD
View PDF4 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, HI is the security basis of HIP. When the security of an HI cannot be guaranteed (such as being cracked by an attacker, or the security level is lower than a certain threshold), it cannot be used any longer.
After H

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security assurance method and security management server of host identity tag
  • Security assurance method and security management server of host identity tag
  • Security assurance method and security management server of host identity tag

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0023] Such as figure 1 As shown, this embodiment provides a security guarantee method for a host identification tag, including:

[0024] Step 101: Record the validity period of the HIT in the security management server.

[0025] Step 102: Record the security state of the HIT in the security management server.

[0026] Step 103: query the security management server for the validity period of the HIT of the peer host that needs to communicate and / or the security status of the HIT of the peer host that needs to communicate, and confirm whether to communicate with the peer host that needs to communicate. .

[0027] In step 103, when communication is required, query the security management server for the validity period of the HIT of the peer host that needs to communicate and / or the security status of the HIT of the peer host that needs to communicate, and according to the peer host that needs to communicate The validity period of the HIT of the host and / or the security status...

Embodiment 2

[0033] The present embodiment provides a security guarantee method for a host identification label, by extending a DNS resource record (DNS Resource Record, DNSRR) on a DNS (Domain Name Server, domain name server) server to record the validity period of the HIT and / or the security status of the HIT , and provide a query mechanism for the validity period of the HIT and / or the security status of the HIT. Preferably, a HIP resource record (HIPResource Record, HIP RR) can be extended or redefined in the DNS RR. Such as figure 2 As shown in 201, the original type of HIP RR includes: HIT length, public key (HI) algorithm, public key (HI) length, HIT, public key (HI) and rendezvous point server and other resource record types. Preferably, on the basis of the original resource record type in the HIP RR, the validity period of the HIT and / or the security status of the HIT can be increased, and the resource record type can be added to the DNS RR. Extended resource record types such a...

Embodiment 3

[0048] The security guarantee method for the host identification tag provided in this embodiment is based on a hierarchical routing architecture (Hierarchical Routing Architecture, HRA). The management domain in the HRA has a server ID-Server responsible for registering the host identity HI. The ID-Server is responsible for the registration and maintenance of the host identity. The ID-Server can be used to manage and maintain the validity period of the HIT and / or the HIT The security status of the HIT, and provide query services for the validity period of the HIT and / or the security status of the HIT.

[0049] Such as Figure 4 As shown, the security guarantee method of the host identification label provided in this embodiment includes:

[0050] Step 401: Record the validity period of the HIT in the ID-Server.

[0051] In step 401, if the public key (HI) itself has a validity period, the validity period of the HIT should not exceed the validity period of the public key (HI);...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention provides a security assurance method of a host identity tag (HIT). The method comprises the following steps of: recording a valid period and/or a security state of the HIT in a security management server; when communication is needed, inquiring the valid period and/or the security state of the HIT of a peer end host needing the communication from the security management server; and determining whether to communicate with a host according to the valid period and/or the security state of the HIT of the host. The invention also provides the security management server, which comprises a record unit used for recording the valid period and/or the security state of the HIT and an inquiry unit used for providing inquiry into the valid period and/or the security state of the HIT for the peer end host needing the communication. The security assurance method and the security management server can avoid that the HIT is stilled used when the safety is reduced and provide a security assurance for the HIT of a host identity protocol.

Description

technical field [0001] The invention relates to the fields of computer and communication, in particular to a method for ensuring the safety of a host identification label and a safety management server. Background technique [0002] In the current Internet protocol stack, an IP (Internet Protocol, Internet Protocol) address has dual semantics. The IP address is not only used to identify the network topology position of the communication node, but also serves as the identity of the communication node. The dual semantics of IP addresses objectively results in a tight coupling between the transport layer and the network layer. When the IP address changes due to reasons such as movement, dynamic IP reassignment, or multi-homing, the ongoing communication connection will be interrupted. In order to solve this problem and realize the separation of communication node identity and network topology location, the HIP (Host Identity Protocol, Host Identity Protocol) working group of t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/56H04L29/06
CPCH04L63/10H04L63/108
Inventor 张大成沈烁
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap