CN114826627A - Information transmission method, enterprise security gateway and system - Google Patents
Information transmission method, enterprise security gateway and system Download PDFInfo
- Publication number
- CN114826627A CN114826627A CN202110043533.8A CN202110043533A CN114826627A CN 114826627 A CN114826627 A CN 114826627A CN 202110043533 A CN202110043533 A CN 202110043533A CN 114826627 A CN114826627 A CN 114826627A
- Authority
- CN
- China
- Prior art keywords
- information
- security gateway
- enterprise security
- user
- encryption algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 50
- 230000005540 biological transmission Effects 0.000 title claims abstract description 49
- 230000004044 response Effects 0.000 claims abstract description 15
- 230000007246 mechanism Effects 0.000 claims description 48
- 230000015654 memory Effects 0.000 claims description 22
- 238000004590 computer program Methods 0.000 claims description 10
- 238000001914 filtration Methods 0.000 claims description 10
- 238000012423 maintenance Methods 0.000 claims description 10
- 238000012795 verification Methods 0.000 claims description 9
- 238000013507 mapping Methods 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 18
- 230000006870 function Effects 0.000 description 10
- 238000012546 transfer Methods 0.000 description 7
- 238000004891 communication Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000011664 signaling Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000014509 gene expression Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
Abstract
The disclosure provides an information transmission method, an enterprise security gateway and an enterprise security gateway system. The information transmission method comprises the following steps: the user enterprise security gateway sends a key negotiation request message to the operator enterprise security gateway through a first interface, wherein the key negotiation request message at least carries a user identifier; the operator enterprise security gateway identifies the user according to the user identifier, searches for an encryption algorithm corresponding to the user identifier and the encryption algorithm identifier under the condition that the key negotiation request message also carries the encryption algorithm identifier, and returns a key negotiation response message to the user enterprise security gateway through the first interface; one enterprise security gateway of the user enterprise security gateway and the operator enterprise security gateway encrypts information to be sent through an encryption algorithm and sends the encrypted information to the other enterprise security gateway through a second interface; and the other enterprise security gateway decrypts the encrypted information and forwards the decrypted information to the corresponding intranet network element.
Description
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to an information transmission method, an enterprise security gateway, and a system.
Background
In the application of the vertical industry oriented to high security, a client may require a self-established 5G (5th generation mobile communication technology) core network scheme. In this context, a 3GPP (3rd Generation Partnership Project) roaming network architecture may be employed. However, the roaming architecture is premised on different PLMNs (Public Land Mobile networks), and the Security Edge Protection Proxy SEPP (Security Edge Protection Proxy) adopts a general Security and three-party peer-to-peer mechanism, which cannot meet the customized Security requirements of the industry customers. Therefore, the prior art cannot meet the requirement of users in the vertical industry on information transmission safety.
Disclosure of Invention
The technical problem that this disclosure solved is: security of vertical industry information and data transfer has yet to be improved.
According to an aspect of the present disclosure, there is provided an information transmission method including: a user enterprise security gateway sends a key negotiation request message to an operator enterprise security gateway through a first interface, wherein the key negotiation request message at least carries a user identifier; the operator enterprise security gateway identifies a user according to the user identifier, searches for an encryption algorithm corresponding to the user identifier and the encryption algorithm identifier under the condition that the key negotiation request message also carries the encryption algorithm identifier, and returns a key negotiation response message to the user enterprise security gateway through the first interface; one enterprise security gateway of the user enterprise security gateway and the operator enterprise security gateway encrypts information to be sent through the encryption algorithm to obtain encrypted information, and sends the encrypted information to the other enterprise security gateway of the user enterprise security gateway and the operator enterprise security gateway through a second interface; and the other enterprise security gateway decrypts the encrypted information by using a decryption algorithm corresponding to the encryption algorithm and forwards the decrypted information to the corresponding intranet network element.
In some embodiments, the information transmission method further comprises: the operator enterprise security gateway maintains encryption algorithm tables of all signed users, and the user enterprise security gateway maintains the encryption algorithm tables of the user enterprise security gateway; wherein the encryption algorithm table comprises: user identification, encryption algorithm identification and corresponding encryption algorithm.
In some embodiments, the user enterprise security gateway encrypts the key agreement request message through a default security transport layer protocol, TLS, security mechanism, and sends the encrypted key agreement request message to the operator enterprise security gateway; and the operator enterprise security gateway decrypts the key negotiation request message through the TLS security mechanism.
In some embodiments, the information transmission method further comprises: and under the condition that the key negotiation request message does not carry the encryption algorithm identifier, the user enterprise security gateway and the operator enterprise security gateway mutually transmit information through the TLS security mechanism.
In some embodiments, the information transmission method further comprises: and the other enterprise security gateway verifies the decrypted information, if the decrypted information is identified to contain error information, the error information is mapped into a corresponding error code, and the error code is fed back to the enterprise security gateway through the first interface.
In some embodiments, the information transmission method further comprises: and the user enterprise security gateway and the operator enterprise security gateway respectively judge whether the transmitted information contains confidential information or illegal information, and if the transmitted information contains the confidential information or illegal information, the transmitted information is discarded.
According to another aspect of the present disclosure, there is provided a user enterprise security gateway, comprising: the device comprises a sending unit, a first interface, a second interface and an intranet network element, wherein the sending unit is used for sending a key negotiation request message to the operator enterprise security gateway through the first interface, the key negotiation request message at least carries a user identifier, sending first encryption information to the operator enterprise security gateway through the second interface, and forwarding decrypted information corresponding to the second encryption information to the corresponding intranet network element; the encryption unit is used for encrypting the information to be sent through an encryption algorithm to obtain the first encrypted information; the decryption unit is used for decrypting the second encrypted information received from the operator enterprise security gateway by using a decryption algorithm corresponding to the encryption algorithm to obtain the decrypted information; and the operator enterprise security gateway identifies a user according to the user identifier, searches for an encryption algorithm corresponding to the user identifier and the encryption algorithm identifier under the condition that the key negotiation request message also carries the encryption algorithm identifier, and returns a key negotiation response message to the user enterprise security gateway through the first interface.
In some embodiments, the user enterprise security gateway further comprises: an encryption algorithm table maintenance unit, configured to maintain an encryption algorithm table of the user enterprise security gateway itself, where the encryption algorithm table includes: user identification, encryption algorithm identification and corresponding encryption algorithm.
In some embodiments, the encryption unit is configured to encrypt the key agreement request message by a default secure transport layer protocol, TLS, security mechanism; the sending unit is used for sending the encrypted key negotiation request message to the operator enterprise security gateway; and the operator enterprise security gateway decrypts through the TLS security mechanism to obtain the key negotiation request message.
In some embodiments, the encryption unit encrypts, through the TLS security mechanism, the information to be sent when the key agreement request message does not carry the encryption algorithm identifier, and the decryption unit decrypts the second encrypted information through the TLS security mechanism.
In some embodiments, the user enterprise security gateway further comprises: and the verification unit is used for verifying the decrypted information, mapping the error information into a corresponding error code if the decrypted information is identified to contain the error information, and feeding the error code back to the operator enterprise security gateway through the first interface.
In some embodiments, the user enterprise security gateway further comprises: and the information filtering unit is used for judging whether the transmitted information contains confidential information or illegal information or not, and discarding the transmitted information if the transmitted information contains the confidential information or illegal information.
According to another aspect of the present disclosure, there is provided an operator enterprise security gateway, comprising: a receiving module, configured to receive a key negotiation request message from a user enterprise security gateway through a first interface, where the key negotiation request message at least carries a user identifier; the algorithm matching module is used for identifying a user according to the user identifier and searching and obtaining an encryption algorithm corresponding to the user identifier and the encryption algorithm identifier under the condition that the key negotiation request message also carries the encryption algorithm identifier; a sending module, configured to return a key agreement response message to the user enterprise security gateway through the first interface, forward decrypted information corresponding to the first encryption information to a corresponding intranet network element, and send second encryption information to the user enterprise security gateway through a second interface; the encryption module is used for encrypting the information to be sent through the encryption algorithm to obtain the second encryption information; and the decryption module is used for decrypting the first encrypted information received from the user enterprise security gateway by using a decryption algorithm corresponding to the encryption algorithm so as to obtain the decrypted information.
In some embodiments, the operator enterprise security gateway further comprises: an encryption algorithm table maintenance module, configured to maintain encryption algorithm tables of all subscribed users, where the encryption algorithm table includes: user identification, encryption algorithm identification and corresponding encryption algorithm.
In some embodiments, the user enterprise security gateway encrypts the key agreement request message through a default security transport layer protocol, TLS, security mechanism, and sends the encrypted key agreement request message to the operator enterprise security gateway; and the decryption module is used for decrypting through the TLS security mechanism to obtain the key negotiation request message.
In some embodiments, the encryption module encrypts, by using the TLS security mechanism, information to be transmitted, and the decryption module decrypts, by using the TLS security mechanism, the first encrypted information, when the key agreement request message does not carry the encryption algorithm identifier.
In some embodiments, the operator enterprise security gateway further comprises: and the verification module is used for verifying the decrypted information, mapping the error information into a corresponding error code if the decrypted information is identified to contain the error information, and feeding the error code back to the user enterprise security gateway through the first interface.
In some embodiments, the operator enterprise security gateway further comprises: and the information filtering module is used for judging whether the transmitted information contains confidential information or illegal information, and discarding the transmitted information if the transmitted information contains the confidential information or the illegal information.
According to another aspect of the present disclosure, there is provided an information transmission system including: a user enterprise security gateway as previously described; and an operator enterprise security gateway as previously described.
According to another aspect of the present disclosure, there is provided an information transmission system including: a memory; and a processor coupled to the memory, the processor configured to perform the method as previously described based on instructions stored in the memory.
According to another aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the method as previously described.
In the method, a user enterprise security gateway sends a key negotiation request message to an operator enterprise security gateway through a first interface, wherein the key negotiation request message at least carries a user identifier; the operator enterprise security gateway identifies the user according to the user identifier, searches for an encryption algorithm corresponding to the user identifier and the encryption algorithm identifier under the condition that the key negotiation request message also carries the encryption algorithm identifier, and returns a key negotiation response message to the user enterprise security gateway through the first interface; one enterprise security gateway of the user enterprise security gateway and the operator enterprise security gateway encrypts information to be sent through the encryption algorithm to obtain encrypted information, and sends the encrypted information to the other enterprise security gateway of the user enterprise security gateway and the operator enterprise security gateway through a second interface; and the other enterprise security gateway decrypts the encrypted information and forwards the decrypted information to the corresponding intranet network element. The method realizes the purpose of customizing the encryption algorithm by the industry client in a security negotiation mode, thereby improving the security of industry information and data transmission.
Other features of the present disclosure and advantages thereof will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The present disclosure may be more clearly understood from the following detailed description, taken with reference to the accompanying drawings, in which:
fig. 1 is a flow chart illustrating an information transmission method according to some embodiments of the present disclosure;
FIG. 2 is a schematic diagram illustrating a matching encryption algorithm according to some embodiments of the present disclosure;
FIG. 3 is a flow chart illustrating an information transfer method according to further embodiments of the present disclosure;
FIG. 4 is a flow chart illustrating an information transfer method according to further embodiments of the present disclosure;
FIG. 5 is a schematic diagram illustrating the structure of a user enterprise security gateway, according to some embodiments of the present disclosure;
FIG. 6 is a schematic diagram illustrating the architecture of a carrier enterprise security gateway, according to some embodiments of the present disclosure;
FIG. 7 is a block diagram illustrating an information transmission system according to some embodiments of the present disclosure;
FIG. 8 is a block diagram illustrating an information delivery system according to further embodiments of the present disclosure;
fig. 9 is a schematic diagram illustrating a structure of an information transmission system according to further embodiments of the present disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions, and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be discussed further in subsequent figures.
