CN101188492B - System and method for realizing secure service - Google Patents
System and method for realizing secure service Download PDFInfo
- Publication number
- CN101188492B CN101188492B CN200610145807XA CN200610145807A CN101188492B CN 101188492 B CN101188492 B CN 101188492B CN 200610145807X A CN200610145807X A CN 200610145807XA CN 200610145807 A CN200610145807 A CN 200610145807A CN 101188492 B CN101188492 B CN 101188492B
- Authority
- CN
- China
- Prior art keywords
- security
- calling terminal
- called end
- safety service
- policy server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a safe business realization system and a method, which relates to the field of communication and information security. The invention can realize the user-defined security level according to the demand of current used business for safety. The system consists of a calling end, a called end, a kernel network, a security gateway and a security strategy server. The method includes the allocation of security grades, and the security grades are stored on the strategy server; the download of security grade configuration relationship; the security grade negotiation is carried between the calling end and the called end, and the result of the security grade negotiation is sent to the security gateway of the called end; the security gateway of the called end carries on the security grade negotiation with the called end; security algorithm is transferred and executed, and a security communication channel is established. When the security business is ended, the security gateway is formed to end the security business. The invention can do the user-defined security grade according to the demand of the current used business for security.
Description
Technical field
The present invention relates to communication and information security field, relate in particular to a kind of system and method for realizing safety service.
Background technology
Along with the increase of network capacity, various new business develop thereupon.The scope of business not only is confined to the speech business between traditional terminal, but terminal participates in the multi-medium data business of information interaction in many ways.Day by day Feng Fu application need has enough safety guarantee.Yet not all information all needs same other safety guarantee of level.When using certain professional, different application scene user is to the requirement difference of safe class.If with business and secure binding, at any time the section, a kind of business can only provide the safety guarantee of specific grade.Therefore be necessary at different business that the professional different time sections of using provides the safety guarantee service of different brackets.On various security protocols basis, grade classification is carried out in the safety guarantee service that security protocol can provide, allow the user according to the service application needs, use the safety guarantee service of different brackets.
For the user, the user wishes to obtain in real time the safety guarantee of highest ranking; For operator, the realization of safety guarantee need increase investment on network.Any time is used high-intensity safety guarantee of the same race, serious waste resource.Especially to multimedia service, if each user, any time is all used high-grade safety guarantee, and server moves under the high capacity environment, may cause network paralysis.Operator provides safety guarantee, need increase investment on network.Operator ought to obtain profit from these investments.So, be necessary the safety service of different brackets is made value-added service.Operator rationally charges according to the grade of the safety service that the user selects.
Safety will be offered the user as a kind of business,, be difficult to support secure resources with the application server equal number because computing capability, the internal memory of most of terminals is limited.They can only be according to range of application and the characteristics of self, support limited secure resources, negotiate the common best security algorithm of supporting of security performance of both sides under the given level so can only consult (satisfying Lawful Interception) by hop-by-hop ground safe class between calling terminal and the terminal called.By calling these security algorithms, both sides set up security association.On behalf of operator, negotiation result offer the safety guarantee ground grade that the user uses, so can be with the rates ground of negotiation result as value-added safety service.
15 kinds of cryptographic algorithm in the 3G system, have been reserved, 16 kinds of integral algorithms.The 3G system can also negotiate the key of different length.So, value-added safety service can be introduced 3G system kind.15 kinds of security algorithms, 16 kinds of integral algorithms and key length are divided into the grade of varying strength, and the resource difference of every kind of security intensity consumption network is collected different expenses to the user.
Summary of the invention
For overcoming defective of the prior art and deficiency, the object of the present invention is to provide a kind of system and method for realizing safety service, the user can be according to the business of the current use demand to safety, defined security level.
To achieve the above object of the invention, the present invention is by the following technical solutions:
Realize the system of safety service, comprise
Calling terminal is used to initiate safety service; Called end is used to receive safety service; Core net is used for being responsible for handling communicating by letter of calling terminal and called end; Security gateway comprises calling terminal security gateway and called end security gateway, is used for the connection of two heterogeneous networks, and by with the negotiation to establish safety communication channel of calling terminal, called end; Security Policy Server is used for to calling terminal, called end and security gateway distribution, upgrades the safe class configuration relation, and the charge information of collecting converted to the metering data of format match;
Wherein, calling terminal links to each other with the calling terminal security gateway; Calling terminal security gateway one end links to each other with core net, and an end links to each other with Security Policy Server; Called end security gateway one end links to each other with core net, and an end links to each other with called end; The called end security gateway links to each other with Security Policy Server.
Wherein, described system also comprises charge system, is used for chargeing according to the metering data that Security Policy Server provides, and wherein, charge system links to each other with Security Policy Server.
Wherein, core net is mobile network, fixed network, internet and combination thereof; Calling terminal and called end are portable terminal, fixed network terminal, internet terminal, other communication terminal or application server.
Realize the method for safety service, comprising:
(1) is stored on the Security Policy Server according to the demand configuration safe class of current business, and with this safe class configuration relation to safety;
(2) if safety service is provided first, then download the safe class configuration relation from Security Policy Server by security gateway; If business safe in utilization first, then calling terminal, called end are downloaded the safe class configuration relation from Security Policy Server;
(3) calling terminal is selected safe class, and carries out safe class with the calling terminal security gateway and consult, and the safe class negotiation result is sent to the called end security gateway;
(4) called end security gateway and called end carry out the safe class negotiation;
(5) calling terminal is according to the result of calling terminal and calling terminal security gateway and called end security gateway and the negotiation of called end safe class, call and carry out security algorithm, set up secure communication channel, and when termination of security is professional, notice security gateway termination of security business.
Wherein, wherein, described step also comprises after (3):
(31) calling terminal sends to Security Policy Server with the safe class negotiation result;
Wherein, described step (4) is specially: the called end security gateway carries out safe class according to safe class that is not less than the calling terminal selection and called end to be consulted.
Wherein, comprise after the described step (4):
(41) the called end security gateway passes to Security Policy Server with the safe class negotiation result.
Wherein, comprise after the described step (41):
(441) Security Policy Server is according to the availability of account information in the user account of charge system transmission and present secure resources, judge whether safety service is available, if but the safety service time spent, Security Policy Server licenses to calling terminal with secure resources and uses, and forwards step (5) to; When if safety service is unavailable, Security Policy Server is forced to regain secure resources, and informs that the calling terminal safety service is unavailable.
Wherein, described step (5) comprising:
(5A) calling terminal is according to the result of calling terminal and calling terminal security gateway and called end security gateway and the negotiation of called end safe class, call and carry out security algorithm, set up secure communication channel, by Security Policy Server the charge information of collecting is carried out format conversion, and the metering data of format match is sent to charge system;
(5B) when termination of security is professional, notice security gateway termination of security business is chargeed and is finished.
Wherein, also comprise after the described step (5A):
(5A1) execution in step (441): Security Policy Server is according to the availability of account information in the user account of charge system transmission and present secure resources, judge whether safety service is available, but if the safety service time spent, Security Policy Server licenses to calling terminal with secure resources and uses, and forwards step (5) to; When if safety service is unavailable, Security Policy Server is forced to regain secure resources, and informs that the calling terminal safety service is unavailable.
Compared with prior art, each functional entity logical construct model of safety service of the present invention's proposition adapts to and the various scenes of diverse network.Has extensive applicability.The user can be according to the business of the current use demand to safety, defined security level.Realize that the user has the right of defined security level.And the hop-by-hop segmentation carries out safe class and consults, and satisfies the Lawful Interception requirement.To be applied to the transmittability of mobile network Access Network and core net different with computing capability when safety service simultaneously, and segmentation is consulted to give full play to each section networking characteristics, avoids producing bottleneck.Safety offers the user as a kind of independently business, and security service has flexibility, and operator also can obtain profit from the safety guarantee service that provides.
Description of drawings
Fig. 1 is the safety service tectonic model;
Fig. 2 is the safety service application flow;
Fig. 3 is a safety service tectonic model between the portable terminal of mobile network IMS territory;
Fig. 4 is that calling terminal is to the Internet terminal called safety service tectonic model;
Fig. 5 is that calling terminal arrives PSTN net terminal called safety service tectonic model;
Fig. 6 is that calling terminal arrives application server safety service tectonic model.
Embodiment
The present invention is described further below in conjunction with the drawings and specific embodiments.
Fig. 1 is the safety service tectonic model, comprises calling terminal, called end, security gateway, Security Policy Server, charge system.
Calling terminal links to each other with the calling terminal security gateway, initiates new safety service.Called end links to each other with the called end security gateway, the safety service that the receipt of call end is initiated.Security gateway is divided into two kinds of called end security gateway and calling terminal security gateways, connect two networks that upper-layer protocol is different, the communications protocol of conversion heterogeneous networks is consulted with terminal equipment, set up the safety communication channel of this network segment, it links to each other with Security Policy Server respectively.Security Policy Server links to each other with security gateway, collecting charging information, the metering data that produces format match, conversion rate, control value-added safety service use, the configuration safe class is upgraded the safe class configuration at special time, and the safe class of upgrading is passed to terminal and security gateway.Charge system links to each other with Security Policy Server, collects the metering data of format match, and the safety service that the user uses is chargeed.
Fig. 2 is the application flow of safety service.Mobile communication system provides the basic step of safety increase output service as follows to the user:
(1) configuration safe class;
Operator is divided into some grades according to the demand of current business to safety with safety, as: high, medium and low and expansion generates the safe class configuration relation.Every kind of safe class provides the safety guarantee of different stage.Along with the variation of business to demand for security, operator upgrades this relation.Operator is stored in this relation on the strategic server.
(2) download the security configuration relation;
For the user provides safety service, security gateway is downloaded the safe class configuration relation from strategic server first.User's business safe in utilization first, calling terminal, called end are downloaded the safe class configuration relation from strategic server.In the business procedure safe in utilization, calling terminal, called end, security gateway upgrade this relation as required.
When the user brings into use safety service:
(3) user formulates safe class;
Professional different, the professional application scenarios difference that the user uses, the user is to the demand difference of safety, the safe class difference of selection.When user's business safe in utilization, the calling party of business safe in utilization selects a kind of suitable safe class according to the current application scenarios that uses business for calling out portable terminal.By carrying out this step, the user has the right of defined security level.
(4) consult between calling terminal and calling terminal security gateway;
When the user brought into use safety service, calling terminal and calling terminal security gateway carry out safe class to be consulted.Consult by grade, both sides negotiate the security mechanism of common security performance the best of supporting of both sides under the given level.Security mechanism is the general name of safety unit and security algorithm.Consulting the security mechanism purpose is so that set up the safety communication channel in the future.Safety service is divided two kinds of value-added safety service and common safety services.The safe class of selecting as the user belongs to common safety service category and jumps to (6) and carry out.The safe class of selecting as the user belongs to the value-added safety service category, continues to carry out.
(5) safety offers the user as value-added service, and the calling terminal security gateway passes to Security Policy Server with (4) negotiation result;
When the user used value-added safety service, operator need increase investment on mobile network.User's service security grade safe in utilization difference, the Internet resources difference of consumption, operator is also different to the expense that the user collects.So the safe class negotiation result is the foundation that value-added safety service charges.When the user brings into use safety service, the calling terminal security gateway passes to Security Policy Server with calling terminal and calling safety net safe class negotiation result, the Security Policy Server format conversion of chargeing passes to charge system with the metering data of format match.
(6) the calling terminal security gateway passes to the called end security gateway with safe class, and safe class is consulted between calling terminal security gateway and called end security gateway;
The safe class that the calling terminal security gateway is selected the user passes to the called end security gateway in the mode of signaling information.So that called end is set up corresponding secure communication channel.
Be the core net part between calling terminal security gateway and the called end security gateway.Network is to all-IP evolution, and IP network is under attack easily.Can pass through IP attack, steal user data information.Operator pays special attention to the safety of core net.Core net is under attack, will make whole communication system paralysis.In order to protect the safety of core net, operator can not be lower than the safe class that the user orders to the communications protection between two security gateways.
(7) safe class is consulted between called end security gateway and the called end;
The called end security gateway carries out the safe class negotiation according to safe class and the called end that the calling party selects.The called end user does not have the defined security level right.Can only carry out grade according to the safe class that the calling terminal user selects consults.Safety service is divided two kinds of value-added safety service and common safety services.The safe class of selecting as the user belongs to common safety service category and jumps to (11) and carry out.The safe class of selecting as the user belongs to the value-added safety service category, continues to carry out.
(8) the called end security gateway passes to Security Policy Server with (7) negotiation result;
The safe class negotiation is carried out in the hop-by-hop segmentation, satisfies the Lawful Interception requirement.The transmittability of Access Network and core net is different with computing capability simultaneously, and segmentation is consulted to give full play to each section networking characteristics, avoids producing bottleneck.In order to satisfy the charging demand, the called end security gateway passes to Security Policy Server with (7) negotiation result.
(9) judge whether Security Policy Server has controlled function;
Security Policy Server can be controlled the use of value-added safety service, but also can be by the use of other functional entity control value-added safety services, two kinds of situations may occur: (a) Security Policy Server is not controlled the use of value-added safety service, forwards (11) to and carries out.(b) use of Security Policy Server control value-added safety service continues to carry out.
(10) whether Security Policy Server notification gateway safety service is available;
Security Policy Server passes to the account information and the present availability of secure resources of his user account according to charge system, judge whether value-added safety service is available.If available, secure resources is licensed to the user use, carry out according to (11); If unavailable, Security Policy Server is forced to regain secure resources, makes the user can't use value-added safety service, and informs that user's value-added safety service is unavailable.User data will be with the form transmission of the security service of not rising in value.At this moment be necessary further to inquire whether the user continues to use professional.If the user selects "Yes", transmit user data with the form of the security service of not rising in value; If the user selects "No", finish to use professional.
(11) open each section secure communication channel, the safe transfer user data;
Bring into use safety service, the result according to each section negotiation in the past calls security algorithm, carries out these security algorithms, opens secure communication channel.In the business procedure safe in utilization, by each section secure communication channel transmitting user data safely.
(12) the strategic server timing is to the metering data of charge system data format of transfering coupling.
Security Policy Server is at the time point of operator's appointment, and the charge information of collecting these value-added safety services is changed into the metering data of format match, format match ground metering data passed to charge system charge.
(13) judge whether Security Policy Server has controlled function
Security Policy Server has controlled function, forwards (10) to, does not have controlled function and forwards (11) to.
(14) user finishes business safe in utilization
The user operates the calling terminal releasing network resources, calling terminal notification call end security gateway safety service finishes, calling terminal security gateway notice called end security gateway safety service finishes, and called end security gateway notice called end safety service finishes, and called end advise called subscriber safety service finishes.When safety offers the user as value-added service, the user finishes to use value-added safety service, also to increase calling, the end of called end security gateway notice Security Policy Server safety service, Security Policy Server is received this charge information, transform form, the metering data of format match is passed to charge system, and the notice charge system finishes to charge.
Between mobile network's two portable terminals, when providing value-added safety service for mobile network two mobile subscribers, with IMS (IP Multimedia System) subdomain be example according to summary of the invention, introduce the embodiment of invention.Suppose that this moment, safety offered the user as value-added service, Security Policy Server has controlled function.
In the IMS subsystem, mobile device (UE) is connected to IMS by agent call/reply controlled function (P-CSCF) first step.UE and P-CSCF belong to the Access Network part.UE and P-CSCF set up being connected signaling information and user data information encryption and complete preservation between the two by security negotiation mechanism.Other network elements of P-CSCF and network side link to each other by (as: calling of hearing the news/reply controlled function (I-CSCF), service call/reply controlled function (S-CSCF), application server (AS) etc.), and these connections are positioned at core net.Existing IMS subsystem core net safety feature is: provide protection in network layer, use IPsec; Cipher key change is used IKE; The protection of user plane is not provided; Mode based on hop-by-hop.The safeguard protection that core net provides has: data integrity, data source authentication, anti-playback protection, Confidentiality protection, limited anti-traffic analysis are protected.Data integrity and Confidentiality protection are optionally in these protections, select suitable security mechanism by security negotiation.Along with the square exhibition of core net safety, user data information also will be protected in the core net.Protection also will be based on the mode of hop-by-hop, and confidentiality and integrity realizes having washability through consultation.
Value-added safety service is applied among the IMS, consults block meter rate according to Access Network of the present invention, core net segmentation.Find out that from the IMS security framework P-CSCF knows Access Network, core net security negotiation result.Therefore, with the security gateway of P-CSCF, the safe class negotiation result is passed to Security Policy Server by it as value-added safety service.As shown in Figure 3, Security Policy Server links to each other with P-CSCF in the IMS subsystem, collects the safe class negotiation result.Security Policy Server, P-CSCF are positioned at core net, and core net is an all-IP, and the safe class negotiation result signaling information that transmits between them can be protected by IPsec, specifically adopt what security algorithm to protect by operator and determine according to demand for security.Value-added safety service is only protected user's data information.
Value-added safety service is introduced IMS, illustrate its workflow below.Suppose that the user need beat once very important Work Telephone.He wishes to use speech business to use the value-added safety service of high safety grade simultaneously.Need to carry out following steps:
The user selects the value-added safety service of highest ranking from the some kinds of safe classes that mobile phone terminal shows.
According to the high safety grade that the user selects, carry out safe class between calling terminal UE1 and the calling P-CSCF and consult.Negotiate the high-grade middle UE1 of user's appointment and call out the P-CSCF security mechanism (cryptographic algorithm and integral algorithm) of security performance the best of support jointly.
Call out P-CSCF UE1 and calling P-CSCF safe class negotiation result are passed to Security Policy Server.The safe class negotiation result can be safety unit, the concrete security algorithm that negotiates or the combination of these information that safe class, user use.Concrete mode is determined by operator.The high safety grade that the user is selected is as signaling information, by each network element that passes to core net of core net safety.
Suppose that current operator in order to protect core net, is decided to be middle rank with core net safe class lower limit.Because it is high that the active user specifies safe class, greater than the safe class lower limit of operator's appointment.Call out P-CSCF and carry out the safe class negotiation with other network elements (comprising called P-CSCF) the segmentation hop-by-hop that is positioned at calling, called core-network side.Each section negotiates the security mechanism (cryptographic algorithm and integral algorithm) of network element common security performance the best of supporting in each section two under the high safety grade.
Called P-CSCF consults according to safe class signaling information and 2 safe classes of called UE that the user that receives selects, negotiates the security mechanism (cryptographic algorithm and integral algorithm) of called P-CSCF and called UE 2 common security performance the bests of supporting under the high safety grade of user's appointment
Called P-CSCF passes to Security Policy Server with called Access Network negotiation result;
Security Policy Server will be collected the ground charge information and carry out format conversion.The metering data of format match is passed to charge system.Security Policy Server has controlled function, passes to his user's the accounts information and the availability of current safety resource according to charge system and judges whether the user has the right to use the value-added safety service of this grade this moment.If the active user uses the offline charging service, then allow the user to use value-added safety service; If the user selects the online charging service, the remaining sum of charge system inquiring user then.If remaining sum is used the expense of value-added safety service (unit and unit length operator are again determined as required) greater than user's unit length, then notify the Security Policy Server can authorized user resource safe in utilization, otherwise notice Security Policy Server forced termination user use value-added safety service.If the user is authorized to use value-added safety service, then turn to (9) to continue to carry out; Otherwise whether Security Policy Server notice portable terminal under the situation that does not have the safety guarantee service, uses speech business.If the user agrees then do not having to carry out the plaintext conversation under the situation of safeguard protection.If the user disagrees with, this end of conversation.
The user is authorized to use value-added safety service, and when bringing into use value-added safety service, the network element of notice Access Network, each section of core net calls security algorithm (cryptographic algorithm and integral algorithm), opens each section secure communication channel.Use in the value-added safety service process, on this safety communication channel, transmit user data information.
Fixed Time Interval P-CSCF transmits the negotiation result of each section to Security Policy Server, and Security Policy Server is by handling, and the charge system that charge information passes under this user is chargeed.If customer service is intact, forwards (8) Security Policy Server to and judge whether next time interval (gap size is determined by operator) can use value-added safety service.Business is finished, and Security Policy Server notice charge system safety service finishes.
Calling terminal in the safety service can be portable terminal, fixed network terminal or other communication terminal, called end can be portable terminal, fixed network terminal, internet terminal, other communication terminal or application server, and core net can be mobile network, fixed network, internet and their combination.
Wherein comparatively typical several situations have been enumerated among Fig. 4, Fig. 5, Fig. 6.
As shown in Figure 4, between portable terminal and internet terminal, provide safety service, this moment, the called end security gateway was the security gateway of internet interface.
As shown in Figure 5, between portable terminal and PSTN network termination, provide safety service, this moment, the called end security gateway was the security gateway of PSTN interface.
As shown in Figure 6, between portable terminal and application server, provide safety service, this moment, the called end security gateway was the security gateway of internet interface.
Claims (10)
1. realize the system of safety service, it is characterized in that: comprise
Calling terminal is used to initiate safety service; Called end is used to receive safety service; Core net is used for being responsible for handling communicating by letter of calling terminal and called end; Security gateway comprises calling terminal security gateway and called end security gateway, is used for the connection of two heterogeneous networks, and by with the negotiation to establish safety communication channel of calling terminal, called end; Security Policy Server is used for to calling terminal, called end and security gateway distribution, upgrades the safe class configuration relation, and the charge information of collecting converted to the metering data of format match;
Wherein, calling terminal links to each other with the calling terminal security gateway; Calling terminal security gateway one end links to each other with core net, and an end links to each other with Security Policy Server; Called end security gateway one end links to each other with core net, and an end links to each other with called end; The called end security gateway links to each other with Security Policy Server.
2. the system of realization safety service according to claim 1 is characterized in that: described system also comprises charge system, is used for chargeing according to the metering data that Security Policy Server provides, and wherein, charge system links to each other with Security Policy Server.
3. the system of realization safety service according to claim 1 and 2 is characterized in that: core net is mobile network, fixed network, internet and combination thereof; Calling terminal and called end are portable terminal, fixed network terminal, internet terminal, other communication terminal or application server.
4. realize the method for safety service, it is characterized in that: comprising:
(1) is stored on the Security Policy Server according to the demand configuration safe class of current business, and with this safe class configuration relation to safety;
(2) if safety service is provided first, then download the safe class configuration relation from Security Policy Server by security gateway; If business safe in utilization first, then calling terminal, called end are downloaded the safe class configuration relation from Security Policy Server;
(3) calling terminal is selected safe class, and carries out safe class with the calling terminal security gateway and consult, and the safe class negotiation result is sent to the called end security gateway;
(4) called end security gateway and called end carry out the safe class negotiation;
(5) calling terminal is according to the result of calling terminal and calling terminal security gateway and called end security gateway and the negotiation of called end safe class, call and carry out security algorithm, set up secure communication channel, and when termination of security is professional, notice security gateway termination of security business.
5. the method for realization safety service according to claim 4 is characterized in that: described step also comprises after (3):
(31) calling terminal sends to Security Policy Server with the safe class negotiation result.
6. the method for realization safety service according to claim 4 is characterized in that: described step (4) is specially: the called end security gateway carries out safe class according to safe class that is not less than the calling terminal selection and called end to be consulted.
7. the method for realization safety service according to claim 6 is characterized in that: described step comprises after (4):
(41) the called end security gateway passes to Security Policy Server with the safe class negotiation result.
8. the method for realization safety service according to claim 7 is characterized in that: described step comprises after (41):
(441) Security Policy Server is according to the availability of account information in the user account of charge system transmission and present secure resources, judge whether safety service is available, if but the safety service time spent, Security Policy Server licenses to calling terminal with secure resources and uses, and forwards step (5) to; When if safety service is unavailable, Security Policy Server is forced to regain secure resources, and informs that the calling terminal safety service is unavailable.
9. the method for realization safety service according to claim 4 is characterized in that: described step (5) comprising:
(5A) calling terminal is according to the result of calling terminal and calling terminal security gateway and called end security gateway and the negotiation of called end safe class, call and carry out security algorithm, set up secure communication channel, by Security Policy Server the charge information of collecting is carried out format conversion, and the metering data of format match is sent to charge system;
(5B) when termination of security is professional, notice security gateway termination of security business is chargeed and is finished.
10. the method for realization safety service according to claim 9 is characterized in that: also comprise after the described step (5A):
(5A1) execution in step (441): Security Policy Server is according to the availability of account information in the user account of charge system transmission and present secure resources, judge whether safety service is available, but if the safety service time spent, Security Policy Server licenses to calling terminal with secure resources and uses, and forwards step (5) to; When if safety service is unavailable, Security Policy Server is forced to regain secure resources, and informs that the calling terminal safety service is unavailable.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610145807XA CN101188492B (en) | 2006-11-17 | 2006-11-17 | System and method for realizing secure service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610145807XA CN101188492B (en) | 2006-11-17 | 2006-11-17 | System and method for realizing secure service |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101188492A CN101188492A (en) | 2008-05-28 |
| CN101188492B true CN101188492B (en) | 2010-08-18 |
Family
ID=39480697
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200610145807XA Active CN101188492B (en) | 2006-11-17 | 2006-11-17 | System and method for realizing secure service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101188492B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110574406A (en) * | 2017-05-06 | 2019-12-13 | 华为技术有限公司 | Key configuration method, device and system |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101729531B (en) * | 2009-03-16 | 2016-04-13 | 中兴通讯股份有限公司 | Network security policy distribution method, Apparatus and system |
| CN101895882A (en) * | 2009-05-21 | 2010-11-24 | 中兴通讯股份有限公司 | Data transmission method, system and device in WiMAX system |
| CN103368983B (en) * | 2012-03-27 | 2019-02-19 | 中兴通讯股份有限公司 | Demand for security querying method, feedback method and device |
| WO2018000867A1 (en) * | 2016-07-01 | 2018-01-04 | 华为技术有限公司 | Method and apparatus for configuring key and determining security policy |
| CN107566115B (en) * | 2016-07-01 | 2022-01-14 | 华为技术有限公司 | Secret key configuration and security policy determination method and device |
| CN108400897B (en) * | 2018-05-04 | 2020-01-14 | 新华三大数据技术有限公司 | Network security configuration method and device |
| CN109462605B (en) * | 2018-12-17 | 2021-07-30 | 北京邮电大学 | IM communication system and communication method thereof |
| CN110213225A (en) * | 2019-04-22 | 2019-09-06 | 重庆金融资产交易所有限责任公司 | Gateway configuration method, device and computer equipment based on data analysis |
| CN110290151B (en) * | 2019-07-16 | 2021-10-08 | 迈普通信技术股份有限公司 | Message sending method and device and readable storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1529531A (en) * | 2003-10-17 | 2004-09-15 | ����ͨѶ�ɷ�����˾ | Method for accessing safety gate-link for mobile user |
| CN1773904A (en) * | 2004-11-08 | 2006-05-17 | 中兴通讯股份有限公司 | Universal safety grade consulting method |
-
2006
- 2006-11-17 CN CN200610145807XA patent/CN101188492B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1529531A (en) * | 2003-10-17 | 2004-09-15 | ����ͨѶ�ɷ�����˾ | Method for accessing safety gate-link for mobile user |
| CN1773904A (en) * | 2004-11-08 | 2006-05-17 | 中兴通讯股份有限公司 | Universal safety grade consulting method |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110574406A (en) * | 2017-05-06 | 2019-12-13 | 华为技术有限公司 | Key configuration method, device and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101188492A (en) | 2008-05-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101188492B (en) | System and method for realizing secure service | |
| Praveen et al. | Blockchain for 5G: A prelude to future telecommunication | |
| KR100747756B1 (en) | Peer-to-peer telephone system | |
| CN110140380A (en) | The opening access point of urgent call | |
| US8977240B2 (en) | Method for the control and evaluation of a message traffic of a communication unit by means of a first network unit within a mobile radio system, pertaining communication unit and first network unit | |
| CN112449316B (en) | Roaming charging processing method, device and system | |
| US8631165B2 (en) | Communications network with smart card | |
| CN102106133B (en) | For with the Lawful intercept of the 2G/3G equipment of the grouping system interworking of evolution | |
| CN101213789A (en) | Technique for negotiating on behalf of a mobile ambient network within a multi-operator wireless communication system | |
| CN100505759C (en) | Non peer-to-peer entity safety grade arranging method | |
| WO2001052501A2 (en) | Method and apparatus for global roaming | |
| CN104093175A (en) | Method for managing potential or actual handover and management integrated access device | |
| CN102577449B (en) | Method, device and system for activation and deactivation of priority service | |
| EP1681796A1 (en) | Wireless local area network prepaid billing system and method | |
| CN100561929C (en) | The wide band post-paid service implementation method | |
| CN101867615A (en) | Method for providing software mobile phone service on Internet | |
| CN101193432B (en) | Method and system for realizing mobile value-added secure service | |
| JP2020529754A (en) | UE adapted to send service validation messages | |
| CN100571461C (en) | Communication system | |
| CN101018238A (en) | User identification system, registration, service and route configuration method | |
| CN114286303B (en) | Satellite terrestrial space roaming charging method, system and storage medium | |
| CN102958055B (en) | A kind of discrimination method of illegal callback service and system | |
| CN102185866A (en) | Internet protocol (IP) telephone network-based trust model construction method | |
| CN101835130A (en) | System and method for authenticating and authorizing Internet communication through mobile communication network | |
| CN100574209C (en) | A kind of System and method for of realizing mobile value-added safety service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |