No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


NE40E V800R010C10SPC500 Feature Description - Security 01

This is NE40E V800R010C10SPC500 Feature Description - Security
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Introduction of Keychain

Introduction of Keychain


Applications, such as Routing Protocol Application (RPA), Transmission Control Protocol (TCP), and signaling protocols (such as LDP), exchange authenticated packets over the network for security reasons, but the authentication mechanism in these applications is not robust.

Each application uses a constant authentication key unless the administrator of the network changes the key manually. Manual authentication key change is a cumbersome procedure. During the change, packets can be dropped, because it is very difficult to change the keys instantaneously on all routers.

Another drawback of this type of authentication mechanism is that there is no central application to control all the authentication functionality. Each application maintains its own set of authentication rules. If there are many application instances that require the same set of authentications, this results in duplication of data and processing.

This authentication system needs a mechanism to achieve centralization of all authentication processing and dynamic change of authentication keys with little human intervention. To achieve such, a new application called Keychain has been added to the system.

Keychain is a centralized application that provides authentication functionality to all applications that require them. It also provides dynamic change of authentication keys to all required applications.


When routing applications communicate over a network, persons with malicious intent can tamper with packets or pretend to be authenticated users. To detect modified messages and to authenticate the sender, routing applications support message authentication by defining the authentication rules statically. Each application may use different authentication rules, but using the same authentication rule over a long period will eventually compromise security. Manually changing the authentication rules on communicating peers simultaneously is error prone.

If each application maintains its own set of authentication rules, multiple instances of the same set of authentication information create duplication of data and processing across networking applications.

Keychain centralizes the storage of authentication information and provides dynamic modification of authentication information without human intervention for all applications that need to perform authenticated communication.

Updated: 2019-01-03

Document ID: EDOC1100055047

Views: 12626

Downloads: 29

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next