CN104796251A - Key pair management method and equipment - Google Patents
Key pair management method and equipment Download PDFInfo
- Publication number
- CN104796251A CN104796251A CN201510149815.0A CN201510149815A CN104796251A CN 104796251 A CN104796251 A CN 104796251A CN 201510149815 A CN201510149815 A CN 201510149815A CN 104796251 A CN104796251 A CN 104796251A
- Authority
- CN
- China
- Prior art keywords
- pki
- secret key
- double secret
- load
- main
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention discloses a key pair management method and equipment. The key pair management method comprises the following steps that a main KS obtains a first key pair, adds the first key pair in first pair synchronous load, adds the first key pair in first pair synchronous load in a first redundant backup protocol message and sends the first redundant backup protocol message to an auxiliary KS; the first key pair comprises a first private key and a first private key; the main KS periodically updates the key pair and obtains an updated second key pair; the main KS adds the second key pair in second key pair synchronous load, adds the second key pair synchronous load in a second redundant backup protocol message and sends the second key pair synchronous load to the auxiliary KS; the second key pair comprises a second private key and a second private key. According to the key pair management method, the key pairs are not required to be configured in the auxiliary KS manually, the usability is improved, and the system safety can be improved by periodically updating the key pair.
Description
Technical field
The present invention relates to communication technical field, especially relate to a kind of management method and equipment of double secret key.
Background technology
As shown in Figure 1, be GD VPN (Group Domain Virtual Private Network, group territory virtual private networks) networking structure schematic diagram, GD VPN provides a kind of security model based on group.Group is the set of a security strategy, the all members belonging to same group share identical security strategy, KEK (KeyEncryption Key, the key of encryption key), TEK (Traffic Encryption Key, the key of encipher flux).Further, GD VPN is by KS (Key Server, key server) and GM (GroupMember, group membership) composition, KS manages different security strategies, KEK, TEK etc. by dividing different groups, and GM is by adding corresponding group, obtain security strategy, KEK, TEK etc. from KS.
Verify to make GM obtain from KS security strategy, KEK, TEK etc. fail safe, keeper needs configuring cipher key on KS to (comprising PKI and private key), and by KS, PKI to be sent to GM.KS, when sending the information such as security strategy, KEK, TEK to GM, uses private key to sign to information.GM, when obtaining the information such as security strategy, KEK, TEK, uses public-key and to verify signature, and determine that when being verified relevant information is legal, out-of-dately determines that relevant information is illegal checking is obstructed.
For improving the reliability of GD VPN, and realize load balancing, can dispose multiple KS in GD VPN, these KS work in the mode of redundancy backup.As shown in Figure 2, be the networking structure schematic diagram of KS redundancy backup, in one group of KS of redundancy backup each other, comprise a main KS and at least one is for KS.Wherein, main KS is responsible for the information such as security strategy, KEK, TEK safeguarding GM, and the information such as the security strategy of GM, KEK, TEK is sent to standby KS.Main KS and all standby KS can accept the registration of GM.
Under above-mentioned networking structure, need on a KS (as main KS), to create double secret key by keeper, then double secret key is derived from this KS, then import on other KS (as each standby KS).Aforesaid way needs keeper to create same key pair on each KS, and waste time and energy, ease for use is poor.Further, owing to being human configuration, because there will be the situation not upgrading double secret key for a long time, influential system fail safe.
Summary of the invention
The embodiment of the present invention provides a kind of management method of double secret key, and the method is applied in the group territory virtual private networks GD VPN comprising master secret server KS and standby KS, said method comprising the steps of:
Described main KS obtains the first double secret key, in the first double secret key Simultaneous Load, add described first double secret key, adds described first double secret key Simultaneous Load in the first redundancy backup protocol massages, and described first redundancy backup protocol massages is sent to standby KS; Described first double secret key comprises the first PKI and the first private key;
Described main KS regular update double secret key, obtains the second double secret key after upgrading;
Described main KS adds described second double secret key in the second double secret key Simultaneous Load, adds described second double secret key Simultaneous Load in the second redundancy backup protocol massages, and described second redundancy backup protocol massages is sent to described standby KS; Wherein, described second double secret key comprises the second PKI and the second private key.
At described main KS regular update double secret key, after obtaining the second double secret key after upgrading, described method comprises further: described main KS sends to group membership GM the notification message that rolls off the production line, and rolls off the production line and again register to described main KS or described standby KS to make described GM;
When described GM is again to described main KS registration, described second PKI is sent to described GM by described main KS, to make described GM, the PKI of current use is updated to described second PKI.
At described main KS regular update double secret key, after obtaining the second double secret key after upgrading, described method comprises further: described main KS adds PKI and upgrades load in renewal Rekey message, and adds described second PKI in described PKI renewal load; Described main KS sends the Rekey message carrying described second PKI to GM, to make described GM get described second PKI from described Rekey message, the PKI of current use is updated to the second PKI in described PKI renewal load.
Described method comprises further: the private key that described main KS uses before utilizing and obtaining described second double secret key is signed to described second PKI, and described signature is added in described PKI renewal load, to make described GM when receiving described Rekey message, PKI described in the public key verifications of the upper current use of this GM is utilized to upgrade the signature in load, if the verification passes, then the PKI of current use is updated to the second PKI in described PKI renewal load.
The embodiment of the present invention provides a kind of master secret server KS, and be applied in the group territory virtual private networks GD VPN comprising described main KS and standby KS, described main KS specifically comprises:
Obtain module, for obtaining the first double secret key, and regular update double secret key, obtain the second double secret key after upgrading; Wherein, described first double secret key specifically comprises the first PKI and the first private key, and described second double secret key specifically comprises the second PKI and the second private key;
Sending module, for adding described first double secret key in the first double secret key Simultaneous Load, and adds described first double secret key Simultaneous Load in the first redundancy backup protocol massages, and described first redundancy backup protocol massages is sent to described standby KS; And, in the second double secret key Simultaneous Load, add described second double secret key, and in the second redundancy backup protocol massages, add described second double secret key Simultaneous Load, and described second redundancy backup protocol massages is sent to described standby KS.
Described sending module, also at regular update double secret key, after obtaining the second double secret key after upgrading, sends to group membership GM the notification message that rolls off the production line, and rolls off the production line and again register to described main KS or described standby KS to make described GM; When described GM is again to described main KS registration, described second PKI is sent to described GM, to make described GM, the PKI of current use is updated to described second PKI.
Described sending module, also at regular update double secret key, after obtaining the second double secret key after upgrading, adds PKI and upgrades load, and add described second PKI in described PKI renewal load in renewal Rekey message; Send the Rekey message carrying described second PKI to GM, to make described GM get described second PKI from described Rekey message, the PKI of current use is updated to the second PKI in described PKI renewal load.
Described sending module, the private key that further utilization uses before obtaining described second double secret key is signed to described second PKI, and described signature is added in described PKI renewal load, to make described GM when receiving described Rekey message, PKI described in the public key verifications of the upper current use of this GM is utilized to upgrade the signature in load, if the verification passes, then the PKI of current use is updated to the second PKI in described PKI renewal load.
Based on technique scheme, in the embodiment of the present invention, under the scene of KS redundancy backup, the double secret key of acquisition is synchronized to standby KS by main KS automatically, without the need to manually for configuring cipher key pair on KS, improves ease for use.And by regular update double secret key, can security of system be improved.
Accompanying drawing explanation
Fig. 1 is GD VPN networking structure schematic diagram of the prior art;
Fig. 2 is the networking structure schematic diagram of KS redundancy backup of the prior art;
Fig. 3 is the management method schematic flow sheet of a kind of double secret key that the embodiment of the present invention provides;
Fig. 4 is the structural representation of a kind of main KS provided in the embodiment of the present invention.
Embodiment
For problems of the prior art, the embodiment of the present invention provides a kind of management method of double secret key, take Fig. 2 as the application scenarios schematic diagram of the embodiment of the present invention, the method is applied in the GD VPN comprising main KS and standby KS (one or more is for KS), and also comprises one or more GM in this GD VPN.As shown in Figure 3, the management method of this double secret key specifically can comprise the following steps:
Step 301, main KS obtains the first double secret key, in the first double secret key Simultaneous Load, add the first double secret key, adds the first double secret key Simultaneous Load in the first redundancy backup protocol massages, and the first redundancy backup protocol massages is sent to standby KS.Wherein, this first double secret key comprises the first PKI and the first private key.
Wherein, the first double secret key is the double secret key of initial configuration on main KS, and the first double secret key can be the double secret key of keeper's manual creation, can be also the double secret key that main KS creates automatically, not need manual intervention.When keeper's manual creation the first double secret key, keeper can input the order comprising the first double secret key on main KS, obtains the first double secret key by main KS from this order.When main KS creates the first double secret key automatically, the parameter such as double secret key generating algorithm, double secret key length can be inputted by keeper is manual on main KS, then utilize this double secret key generating algorithm to generate the first double secret key of this double secret key length by main KS.
Step 302, main KS regular update (cycle of renewal can be controlled by the configuration of main KS) double secret key, obtain the second double secret key after upgrading, the second double secret key is added in the second double secret key Simultaneous Load, in the second redundancy backup protocol massages, add the second double secret key Simultaneous Load, and the second redundancy backup protocol massages is sent to standby KS.Wherein, this second double secret key specifically comprises the second PKI and the second private key.
Wherein, the second double secret key is the double secret key obtained after upgrading the double secret key of current use, and the double secret key that the second double secret key can upgrade on main KS for keeper can be also the double secret key that main KS creates automatically, not need manual intervention.When keeper upgrades the second double secret key by hand on main KS, keeper can input the order comprising the second double secret key on main KS, obtains the second double secret key by main KS from this order.When main KS creates the second double secret key automatically, the parameters such as double secret key generating algorithm, double secret key length, update cycle can be inputted on main KS by keeper is manual, based on this update cycle, this double secret key generating algorithm is utilized to generate the second double secret key of this double secret key length by main KS.
In the embodiment of the present invention, by expanding existing redundancy backup agreement, make can carry double secret key Simultaneous Load in redundancy backup protocol massages.Wherein, can only carry double secret key Simultaneous Load in redundancy backup protocol massages, no longer carry out of Memory.Or, carry in redundancy backup protocol massages on the basis of existing information, double secret key Simultaneous Load is carried in redundancy backup protocol massages, such as, carry in based on the real-time synchronization message of redundancy backup agreement to be synchronized on the basis of the information (as security strategy, KEK, TEK etc.) of standby KS, the double secret key Simultaneous Load comprising double secret key can also be carried.
Based on this, what the first double secret key Simultaneous Load can be independent is carried in the first redundancy backup protocol massages, and the first redundancy backup protocol massages transmits between main KS and standby KS; Second double secret key Simultaneous Load can be independent be carried in the second redundancy backup protocol massages, and the second redundancy backup protocol massages transmits between main KS and standby KS.Or the first double secret key Simultaneous Load can be carried in the first redundancy backup protocol massages having carried out of Memory (as security strategy, KEK, TEK), and the first redundancy backup protocol massages transmits between main KS and standby KS; Second double secret key Simultaneous Load can be carried in the second redundancy backup protocol massages having carried out of Memory (as security strategy, KEK, TEK), and the second redundancy backup protocol massages transmits between main KS and standby KS.
In the embodiment of the present invention, in double secret key Simultaneous Load, the data of double secret key (the first namely above-mentioned double secret key, the second double secret key) can adopt DER (the Distinguished Encoding Rules of standard, can coding rule be distinguished) coding, and its content can defer to PKCS (Public-Key CryptographyStandards, public key cryptography standard) #1 standard.
In the embodiment of the present invention; for the consideration of fail safe; when transmitting the information of double secret key by redundancy backup protocol massages (the first namely above-mentioned redundancy backup protocol massages, the second redundancy backup protocol massages); main KS can also pass through IKE (Internet Key Exchange; Internet Key Exchange) SA (Security Association; Security Association) redundancy backup protocol massages is protected, thus the protection of higher-security is carried out to the information of the double secret key in redundancy backup protocol massages.
In the embodiment of the present invention, at main KS regular update double secret key, after obtaining the second double secret key after upgrading, second PKI of the second cipher key pair can also be informed to GM by main KS, thus utilizes this second PKI to verify the signature in follow-up Rekey (renewal) message received by GM.Based on this, the second PKI of the second cipher key pair can be informed to GM by main KS in the following way.
Mode one, after double secret key upgrades automatically, main KS initiatively sends to GM the notification message that rolls off the production line, and rolls off the production line and again to main KS or standby KS registration to make GM.
When GM is again to main KS registration, the second PKI is sent to GM by main KS, and GM obtains the second PKI, and the PKI of current use is updated to the second PKI, and utilizes the second PKI to verify the signature in the follow-up Rekey message received.Or when GM is again to standby KS registration, the second PKI is sent to GM by standby KS, and GM obtains the second PKI, and the PKI of current use is updated to the second PKI, and utilizes the second PKI to verify the signature in the follow-up Rekey message received.
Mode two, after double secret key upgrades automatically, main KS is when needs send Rekey message to GM, and main KS adds PKI and upgrades load in Rekey message, and upgrades in load at PKI and add the second PKI.Main KS sends the Rekey message carrying the second PKI to GM, from Rekey message, the second PKI is got to make GM, the PKI of current use is updated to the second PKI in this PKI renewal load, and utilizes this second PKI to verify the signature in the Rekey message received.
Further, for mode two, the private key (the first private key used namely or the second private key) that main KS uses before can also utilizing and obtaining the second double secret key is signed to the second PKI (i.e. the second PKI of current the second cipher key pair obtained), and adds this signature in PKI renewal load.GM, when receiving Rekey message, utilizes the signature in the public key verifications PKI renewal load of the upper current use of this GM, if the verification passes, then the PKI of current use is updated to the second PKI in PKI renewal load.
In the embodiment of the present invention, by expanding Rekey message, in Rekey message, carrying PKI upgrade load, the second PKI is sent to GM by Rekey message, GM is smoothly transitted in the transmitting procedure of Rekey message and uses the second new PKI.Further, this PKI upgrades in load and can comprise a signature and the second new PKI.Wherein, the value of signature field is the signature of original private key to the second new PKI.The second new public key field can be the DER coding of standard, defers to PKCS#1 standard.GM is when processing Rekey message, if wherein comprise PKI to upgrade load, then GM determines whether to trust the second new PKI by checking signature wherein.If the verification passes, then GM can use the signature in the second new public key verifications Rekey message, and uses the second new PKI to verify the signature in the follow-up Rekey message received.
In the embodiment of the present invention, main KS is after obtaining the second double secret key after upgrading, and main KS signs utilizing the second private key to sending to the Rekey message of GM; By GM when receiving Rekey message, the second PKI utilizing this GM to obtain is verified the signature in Rekey message.
Wherein, in Rekey message by the information such as strategy safe to carry, KEK, TEK.
Based on technique scheme, in the embodiment of the present invention, under the scene of KS redundancy backup, the double secret key of acquisition is synchronized to standby KS by main KS automatically, without the need to manually for configuring cipher key pair on KS, improves ease for use.And by regular update double secret key, can security of system be improved.
Based on the inventive concept same with said method, additionally provide a kind of master secret server KS in the embodiment of the present invention, be applied in the group territory virtual private networks GD VPN comprising described main KS and standby KS, as shown in Figure 4, described main KS specifically comprises:
Obtain module 11, for obtaining the first double secret key, and regular update double secret key, obtain the second double secret key after upgrading; Wherein, described first double secret key specifically comprises the first PKI and the first private key, and described second double secret key specifically comprises the second PKI and the second private key;
Sending module 12, for adding described first double secret key in the first double secret key Simultaneous Load, and adds described first double secret key Simultaneous Load in the first redundancy backup protocol massages, and described first redundancy backup protocol massages is sent to described standby KS; And, in the second double secret key Simultaneous Load, add described second double secret key, and in the second redundancy backup protocol massages, add described second double secret key Simultaneous Load, and described second redundancy backup protocol massages is sent to described standby KS.
Described sending module 12, also at regular update double secret key, after obtaining the second double secret key after upgrading, sends to group membership GM the notification message that rolls off the production line, and rolls off the production line and again register to described main KS or described standby KS to make described GM; When described GM is again to described main KS registration, described second PKI is sent to described GM, to make described GM, the PKI of current use is updated to described second PKI.
Described sending module 12, also at regular update double secret key, after obtaining the second double secret key after upgrading, adds PKI and upgrades load, and add described second PKI in described PKI renewal load in renewal Rekey message; Send the Rekey message carrying described second PKI to GM, to make described GM get described second PKI from described Rekey message, the PKI of current use is updated to the second PKI in described PKI renewal load.
Described sending module 12, the private key that further utilization uses before obtaining described second double secret key is signed to described second PKI, and described signature is added in described PKI renewal load, to make described GM when receiving described Rekey message, PKI described in the public key verifications of the upper current use of this GM is utilized to upgrade the signature in load, if the verification passes, then the PKI of current use is updated to the second PKI in described PKI renewal load.
Wherein, the modules of apparatus of the present invention can be integrated in one, and also can be separated deployment.Above-mentioned module can merge into a module, also can split into multiple submodule further.
Through the above description of the embodiments, those skilled in the art can be well understood to the mode that the present invention can add required general hardware platform by software and realize, and can certainly pass through hardware, but in a lot of situation, the former is better execution mode.Based on such understanding, technical scheme of the present invention can embody with the form of software product the part that prior art contributes in essence in other words, this computer software product is stored in a storage medium, comprising some instructions in order to make a computer equipment (can be personal computer, server, or the network equipment etc.) perform method described in each embodiment of the present invention.It will be appreciated by those skilled in the art that accompanying drawing is the schematic diagram of a preferred embodiment, the module in accompanying drawing or flow process might not be that enforcement the present invention is necessary.It will be appreciated by those skilled in the art that the module in the device in embodiment can carry out being distributed in the device of embodiment according to embodiment description, also can carry out respective change and be arranged in the one or more devices being different from the present embodiment.The module of above-described embodiment can merge into a module, also can split into multiple submodule further.The invention described above embodiment sequence number, just to describing, does not represent the quality of embodiment.Be only several specific embodiment of the present invention above, but the present invention is not limited thereto, the changes that any person skilled in the art can think of all should fall into protection scope of the present invention.
Claims (8)
1. a management method for double secret key, the method is applied in the group territory virtual private networks GD VPN comprising master secret server KS and standby KS, it is characterized in that, said method comprising the steps of:
Described main KS obtains the first double secret key, in the first double secret key Simultaneous Load, add described first double secret key, adds described first double secret key Simultaneous Load in the first redundancy backup protocol massages, and described first redundancy backup protocol massages is sent to standby KS; Described first double secret key comprises the first PKI and the first private key;
Described main KS regular update double secret key, obtains the second double secret key after upgrading;
Described main KS adds described second double secret key in the second double secret key Simultaneous Load, adds described second double secret key Simultaneous Load in the second redundancy backup protocol massages, and described second redundancy backup protocol massages is sent to described standby KS; Wherein, described second double secret key comprises the second PKI and the second private key.
2. the method for claim 1, is characterized in that, at described main KS regular update double secret key, after obtaining the second double secret key after upgrading, described method comprises further:
Described main KS sends to group membership GM the notification message that rolls off the production line, and rolls off the production line and again register to described main KS or described standby KS to make described GM;
When described GM is again to described main KS registration, described second PKI is sent to described GM by described main KS, to make described GM, the PKI of current use is updated to described second PKI.
3. the method for claim 1, is characterized in that, at described main KS regular update double secret key, after obtaining the second double secret key after upgrading, described method comprises further:
Described main KS adds PKI and upgrades load in renewal Rekey message, and adds described second PKI in described PKI renewal load; Described main KS sends the Rekey message carrying described second PKI to GM, to make described GM get described second PKI from described Rekey message, the PKI of current use is updated to the second PKI in described PKI renewal load.
4. method as claimed in claim 3, it is characterized in that, described method comprises further:
The private key that described main KS uses before utilizing and obtaining described second double secret key is signed to described second PKI, and described signature is added in described PKI renewal load, to make described GM when receiving described Rekey message, PKI described in the public key verifications of the upper current use of this GM is utilized to upgrade the signature in load, if the verification passes, then the PKI of current use is updated to the second PKI in described PKI renewal load.
5. a master secret server KS, be applied in the group territory virtual private networks GD VPN comprising described main KS and standby KS, it is characterized in that, described main KS specifically comprises:
Obtain module, for obtaining the first double secret key, and regular update double secret key, obtain the second double secret key after upgrading; Wherein, described first double secret key specifically comprises the first PKI and the first private key, and described second double secret key specifically comprises the second PKI and the second private key;
Sending module, for adding described first double secret key in the first double secret key Simultaneous Load, and adds described first double secret key Simultaneous Load in the first redundancy backup protocol massages, and described first redundancy backup protocol massages is sent to described standby KS; And, in the second double secret key Simultaneous Load, add described second double secret key, and in the second redundancy backup protocol massages, add described second double secret key Simultaneous Load, and described second redundancy backup protocol massages is sent to described standby KS.
6. main KS as claimed in claim 5, is characterized in that,
Described sending module, also at regular update double secret key, after obtaining the second double secret key after upgrading, sends to group membership GM the notification message that rolls off the production line, and rolls off the production line and again register to described main KS or described standby KS to make described GM; When described GM is again to described main KS registration, described second PKI is sent to described GM, to make described GM, the PKI of current use is updated to described second PKI.
7. main KS as claimed in claim 5, is characterized in that,
Described sending module, also at regular update double secret key, after obtaining the second double secret key after upgrading, adds PKI and upgrades load, and add described second PKI in described PKI renewal load in renewal Rekey message; Send the Rekey message carrying described second PKI to GM, to make described GM get described second PKI from described Rekey message, the PKI of current use is updated to the second PKI in described PKI renewal load.
8. main KS as claimed in claim 7, is characterized in that,
Described sending module, the private key that further utilization uses before obtaining described second double secret key is signed to described second PKI, and described signature is added in described PKI renewal load, to make described GM when receiving described Rekey message, PKI described in the public key verifications of the upper current use of this GM is utilized to upgrade the signature in load, if the verification passes, then the PKI of current use is updated to the second PKI in described PKI renewal load.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510149815.0A CN104796251B (en) | 2015-03-31 | 2015-03-31 | A kind of management method and equipment of key pair |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510149815.0A CN104796251B (en) | 2015-03-31 | 2015-03-31 | A kind of management method and equipment of key pair |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104796251A true CN104796251A (en) | 2015-07-22 |
| CN104796251B CN104796251B (en) | 2019-06-07 |
Family
ID=53560784
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510149815.0A Active CN104796251B (en) | 2015-03-31 | 2015-03-31 | A kind of management method and equipment of key pair |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104796251B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018019029A1 (en) * | 2016-07-29 | 2018-02-01 | 华为技术有限公司 | Data synchronization method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20010019614A1 (en) * | 2000-10-20 | 2001-09-06 | Medna, Llc | Hidden Link Dynamic Key Manager for use in Computer Systems with Database Structure for Storage and Retrieval of Encrypted Data |
| US20070016663A1 (en) * | 2005-07-14 | 2007-01-18 | Brian Weis | Approach for managing state information by a group of servers that services a group of clients |
| US20110261964A1 (en) * | 2010-04-26 | 2011-10-27 | International Business Machines Corporation | Redundant key server encryption environment |
| CN102904901A (en) * | 2012-10-29 | 2013-01-30 | 杭州华三通信技术有限公司 | Method for synchronizing IPsec SA, group member and group secret server |
-
2015
- 2015-03-31 CN CN201510149815.0A patent/CN104796251B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20010019614A1 (en) * | 2000-10-20 | 2001-09-06 | Medna, Llc | Hidden Link Dynamic Key Manager for use in Computer Systems with Database Structure for Storage and Retrieval of Encrypted Data |
| US20070016663A1 (en) * | 2005-07-14 | 2007-01-18 | Brian Weis | Approach for managing state information by a group of servers that services a group of clients |
| US7827262B2 (en) * | 2005-07-14 | 2010-11-02 | Cisco Technology, Inc. | Approach for managing state information by a group of servers that services a group of clients |
| US20110261964A1 (en) * | 2010-04-26 | 2011-10-27 | International Business Machines Corporation | Redundant key server encryption environment |
| CN102904901A (en) * | 2012-10-29 | 2013-01-30 | 杭州华三通信技术有限公司 | Method for synchronizing IPsec SA, group member and group secret server |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018019029A1 (en) * | 2016-07-29 | 2018-02-01 | 华为技术有限公司 | Data synchronization method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104796251B (en) | 2019-06-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108235806B (en) | Method, device and system for safely accessing block chain, storage medium and electronic equipment | |
| KR101936080B1 (en) | Ksi-based authentication and communication method for secure smart home environment and system therefor | |
| WO2018112947A1 (en) | Block of blockchain generation method, device, node, and signature device and system | |
| CN103118027B (en) | The method of TLS passage is set up based on the close algorithm of state | |
| CN107171805A (en) | A kind of internet-of-things terminal digital certificate signs and issues system and method | |
| CN101409619B (en) | Flash memory card and method for implementing virtual special network key exchange | |
| CN103237038B (en) | A kind of two-way networking authentication method based on digital certificate | |
| CN104660603A (en) | Method and system for extended use of quantum keys in IPSec VPN (internet protocol security-virtual private network) | |
| CN105790938A (en) | System and method for generating safety unit key based on reliable execution environment | |
| CN103621126A (en) | Method and apparatus for providing machine-to-machine service | |
| CN109409884A (en) | A kind of block chain secret protection scheme and system based on SM9 algorithm | |
| CN104756458A (en) | Method and apparatus for securing a connection in a communications network | |
| CN108809636B (en) | Communication system for realizing message authentication between members based on group type quantum key card | |
| CN105873031A (en) | Authentication and key negotiation method of distributed unmanned aerial vehicle based on trusted platform | |
| CN105721153A (en) | System and method for key exchange based on authentication information | |
| CN104780177A (en) | Information security guarantee method of internet of things sensing device cloud simulation system | |
| CN108881240B (en) | Member privacy data protection method based on block chain | |
| CN106060073A (en) | Channel key negotiation method | |
| JP5643741B2 (en) | Authentication apparatus, authentication method, and authentication program | |
| CN103634788A (en) | Certificateless multi-proxy signcryption method with forward secrecy | |
| KR20170045134A (en) | Method and system for asymmetrical key derivation | |
| CN101895388B (en) | Distributed dynamic keys management method and device | |
| WO2019215262A3 (en) | Method for securing a data exchange in a distributed infrastructure | |
| CN106161363B (en) | SSL connection establishment method and system | |
| CN104639328B (en) | A kind of GOOSE message authentication method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant after: Xinhua three Technology Co., Ltd. Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant before: Huasan Communication Technology Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |