CN107005410A - Internet protocol security tunnel establishing method, user equipment and base station - Google Patents
Internet protocol security tunnel establishing method, user equipment and base station Download PDFInfo
- Publication number
- CN107005410A CN107005410A CN201580035366.5A CN201580035366A CN107005410A CN 107005410 A CN107005410 A CN 107005410A CN 201580035366 A CN201580035366 A CN 201580035366A CN 107005410 A CN107005410 A CN 107005410A
- Authority
- CN
- China
- Prior art keywords
- user equipment
- base station
- security
- parameter
- ipsec tunnel
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims (42)
- A kind of Internet Protocol Security IPsec tunnel establishing methods, it is characterised in that including:Base station sends the first anti-playback parameters to user equipment;The base station determines the second anti-playback parameters of the user equipment, and the first anti-playback parameters are respectively used to prevent the base station identical with the key that the user equipment is generated every time with the second anti-playback parameters;The base station generates the first wildcard Kipsec according to air interface key KeNB and the first anti-playback parameters, and generates the first authentication information AUTH according to the first Kipsec;The base station determines IPsec tunnel building parameters, the IPsec tunnel buildings parameter includes the 2nd AUTH, wherein, the user equipment generates the 2nd Kipsec according to the KeNB and the second anti-playback parameters, and generates the 2nd AUTH according to the 2nd Kipsec;The identity of first AUTH and the 2nd AUTH and the user equipment described in the base station authentication.
- The method as described in claim 1, it is characterised in that also include:The internet protocol address of the base station is sent to the user equipment by the base station;The base station receives the IP address of the WLAN for the user equipment connection that the user equipment is sent.
- Method as claimed in claim 1 or 2; it is characterized in that; the IPsec tunnel buildings parameter also includes IPsec tunnel transmission parameters; the IPsec tunnel transmissions parameter includes the first security parameter and for the mark TS for the in/out port for identifying the data flow that IPsec is protected; first security parameter includes security algorithm, and the Kipsec of the first Kipsec or described 2nd.
- Method as claimed in claim 3, it is characterised in that the base station determines IPsec tunnel building parameters, including:The base station receives the first internet key exchange version 2 IKEv2 message that the user equipment is sent, and the first IKEv2 message includes the second security parameter;The base station sends the response message of the first IKEv2 message to the user equipment;The base station receives the user equipment and the 2nd IKEv2 message sent is encrypted according to second security parameter, and the 2nd IKEv2 message includes the IPsec tunnel buildings parameter;The base station sends the response message of the 2nd IKEv2 message to the user equipment;Wherein, the identity of the user equipment is also included in the IPsec tunnel buildings parameter, and internet key exchange head HDR, the HDR include the mark SPI for being used to identify IPsec tunnel building flows;The security algorithm is the security algorithm for being provided with security algorithm rank.
- Method as claimed in claim 4, it is characterised in that the identity of user equipment described in the base station authentication, including:Whether the identity of user equipment described in the base station authentication is consistent with the identity of the acquired user equipment of core-network side.
- Method as claimed in claim 4, it is characterised in that the base station determines IPsec tunnel building parameters, including:The base station receives at least one radio resource control RRC message that the user equipment is sent;Wherein, at least one described RRC information encapsulates the response message of the first IKEv2 message, the response message of the first IKEv2 message, the 2nd IKEv2 message, and the 2nd IKEv2 message.
- Method as claimed in claim 3, it is characterised in that the base station determines IPsec tunnel building parameters, including:The security algorithm list that the 2nd AUTH and the user equipment that the base station reception user equipment is sent by radio resource control RRC message are supported;The base station is according to the security algorithm levels list of itself, and the security algorithm list that the user equipment is supported, the rank of the security algorithm of first security parameter is determined, the security algorithm levels list includes multiple security algorithms and the corresponding relation of security algorithm rank;The IPsec tunnel buildings parameter is sent to the user equipment by the base station.
- Method as claimed in claim 3, it is characterised in that the base station determines IPsec tunnel building parameters, including:2nd AUTH and the base station security algorithm levels list are sent to the user equipment by the base station by RRC information, so that the security algorithm list that the user equipment is supported according to itself, and the security algorithm levels list of the base station, the rank of the security algorithm of first security parameter is determined, the security algorithm levels list includes multiple security algorithms and the corresponding relation of security algorithm rank;The base station receives the IPsec tunnel buildings parameter that the user equipment is sent.
- A kind of IPsec tunnel establishing methods, it is characterised in that including:User equipment receives the first anti-playback parameters that base station is sent;The user equipment determines the second anti-playback parameters of the user equipment, and the first anti-playback parameters are respectively used to prevent the base station identical with the key that the user equipment is generated every time with the second anti-playback parameters;The user equipment generates the second wildcard Kipsec according to air interface key KeNB and the second anti-playback parameters, and generates the second authentication information AUTH according to the 2nd Kipsec, and sends the 2nd AUTH to the base station;The user equipment receives the IPsec tunnel building parameters that the base station is sent, the IPsec tunnel buildings parameter includes the first AUTH, wherein, the base station generates the first Kipsec according to the KeNB and the first anti-playback parameters, and the base station generates the first AUTH according to the first Kipsec;First AUTH described in the user equipment authentication and the 2nd AUTH.
- Method as claimed in claim 9, it is characterised in that also include:The user equipment receives the internet protocol address for the base station that the base station is sent;The IP address for the WLAN that the user equipment connects the user equipment is sent to the base station.
- Method as described in claim 9 or 10, it is characterised in that also include:The user equipment sends the first IKEv2 message to the base station, and the first IKEv2 message includes the second security parameter;The user equipment receives the response message for the first IKEv2 message that the base station is sent;The user equipment encrypts the 2nd IKEv2 message according to second security parameter, and the 2nd IKEv2 message after encryption is sent into the base station, and the 2nd IKEv2 message includes the IPsec Tunnel building parameter, the IPsec tunnel buildings parameter also includes IPsec tunnel transmission parameters, the identity of the user equipment, with internet key exchange head HDR, the HDR includes the mark SPI for being used to identify IPsec tunnel building flows, the IPsec tunnel transmissions parameter includes the first security parameter and for the mark TS for the in/out port for identifying the data flow that IPsec is protected, first security parameter includes security algorithm, and the Kipsec of the first Kipsec or described 2nd, the security algorithm is the security algorithm for being provided with security algorithm rank;The user equipment receives the response message for the 2nd IKEv2 message that the base station is sent.
- Method as claimed in claim 11, it is characterised in that also include:The user equipment sends at least one RRC information to the base station;Wherein, at least one described RRC information encapsulates the response message of the first IKEv2 message, the response message of the first IKEv2 message, the 2nd IKEv2 message, and the 2nd IKEv2 message.
- Method as described in claim 9 or 10, it is characterised in that also include:The user equipment sends security algorithm list that the user equipment supported to the base station by RRC information, so that security algorithm levels list of the base station according to itself, and the security algorithm list that the user equipment is supported, the rank of the security algorithm of first security parameter is determined, the security algorithm levels list includes multiple security algorithms and the corresponding relation of security algorithm rank;The user equipment receives the IPsec tunnel buildings parameter that the base station is sent, the IPsec tunnel buildings parameter also includes IPsec tunnel transmissions parameter and internet key exchange head HDR, the HDR includes the mark SPI for being used to identify IPsec tunnel building flows, the IPsec tunnel transmissions parameter includes the first security parameter and TS, first security parameter includes the security algorithm for determining the rank, and the Kipsec of the first Kipsec or described 2nd.
- Method as described in claim 9 or 10, it is characterised in that also include:The user equipment receives the security algorithm levels list for the base station that the base station is sent by RRC information, and the security algorithm levels list includes multiple security algorithms and the corresponding relation of security algorithm rank;The security algorithm list that the user equipment is supported according to itself, and the base station security algorithm Levels list, determines the rank of the security algorithm of first security parameter;The IPsec tunnel buildings parameter is sent to the base station by the user equipment, the IPsec tunnel buildings parameter also includes IPsec tunnel transmissions parameter and internet key exchange head HDR, the HDR includes the mark SPI for being used to identify IPsec tunnel building flows, the IPsec tunnel transmissions parameter includes the first security parameter and TS, first security parameter includes the security algorithm for determining the rank, and the Kipsec of the first Kipsec or described 2nd.
- A kind of base station, it is characterised in that including:Transmitting element, for sending the first anti-playback parameters to user equipment;Determining unit, the second anti-playback parameters for determining the user equipment, the first anti-playback parameters are respectively used to prevent the base station identical with the key that the user equipment is generated every time with the second anti-playback parameters;Generation unit, for generating the first wildcard Kipsec according to air interface key KeNB and the first anti-playback parameters, and generates the first authentication information AUTH according to the first Kipsec;The determining unit is additionally operable to determine IPsec tunnel building parameters, the IPsec tunnel buildings parameter includes the 2nd AUTH, wherein, the user equipment generates the 2nd Kipsec according to the KeNB and the second anti-playback parameters, and generates the 2nd AUTH according to the 2nd Kipsec;Authentication unit, the identity for verifying the first AUTH and the 2nd AUTH and the user equipment.
- Base station as claimed in claim 14, it is characterised in that:The transmitting element is additionally operable to the internet protocol address of the base station being sent to the user equipment;The base station also includes:Receiving unit;The receiving unit is additionally operable to receive the IP address of the WLAN for the user equipment connection that the user equipment is sent.
- Base station as claimed in claim 15; it is characterized in that; the IPsec tunnel buildings parameter also includes IPsec tunnel transmission parameters; the IPsec tunnel transmissions parameter includes the first security parameter and for the mark TS for the in/out port for identifying the data flow that IPsec is protected, and first security parameter includes peace Full algorithm, and the Kipsec of the first Kipsec or described 2nd.
- Base station as claimed in claim 16, it is characterised in that:The receiving unit is additionally operable to receive the first internet key exchange version 2 IKEv2 message that the user equipment is sent, and the first IKEv2 message includes the second security parameter;The transmitting element is additionally operable to send the response message of the first IKEv2 message to the user equipment;The receiving unit is additionally operable to receive the 2nd IKEv2 message that the user equipment encrypts transmission according to second security parameter, and the 2nd IKEv2 message includes the IPsec tunnel buildings parameter;The transmitting element is additionally operable to send the response message of the 2nd IKEv2 message to the user equipment;Wherein, the identity of the user equipment is also included in the IPsec tunnel buildings parameter, and internet key exchange head HDR, the HDR include the mark SPI for being used to identify IPsec tunnel building flows;The security algorithm is the security algorithm for being provided with security algorithm rank.
- Base station as claimed in claim 17, it is characterised in that the authentication unit specifically for:Verify whether the identity of the user equipment is consistent with the identity of the acquired user equipment of core-network side.
- Base station as claimed in claim 16, it is characterised in that:The receiving unit is additionally operable to receive at least one radio resource control RRC message that the user equipment is sent;Wherein, at least one described RRC information encapsulates the response message of the first IKEv2 message, the response message of the first IKEv2 message, the 2nd IKEv2 message, and the 2nd IKEv2 message.
- Base station as claimed in claim 16, it is characterised in that:The receiving unit is additionally operable to receive the security algorithm list that the 2nd AUTH and the user equipment that the user equipment sent by radio resource control RRC message are supported;The determining unit is additionally operable to the security algorithm levels list according to itself, and user equipment institute The security algorithm list of support, determines the rank of the security algorithm of first security parameter, and the security algorithm levels list includes multiple security algorithms and the corresponding relation of security algorithm rank;The transmitting element is additionally operable to the IPsec tunnel buildings parameter being sent to the user equipment.
- Base station as claimed in claim 16, it is characterised in that:The transmitting element is additionally operable to that the 2nd AUTH and the base station security algorithm levels list are sent into the user equipment by RRC information, so that the security algorithm list that the user equipment is supported according to itself, and the security algorithm levels list of the base station, the rank of the security algorithm of first security parameter is determined, the security algorithm levels list includes multiple security algorithms and the corresponding relation of security algorithm rank;The receiving unit is additionally operable to receive the IPsec tunnel buildings parameter that the user equipment is sent.
- A kind of user equipment, it is characterised in that including:Determining unit, the second anti-playback parameters for determining user equipment, the first anti-playback parameters are respectively used to prevent the base station identical with the key that the user equipment is generated every time with the second anti-playback parameters;Generation unit, for generating the second wildcard Kipsec according to air interface key KeNB and the second anti-playback parameters, and generates the second authentication information AUTH according to the 2nd Kipsec;Transmitting element, for sending the 2nd AUTH to the base station;Receiving unit, for receiving the IPsec tunnel building parameters that the base station is sent, the IPsec tunnel buildings parameter includes the first AUTH, wherein, the base station generates the first Kipsec according to the KeNB and the first anti-playback parameters, and the base station generates the first AUTH according to the first Kipsec;Authentication unit, for verifying the first AUTH and the 2nd AUTH.
- User equipment as claimed in claim 22, it is characterised in that:The receiving unit is additionally operable to receive the internet protocol address for the base station that the base station is sent;The IP address that the transmitting element is additionally operable to the WLAN for connecting the user equipment is sent to the base station.
- User equipment as described in claim 22 or 23, it is characterised in that:The transmitting element is additionally operable to send the first IKEv2 message to the base station, and the first IKEv2 message includes the second security parameter;The receiving unit is additionally operable to receive the response message for the first IKEv2 message that the base station is sent;The transmitting element is additionally operable to encrypt the 2nd IKEv2 message according to second security parameter, the 2nd IKEv2 message after encryption is sent to the base station, the 2nd IKEv2 message includes the IPsec tunnel buildings parameter, the IPsec tunnel buildings parameter also includes IPsec tunnel transmission parameters, the identity of the user equipment, with internet key exchange head HDR, the HDR includes the mark SPI for being used to identify IPsec tunnel building flows, the IPsec tunnel transmissions parameter includes the first security parameter and for the mark TS for the in/out port for identifying the data flow that IPsec is protected, first security parameter includes security algorithm, and the Kipsec of the first Kipsec or described 2nd, the security algorithm is the security algorithm for being provided with security algorithm rank;The receiving unit is additionally operable to receive the response message for the 2nd IKEv2 message that the base station is sent.
- User equipment as claimed in claim 24, it is characterised in that:The transmitting element is additionally operable to send at least one RRC information to the base station;Wherein, at least one described RRC information encapsulates the response message of the first IKEv2 message, the response message of the first IKEv2 message, the 2nd IKEv2 message, and the 2nd IKEv2 message.
- User equipment as described in claim 22 or 23, it is characterised in that:The transmitting element is additionally operable to send security algorithm list that the user equipment supported to the base station by RRC information, so that security algorithm levels list of the base station according to itself, and the security algorithm list that the user equipment is supported, the rank of the security algorithm of first security parameter is determined, the security algorithm levels list includes multiple security algorithms and the corresponding relation of security algorithm rank;The receiving unit is additionally operable to receive the IPsec tunnel buildings parameter that the base station is sent, the IPsec tunnel buildings parameter also includes IPsec tunnel transmissions parameter and internet key exchange head HDR, the HDR includes the mark SPI for being used to identify IPsec tunnel building flows, the IPsec tunnel transmissions parameter includes the first security parameter and TS, and first security parameter includes determining the safety of the rank Algorithm, and the Kipsec of the first Kipsec or described 2nd.
- User equipment as described in claim 22 or 23, it is characterised in that:The receiving unit is additionally operable to receive the security algorithm levels list for the base station that the base station is sent by RRC information, and the security algorithm levels list includes multiple security algorithms and the corresponding relation of security algorithm rank;The determining unit is additionally operable to the security algorithm list supported according to itself, and the base station security algorithm levels list, determine the rank of the security algorithm of first security parameter;The transmitting element is additionally operable to the IPsec tunnel buildings parameter being sent to the base station, the IPsec tunnel buildings parameter also includes IPsec tunnel transmissions parameter and internet key exchange head HDR, the HDR includes the mark SPI for being used to identify IPsec tunnel building flows, the IPsec tunnel transmissions parameter includes the first security parameter and TS, first security parameter includes the security algorithm for determining the rank, and the Kipsec of the first Kipsec or described 2nd.
- A kind of base station, it is characterised in that including:Transmitter and processor;The transmitter, for sending the first anti-playback parameters to user equipment;The processor, the second anti-playback parameters for determining the user equipment, the first anti-playback parameters are respectively used to prevent the base station identical with the key that the user equipment is generated every time with the second anti-playback parameters;The processor is additionally operable to be used for generate the first wildcard Kipsec according to air interface key KeNB and the first anti-playback parameters, and generates the first authentication information AUTH according to the first Kipsec;The processor is additionally operable to determine IPsec tunnel building parameters, the IPsec tunnel buildings parameter includes the 2nd AUTH, wherein, the user equipment generates the 2nd Kipsec according to the KeNB and the second anti-playback parameters, and generates the 2nd AUTH according to the 2nd Kipsec;The processor is additionally operable to verify the identity of the first AUTH and the 2nd AUTH and the user equipment.
- Base station as claimed in claim 28, it is characterised in that:The transmitter is additionally operable to the internet protocol address of the base station being sent to the user equipment;The base station also includes:Receiver;The receiver is additionally operable to receive the IP address of the WLAN for the user equipment connection that the user equipment is sent.
- Base station as claimed in claim 29; it is characterized in that; the IPsec tunnel buildings parameter also includes IPsec tunnel transmission parameters; the IPsec tunnel transmissions parameter includes the first security parameter and for the mark TS for the in/out port for identifying the data flow that IPsec is protected; first security parameter includes security algorithm, and the Kipsec of the first Kipsec or described 2nd.
- Base station as claimed in claim 30, it is characterised in that:The receiver is additionally operable to receive the first internet key exchange version 2 IKEv2 message that the user equipment is sent, and the first IKEv2 message includes the second security parameter;The transmitter is additionally operable to send the response message of the first IKEv2 message to the user equipment;The receiver is additionally operable to receive the 2nd IKEv2 message that the user equipment encrypts transmission according to second security parameter, and the 2nd IKEv2 message includes the IPsec tunnel buildings parameter;The transmitter is additionally operable to send the response message of the 2nd IKEv2 message to the user equipment;Wherein, the identity of the user equipment is also included in the IPsec tunnel buildings parameter, and internet key exchange head HDR, the HDR include the mark SPI for being used to identify IPsec tunnel building flows;The security algorithm is the security algorithm for being provided with security algorithm rank.
- Base station as claimed in claim 31, it is characterised in that the processor is additionally operable to:Verify whether the identity of the user equipment is consistent with the identity of the acquired user equipment of core-network side.
- Base station as claimed in claim 30, it is characterised in that:The receiver is additionally operable to receive at least one radio resource control RRC message that the user equipment is sent;Wherein, at least one described RRC information encapsulates the response message of the first IKEv2 message, the response message of the first IKEv2 message, the 2nd IKEv2 message, and the 2nd IKEv2 message.
- Base station as claimed in claim 30, it is characterised in that:The receiver is additionally operable to receive the security algorithm list that the 2nd AUTH and the user equipment that the user equipment sent by radio resource control RRC message are supported;The processor is additionally operable to the security algorithm levels list according to itself, and the security algorithm list that the user equipment is supported, the rank of the security algorithm of first security parameter is determined, the security algorithm levels list includes multiple security algorithms and the corresponding relation of security algorithm rank;The transmitter is additionally operable to the IPsec tunnel buildings parameter being sent to the user equipment.
- Base station as claimed in claim 30, it is characterised in that:The transmitter is additionally operable to that the 2nd AUTH and the base station security algorithm levels list are sent into the user equipment by RRC information, so that the security algorithm list that the user equipment is supported according to itself, and the security algorithm levels list of the base station, the rank of the security algorithm of first security parameter is determined, the security algorithm levels list includes multiple security algorithms and the corresponding relation of security algorithm rank;The receiver is additionally operable to receive the IPsec tunnel buildings parameter that the user equipment is sent.
- A kind of user equipment, it is characterised in that including:Processor, transmitters and receivers;Wherein,The processor, the second anti-playback parameters for determining user equipment, the first anti-playback parameters are respectively used to prevent the base station identical with the key that the user equipment is generated every time with the second anti-playback parameters;The processor is additionally operable to generate the second wildcard Kipsec according to air interface key KeNB and the second anti-playback parameters, and generates the second authentication information AUTH according to the 2nd Kipsec;Transmitter, for sending the 2nd AUTH to the base station;Receiver, for receiving the IPsec tunnel building parameters that the base station is sent, the IPsec tunnel buildings parameter includes the first AUTH, wherein, the base station generates the first Kipsec according to the KeNB and the first anti-playback parameters, and the base station generates the first AUTH according to the first Kipsec;The processor is additionally operable to checking the first AUTH and the 2nd AUTH.
- User equipment as claimed in claim 36, it is characterised in that:The receiver is additionally operable to receive the internet protocol address for the base station that the base station is sent;The IP address that the transmitting element is additionally operable to the WLAN for connecting the user equipment is sent to the base station.
- User equipment as described in claim 36 or 37, it is characterised in that:The transmitter is additionally operable to send the first IKEv2 message to the base station, and the first IKEv2 message includes the second security parameter;The receiver is additionally operable to receive the response message for the first IKEv2 message that the base station is sent;The transmitter is additionally operable to encrypt the 2nd IKEv2 message according to second security parameter, the 2nd IKEv2 message after encryption is sent to the base station, the 2nd IKEv2 message includes the IPsec tunnel buildings parameter, the IPsec tunnel buildings parameter also includes IPsec tunnel transmission parameters, the identity of the user equipment, with internet key exchange head HDR, the HDR includes the mark SPI for being used to identify IPsec tunnel building flows, the IPsec tunnel transmissions parameter includes the first security parameter and for the mark TS for the in/out port for identifying the data flow that IPsec is protected, first security parameter includes security algorithm, and the Kipsec of the first Kipsec or described 2nd, the security algorithm is the security algorithm for being provided with security algorithm rank;The receiver is additionally operable to receive the response message for the 2nd IKEv2 message that the base station is sent.
- User equipment as claimed in claim 38, it is characterised in that:The transmitter is additionally operable to send at least one RRC information to the base station;Wherein, at least one described RRC information encapsulates the response message of the first IKEv2 message, the response message of the first IKEv2 message, the 2nd IKEv2 message, and the 2nd IKEv2 message.
- User equipment as described in claim 36 or 37, it is characterised in that:The transmitter is additionally operable to send security algorithm list that the user equipment supported to the base station by RRC information, so that security algorithm levels list of the base station according to itself, and the security algorithm list that the user equipment is supported, the rank of the security algorithm of first security parameter is determined, the security algorithm levels list includes multiple security algorithms and the corresponding relation of security algorithm rank;The receiver is additionally operable to receive the IPsec tunnel buildings parameter that the base station is sent, and the IPsec tunnel buildings parameter also includes IPsec tunnel transmissions parameter and internet key exchange head HDR, The HDR includes the mark SPI for being used to identify IPsec tunnel building flows, the IPsec tunnel transmissions parameter includes the first security parameter and TS, first security parameter includes the security algorithm for determining the rank, and the Kipsec of the first Kipsec or described 2nd.
- User equipment as described in claim 36 or 37, it is characterised in that:The receiver is additionally operable to receive the security algorithm levels list for the base station that the base station is sent by RRC information, and the security algorithm levels list includes multiple security algorithms and the corresponding relation of security algorithm rank;The processor is additionally operable to the security algorithm list supported according to itself, and the base station security algorithm levels list, determine the rank of the security algorithm of first security parameter;The transmitter is additionally operable to the IPsec tunnel buildings parameter being sent to the base station, the IPsec tunnel buildings parameter also includes IPsec tunnel transmissions parameter and internet key exchange head HDR, the HDR includes the mark SPI for being used to identify IPsec tunnel building flows, the IPsec tunnel transmissions parameter includes the first security parameter and TS, first security parameter includes the security algorithm for determining the rank, and the Kipsec of the first Kipsec or described 2nd.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2015/093536 WO2017070973A1 (en) | 2015-10-31 | 2015-10-31 | Internet protocol security tunnel establishing method, user equipment and base station |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107005410A true CN107005410A (en) | 2017-08-01 |
CN107005410B CN107005410B (en) | 2020-06-26 |
Family
ID=58629757
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201580035366.5A Active CN107005410B (en) | 2015-10-31 | 2015-10-31 | Internet protocol security tunnel establishment method, user equipment and base station |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN107005410B (en) |
WO (1) | WO2017070973A1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114422205B (en) * | 2021-12-30 | 2024-03-01 | 广西电网有限责任公司电力科学研究院 | Method for establishing network layer data tunnel of special CPU chip for electric power |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7159242B2 (en) * | 2002-05-09 | 2007-01-02 | International Business Machines Corporation | Secure IPsec tunnels with a background system accessible via a gateway implementing NAT |
CN101272251A (en) * | 2007-03-22 | 2008-09-24 | 华为技术有限公司 | Authentication and cryptographic key negotiation method, authentication method, system and equipment |
CN101945387A (en) * | 2010-09-17 | 2011-01-12 | 中兴通讯股份有限公司 | Method and system of binding access layer secret key and device |
CN103312668A (en) * | 2012-03-09 | 2013-09-18 | 中兴通讯股份有限公司 | Message transmission method and device based on link management protocol security alliance |
JP5319575B2 (en) * | 2010-02-23 | 2013-10-16 | 日本電信電話株式会社 | Communication method and communication system |
CN104184675A (en) * | 2014-09-12 | 2014-12-03 | 成都卫士通信息产业股份有限公司 | Load-balanced IPSec VPN device trunking system and working method of load-balanced IPSec VPN device trunking system |
US20150281254A1 (en) * | 2014-03-31 | 2015-10-01 | EXILANT Technologies Private Limited | Increased communication security |
CN104969578A (en) * | 2013-04-17 | 2015-10-07 | 华为技术有限公司 | Data transmission method, device and system |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102013206185A1 (en) * | 2013-04-09 | 2014-10-09 | Robert Bosch Gmbh | Method for detecting a manipulation of a sensor and / or sensor data of the sensor |
-
2015
- 2015-10-31 WO PCT/CN2015/093536 patent/WO2017070973A1/en active Application Filing
- 2015-10-31 CN CN201580035366.5A patent/CN107005410B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7159242B2 (en) * | 2002-05-09 | 2007-01-02 | International Business Machines Corporation | Secure IPsec tunnels with a background system accessible via a gateway implementing NAT |
CN101272251A (en) * | 2007-03-22 | 2008-09-24 | 华为技术有限公司 | Authentication and cryptographic key negotiation method, authentication method, system and equipment |
JP5319575B2 (en) * | 2010-02-23 | 2013-10-16 | 日本電信電話株式会社 | Communication method and communication system |
CN101945387A (en) * | 2010-09-17 | 2011-01-12 | 中兴通讯股份有限公司 | Method and system of binding access layer secret key and device |
CN103312668A (en) * | 2012-03-09 | 2013-09-18 | 中兴通讯股份有限公司 | Message transmission method and device based on link management protocol security alliance |
CN104969578A (en) * | 2013-04-17 | 2015-10-07 | 华为技术有限公司 | Data transmission method, device and system |
US20150281254A1 (en) * | 2014-03-31 | 2015-10-01 | EXILANT Technologies Private Limited | Increased communication security |
CN104184675A (en) * | 2014-09-12 | 2014-12-03 | 成都卫士通信息产业股份有限公司 | Load-balanced IPSec VPN device trunking system and working method of load-balanced IPSec VPN device trunking system |
Also Published As
Publication number | Publication date |
---|---|
CN107005410B (en) | 2020-06-26 |
WO2017070973A1 (en) | 2017-05-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11025597B2 (en) | Security implementation method, device, and system | |
CN108293223B (en) | Data transmission method, user equipment and network side equipment | |
EP2583479B1 (en) | Method and apparatus for binding subscriber authentication and device authentication in communication systems | |
JP2019512942A (en) | Authentication mechanism for 5G technology | |
EP2663107A1 (en) | Key generating method and apparatus | |
CN109964498A (en) | The method and apparatus that remote unit is attached to mobile core network via independent insincere non-3GPP access network | |
TW201703556A (en) | Network security architecture | |
EP3086586B1 (en) | Terminal authentication method, device and system | |
JP2017534204A (en) | User plane security for next generation cellular networks | |
CN102056157B (en) | Method, system and device for determining keys and ciphertexts | |
WO2018170617A1 (en) | Network access authentication method based on non-3gpp network, and related device and system | |
WO2019096075A1 (en) | Method and apparatus for message protection | |
KR20230054421A (en) | Privacy of Repeater Selection in Cellular Sliced Networks | |
CN103609154A (en) | Method, apparatus and system for WLAN access authentication | |
WO2012031510A1 (en) | Method and system for implementing synchronous binding of security key | |
CN102223634A (en) | Method and device for controlling mode of accessing user terminal into Internet | |
WO2017132962A1 (en) | Security parameter transmission method and related device | |
EP2648437A1 (en) | Method, apparatus and system for key generation | |
CN110583036A (en) | Network authentication method, network equipment and core network equipment | |
US11722890B2 (en) | Methods and systems for deriving cu-up security keys for disaggregated gNB architecture | |
CN107005410A (en) | Internet protocol security tunnel establishing method, user equipment and base station | |
EP3311599B1 (en) | Ultra dense network security architecture and method | |
CN110226319A (en) | Method and apparatus for the parameter exchange during promptly accessing | |
CN114245372B (en) | Authentication method, device and system | |
WO2017210811A1 (en) | Security strategy execution method and apparatus |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20200601 Address after: Room 208, floor 2, East distribution building, Dongsheng science and Technology Park, Zhongguancun, No.18, Xueqing Road, Haidian District, Beijing 100080 Applicant after: GRABLAN (BEIJING) SOFTWARE ENGINEERING Co.,Ltd. Applicant after: HUAWEI TECHNOLOGIES Co.,Ltd. Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Applicant before: HUAWEI TECHNOLOGIES Co.,Ltd. |
|
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20200709 Address after: Room 208, floor 2, East distribution building, Dongsheng science and Technology Park, Zhongguancun, No.18, Xueqing Road, Haidian District, Beijing 100080 Patentee after: GRABLAN (BEIJING) SOFTWARE ENGINEERING Co.,Ltd. Address before: Room 208, floor 2, East distribution building, Dongsheng science and Technology Park, Zhongguancun, No.18, Xueqing Road, Haidian District, Beijing 100080 Co-patentee before: HUAWEI TECHNOLOGIES Co.,Ltd. Patentee before: GRABLAN (BEIJING) SOFTWARE ENGINEERING Co.,Ltd. |