Nothing Special   »   [go: up one dir, main page]

CN101060405A - A method and system for preventing the replay attack - Google Patents

A method and system for preventing the replay attack Download PDF

Info

Publication number
CN101060405A
CN101060405A CN 200610076227 CN200610076227A CN101060405A CN 101060405 A CN101060405 A CN 101060405A CN 200610076227 CN200610076227 CN 200610076227 CN 200610076227 A CN200610076227 A CN 200610076227A CN 101060405 A CN101060405 A CN 101060405A
Authority
CN
China
Prior art keywords
information
authentication code
message
transmitting terminal
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN 200610076227
Other languages
Chinese (zh)
Inventor
林志斌
单长虹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN 200610076227 priority Critical patent/CN101060405A/en
Publication of CN101060405A publication Critical patent/CN101060405A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The related method for preventing playback attack in wireless network comprises: on the transmission end, generating the certification code with set algorithm and current key and frame reference message, and transmitting both the certification code and message; on the receiving end, generating local certification code with the current key and frame number message, and using the certification code verifying the received message. This invention needs not maintain self PN for terminal and network, and simplifies the process.

Description

Prevent the method and system of Replay Attack
Technical field
The present invention relates to wireless communication technology field, relate in particular to a kind of technology that prevents Replay Attack.
Background technology
In wireless communication system, for guaranteeing the fail safe of communication, user terminal communicates with the base station if desired, and then both must set up identical authorization key context, i.e. AK context.Described AK context comprises following information:
Authorization key (AK); authorization key sign (AKID); authorization key sequence number (AK Sequence Number); authorization key life cycle (AK Lifetime); antithesis master key sequence number (PMK Sequence Number); uplink message integrity protection key (HMAC/CMAC_KEY_U); uplink message prevents Replay Attack packet number (HMAC/CMAC_PN_U; be called for short PN_U); downlinlc message integrity protection key (HMAC/CMAC_KEY_D); downlinlc message prevents Replay Attack packet number (HMAC/CMAC_PN_D is called for short PN_D); key-encrypting key (KEK); integrality encryption key (EIK).
Wherein, described HMAC/CMAC_KEY_U, HMAC/CMAC_KEY_D are calculated according to AK, terminal media access control (MAC) address, Base Station Identification by the base station, and being respectively applied for provides integrity protection to uplink downlink message;
Described PN_U and PN_D are two 32 digit counters, and when the AK context was set up, the value of described two counters all was 0, and afterwards, every use HMAC/CMAC_KEY_U provides integrity protection one time to upstream message, and terminal just increases by 1 to the value of PN_U; Every use HMAC/CMAC_KEY_D provides integrity protection one time to downstream message, and the base station just increases by 1 to the value of PN_D.If the numerical space of PN_U or PN_D exhausts (be in these two values any arrive in 2^32-1), or AK expires life cycle in the AK context, then this AK finishes life cycle.Be to guarantee not interrupting of communication process, before AK finishes life cycle, should apply for new AK again.
After terminal switches to target BS, can not carry out the discrimination weight operation, but corresponding AK needs to upgrade.After if terminal switches to target BS, PN_U and PN_D in the AK context count again, then when terminal enters same base station twice, just may be subjected to Replay Attack.
In the prior art, after avoiding user terminal to switch, be subjected to Replay Attack, mainly adopted following two kinds to realize solution.
(1) the first kind of implementation that adopts at present is the AK caching technology, promptly at terminal and both sides, base station buffer memory AK context.An AK context is just created in the every base station of terminal, even terminal is not deleted the AK context of creating into this base station after leaving this base station yet.Equally, in base station side, whenever have a terminal to insert, just to AK of authentication device application, and generate context, like this, when terminal was mobile between the base station, different AK contexts was used in different base stations, to avoid Replay Attack.
Be not difficult to find out, when this implementation needs the AK amount of context of buffer memory big in terminal and network side base station, brought very big difficulty will for the realization of this scheme.
(2) the another kind of implementation that adopts at present is the context transfer technology, and promptly terminal and network are all only preserved an AK context, and terminal is when mobile, and AK can change, but the PN value is used continuously.Because in this method, for making the PN value use continuously, new base station need obtain current PN value from old base station, this just requires to need mutual trust between two base stations, yet, the very difficult mutual trust that guarantees between two base stations in the specific implementation process.
Therefore, also there is not a kind of technical scheme of being convenient to realize effectively to solve the Replay Attack problem that may cause after user terminal switches at present.
Summary of the invention
The purpose of this invention is to provide a kind of method and system that prevent Replay Attack, thereby can adopt means comparatively easily in cordless communication network, effectively to prevent the appearance of Replay Attack problem.
The objective of the invention is to be achieved through the following technical solutions:
The invention provides a kind of method that prevents Replay Attack, comprising:
A, in information transmitting terminal, adopt predetermined algorithm to generate authentication code according to the reference information that comprises current key and frame number, and described authentication code sent to receiving terminal with message to be sent;
After B, receiving terminal receive described message, according to frame number of receiving and key and adopt described pre-defined algorithm to generate the verification authentication code;
C, at receiving terminal, utilize the verification authentication code that the authentication code of receiving is carried out consistency check, determine the legitimacy of transmitting terminal.
Described reference information also comprises: time parameter, described time parameter information will send to information receiving end and be used for information receiving end whether discern this information be legitimate messages in the current frame number cycle period.
Described time parameter comprises:
The time that safe context has existed, perhaps, the remaining time of safe context life cycle, perhaps, current time information, perhaps, the temporal information that the time that has existed according to safe context or the remaining time of current information of time or safe context life cycle are determined.
The time that described safe context has existed is by the temporal information of the last success identity to current time.
Described time parameter information is safeguarded by authentication device that at network side the base station obtains described time parameter information from authentication device.
Described step C also comprises:
Judge that whether whether consistent the time parameter of time parameter that the information transmitting terminal receive sends and local maintenance or difference between the two is less than the numerical value of being scheduled to, if and authentication code is correct, then the confirmation transmitting terminal is legal, otherwise the confirmation transmitting terminal is illegal.
Described information transmitting terminal is user terminal or base station, and the information receiving end corresponding with information transmitting terminal is base station or user terminal.
Among the present invention, when information transmitting terminal was user terminal, described key was a uplink message integrity protection key, and when information transmitting terminal was the base station, described key was a downlinlc message integrity protection key.
The present invention also provides a kind of dispensing device that prevents Replay Attack, comprising:
The reference information acquiring unit is arranged at information transmitting terminal, is used for obtaining the reference information that comprises key and frame number when needing transmission information, and offers the authentication code computing unit;
The authentication code computing unit is arranged at information transmitting terminal, is used for adopting predetermined algorithm to calculate the generation authentication code according to the described reference information of key and frame number that comprises, and offers message sending unit;
Message sending unit is arranged at information transmitting terminal, is used for described authentication code is sent with message.
Described reference information acquiring unit also comprises:
The time parameter acquiring unit is used to obtain the time parameter information that information transmitting terminal is safeguarded, and offers authentication code computing unit and message sending unit as reference information.
Described information transmitting terminal is user terminal or base station.
The present invention also provides a kind of receiving system that prevents Replay Attack, comprising:
The authentication code computing unit is arranged at information receiving end, is used for adopting predetermined calculating with the transmitting terminal identical algorithms to generate authentication code according to the reference information that comprises key and frame number of the message correspondence of receiving, and offers the legitimacy judging unit;
The message sink unit is arranged at information receiving end, is used to receive message, and the reference information that comprises key and frame number of this message correspondence is offered the authentication calculations unit, and the authentication code in the message is offered the legitimacy judging unit;
The legitimacy judging unit is arranged at information receiving end, is used for according to the authentication code of message and the legitimacy of the consistency judgement information transmitting terminal of calculating the access authentication sign indicating number.
Described legitimacy judging unit also comprises:
The time parameter judging unit is used for the legitimacy of the reference time information that receives according to the message sink unit and the consistency judgement information transmitting terminal of the time parameter information of local maintenance.
Described information receiving end is user terminal or base station.
The present invention also provides a kind of system that prevents Replay Attack, comprising:
Prevent the information transmitting apparatus of Replay Attack, be used for comprising authentication code, or comprise the information of authentication code and time parameter information to the information receiver transmission;
Prevent the information receiver of Replay Attack, be used to receive the authentication code information that the information transmitting apparatus that prevents Replay Attack is sent, perhaps, authentication code information and time parameter information, and judge the legitimacy of information transmitting terminal according to described information.
As seen from the above technical solution provided by the invention, the present invention is owing to adopted the authentication code information that needs based in the frame number acquisition message transmitting procedure, therefore, in the implementation that in wireless system, prevents Replay Attack provided by the invention, do not need terminal and network to safeguard the PN value separately, still can guarantee after user terminal switches to target BS, can effectively avoid the appearance of Replay Attack problem.
In addition, the present invention has also considered the introducing of time parameter information on based on the basis of frame number, thereby can further guarantee still can guarantee can not be subjected to Replay Attack after the use of frame number surpasses a cycle period.
Description of drawings
Fig. 1 is the specific implementation process schematic diagram one of method of the present invention;
Fig. 2 is the specific implementation process schematic diagram two of method of the present invention;
Fig. 3 is the specific implementation structural representation of system of the present invention.
Embodiment
In wireless communication system, when a side of communication sends to the message of opposite end at needs of generation, also generate an authentication code simultaneously, described authentication code need be passed to the opposite end together along with message.Promptly comprise message and authentication triplet in the information content of eating dishes without rice or wine to transmit, wherein, described authentication triplet comprises authentication code and other parameter.Described message authentication code comprises upstream message authentication code and downstream message authentication code, and the concrete mode that obtains two authentication codes is as follows:
