WO2006015537A1 - Systeme et procede pour la gestion de securite sur un reseau mobile 3g - Google Patents
Systeme et procede pour la gestion de securite sur un reseau mobile 3g Download PDFInfo
- Publication number
- WO2006015537A1 WO2006015537A1 PCT/CN2005/001214 CN2005001214W WO2006015537A1 WO 2006015537 A1 WO2006015537 A1 WO 2006015537A1 CN 2005001214 W CN2005001214 W CN 2005001214W WO 2006015537 A1 WO2006015537 A1 WO 2006015537A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- authentication
- service
- irpagent
- irpmanager
- security
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/068—Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
Definitions
- the present invention relates to network security management technologies, and more particularly to a system and method for implementing security management on a northbound interface in a third generation mobile communication network operation and maintenance domain.
- the third generation of mobile communication mainly involves: WCD.MA technology, CDMA2000 technology, TD-SCDMA technology.
- WCD.MA technology mainly involves: WCD.MA technology, CDMA2000 technology, TD-SCDMA technology.
- SA5 System Architecture Group
- 3GPP SA5 proposes a network management architecture.
- the system includes two parts: the network management system and the managed system.
- the interface between the management system and the managed system is called the northbound interface (Itf-N). , Interface Network )»
- the function of the 3GPP SA5 northbound interface is implemented by several integrated reference points (IRPs), where the requestor of the IRP function is called the IRP Manager (IRPManager), and the implementation of the IRP function.
- IRPs integrated reference points
- IRPManager IRP Manager
- IRPAgent Called the IRP Agent
- Figure 1 shows only the pair as an example to illustrate the relationship between the IRPManager and the IRPAgent.
- the task of the IRPManager is to send a management command to the IRPAgent, request the IRPAgent to perform some operation, and receive the operation response sent by the IRPAgent and the internal event report of the network, that is, the notification; the IRPAgent is used to directly manage the network element device (NE), and receive the IRPManager.
- the management command sent is returned to the IRPManager, and the IRPManager can be proactively notified when needed.
- the network management system mainly includes the IRPManager.
- the managed system has two forms: it can include the IRPAgent and several managed network elements, and the IRPAgent can also be used. It is placed inside the managed network element as part of the managed network element.
- the network management system assumes the role of IRPManager, and the operation and maintenance system (OMC) or 3G network element equipment of the 3G network element device assumes the role of IRPAgent, where the 3G network A metadevice refers to a 3G device provided by a device manufacturer.
- the Itf-N is located between the NMC and the OMC.
- the OMC provides the northbound interface to the NMC.
- the interface between the OMC and the NE is the internal interface of the device.
- the interface definition is not limited.
- the NMC can also be directly connected to some NEs. This NE provides a management interface directly to the NMC. In this case, the Itf-N is located between the NMC and the NE.
- 3GPP SA5 proposes: In the third generation mobile communication network, the basic functional requirements of the network management interface include public management functions, configuration management functions, fault management functions, performance management functions, and security management functions.
- the security management function is mainly used to prevent unsafe use of other interface management functions, such as configuration management and performance management, thereby preventing uncontrolled exposure of management information in the managed system or uncontrolled of the managed system. Operation to protect the integrity and confidentiality of management information passed through the northbound interface.
- the management system is reported to the management system when a security intrusion occurs, and the intrusion activity record is kept for security audit.
- Specific security management functions include authentication services, authentication services, integrity protection, confidentiality protection, and audit log services for the management system and managed systems.
- the main object of the present invention is to provide a system for implementing security management in a third-generation mobile communication network operation and maintenance domain, so that the 3GPP SA5 Itf-N interface can support the basic functional requirements of security management.
- Another object of the present invention is to provide a third generation mobile communication network operation and maintenance domain
- the current security management method can implement various security services for security management on the 3GPP SA5 Itf-N interface.
- a system for implementing security management in a third generation mobile communication network comprising at least one pair of IRP manager IRPManager as an integrated reference point IRP function requester and an IRP agent IRPAgent as an IRP function implementer on the northbound interface of the 3GPP SA5
- the key is:
- the northbound interface further includes a security management service function entity connected between the IRPManager and the IRPAgent, and the security management service function entity is used to provide security services for the IRPManager and the IRPAgent.
- the security management service function entity further includes: an authentication service module, configured to provide an authentication service; an authentication service module, configured to provide an authentication service; and an integrity service module, configured to ensure that information is transmitted between the IRPManager and the IRPAgent Integrity; confidentiality service module for ensuring the confidentiality of information between IRPManager and IRPAgent; audit log service module for recording successful or failed authentication, authentication, confidentiality services, integrity services and operations .
- the security management service function entity described above includes: an IRPManager side security management service function entity and an IRPAgent side security management service function entity.
- a method for implementing security management in a third generation mobile communication network wherein a security management service function entity for implementing a security service is set on a northbound interface, the method further comprising the following steps:
- the security management service function entity After receiving the information currently transmitted by the IRPManager or the IRPAgent, the security management service function entity determines whether it needs to perform security services on the currently received transmission information according to the preset security policy and the content of the transmission information, and if necessary, determines and executes the required information. Security service, and then send the transmission information processed by the security service to the IRPAgent or IRPManager; otherwise, directly transmit the information and end the current processing flow;
- the security service is an authentication service, or an authentication service, or an integrity service, or a confidential service, or an audit log service, or any combination of five services.
- the transmission information is: operation information, or a notification, or a file.
- the authentication service runs on the ORB layer of the northbound interface, or the transport layer, or the ORB layer and the transport layer; the authentication service runs on the ORB layer of the northbound interface, or the application layer, or the ORB layer and the application layer;
- the service service runs on the application layer of the northbound interface, or the transport layer, or the application layer and the transport layer;
- the confidentiality service runs on the application layer of the northbound interface, or the transport layer, or the application layer and the transport layer; the audit log service
- the ORB layer running on the northbound interface, or the application layer, or the ORB layer and the application layer.
- the security management service function entity when the executed security service is an authentication service, the security management service function entity is used as a trusted third party of the IRPManager and the IRPAgent, and the security management service function entity establishes a reliable link between the IRPManager and the IRPAgent, and the method further Includes:
- the IRPManager When the IRPManager sends a request to the IRPAgent, the IRPManager requests the IRPManager side security management service function entity to authenticate itself and create a credential; before the IRPAgent receives the request, the IRPAgent side security management service function entity requests to obtain the credential of the requesting sender IRPManager, and Verify the obtained credential, and if the verification is successful, implement the authentication of the IRPManager;
- the IRPAgent When the IRPAgent requests to send a notification to the IRPManager, the IRPAgent requests the IRPAgent-side security management service function entity to authenticate itself and create a credential. Before the IRPManager receives the notification, the IRPManager-side security management service function entity requests to obtain the IRPAgent credential and verify. The obtained trust, if the verification is successful, implements the authentication of the IRPAgent.
- the method when the executed security service is an audit log service, the method further includes:
- step b2 start the authentication process and determine whether the authentication is successful. If the authentication fails, determine whether to record the authentication failure log according to the preset security policy. If the record is recorded, record the authentication failure process and its failure result, and then end the current processing flow; If the authentication is successful, the current processing flow is directly ended. If the authentication is successful, the authentication success log is recorded according to the preset security policy. If the recording is successful, the authentication success process and its success result are recorded, and then step b2 is performed, for example, If not recorded, directly perform step b2;
- step B2. Starting the authentication process, determining whether the authentication is successful, if the authentication fails, determining whether to record the authentication failure log according to a preset security policy, and if recording, recording the authentication failure process, and then ending the current processing flow; If not, the current processing flow is directly ended; if the authentication is successful, it is determined whether the authentication success log is recorded according to a preset security policy. If the recording is successful, the authentication success process is recorded, and then step b3 is performed, if not , directly execute step b3; b3.
- Start the operation process determine whether the operation is successful, if the operation fails, judge whether to record the operation failure log according to the preset security policy, if the record, record the operation failure process, and then end the current If the process is successful, the current process is directly terminated. If the operation is successful, the operation success log is recorded according to the preset security policy. If the record is successful, the operation success process is recorded, and then the current process is terminated. Record, then straight End the current processing flow.
- the 3GPP SA5 Itf-N interface can implement network security management, and the controlled use of the implemented Itf-N function includes the integrity of the transmitted information on the Itf-N. And confidentiality.
- the security management service functional entity in the present invention can provide five security services: authentication, authentication, integrity, confidentiality, and audit log, so that various information transmitted between the IRPManager and the IRPAgent must pass the security management service function.
- the processing of the entity ensures and improves the security and reliability of the entire network management system.
- the five security services provided by the security management service functional entity in the present invention may be based on The same needs can be arbitrarily chosen to be flexible and convenient.
- the present invention also relates to the division of the northbound interface layer for each security service, and specifically describes the processing of each security service at different layers; and for the same security service, the processing of different layers is also optional in practical applications. Therefore, the present invention not only completes the network management technology of 3GPP SA5, but also implements a simple and flexible solution.
- FIG. 1 is a schematic structural diagram of a 3GPP SA5 network management system in the prior art
- FIG. 2 is a schematic structural diagram of a 3GPP SA5 network management system according to the present invention.
- FIG. 3 is a schematic structural diagram of a structure of a security management service function entity in the present invention.
- FIG. 4 is a schematic diagram of a three-layer structure of a 3GPP SA5 northbound interface
- Figure 5 is a schematic diagram showing the implementation process of the method of the present invention.
- FIG. 6 is a flowchart of a specific implementation of an audit log service in the present invention. Mode for carrying out the invention
- the core idea of the present invention is: Adding a security management service function entity on the northbound interface, the security management service function entity can provide five security services: authentication, authentication, integrity, confidentiality, and audit log, so that all the IRPManager and IRPAgent The information transmitted between the security management service function entities and different security services are performed on the current transmission information as needed, thereby implementing security management requirements on the 3GPP SA5 Itf-N interface.
- the security management service function entity includes an IRPManager side security management service function entity and an IRPAgent side security management service function entity.
- the network management system architecture for implementing security management in the present invention is shown in FIG. 2, and at the same time in the IRPManager.
- the IRPManager side security management service function entity is added on the side, and the IKPAgent side security management service function entity is added on the IRPAgent side.
- the IRPManager side security management service function entity and the IRPAgent side security management service function entity are collectively referred to as the security management service function entity, and are set and connected.
- IRPManager and IRPAgent communicate through the security management service functional entity, including operations, notifications, and file transfers.
- the request information and file transmission information sent by the IRPManager are transmitted to the IRPAgent through the IRPManager side security management service function entity and the IRPAgent side security management service function entity.
- the notification information sent by the IRPAgent is managed by the IRPAgent side security management service function entity and the IRPManager side.
- the service function entity is transferred to the IRPManager.
- the security management service functional entity can provide authentication services, integrity services, confidentiality services, authentication services, and audit log services.
- the security management service function entity can provide security services for the IRPManager and the IRPAgent by configuring the security policy scripts for the IRPManager and the IRPAgent.
- the security management service function entity can also be used as a coding mode by providing a programming interface, so that the IRPManager and IRPAgent can use the various services provided by the security management service function entity through coding.
- the configuration of the service provided by the above-mentioned security management service function entity can avoid modifying the existing IRPManager and IRPAgent; the coding mode has little effect on the IRPManager and the IRPAgent.
- the IRPAgent wishes to control the access of the IRPManager to a particular resource, such as: accessing the resource specified by the parameters of the interface operation, then the IRPAgent is required to use the access control decision component for the resource.
- each security management service functional entity includes: an authentication service module, an authentication service module, an integrity service module, a confidentiality service module, and an audit log service module.
- the authentication service module is used to provide an authentication service; the authentication service module is used to provide an authentication service; and the integrity service module is used to provide an integrity service to ensure the integrity of information transmitted between the IRPManager and the IRPAgent;
- the module is used to provide confidentiality services to ensure the confidentiality of information passed between the IRPManager and the IRPAgent;
- the audit log service module is used for Provide security auditing services to document successful or failed authentication, authentication, integrity protection, confidentiality protection and operations.
- the authentication service module, the authentication service module, the integrity service module, the confidentiality service module, and the audit log service module intercept transmission information from the local side or to the network entity on the local side, and then the security service required to transmit the information corresponds to The module initiates a response security service and performs corresponding security management operations on the transmission information.
- the transmission information here includes: operation, notification, and file transfer.
- the IRPManager side security management service function entity and the IRPAgent side security management service function entity respectively execute each module in different application environments.
- the function of the different parts for example: For the authentication service, if the IRPManager authenticates the IRPAgent, the IRPAgent side security management service function entity needs to create a credential and send the credential to the IRPManager side security management service function entity, corresponding The IRPManager side security management service function entity needs to authenticate the received credentials to determine the true identity of the IRPAgent.
- For integrity services and confidential services one side needs to perform information encryption and the like, and the other side needs to perform information decryption and the like.
- the security management service function entity can know which security services need to be executed according to the content of the currently intercepted transmission information, and which security service needs to be executed. Which service module is directly activated by the corresponding security service. Here, each type of information needs to be executed.
- the security service is pre-defined. For example, if it is an operation, it needs to perform three security services: authentication, authentication, and audit log. If it is a file transfer, it needs to perform integrity services. Wait.
- the IRPManager performs the configuration management service for the IRPAgent.
- the security services that need to be performed include the authentication service, the authentication service, and the audit log service.
- the configuration request and configuration information sent separately are respectively After the IRPManager side security management service function entity and the IRPAgent side security management service function
- the authentication service module, the authentication service module, and the audit service module in the security management service function entity will respectively authenticate and authenticate the received information, and whether the authentication, authentication, and related operations are performed. Record successfully and, if necessary, further record information such as the reason for the failure.
- the information is transmitted to the IRPAgent, and the IRPAgent performs corresponding operations according to the received information; if the authentication, authentication, and integrity check are not successful, the security management service function entity The corresponding module returns a failure message to the IRPManager, rejecting the current operation.
- the northbound interface Itf-N is divided into three layers: an application layer, an Object Request Broker (ORB) layer, and a transport layer, as shown in FIG. 4, therefore, in practical applications, the authentication service described above, Authentication services, integrity services, confidentiality services, and audit log services are also provided at different layers, and some security services can be provided on both layers.
- the implementation scheme of each layer is independent of each other. You can choose to provide the security service on both layers as needed, or you can choose to provide the security service only on one layer.
- the above five security services can be provided on the layer as shown in Table 1.
- the "X" in the table indicates that the layer provides the security service.
- the security management service functional entity of the present invention can provide authentication service, integrity service, and confidentiality service at the transport layer; provide authentication service, authentication service, and audit log service at the ORB layer;
- the application layer provides authentication services and audit log services. It can also provide integrity services and confidential services as needed.
- ORB layer authentication can use general security service users.
- the transport layer authentication can use the ITU-T X.509 certificate mechanism.
- the security management service function entity For the authentication service, on the ORB layer, the security management service function entity first obtains the access identifier of the request sender; and then obtains the request content, that is, the requested operation name, which may include the name of the interface to which the operation belongs; finally, the security management service function entity is based on The predefined access control list checks if the visitor has permission to perform the requested operation.
- the security management service function entity provides an authentication service indirectly.
- the security management service function entity provides information such as the visitor identifier, the requested operation name, and its parameters to the IRPAgent.
- the IRPAgent authenticates based on the above information and a predefined access control list.
- the application layer integrity service can be provided by the authentication service at the same time, because the authentication can ensure that the protected information is not unauthorized.
- IRPManager access prevents information from being accessed by unauthorized IRPManagers. But for particularly sensitive data, you still need to apply layer integrity services.
- the security management service function entity is not directly Provides application layer integrity protection to Bulk CM IRP, but implements integrity protection for batch configuration management IRP (Bulk CM IRP) by modifying the existing Active configuration file and using XML signature technology.
- the security management service functional entity provides transport layer integrity protection to the IRPManager and IRPAgent at the transport layer using the X.509 certificate digital signature technology, and sends an exception to the information receiver when the integrity of the transmitted information is compromised.
- the application layer confidentiality service can be provided by the authentication service at the same time, because the authentication can ensure that the protected information will not be unauthorized.
- IRPManager access prevents information from being accessed by unauthorized IRPManagers.
- application layer confidentiality services are also required. If the XML file passed between the IRPManager and the IRPAgent requires an application layer confidentiality service, use XML plus Secret technology to protect the confidentiality of XML files, security management service functional entities indirectly provide application layer confidentiality protection to the IRP.
- the security management service function entity uses the X.509 certificate digital signature technology to provide transport layer confidentiality protection to the IRPManager and IRPAgent, and sends an exception to the information receiver when the confidentiality of the transmitted information is destroyed.
- the audit service provided by the security management service function entity to the IRPAgent can be implemented at the ORB layer, that is, when the record condition of the security audit log for an IRPAgent is customized, the audit log is automatically recorded by the ORB.
- the IRPAgent does not participate in the recording process.
- the audit log service provided by the security management service function entity to the IRPAgent can also be implemented at the application layer, that is, the security management service function entity provides an interface for writing audit log records, and the IRPAgent can write to the audit log during the request process of processing the IRPManager. Enter the record.
- CORBA Common Object Request Broker Architecture
- ORB Object Request Broker
- All IRPs on the northbound interface can be secured on the ORB layer and on the application layer; the security protection policies of different IRPs at the ORB layer and the application layer can be different; however, all instances of a particular IRP must be in the entire communication system. Have the same security protection strategy.
- the security protection policy defined for IRP1 is: To authenticate the access operations of certain network resources for the get operation and the set operation
- the security protection policy defined for IRP2 is: Access to certain network resources for authentication services
- the security policy of the ORB layer is to authenticate the IRPManager and IRPAgent using the GSSUP mechanism, and to authenticate all operations, for example: Allow all operations of IRP1 and IRP2, but disable the operation of IRP3.
- the method for implementing the network security management of the present invention is as shown in FIG. 5, and includes the following steps:
- Steps 501 to 503 The security management service function entity intercepts the transmission information sent by the IRPManager or the IRPAgent, and then determines whether the security information needs to be performed on the transmission information according to the preset security policy and the content of the transmission information. If necessary, step 504 is performed. Otherwise, the transmission information is directly transparently transmitted and the current processing flow is ended.
- the transmission information here includes: operation, notification, and file transfer.
- Steps 504 ⁇ 505 Determine and execute the required security service according to the content of the transmission information, for example: the operation is to perform authentication, authentication, audit log; the file transmission is to perform integrity service, etc.; then it will pass security
- the transmission information processed by the service is sent to the IRPAgent or IRPManager.
- the security service required for execution described in step 504 refers to an authentication service, or an authentication service, or an integrity service, or a confidentiality service, or an audit log service, or any combination of five services; and, in actual execution
- the process includes the operations of the security management service function entity on both sides of the IRPAgent and the IRPManager, that is: at the sender, the security management service function entity performs the required security service on the received transmission information, and modifies or transmits the transmission information. Additional information; On the receiving side, the security management service function entity shall perform corresponding security services on the received transmission information, recover the original transmission information, and then perform corresponding processing according to the content of the transmission information. For example: If it is The integrity service and the confidentiality service are encrypted at the sender, which is the modification of the transmission information.
- the receiver can know that the currently executed security service is an integrity service according to the type of security service implemented or a preset security policy. For confidential services, decryption is required to restore the transmission information. For example: If the authentication service is executed, the sender needs to attach the created trust to the transmission information. Accordingly, the receiver confirms that the currently executed security service is an authentication service. The receiver needs to extract the credential from the received information, and then verify the credential to determine the true identity of the sender.
- the security management service functional entity is used as a trusted third party of the IRPManager and the IRPAgent, and helps the IRPManager and the IRPAgent.
- Mutual authentication that is, the security management service function entity establishes a reliable link between the IRPManager and the IRPAgent.
- the specific implementation is:
- the IRPManager When the IRPManager sends a request to the IRPAgent, the IRPManager requests the IRPManager-side security management service function entity to authenticate itself and create a credential. Before the IRPAgent receives the request, the IRPAgent side security management service function entity requests to obtain the credential of the requesting sender IRPManager, and verifies the obtained credential. If the authentication succeeds, the IRPManager is authenticated.
- the IRPAgent When the IRPAgent requests to send a notification to the IRPManager, the IRPAgent requests the IRPAgent-side security management service function entity to authenticate itself and create a credential. Before the IRPManager receives the notification, the IRPManager-side security management service function entity requests to obtain the IRPAgent credential, and The obtained credential is verified, and if the verification is successful, the authentication of the IRPAgent is implemented.
- the authentication service when the authentication service of the security management service function entity is used in a configured manner, the above process is invisible to the IRPManager and the IRPAgent.
- IRPManager and IRPAgent are required to be explicitly requested. Seeking certification services.
- the idea of the authentication service selected by the present invention is that the security management service function entity provides an authentication service to the IRPAgent, that is, when the IRPAgent receives the request of the IRPManager, the IRPAgent requests the security management service function entity to authenticate the request sender IRPManager.
- the authentication described herein includes: The IRPAgent side security management service function entity first obtains the requester identifier from the IRPManager credential, and then queries the visitor's access control list to determine whether the IRPManager has the right to perform the requested operation.
- the idea of the audit log service selected by the present invention is:
- the security management service function entity records the IRPAgent authentication process and the result of the IRPManager. If the authentication is successful, the IRPAgent needs to record the IRPManager. The weight process and its result, if the authentication is successful, you need to record the process and its result of the IRPAgent executing the IRPManager request.
- the security management service functional entity can also provide an audit log customization tool to the IRPAgent, allowing the IRPAgent to customize which processes need to log, such as: Allowing only the successful or failed authentication process to be recorded; Allowing only the successful or failed authentication process to be recorded; Allowing only records Successful or failed operation execution process; allows only the execution of a specified set of operations to be logged; allows recording of combinations of the above.
- Steps 601 to 602 Start the authentication process, and then judge whether the authentication is successful. If yes, execute step 605; otherwise, execute step 603.
- Steps 603 ⁇ 604 Determine whether to record the authentication failure log according to the preset security policy. If yes, record the authentication failure process and its failure result, and then end the current processing flow; otherwise, directly terminate the current processing flow.
- the security policy described in this process mainly refers to the recording conditions of the audit log, such as: what information or process needs to be recorded, what information or process is allowed to be recorded, and so on.
- Steps 605-606 Determine whether to record the authentication success log according to the preset security policy. If yes, record the authentication success process and its success result, and then perform step 607; otherwise, directly execute step 607.
- Steps 607 ⁇ 608 Start the authentication process, and then judge whether the authentication is successful. If yes, go to step 611; otherwise, go to step 609.
- Steps 609 to 610 Determine whether to record the authentication failure according to a preset security policy. If yes, record the authentication failure process, and then end the current processing flow; otherwise, directly terminate the current processing flow.
- Steps 611 ⁇ 612 Determine whether to record the authentication success log according to the preset security policy. If yes, record the authentication success process, and then perform step 613; otherwise, directly execute step 613.
- Steps 613 to 614 Start the operation process, and then judge whether the operation is successful. If yes, go to step 617; otherwise, go to step 615.
- Step 615 616 Determine whether the operation failure is allowed according to a preset security policy. If yes, record the execution failure process, and then end the current processing flow; otherwise, directly end the current processing flow.
- Steps 617 ⁇ 618 Determine whether to record the operation success log according to the preset security policy. If yes, record the successful operation process, and then end the current processing flow; otherwise, directly end the current processing flow.
- the audit log service can also record the success and failure of the confidentiality service and/or integrity service according to a preset security policy. That is to say, the recording success process and/or the failure process can be customized in advance, and correspondingly, the following steps are added in the process of FIG. 6:
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP05772864A EP1814255B1 (en) | 2004-08-08 | 2005-08-08 | System and method for realizing the security management in 3g mobile communication network |
AT05772864T ATE557490T1 (de) | 2004-08-08 | 2005-08-08 | System und verfahren zur realisierung der sicherheitsverwaltung im 3g- mobilkommunikationsnetz |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200410071798.5 | 2004-08-08 | ||
CNB2004100717985A CN100344090C (zh) | 2004-08-08 | 2004-08-08 | 第三代移动通信网络中实现安全管理的系统及方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2006015537A1 true WO2006015537A1 (fr) | 2006-02-16 |
Family
ID=35839134
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2005/001214 WO2006015537A1 (fr) | 2004-08-08 | 2005-08-08 | Systeme et procede pour la gestion de securite sur un reseau mobile 3g |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP1814255B1 (zh) |
CN (1) | CN100344090C (zh) |
AT (1) | ATE557490T1 (zh) |
WO (1) | WO2006015537A1 (zh) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102238707A (zh) * | 2010-05-09 | 2011-11-09 | 中兴通讯股份有限公司 | 一种基站节能方法、系统和装置 |
CN103684820A (zh) * | 2012-09-07 | 2014-03-26 | 中兴通讯股份有限公司 | 一种操作方式更改方法、装置及系统 |
Families Citing this family (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102005010609B3 (de) * | 2005-03-08 | 2006-06-08 | Siemens Ag | Freischalten von IRPs (Integration Reference Points) |
CN101262470B (zh) * | 2007-06-20 | 2011-07-13 | 中兴通讯股份有限公司 | 一种实现接口剥离的北向接口及其与用户的交互方法 |
CN101383718B (zh) * | 2007-09-05 | 2011-03-02 | 中兴通讯股份有限公司 | 网络管理系统共享部分暂停规则的方法及装置 |
CN101686157B (zh) * | 2008-09-28 | 2011-12-07 | 华为技术有限公司 | 一种软件管理方法、装置和系统 |
CN101997733A (zh) * | 2009-08-14 | 2011-03-30 | 中兴通讯股份有限公司 | 北向接口接入者监控信息查询系统及方法 |
CN102045819B (zh) * | 2009-10-19 | 2014-12-24 | 华为技术有限公司 | 一种基站节能管理方法、基站节能方法及装置和系统 |
CN102055595B (zh) * | 2009-10-31 | 2013-11-06 | 华为技术有限公司 | 自配置的方法、装置和系统 |
CN102104504B (zh) * | 2009-12-21 | 2013-09-11 | 中兴通讯股份有限公司 | 一种北向接口测试平台及测试方法 |
CN102164375A (zh) * | 2010-02-22 | 2011-08-24 | 华为技术有限公司 | 一种收集终端测量数据的方法和系统 |
CN103402215B (zh) * | 2010-02-22 | 2018-04-27 | 华为技术有限公司 | 一种收集终端测量数据的方法和系统 |
CN102238586B (zh) | 2010-04-30 | 2014-02-26 | 华为技术有限公司 | 网管系统中的节能管理方法、装置及系统 |
CN102244659A (zh) * | 2011-06-30 | 2011-11-16 | 成都市华为赛门铁克科技有限公司 | 安全策略脚本执行方法、装置以及安全策略系统 |
US9762554B2 (en) | 2013-05-02 | 2017-09-12 | Telefonaktiebolaget Lm Ericsson (Publ) | Handling of performance monitoring data |
CN104980914A (zh) * | 2014-04-01 | 2015-10-14 | 中国移动通信集团辽宁有限公司沈阳分公司 | 一种对sim卡内应用安全访问控制的方法和系统 |
CN104901944B (zh) * | 2015-04-07 | 2017-12-15 | 中国人民解放军信息工程大学 | 基于主体交互行为的安全协议密文信息推断方法 |
EP3400681B1 (en) * | 2016-01-08 | 2022-11-09 | Apple Inc. | Performance monitoring techniques for virtualized resources |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002047250A2 (en) * | 2000-12-05 | 2002-06-13 | Ubinetics Limited | Quadrature modulator |
US20020141401A1 (en) * | 1999-07-01 | 2002-10-03 | Mark Albert | Distributing packets among multiple tiers of network appliances |
US20020176423A1 (en) * | 2001-05-25 | 2002-11-28 | Telefonaktiebolaget L M Ericsson | Method, system and agent for third generation partnership project (3GPP) technical specification (TS) document number exchange |
US20040098618A1 (en) * | 2002-11-14 | 2004-05-20 | Kim Hyun Joo | System and method for defending against distributed denial-of-service attack on active network |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020031230A1 (en) * | 2000-08-15 | 2002-03-14 | Sweet William B. | Method and apparatus for a web-based application service model for security management |
-
2004
- 2004-08-08 CN CNB2004100717985A patent/CN100344090C/zh not_active Expired - Lifetime
-
2005
- 2005-08-08 EP EP05772864A patent/EP1814255B1/en active Active
- 2005-08-08 WO PCT/CN2005/001214 patent/WO2006015537A1/zh active Application Filing
- 2005-08-08 AT AT05772864T patent/ATE557490T1/de active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020141401A1 (en) * | 1999-07-01 | 2002-10-03 | Mark Albert | Distributing packets among multiple tiers of network appliances |
WO2002047250A2 (en) * | 2000-12-05 | 2002-06-13 | Ubinetics Limited | Quadrature modulator |
US20020176423A1 (en) * | 2001-05-25 | 2002-11-28 | Telefonaktiebolaget L M Ericsson | Method, system and agent for third generation partnership project (3GPP) technical specification (TS) document number exchange |
US20040098618A1 (en) * | 2002-11-14 | 2004-05-20 | Kim Hyun Joo | System and method for defending against distributed denial-of-service attack on active network |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102238707A (zh) * | 2010-05-09 | 2011-11-09 | 中兴通讯股份有限公司 | 一种基站节能方法、系统和装置 |
CN102238707B (zh) * | 2010-05-09 | 2016-01-20 | 中兴通讯股份有限公司 | 一种基站节能方法、系统和装置 |
CN103684820A (zh) * | 2012-09-07 | 2014-03-26 | 中兴通讯股份有限公司 | 一种操作方式更改方法、装置及系统 |
CN103684820B (zh) * | 2012-09-07 | 2018-08-24 | 南京中兴新软件有限责任公司 | 一种操作方式更改方法、装置及系统 |
Also Published As
Publication number | Publication date |
---|---|
EP1814255A4 (en) | 2011-05-25 |
EP1814255B1 (en) | 2012-05-09 |
EP1814255A1 (en) | 2007-08-01 |
CN100344090C (zh) | 2007-10-17 |
CN1731879A (zh) | 2006-02-08 |
ATE557490T1 (de) | 2012-05-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2006015537A1 (fr) | Systeme et procede pour la gestion de securite sur un reseau mobile 3g | |
US9077686B2 (en) | Techniques for secure transparent switching between modes of a virtual private network (VPN) | |
US7590684B2 (en) | System providing methodology for access control with cooperative enforcement | |
JP5714078B2 (ja) | 分散セキュアコンテンツ管理システムに対する認証 | |
EP1743465B1 (en) | Method and system for access control in distributed object-oriented systems | |
TWI439103B (zh) | 網路資源之單一登入以及安全存取的政策導向憑證授權 | |
TWI400922B (zh) | 在聯盟中主用者之認證 | |
CA2407482C (en) | Security link management in dynamic networks | |
US10356612B2 (en) | Method of authenticating a terminal by a gateway of an internal network protected by an access security entity providing secure access | |
US8239933B2 (en) | Network protecting authentication proxy | |
WO2017166172A1 (en) | System and method for integrating a transactional middleware platform with a centralized access manager for single sign-on in an enterprise-level computing environment | |
US20070143408A1 (en) | Enterprise to enterprise instant messaging | |
US20080059804A1 (en) | Method and apparatus for providing trusted single sign-on access to applications and internet-based services | |
JP2009538478A5 (zh) | ||
US11695747B2 (en) | Multi-device single sign-on | |
EP2056546A1 (en) | Proxy Authentication Server | |
JPH11338799A (ja) | ネットワーク接続制御方法及びシステム | |
WO2000042730A1 (en) | Seamless integration of application programs with security key infrastructure | |
EP3042487B1 (en) | Secured mobile communications device | |
CN116032533A (zh) | 基于零信任的远程办公访问方法及系统 | |
KR102058283B1 (ko) | 이종 사물 인터넷 서비스 플랫폼 간의 보안 상호운용성 프레임워크 및 그 장치 | |
Prasanalakshmi et al. | Secure credential federation for hybrid cloud environment with SAML enabled multifactor authentication using biometrics | |
CN116545633A (zh) | 一种高安全性api调用方法 | |
KR101400709B1 (ko) | 클라우드 컴퓨팅 환경에서 터미널 서비스 접근 제어 시스템 및 방법 | |
CN116389095A (zh) | 一种云平台混合身份认证方法及系统 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2005772864 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 2005772864 Country of ref document: EP |