Relay node authentication method, apparatus, and system
First Claim
1. A relay node authentication method, comprising:
- sending, by a relay node, an authentication request message to a peer node, the authentication request message comprises a certificate of the relay node, so that the peer node authenticates the relay node according to the certificate of the relay node, wherein the peer node is a network side node or a security gateway in a security domain where the network side node is located; and
receiving, by the relay node, an authentication response message sent by the peer node, wherein the authentication response message comprises a certificate of the peer node, and authenticating the peer node according to the certificate of the peer node, wherein a security association is enabled to authenticate access of an element in a security domain other than the security domain of the network side node where the relay node is located,wherein before the sending, by the relay node, the authentication request message to the security gateway in the security domain where the network side node is located, the method further comprises;
determining whether a security domain where the relay node is located and the security domain where the network side node is located are the same security domain; and
if determining that the security domain where the relay node is located and the security domain where the network side node is located are not the same security domain, performing the sending, by the relay node, the authentication request message to the security gateway in the security domain where the network side node is located.
3 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present invention disclose a relay node authentication method, apparatus, and system. The method provided in an embodiment of the present invention includes: sending, by a relay node, an authentication request message to a peer node, where the authentication request message includes a certificate of the relay node, so that the peer node authenticates the relay node according to the certificate of the relay node, where the peer node is a network side node or a security gateway in a security domain where the network side node is located; and receiving, by the relay node, an authentication response message sent by the peer node, where the authentication response message includes a certificate of the peer node, and authenticating the peer node according to the certificate of the peer node.
14 Citations
12 Claims
-
1. A relay node authentication method, comprising:
-
sending, by a relay node, an authentication request message to a peer node, the authentication request message comprises a certificate of the relay node, so that the peer node authenticates the relay node according to the certificate of the relay node, wherein the peer node is a network side node or a security gateway in a security domain where the network side node is located; and receiving, by the relay node, an authentication response message sent by the peer node, wherein the authentication response message comprises a certificate of the peer node, and authenticating the peer node according to the certificate of the peer node, wherein a security association is enabled to authenticate access of an element in a security domain other than the security domain of the network side node where the relay node is located, wherein before the sending, by the relay node, the authentication request message to the security gateway in the security domain where the network side node is located, the method further comprises; determining whether a security domain where the relay node is located and the security domain where the network side node is located are the same security domain; and if determining that the security domain where the relay node is located and the security domain where the network side node is located are not the same security domain, performing the sending, by the relay node, the authentication request message to the security gateway in the security domain where the network side node is located. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A relay node authentication method, comprising:
-
sending, in or after an attachment process of a relay node, by a relay node mobility management entity, an authentication request message to the relay node, so that the relay node authenticates the relay node mobility management entity according to the authentication request message; and receiving, by the relay node mobility management entity, an authentication response message sent by the relay node, and authenticating the relay node according to the authentication response message, wherein security association is created to enable authentication of an element in a security domain other than a security domain where the relay node is located, wherein before the sending, by the relay node mobility management entity, the authentication request message to the relay node, the method further comprises; receiving, by the relay node mobility management entity, an attachment request sent by the relay node, wherein the attachment request comprises an identifier of the relay node; and if the relay node mobility management entity determines that the relay node does not have any attachment record according to the identifier of the relay node, performing the sending, by the relay node mobility management entity, the authentication request message to the relay node, wherein after the relay node mobility management entity determines that the relay node does not have any attachment record according to the identifier of the relay node and before the sending the authentication request message to the relay node, the method further comprises; determining, by the relay node mobility management entity and according to the identifier of the relay node, that the relay node is not in an insecure node list recorded by the relay node mobility management entity.
-
-
9. A relay node, comprising:
-
computer hardware and non-transitory computer readable storage medium which stores an instruction when executed by the computer hardware implements; a sending unit, configured to send an authentication request message to a peer node, wherein the authentication request message comprises a certificate of the relay node, so that the peer node authenticates the relay node according to the certificate of the relay node, wherein the peer node is a network side node or a security gateway in a security domain where the network side node is located; a receiving unit, configured to receive an authentication response message that the peer node sends according to the authentication request message, wherein the authentication response message comprises a certificate of the peer node; and an authenticating unit, configured to authenticate the peer node according to the certificate of the peer node received by the receiving unit, wherein a security association is enabled to authenticate access of an element in a security domain other than the security domain of the network side node where the relay node is located a determining unit, configured to determine whether a security domain where the relay node is located and the security domain where the network side node is located are the same security domain before the sending unit sends the authentication request message to the security gateway in the security domain where the network side node is located; and when the determining unit determines that the security domain where the relay node is located and the security domain where the network side node is located are not the same security domain, invoke the sending unit to send the authentication request message to the security gateway in the security domain where the network side node is located. - View Dependent Claims (10)
-
-
11. A relay node mobility management entity, comprising:
-
computer hardware and non-transitory computer readable storage medium which stores an instruction when executed by the computer hardware implements; a first sending unit, configured to send an authentication request message to a relay node in or after an attachment process of the relay node, so that the relay node authenticates the relay node mobility management entity according to the authentication request message; a first receiving unit, configured to receive an authentication response message that the relay node sends according to the authentication request message; and an authenticating unit, configured to authenticate the relay node according to the authentication response message, wherein security association is created to enable authentication of an element in a security domain other than a security domain where the relay node is located, a second receiving unit, configured to receive an attachment request sent by the relay node before the first sending unit sends the authentication request message to the relay node, wherein the attachment request comprises an identifier of the relay node; and a first determining unit, configured to determine whether the relay node has any attachment record according to the identifier of the relay node received by the second receiving unit; and
when the first determining unit determines that the relay node does not have any attachment record according to the identifier of the relay node, invoke the first sending unit to send the authentication request message to the relay nodea second determining unit, configured to, after the first determining unit determines that the relay node does not have any attachment record and before the first sending unit sends the authentication request message to the relay node, determine, according to the identifier of the relay node, whether the relay node is in an insecure node list recorded by the relay node mobility management entity; and if the second determining unit determines that the relay node is not in the insecure node list recorded by the relay node mobility management entity, invoke the first sending unit to send the authentication request message to the relay node.
-
-
12. A relay node authentication system, comprising:
-
a peer node; a relay node, configured to send an authentication request message to the peer node, wherein the authentication request message comprises a certificate of the relay node, so that the peer node authenticates the relay node according to the certificate of the relay node, wherein the peer node is a network side node or a security gateway in a security domain where the network side node is located; and the peer node, configured to receive the authentication request message sent by the relay node, wherein the authentication request message comprises the certificate of the relay node;
authenticate the relay node according to the certificate of the relay node; and
send an authentication response message to the relay node, wherein the authentication response message comprises a certificate of the peer node,wherein the relay node is further configured to receive the authentication response message sent by the peer node, wherein the authentication response message comprises the certificate of the peer node, and authenticate the peer node according to the certificate of the peer node, wherein a security association is enabled to authenticate access of an element in a security domain other than the security domain of the network side node where the relay node is located, the relay node is configured to determine whether a security domain where the relay node is located and the security domain where the network side node is located are the same security domain before sending the authentication request message to the security gateway in the security domain where the network side node is located, and when the relay node determines that the security domain where the relay node is located and the security domain where the network side node is located are not the same security domain, invokes sending of the authentication request message to the security gateway in the security domain where the network side node is located.
-
Specification