Upstream message authentication code=f (upstream message integrity protection key, other parameter);
Downstream message authentication code=f (downstream message integrity protection key, other parameter);
Wherein, f is a kind of compute mode, is about to key and other parameters and adopts the f algorithm just can obtain corresponding authentication code information.
Whether authentication code is used in the source of the receiving terminal identification message of message legal, and whether the user identity that promptly sends message is legal, and based on this, the present invention is the multi-sending attack problem by the improvement of the acquisition mode of authentication code being avoided may cause just.
In wireless communication system, a message must be carried on some or several specific frames, and each frame all has frame number.Even and the assailant has intercepted and captured certain message, therefore this frame of also can not just resetting in same frame, can utilize frame number to protect message.
Like this, the present invention just can utilize frame number access authentication sign indicating number information, promptly when the transmit leg of communication when the opposite end sends a message, also send an authentication triplet simultaneously, at least comprise an authentication code in the described authentication triplet, described authentication code is to utilize key and frame number to adopt predetermined functional operation mode to calculate acquisition, can also utilize other parameter informations again in calculating process on the basis of key and frame number, as message body etc.; Thereby make the validity of this message of information Recognition that the recipient can comprise according to authentication triplet, avoid Replay Attack.
In described authentication triplet, can also comprise a time parameter, the time that described time parameter can exist for safe context, the promptly the last success identity time so far is long; Described time parameter also can be other information, for example, the remaining time of safe context life cycle, perhaps, current absolute time information, perhaps, the temporal information or the remaining time of safe context life cycle or the temporal information that current absolute time information is determined that have existed based on the context of key correspondence, or the like.
And, among the present invention, can safeguard by authentication device, and pass to the base station when needing in the base station in the described time parameter information of network side.
When comprising described time parameter information in the authentication triplet, then also need to consider this time parameter information in the computing function of described authentication code.
After receiving the message that comprises time parameter as the recipient, if the error of time parameter in the message and local time parameter is greater than predetermined value, just can think that this message is invalid, otherwise, think that this message is efficient message, and can continue follow-up message processing procedure.
For ease of the present invention there being further understanding, method provided by the invention is elaborated below in conjunction with a concrete application example.
As shown in Figure 1, the present invention specifically comprises following treatment step:
Step 11: when generating message to be sent, according to the frame number and the key information generation authentication code information of message to be sent;
That is to say that the message sending end in communication process when needs of generation send to the message of opposite end, also need to generate an authentication code according to frame number, and described authentication code need send the opposite end to message;
More specifically say, the key that has obtained before described authentication code is to use carries out integrity protection to message to be handled, even authentication code=f1 (key, frame number etc.), f1 represents a kind of operation method, the operation method of information via f1 such as key, frame number representative is carried out just can obtaining after the calculation process authentication code that needs, can also introduce other parameter informations in the computational process, as message body information etc.;
Step 12: described authentication code is sent to the message sink end with message;
Promptly comprise in the content transmitted of eating dishes without rice or wine: message, authentication triplet, wherein, described authentication triplet comprises calculates the authentication code that obtains in the step 11, can also comprise other parameters in described authentication triplet except that authentication code.
Step 13: after the information that the receiving terminal receiving end/sending end is sent, adopt same algorithm, promptly still adopt described f1 algorithm according to information calculations access authentication sign indicating number information such as identical key and frame numbers with reference to step 11 according to the frame number of receiving information;
Step 14: judge authentication code that transmitting terminal sends and whether local to calculate the authentication code that obtains consistent, if consistent, then the identity of definite transmitting terminal is legal, otherwise, determine that the transmitting terminal identity is illegal, thereby can effectively avoid the appearance of Replay Attack problem.
In some wireless communication systems, the situation of the cycle of frame number less than the life cycle of key may appear, and at this moment, after frame number circulation one circle, even if adopt such scheme, double recipe is attacked problem and still may be occurred.For this reason, the present invention also provides another specific implementation,
As shown in Figure 2, another kind of specific implementation provided by the invention comprises following processing procedure:
Step 21: when generating message to be sent, according to frame number, key information and the time parameter information generation authentication code information of message to be sent;
Whether described time parameter information is used for discerning this information as information receiving end is the foundation of the legitimate messages in the current frame number cycle period;
And described time parameter is represented the time that the context of key correspondence has existed, perhaps, the remaining time of safe context life cycle, perhaps, also can represent to send the current absolute time information of message end, perhaps, the temporal information or the remaining time of safe context life cycle or the temporal information that current absolute time information is determined that have existed based on the context of key correspondence, or the like;
Described time parameter can use multiple unit of measurement, and for example, as unit of measurement, the unit of measurement that needs only described time ginseng is less than the frame number cycle period with second, half frame number cycle period etc.;
Described time parameter need be safeguarded at MS and network side separately as the part of safe context; Wherein,, can safeguard described time parameter information, and pass to the base station when needing and use in the base station by authentication device at network side;
The key that has obtained before described authentication code specifically is to use carries out integrity protection to message to be handled, even authentication code=f2 (key, frame number, time parameter etc.), f2 represents a kind of operation method, the operation method of information via f2 such as key, frame number and time parameter representative is carried out just can obtaining after the calculation process authentication code that needs, can also introduce other parameter informations in the computational process;
Step 22: described authentication code and time parameter are sent to the message sink end with message;
Promptly comprise in the content transmitted of eating dishes without rice or wine: message, authentication triplet, wherein, described authentication triplet comprises calculates authentication code and the time parameter that obtains in the step 21, can also comprise other parameters in described authentication triplet except that authentication code;
In this step, described time parameter is passed to the opposite end together with form and message expressly, as a parameter of access authentication sign indicating number;
Step 23: after the information that the receiving terminal receiving end/sending end is sent, adopt same algorithm according to the frame number of receiving information and described time parameter, promptly still adopt described f2 algorithm according to information calculations access authentication sign indicating number information such as identical key, frame number and time parameters with reference to step 21;
Step 24: judge authentication code that transmitting terminal sends and whether local to calculate the authentication code that obtains consistent, simultaneously, need also to judge whether the time parameter of receiving is consistent with local time corresponding parameter information, if it is all consistent, the identity of then determining transmitting terminal is legal, otherwise, determine that the transmitting terminal identity is illegal, thereby can effectively avoid the appearance of Replay Attack problem;
In carrying out the consistency deterministic process of time parameter information, network and terminal do not need strict conformance for described time parameter, as long as error amount just can think consistent much smaller than the cycle of frame number.
The present invention also provides a kind of system that prevents Replay Attack, comprises information transmitting apparatus that prevents Replay Attack and the information receiver that prevents Replay Attack, and is specific as follows:
Prevent the information transmitting apparatus of Replay Attack, be arranged at information transmitting terminal, be used for comprising authentication code to the information receiver transmission, or comprise the information of authentication code and time parameter information, described information transmitting terminal is user terminal or base station.
Prevent the information receiver of Replay Attack, equipment is in information receiving end, be used to receive the authentication code information that the information transmitting apparatus that prevents Replay Attack is sent, perhaps, authentication code information and time parameter information, and judge the legitimacy of information transmitting terminal according to described information, corresponding with information transmitting terminal, described information receiving end is base station or user terminal.
The embodiment of described system as shown in Figure 3, wherein:
The described dispensing device that prevents Replay Attack specifically comprises following processing unit:
(1) reference information acquiring unit
Be used for when needing transmission information, obtaining the reference information that comprises key and frame number, and offer the authentication code computing unit;
Described reference information acquiring unit also comprises:
The time parameter acquiring unit is used to obtain the time parameter information that information transmitting terminal is safeguarded, and offers authentication code computing unit and message sending unit as reference information.
(2) authentication code computing unit
Be used for adopting predetermined algorithm to calculate the generation authentication code, and offer message sending unit according to the described reference information of key and frame number that comprises;
Wherein, described key comprises: up link integrity protection key and down link integrity protection key;
(3) message sending unit
Be used for described authentication code is sent with message.
The described receiving system that prevents Replay Attack specifically comprises following processing unit:
(1) authentication code computing unit
Be used for adopting predetermined calculating to generate authentication code, and offer the legitimacy judging unit with the transmitting terminal identical algorithms according to the reference information that comprises key and frame number of the message correspondence of receiving;
(2) message sink unit
Be used to receive message, and the reference information that comprises key and frame number of this message correspondence is offered the authentication calculations unit, the authentication code in the message is offered the legitimacy judging unit;
(3) legitimacy judging unit
Be used for according to the authentication code of message and the legitimacy of the consistency judgement information transmitting terminal of calculating the access authentication sign indicating number, described legitimacy judging unit also comprises:
The time parameter judging unit is used for the legitimacy of the reference time information that receives according to the message sink unit and the consistency judgement information transmitting terminal of the time parameter information of local maintenance.
In sum, technical scheme provided by the invention has thoroughly solved the Replay Attack problem that wave point may occur, and need not transmit safe context between the base station in this scheme, makes that the implementation that prevents Replay Attack is easy to realize.
The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.

Claims (15)

1, a kind of method that prevents Replay Attack is characterized in that, comprising:
A, in information transmitting terminal, adopt predetermined algorithm to generate authentication code according to the reference information that comprises current key and frame number, and described authentication code sent to receiving terminal with message to be sent;
After B, receiving terminal receive described message, according to frame number of receiving and key and adopt described pre-defined algorithm to generate the verification authentication code;
C, at receiving terminal, utilize the verification authentication code that the authentication code of receiving is carried out consistency check, determine the legitimacy of transmitting terminal.
2, method according to claim 1, it is characterized in that, described reference information also comprises: time parameter, described time parameter information will send to information receiving end and be used for information receiving end whether discern this information be legitimate messages in the current frame number cycle period.
3, method according to claim 2 is characterized in that, described time parameter comprises:
The time that safe context has existed, perhaps, the remaining time of safe context life cycle, perhaps, current time information, perhaps, the temporal information that the time that has existed according to safe context or the remaining time of current information of time or safe context life cycle are determined.
4, method according to claim 3 is characterized in that, the time that described safe context has existed is by the temporal information of the last success identity to current time.
5, method according to claim 3 is characterized in that, described time parameter information is safeguarded by authentication device that at network side the base station obtains described time parameter information from authentication device.
6, according to each described method in the claim 2 to 5, it is characterized in that described step C also comprises:
Judge that whether whether consistent the time parameter of time parameter that the information transmitting terminal receive sends and local maintenance or difference between the two is less than the numerical value of being scheduled to, if and authentication code is correct, then the confirmation transmitting terminal is legal, otherwise the confirmation transmitting terminal is illegal.
According to each described method in the claim 1 to 5, it is characterized in that 7, described information transmitting terminal is user terminal or base station, the information receiving end corresponding with information transmitting terminal is base station or user terminal.
8, method according to claim 7; it is characterized in that when information transmitting terminal was user terminal, described key was a uplink message integrity protection key; when information transmitting terminal was the base station, described key was a downlinlc message integrity protection key.
9, a kind of dispensing device that prevents Replay Attack is characterized in that, comprising:
The reference information acquiring unit is arranged at information transmitting terminal, is used for obtaining the reference information that comprises key and frame number when needing transmission information, and offers the authentication code computing unit;
The authentication code computing unit is arranged at information transmitting terminal, is used for adopting predetermined algorithm to calculate the generation authentication code according to the described reference information of key and frame number that comprises, and offers message sending unit;
Message sending unit is arranged at information transmitting terminal, is used for described authentication code is sent with message.
10, device according to claim 9 is characterized in that, described reference information acquiring unit also comprises:
The time parameter acquiring unit is used to obtain the time parameter information that information transmitting terminal is safeguarded, and offers authentication code computing unit and message sending unit as reference information.
According to claim 9 or 10 described devices, it is characterized in that 11, described information transmitting terminal is user terminal or base station.
12, a kind of receiving system that prevents Replay Attack is characterized in that, comprising:
The authentication code computing unit is arranged at information receiving end, is used for adopting predetermined calculating with the transmitting terminal identical algorithms to generate authentication code according to the reference information that comprises key and frame number of the message correspondence of receiving, and offers the legitimacy judging unit;
The message sink unit is arranged at information receiving end, is used to receive message, and the reference information that comprises key and frame number of this message correspondence is offered the authentication calculations unit, and the authentication code in the message is offered the legitimacy judging unit;
The legitimacy judging unit is arranged at information receiving end, is used for according to the authentication code of message and the legitimacy of the consistency judgement information transmitting terminal of calculating the access authentication sign indicating number.
13, device according to claim 12 is characterized in that, described legitimacy judging unit also comprises:
The time parameter judging unit is used for the legitimacy of the reference time information that receives according to the message sink unit and the consistency judgement information transmitting terminal of the time parameter information of local maintenance.
According to claim 12 or 13 described devices, it is characterized in that 14, described information receiving end is user terminal or base station.
15, a kind of system that prevents Replay Attack is characterized in that, comprising:
Prevent the information transmitting apparatus of Replay Attack, be used for comprising authentication code, or comprise the information of authentication code and time parameter information to the information receiver transmission;
Prevent the information receiver of Replay Attack, be used to receive the authentication code information that the information transmitting apparatus that prevents Replay Attack is sent, perhaps, authentication code information and time parameter information, and judge the legitimacy of information transmitting terminal according to described information.
CN 200610076227 2006-04-19 2006-04-19 A method and system for preventing the replay attack Pending CN101060405A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200610076227 CN101060405A (en) 2006-04-19 2006-04-19 A method and system for preventing the replay attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200610076227 CN101060405A (en) 2006-04-19 2006-04-19 A method and system for preventing the replay attack

Publications (1)

Publication Number Publication Date
CN101060405A true CN101060405A (en) 2007-10-24

Family

ID=38866315

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200610076227 Pending CN101060405A (en) 2006-04-19 2006-04-19 A method and system for preventing the replay attack

Country Status (1)

Country Link
CN (1) CN101060405A (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010094206A1 (en) * 2009-02-20 2010-08-26 华为技术有限公司 Method for link security authentication in wireless relay networks, device and system thereof
CN102082665A (en) * 2009-11-30 2011-06-01 中国移动通信集团公司 Identity authentication method, system and equipment in EAP (Extensible Authentication Protocol) authentication
CN104427504A (en) * 2013-09-08 2015-03-18 王正伟 Control information verification method
CN108141364A (en) * 2015-10-16 2018-06-08 诺基亚技术有限公司 Message authentication
CN108377191A (en) * 2018-02-24 2018-08-07 深圳市道通智能航空技术有限公司 Battery discriminating method, unmanned plane and battery
CN109417445A (en) * 2016-06-30 2019-03-01 卡姆鲁普股份有限公司 RF communication system and method
CN110213196A (en) * 2018-02-28 2019-09-06 北京京东尚科信息技术有限公司 Equipment and its method, electronic equipment and the storage medium for preventing Replay Attack
CN111614601A (en) * 2019-02-25 2020-09-01 阿里巴巴集团控股有限公司 Method, device and system for realizing information transmission
CN111615110A (en) * 2020-05-27 2020-09-01 南通华欣民福工业技术有限公司 Node and base station bidirectional authentication method for node storage N
CN111628869A (en) * 2020-05-27 2020-09-04 南通华欣民福工业技术有限公司 Node for storing n by base station and base station bidirectional authentication method
CN112785753A (en) * 2019-11-11 2021-05-11 程和生 GPS-based automobile door access control system and attack prevention method
CN113938323A (en) * 2021-12-16 2022-01-14 深圳竹云科技有限公司 JWT (Java virtual machine-based) based replay attack prevention method, device, equipment and storage medium

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010094206A1 (en) * 2009-02-20 2010-08-26 华为技术有限公司 Method for link security authentication in wireless relay networks, device and system thereof
CN102082665A (en) * 2009-11-30 2011-06-01 中国移动通信集团公司 Identity authentication method, system and equipment in EAP (Extensible Authentication Protocol) authentication
CN104427504A (en) * 2013-09-08 2015-03-18 王正伟 Control information verification method
CN104427504B (en) * 2013-09-08 2019-04-19 王正伟 Control Information Authentication method
US11057772B2 (en) 2015-10-16 2021-07-06 Nokia Technologies Oy Message authentication
CN108141364A (en) * 2015-10-16 2018-06-08 诺基亚技术有限公司 Message authentication
CN108141364B (en) * 2015-10-16 2021-09-17 诺基亚技术有限公司 Method and apparatus for message authentication
CN109417445A (en) * 2016-06-30 2019-03-01 卡姆鲁普股份有限公司 RF communication system and method
US10992417B2 (en) 2016-06-30 2021-04-27 Kamstrup A/S Radio frequency communication system and method
CN109417445B (en) * 2016-06-30 2021-06-25 卡姆鲁普股份有限公司 Radio frequency communication system and method
CN108377191A (en) * 2018-02-24 2018-08-07 深圳市道通智能航空技术有限公司 Battery discriminating method, unmanned plane and battery
CN110213196A (en) * 2018-02-28 2019-09-06 北京京东尚科信息技术有限公司 Equipment and its method, electronic equipment and the storage medium for preventing Replay Attack
CN110213196B (en) * 2018-02-28 2022-12-27 北京京东尚科信息技术有限公司 Device and method for preventing replay attack, electronic device and storage medium
CN111614601A (en) * 2019-02-25 2020-09-01 阿里巴巴集团控股有限公司 Method, device and system for realizing information transmission
CN111614601B (en) * 2019-02-25 2022-07-12 阿里巴巴集团控股有限公司 Method, device and system for realizing information transmission
CN112785753A (en) * 2019-11-11 2021-05-11 程和生 GPS-based automobile door access control system and attack prevention method
CN111628869A (en) * 2020-05-27 2020-09-04 南通华欣民福工业技术有限公司 Node for storing n by base station and base station bidirectional authentication method
CN111615110A (en) * 2020-05-27 2020-09-01 南通华欣民福工业技术有限公司 Node and base station bidirectional authentication method for node storage N
CN111628869B (en) * 2020-05-27 2022-07-22 南通华欣民福工业技术有限公司 Node for storing n by base station and base station bidirectional authentication method
CN111615110B (en) * 2020-05-27 2022-12-20 南通华欣民福工业技术有限公司 Node and base station bidirectional authentication method for node storage N
CN113938323A (en) * 2021-12-16 2022-01-14 深圳竹云科技有限公司 JWT (Java virtual machine-based) based replay attack prevention method, device, equipment and storage medium
CN113938323B (en) * 2021-12-16 2022-03-25 深圳竹云科技有限公司 JWT (Java virtual machine-based) based replay attack prevention method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
CN101060405A (en) A method and system for preventing the replay attack
CN1345498A (en) Authentication method
CN1444835A (en) Authentication in mobile communications network
CN1512708A (en) Radio communication system, co-shared key management server and terminal
CN1946019A (en) Network device, network system and method for updating a key
CN101060404A (en) A method and system protecting the wireless network against the replay attack
RU2005128294A (en) METHOD FOR PROCESSING SECURITY MESSAGES IN MOBILE COMMUNICATION SYSTEM
CN101056171A (en) An encryption communication method and device
CN103476028B (en) The processing method and processing device of NAS message when NAS COUNT overturn
CN101047978A (en) Method for updating key in user's set
CN1870808A (en) Key updating method
CN1614903A (en) Method for authenticating users
CN1665183A (en) Key agreement method in WAPI authentication mechanism
CN101047505A (en) Method and system for setting safety connection in network application PUSH service
CN101080036A (en) Method for processing call in wireless communication network
CN1819698A (en) Method for acquring authentication cryptographic key context from object base station
CN101242274B (en) Method for guaranteeing non-duplicate message SN and preventing from re-play attack and mobile terminal
CN108494764B (en) Identity authentication method and device
WO2018126791A1 (en) Authentication method and device, and computer storage medium
CN1885770A (en) Authentication method
CN1960247A (en) Method for encrypting and decrypting industrial control data
CN1794682A (en) Method of establishing safety channel in radio access network
CN1620004A (en) Communication device and communication control method
CN1859734A (en) Controlled key updating method
CN1852595A (en) Method for authent ation of access of wireless communication terminal

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication