CN109314693A - 验证密钥请求方的方法和设备 - Google Patents

验证密钥请求方的方法和设备 Download PDF

Info

Publication number
CN109314693A
CN109314693A CN201680086517.4A CN201680086517A CN109314693A CN 109314693 A CN109314693 A CN 109314693A CN 201680086517 A CN201680086517 A CN 201680086517A CN 109314693 A CN109314693 A CN 109314693A
Authority
CN
China
Prior art keywords
entity
umf
network element
core network
security function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201680086517.4A
Other languages
English (en)
Other versions
CN109314693B (zh
Inventor
李�赫
陈璟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN109314693A publication Critical patent/CN109314693A/zh
Application granted granted Critical
Publication of CN109314693B publication Critical patent/CN109314693B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/062Pre-authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

一种验证密钥请求方的方法和设备,用以在初始入网过程中实现验证密钥请求方是否为能够得到密钥的实体的功能。方法为:安全功能实体接收用户管理功能UMF实体发送的请求消息;采用所述安全功能实体的私钥对所述请求消息中的信息进行解密,以及采用所述UMF实体的证书中的公钥对解密后的信息进行签名验证通过后,获取所述请求消息中携带的信息;若确定所述请求消息中携带的第一验证参数合法,且确定所述请求消息中携带的所述UMF实体的标识与终端UE附着的UMF实体的标识相同,则确定为所述UMF实体提供所述UE的密钥。

Description

PCT国内申请,说明书已公开。

Claims (22)

  1. PCT国内申请,权利要求书已公开。
CN201680086517.4A 2016-12-30 2016-12-30 验证密钥请求方的方法和设备 Active CN109314693B (zh)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/113941 WO2018120217A1 (zh) 2016-12-30 2016-12-30 验证密钥请求方的方法和设备

Publications (2)

Publication Number Publication Date
CN109314693A true CN109314693A (zh) 2019-02-05
CN109314693B CN109314693B (zh) 2020-08-25

Family

ID=62706714

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201680086517.4A Active CN109314693B (zh) 2016-12-30 2016-12-30 验证密钥请求方的方法和设备

Country Status (4)

Country Link
US (1) US11445370B2 (zh)
EP (1) EP3550780B1 (zh)
CN (1) CN109314693B (zh)
WO (1) WO2018120217A1 (zh)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113472792A (zh) * 2021-07-01 2021-10-01 北京玩蟹科技有限公司 一种长连接网络通信加密方法及系统

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018120217A1 (zh) * 2016-12-30 2018-07-05 华为技术有限公司 验证密钥请求方的方法和设备
US11163910B2 (en) * 2017-06-29 2021-11-02 Salesforce.Com, Inc. Methods and systems for data migration
US10749689B1 (en) * 2017-06-29 2020-08-18 Salesforce.Com, Inc. Language-agnostic secure application development
EP3895464A4 (en) * 2019-01-29 2022-08-03 Schneider Electric USA, Inc. SECURITY CONTEXT DISTRIBUTION SERVICE
US11652646B2 (en) * 2020-12-11 2023-05-16 Huawei Technologies Co., Ltd. System and a method for securing and distributing keys in a 3GPP system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101272616A (zh) * 2008-05-07 2008-09-24 广州杰赛科技股份有限公司 一种无线城域网的安全接入方法
CN101951603A (zh) * 2010-10-14 2011-01-19 中国电子科技集团公司第三十研究所 一种无线局域网接入控制方法及系统
CN103188229A (zh) * 2011-12-30 2013-07-03 上海贝尔股份有限公司 用于安全内容访问的方法和设备
CN105577626A (zh) * 2014-10-28 2016-05-11 祝永康 一种用户名注册和使用方法、系统及装置

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FI20000760A0 (fi) * 2000-03-31 2000-03-31 Nokia Corp Autentikointi pakettidataverkossa
CA2358083A1 (en) * 2001-09-28 2003-03-28 Bridgewater Systems Corporation A method for session accounting in a wireless data networks using authentication, authorization and accounting (aaa) protocols (such as ietf radius or diameter) where there is no session handoff communication between the network elements
US20070198837A1 (en) * 2005-04-29 2007-08-23 Nokia Corporation Establishment of a secure communication
US9807819B1 (en) * 2009-09-04 2017-10-31 Sprint Communications Company L.P. Cross-technology session continuity
KR101700448B1 (ko) * 2009-10-27 2017-01-26 삼성전자주식회사 이동 통신 시스템에서 보안 관리 시스템 및 방법
CN102474500B (zh) * 2009-12-22 2015-06-17 上海贝尔股份有限公司 一种向移动用户设备提供网络服务方法及其装置
US8923863B2 (en) * 2011-12-19 2014-12-30 Cisco Technology, Inc. Maintaining signaling reduction mode in communication networks
US9240881B2 (en) * 2012-04-30 2016-01-19 Alcatel Lucent Secure communications for computing devices utilizing proximity services
KR102142576B1 (ko) * 2013-05-16 2020-08-10 삼성전자주식회사 단말간 통신을 위한 탐색 방법 및 장치
US10306520B2 (en) * 2014-09-17 2019-05-28 Lg Electronics Inc. Handover method between heterogeneous wireless communication techniques and device for same
CN105577627B (zh) * 2014-11-11 2020-08-28 腾讯数码(天津)有限公司 通信方法、装置、网络设备、终端设备和通信系统
CN106162574B (zh) * 2015-04-02 2020-08-04 成都鼎桥通信技术有限公司 集群系统中应用统一鉴权方法、服务器与终端
ES2786261T3 (es) * 2015-06-09 2020-10-09 Deutsche Telekom Ag Método para una instalación mejorada de una aplicación de servicio relacionada con un elemento seguro en un elemento seguro que se encuentra en un dispositivo de comunicación, sistema y red de telecomunicaciones para una instalación mejorada de una aplicación de servicio relacionada con un elemento seguro en un elemento seguro que se encuentra en un dispositivo de comunicación, programa que incluye un código de programa legible por ordenador y producto de programa informático
US10285060B2 (en) * 2015-10-30 2019-05-07 Alcatel-Lucent Usa Inc. Preventing attacks from false base stations
US11234126B2 (en) * 2015-11-17 2022-01-25 Qualcomm Incorporated Methods and apparatus for wireless communication using a security model to support multiple connectivity and service contexts
WO2018120217A1 (zh) * 2016-12-30 2018-07-05 华为技术有限公司 验证密钥请求方的方法和设备
WO2018182759A1 (en) * 2017-03-30 2018-10-04 Intel IP Corporation Security for paging messages

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101272616A (zh) * 2008-05-07 2008-09-24 广州杰赛科技股份有限公司 一种无线城域网的安全接入方法
CN101951603A (zh) * 2010-10-14 2011-01-19 中国电子科技集团公司第三十研究所 一种无线局域网接入控制方法及系统
CN103188229A (zh) * 2011-12-30 2013-07-03 上海贝尔股份有限公司 用于安全内容访问的方法和设备
CN105577626A (zh) * 2014-10-28 2016-05-11 祝永康 一种用户名注册和使用方法、系统及装置

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
3GPP: "23799-121:Study on Architecture for Next Generation System(Release 14)", 《3GPP STANDARD;VOL.SA WG2;NO.V1.2.1》 *
HUAWEI等: "S2-166170:Solution:Consolidated architecture option X", 《SA WG2 MEETING #117》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113472792A (zh) * 2021-07-01 2021-10-01 北京玩蟹科技有限公司 一种长连接网络通信加密方法及系统
CN113472792B (zh) * 2021-07-01 2023-05-05 北京玩蟹科技有限公司 一种长连接网络通信加密方法及系统

Also Published As

Publication number Publication date
EP3550780B1 (en) 2021-04-14
US20190320320A1 (en) 2019-10-17
EP3550780A1 (en) 2019-10-09
EP3550780A4 (en) 2019-12-11
WO2018120217A1 (zh) 2018-07-05
US11445370B2 (en) 2022-09-13
CN109314693B (zh) 2020-08-25

Similar Documents

Publication Publication Date Title
US11824981B2 (en) Discovery method and apparatus based on service-based architecture
US11496320B2 (en) Registration method and apparatus based on service-based architecture
US10638321B2 (en) Wireless network connection method and apparatus, and storage medium
JP6732095B2 (ja) 異種ネットワークのための統一認証
CN109314693A (zh) 验证密钥请求方的方法和设备
KR102024653B1 (ko) 사용자 장비(ue)를 위한 액세스 방법, 디바이스 및 시스템
CN102595404B (zh) 用于存储和执行访问控制客户端的方法及装置
US20160105410A1 (en) OMA DM Based Terminal Authentication Method, Terminal and Server
WO2018137713A1 (zh) 网络切片内鉴权方法、切片鉴权代理实体及会话管理实体
CN112105021B (zh) 一种认证方法、装置及系统
CN106507348B (zh) 一种lte系统中ue接入核心网epc的方法和装置
US11895487B2 (en) Method for determining a key for securing communication between a user apparatus and an application server
US9608971B2 (en) Method and apparatus for using a bootstrapping protocol to secure communication between a terminal and cooperating servers
WO2011127810A1 (zh) 对通信设备进行认证的方法和装置
CN112512045A (zh) 一种通信系统、方法及装置
CN111641498A (zh) 密钥的确定方法及装置
CN112738800A (zh) 一种网络切片的数据安全传输实现方法
CN104168566B (zh) 一种接入网络的方法及装置
WO2018076298A1 (zh) 一种安全能力协商方法及相关设备
Abdelkader et al. A novel advanced identity management scheme for seamless handoff in 4G wireless networks
CN106487940B (zh) 家庭基站及ip配置的方法
WO2016180145A1 (zh) 一种无线网络鉴权方法及核心网网元、接入网网元、终端
CN109391938A (zh) 密钥协商方法、装置及系统
KR102577882B1 (ko) 쌍토큰을 이용한 tls 세션 복구 방법
US12008108B2 (en) Extended authentication method and apparatus for generic bootstrapping architecture, and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant