公开(公告)号：US20190191307A1

公开(公告)日：2019-06-20

申请号：US16278162

申请日：2019-02-17

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： De SHENG ,  Yun QIN

IPC: H04W12/06 ,  H04W80/02 ,  H04L29/06 ,  H04W12/04 ,  H04W40/24

CPC classification number: H04W12/06 ,  H04L9/08 ,  H04L9/0819 ,  H04L9/0838 ,  H04L29/06 ,  H04L63/061 ,  H04L63/065 ,  H04L63/162 ,  H04W12/04031 ,  H04W12/04033 ,  H04W40/24 ,  H04W80/02

Abstract: The method includes: receiving, by a first member device, a second EAPOL-MKA packet sent by a second member device; determining, by the first member device, a first cipher suite, and determining a first secure association key SAK corresponding to the first cipher suite; and sending, by the first member device, the first cipher suite and the first SAK to the second member device in CA. Based on the foregoing technical solution, a device in the CA may determine a cipher suite and a secure association key corresponding to the cipher suite that are used for MACsec secure data transmission. In addition, all devices in the CA support the determined cipher suite. In this way, a problem that the cipher suite needs to be re-determined because one or more devices do not support the cipher suite determined by the first device can be avoided.

公开(公告)号：US20230023846A1

公开(公告)日：2023-01-26

申请号：US17946542

申请日：2022-09-16

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： De SHENG ,  Hui YE ,  Wenbin SHEN

IPC: H04L9/08 ,  H04L9/32

Abstract: This application discloses a method for Internet key exchange protocol (IKE) authentication using a certificate. The method includes: A first device parses a certificate to obtain signature information in the certificate. The first device fills an AUTH payload field in an IKE identity authentication (AUTH) message based on the signature information in the certificate, where signature information indicated by the AUTH payload field matches the signature information in the certificate. The first device sends the IKE AUTH message to a second device. In the method for Internet key exchange protocol IKE authentication using a certificate provided in this application, the first device may automatically parse the signature information in the certificate, and fill the related field of the IKE AUTH message based on the signature information. Therefore, user configuration is simplified and product usability is improved.