WO2005104432A1 - Procede permettant de supprimer l'identificateur de trafic de session ainsi que des informations correspondantes - Google Patents
Procede permettant de supprimer l'identificateur de trafic de session ainsi que des informations correspondantes Download PDFInfo
- Publication number
- WO2005104432A1 WO2005104432A1 PCT/CN2005/000532 CN2005000532W WO2005104432A1 WO 2005104432 A1 WO2005104432 A1 WO 2005104432A1 CN 2005000532 W CN2005000532 W CN 2005000532W WO 2005104432 A1 WO2005104432 A1 WO 2005104432A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- tid
- bsf
- expired
- naf
- user terminal
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Definitions
- the present invention relates to the field of third-generation wireless communication technology, and particularly to a method for deleting a session transaction identifier (TID) and its corresponding information by an entity (BSF) that performs initial check and verification of user identity in a common authentication framework.
- TID session transaction identifier
- BSF entity
- the common authentication framework is used by a variety of application business entities.
- a common structure used to complete the verification of the user's identity.
- the application of the common authentication framework can check and Authentication.
- the above-mentioned multiple application services may be multicast / broadcast services, user certificate services, instant information provision services, etc., or they may be agency services.
- the universal authentication framework can also be used to check and authenticate the user terminals of the application services.
- FIG. 1 shows the structure of a general authentication framework.
- the universal authentication framework is generally composed of a user terminal (UE) 101, an entity (BSF) 102 that performs initial check and verification of user identity, a user home network server (HSS) 103, and a network application entity (NAF) 104.
- BSF 102 It is used to perform mutual authentication with the user terminal 101, and simultaneously generate a shared key between the BSF 102 and the user terminal 101;
- HSS 103 stores a profile file for describing user information, and HSS 103 also generates Function of authentication information.
- the BSF When a user needs to use a certain service, if he knows that he needs to perform mutual authentication with the BSF, he will contact the BSF directly for mutual rights, otherwise, the user will first contact the NAF corresponding to the service. If the NAF applies the universal authentication If the user rights framework requires the user terminal to perform identity verification with the BSF, the user terminal is notified to apply the universal authentication framework for identity verification, otherwise other corresponding processing is performed.
- the mutual authentication process between the user terminal and the BSF is: After receiving the authentication request from the user terminal, the BSF first obtains the authentication information of the user terminal from the HSS, and then executes the authentication and key agreement protocol (AKA) with the user terminal. ) For mutual authentication.
- AKA authentication and key agreement protocol
- the user terminal and the BSF mutually authenticate each other and generate a shared key Ks at the same time.
- the BSF allocates a session transaction identifier (B-TID) to the user terminal, and the B-TID is associated with Ks.
- B-TID session transaction identifier
- the user terminal After receiving the B-TID, the user terminal sends a connection request to the NAF again, and the request message carries the B-TID.
- NAF After NAF receives the request, it first checks whether it is available locally. B-TID, if NAF finds the B-TID locally, then it determines whether the key Ks corresponding to the B-TID or the key derived from Ks is Within the validity period set by the BSF, if yes, perform normal communication with the user terminal; otherwise, notify the user terminal to re-authenticate with the BSF, and then interrupt communication with the user terminal.
- the NAF If the NAF cannot find the B-TID locally, it queries the BSF. After the BSF finds the B-TID, it first sets a validity period for the key information corresponding to the B-TID, and then sends a successful response message to the NAF.
- the response message includes the B-TID and the key information corresponding to the B-TID And the expiration date of the key information that has been set.
- all information corresponding to the B-TID such as key information and expiration date, is collectively referred to as B-TID correspondence information.
- NAF After NAF receives the success response message from BSF, it considers that the user terminal is a legal user authenticated by BSF, and NAF and the user terminal also share key information, that is, Ks or a key derived from Ks. At this time, NAF saves the B-TID applied to the user terminal and the key information corresponding to the B-TID. In the local database. After that, NAF performs normal communication with the user terminal.
- the NAF is notified that the user terminal has no information about the user terminal. At this time, the NAF will notify the user terminal to perform identity authentication with the BSF.
- a UE may have one or more B-TIDs to communicate with different NAFs; moreover, the key Ks is usually used as the root key and It is not directly applied, but it is participated by the derived key of Ks.
- the key Ks is usually used as the root key and It is not directly applied, but it is participated by the derived key of Ks.
- NAF1 and NAF2 are two different NAFs.
- the process of establishing communication between a UE that has passed BSF authentication and NAF1 and NAF2 is as follows:
- the UE When the UE sends a service request containing B-TID information to NAF1, if NAF1 does not query the B-TID locally, it will query the BSF. After the BSF queries the B-TID required by NAF1, it first according to a certain The algorithm uses the Ks and NAF1 identification information as parameters to generate a derived key Ks-NAF1, and sets a validity period for the Ks-NAF1. Then, the BSF queries the B-TID and the secret corresponding to the B-TID. The key Ks-NAF1 and the validity period of the key are sent to NAF1. After receiving the successful response message from the BSF, NAF1 considers the UE as a legal user authenticated by BSF.
- the user terminal also uses the same algorithm and parameters to generate the key Ks-NAFl.
- the UE and NAF1 share the key Ks-NAF1, and NAF1 and the UE use the B under the protection of the key Ks-NAF1.
- -TID performs normal communication.
- the UE When the UE sends a service request containing the B-TID to NAF2, if NAF2 does not query the B-TID locally, it will query the BSF. After the BSF query, the information such as Ks and NAF2 identification is used as parameters. A certain algorithm generates a derived key Ks-NAF2 for NAF2. BSF sends the queried B-TID, the key Ks-NAF2 corresponding to the B-TID, and the validity period of the key to NAF2. After successfully responding to the message, the UE is considered to be a legal user authenticated by the BSF. At this time, the client should also use the same method to generate Ks-NAF2. In this way, the key KS-NAF2 is shared between the UE and NAF2, and NAF2 and the UE use the B-TID for normal communication under the protection of the key Ks-NAF2.
- Ks-NAF1 and KS-NAF2 are generated by the same root key Ks, they are being calculated.
- the NAF identification used in the process is different, so Ks-NAFl and Ks-NAF2 are also different.
- the validity periods of Ks, Ks-NAF1 and Ks-NAF2 are all independent of each other.
- Ks-NAFl or Ks-NAF2 When the validity period of Ks, Ks-NAFl or Ks-NAF2 expires, the client and BSF will not delete locally saved Ks, Ks-NAFl or Ks-NAF2, and B corresponding to Ks, Ks-NAFl or Ks-NAF2 -TID.
- NAF1 considers that Ks-NAFl is insecure and asks the UE to update Ks-NAFl, the UE will go back to the BSF for initial authentication and obtain a new B-TID and a new After Ks, a new Ks-NAF1 is derived from the new Ks, and then the UE uses the new B-TID to communicate with NAF1 under the protection of the new Ks-NAF1.
- the KS-NAF2 currently being used by NAF2 is not affected by the Ks update, and can continue to be used.
- a new KS-NAF2 is derived from the new Ks, and a new one is used between the ENE and NAF2.
- the B-TID communicates under the protection of the new KS-NAF2. After that, the BSF deletes the expired B-TID and the information corresponding to the B-TID.
- the disadvantage of the above deletion method is that before the validity period of the key expires, if the NAF considers the key to be insecure and asks the UE to update the key, the UE will use the updated B-TID and key to perform the NAF with the NAF. Communication, but the original insecure B-TID and key that has not reached the validity period are still stored on the BSF, and the original insecure B-TID and key that have not reached the validity period are not Will be deleted by BSF. In this way, the attacker will have the opportunity to use the B-TID and key that have no longer been applied but have not yet expired to steal network services. In addition, the B-TID and its corresponding information that are not expired but are no longer actually applied locally stored in the BSF are also a waste of BSF local resources. Summary of the invention
- an object of the present invention is to provide a method for deleting a session transaction identifier and its corresponding information, so that the BSF deletes the B-TID and its corresponding information that have not expired but are no longer used, This prevents attackers from using their network services to steal and save local resources of the BSF.
- a method for deleting a session transaction identifier and corresponding information includes the following steps: After the BSF determines that a B-TID that is no longer used and has not expired is locally stored, the deleted B.TID is deleted. B-TID and its corresponding information.
- the method for determining that the BSF locally stores the B-TID that is no longer used and has not expired includes the following steps:
- the BSF judges whether the authentication request from the user terminal includes a B-TID, and if so, determines that the B-TID stored locally is a B-TID that is no longer used and has not expired, otherwise step b is performed;
- the BSF After the BSF confirms that the user terminal can only have one B-TID, it determines whether a B-TID corresponding to the user terminal is stored locally, and if so, determines that the user terminal corresponds to the user terminal.
- the corresponding B-TID is already B-TID that is no longer used and has not expired.
- the method further includes: the BSF determines whether the authentication request from the user terminal includes a NAF identifier corresponding to the B-TID, and if it is ,
- the BSF Before the BSF deletes the B-TID and its corresponding information that are no longer used and have not expired, it informs the NAF associated with the B-TID other than the NAF identified in the authentication request, that the B-TID has expired, Otherwise notify all NAFs associated with the B-TID that the B-TID has expired
- the method for determining that the BSF locally stores the B-TID that is no longer used and has not expired includes the following steps:
- the BSF After the BSF returns the required B-TID and its corresponding information to the NAF requesting the inquiry, it determines whether the local area still holds the NAF identity and its inquiry based on the identity of the NAF and the identity of the user terminal it inquires. User terminal ID corresponding to and does not return The B-TID given to the NAF, if any, determines that the B-TID corresponding to both the NAF identity and the user terminal identity it inquires about and does not return is no longer used and has not expired. Preferably, all After the BSF determines that the B-TID that is no longer used and has not expired is stored locally, the method further includes: The BSF determines whether there are NAFs other than the requested query and the B-TID that is no longer used and has not expired. The TID is associated, and if so, it is notified that it is related to the B-TID. The associated NAF other than the requested query is that the B-TID has expired.
- the method further includes: receiving a NAF that has notified that a B-TID has expired, and determining whether to notify the user terminal to perform key update according to its current configuration.
- the BSF obtains the local B-TID that is no longer used and has not expired according to a query message requested by the UE for authentication or NAF, and then the B-TID that is no longer used and has not expired and All the information corresponding to the B-TID is deleted. This prevents the attacker from using the B-TID and key that are no longer applied but have not yet expired to steal network services, and also saves BSF local resources.
- Figure 1 shows the structure of a general authentication framework
- FIG. 2 is a flowchart of deleting a B-TID and corresponding information by using a BSF according to the first embodiment of the present invention
- FIG. 3 is a flowchart of deleting a B-TID and corresponding information by a BSF using the second embodiment of the present invention. ⁇ Ways to implement the invention
- the BSF obtains the B-TID that is no longer used and has not expired and is stored locally according to a query message requested by the UE for authentication or NAF, and then the B-TID that is no longer used and has not expired. And all the information corresponding to the B-TID is deleted. This prevents the attacker from using the B-TID and key that has not yet been applied but has not yet expired to steal network services, and also saves local resources of the BSF.
- FIG. 2 is a flowchart of deleting a B-TID and corresponding information using a BSF according to the first embodiment of the present invention.
- Step 201 After the AKA authentication protocol between the UE and the BSF is successful, the UE and the BSF share a key Ks, and the BSF allocates a B-TID to the UE, and the B-TID is associated with the key Ks; step 202, the UE Send a service request containing B-TID to NAF1;
- Step 203 If NAF1 can query the B-TID in the service request locally, Be'J can perform normal communication with the UE; if NAF1 cannot query the B-TID locally, it queries the BSF, and the BSF queries the After the B-TID, the key Ks-NAFl is generated based on the Ks corresponding to the B-TID and the identity of NAF1. After setting the validity period for Ks-NAF1, the B-TID queried by NAF1 and the B-TID The key Ks-NAFl corresponding to the TID and the validity period of Ks-NAFl are returned to NAF1 together. At the same time, the UE also uses the same algorithm to generate the key Ks-NAFl. At this time, NAF1 and the UE share the key Ks-NAFl. And perform normal communication under the protection of the key Ks-NAF1;
- Step 204 When NAF1 considers that the unexpired key Ks-NAF1 is not secure, it notifies the UE to perform key update.
- NAF1 causes NAF1 to consider the unexpired key Ks-NAFl to be insecure. For example, NAF has been attacked, or NAF and BSF cannot communicate normally, and it is speculated that BSF may be attacked.
- Step 205 after receiving the key update notification, the UE sends an authentication request to the BSF again; according to the operator's policy, the authentication request may include a B-TID that has been indicated as insecure It may not include a B-TID that has been indicated as unsafe;
- BSF can clearly determine which is the B-TID that is no longer used and has not expired, that is, the B-TID corresponding to the UE is the B-TID that is no longer used and has not expired; when the UE can have more than one B-TID
- the TID communicates with different NAFs
- the BSF can determine which B-TID is no longer used and has not expired, that is, the B-TID included in the authentication request is no longer Used and unexpired B-TID; if the B-TID is not included in the authentication request, because the BSF does not know which B-TID corresponding to the UE is no longer used and has not expired, it will not be processed , Which is exactly the same as the existing process;
- Step 206 The UE and the BSF execute an AKA mutual authentication protocol. After the authentication is successful, the BSF allocates a new B-TID to the UE, and shares a new key Ks with the UE; if the authentication request of the UE The message contains a B-TID that has been indicated as insecure, then step 207 is performed; if the UE's authentication request message does not contain a B-TID that has been indicated as insecure, the BSF determines whether the UE is based on the system configuration Can have more than one B-TID to communicate with different NAFs.
- the UE can have more than one B-TID to communicate with different NAFs, it will be processed according to the normal procedure; if the UE can only have one B-TID -The TID communicates with a different NAF, and then judges whether the B-TID corresponding to the UE is stored locally. If so, step 208 is performed directly, otherwise, it is processed according to the normal process; step 207, the BSF notification and the B -All NAFs associated with the TID have their original B-TIDs. Has expired. In this embodiment, the BSF notifies NAF1 and NAF2 that their original B-TIDs have expired, and then step 208 is performed;
- Step 208 the BSF deletes the locally saved B-TID that has been indicated as insecure and the information corresponding to the B-TID, that is, the BSF deletes the locally saved no longer used and not expired.
- Step 209 The UE sends a service request including the new B-TID to NAF1.
- Step 210 After the NAF1 successfully queries the BSF, it performs normal communication with the UE under the protection of the new key Ks or its derived key.
- step 205 if the authentication request sent by the UE to the BSF again includes not only the B-TID that has been indicated as insecure, but also the identity of NAF1 corresponding to the B-TID, then when the UE After the AKA mutual authentication agreement is executed with BSF, and the authentication is successful, the BSF will notify the NAF associated with the B-TID except NAF1 that the B-TID has expired, that is, the BSF only sends its application B- to NAF2 Notice that the TID has expired. In this way, the network transmission load can be reduced.
- Fig. 3 shows a flowchart of deleting a B-TID and corresponding information using a BSF according to the second embodiment of the present invention.
- Step 301 After the AKA authentication protocol between the UE and the BSF is successful, the key Ks is shared between the UE and the BSF, and the BSF allocates a B-TID to the UE, and the B-TID is associated with the key Ks.
- Step 302 the UE sends a NAF1 sends a service request containing B-TID;
- Step 303 If NAF1 can query the B-TID in the service request locally, Be'J can perform normal communication with the UE; if NAF1 cannot query the B-TID locally, it queries the BSF, and the BSF queries the After the B-TID, according to the Ks corresponding to the B-TID and the identity of NAF1, a key Ks-NAF1 is generated. After the validity period is set for Ks-NAF1, the B-TID queried by NAF1 and the B-TID The key Ks-NAFl corresponding to the TID and the validity period of Ks-NAFl are returned to NAFl together. At the same time, the UE also uses the same algorithm to generate the key Ks-NAF1. At this time, NAF1 and the UE share the key Ks-NAFl, and Normal communication under the protection of the key Ks-NAF1;
- Step 304 When NAF1 considers that the unexpired key Ks-NAF1 is not secure, notify the UE to perform key update; There are many factors that cause NAF1 to believe that the unexpired key Ks-NAF1 is insecure, for example, NAF has been attacked, or NAF and BSF cannot communicate normally, and it is speculated that BSF may be attacked;
- Step 305 After receiving the key update notification, the UE sends an authentication request to the BSF again. After receiving the request, the BSF executes the AKA mutual authentication protocol with the UE. After the authentication is successful, the BSF is assigned to the UE. A new B is assigned to the UE. -TID, and shared a new key Ks with the UE; step 306, the UE sends a service request containing the new B-TID to NAF1;
- Step 307 NAF1 queries the BSF for information about the new B-TID.
- Step 308 After the UE identifier in the BSF query message finds the new B-TID, a new derived key Ks-NAF1 is generated according to the new Ks corresponding to the B-TID, the identity of NAF1, and the like.
- the new derived key Ks-NAFl sets a validity period, and then includes the new B-TID, Ks-NAFl, and the validity period of the Ks-NAFl in the response message of the query success and returns it to NAF 1.
- step 309 since the user terminal establishes only one connection with a NAF, the BSF determines whether the NAF1 and the UE identifier queried are requested to query whether the NAF1 and the UE identifier correspond to the NAF1 and the UE identifier. B-TID returned to NAF. If not, no processing is performed. If so, BSF determines that the B-TID corresponding to both the NAF ID and the UE ID and not returned is a B that is no longer used and has not expired.
- the BSF judges whether there are NAFs other than the requested query associated with the B-TID that is no longer used and not expired, and if it is, it is notified of the B-TID that is no longer used and not expired TID-associated NAF, the B-TID has expired, and then proceed to step 310, otherwise directly. Perform step 310;
- Step 310 The BSF deletes the non-returned B-TID and its corresponding information corresponding to the NAF and the UE, that is, deletes the B-TID and its corresponding information that are no longer used and have not expired;
- Step 311 NAF1 and the UE apply new B-TID protection in new Ks-NAF1 ' Under normal communication.
- the BSF performs a delete operation at a different time, which causes the BSF to determine a B-TID that is no longer used and has not expired.
- the BSF determines and deletes the locally-used B-TID that is no longer used and has not expired; in the embodiment shown in FIG. 3, After receiving the B-TID query message from the NAF, the BSF determines and deletes the B-TID that is no longer used and has not expired, which is stored locally.
- the NAF that received the original B-TID invalidation notification determines whether to use the existing key or notify the UE to perform key update according to its current configuration. If the NAF notifies the UE of the key update, the UE uses the updated B-TID to send a request to the NAF.
- the BSF When the NAF makes an inquiry to the BSF, the BSF generates a new Ks-NAF according to the new Ks and NAF identification.
- the purpose of the key update if NAF decides to continue to use the original B-TID and its key information, its existing communication will not be affected in any way.
- the BSF may not send the B-TID invalidation notification to the NAF. At this time, the NAF will continue to use the original B-TID and its key information.
- the above only provides a variety of application methods. In actual applications, operators can decide which method to use based on actual conditions.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Computer And Data Communications (AREA)
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2004100372072A CN100512137C (zh) | 2004-04-22 | 2004-04-22 | 一种删除会话事务标识及其对应信息的方法 |
CN200410037207.2 | 2004-04-22 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2005104432A1 true WO2005104432A1 (fr) | 2005-11-03 |
Family
ID=35197343
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2005/000532 WO2005104432A1 (fr) | 2004-04-22 | 2005-04-19 | Procede permettant de supprimer l'identificateur de trafic de session ainsi que des informations correspondantes |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN100512137C (zh) |
WO (1) | WO2005104432A1 (zh) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1913439B (zh) * | 2006-09-08 | 2011-05-04 | 中国移动通信集团公司 | 一种鉴权方法以及发送鉴权成功信息的方法 |
CN1949774B (zh) * | 2006-11-02 | 2010-04-07 | 华为技术有限公司 | 一种Web应用程序会话管理方法与装置 |
EP3414927B1 (en) * | 2016-02-12 | 2020-06-24 | Telefonaktiebolaget LM Ericsson (PUBL) | Securing an interface and a process for establishing a secure communication link |
CN115379414A (zh) * | 2019-09-25 | 2022-11-22 | 华为技术有限公司 | 证书发放方法和装置 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5361388A (en) * | 1991-04-09 | 1994-11-01 | Nec Corporation | Message relaying system for a distributed processing system |
JP2002094659A (ja) * | 2000-09-13 | 2002-03-29 | Toshiba Corp | 通信システム |
JP2002314571A (ja) * | 2001-03-19 | 2002-10-25 | Alcatel | スイッチングノードのための分類およびタグ付け規則 |
-
2004
- 2004-04-22 CN CNB2004100372072A patent/CN100512137C/zh not_active Expired - Fee Related
-
2005
- 2005-04-19 WO PCT/CN2005/000532 patent/WO2005104432A1/zh active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5361388A (en) * | 1991-04-09 | 1994-11-01 | Nec Corporation | Message relaying system for a distributed processing system |
JP2002094659A (ja) * | 2000-09-13 | 2002-03-29 | Toshiba Corp | 通信システム |
JP2002314571A (ja) * | 2001-03-19 | 2002-10-25 | Alcatel | スイッチングノードのための分類およびタグ付け規則 |
Also Published As
Publication number | Publication date |
---|---|
CN1691584A (zh) | 2005-11-02 |
CN100512137C (zh) | 2009-07-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7941121B2 (en) | Method for verifying the validity of a user | |
US8275355B2 (en) | Method for roaming user to establish security association with visited network application server | |
JP4768720B2 (ja) | ネットワークにアクセスするユーザ端末に対してジェネリック認証アーキテクチャーを応用して管理する方法及びシステム | |
JP5414898B2 (ja) | 有線lanのセキュリティアクセス制御方法及びそのシステム | |
US8559633B2 (en) | Method and device for generating local interface key | |
CA2552917C (en) | A method of obtaining the user identification for the network application entity | |
AU2002226278B2 (en) | Use of a public key key pair in the terminal for authentication and authorisation of the telecommunication user with the network operator and business partners | |
WO2006097041A1 (fr) | Forme d'authentification generale et procede pour mettre en place l'authentification | |
CN1921682B (zh) | 增强通用鉴权框架中的密钥协商方法 | |
WO2007079698A1 (fr) | Procédé et système d'authentification d'entité, procédé et système d'authentification de bout en bout et centre d'authentification | |
WO2008034355A1 (fr) | Procédé, dispositif et système d'authentification de service réseau | |
WO2006047956A1 (fr) | Cadre d'authentification general et procede de mise a jour des informations de description de securite utilisateur dans le bsf | |
WO2005104432A1 (fr) | Procede permettant de supprimer l'identificateur de trafic de session ainsi que des informations correspondantes | |
CN100563156C (zh) | 实现用户信息同步及对用户终端鉴权的方法 | |
JP2005217679A (ja) | 通信相手の認証を行う認証サーバ | |
WO2008001988A1 (en) | System and method for managing network/service access for linkage between network access and application service | |
WO2007095806A1 (fr) | Système d'authentification générale et procédé d'accès à la fonction d'application de réseau du système | |
WO2007031027A1 (fr) | Procede, systeme et appareil de negociation de cle entre ss et sp | |
WO2006047960A1 (fr) | Procede et systeme de garantie de la confidentialite de l'identification d'utilisateur | |
WO2005046119A1 (en) | A method of setting up the association between the session transaction identification and the network application entity | |
WO2008151569A1 (fr) | Procédé, dispositif et système d'acquisition de clé | |
WO2005101723A1 (fr) | Procede permettant d'obtenir une fonction d'application reseau permettant de gerer l'identification du trafic et les informations correspondantes |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: DE |
|
122 | Ep: pct application non-entry in european phase |