CN1889767A - Method for achieving media flow security and communication system - Google Patents
Method for achieving media flow security and communication system Download PDFInfo
- Publication number
- CN1889767A CN1889767A CNA2005100802501A CN200510080250A CN1889767A CN 1889767 A CN1889767 A CN 1889767A CN A2005100802501 A CNA2005100802501 A CN A2005100802501A CN 200510080250 A CN200510080250 A CN 200510080250A CN 1889767 A CN1889767 A CN 1889767A
- Authority
- CN
- China
- Prior art keywords
- key
- terminal equipment
- network
- security
- session
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
A method for realizing safety of media stream includes launching session request by terminal device (TD), confirming whether enciphering cipher code or protective cipher code of completeness is distributed to media stream or not for this time of session in session setting-up course by boundary control entity (BCE) between network domain and access domain existed by TD joining said session, transmitting distributed cipher code to TD and corresponding boundary retransmission entity by BCE in order to carry out safety protection on media stream transmitted via access domain. The communication system utilizing said method is also disclosed.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of method and communication system that realizes media flow security.
Background technology
In next generation network (NGN), no matter be the flexible exchanging network or following IP multimedia service subsystem (IMS) network, more be the safety of considering how to guarantee signaling plane for network security problem at present, and it is less to the security consideration of Media Stream, in fact, Media Stream need be considered safety problem equally, otherwise user's conversation may be easy to be eavesdropped on IP network, and distorting of IP message also is easy to make service quality to reduce.
Existing a kind of scheme of protecting Media Stream in the IMS network, its basic principle is as follows:
In the IMS network architecture, introduce Media Stream and act on behalf of RTP Proxy; Realize the shared key of user terminal (UE) and RTP Proxy by universal guiding structure (GBA is a kind of general authentication and the encryption key distribution model that defines in the 3GPP standard) mode; By this shared key, realize confidentiality and integrity protection between UE and the RTP Proxy to Media Stream, realize the safety of Media Stream at input field.
The framework model of GBA as shown in Figure 1, the application of GBA in media stream cryptographic key distributes is as shown in Figure 2.Utilize GBA mechanism to realize that the encryption key distribution between UE and the RTP Proxy is described below:
In Fig. 2, regard SIP Server (as the P-CSCF that defines in the 3GPP IMS network) and RTP Proxy as an integral body, as the network application function among the GBA (NAF), SIP Server obtains NAF and SIP Client cipher key shared from BSF, SIP Server gives RTPProxy by other interface Is with key again, thereby realizes that the media flow security key between SIP Client and the RTP Proxy is shared.
Though in the framework of GBA, NAF and boortstrap server function (BSF) have the Zn interface, but at present the function of BSF by which entity in the network is finished and is not also had concrete scheme in actual applications, and need obtain key from BSF by interface and also make handling process more complicated.In addition; the key updating cycle that above-mentioned GBA model distributes is longer; and this key can be used between SIP Client and the P-CSCF/RTPProxy the repeatedly encryption of the Media Stream of session or integrity protection; cause key between a plurality of entities, to be shared; repeatedly medium streaming session adopts same key to protect simultaneously, also has certain potential safety hazard.
Summary of the invention
The invention provides a kind of method and communication system that realizes media flow security, have the complicated and relatively poor problem of fail safe of encryption key distribution flow processing in the prior art to solve.
Realize that technical scheme of the present invention is as follows:
A kind of method that realizes media flow security comprises the steps:
Terminal equipment initiates a session request;
Participate in the terminal equipment place input field of described session and the boundary Control entity between the network domains and set up in the process, determine whether to be this session allocation medium stream encryption key or Media Stream integrity protection key in session; And
The boundary Control entity sends it to terminal equipment and corresponding border Delivery Function after distributing key, this terminal equipment and border Delivery Function utilize security algorithm and described key that the Media Stream that transmits through input field is carried out safeguard protection.
Wherein:
Described boundary Control entity determines whether to be this session allocation medium stream safe key according to the media flow security protection indication that whether needs carry out the media flow security protection to this session in the conversation request response.
Described boundary Control entity is indicated according to the media flow security protection that whether needs carry out the media flow security protection to this session in the conversation request response; and, determine whether to be this session allocation medium stream encryption key or media flow security key with reference to the local security strategy that disposes.
Determine whether that according to user profile or business information needs carry out the media flow security protection to this session by the network entity in the network.
Message header field or parameter by the response of expansion conversation request indicate whether and need carry out safeguard protection to Media Stream.
The security algorithm that adopts between terminal equipment and the border Delivery Function is consulted to determine in conversation message reciprocal process.
In conversation message reciprocal process, terminal equipment and border Delivery Function send to the boundary Control entity with the security algorithm of supporting respectively, and the security algorithm of all being supported by both sides of boundary Control entity selection is also notified terminal equipment and the border Delivery Function;
Perhaps, in conversation message reciprocal process, terminal equipment is sent to the border Delivery Function by the boundary Control entity with the security algorithm of supporting, selects algorithm that both sides all support and through boundary edge controlled entity notice terminal equipment by the border Delivery Function;
Perhaps, in conversation message reciprocal process, the boundary Control entity obtains the security algorithm tabulation of border Delivery Function support and sends to terminal equipment, selects algorithm that both sides all support and through boundary edge controlled entity notice border Delivery Function by terminal equipment.
A kind of communication system comprises input field and network domains, and this communication system comprises:
The boundary Control entity is arranged between described input field and the network domains, is used to the session allocation medium stream safe key between the user terminal;
The border Delivery Function is arranged between described input field and the network domains, utilizes described safe key that the Media Stream that mails to terminal by input field is encrypted, or terminal equipment is decrypted by the Media Stream that input field sends.
Described boundary Control entity and border Delivery Function are separate physical equipment, perhaps are same physical equipment.
Described communication system is based on the IMS network model, based on the flexible exchanging network model or based on PSTN network evolution model.
The present invention has provided a complete media flow security solution in conjunction with the present network architecture and model, comprises implementation strategy, thereby has following beneficial effect:
1, the safe key of Media Stream generates and distribution at Access Layer, can not influence the server entity, and realizes simple.
2, the demand that the key of media flow security is based on each session among the present invention dynamically generates, and in terms of existing technologies, has strengthened the fail safe of whole network and Media Stream.
3, media flow security adopts the mode of holding network among the present invention, is decrypted at the network domains edge device, makes things convenient for the supervision of telecommunications.
4, whether media flow security is protected by complete policy control (business, user, access network situation); avoid as much as possible Media Stream is carried out encryption and decryption or authentication operations, avoid Media Stream to implement the performance pressure that brings to network system behind the aforesaid operations and the influence of service quality.
Description of drawings
Fig. 1 is existing GBA model schematic diagram;
Fig. 2 is the application schematic diagram of GBA in media flow security;
Fig. 3 A is the networking communication system schematic diagram under the IMS network model;
Fig. 3 B is the networking schematic diagram under the flexible exchanging network model;
Fig. 4 realizes the flow chart of media flow security down for IMS network model among the present invention;
Fig. 5 is for consulting the flow chart of security algorithm among the present invention;
Fig. 6 realizes the flow chart of media flow security down for flexible exchanging network model among the present invention.
Embodiment
Media flow security is divided into three sections: caller inserts section (calling subscriber-BGF/ABP/IBP), network segment (BGF/ABP/IBP-BGF/ABP/IBP), called accesss section (BGF/ABP/IBP-called subscriber), it all is similar with the called media flow security that inserts section at security strategy and safety approach that caller inserts section, so the safety of Media Stream is summed up as the safety of input field and the safety of network domains.
Network domains is owing to belong to operator inside; normally believable; can think safe; in addition for the reason of supervising; safeguard protection such as can not encrypt usually; even protect,, can take to dispose and set up the safety that mode that tunnel or configuring cipher key geometric ratio be easier to implement guarantees Media Stream because network equipment quantity is limited.Input field is owing to be that operator is uncontrollable, so media flow security needs emphasis to consider safety in the input field.
In the present invention, for the realization that makes allocation medium stream safe key more simple, after terminal equipment initiates a session request, determine whether to be this session allocation medium stream encryption key or Media Stream integrity protection key by the terminal equipment place input field and the boundary Control entity between the network domains that participate in this time session; Distribute safe key if desired; then the boundary Control entity sends it to terminal equipment and corresponding border Delivery Function after distributing key, and terminal equipment utilizes identical security algorithm and safe key that the Media Stream that transmits through input field is carried out safeguard protection with the border Delivery Function.
In actual networking, boundary Control entity and border Delivery Function can be same physical equipments, also can be separate physical equipments.
Consult shown in Fig. 3 A, the networking communication system structure is based on IP multimedia service subsystem (IMS) network model, and wherein, the Proxy-Call Session Control Function in the IMS network (P-CSCF) entity is as the boundary Control entity between input field and the network domains; Border Gateway Function between input field and the network domains (BGF) entity is as the border Delivery Function between access network and the core network.
Consult shown in Fig. 3 B, the networking communication system structure is based on the flexible exchanging network model, and wherein, ABP/IBP/NBP boundary solid signaling plane is as the boundary Control entity between input field and the network domains in the flexible exchanging network; ABP/IBP/NBP boundary solid medium face is as the border Delivery Function between access network and the core network.
In above-mentioned Fig. 3 A, Fig. 3 B, omitted other functional entity in input field and the network domains, as in the IMS network model, can exist strategy decision function (SPDF) based on business to realize based on the control of strategy etc. between P-CSCF entity and the BGF, but the existence of other functional entity does not influence technical scheme of the present invention, promptly under the situation that other network entity exists, technical scheme of the present invention is effective equally.Network domains may comprise a plurality of operators or a plurality of management domain simultaneously, does not influence the solution of the present invention when crossing over a plurality of operators and a plurality of management domain equally.The title of entity does not influence the solution of the present invention and describes (is term in the present soft switch general technical requirement draft as ABP, IBP and AAA etc.) in the above-mentioned model.
The safety of Media Stream is not that each session is all necessary, needs to determine whether that according to the demand for security of user in each session, the demand for security of session service needs carry out media stream protection.Therefore; on the boundary Control entity, can dispose or obtain security strategy from other entity; this security strategy comprises that the factors such as safe coefficient according to user mode access and access network determine whether to implement the media flow security protection, can certainly comprise the security strategy of other modes.Carry out at needs under the situation of media stream protection; can determine whether implementing according to user's access network situation strong media flow security safeguard measure (as Media Stream is encrypted, integrality discriminating etc.); as for twisted-pair feeder user's access under the situation of carrying out access authentication and isolation; may just think that its fail safe has reached requirement, and no longer carry out encipherment protection.
Consulting (in conjunction with consulting Fig. 3 A) shown in Figure 4, is example with the IMS network model, realizes that the main flow process of input field media flow security is as follows:
Step 4, application server determine whether needs media stream protection of this session service according to user's business data signed, promptly decide according to business information.
Step 5, AS return the service trigger request response message to the S-CSCF entity, wherein carry the media flow security indication.
Other network entities carry out alternately in step 6, S-CSCF entity and the network.
Step 7, S-CSCF entity return the conversation request response to the P-CSCF entity, carry media flow security protection indication in this response.
Can indicate whether and to protect Media Stream by the message header field or the parameter of expansion conversation request response.
Step 8, P-CSCF entity are according to the protection of the media flow security in message indication and local security policy, and whether decision need carry out strong safeguard protection to Media Stream at input field, as needs then allocation medium stream encryption key or integrity protection key.
Step 9, P-CSCF entity are issued to Border Gateway Function (BGF) entity with the safe key that distributes.
The P-CSCF entity can adopt expressly and transmit, also can utilize and the BGF entity between configuration or the key consulted transmit after to the media flow security secret key encryption.
Step 10, P-CSCF entity return the conversation request response to user terminal, carry the media flow security key in this response.Terminal that key employing user distributes in registration process and the encryption keys between the P-CSCF entity.
Step 11, user terminal and other network entities carry out session interaction and set up session.
Terminal utilize media flow security key and security algorithm to receive with Media Stream be decrypted, the Media Stream that sends is encrypted.The BGF entity utilizes media flow security key and security algorithm that the Media Stream that receives is decrypted, and transmits by network domains then; After encrypting, the Media Stream that network domains is sent is sent to user terminal.
In above-mentioned flow process, as long as after determining that according to user profile or business information needs carry out safeguard protection to Media Stream, the S-CSCF entity all should carry this carries out safeguard protection to Media Stream indication to the P-CSCF entity.
In to the description in the above-mentioned flow process; having omitted part does not influence the protection of decision media flow security and does not influence the session interaction step of handling the media safety key; this class step of part is not described in detail, but these steps still exist when realizing, its processing procedure is same as the prior art.
Media flow security algorithm between terminal and the BGF entity can adopt certain default algorithm, adopts certain protection algorithm integrallty or encipherment protection algorithm as designated terminal in standard and BGF; Also can consult (this Fig. 5 is a kind of rough schematic view of Fig. 4) shown in Figure 5 by the security algorithm between negotiation terminal in conversation message reciprocal process and the BGF:
Step 100, user terminal carry the security algorithm tabulation of support in this request when initiating a session request, preserve this algorithm list by the P-CSCF entity.
The reciprocal process of other network entities is as described in the step 2-7 of Fig. 4 in step 110, P-CSCF entity and the network.
Step 120, P-CSCF entity are issued to Border Gateway Function (BGF) entity with the safe key of distribution and the algorithm list of terminal support.
The algorithm list that step 130, BGF entity are supported according to terminal is selected the security algorithm that both sides all support, and notifies the P-CSCF entity in response message.
Step 140, P-CSCF entity return the conversation request response to user terminal, carry the security algorithm that media flow security key and BGF entity are determined in this response.(identical among other processing procedures and Fig. 4, as to repeat no more)
Security algorithm also can be decided by the P-CSCF entity, promptly after the P-CSCF entity obtains the security algorithm tabulation of support of terminal, obtain the security algorithm tabulation that BGF supports, the security algorithm that P-CSCF tabulates and selects both sides to support according to the security algorithm of terminal and BGF support is handed down to terminal and BGF together with algorithm and the key information of selecting at last.
Security algorithm can also be decided (terminal does not need to carry support in conversation request security algorithm tabulation) by terminal, the security algorithm tabulation that to be the P-CSCF entity support BGF is issued to terminal, is selected the security algorithm that both sides all support and is notified BGF by terminal.
The media flow security agreement can adopt the defined media stream protection form of RFC3711 (The Secure Real-timeTransport Protocol) among the IETF to handle; also can be by a kind of protocol format of definition in the safety standard in the business networks such as IMS or soft switch, need only terminal and BGF support this form to get final product.
Though above-mentionedly describe with the IMS network; but it is consistent that the media stream protection in flexible exchanging network is realized with above-mentioned flow process; (entity in the IMS network is similar with the entity function in the flexible exchanging network to be meant that the function of in media flow security scheme of the present invention media stream protection being correlated with is similar with handling, and whether unanimity does not influence realization of the present invention to the function of others) can recently be described by function class.Its handling process as shown in Figure 6, wherein, the function that soft switch has partial service to handle simultaneously, when this session service just provided in soft switch, soft switch self also can determine whether needs carry out media flow security protection according to business information.Concrete process is consulted above-mentioned description to Fig. 4, repeats no more.
Above-mentioned media flow security model and scheme can be used under other network model equally, as (this moment, terminal may be the various access GW that are positioned at the user network side) between the AGCF and BGF under the PSTN network evolution model.Its functional entity corresponding relation such as following table:
| P-CSCF/AGCF | ABP/IBP-boundary solid signaling plane |
| BGF | ABP/IBP-boundary solid medium face |
| S-CSCF | Soft switch |
| AS | AS/Soft switch |
As shown in Table, in networking, be responsible for allocation medium stream safe key, and safe key is sent to subscriber terminal equipment and BGF entity by the P-CSCF entity based on the IMS network model; In networking, be responsible for allocation medium stream safe key by ABP boundary solid signaling plane entity, and safe key is sent to user terminal and ABP boundary solid medium face based on the flexible exchanging network model; In based on the networking structure figure under the PSTN network evolution model, be responsible for allocation medium stream safe key by AGCF (AGCF) entity, and safe key is sent to user side IAD (GW) and border forwarding capability entity (BGF).Above-mentioned network can be fixing or mobile network, and in the mobile network, the BGF entity can be GGSN.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.
Claims (14)
1, a kind of method that realizes media flow security is characterized in that comprising the steps:
Terminal equipment initiates a session request;
Participate in the terminal equipment place input field of described session and the boundary Control entity between the network domains and set up in the process, determine whether to be this session allocation medium stream encryption key or Media Stream integrity protection key in session; And
The boundary Control entity sends it to terminal equipment and corresponding border Delivery Function after distributing key, this terminal equipment and border Delivery Function utilize security algorithm and described key that the Media Stream that transmits through input field is carried out safeguard protection.
2, the method for claim 1; it is characterized in that described boundary Control entity determines whether to be this session allocation medium stream safe key according to the media flow security protection indication that whether needs carry out the media flow security protection to this session in the conversation request response.
3, the method for claim 1; it is characterized in that; described boundary Control entity is indicated according to the media flow security protection that whether needs carry out the media flow security protection to this session in the conversation request response; and, determine whether to be this session allocation medium stream encryption key or Media Stream integrity protection key with reference to the local security strategy that disposes.
4, as claim 2 or 3 described methods, it is characterized in that, determine whether that according to user profile or business information needs carry out the media flow security protection to this session by the network entity in the network.
As claim 2 or 3 described methods, it is characterized in that 5, the message header field or the parameter that respond by the expansion conversation request indicate whether and need carry out safeguard protection to Media Stream.
6, method as claimed in claim 3 is characterized in that, described security strategy comprises that the safe coefficient according to user mode access or access network determines whether to implement the media flow security protection.
7, the method for claim 1 is characterized in that, adopts default security algorithm between terminal equipment and the border Delivery Function.
8, the method for claim 1 is characterized in that, terminal equipment and border Delivery Function are consulted the security algorithm of employing in conversation message reciprocal process.
9, method as claimed in claim 8, it is characterized in that, in conversation message reciprocal process, terminal equipment and border Delivery Function send to the boundary Control entity with the security algorithm of supporting respectively, and the security algorithm of all being supported by both sides of boundary Control entity selection is also notified terminal equipment and the border Delivery Function;
Perhaps, in conversation message reciprocal process, terminal equipment is sent to the border Delivery Function by the boundary Control entity with the security algorithm of supporting, selects algorithm that both sides all support and through boundary edge controlled entity notice terminal equipment by the border Delivery Function;
Perhaps, in conversation message reciprocal process, the boundary Control entity obtains the security algorithm tabulation of border Delivery Function support and sends to terminal equipment, selects algorithm that both sides all support and through boundary edge controlled entity notice border Delivery Function by terminal equipment.
10, the method for claim 1 is characterized in that, the boundary Control entity adopt and terminal equipment between shared key be sent to terminal equipment after to the media flow security secret key encryption; And the boundary Control entity adopts clear-text way that the media flow security key is sent to the border Delivery Function, or the shared key between employing and the border Delivery Function is sent to the border Delivery Function after to the media flow security secret key encryption.
11, a kind of communication system comprises input field and network domains, it is characterized in that this communication system comprises:
The boundary Control entity is arranged between described input field and the network domains, and being used for according to conversation request is session allocation medium stream safe key between the user terminal;
The border Delivery Function is arranged between described input field and the network domains, and the safe key that utilizes described boundary Control entity to distribute is encrypted the Media Stream that mails to terminal by input field, or terminal equipment is decrypted by the Media Stream that input field sends.
12, communication system as claimed in claim 11 is characterized in that, described boundary Control entity and border Delivery Function are separate physical equipment, perhaps is same physical equipment.
As claim 11 or 12 described communication systems, it is characterized in that 13, this communication system is based on the IMS network model, based on the flexible exchanging network model or based on PSTN network evolution model.
14, communication system as claimed in claim 11 is characterized in that, this communication system is based on the communication system of fixed network or based on mobile network's communication system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100802501A CN100527875C (en) | 2005-06-30 | 2005-06-30 | Method for achieving media flow security and communication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100802501A CN100527875C (en) | 2005-06-30 | 2005-06-30 | Method for achieving media flow security and communication system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1889767A true CN1889767A (en) | 2007-01-03 |
| CN100527875C CN100527875C (en) | 2009-08-12 |
Family
ID=37579025
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005100802501A Expired - Fee Related CN100527875C (en) | 2005-06-30 | 2005-06-30 | Method for achieving media flow security and communication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100527875C (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008083607A1 (en) * | 2007-01-12 | 2008-07-17 | Huawei Technologies Co., Ltd. | Method and system of safely transferring media stream |
| WO2008089694A1 (en) * | 2007-01-19 | 2008-07-31 | Huawei Technologies Co., Ltd. | A method, a system and an equipment for obtaining the media stream protecting key in ims network |
| WO2012024904A1 (en) * | 2010-08-25 | 2012-03-01 | 中兴通讯股份有限公司 | Method and system for pre-accessing conference telephone and network side device |
| CN102594794A (en) * | 2011-12-24 | 2012-07-18 | 华为技术有限公司 | Access method and device of media encryption conference |
| CN101572694B (en) * | 2008-04-29 | 2012-09-05 | 华为技术有限公司 | Method for acquiring media stream key, session equipment and key management function entity |
| CN102821385A (en) * | 2011-06-10 | 2012-12-12 | 中兴通讯股份有限公司 | Methods and network entity for sending public warning system (PWS) key information to terminal |
| WO2019174015A1 (en) * | 2018-03-15 | 2019-09-19 | Oppo广东移动通信有限公司 | Data processing method, access network device, and core network device |
| TWI771518B (en) * | 2017-11-07 | 2022-07-21 | 大陸商Oppo廣東移動通信有限公司 | Method for processing data, access network device, and core network device |
-
2005
- 2005-06-30 CN CNB2005100802501A patent/CN100527875C/en not_active Expired - Fee Related
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008083607A1 (en) * | 2007-01-12 | 2008-07-17 | Huawei Technologies Co., Ltd. | Method and system of safely transferring media stream |
| WO2008089694A1 (en) * | 2007-01-19 | 2008-07-31 | Huawei Technologies Co., Ltd. | A method, a system and an equipment for obtaining the media stream protecting key in ims network |
| CN101572694B (en) * | 2008-04-29 | 2012-09-05 | 华为技术有限公司 | Method for acquiring media stream key, session equipment and key management function entity |
| US9106429B2 (en) | 2010-08-25 | 2015-08-11 | Zte Corporation | Method and system for pre-accessing conference telephone and network side device |
| WO2012024904A1 (en) * | 2010-08-25 | 2012-03-01 | 中兴通讯股份有限公司 | Method and system for pre-accessing conference telephone and network side device |
| CN102821385A (en) * | 2011-06-10 | 2012-12-12 | 中兴通讯股份有限公司 | Methods and network entity for sending public warning system (PWS) key information to terminal |
| WO2012167637A1 (en) * | 2011-06-10 | 2012-12-13 | 中兴通讯股份有限公司 | Method and network entity for sending public warning system secret key message to terminal |
| CN102594794A (en) * | 2011-12-24 | 2012-07-18 | 华为技术有限公司 | Access method and device of media encryption conference |
| CN102594794B (en) * | 2011-12-24 | 2015-04-29 | 华为技术有限公司 | Access method and device of media encryption conference |
| TWI771518B (en) * | 2017-11-07 | 2022-07-21 | 大陸商Oppo廣東移動通信有限公司 | Method for processing data, access network device, and core network device |
| WO2019174015A1 (en) * | 2018-03-15 | 2019-09-19 | Oppo广东移动通信有限公司 | Data processing method, access network device, and core network device |
| US20220038908A1 (en) * | 2018-03-15 | 2022-02-03 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Data processing method, access network device, and core network device |
| US11317291B2 (en) | 2018-03-15 | 2022-04-26 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Data processing method, access network device, and core network device |
| US11722899B2 (en) * | 2018-03-15 | 2023-08-08 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Data processing method, access network device, and core network device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100527875C (en) | 2009-08-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9537837B2 (en) | Method for ensuring media stream security in IP multimedia sub-system | |
| EP1676409B1 (en) | Network and node for providing a secure transmission of mobile application part messages | |
| KR101159441B1 (en) | Methods and apparatuses for enabling non-access stratumnas security in lte mobile units | |
| CN1889767A (en) | Method for achieving media flow security and communication system | |
| CN1751533A (en) | Method for creating and distributing cryptographic keys in a mobile radio system, and corresponding mobile radio system | |
| CN1249586A (en) | Method and device for establishing safety connection on single data channel | |
| KR20180026457A (en) | Method and system for managing identifiers on multiple planes | |
| US20060288423A1 (en) | Method, system and network elements for establishing media protection over networks | |
| CN1835436A (en) | General power authentication frame and method of realizing power auttientication | |
| CN104683098A (en) | Implementation method, equipment and system of secure communication service | |
| WO2010083695A1 (en) | Method and apparatus for securely negotiating session key | |
| CN1871834A (en) | Method and system for providing a secure communication between communication networks | |
| CN1956443A (en) | Encipher method of NGN service | |
| CN1874224A (en) | Safety multicast method based on protocol of conversation initialization | |
| CN1881869A (en) | Method for realizing encryption communication | |
| CN101043660A (en) | Method for realizing end-to-end encrypting call in cluster system | |
| CN1889700A (en) | Content transmitting method in media gate control protocol calling | |
| CN1929368A (en) | Method for realizing safety of media flow and communication system | |
| WO2011131051A1 (en) | Method and device for security communication negotiation | |
| CN1852092A (en) | Multicast data enciphered transmission method | |
| CN101247218B (en) | Safety parameter negotiation method and device for implementing media stream safety | |
| CN101047945A (en) | Mobile communication system and customer temporary identity distribution method | |
| CN1881870A (en) | Method for safety communication between devices | |
| CN1889578A (en) | Communication control method, apparatus and system | |
| CN1815953A (en) | Conversation key distribution method of crossing gate-guard management range under direct route mode |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090812 Termination date: 20160630 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |