CN109314638A - 密钥配置及安全策略确定方法、装置 - Google Patents

密钥配置及安全策略确定方法、装置 Download PDF

Info

Publication number
CN109314638A
CN109314638A CN201780030820.7A CN201780030820A CN109314638A CN 109314638 A CN109314638 A CN 109314638A CN 201780030820 A CN201780030820 A CN 201780030820A CN 109314638 A CN109314638 A CN 109314638A
Authority
CN
China
Prior art keywords
security
demand
user equipment
key
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201780030820.7A
Other languages
English (en)
Other versions
CN109314638B (zh
Inventor
张博
吴�荣
甘露
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from PCT/CN2017/078312 external-priority patent/WO2018000867A1/zh
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN109314638A publication Critical patent/CN109314638A/zh
Application granted granted Critical
Publication of CN109314638B publication Critical patent/CN109314638B/zh
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/37Managing security policies for mobile devices or for controlling mobile applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0433Key management protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/02Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
    • H04W8/08Mobility data transfer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本申请提供了一种密钥配置方法,会话管理网元接收端到端的通信的请求并获取安全策略,所述安全策略依据归属用户服务器中预置的所述用户设备的用户安全需求、来自所述用户设备的业务安全需求、所述用户设备支持的安全能力需求、来自运营商网络的安全能力需求和所述端到端的通信的另一端设备的安全需求的至少一种确定。会话管理网元获取用于对所述端到端的通信进行保护的保护密钥,所述保护密钥依据所述安全策略以及所述用户设备与所述运营商网络之间的共享密钥确定。会话管理网元向端到端的通信的两端的设备发送安全策略和/或保护密钥。可以看出,会话管理网元能够为端到端通信的两端设备配置会话保护密钥,从而提高端到端通信的安全性。

Description

PCT国内申请,说明书已公开。

Claims (112)

  1. PCT国内申请,权利要求书已公开。
CN201780030820.7A 2016-07-01 2017-05-05 密钥配置及安全策略确定方法、装置 Expired - Fee Related CN109314638B (zh)

Applications Claiming Priority (9)

Application Number Priority Date Filing Date Title
CN201610511486 2016-07-01
CN2016105114864 2016-07-01
CN201610592312 2016-07-25
CN2016105923125 2016-07-25
CN201710060318.2A CN107566115B (zh) 2016-07-01 2017-01-24 密钥配置及安全策略确定方法、装置
CN2017100603182 2017-01-24
CNPCT/CN2017/078312 2017-03-27
PCT/CN2017/078312 WO2018000867A1 (zh) 2016-07-01 2017-03-27 密钥配置及安全策略确定方法、装置
PCT/CN2017/083265 WO2018000936A1 (zh) 2016-07-01 2017-05-05 密钥配置及安全策略确定方法、装置

Publications (2)

Publication Number Publication Date
CN109314638A true CN109314638A (zh) 2019-02-05
CN109314638B CN109314638B (zh) 2022-01-14

Family

ID=60972853

Family Applications (4)

Application Number Title Priority Date Filing Date
CN201710060318.2A Active CN107566115B (zh) 2016-07-01 2017-01-24 密钥配置及安全策略确定方法、装置
CN201811498435.8A Active CN109560929B (zh) 2016-07-01 2017-01-24 密钥配置及安全策略确定方法、装置
CN202210043431.0A Pending CN114285570A (zh) 2016-07-01 2017-01-24 密钥配置及安全策略确定方法、装置
CN201780030820.7A Expired - Fee Related CN109314638B (zh) 2016-07-01 2017-05-05 密钥配置及安全策略确定方法、装置

Family Applications Before (3)

Application Number Title Priority Date Filing Date
CN201710060318.2A Active CN107566115B (zh) 2016-07-01 2017-01-24 密钥配置及安全策略确定方法、装置
CN201811498435.8A Active CN109560929B (zh) 2016-07-01 2017-01-24 密钥配置及安全策略确定方法、装置
CN202210043431.0A Pending CN114285570A (zh) 2016-07-01 2017-01-24 密钥配置及安全策略确定方法、装置

Country Status (7)

Country Link
US (2) US11057775B2 (zh)
EP (2) EP3481000B1 (zh)
JP (1) JP6737910B2 (zh)
KR (1) KR102144303B1 (zh)
CN (4) CN107566115B (zh)
BR (1) BR112018077338A2 (zh)
RU (1) RU2719447C1 (zh)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110971426A (zh) * 2019-12-05 2020-04-07 深圳前海达闼云端智能科技有限公司 一种构建群会话的方法、客户端及可存储介质

Families Citing this family (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107566115B (zh) * 2016-07-01 2022-01-14 华为技术有限公司 密钥配置及安全策略确定方法、装置
CN107820234B (zh) * 2016-09-14 2021-02-23 华为技术有限公司 一种网络漫游保护方法、相关设备及系统
WO2018201506A1 (zh) 2017-05-05 2018-11-08 华为技术有限公司 一种通信方法及相关装置
US11039497B2 (en) * 2017-09-18 2021-06-15 Qualcomm Incorporated User plane based small data service
CN110048873A (zh) * 2018-01-16 2019-07-23 华为技术有限公司 多锚点协议数据单元会话的策略控制的方法和通信装置
CN110167081B (zh) * 2018-02-13 2022-07-26 中兴通讯股份有限公司 认证方法及装置、消息处理方法及装置、存储介质
CN110366178A (zh) * 2018-04-04 2019-10-22 中兴通讯股份有限公司 一种认证方法及网元
CN110366159B (zh) * 2018-04-09 2022-05-17 华为技术有限公司 一种获取安全策略的方法及设备
CN110461015B (zh) * 2018-05-07 2021-11-19 中国移动通信有限公司研究院 一种进行网络切换的方法及设备
CN110636032A (zh) * 2018-06-21 2019-12-31 咪付(广西)网络技术有限公司 一种安全策略版本的生成方法
CN110650168B (zh) * 2018-06-27 2021-09-14 华为技术有限公司 一种通信方法及其装置
CN108882233B (zh) * 2018-07-17 2021-05-25 中国联合网络通信集团有限公司 一种imsi的加密方法、核心网和用户终端
CN110831243B (zh) * 2018-08-13 2021-10-01 华为技术有限公司 一种用户面安全策略实现方法、装置及系统
CN110891269B (zh) * 2018-09-10 2022-04-05 华为技术有限公司 一种数据保护方法、设备及系统
CN110891271B (zh) * 2018-09-10 2021-06-11 大唐移动通信设备有限公司 一种鉴权方法及装置
CN110943964B (zh) * 2018-09-21 2022-07-22 华为技术有限公司 数据校验方法、装置及存储介质
CN111491394B (zh) * 2019-01-27 2022-06-14 华为技术有限公司 用户面安全保护的方法和装置
CN111757312A (zh) * 2019-03-29 2020-10-09 华为技术有限公司 一种会话的处理方法及装置
CN111865872B (zh) * 2019-04-26 2021-08-27 大唐移动通信设备有限公司 一种网络切片内终端安全策略实现方法及设备
CN112399412B (zh) 2019-08-19 2023-03-21 阿里巴巴集团控股有限公司 会话建立的方法及装置、通信系统
CN112492584B (zh) * 2019-08-23 2022-07-22 华为技术有限公司 终端设备和用户面网元之间的安全通信方法、装置及系统
US11671824B2 (en) * 2019-08-26 2023-06-06 Qualcomm Incorporated 5G broadcast/multicast security key refresh
EP3836506A1 (en) * 2019-12-09 2021-06-16 Orange Providing cybersecurity services by a network and automated provisioning thereof
CN113055535B (zh) * 2019-12-26 2022-06-24 中国电信股份有限公司 用于生成5g端到端话单的方法和系统
CN113365243B (zh) * 2020-03-05 2023-10-20 华为技术有限公司 通信方法、装置、设备及系统
CN113543127B (zh) * 2020-03-31 2023-02-17 大唐移动通信设备有限公司 一种密钥生成方法、装置、设备及计算机可读存储介质
CN112788594B (zh) * 2020-06-03 2023-06-27 中兴通讯股份有限公司 数据传输方法、装置和系统、电子设备、存储介质
CN112838925B (zh) * 2020-06-03 2023-04-18 中兴通讯股份有限公司 数据传输方法、装置和系统、电子设备、存储介质
CN113455034B (zh) * 2020-07-30 2022-06-10 华为技术有限公司 一种通信方法及装置
US20230069923A1 (en) * 2021-09-03 2023-03-09 Qualcomm Incorporated Multiplexing secure physical uplink channels
WO2024111698A1 (ko) * 2022-11-23 2024-05-30 삼성전자 주식회사 무선 통신 시스템에서 보안 강도를 이용한 보안 설정 방법 및 장치
CN118101336B (zh) * 2024-04-22 2024-06-21 中用科技有限公司 一种工业物联网的安全通信控制系统及方法

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1773903A (zh) * 2004-11-08 2006-05-17 中兴通讯股份有限公司 通用安全策略构造方法
CN101174946A (zh) * 2006-10-30 2008-05-07 株式会社日立制作所 内容发送装置、内容接收装置和内容加密方法
CN101242629A (zh) * 2007-02-05 2008-08-13 华为技术有限公司 选择用户面算法的方法、系统和设备
WO2009057730A2 (en) * 2007-10-31 2009-05-07 Nec Corporation System and method for selection of security algorithms
CN101483860A (zh) * 2009-01-23 2009-07-15 清华大学 Ims网络中基于sip安全策略等级的协商控制方法
US20100235620A1 (en) * 2007-10-17 2010-09-16 Tomas Nylander Method and Arrangement for Deciding a Security Setting
CN104092668A (zh) * 2014-06-23 2014-10-08 北京航空航天大学 一种可重构网络安全服务构造方法
CN105493524A (zh) * 2013-07-25 2016-04-13 康维达无线有限责任公司 端到端m2m服务层会话

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101273571B (zh) * 2006-02-16 2010-05-19 中兴通讯股份有限公司 跨域多网守分组网络密钥协商安全策略的实现方法
CN101094065B (zh) * 2006-06-23 2011-09-28 华为技术有限公司 无线通信网络中的密钥分发方法和系统
CN102325321B (zh) * 2006-06-23 2014-12-17 华为技术有限公司 演进无线通信网络中的密钥获取方法和用户设备
CN101188492B (zh) * 2006-11-17 2010-08-18 中兴通讯股份有限公司 实现安全业务的系统和方法
CN101207480A (zh) * 2006-12-19 2008-06-25 中兴通讯股份有限公司 一种跨域多网守端到端会话密钥协商方法
JP2008154103A (ja) * 2006-12-19 2008-07-03 Ricoh Co Ltd 通信中継装置
CN101296225B (zh) 2007-04-29 2012-08-08 华为技术有限公司 会话管理功能装置及提供业务的系统和方法
JP5069353B2 (ja) 2007-09-14 2012-11-07 テレフオンアクチーボラゲット エル エム エリクソン(パブル) Ipマルチメディア・サブシステム通信ネットワークにおいて信用性を処理するための方法および装置
KR100948604B1 (ko) 2008-03-25 2010-03-24 한국전자통신연구원 서버 기반 이동 인터넷 프로토콜 시스템에 있어서 보안방법
US8819765B2 (en) * 2008-01-22 2014-08-26 Telefonaktiebolaget L M Ericsson (Publ) Security policy distribution to communication terminals
CN101330469B (zh) * 2008-07-25 2011-07-13 中兴通讯股份有限公司 下一代网络中资源控制部分收集安全参数的实现方法
CN101854625B (zh) * 2009-04-03 2014-12-03 华为技术有限公司 安全算法选择处理方法与装置、网络实体及通信系统
CN101557289A (zh) * 2009-05-13 2009-10-14 大连理工大学 基于身份认证的存储安全密钥管理方法
CN101990202B (zh) * 2009-07-29 2013-06-12 中兴通讯股份有限公司 更新用户策略的方法及应用服务器
CN102149088A (zh) * 2010-02-09 2011-08-10 工业和信息化部电信传输研究所 一种保护移动用户数据完整性的方法
CN103067168B (zh) * 2011-10-21 2016-01-27 华为技术有限公司 一种gsm安全方法及系统、相关设备
CN103546420B (zh) * 2012-07-09 2016-08-03 杭州华三通信技术有限公司 Get vpn中gm向ks注册的方法及gm和ks
US20150281276A1 (en) * 2014-03-26 2015-10-01 Juniper Networks, Inc. Monitoring compliance with security policies for computer networks
CN107566115B (zh) * 2016-07-01 2022-01-14 华为技术有限公司 密钥配置及安全策略确定方法、装置
US11297502B2 (en) * 2017-09-08 2022-04-05 Futurewei Technologies, Inc. Method and device for negotiating security and integrity algorithms

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1773903A (zh) * 2004-11-08 2006-05-17 中兴通讯股份有限公司 通用安全策略构造方法
CN101174946A (zh) * 2006-10-30 2008-05-07 株式会社日立制作所 内容发送装置、内容接收装置和内容加密方法
CN101242629A (zh) * 2007-02-05 2008-08-13 华为技术有限公司 选择用户面算法的方法、系统和设备
US20100235620A1 (en) * 2007-10-17 2010-09-16 Tomas Nylander Method and Arrangement for Deciding a Security Setting
WO2009057730A2 (en) * 2007-10-31 2009-05-07 Nec Corporation System and method for selection of security algorithms
CN101483860A (zh) * 2009-01-23 2009-07-15 清华大学 Ims网络中基于sip安全策略等级的协商控制方法
CN105493524A (zh) * 2013-07-25 2016-04-13 康维达无线有限责任公司 端到端m2m服务层会话
CN104092668A (zh) * 2014-06-23 2014-10-08 北京航空航天大学 一种可重构网络安全服务构造方法

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110971426A (zh) * 2019-12-05 2020-04-07 深圳前海达闼云端智能科技有限公司 一种构建群会话的方法、客户端及可存储介质

Also Published As

Publication number Publication date
KR102144303B1 (ko) 2020-08-13
KR20190015562A (ko) 2019-02-13
RU2719447C1 (ru) 2020-04-17
US11689934B2 (en) 2023-06-27
CN109314638B (zh) 2022-01-14
US11057775B2 (en) 2021-07-06
US20190124502A1 (en) 2019-04-25
EP3481000A4 (en) 2019-05-08
CN109560929A (zh) 2019-04-02
CN109560929B (zh) 2020-06-16
US20210289359A1 (en) 2021-09-16
EP3481000B1 (en) 2022-04-20
JP2019527498A (ja) 2019-09-26
CN107566115B (zh) 2022-01-14
EP4135256A1 (en) 2023-02-15
CN107566115A (zh) 2018-01-09
EP3481000A1 (en) 2019-05-08
BR112018077338A2 (pt) 2019-04-02
JP6737910B2 (ja) 2020-08-12
CN114285570A (zh) 2022-04-05

Similar Documents

Publication Publication Date Title
CN109314638A (zh) 密钥配置及安全策略确定方法、装置
US11695742B2 (en) Security implementation method, device, and system
CN110493774B (zh) 密钥配置方法、装置以及系统
RU2755258C2 (ru) Вторичная аутентификация пользовательского устройства
CN109874139B (zh) 锚密钥生成方法、设备以及系统
WO2018000867A1 (zh) 密钥配置及安全策略确定方法、装置
EP2648437B1 (en) Method, apparatus and system for key generation
WO2021249325A1 (zh) 切片服务验证方法及其装置
NZ755869B2 (en) Security implementation method, device and system
CN118160338A (zh) 通信网络中服务应用的安全信息推送

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20220114

CF01 Termination of patent right due to non-payment of annual fee