Security assurance method and security management server of host identity tag

A technology for managing server and host identification, applied in the direction of digital transmission systems, electrical components, transmission systems, etc., can solve the problems of reduced security, HIT security, and security cannot be guaranteed, and achieve the effect of safe use guarantee

Active Publication Date: 2014-07-30
HUAWEI TECH CO LTD
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, HI is the security basis of HIP. When the security of an HI cannot be guaranteed (such as being cracked by an attacker, or the security level is lower than a certain threshold), it cannot be used any longer.
After HI is put into use as a key, its security will gradually decrease with the passage of time, resulting in a decrease in the security of HIT
However, the current HIP-related agreements do not take into account the security of HIT.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security assurance method and security management server of host identity tag
  • Security assurance method and security management server of host identity tag
  • Security assurance method and security management server of host identity tag

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0023] Such as figure 1 As shown, this embodiment provides a security guarantee method for host identification tags, including:

[0024] Step 101: Record the validity period of the HIT in the security management server.

[0025] Step 102: Record the security status of the HIT in the security management server.

[0026] Step 103: query the security management server for the validity period of the HIT of the peer host that needs to communicate and / or the security status of the HIT of the peer host that needs to communicate, and confirm whether it is communicating with the peer host that needs to communicate. .

[0027] In step 103, when communication is needed, query the security management server for the validity period of the HIT of the peer host that needs to communicate and / or the security status of the HIT of the peer host that needs to communicate, and the peer that needs to communicate The validity period of the HIT of the host and / or the security status of the HIT of the opposi...

Embodiment 2

[0033] This embodiment provides a method for ensuring the security of a host identification label, which records the validity period of HIT and / or the security status of HIT by extending a DNS resource record (DNS Resource Record, DNSRR) on a DNS (Domain Name Server, domain name server) server. It also provides a query mechanism for the validity period of the HIT and / or the security status of the HIT. Preferably, the HIP Resource Record (HIP Resource Record, HIP RR) can be extended or redefined in the DNS RR. Such as figure 2 As shown in 201, the original types of HIP RR include: HIT length, public key (HI) algorithm, public key (HI) length, HIT, public key (HI), and convergence point server and other resource record types. Preferably, on the basis of the original resource record type in the HIP RR, the validity period of the HIT and / or the security status of the HIT may be increased, and the resource record type may be added to the DNS RR. The expanded resource record types ...

Embodiment 3

[0048] The method for ensuring the security of the host identification label provided in this embodiment is based on a Hierarchical Routing Architecture (Hierarchical Routing Architecture, HRA). The management domain in the HRA has a server ID-Server that is responsible for registering the host ID HI. The ID-Server is responsible for the registration and maintenance of the host ID. The ID-Server can be used to manage and maintain the validity period and / or HIT of the HIT. The security status of HIT and provide query service of HIT validity period and / or HIT security status.

[0049] Such as Figure 4 As shown, the security guarantee method of the host identification tag provided in this embodiment includes:

[0050] Step 401: Record the validity period of the HIT in the ID-Server.

[0051] In step 401, if the public key (HI) itself has a validity period, the validity period of the HIT should not exceed the validity period of the public key (HI); since the host may deliberately delay...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A Host Identity Tag (HIT) security ensuring method is provided, which includes: recording validity periods of HITs and / or security states of HITs in a security management server; when a communication is required, querying the security management server for a validity period of a HIT of an opposite end host required to be communicated with and / or a security state of the HIT of the opposite end host required to be communicated with; and determining, according to the validity period of the HIT of the host and / or the security state of the HIT of the host, whether to communicate with the host. A security management server is also provided, which includes: a recording unit, configured to record validity periods of HITs and / or security states of HITs; and a querying unit, configured to provide a query for a validity period of a HIT of an opposite end host required to be communicated with and / or a security state of the HIT of the opposite end host. Through the method and the server, it is avoided that the HIT is still used when its security declines, thereby providing security ensuring for the HIT of a Host Identity Protocol.

Description

Technical field [0001] The invention relates to the field of computers and communications, and in particular to a safety guarantee method for host identification tags and a safety management server. Background technique [0002] In the current Internet protocol stack, an IP (Internet Protocol, Internet Protocol) address has dual semantics. The IP address is used to identify the network topology location of a communication node, and also serves as an identity identifier of the communication node. The dual semantics of the IP address objectively causes the tight coupling between the transport layer and the network layer. When the IP address changes due to mobile, dynamic IP reallocation, or multi-homing, the communication connection will be interrupted. In order to solve this problem and realize the separation of the identity of the communication node and the location of the network topology, the HIP (Host Identity Protocol) working group of the Internet Engineering Task Force (IE...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/70
CPCH04L63/10H04L63/108
Inventor 张大成沈烁
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap