CN1773904A - Universal safety grade consulting method - Google Patents
Universal safety grade consulting method Download PDFInfo
- Publication number
- CN1773904A CN1773904A CN 200410088873 CN200410088873A CN1773904A CN 1773904 A CN1773904 A CN 1773904A CN 200410088873 CN200410088873 CN 200410088873 CN 200410088873 A CN200410088873 A CN 200410088873A CN 1773904 A CN1773904 A CN 1773904A
- Authority
- CN
- China
- Prior art keywords
- security
- application server
- portable terminal
- safety unit
- combination
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
A consultation method of universal safety level includes sending selected safety level to called party by initiator, consulting out and assigning a safety algorithm with the best safety property by both parties, setting up safety communication channel for both parties by executing safety algorithm consulted out by both parties.
Description
Technical field
The present invention is applicable to mobile communication and information security field, is specifically related to a kind of general safety grade arranging method.
Background technology
Mobile network and professional development, the mobile network must support increasing security protocol and security algorithm.This power is mainly from the following aspects: (1) is along with the mobile network moves towards to merge day by day, as fusion of 3G and WLAN etc., the mobile network must support miscellaneous portable terminal simultaneously, yet different portable terminals may be by different security protocol supports, so the security protocol that server must be supported just day by day increases.(2), objectively require operator that the server in this portable terminal possibility roaming range is disposed this security protocol because the mobility of portable terminal supports the portable terminal of certain security protocol in a single day to come into operation.(3) country variant is because the needs of national security also may require national mobile communications network to support the cryptographic algorithm of this country.This just requires mobile network's server need support complicated comprehensively security protocol, to satisfy the needs of roaming and intercommunication.Most of portable terminal computing capabilitys, display capabilities and internal memory are limited, are difficult to support the security protocol with the server equal number.Portable terminal can only be supported the limited safe protocol type according to self range of application and characteristics.This just requires mobile network's server and portable terminal to open the safety communication channel through consultation.
Various new business constantly develop.The scope of business has been not limited to the speech business of conversing between the portable terminal, or the data service of mobile terminal accessing particular server content, but portable terminal participates in the multimedia service of information interaction in many ways comprehensively.Portable terminal is the recipient of multimedia messages, also is the supplier of multimedia messages.Day by day Feng Fu application need has enough safety guarantee.Yet not all information all needs same other safety guarantee of level.Therefore be necessary at the different business needs, the safety guarantee service of different brackets is provided.Therefore, on various security protocols basis, grade classification is carried out in the safety guarantee service that security protocol can provide, allow the mobile subscriber, use the safety guarantee service of different brackets according to service needed.
Operator disposes the safety unit combination of different safety class on the different safe floors with application server of portable terminal according to the demand in market.It is first that these safety unit combinations are comprising some safety, and each safety unit is the security algorithm of corresponding different security performances again.Only consult security algorithm, negotiation efficiency is low.In negotiations process, adopt single negotiation, make negotiations process under attack easily, the merit of failing to consultations is consulted again.Reduced negotiation efficiency like this.Reduce probability under attack though consult afterwards to authenticate earlier, increased negotiation step.
Summary of the invention
The invention provides a kind of general safe consultation method.The purpose of security negotiation is to make communication two party negotiate the security algorithm of the suitable performance the best of the safe class of common support.By carrying out this security algorithm, set up the secure communication channel between communication two party.
Among the present invention, adopt following safety grade arranging method:
Be divided into two levels of security algorithm of safe class and each safe class correspondence when system makes the land used security strategy, consult may further comprise the steps:
(1) initiator gives the callee with the safe class of its selection;
(2) both sides negotiate and specify a common best security algorithm of security performance of supporting under the safe class;
(3) security algorithm that negotiates by execution, both sides set up secure communication channel.
The initiator sends to the callee with the security algorithm that initiator under the safe class of appointment and this safe class supports in verification process, and the callee also sends to the initiator with the security algorithm under this grade of its support in verification process simultaneously.
If the security strategy that system uses also comprises the safety unit combination of each safe class correspondence, described step (2) is: both sides negotiate and specify the common best security combination of supporting of security performance under the safe class, negotiate the corresponding common best security algorithm of supporting of security performance of both sides of each safety unit in each safety unit combination more successively.In verification process, each corresponding security algorithm of safety unit sends to the callee in safety unit combination that the initiator supports initiator under the safe class of appointment, this safe class and the combination of safety unit; In verification process, the callee is also with the corresponding security algorithm initiator of each safety unit in safety unit combination under this grade of its support and the combination of safety unit simultaneously.
When using expansion level security layer, comprise also after the step (1) that following processing procedure is; The callee generates the combination of expansion level security unit according to the safety unit that the initiator selects; Each corresponding all security algorithm of realizing that this safety unit should support of safety unit in the combination of expansion level security.
Safe class of the present invention consults specifically to may further comprise the steps:
A. portable terminal sends subscriber identity information and portable terminal to application server and supports negotiate content under safe class and this grade;
B. application server uses Ciphering Key, and this Ciphering Key comprises random number, Expected Response, session key, and the authentication sign sends authentication challenge to portable terminal and replys, and it obtains session key application service from Ciphering Key;
C. mobile terminal authentication application server.Authentication is by the back session key, and portable terminal sends authentication response information to application server; Otherwise, get back to step a and consult again;
D. application server authenticates portable terminal; The authentication success application server sends authentication success message to portable terminal, and sends the negotiate content that application server is supported; Otherwise getting back to step a holds consultation again;
E. negotiate the common best security algorithm of supporting of security performance of portable terminal and application server; Carry out these security algorithms; Open secure communication channel; Portable terminal sends to application server and goes up the negotiate content that goes on foot the application server support of receiving;
F. verify whether negotiate content is distorted; Do not distorted, application server sends to portable terminal and consults to finish information; Otherwise get back to step a and carry out security negotiation again.
The content of consulting among the step a comprises each corresponding security algorithm of safety unit in the combination of safety unit, the combination of safety unit.
Can negotiate earlier among the step e and specify portable terminal and the best safety unit combination of the common security performance of supporting of application server under the safe class, negotiate each first corresponding mobile terminal of safety and the common best security algorithm of supporting of security performance of application server in this security combination again.
The benefit that adopts said method to hold consultation is:
(1) reduces in the negotiations process under fire probability.
(2) less negotiation step improves negotiation efficiency.
(3) dwindle seek scope, improve negotiation efficiency.
Description of drawings
Fig. 1 is general mobile security Policy model figure among the present invention;
Fig. 2 is the corresponding relation figure of non-expansion level security layer, the combination of safety unit, safety unit, security algorithm on portable terminal or the application server among the present invention;
Fig. 3 is the corresponding relation figure of portable terminal expansion level security layer, the combination of safety unit, safety unit, security algorithm;
Fig. 4 is the corresponding relation figure of application server expansion level security layer, safety unit, security algorithm;
Fig. 5 is a security negotiation schematic flow sheet among the present invention.
Embodiment
According to summary of the invention, we introduce the embodiment of invention.
With reference to shown in Figure 1, security strategy is divided into basic security strategy and increment security strategy.The corresponding generic services of basic security strategy.The corresponding value-added service of increment security strategy.Operator need provide safety guarantee for value-added service.The realization of safety guarantee needs operator to increase investment on the mobile network.Therefore, on the increment security strategy, dispose safe floors high, medium and low and four kinds of grades of expansion.High, medium and low level is by operator's configuration, and the expansion level is disposed by the user.Every kind of safe floor is realized the safety guarantee of varying strength.The security algorithm that comprises the first correspondence of safety in the safety unit combination of its correspondence and this combination in the safe floor of every kind of safe class.Portable terminal is selected a kind of safe floor of grade as required.Portable terminal is by consulting step by step with application server, and is final, and both sides select the one group of security algorithm that satisfies demand for security and common security performance the best of supporting.By carrying out this group security algorithm, open the safety communication channel.
Specific implementation is as follows:
The first step: determine safety unit;
Established i=6 kind safety unit promptly according to demand for security: data encryption, authentication, data integrity, non-repudiation, anonymity, availability etc.In the safe floor of different brackets, the security algorithm of the first corresponding varying strength of each safety.
Second step: be each hierarchically secure layer configuration safety unit combination tabulation of application server, security algorithm tabulation;
With reference to Fig. 2, operator is according to the market demand, and is first with reference to above safety, forms the safety unit combination of different security performances.And these safety unit combinations are configured on the different safe floors of application server according to security performance.With reference to Fig. 4, if the user selects expansion level security layer for use, this layer comprises i=6 kind safety unit, every kind of safety unit its security algorithm tabulation of corresponding all realizations.
The 3rd step: be the combination of mobile terminal configuration safety unit, security algorithm;
With reference to Fig. 2, operator on the different safety class safe floor, is subordinated to the combination of safety unit and the security algorithm of application server according to the range of application and the characteristics of portable terminal for its configuration.If mobile phone users is understood the security performance of each safety unit, also can oneself dispose safety unit as required.With reference to Fig. 3, form the combination of expansion level security unit.And be followed successively by each safety unit and distribute suitable security algorithm tabulation.
With reference to shown in Figure 5, specify the concrete manifestation form of safe class negotiation in general mobile security strategy below for example.This example is quoted the security negotiation process of IMS.
Portable terminal sends SM1 to the portable terminal acting server;
SM1 has comprised the safe class that portable terminal is selected according to demand; Portable terminal is supported in this grade safety unit combination identifier list and security algorithm identifier list; The open identity of portable terminal and privately owned identity.
In the selected grade, suppose that the safety unit combination identifier list of portable terminal support is { C
1 T, C
2 T, KK, C
N1 T, n1 〉=1 wherein.The corresponding security performance tabulation of safety unit combination is { Q in the tabulation
1 T, Q
2 T, KK, Q
N1 T.For the ease of searching, in safety unit combination identifier list, operator can arrange safety unit combination identifier from high to low according to security performance, promptly
As: the combination G of safety unit
i TCorresponding safe unit is { A
1 Ti, A
2 Ti, KK, A
M1 Ti(m1 〉=1,1≤i≤n1).Each corresponding concrete security algorithm identifier list of safety unit, as: the first A of safety
j Ti(1≤j≤m1) corresponding security algorithm identifier is { S
1 Tij, S
2 Tij, KK, S
K1 Tij.The tabulation of the security performance of security algorithm correspondence is { q in the tabulation
1 Tij, q
2 Tij, KK, q
K1 Tij(k1 〉=1).For the ease of searching, operator can arrange the security algorithm identifier from high to low according to security performance, promptly
The publicly-owned identity of portable terminal is used for registration among the SM1, and privately owned identity is used for authentication.
The portable terminal acting server sends SM2 to application server after receiving SM1.
Among the SM2, the portable terminal acting server is transmitted SM1 message to application server.
After receiving SM2, application server stores safety unit combination identifier list, each the corresponding security algorithm identifier list of safety unit of portable terminal support in the selected safe class of portable terminal, this grade into this locality.Do not register on application server if the publicly-owned identity of portable terminal is current, then application server need become 1 with the registered symbol position on the attribution server of portable terminal, and the expression initial registration is not finished as yet.Doing purpose like this is when initial registration is being carried out and do not completed successfully, and terminating mobile terminal is called out.Registered symbol sends a Cx-Put by application server orders the portable terminal attribution server to be provided with.
After application server is received SM2, application server will use an AV (Ciphering Key) to come authenticated user and consult a session key with the user.If application server does not have effective AV, at this moment application server will send the request of wanting n AV to the portable terminal attribution server.N 〉=1 wherein
After the portable terminal attribution server is received the request of application server, utilize the CM2 order to send n AV, wherein n 〉=1 to application server.AV comprises following content: the response XRES of a random number RA ND, an expectation, a session key, as: encryption key CK and Integrity Key IK etc., an authentication sign AUTH.
Application server sends an authentication challenge to portable terminal, and it comprises challenge RAND, authentication sign AUTH and is placed among the SM3.It also comprises the session key to the portable terminal acting server, as: encryption key CK and Integrity Key IK etc.
After the portable terminal acting server is received SM3, it will preserve session key CK and IK etc., and delete this information from message, then the part of being left in portable terminal E-Packets, i.e. SM4.
After receiving SM4, portable terminal takes out the AUTH that comprises MAC and SQN.Portable terminal calculates XMAC and also checks whether XMAC is identical with MAC, and whether SQN is in correct scope.If these inspections have all been passed through, at this moment, portable terminal has been finished the authentication of application server.Portable terminal calculates the corresponding RES of authentication, it is placed in the authentication header, and is placed on and sends back to registration side among the SM5.Portable terminal calculates session key CK and IK etc. in this stage.If check and do not pass through, then the card of recognizing each other of application server and portable terminal is failed, and gets back to the first step and authenticates again and security negotiation
The portable terminal acting server is transmitted to application server with the authentication response RES among the SM5 with SM6.
After receiving SM6, what application server extracted this user enlivens authentication response XRES, and uses its to check the response that portable terminal sends.If check successfully, then the user is by authentication, if check is unsuccessful, then recognizing each other of portable terminal and application server demonstrate,proved failure.Getting back to the first step authenticates and security negotiation again.Authentication by and the publicly-owned identity of portable terminal be registered in the application server.If current not being registered of the publicly-owned identity of portable terminal, application server will send the Cx-Put registration updating and be labeled as registered.Be registered if the publicly-owned identity of portable terminal is current, then registered symbol is constant.
If the expansion level, application server is according to { the A of safety unit of mobile terminal configuration
1 Tj, A
2 Tj, KK, A
M1 Tj(m1 〉=1), at an expansion of the application server end configuration level security combination C of unit
j S, he comprises all safety unit, i.e. { A of user's choosing
1 Tj, A
2 Tj, KK, A
M1 Tj.Its security algorithm of the realization that every kind of corresponding all operator of safety unit provide.
At first, application server is selected application server and the highest safety unit combination of the common security performance of supporting of portable terminal.Concrete grammar is as follows: (1) application server is opened with specifying the combination identifier list { C of safety unit that application server is supported in the safe class
1 S, C
2 S, KK, C
N2 S, n2 〉=1 wherein.The corresponding security performance tabulation of safety unit combination is { Q in the tabulation
1 S, Q
2 S, KK, Q
N2 S.For the ease of searching, operator can arrange the combination of safety unit from high to low according to security performance, promptly
(2) formulated the combination tabulation { C of safety unit that portable terminal is supported under the safe class in the application server according to storing in the past
1 T, C
2 T, KK, C
N1 T, application server is selected first
The first C of safety
j S1≤j≤n2 and 1≤i≤n1 wherein.
Then, application server is opened C
j SThe corresponding first identifier list { A of safety
1 Sj, A
2 Sj, KK, A
M2 Sj, m2 〉=1 wherein.Then application server is opened each corresponding security algorithm identifier list of safety unit in the first identifier list of safety, as: the first A of safety
i Sj(1≤i≤m2) corresponding security algorithm identifier list is { S
1 Sji, S
2 Sji, KK, S
K2 Sji, k2 〉=1 wherein.The performance number tabulation of security algorithm correspondence is { q
1 Sji, q
2 Sji, KK, q
K2 Sji.For the ease of searching, operator can arrange the security algorithm identifier from high to low according to security performance, promptly
At last, according to storing the C that portable terminal is supported in the application server in the past into
i TThe safety unit tabulation that the combination of safety unit is corresponding, i.e. { A
1 Ti, A
2 Ti, K K, A
M1 TiM2=m1 wherein,
In the corresponding security algorithm identifier list of each safety unit, as safety first A
j Ti(1≤j≤m2) corresponding security algorithm identifier list is { S
1 Tij, S
2 Tij, KK, S
K1 Tij(k1 〉=1).Select safe unit successively
In first
Security algorithm S
j Sji1≤j≤k2 and 1≤i≤k1 wherein.And carry out these security algorithms successively.
Application server sends SM7 to the portable terminal acting server
SM7 comprises: the safety unit combination that application server is supported, the first corresponding algorithm identifier list of each safety, authentication success message.
The portable terminal acting server is transmitted SM7 and is given portable terminal among the SM8.
After receiving SM8, the combination of safety unit and each corresponding security algorithm identifier list of safety unit that portable terminal is supported according to application server in the concrete safe floor, select application server and the highest safety unit combination of the common performance of supporting of portable terminal in this safe level, select the corresponding the highest security algorithm of performance of safety unit in this peace unit combination again.Concrete grammar is as follows:
At first, portable terminal is opened the combination tabulation { C of safety unit that portable terminal is supported in the concrete safe class
1 T, C
2 T, KK, C
N1 TN1 〉=1 wherein.According to application server support safety unit combination tabulation { C among the SM8
1 S, C
2 S, KK, C
N2 S, portable terminal is selected first
The first C of safety
i T1≤i≤n1 and 1≤j≤n2 wherein.
Once more, portable terminal is opened C
i TCorresponding safety unit tabulation, i.e. { A
1 Ti, A
2 Ti, KK, A
M1 TiM1 〉=1 wherein.Then portable terminal is opened the corresponding safety of each safety unit and is calculated tabulation.As: the first A of safety
j Ti(security algorithm identifier list { the S that 1≤j≤m1) is corresponding
1 Tij, S
2 Tij, KK, S
K1 Tij(k1 〉=1).
At last, the A that supports according to application server among the SM8
j SThe safety unit tabulation that the combination of safety unit is corresponding, i.e. { A
1 Sj, A
2 Sj, K K, A
M2 SjM2=m1 wherein,
In the corresponding security algorithm identifier list of each safety unit, as safety first A
i Sj(1≤i≤m2) corresponding security algorithm identifier list is { S
1 Sji, S
2 Sji, K K, S
K2 Sji(k2 〉=1).Select safe unit successively
In first
Security algorithm S
i Tij1≤j≤k2 and 1≤i≤k1 wherein.And carry out these security algorithms successively.
This moment, portable terminal and application server were consulted to have set up the safety communication channel by safe class, and the later message of SM8 will be kept safe.
In the appointment safe floor that SM9 transmission portable terminal is received, safety unit combination that application server is supported and the corresponding security algorithm identifier list of safety unit.
After receiving SM9, the portable terminal acting server will be checked whether tabulate identical with SM8 of safety unit combination among the SM9 and security algorithm.If inequality, registration process will be ended, and the security negotiation procedure failure is got back to the first step and held consultation again.If identical, the portable terminal acting server sends SM10 to application server.
Comprised following information among the SM10: the message of sending from portable terminal that receives is protected by security algorithm, and these messages have passed through the integrity checking of portable terminal acting server.
The portable terminal acting server sends SM12 at last to portable terminal.Notice portable terminal safe mode is set up.
Claims (8)
1. a general safety grade arranging method is characterized in that, is divided into two levels of security algorithm of safe class and each safe class correspondence when system makes the land used security strategy, consults may further comprise the steps:
(1) initiator gives the callee with the safe class of its selection;
(2) both sides negotiate and specify a common best security algorithm of security performance of supporting under the safe class;
(3) security algorithm that negotiates by execution, both sides set up secure communication channel.
2. machinery of consultation as claimed in claim 1, it is characterized in that, if the security strategy that system uses also comprises the safety unit combination of each safe class correspondence, described step (2) is: both sides negotiate and specify the common best security combination of supporting of security performance under the safe class, negotiate the corresponding common best security algorithm of supporting of security performance of both sides of each safety unit in each safety unit combination more successively.
3. machinery of consultation as claimed in claim 1 or 2 is characterized in that, when using expansion level security layer, comprises also after the step (1) that following processing procedure is: the callee generates the combination of expansion level security unit according to the safety unit that the initiator selects; Each corresponding all security algorithm of realizing that this safety unit should support of safety unit in the combination of expansion level security.
4. machinery of consultation as claimed in claim 1, it is characterized in that, can be in verification process the initiator security algorithm that initiator under the safe class of appointment and this safe class supports is sent to the callee, the callee also sends to the initiator with the security algorithm under this grade of its support in verification process simultaneously.
5. machinery of consultation as claimed in claim 2, it is characterized in that, can be in verification process, each corresponding security algorithm of safety unit sends to the callee in safety unit combination that the initiator supports initiator under the safe class of appointment, this safe class and the combination of safety unit; In verification process, the callee is also with the corresponding security algorithm initiator of each safety unit in safety unit combination under this grade of its support and the combination of safety unit simultaneously.
6. machinery of consultation as claimed in claim 4 is characterized in that, described method specifically may further comprise the steps:
A. portable terminal sends subscriber identity information and portable terminal to application server and supports negotiate content under safe class and this grade;
B. application server uses Ciphering Key, and this Ciphering Key comprises random number, Expected Response, session key, and the authentication sign sends authentication challenge to portable terminal and replys, and it obtains session key application service from Ciphering Key;
C. mobile terminal authentication application server.Authentication is by the back session key, and portable terminal sends authentication response information to application server; Otherwise, get back to step a and consult again;
D. application server authenticates portable terminal; The authentication success application server sends authentication success message to portable terminal, and sends the negotiate content that application server is supported; Otherwise getting back to step a holds consultation again;
E. negotiate the common best security algorithm of supporting of security performance of portable terminal and application server; Carry out these security algorithms; Open secure communication channel; Portable terminal sends to application server and goes up the negotiate content that goes on foot the application server support of receiving;
F. verify whether negotiate content is distorted; Do not distorted, application server sends to portable terminal and consults to finish information; Otherwise get back to step a and carry out security negotiation again.
7. machinery of consultation as claimed in claim 6 is characterized in that, the content of consulting among the described step a comprises each corresponding security algorithm of safety unit in the combination of safety unit, the combination of safety unit.
8. machinery of consultation as claimed in claim 6, it is characterized in that, can negotiate earlier among the described step e and specify portable terminal and the best safety unit combination of the common security performance of supporting of application server under the safe class, the common best security algorithm of supporting of security performance of each first corresponding mobile terminal of safety and application server in negotiating this security combination.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100888739A CN100571130C (en) | 2004-11-08 | 2004-11-08 | A kind of general safety grade arranging method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100888739A CN100571130C (en) | 2004-11-08 | 2004-11-08 | A kind of general safety grade arranging method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1773904A true CN1773904A (en) | 2006-05-17 |
| CN100571130C CN100571130C (en) | 2009-12-16 |
Family
ID=36760689
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100888739A Active CN100571130C (en) | 2004-11-08 | 2004-11-08 | A kind of general safety grade arranging method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100571130C (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008089694A1 (en) * | 2007-01-19 | 2008-07-31 | Huawei Technologies Co., Ltd. | A method, a system and an equipment for obtaining the media stream protecting key in ims network |
| WO2009094942A1 (en) * | 2008-01-30 | 2009-08-06 | Huawei Technologies Co., Ltd. | Method and communication network system for establishing security conjunction |
| CN101192922B (en) * | 2006-11-17 | 2010-05-19 | 中兴通讯股份有限公司 | A method for establishing secure channel between both communication parties |
| CN101188492B (en) * | 2006-11-17 | 2010-08-18 | 中兴通讯股份有限公司 | System and method for realizing secure service |
| CN101146305B (en) * | 2006-09-13 | 2010-09-01 | 中兴通讯股份有限公司 | Configuration method of secure policy |
| CN101192919B (en) * | 2006-11-21 | 2010-09-08 | 中兴通讯股份有限公司 | Method for realizing user-defined security level |
| CN101854625A (en) * | 2009-04-03 | 2010-10-06 | 华为技术有限公司 | Selective processing method and device of security algorithm, network entity and communication system |
| CN101111053B (en) * | 2006-07-18 | 2010-12-01 | 中兴通讯股份有限公司 | System and method for defending network attack in mobile network |
| CN102694809A (en) * | 2012-05-31 | 2012-09-26 | 汉柏科技有限公司 | Main-mode IKE negotiation method |
| WO2014040292A1 (en) * | 2012-09-17 | 2014-03-20 | 华为技术有限公司 | Protection method and device against attacks |
-
2004
- 2004-11-08 CN CNB2004100888739A patent/CN100571130C/en active Active
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101111053B (en) * | 2006-07-18 | 2010-12-01 | 中兴通讯股份有限公司 | System and method for defending network attack in mobile network |
| CN101146305B (en) * | 2006-09-13 | 2010-09-01 | 中兴通讯股份有限公司 | Configuration method of secure policy |
| CN101192922B (en) * | 2006-11-17 | 2010-05-19 | 中兴通讯股份有限公司 | A method for establishing secure channel between both communication parties |
| CN101188492B (en) * | 2006-11-17 | 2010-08-18 | 中兴通讯股份有限公司 | System and method for realizing secure service |
| CN101192919B (en) * | 2006-11-21 | 2010-09-08 | 中兴通讯股份有限公司 | Method for realizing user-defined security level |
| WO2008089694A1 (en) * | 2007-01-19 | 2008-07-31 | Huawei Technologies Co., Ltd. | A method, a system and an equipment for obtaining the media stream protecting key in ims network |
| WO2009094942A1 (en) * | 2008-01-30 | 2009-08-06 | Huawei Technologies Co., Ltd. | Method and communication network system for establishing security conjunction |
| CN101926151B (en) * | 2008-01-30 | 2013-01-02 | 华为技术有限公司 | Method and communication network system for establishing security conjunction |
| CN101854625A (en) * | 2009-04-03 | 2010-10-06 | 华为技术有限公司 | Selective processing method and device of security algorithm, network entity and communication system |
| US8898729B2 (en) | 2009-04-03 | 2014-11-25 | Huawei Technologies Co., Ltd. | Method and apparatus for security algorithm selection processing, network entity, and communication system |
| CN102694809A (en) * | 2012-05-31 | 2012-09-26 | 汉柏科技有限公司 | Main-mode IKE negotiation method |
| WO2014040292A1 (en) * | 2012-09-17 | 2014-03-20 | 华为技术有限公司 | Protection method and device against attacks |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100571130C (en) | 2009-12-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7035163B2 (en) | Network security management methods and equipment | |
| CN1835436A (en) | General power authentication frame and method of realizing power auttientication | |
| CN1191696C (en) | Sefe access of movable terminal in radio local area network and secrete data communication method in radio link | |
| US8091122B2 (en) | Computer program product, apparatus and method for secure HTTP digest response verification and integrity protection in a mobile terminal | |
| CN1124759C (en) | Safe access method of mobile terminal to radio local area network | |
| CN101478753B (en) | Security management method and system for IMS network access by WAPI terminal | |
| CN1265609C (en) | Confirmation method for safe mobile e-business platform digital certificate | |
| CN1767438A (en) | System and method for verifying digital signatures on certificates | |
| CN1249586A (en) | Method and device for establishing safety connection on single data channel | |
| CN1764107A (en) | Method of authenticating a mobile network node in establishing a peer-to-peer secure context | |
| CN1726483A (en) | Authentication in a communication system | |
| CN1697373A (en) | Method for negotiating about cipher key shared by users and application server | |
| CN1528102A (en) | Local authentication in a communication system | |
| CN1921682A (en) | Method for enhancing key negotiation in universal identifying framework | |
| CN101043328A (en) | Cipher key updating method of universal leading frame | |
| CN1929371A (en) | Method for negotiating key share between user and peripheral apparatus | |
| CN1941695B (en) | Method and system for generating and distributing key during initial access network process | |
| US9241264B2 (en) | Network access authentication for user equipment communicating in multiple networks | |
| CN1773904A (en) | Universal safety grade consulting method | |
| CN1801697A (en) | Method for arranging key in IP multimedia service subsystem network | |
| CN101039181A (en) | Method for preventing service function entity of general authentication framework from attack | |
| CN1845600A (en) | Method and system for realizing user key arrangement in mobile broadcast television service | |
| CN1750462A (en) | Method for realizing identity identification by mobile terminal | |
| CN1921379A (en) | Method for object discriminator/key supplier to get key | |
| CN1777102A (en) | Device and method for software terminal accessing IP multimedia sub-system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |