本文档指定了在实体组之间建立共享对称密钥的机制。它定义了: -具有密钥分发中心（KDC）的多实体基于对称密钥的密钥建立机制；和 -对称密钥建立机制基于通用的基于树的逻辑密钥结构，具有单独密钥更新和批量密钥更新。 它还定义了基于具有组前向保密、组后向保密或同时具有组前向和后向保密的密钥链的密钥建立机制。 本文件还描述了携带键控材料或设置键控材料建立条件所需的信息内容。 本文档未指定与密钥建立机制无关的信息，也未指定错误消息等其他消息。信息的明确格式不在本文件的范围内。 本文件未规定用于建立每个实体和KDC之间共享的初始密钥的方法，也未规定密钥生命周期管理。本文档也没有明确说明域间密钥管理的问题。

This document specifies mechanisms to establish shared symmetric keys between groups of entities. It defines: — symmetric key-based key establishment mechanisms for multiple entities with a key distribution centre (KDC); and — symmetric key establishment mechanisms based on a general tree-based logical key structure with both individual rekeying and batch rekeying. It also defines key establishment mechanisms based on a key chain with group forward secrecy, group backward secrecy or both group forward and backward secrecy. This document also describes the required content of messages which carry keying material or are necessary to set up the conditions under which the keying material can be established. This document does not specify information that has no relation with key establishment mechanisms, nor does it specify other messages such as error messages. The explicit format of messages is not within the scope of this document. This document does not specify the means to be used to establish the initial secret keys required to be shared between each entity and the KDC, nor key lifecycle management. This document also does not explicitly address the issue of interdomain key management.