Fig. 1 is a flow chart illustrating an information transmission method according to some embodiments of the present disclosure. As shown in fig. 1, the method includes steps S102 to S108.
In step S102, the user enterprise security gateway sends a key agreement request message to the operator enterprise security gateway through the first interface, where the key agreement request message at least carries a user identifier (i.e., a user ID).
Here, the enterprise Security gateway may be abbreviated as esg (enterprise Security gateway). A user enterprise security gateway (consumer's ESG, abbreviated as csgs) is a service requester, such as a vertical enterprise user; operator enterprise security gateways (producer's ESG, abbreviated as pESG) are service responders.
In some embodiments, the key agreement request message may also carry an encryption algorithm identification (i.e., an encryption algorithm ID). In other embodiments, the key agreement request message may not carry the encryption algorithm identifier.
In step S104, the operator enterprise security gateway identifies the user according to the user identifier, searches for an encryption algorithm corresponding to the user identifier and the encryption algorithm identifier under the condition that the key agreement request message also carries the encryption algorithm identifier, and returns a key agreement response message to the user enterprise security gateway through the first interface.
In some embodiments, the operator enterprise security gateway maintains a table of encryption algorithms for all subscribed users (e.g., as shown in table 1), and the user enterprise security gateway maintains its own table of encryption algorithms (e.g., as shown in table 2). The encryption algorithm table includes: user identification, encryption algorithm identification and corresponding encryption algorithm.
Table 1 encryption algorithm table maintained by security gateway of operator enterprise
Table 2 encryption algorithm table maintained by enterprise security gateway for user a
In the above embodiment, the encryption algorithm table may be a dynamic encryption algorithm table. Thus, the user enterprise security gateway and the operator enterprise security gateway can dynamically manage the encryption algorithm table.
When an enterprise security gateway of an industry user initiates a password negotiation request, the password negotiation request carries a user ID and an encryption algorithm ID (optional), an operator firstly maps to a corresponding user column in a table according to the field information, and then finds the encryption algorithm ID and a correspondingly used encryption algorithm.
For example, a key agreement request message sent by the user enterprise security gateway to the operator enterprise security gateway carries a user identifier a and an encryption algorithm identifier 1, and then the operator enterprise security gateway identifies the user a according to the user identifier a, searches for an encryption algorithm QT3 (shown in fig. 2) corresponding to the user identifier a and the encryption algorithm identifier 1, and returns a key agreement response message to the user enterprise security gateway through the first interface, thereby confirming that the key agreement is successful.
In step S106, one of the user enterprise security gateway and the operator enterprise security gateway encrypts information to be transmitted by using an encryption algorithm to obtain encrypted information, and transmits the encrypted information to the other one of the user enterprise security gateway and the operator enterprise security gateway (i.e., the opposite-end gateway) through the second interface.
In step S108, the other enterprise security gateway decrypts the encrypted information by using the decryption algorithm corresponding to the encryption algorithm, and forwards the decrypted information to the corresponding intranet network element.
Here, since the user enterprise security gateway and the operator enterprise security gateway have negotiated the encryption algorithm, the corresponding decryption algorithm is already known by the user enterprise security gateway and the operator enterprise security gateway. Therefore, the user enterprise security gateway or the operator enterprise security gateway can decrypt the encrypted information after acquiring the encrypted information sent by the opposite end gateway.
For example, the user enterprise security gateway encrypts information to be sent through the encryption algorithm to obtain encrypted information, and sends the encrypted information to the operator enterprise security gateway; and the operator enterprise security gateway decrypts the encrypted information by using a decryption algorithm corresponding to the encryption algorithm and forwards the decrypted information to the corresponding intranet network element.
For another example, the operator enterprise security gateway encrypts information to be transmitted through the encryption algorithm to obtain encrypted information, and transmits the encrypted information to the user enterprise security gateway; and the user enterprise security gateway decrypts the encrypted information by using a decryption algorithm corresponding to the encryption algorithm and forwards the decrypted information to the corresponding intranet network element.
Thus, there is provided an information transmission method according to some embodiments of the present disclosure. The method comprises the following steps: the user enterprise security gateway sends a key negotiation request message to the operator enterprise security gateway through a first interface, wherein the key negotiation request message at least carries a user identifier; the operator enterprise security gateway identifies the user according to the user identifier, searches for an encryption algorithm corresponding to the user identifier and the encryption algorithm identifier under the condition that the key negotiation request message also carries the encryption algorithm identifier, and returns a key negotiation response message to the user enterprise security gateway through the first interface; one enterprise security gateway of the user enterprise security gateway and the operator enterprise security gateway encrypts information to be sent through the encryption algorithm to obtain encrypted information, and sends the encrypted information to the other enterprise security gateway of the user enterprise security gateway and the operator enterprise security gateway through a second interface; and the other enterprise security gateway decrypts the encrypted information by using a decryption algorithm corresponding to the encryption algorithm and forwards the decrypted information to the corresponding intranet network element. The method achieves the purpose that an industry client customizes the encryption algorithm in a safety negotiation mode, thereby improving the safety of industry information and data transmission.
In some embodiments, the user enterprise Security gateway encrypts the key agreement request message through a default TLS (Transport Layer Security) Security mechanism, and sends the encrypted key agreement request message to the operator enterprise Security gateway; and the operator enterprise security gateway decrypts the message through the TLS security mechanism to obtain the key negotiation request message. Here, the TLS security mechanism belongs to the security mechanisms known to those skilled in the art and will not be described in detail here.
For example, the user enterprise security gateway encrypts the key agreement request message through a default encryption algorithm, and sends the encrypted key agreement request message to the operator enterprise security gateway; and the operator enterprise security gateway decrypts the key by a default corresponding decryption algorithm to obtain the key negotiation request message.
In some embodiments, the information transmission method may further include: and under the condition that the key negotiation request message does not carry an encryption algorithm identifier, the user enterprise security gateway and the operator enterprise security gateway mutually transmit information through a TLS security mechanism.
That is to say, under the condition that the key agreement request message does not carry the encryption algorithm identifier, the user enterprise security gateway does not make the required encryption algorithm, so that the user enterprise security gateway and the operator enterprise security gateway can encrypt and decrypt the transmitted information through a default TLS security mechanism and transmit the encrypted information to each other. Thus, the safe transmission of industry information and data is realized to a certain extent.
In some embodiments, the information transmission method may further include: and the other one of the user enterprise security gateway and the operator enterprise security gateway verifies the decrypted information, if the decrypted information contains error information, the error information is mapped into a corresponding error code, and the error code is fed back to the one of the user enterprise security gateway and the operator enterprise security gateway (namely, the enterprise security gateway at the opposite end) through the first interface. This realizes the error feedback function of the security gateway and facilitates the maintenance of the security gateway.
For example, the user enterprise security gateway performs parity check on the decrypted information, and if the decrypted information is recognized to contain error information, the error information is mapped into a corresponding error code, and the error code is fed back to the operator enterprise security gateway through the first interface. The parity check can here be performed using known parity check techniques, which will not be described in detail here,
for another example, the operator enterprise security gateway checks the decrypted information, if the decrypted information is recognized to contain error information, the error information is mapped to a corresponding error code, and the error code is fed back to the user enterprise security gateway through the first interface.
In still other embodiments, the information transmission method may further include: one of the user enterprise security gateway and the operator enterprise security gateway feeds back an error code to the other of the user enterprise security gateway and the operator enterprise security gateway if the encrypted information cannot be decrypted (e.g., due to a loss of the encryption algorithm or a different version of the two gateways). This facilitates maintenance of the gateway.
In some embodiments, the information transmission method may further include: and the user enterprise security gateway and the operator enterprise security gateway respectively judge whether the transmitted information contains confidential information or illegal information, and if the transmitted information contains the confidential information or the illegal information, the transmitted information is discarded. Thus, the gateway realizes the message filtering function, and can prevent the leakage of confidential information and the transmission of illegal information as much as possible.
In the above embodiment, the vertical industry user may have its own encryption policy for security, include one or more encryption algorithms, and store the encryption policies in the industry user enterprise security gateway and the operator enterprise security gateway, and perform negotiation invocation during communication.
Fig. 3 is a flow chart illustrating an information transmission method according to further embodiments of the present disclosure. As shown in fig. 3, the method includes a first stage including steps S302 to S306 and a second stage including steps S308 to S316.
The first phase, the key agreement phase:
in step S302, before communication, the user enterprise security gateway sends a key agreement request message to the operator enterprise security gateway through the first interface, where the key agreement request message carries a user identifier and an encryption algorithm identifier. For example, the key agreement request message may be transmitted using a TLS security mechanism that is always used at the first interface without changing the configuration.
In step S304, after receiving and decrypting the key agreement request message, the operator enterprise security gateway authenticates and identifies the user as a user of a vertical industry private network, stores the received encryption algorithm ID, determines that an encryption algorithm corresponding to the user and the algorithm ID will be used when transmitting information on the second interface, and encrypts the information using a default TLS security mechanism if the encryption algorithm ID is not received.
In step S306, the operator enterprise security gateway returns a key agreement response message through the first interface, and ends the key agreement phase.
The second phase, the encrypted transport phase (for illustration: FIG. 3 shows the transfer of information from the user enterprise security gateway to the operator enterprise security gateway, and indeed from the operator enterprise security gateway to the user enterprise security gateway):
at step S308, the first network element sends information to the user enterprise security gateway.
At step S310, the user enterprise security gateway encrypts the information to be transmitted using the encryption algorithm determined during the key agreement phase.
At step S312, the user enterprise security gateway forwards the encrypted information to the operator enterprise security gateway.
In step S314, the operator enterprise security gateway decrypts the encrypted information and reads plaintext information.
In step S316, the operator enterprise security gateway forwards the decrypted information to the corresponding second network element.
Thus, there are provided methods of information transmission according to further embodiments of the present disclosure. The method is oriented to the requirement of self-building 5G core network in the vertical industry, and supports the own safety mechanism of industrial users. In the key agreement stage of the method, the industry user leads the key agreement and the two parties agree and confirm, thereby realizing the customized special encryption mechanism of the signaling transmission between the gateways and improving the safety of information transmission.
Fig. 4 is a flow chart illustrating an information transmission method according to further embodiments of the present disclosure. Fig. 4 shows an example flow of a network ESG.
For example, a network needs to have its own set of encryption mechanisms, which includes multiple encryption algorithms, for high security. Only the network and the contracted operator know the security mechanism and encrypt and decrypt the information. Assuming that the ID of the network is a, there are two encryption algorithms, with corresponding algorithm IDs of 1 and 2, respectively. When the network user initiates a registration request, it is connected to the operator's default AMF (Access and Mobility Management Function) and then relocated to the network's own AMF, and when the default AMF initiates a session establishment request to the network AMF, the signaling will pass through the security gateway ESG.
The ESG instance signaling flow is described below in conjunction with fig. 4.
Before communication, the network ESG (i.e., the user enterprise security gateway) sends a key agreement request message carrying the user ID (e.g., a) and the encryption algorithm number (e.g., 1) to the operator enterprise security gateway (operator side) through the first interface, which sends information using the TLS security mechanism, at step S402.
In step S404, after the operator enterprise security gateway receives the information decryption, it authenticates and identifies that the ID is a certain network user, stores the received encryption algorithm ID-1, and determines to use the encryption algorithm 1 corresponding to the encryption algorithm ID-1 when the information is to be transmitted on the second interface.
In step S406, the operator enterprise security gateway returns a key agreement response message through the first interface, and ends the key agreement phase.
At step S408, the default AMF sends an SMF (Session Management Function) Session establishment request message to the operator enterprise security gateway.
At step S410, the operator enterprise security gateway encrypts the session establishment request message to be transmitted using encryption algorithm 1.
At step S412, the operator enterprise security gateway forwards the encrypted SMF session establishment request message to the user enterprise security gateway.
In step S414, the user enterprise security gateway of the network receives the encrypted information, decrypts the encrypted information using decryption algorithm 1 corresponding to encryption algorithm 1, and reads plaintext information.
At step S416, the user enterprise security gateway forwards the decrypted SMF session establishment request message to the corresponding AMF.
Thus, there are provided methods of information transmission according to further embodiments of the present disclosure. The method faces to the requirement of self-building 5G core network in vertical industry, supports the self-owned security mechanism of the industry user, carries out two-party negotiation, realizes the customized special encryption mechanism of the signaling transmission between gateways, and improves the security of information transmission.
Fig. 5 is a schematic diagram illustrating the structure of a user enterprise security gateway, according to some embodiments of the present disclosure. As shown in fig. 5, user enterprise security gateway 500 includes a sending unit 502, an encryption unit 504, and a decryption unit 506.
The sending unit 502 is configured to send a key agreement request message to the operator enterprise security gateway through the first interface, where the key agreement request message at least carries a user identifier, send the first encrypted information to the operator enterprise security gateway through the second interface, and forward decrypted information corresponding to the second encrypted information to a corresponding intranet network element.
The encryption unit 504 is configured to encrypt information to be sent by an encryption algorithm to obtain first encrypted information.
The decryption unit 506 is configured to decrypt the second encrypted information received from the operator enterprise security gateway with a decryption algorithm corresponding to the encryption algorithm to obtain decrypted information.
Here, the operator enterprise security gateway identifies the user according to the user identifier, searches for an encryption algorithm corresponding to the user identifier and the encryption algorithm identifier under the condition that the key agreement request message also carries the encryption algorithm identifier, and returns a key agreement response message to the user enterprise security gateway through the first interface.
To this end, a user enterprise security gateway is provided according to some embodiments of the present disclosure. The gateway achieves the purpose of customizing the encryption algorithm by an industry client in a security negotiation mode, thereby improving the security of industry information and data transmission.
In some embodiments, as shown in fig. 5, user enterprise security gateway 500 may further include an encryption algorithm table maintenance unit 508. The encryption algorithm table maintenance unit 508 is configured to maintain the encryption algorithm table of the user enterprise security gateway itself. The encryption algorithm table includes: user identification, encryption algorithm identification and corresponding encryption algorithm.
In some embodiments, the encryption unit 504 is configured to encrypt the key agreement request message via a default TLS security mechanism; the sending unit is used for sending the encrypted key negotiation request message to an operator enterprise security gateway; and the operator enterprise security gateway decrypts through the TLS security mechanism to obtain the key negotiation request message.
In some embodiments, in a case that the key agreement request message does not carry the encryption algorithm identifier, the encryption unit 504 encrypts the information to be sent through a TLS security mechanism, and the decryption unit 506 decrypts the second encrypted information through the TLS security mechanism.
In some embodiments, as shown in FIG. 5, user enterprise security gateway 500 may also include a verification unit 510. The verification unit 510 is configured to verify the decrypted information, and if it is identified that the decrypted information includes error information, map the error information into a corresponding error code, and feed back the error code to the operator enterprise security gateway through the first interface.
In some embodiments, as shown in FIG. 5, user enterprise security gateway 500 may also include an information filtering unit 512. The information filtering unit 512 is configured to determine whether the transmitted information includes confidential information or violation information, and discard the transmitted information if the transmitted information includes confidential information or violation information.
Fig. 6 is a schematic diagram illustrating the structure of a carrier enterprise security gateway, according to some embodiments of the present disclosure. As shown in fig. 6, operator enterprise security gateway 600 includes a receiving module 602, an algorithm matching module 604, a sending module 606, an encryption module 608, and a decryption module 610.
The receiving module 602 is configured to receive a key agreement request message from a user enterprise security gateway through a first interface. The key negotiation request message carries at least a user identifier.
The algorithm matching module 604 is configured to identify a user according to the user identifier, and search for an encryption algorithm corresponding to the user identifier and the encryption algorithm identifier when the key agreement request message also carries the encryption algorithm identifier.
The sending module 606 is configured to return a key agreement response message to the user enterprise security gateway through the first interface, forward the decrypted information corresponding to the first encryption information to a corresponding intranet network element, and send the second encryption information to the user enterprise security gateway through the second interface.
The encryption module 608 is configured to encrypt information to be sent by using the encryption algorithm to obtain second encrypted information.
The decryption module 610 is configured to decrypt the first encrypted information received from the user enterprise security gateway by using a decryption algorithm corresponding to the encryption algorithm to obtain decrypted information.
To this end, an operator enterprise security gateway is provided according to some embodiments of the present disclosure. The gateway achieves the purpose of customizing the encryption algorithm by an industry client in a security negotiation mode, thereby improving the security of industry information and data transmission.
In some embodiments, as shown in fig. 6, operator enterprise security gateway 600 may also include an encryption algorithm table maintenance module 612. The encryption algorithm table maintenance module 612 is configured to maintain encryption algorithm tables of all subscribed users. The encryption algorithm table includes: user identification, encryption algorithm identification and corresponding encryption algorithm.
In some embodiments, the user enterprise security gateway encrypts the key agreement request message through a default TLS security mechanism and sends the encrypted key agreement request message to the operator enterprise security gateway 600; the decryption module 610 is configured to decrypt the key agreement request message through the TLS security mechanism.
In some embodiments, in the case that the key agreement request message does not carry the encryption algorithm identifier, the encryption module 608 encrypts the information to be sent through a TLS security mechanism, and the decryption module 610 decrypts the first encrypted information through the TLS security mechanism.
In some embodiments, as shown in fig. 6, carrier enterprise security gateway 600 may also include a verification module 614. The verification module 614 is configured to verify the decrypted information, and if it is recognized that the decrypted information includes error information, map the error information into a corresponding error code, and feed back the error code to the user enterprise security gateway through the first interface.
In some embodiments, as shown in FIG. 6, operator enterprise security gateway 600 may also include an information filtering module 616. The information filtering module 616 is configured to determine whether the transmitted information includes confidential information or violation information, and discard the transmitted information if the transmitted information includes confidential information or violation information.
In the above embodiment, the enterprise security gateway is a security gateway between a core Network NF (Network Function) of an industry user and an operator NF. On one hand, the security gateway can realize the functions of message filtering, security guarantee, supervision and the like under the same PLMN, can receive all service layer information from the local network 5G NF, and carries out special encryption protection before forwarding; on the other hand, after the security is verified, the security gateway supports an enterprise-dominated customized password negotiation mechanism.
In a roaming architecture under the same PLMN, the enterprise security gateway with high security client and operator boundary is designed in the disclosure. The security gateway is adapted for core network interaction under the same PLMN. The gateway supports identity verification, key agreement and customized encryption requirements of enterprises, and meets the requirements of industry client security access.
Fig. 7 is a schematic diagram illustrating the structure of an information transmission system according to some embodiments of the present disclosure.
As shown in fig. 7, the information transfer system includes a user enterprise security gateway 500 and an operator enterprise security gateway 600. The user enterprise security gateway 500 and the operator enterprise security gateway 600 are communicatively connected via a first interface and a second interface. The first interface may be responsible for key agreement, policy modification, and error handling for information transfer between two enterprise security gateways; the second interface is used for transferring encryption information. The two interfaces may use different encryption algorithms. For example, the first interface uses the encryption algorithm of the default TLS mechanism, and the second interface uses the customized encryption algorithm.
In some embodiments, as shown in fig. 7, the system may further include a first network element 710 located on the user side and a second network element 720 located on the operator side. A first network element 710 is communicatively coupled to user enterprise security gateway 500 and a second network element 720 is communicatively coupled to operator enterprise security gateway 600.
Fig. 8 is a schematic diagram illustrating a structure of an information transmission system according to further embodiments of the present disclosure. The information delivery system includes a memory 810 and a processor 820. Wherein:
the memory 810 may be a magnetic disk, flash memory, or any other non-volatile storage medium. The memory is used for storing instructions in the embodiments corresponding to fig. 1, fig. 3 and/or fig. 4.
It is noted that the information transmission system may comprise a plurality of memories 810 and a plurality of processors 820, and the plurality of memories 810 and the plurality of processors 820 may be configured to be located in different enterprise security gateways.
In some embodiments, as also shown in fig. 9, information delivery system 900 includes a memory 910 and a processor 920. Processor 920 is coupled to memory 910 by a BUS 930. The information delivery system 900 may also be coupled to an external storage device 950 via a storage interface 940 for facilitating retrieval of external data, and may also be coupled to a network or another computer system (not shown) via a network interface 960, which will not be described in detail herein.
In the embodiment, the data instruction is stored in the memory, and the processor processes the instruction, so that the purpose of customizing the encryption algorithm by an industry client is realized in a security negotiation mode, and the security of industry information and data transmission is improved.
It should be noted that the information transfer system 900 may include a plurality of memories 910, a plurality of processors 920, a plurality of BUS buses 930, a plurality of memory interfaces 940, a plurality of external storage devices 950, and a plurality of network interfaces 960. The plurality of memories 910, the plurality of processors 920, the plurality of BUS buses 930, the plurality of storage interfaces 940, the plurality of external storage devices 950, and the plurality of network interfaces 960 may be collocated in different enterprise security gateways.
In other embodiments, the present disclosure also provides a computer-readable storage medium having stored thereon computer program instructions, which when executed by a processor, implement the steps of the method in the embodiments corresponding to fig. 1, 3 and/or 4. As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, apparatus, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Thus far, the present disclosure has been described in detail. Some details that are well known in the art have not been described in order to avoid obscuring the concepts of the present disclosure. It will be fully apparent to those skilled in the art from the foregoing description how to practice the presently disclosed embodiments.
Although some specific embodiments of the present disclosure have been described in detail by way of example, it should be understood by those skilled in the art that the above examples are for illustration only and are not intended to limit the scope of the present disclosure. It will be appreciated by those skilled in the art that modifications may be made to the above embodiments without departing from the scope and spirit of the present disclosure. The scope of the present disclosure is defined by the appended claims.
Claims (21)
1. An information transmission method, comprising:
a user enterprise security gateway sends a key negotiation request message to an operator enterprise security gateway through a first interface, wherein the key negotiation request message at least carries a user identifier;
the operator enterprise security gateway identifies a user according to the user identifier, searches for an encryption algorithm corresponding to the user identifier and the encryption algorithm identifier under the condition that the key negotiation request message also carries the encryption algorithm identifier, and returns a key negotiation response message to the user enterprise security gateway through the first interface;
one enterprise security gateway of the user enterprise security gateway and the operator enterprise security gateway encrypts information to be sent through the encryption algorithm to obtain encrypted information, and sends the encrypted information to the other enterprise security gateway of the user enterprise security gateway and the operator enterprise security gateway through a second interface; and
and the other enterprise security gateway decrypts the encrypted information by using a decryption algorithm corresponding to the encryption algorithm and forwards the decrypted information to the corresponding intranet network element.
2. The information transmission method according to claim 1, further comprising:
the operator enterprise security gateway maintains encryption algorithm tables of all signed users, and the user enterprise security gateway maintains the encryption algorithm tables of the user enterprise security gateway;
wherein the encryption algorithm table comprises: user identification, encryption algorithm identification and corresponding encryption algorithm.
3. The information transmission method according to claim 1,
the user enterprise security gateway encrypts the key negotiation request message through a default security transport layer protocol (TLS) security mechanism, and sends the encrypted key negotiation request message to the operator enterprise security gateway;
and the operator enterprise security gateway decrypts the key negotiation request message through the TLS security mechanism.
4. The information transmission method according to claim 3, further comprising:
and under the condition that the key negotiation request message does not carry the encryption algorithm identifier, the user enterprise security gateway and the operator enterprise security gateway mutually transmit information through the TLS security mechanism.
5. The information transmission method according to claim 1, further comprising:
and the other enterprise security gateway verifies the decrypted information, if the decrypted information is identified to contain error information, the error information is mapped into a corresponding error code, and the error code is fed back to the enterprise security gateway through the first interface.
6. The information transmission method according to claim 1, further comprising:
and the user enterprise security gateway and the operator enterprise security gateway respectively judge whether the transmitted information contains confidential information or illegal information, and if the transmitted information contains the confidential information or illegal information, the transmitted information is discarded.
7. A user enterprise security gateway, comprising:
the device comprises a sending unit, a first interface, a second interface and an intranet network element, wherein the sending unit is used for sending a key negotiation request message to the operator enterprise security gateway through the first interface, the key negotiation request message at least carries a user identifier, sending first encryption information to the operator enterprise security gateway through the second interface, and forwarding decrypted information corresponding to the second encryption information to the corresponding intranet network element;
the encryption unit is used for encrypting the information to be sent through an encryption algorithm to obtain the first encrypted information; and
the decryption unit is used for decrypting the second encrypted information received from the operator enterprise security gateway by using a decryption algorithm corresponding to the encryption algorithm to obtain the decrypted information;
and the operator enterprise security gateway identifies a user according to the user identifier, searches for an encryption algorithm corresponding to the user identifier and the encryption algorithm identifier under the condition that the key negotiation request message also carries the encryption algorithm identifier, and returns a key negotiation response message to the user enterprise security gateway through the first interface.
8. The user enterprise security gateway of claim 7, further comprising:
an encryption algorithm table maintenance unit, configured to maintain an encryption algorithm table of the user enterprise security gateway itself, where the encryption algorithm table includes: user identification, encryption algorithm identification and corresponding encryption algorithm.
9. The user enterprise security gateway of claim 7, wherein,
the encryption unit is used for encrypting the key negotiation request message through a default security transport layer protocol (TLS) security mechanism;
the sending unit is used for sending the encrypted key negotiation request message to the operator enterprise security gateway;
and the operator enterprise security gateway decrypts through the TLS security mechanism to obtain the key negotiation request message.
10. The user enterprise security gateway of claim 9,
and under the condition that the key negotiation request message does not carry the encryption algorithm identifier, the encryption unit encrypts the information to be sent through the TLS security mechanism, and the decryption unit decrypts the second encrypted information through the TLS security mechanism.
11. The user enterprise security gateway of claim 7, further comprising:
and the verification unit is used for verifying the decrypted information, mapping the error information into a corresponding error code if the decrypted information is identified to contain the error information, and feeding the error code back to the operator enterprise security gateway through the first interface.
12. The user enterprise security gateway of claim 7, further comprising:
and the information filtering unit is used for judging whether the transmitted information contains confidential information or illegal information or not, and discarding the transmitted information if the transmitted information contains the confidential information or illegal information.
13. A carrier-enterprise security gateway, comprising:
a receiving module, configured to receive a key negotiation request message from a user enterprise security gateway through a first interface, where the key negotiation request message at least carries a user identifier;
the algorithm matching module is used for identifying a user according to the user identifier and searching and obtaining an encryption algorithm corresponding to the user identifier and the encryption algorithm identifier under the condition that the key negotiation request message also carries the encryption algorithm identifier;
a sending module, configured to return a key agreement response message to the user enterprise security gateway through the first interface, forward decrypted information corresponding to the first encryption information to a corresponding intranet network element, and send second encryption information to the user enterprise security gateway through a second interface;
the encryption module is used for encrypting the information to be sent through the encryption algorithm to obtain the second encryption information; and
and the decryption module is used for decrypting the first encrypted information received from the user enterprise security gateway by using a decryption algorithm corresponding to the encryption algorithm so as to obtain the decrypted information.
14. The operator enterprise security gateway as recited in claim 13, further comprising:
an encryption algorithm table maintenance module, configured to maintain encryption algorithm tables of all subscribed users, where the encryption algorithm table includes: user identification, encryption algorithm identification and corresponding encryption algorithm.
15. The carrier enterprise security gateway of claim 13, wherein,
the user enterprise security gateway encrypts the key negotiation request message through a default security transport layer protocol (TLS) security mechanism, and sends the encrypted key negotiation request message to the operator enterprise security gateway;
and the decryption module is used for decrypting through the TLS security mechanism to obtain the key negotiation request message.
16. The carrier enterprise security gateway of claim 15, wherein,
and under the condition that the key negotiation request message does not carry the encryption algorithm identifier, the encryption module encrypts the information to be sent through the TLS security mechanism, and the decryption module decrypts the first encrypted information through the TLS security mechanism.
17. The operator enterprise security gateway as recited in claim 13, further comprising:
and the verification module is used for verifying the decrypted information, mapping the error information into a corresponding error code if the decrypted information is identified to contain the error information, and feeding the error code back to the user enterprise security gateway through the first interface.
18. The operator enterprise security gateway as recited in claim 13, further comprising:
and the information filtering module is used for judging whether the transmitted information contains confidential information or illegal information, and discarding the transmitted information if the transmitted information contains the confidential information or the illegal information.
19. An information transmission system comprising:
the user enterprise security gateway of any of claims 7-12; and
an operator enterprise security gateway as claimed in any one of claims 13 to 18.
20. An information transmission system comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the method of any of claims 1-6 based on instructions stored in the memory.
21. A computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110043533.8A CN114826627A (en) | 2021-01-13 | 2021-01-13 | Information transmission method, enterprise security gateway and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110043533.8A CN114826627A (en) | 2021-01-13 | 2021-01-13 | Information transmission method, enterprise security gateway and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114826627A true CN114826627A (en) | 2022-07-29 |
Family
ID=82525162
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110043533.8A Pending CN114826627A (en) | 2021-01-13 | 2021-01-13 | Information transmission method, enterprise security gateway and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114826627A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116112152A (en) * | 2023-04-11 | 2023-05-12 | 广东徐工汉云工业互联网有限公司 | Data sharing security encryption method and device across enterprise network |
| CN117061115A (en) * | 2023-10-11 | 2023-11-14 | 腾讯科技(深圳)有限公司 | Key negotiation method, key negotiation apparatus, computer device, and computer-readable storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103067158A (en) * | 2012-12-27 | 2013-04-24 | 华为技术有限公司 | Encryption and decryption method, terminal device, gateway device and key management system |
| CN106789834A (en) * | 2015-11-20 | 2017-05-31 | 中国电信股份有限公司 | Method, gateway, PCRF network elements and system for identifying user identity |
| CN107508796A (en) * | 2017-07-28 | 2017-12-22 | 北京明朝万达科技股份有限公司 | A kind of data communications method and device |
| CN108259157A (en) * | 2016-12-29 | 2018-07-06 | 华为技术有限公司 | Identity authentication method and the network equipment in a kind of ike negotiation |
| US10778658B1 (en) * | 2020-02-03 | 2020-09-15 | Tanla Digital Labs Private Limited | Communication server and method of secured transmission of messages |
| CN111742529A (en) * | 2018-02-19 | 2020-10-02 | 瑞典爱立信有限公司 | Secure negotiation in service-based architecture (SBA) |
-
2021
- 2021-01-13 CN CN202110043533.8A patent/CN114826627A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103067158A (en) * | 2012-12-27 | 2013-04-24 | 华为技术有限公司 | Encryption and decryption method, terminal device, gateway device and key management system |
| CN106789834A (en) * | 2015-11-20 | 2017-05-31 | 中国电信股份有限公司 | Method, gateway, PCRF network elements and system for identifying user identity |
| CN108259157A (en) * | 2016-12-29 | 2018-07-06 | 华为技术有限公司 | Identity authentication method and the network equipment in a kind of ike negotiation |
| CN107508796A (en) * | 2017-07-28 | 2017-12-22 | 北京明朝万达科技股份有限公司 | A kind of data communications method and device |
| CN111742529A (en) * | 2018-02-19 | 2020-10-02 | 瑞典爱立信有限公司 | Secure negotiation in service-based architecture (SBA) |
| US10778658B1 (en) * | 2020-02-03 | 2020-09-15 | Tanla Digital Labs Private Limited | Communication server and method of secured transmission of messages |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116112152A (en) * | 2023-04-11 | 2023-05-12 | 广东徐工汉云工业互联网有限公司 | Data sharing security encryption method and device across enterprise network |
| CN116112152B (en) * | 2023-04-11 | 2023-06-02 | 广东徐工汉云工业互联网有限公司 | Data sharing security encryption method and device across enterprise network |
| CN117061115A (en) * | 2023-10-11 | 2023-11-14 | 腾讯科技(深圳)有限公司 | Key negotiation method, key negotiation apparatus, computer device, and computer-readable storage medium |
| CN117061115B (en) * | 2023-10-11 | 2024-02-02 | 腾讯科技(深圳)有限公司 | Key negotiation method, key negotiation apparatus, computer device, and computer-readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110035433B (en) | Verification method and device adopting shared secret key, public key and private key | |
| JP4000111B2 (en) | Communication apparatus and communication method | |
| CN109428875B (en) | Discovery method and device based on service architecture | |
| KR101438243B1 (en) | Sim based authentication | |
| US8345875B2 (en) | System and method of creating and sending broadcast and multicast data | |
| CN106603485A (en) | Secret key negotiation method and device | |
| CN104244237B (en) | Data sending, receiving method and reception send terminal and data transmitter-receiver set | |
| CN111050314A (en) | Client registration method, device and system | |
| US11778460B2 (en) | Device and method for authenticating transport layer security communications | |
| CN104243439B (en) | Document transmission processing method, system and terminal | |
| US8510554B2 (en) | Key management system, key management method, server apparatus and program | |
| KR20200044117A (en) | Digital certificate management method and device | |
| CN114826627A (en) | Information transmission method, enterprise security gateway and system | |
| CN113239403A (en) | Data sharing method and device | |
| WO2004062189A1 (en) | Methods and apparatus for finding a shared secret without compromising non-shared secrets | |
| US20110010544A1 (en) | Process distribution system, authentication server, distribution server, and process distribution method | |
| CN114142995B (en) | Key security distribution method and device for block chain relay communication network | |
| CN108494764B (en) | Identity authentication method and device | |
| CN108933758B (en) | Sharable cloud storage encryption and decryption method, device and system | |
| WO2016000473A1 (en) | Business access method, system and device | |
| CN112235331A (en) | Data transmission processing method and equipment | |
| CN113434837B (en) | Method and device for equipment identity authentication and smart home system | |
| CN111212044B (en) | Data transmission method, device and storage medium | |
| AU2022207206A1 (en) | System and method for key establishment | |
| CN110890959B (en) | Account encryption method, system and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |