CN101128066B - Method and system without user interface encryption - Google Patents
Method and system without user interface encryption Download PDFInfo
- Publication number
- CN101128066B CN101128066B CN2007101626031A CN200710162603A CN101128066B CN 101128066 B CN101128066 B CN 101128066B CN 2007101626031 A CN2007101626031 A CN 2007101626031A CN 200710162603 A CN200710162603 A CN 200710162603A CN 101128066 B CN101128066 B CN 101128066B
- Authority
- CN
- China
- Prior art keywords
- customer side
- carry out
- encryption
- side encryption
- base station
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The utility model discloses a method and a system without encryption to user interface; wherein, the method comprises the following steps: S302, when the mobility state of the user equipment changes from idleness into activation, the mobile management unit chooses an encryption algorithm of the user interface, and judges whether the mobile management unit has the ability to identify and add encryption information of the user interface in the contracting data of the user; S304, if the result is available, under the situation that the mobile management unit does not need to encrypt the user interface according to the encryption information of the user interface, the mobile management unit notifies to an evolution base station the information of the chosen encryption algorithm of the user interface and/or no need to encrypt the user interface; S306, the evolution base station judges whether the evolution base station has the ability to support not to encrypt the user interface, and if the result is available, the evolution base station decides not to encrypt the user interface and notifies to the user equipment the decision not to encrypt the user interface.
Description
Technical field
The present invention relates to the communications field, relate more specifically to a kind of method that does not carry out encryption on customers.
Background technology
As shown in Figure 1; The grouping system of 3GPP evolution (Evolved Packet System; Be called for short EPS) by land radio access web (the Evolved UMTS TerrestrialRadio Access Network of evolution; Be called for short EUTRAN) and EPS core net (EvolvedPacket Core is called for short EPC) composition.Wherein, The EPS core net is by mobile management unit (Mobility Management Entity; Abbreviation MME), gateway (ServingGateway; Abbreviation S-GW), packet data network gateway (Packet Data Network is called for short PDN GW), home subscriber server (Home Subscriber Server is called for short HSS) and other support nodes are formed.Interface between EUTRAN and the mobile management unit is that the interface between S1-MME and the gateway is S1-U; Interface between mobile management unit and the home subscriber server is that the interface between S6a and the gateway is S11, and the interface between gateway and the packet data network gateway is S5.Packet data network gateway is SGi to the interface of external network.
Wherein, mobile management unit is responsible for ambulant management, the processing of Non-Access Stratum signaling and the chain of command related works such as management of user security model.Position and the configuration of network of the subscription data, user that home subscriber server mainly is responsible for the storage user in network etc.
In the UTRAN of evolution, base station equipment is evolution base station (evolved Node-B is called for short eNB), mainly is responsible for wireless telecommunications, mobility context management and/or user's security schema management.
The user contracting data of in home subscriber server, preserving comprises whether network service and this user information etc. of signatory a certain business whether of signatory certain operator of this user.
In EPS, need carry out the integrity protection and the encryption of Non-Access Stratum (Non AccessStratum is called for short NAS) signaling between UE and the MME.Need carry out the encryption and the integrity protection of Access Layer (Access Stratum is called for short AS) signaling between the eNB of UE and UTRAN.Also need carry out the encryption of user plane between UE and the eNB.UE is with the security capabilities (security capability) of UE, i.e. the algorithm list of UE support comprises that the customer side encryption algorithm list that UE supports sends to evolved packet system.Encryption for user plane; ENB or MME by evolved packet system compare the customer side encryption algorithm list of UE support and the customer side encryption algorithm list of eNB support; If support identical customer side encryption algorithm, then the eNB of evolved packet system or MME select an identical customer side encryption algorithm to send to UE.
When the mobility status of UE becomes active (ACTIVE) by idle (IDLE), need hold consultation again to the AES of user plane.As shown in Figure 2, select the flow process of customer side encryption algorithm to comprise following process by MME:
S202, UE sends layer 3 message (that is NAS business request information) to eNB.Send UE security capabilities (that is the customer side encryption algorithm list of UE support) simultaneously.
S204, eNB transmits layer 3 message to MME, and sends the security capabilities (that is the customer side encryption algorithm list of eNB support) of eNB simultaneously.
S206 carries out authentication alternatively between UE and the MME.
S208, MME is according to security capabilities and the UE of security capabilities selection of eNB and the customer side encryption algorithm that eNB supports of UE.
S210, MME send wireless access network application protocol (evolved RadioAccess Network Application Part the is called for short eRANAP) message of evolution and give eNB, comprise selected customer side encryption algorithm.
S212, eNB send Access Layer safe mode command (Security Mode Command is called for short SMC) message and give UE, comprise selected customer side encryption algorithm.
S214, UE begins customer side encryption.
S216, UE returns safe mode command to eNB and accomplishes (SMC complete) message.
S218, receive that safe mode command is accomplished message after, eNB begins customer side encryption.
When the mobility status of UE becomes ACTIVE by IDLE, because the NAS algorithm exists, so need not carry out the NAS negotiating algorithm.
When the state of subscriber equipment was in IDLE or ACTIVE, HSS might send new user contracting data to MME, and the user's context of preserving among the MME so can change according to the variation of user contracting data.
The encryption of user plane mainly is that the content of user plane is encrypted, and for the certain user, only carries out common communication with mobile communcations system, does not involve the content of need to be keep secret, with regard to there is no need the content of user plane is encrypted so.Such as certain user only uses the terminal to make a phone call to carry out common chat or contact, and his dialog context there is no need to encrypt so.
For eNB,, can bring bigger processing load (processing load) to eNB so if each user is carried out the encryption of user plane.If can encrypt user plane, then can significantly reduce the processing load of evolved packet system functional entity eNB according to specific user's demand.Further, operator can offer the user who needs with customer side encryption as a kind of business.
Summary of the invention
One or more problems in view of the above the invention provides a kind of method that does not carry out encryption on customers.
According to the method that does not carry out encryption on customers of the present invention; May further comprise the steps: S302; When the mobility of user equipment state becomes activation from the free time; Mobile management unit is selected the customer side encryption algorithm, and judges himself whether having the ability of discerning the customer side encryption information in the user contracting data that is added on; S304; If judged result is for being; Then judge that according to customer side encryption information needs do not carry out under the situation of customer side encryption at mobile management unit, mobile management unit with selected customer side encryption algorithm and the advisory that need not carry out customer side encryption give evolution base station; And S306, whether evolution base station supports the ability do not carry out encryption on customers to judge to himself having, and is that decision does not carry out encryption on customers under the situation that is in judged result, and the decision that will not carry out encryption on customers is notified to subscriber equipment.
Wherein, evolution base station can not preserved the selected customer side encryption algorithm of mobile management unit.Do not have at evolution base station under the situation of the ability of supporting not carry out encryption on customers, customer side encryption is carried out in the evolution base station decision, and the selected customer side encryption algorithm of mobile management unit is notified to subscriber equipment.The wireless access network application protocol message of mobile management unit through evolution with selected customer side encryption algorithm and the advisory that need not carry out customer side encryption give evolution base station.Evolution base station is notified to subscriber equipment through the decision that Access Layer safe mode command completion message will not carry out encryption on customers.
According to the system that does not carry out encryption on customers of the present invention, comprising: first dispensing unit, be arranged in mobile management unit, be used for whether mobile management unit is had the ability of discerning the customer side encryption information that is added on user contracting data and be configured; The situation judging unit; Be arranged in mobile management unit; Be used for mobile management unit being configured to have under the situation of the ability of discerning customer side encryption information at first dispensing unit; Judge whether that according to customer side encryption information needs carry out customer side encryption, and the advisory that will need not carry out customer side encryption is given evolution base station; And second dispensing unit; Be arranged in evolution base station; Being used for whether evolution base station had supports the ability do not carry out encryption on customers to be configured; And under the situation that evolution base station is configured to have the ability of supporting not carry out encryption on customers, decision does not carry out encryption on customers, and the decision that will not carry out encryption on customers is notified to subscriber equipment.
Wherein, need not carry out under the situation of customer side encryption, second dispensing unit is not preserved the customer side encryption algorithm that mobile management unit is selected.Do not have at evolution base station under the situation of the ability of supporting not carry out encryption on customers, second dispensing unit decision carrying out customer side encryption, and the customer side encryption algorithm that mobile management unit is selected notified to subscriber equipment.
Wherein, the situation judging unit advisory that will need not carry out customer side encryption through the wireless access network application protocol message of evolution is given evolution base station.Second dispensing unit is notified to subscriber equipment through the decision that Access Layer safe mode command completion message will not carry out encryption on customers.
Through the present invention, can carry out that certain customers are not carried out encryption on customers according to user's selection, thereby can reduce the processing load of evolved packet system functional entity eNB.In addition, through the present invention, operator can offer the user who needs as a kind of business with customer side encryption, thereby can enrich the service selection of operator.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, and illustrative examples of the present invention and explanation thereof are used to explain the present invention, do not constitute improper qualification of the present invention.In the accompanying drawings:
Fig. 1 is the Organization Chart of EPS of the prior art system;
The schematic flow sheet of the process that the AES when MME selected the customer side encryption algorithm when Fig. 2 was UE mobility status of the prior art conversion is consulted;
Fig. 3 is the outline flowchart according to the method that does not carry out encryption on customers of the embodiment of the invention;
Fig. 4 is the detail flowchart according to the method that does not carry out encryption on customers of the embodiment of the invention;
Fig. 5 is the schematic flow sheet of the instance of application drawing 3, method shown in Figure 4;
Fig. 6 is the block diagram according to the system that does not carry out encryption on customers of the embodiment of the invention;
Fig. 7 is according to the function of MME of the present invention or high-level schematic functional block diagram; And
Fig. 8 is according to the function of eNB of the present invention or high-level schematic functional block diagram.
Embodiment
When the state of subscriber equipment is in IDLE, route district (TrackingArea is called for short TA) possibly take place upgrade.When the TA renewal took place, MME can change, and new MME can get access to user's subscription data.
If can whether possess the recognition capability that identifies customer side encryption information be configured, and be configured to discern this information, then judge whether that according to this information needs carry out customer side encryption new MME.If new MME does not have this function; Perhaps this functional configuration is for can not discern customer side encryption information; Whether what then new MME ignored in the user contracting data to be added need carry out information encrypted to user plane, directly gets into the flow process that user plane is encrypted by prior art.
Need not carry out customer side encryption if MME judges, then send to eNB to this judgement and customer side encryption algorithm together.Otherwise, get into the flow process that user plane is encrypted according to prior art.
Upgrade because TA possibly take place when subscriber equipment is the IDLE state, promptly subscriber equipment might be connected to different eNB when converting ACTIVE into, so need the tenability of eNB be rejudged.If can whether possess the ability that support do not encrypt user plane to eNB is configured; And be configured to support; Then after the judgement of not encrypting and customer side encryption algorithm that receive the MME transmission, abandon the customer side encryption algorithm, and send the message that does not need customer side encryption to UE.Self whether do not support ability that user plane is not encrypted if do not possess configuration; Perhaps possess this ability but be configured to not support; Then after the judgement of not encrypting and customer side encryption algorithm that receive the MME transmission; According to prior art, algorithm of user plane is sent to UE, get into the flow process that user plane is encrypted.
In the present invention, need improve, whether add the customer side encryption information that to encrypt user plane therein user contracting data.In addition; Also need the functional entity MME of evolved packet system be improved; Existing MME is increased function or functional module; Make MME can dispose self and whether possess the recognition capability that identifies customer side encryption information, existing eNB is increased function or functional module, make eNB can dispose self and whether possess the ability that support is not encrypted user plane.
In order to reduce to minimum to the influence of existing system, MME issues eNB with information that does not need customer side encryption and selected customer side encryption algorithm after judging that according to user contracting data and self-ability needs do not carry out customer side encryption simultaneously; If eNB supports user plane not encrypt, then decision does not carry out encryption on customers, and abandons the customer side encryption algorithm.If eNB must carry out customer side encryption, then eNB issues UE according to prior art with the customer side encryption algorithm, and continues to accomplish the negotiating algorithm flow process, after this flow process is accomplished, carries out normal customer side encryption between eNB and the UE.
With reference to accompanying drawing, specify embodiment of the present invention below.
With reference to figure 3, brief description is according to the method that does not carry out encryption on customers of the embodiment of the invention.As shown in Figure 3; This method may further comprise the steps: S302; When the mobility of user equipment state becomes activation from the free time; Mobile management unit is selected the customer side encryption algorithm, and judges himself whether having the ability of discerning the customer side encryption information in the user contracting data that is added on; S304; If judged result is for being; Then judge that according to customer side encryption information needs do not carry out under the situation of customer side encryption at mobile management unit, mobile management unit with selected customer side encryption algorithm and the advisory that need not carry out customer side encryption give evolution base station; And S306, whether evolution base station supports the ability do not carry out encryption on customers to judge to himself having, and is that decision does not carry out encryption on customers under the situation that is in judged result, and the decision that will not carry out encryption on customers is notified to subscriber equipment.
Wherein, evolution base station can not preserved the selected customer side encryption algorithm of mobile management unit.Do not have at evolution base station under the situation of the ability of supporting not carry out encryption on customers, customer side encryption is carried out in the evolution base station decision, and the selected customer side encryption algorithm of mobile management unit is notified to subscriber equipment.Mobile management unit is selected the customer side encryption algorithm according to the customer side encryption algorithm list of subscriber equipment support and the customer side encryption algorithm list of evolution base station support.The wireless access network application protocol message of mobile management unit through evolution with selected customer side encryption algorithm and the advisory that need not carry out customer side encryption give evolution base station.Evolution base station is notified to subscriber equipment through the decision that Access Layer safe mode command completion message will not carry out encryption on customers.
With reference to figure 4, specify the method that does not carry out encryption on customers according to the embodiment of the invention.As shown in Figure 4, this method specifically may further comprise the steps:
S402, MME selects the customer side encryption algorithm.Upgrade because TA possibly take place when subscriber equipment is the IDLE state, promptly subscriber equipment might be connected to different MME when converting ACTIVE into, and new MME can get access to user's subscription data.If can whether possess the recognition capability that identifies customer side encryption information to new MME is configured; And be configured to discern this information, then change step S404, if new MME does not have this function; Perhaps this functional configuration is then changeed step S408 for can not discern customer side encryption information.
S404, if whether comprise the customer side encryption information that need encrypt user plane in the user contracting data, then MME judges according to this information.If need not encrypt to user plane, then change step S406, if whether do not comprise the customer side encryption information that need encrypt user plane in the subscription data of family, perhaps comprise this information but this information indication needs customer side encryption, then change step S408.
S406, MME is with the customer side encryption algorithm and do not need the information of customer side encryption to pass to eNB together, supplies eNB to select to judge.Then, change step S410.
S408, MME sends to eNB with the customer side encryption algorithm.Then, change step S414.
S410 upgrades because TA possibly take place when subscriber equipment is the IDLE state, and promptly subscriber equipment might be connected to different eNB when converting ACTIVE into, so need the tenability of eNB be rejudged.Be configured and be configured to support that then the eNB decision need not carried out customer side encryption, then changes step S412 if can whether possess the ability that support do not encrypt user plane, otherwise change step S414 eNB.
S412 is not owing to the eNB decision carries out encryption on customers, so eNB sends the message that does not carry out encryption on customers to UE.
S414 is because customer side encryption is carried out in decision, so eNB sends to UE with selected customer side encryption algorithm.
With reference to figure 5, the idiographic flow of the instance of application drawing 3, method shown in Figure 4 is described.As shown in Figure 5, this flow process specifically may further comprise the steps:
S502, UE sends layer 3 message (that is NAS business request information) to eNB.Send UE security capabilities (that is the customer side encryption algorithm list of UE support) simultaneously.
S504, eNB transmits layer 3 message to MME, and sends the security capabilities (that is the customer side encryption algorithm list of eNB support) of eNB simultaneously.
S506 carries out authentication alternatively between UE and the MME.
S508, MME selects best user plane security algorithm according to the security capabilities of UE and eNB.MME according to the customer side encryption information whether needs are encrypted user plane that comprises in the user contracting data judge the user not needs carry out customer side encryption.
S510, MME sends eRANAP message to eNB, comprises the announcement information and the selected customer side encryption algorithm that need not carry out customer side encryption in this message.
S512, eNB have to dispose and self whether possess the tenability that support do not encrypt user plane and be configured to support, so the eNB decision do not carry out encryption on customers, and need not preserve the customer side encryption algorithm that MME selects.
S514, eNB sends the Access Layer Security Mode Command message to UE, comprises the announcement information that does not carry out encryption on customers in this command messages.
S516, UE do not start customer side encryption.
S518, UE replys the Access Layer safe mode command to eNB and accomplishes message.
S520, receive that the Access Layer safe mode command is accomplished message after, eNB does not start customer side encryption.
If can not whether possess the ability that support do not encrypt user plane to eNB is configured; Perhaps eNB possesses this ability and is configured to not support; Then the eNB judgement still need be encrypted user plane, and preserves the customer side encryption algorithm that MME selects, and issues UE then.
If all eNB that operator connects this MME are configured to not have and can dispose self and whether possess the tenability that support is not encrypted user plane, be configured to all perhaps not support that MME need not send selected algorithm of user plane to eNB so.Simultaneously, step S512 can ignore.
If can not whether possess the recognition capability that identifies customer side encryption information to MME is configured; Perhaps MME possesses this ability but is configured to and do not support; Then MME can not discern the information that need not carry out customer side encryption; MME ignores this information, and the flow process that need encrypt user plane of entering.
Need carry out customer side encryption if identified the user in the user contracting data, then no matter whether MME possesses the ability whether the identification user plane need encrypt, and MME judges and need encrypt user plane.The flow process of encrypting is identical with prior art, repeats no more here.
With reference to figure 6, the system that does not carry out encryption on customers according to the embodiment of the invention is described.As shown in Figure 6, this system comprises: first dispensing unit 602, be arranged in mobile management unit, and whether mobile management unit is had the ability of discerning the customer side encryption information in the user contracting data that is added on be configured; Situation judging unit 604; Be arranged in mobile management unit; Be used for mobile management unit being configured to have under the situation of the ability of discerning customer side encryption information at first dispensing unit; Judge whether that according to customer side encryption information needs carry out customer side encryption, and the advisory that will need not carry out customer side encryption is given evolution base station; And second dispensing unit 606; Be arranged in evolution base station; Being used for whether evolution base station had supports the ability do not carry out encryption on customers to be configured; And under the situation that evolution base station is configured to have the ability of supporting not carry out encryption on customers, decision does not carry out encryption on customers, and the decision that will not carry out encryption on customers is notified to subscriber equipment.
Wherein, need not carry out under the situation of customer side encryption, second dispensing unit is not preserved the customer side encryption algorithm that mobile management unit is selected.Do not have at evolution base station under the situation of the ability of supporting not carry out encryption on customers, second dispensing unit decision carrying out customer side encryption, and the customer side encryption algorithm that mobile management unit is selected notified to subscriber equipment.
Wherein, the situation judging unit advisory that will need not carry out customer side encryption through the wireless access network application protocol message of evolution is given evolution base station.Second dispensing unit is notified to subscriber equipment through the decision that Access Layer safe mode command completion message will not carry out encryption on customers.
As shown in Figure 7, except MME prior function and functional module, also increased function or functional module newly according to MME of the present invention, this function or functional module can be configured MME whether to possess the recognition capability that identifies the customer side encryption indication information.
As shown in Figure 8, except eNB prior function and functional module, also increased function or functional module newly according to eNB of the present invention, this function or functional module can be configured eNB whether to possess the ability that support is not encrypted user plane.
Through the present invention, can carry out that certain customers are not carried out encryption on customers according to user's selection, thereby can reduce the processing load of evolved packet system functional entity eNB.In addition, through the present invention, operator can offer the user who needs as a kind of business with customer side encryption, thereby can enrich the service selection of operator.
Simultaneously, as a kind of optional method that offers some network, the present invention is lower to the influence of the equipment disposition of existing network and flow process, and can not influence the use to prior art of the network that do not need this method.
The above is merely embodiments of the invention, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.All within spirit of the present invention and principle, any modification of being done, be equal to replacement, improvement etc., all should be included within the claim scope of the present invention.
Claims (9)
1. a method that does not carry out encryption on customers is characterized in that, may further comprise the steps:
S302, when the mobility of user equipment state became activation from the free time, mobile management unit was judged himself whether having the ability of discerning the customer side encryption information in the user contracting data that is added on;
S304; If judged result is for being; Then judge that according to said customer side encryption information needs do not carry out under the situation of customer side encryption at said mobile management unit, said mobile management unit is given evolution base station with selected customer side encryption algorithm and the said advisory that need not carry out customer side encryption; And
S306; Whether said evolution base station supports the ability that does not carry out encryption on customers to judge to himself having; And be that decision does not carry out encryption on customers under the situation that is in judged result, and the decision that will not carry out encryption on customers is notified to said subscriber equipment.
2. method according to claim 1 is characterized in that, said evolution base station is not preserved the selected customer side encryption algorithm of said mobile management unit.
3. method according to claim 1; It is characterized in that; Do not have at said evolution base station under the situation of the ability of supporting not carry out encryption on customers; Customer side encryption is carried out in said evolution base station decision, and the selected customer side encryption algorithm of said mobile management unit is notified to said subscriber equipment.
4. method according to claim 1; It is characterized in that said mobile management unit is given said evolution base station through the wireless access network application protocol message of evolution with selected customer side encryption algorithm and the said advisory that need not carry out customer side encryption.
5. method according to claim 4 is characterized in that, said evolution base station is accomplished message through the Access Layer safe mode command the said decision that does not carry out encryption on customers is notified to said subscriber equipment.
6. a system that does not carry out encryption on customers is characterized in that, comprising:
First dispensing unit is arranged in mobile management unit, is used for whether said mobile management unit is had the ability of discerning the customer side encryption information that is added on user contracting data and is configured;
The situation judging unit; Be arranged in said mobile management unit; Be used for said mobile management unit being configured to have under the situation of the ability of discerning said customer side encryption information at said first dispensing unit; Judge whether that according to said customer side encryption information needs carry out customer side encryption, and the advisory that will need not carry out customer side encryption is given evolution base station; And
Second dispensing unit; Be arranged in said evolution base station; Be used for whether said evolution base station had and support the ability do not carry out encryption on customers to be configured, and under the situation that said evolution base station is configured to have the ability of supporting not carry out encryption on customers, decision does not carry out encryption on customers; And the decision that will not carry out encryption on customers is notified to subscriber equipment; Wherein, need not carry out under the situation of customer side encryption, said second dispensing unit is not preserved the customer side encryption algorithm that said mobile management unit is selected.
7. system according to claim 6; It is characterized in that; Do not have at said evolution base station under the situation of the ability of supporting not carry out encryption on customers; Said second dispensing unit determines to carry out customer side encryption, and the customer side encryption algorithm that said mobile management unit is selected is notified to said subscriber equipment.
8. system according to claim 7 is characterized in that, said situation judging unit is given said evolution base station through the wireless access network application protocol message of evolution with the said advisory that need not carry out customer side encryption.
9. system according to claim 8 is characterized in that, said second dispensing unit is accomplished message through the Access Layer safe mode command the said decision that does not carry out encryption on customers is notified to said subscriber equipment.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2007101626031A CN101128066B (en) | 2007-09-27 | 2007-09-27 | Method and system without user interface encryption |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2007101626031A CN101128066B (en) | 2007-09-27 | 2007-09-27 | Method and system without user interface encryption |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101128066A CN101128066A (en) | 2008-02-20 |
CN101128066B true CN101128066B (en) | 2012-07-18 |
Family
ID=39095942
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2007101626031A Expired - Fee Related CN101128066B (en) | 2007-09-27 | 2007-09-27 | Method and system without user interface encryption |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101128066B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018167307A1 (en) * | 2017-03-17 | 2018-09-20 | Telefonaktiebolaget Lm Ericsson (Publ) | Security solution for switching on and off security for up data between ue and ran in 5g |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101155424B (en) * | 2007-09-28 | 2012-07-04 | 中兴通讯股份有限公司 | Method for not executing user face encryption |
CN101534506B (en) * | 2008-03-14 | 2012-09-05 | 中兴通讯股份有限公司 | Method for indicating base station security information |
CN102781000B (en) * | 2010-06-12 | 2014-08-20 | 华为技术有限公司 | Method, base station, mobile management entity and system for executing service processing |
CN103686704B (en) * | 2012-09-19 | 2017-02-15 | 华为技术有限公司 | Method and device for communication between terminal and network side |
RU2761445C2 (en) | 2017-01-30 | 2021-12-08 | Телефонактиеболагет Лм Эрикссон (Пабл) | Methods for user plane data integrity protection |
CN107396366B (en) * | 2017-07-24 | 2020-07-03 | 北京小米移动软件有限公司 | Method, device and system for negotiating encryption mode |
WO2019174015A1 (en) | 2018-03-15 | 2019-09-19 | Oppo广东移动通信有限公司 | Data processing method, access network device, and core network device |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1764108A (en) * | 2004-10-22 | 2006-04-26 | 华为技术有限公司 | Method for controlling start of encryption process |
CN101094531A (en) * | 2007-07-24 | 2007-12-26 | 中兴通讯股份有限公司 | Decision method of not carrying out encryption on customers |
-
2007
- 2007-09-27 CN CN2007101626031A patent/CN101128066B/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1764108A (en) * | 2004-10-22 | 2006-04-26 | 华为技术有限公司 | Method for controlling start of encryption process |
CN101094531A (en) * | 2007-07-24 | 2007-12-26 | 中兴通讯股份有限公司 | Decision method of not carrying out encryption on customers |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018167307A1 (en) * | 2017-03-17 | 2018-09-20 | Telefonaktiebolaget Lm Ericsson (Publ) | Security solution for switching on and off security for up data between ue and ran in 5g |
CN110447252A (en) * | 2017-03-17 | 2019-11-12 | 瑞典爱立信有限公司 | For opening and closing the security solution of the UP data safety between UE and RAN in 5G |
CN110447252B (en) * | 2017-03-17 | 2022-12-06 | 瑞典爱立信有限公司 | Method and apparatus for turning on and off UP data security between UE and RAN in 5G |
Also Published As
Publication number | Publication date |
---|---|
CN101128066A (en) | 2008-02-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101128066B (en) | Method and system without user interface encryption | |
CN102883320B (en) | WiFi method for authenticating and its system | |
CN115278658A (en) | Method for integrity protection of user plane data | |
CN101720119B (en) | Method and system for realizing PDN connecting selection | |
CN109618335A (en) | A kind of communication means and relevant apparatus | |
CN101883346A (en) | Safe consultation method and device based on emergency call | |
US20230020344A1 (en) | Device interaction method and core network device | |
JP2012511268A (en) | Terminal device, method and apparatus for setting terminal device | |
CN101128061B (en) | Method and system for mobile management unit, evolving base station and identifying whether UI is encrypted | |
WO2003056851A1 (en) | A method for determining encryption algorithm of secret communication based on mobile country codes | |
CN101925050B (en) | Generation method and device of security context | |
CN101242630A (en) | Method, device and network system for secure algorithm negotiation | |
JP2010016834A (en) | Filtering method | |
CN104521285A (en) | Mobile station, network apparatus and mobile communication method | |
CN101330425B (en) | Method for establishing tunnel from SGSN to service gateway | |
KR20140125785A (en) | Method and apparatus for efficient security management of disaster message in mobile communication system | |
CN101388811B (en) | Access control method based on radio access network | |
CN101835155A (en) | Method and system for accessing terminal to fusion network | |
CN100486347C (en) | Method for providing safety value-added service to mobile communication network | |
JP2015517747A (en) | Authentication method, apparatus and system for mobile device | |
CN101094531A (en) | Decision method of not carrying out encryption on customers | |
CN102858026B (en) | A kind of method of triggering ad-hoc location terminal, system and terminal | |
JP6167229B2 (en) | Method for selecting air interface security algorithm in wireless communication system and MME | |
CN101155424B (en) | Method for not executing user face encryption | |
KR101809239B1 (en) | Apn changing apparatus and method, wireless terminal for apn change and record medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120718 Termination date: 20190927 |
|
CF01 | Termination of patent right due to non-payment of annual fee |