WO2007112692A1 - A communication method in the user network and a system thereof - Google Patents

A communication method in the user network and a system thereof Download PDF

Info

Publication number
WO2007112692A1
WO2007112692A1 PCT/CN2007/001074 CN2007001074W WO2007112692A1 WO 2007112692 A1 WO2007112692 A1 WO 2007112692A1 CN 2007001074 W CN2007001074 W CN 2007001074W WO 2007112692 A1 WO2007112692 A1 WO 2007112692A1
Authority
WO
WIPO (PCT)
Prior art keywords
user equipment
management entity
user
communication
network
Prior art date
Application number
PCT/CN2007/001074
Other languages
French (fr)
Chinese (zh)
Other versions
WO2007112692A8 (en
Inventor
Yongfeng Zhong
Ling Zhang
Ling Liu
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Priority to JP2009503394A priority Critical patent/JP2009532959A/en
Publication of WO2007112692A1 publication Critical patent/WO2007112692A1/en
Publication of WO2007112692A8 publication Critical patent/WO2007112692A8/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/009Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks

Definitions

  • the present invention relates to the field of communications, and in particular to a communication technology between user equipments in a user network. Background technique
  • peripheral devices In recent years, with the development of technology and the increasing demand for high-tech products, people have more and more peripheral devices. Users may not only have multiple laptops, mobile phones, etc. at the same time, but may also need to own PCs. Connect the peripherals such as printers, scanners, and modems to the machine, and sometimes plug in the USB port to transfer and store the photos in the digital camera to the hard disk. Frequent insertion and removal of a certain interface, the various cables entangled after the PC, allow users to experience the new technology to enjoy, but also have to endure some inconvenience. In addition, the information transfer between the staff in various departments within the enterprise also puts forward higher requirements for the mobilization of information transmission in modern enterprises. In a limited office environment, the local area network can realize information sharing and device sharing (printer, scanning).
  • PAN Personal Area Network
  • the PAN network is oriented to a specific group in a space with a small radius of activity and a rich business type.
  • a mobile communication network that implements a wireless connection. This is a wireless network that is juxtaposed with a wide area network and a local area network but has a small range.
  • the core idea of the PAN network is to replace the traditional wired cable with radio or infrared, to realize the intelligent interconnection of personal information terminals, and to build a personalized information network.
  • the PAN network is a local area network; from the perspective of the telecommunication network, the PAN network is an access network, so some people refer to the PAN network as the "last metre" solution of the telecommunication network.
  • the PAN network is targeted at home and small office applications. Its main application areas include: voice communication gateway, data communication gateway, information electrical interconnection and automatic information exchange.
  • PAN network mainly include: Bluetooth (Bluetooth), Infrared Data Association (Infrared Data Association, "IRDA”) infrared communication technology.
  • Bluetooth Bluetooth
  • Infrared Data Association Infrared Data Association
  • IRDA Infrared Data Association
  • PAN network all user equipments (User Equipments, referred to as "UEs") of the same user can be managed and exchanged.
  • the network range of the PAN is small, such as mobile phones with strong mobility such as mobile phones. It may be limited to one PAN network.
  • both UEs performing communication are in the same PAN network of the same user network, that is, the UE communicates with each other in close proximity.
  • wireless technology can be used, such as wireless technology such as Bluetooth or infrared communication, or wired technology, such as wired technology including USB cable, to directly perform point-to-point communication between UEs.
  • the communication mode between UE1 and UE2 is the same.
  • UE1 and UE3 in Figure 1 Second, for UEs that are not in the same access network, that is, in the same PAN network, UE1 and UE3 in Figure 1, because of the need for long-distance communication, communication between them needs to be provided through the switching center provided by the operator.
  • the exchange is performed, that is, when UE1 needs to communicate with UE2, UE1 initiates a request through its access network A, and then passes through the switching center and access network B to reach UE3.
  • the data transmission of UE1 also needs to pass through access network A, switching center and access network B in order to be transmitted to UE3.
  • Embodiments of the present invention provide a communication system for a user equipment in a user network, and a method thereof.
  • the communication information between UEs in the user network can be secured.
  • An embodiment of the present invention provides a communication method for a user network, including the following steps: When two user equipments belonging to the same user need to communicate, the first user equipment sends a communication request to the user equipment registration information. Management entity requesting to establish a connection with the second user equipment;
  • the management entity performs security authentication on the first and second user equipments according to the communication request and the saved registration information
  • the first user equipment After the authentication succeeds, the first user equipment directly establishes a point-to-point connection with the second user equipment.
  • An embodiment of the present invention provides a user network communication system, which has at least two user equipments belonging to the same user and an access network thereof, and the system includes:
  • a management entity configured to save registration information of the user equipment and perform security authentication on the user equipment
  • the communication request is sent to the management entity, and the management entity performs the first and second user equipment according to the communication request and the saved registration information.
  • safety certificate
  • the first user equipment After the authentication succeeds, the first user equipment directly establishes a point-to-point connection with the second user equipment.
  • two UEs in the user network before establishing a point-to-point connection, two UEs in the user network first request security authentication of the relevant UE from the access entity through the access network, only in the relevant UE.
  • a point-to-point connection is established when authentication passes.
  • the management entity can also guarantee the security of data transmission by providing a key to the UE that successfully authenticates.
  • the two parties in the user network perform security authentication on both sides of the communication to ensure the legality of both parties.
  • the management entity After the authentication is passed, the management entity further provides the communication parties with a secret. The key ensures the security of data transmission between the two parties.
  • the point-to-point connection is a remote connection established through the respective access network. Because the point-to-point connection between the two UEs does not go through the switching center, It can save resources of the switching center when it is far away from communication.
  • FIG. 1 is a schematic diagram of communication of a UE in a same user network in the prior art
  • FIG. 2 is a structural diagram of a communication system of a UE in a user network according to a first embodiment of the present invention
  • FIG. 3 is a second embodiment of the present invention.
  • FIG. 4 is a flowchart of a communication method of a UE in a user network according to a third embodiment of the present invention;
  • the communication system of the UE in the user network according to the first embodiment of the present invention will be described below based on the principle of the present invention.
  • the communication system of the UE in the user network includes at least two UEs belonging to the same user and their access networks, and a management entity for storing and authenticating the registration information of the UEs.
  • Each of the UEs belonging to the same user is located in the same PAN network, and interacts with its management entity through the same access network.
  • a plurality of UEs belonging to the same user in the system register in advance in their management entities before communication is required, and the management entity stores registration information of each UE that is registered.
  • the UE1 first sends a communication request to the management entity through its common access network A, requesting communication with the UE2, where the communication request includes the UE1 itself. Registration information and the device identification number of UE2.
  • the management entity After receiving the request, the management entity performs security authentication on the UE1 and the UE2 according to the previously stored registration information. For example, the management entity compares the registration information of the UE1 in the communication request with the saved registration information, and determines to initiate the communication.
  • the management entity sends a request message for communication to the UE2, where the request message includes the device identification number of the UE1.
  • the management entity decides whether to agree to communicate with ⁇ 1, and sends corresponding feedback information to the management entity according to the decision.
  • the management entity determines the received feedback information. If the UE2 accepts the request for communication with the UE1, the management entity further generates a temporary key for the UE1 and the UE2, and sends the key to the UE1.
  • the management entity sends an acknowledgement message that UE2 accepts the current communication to UE1.
  • UE1 and UE2 establish a direct connection within the scope of the PAN network, and after the connection is established, communicate through the temporary key provided by the management entity.
  • the second embodiment of the present invention is substantially the same as the first embodiment.
  • the communication system of the UE in the user network in the second embodiment includes at least two UEs belonging to the same user and their access networks, and is used for
  • the management entity that stores the registration information of these UEs and performs security authentication is different only in that the systems belonging to the same user in the system of the second embodiment are not located in the same PAN network, and each UE passes through its own access network.
  • the management entity interacts, and both UEs that need to communicate establish a remote connection through their respective access networks after the security authentication succeeds.
  • the same user has multiple UEs, where UE1 and UE3 are not in the same PAN network, UE1 is connected to access network A, and UE3 is connected to access network B.
  • the UE1 needs to communicate with the UE3, the UE1 sends a communication request to the management entity to communicate with the UE3 through the access network A, where the communication request includes the registration information of the UE1 itself and the device identification number of the UE3.
  • the management entity performs security authentication on UE1 and UE3 according to the received request message and the saved registration information. If the security authentication is successful, the communication request message including the device identification number of UE1 is sent to ⁇ 3.
  • the UE3 receives the request message from the management entity through the access network B, decides whether to agree to communicate with the UE1, and sends corresponding feedback information to the management entity according to the decision. If the management entity receives the feedback information that the UE3 agrees to perform the current communication, the UE further generates a temporary key for the UE1 and the UE3, and sends the key to the UE1 and the UE3, respectively, and the management entity accepts the confirmation of the current communication by the UE2. The message is sent to UE1. After receiving the key, UE1 and UE3 establish a remote connection through access network A and access network B respectively, and then communicate through the temporary key after the connection is established.
  • step 410 when the UE1 needs to communicate with the UE 2 belonging to the same user, the UE1 sends a communication request to the management entity to communicate with the ⁇ 2.
  • UE1 and UE2 belonging to the same user may be located in the same PAN network, or may be located in different PAN networks. If UE1 and UE2 are located in the same PAN network, UE1 needs to communicate with UE2 when it needs to communicate with UE2.
  • the common access network sends a communication request to the management entity to communicate with the UE2; if the UE1 and the UE2 are located in different PAN networks, the UE1 needs to access the UE2 when it needs to communicate with the UE2.
  • the network sends a communication request to the management entity to communicate with the UE2.
  • the communication request includes the registration information of the UE1 and the device identification number of the UE2.
  • the management entity After receiving the communication request from UE1, the management entity performs security authentication on UE1 and UE2 according to the information therein.
  • each UE belonging to the same user needs to register in the management entity in advance, and the management entity also needs to save the registration information of the registered UE. Therefore, when the management entity receives the communication request from the UE1, it can perform security authentication on the UE1 and the UE2 according to the information in the communication request and the registration information held by itself.
  • the management entity determines whether UE1 and UE2 have passed the security authentication, and if yes, proceeds to step 450, and if not, proceeds to step 440;
  • step 440 the management entity returns a message to the UE1 that the communication request failed.
  • the management entity continues the communication request only when both UEs that need to communicate pass the security authentication, thereby effectively preventing the unauthorized UE from accessing the UE in the user network, thereby ensuring the security of both parties.
  • step 450 the UE1 and the UE2 pass the security authentication, and the management entity sends a request message for the communication to the UE2, where the message includes the device identification number of the UE1.
  • UE2 receives the request message from the management entity, and determines whether to agree to perform the current communication according to the device identification number of UE1. Similarly, if UE1 and UE2 are located in the same PAN network, UE2 receives the request message from the management entity through its common access network, and decides whether to agree to perform the current communication; if UE1 and UE2 are located in different PAN networks, The UE 2 receives the request message from the management entity through the access network to which it belongs, and decides whether or not to agree to perform the current communication. If the UE2 agrees to perform the current communication, the feedback message of the current communication is sent to the management entity, and the process proceeds to step 480. Otherwise, the process proceeds to step 470. In step 470, the UE2 sends a feedback message rejecting the current communication to the management entity. After receiving the rejection message, the management entity further notifies UE1 that the communication request failed.
  • step 480 since the UE2 agrees to communicate with the UE1, the management entity generates a temporary key for the current communication, and transmits the temporary key to the UE1 and the UE2, respectively, and the management entity accepts the confirmation of the current communication by the UE2.
  • the message is sent to UE1. Since the temporary key is temporarily generated when the UE needs to communicate with each other, it has strong randomness and real-time performance, and is not easily Unscrupulous user cracking, the communication parties communicate through the temporary key, which ensures the security of data transmission during the communication process.
  • UE1 and UE2 establish a point-to-point connection to communicate after receiving the temporary key. Specifically, if UE1 and UE2 are in the same PAN network, both UEs establish a direct connection within the scope of their PAN network, and after the connection is established, communicate through the temporary key provided by the management entity; if UE1 and UE2 do not Within the same PAN network, UE1 and UE2 establish remote connections through their respective access networks, and also communicate through the temporary key after the connection is established.
  • the resources of the switching center are greatly saved, and the resources can be more rationally utilized.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A communication method in the user network and a system thereof include: before the point-to-point connection is created, two UEs in the user network request the management entity for the security authentication of the corresponding UE via the access network, and the point-to-point connection is created until the certification of the corresponding UE is passed. The management entity may provide the key to the certificated UE to ensure the security of the data transmission. If two UEs are in the same personal area network, the point-to-point connection is the direct connection in the personal area network range. If two UEs are not in the same personal area network, the point-to-point connection is the remote connection created by the respective access network. By using the invention, the security of the data transmission among the UEs in the user network is ensured.

Description

用户网络中的通信方法及系统 本申请要求于 2006 年 04 月 04 日提交中国专利局、 申请号为 200610025438.0、 发明名称为"用户网络中用户设备的通信系统及其方法" 的中国专利申请的优先权, 其全部内容通过引用结合在本申请中。 技术领域  Communication method and system in user network This application claims priority to Chinese patent application filed on April 4, 2006, Chinese Patent Office, application number 200610025438.0, and the invention name "communication system and method of user equipment in user network" The entire contents of which are incorporated herein by reference. Technical field
本发明涉及通信领域, 特别涉及用户网络中用户设备间的通信技术。 背景技术  The present invention relates to the field of communications, and in particular to a communication technology between user equipments in a user network. Background technique
近年来, 随着科技的发展以及人们对高科技产品需求的增大, 人们所 拥有的外围设备的逐渐增多, 用户们不仅可能同时拥有多个手提电脑、 手 机等, 还可能需要在自己的 PC机上连接打印机、 扫描仪、 调制解调器等 外围设备,有时还要插上 USB接口, 将数码相机中的像片传输并存储到硬 盘中去。 频繁地插入拔出某一接口、 PC机后缠绕着的各种线缆, 都使用户 在体验新技术带来享受的同时, 又不得不忍受一些不便。 此外, 企业内部 各个部门工作人员之间的信息传递在现代化企业中也对信息传送的移动化 提出更高的要求, 在有限的办公环境中, 组成局域网可以实现信息共享和 设备共享(打印机、 扫描仪等), 但是密密麻麻的布线又给人带来不便。 针对这种现象, 学术界提出了一个新的概念: 个人域网络(Personal Area Network, 筒称" PAN,,)。 PAN网絡就是在一个活动半径较小、 业务类型丰 富的空间内, 面向特定群体, 实现无线连接的移动通信网。 这是一种与广 域网、 局域网并列但是范围较小的无线网络。  In recent years, with the development of technology and the increasing demand for high-tech products, people have more and more peripheral devices. Users may not only have multiple laptops, mobile phones, etc. at the same time, but may also need to own PCs. Connect the peripherals such as printers, scanners, and modems to the machine, and sometimes plug in the USB port to transfer and store the photos in the digital camera to the hard disk. Frequent insertion and removal of a certain interface, the various cables entangled after the PC, allow users to experience the new technology to enjoy, but also have to endure some inconvenience. In addition, the information transfer between the staff in various departments within the enterprise also puts forward higher requirements for the mobilization of information transmission in modern enterprises. In a limited office environment, the local area network can realize information sharing and device sharing (printer, scanning). Instrument, etc.), but the dense wiring is inconvenient. In response to this phenomenon, the academic community has proposed a new concept: Personal Area Network (PAN,). The PAN network is oriented to a specific group in a space with a small radius of activity and a rich business type. A mobile communication network that implements a wireless connection. This is a wireless network that is juxtaposed with a wide area network and a local area network but has a small range.
PAN网络的核心思想是, 用无线电或红外线代替传统的有线电缆, 实 现个人信息终端的智能化互联, 组建个人化的信息网絡。 从计算机网络的 角度来看, PAN网络是一个局域网; 从电信网络的角度来看, PAN网络是 一个接入网, 因此有人把 PAN网络称为电信网络"最后一米"的解决方案。 PAN网络定位在家庭与小型办公室的应用场合。 其主要应用范围包括: 话 音通信网关、 数据通信网关、 信息电器互联与信息自动交换等。  The core idea of the PAN network is to replace the traditional wired cable with radio or infrared, to realize the intelligent interconnection of personal information terminals, and to build a personalized information network. From the perspective of computer networks, the PAN network is a local area network; from the perspective of the telecommunication network, the PAN network is an access network, so some people refer to the PAN network as the "last metre" solution of the telecommunication network. The PAN network is targeted at home and small office applications. Its main application areas include: voice communication gateway, data communication gateway, information electrical interconnection and automatic information exchange.
PAN网络的实现技术主要有:蓝牙( Bluetooth )、红外数据协会( Infrared Data Association , 筒称 "IRDA" ) 的红外通讯技术等。 通过 PAN 网络可以 艮好地对同一用户近距离的所有用户设备 ( User Equipment, 简称" UE" )进行管理和信息交换, 然而 PAN的网络范围毕竟 较小, 如手机等移动性较强的 UE不可能限制于一个 PAN网络中, 为了方 便用户对其所拥有的所有 UE进行管理, 我们将归属于同一个用户的 UE 组成用户网絡,该用户网络可以包含物理上相 ^[艮远的多个 UE或者由 UE 组成的 PAN网络。 The implementation technologies of PAN network mainly include: Bluetooth (Bluetooth), Infrared Data Association (Infrared Data Association, "IRDA") infrared communication technology. Through the PAN network, all user equipments (User Equipments, referred to as "UEs") of the same user can be managed and exchanged. However, the network range of the PAN is small, such as mobile phones with strong mobility such as mobile phones. It may be limited to one PAN network. In order to facilitate the user to manage all the UEs it owns, we will group the UEs belonging to the same user into a user network, which may contain multiple physical UEs. Or a PAN network composed of UEs.
在现有技术中,在同一个用户网絡中的各 UE间的通信包含两种情况, 其一, 是进行通信的 UE双方同处于同一用户网络的同一 PAN网络内, 即 UE双方近距离通信, 在这种情况下, 可以采用无线的技术方式, 如采用 蓝牙、 红外通讯等无线技术, 或者采用有线的技术方式, 如采用包括 USB 线缆在内的有线技术, 直接进行 UE双方的点对点通信, 无需通过运营商 网络的管理。 也就是说, 通信的 UE双方无需经过核心网, 仅在 PAN网络 内部通过近距离连接直接通信,如图 1所示, UE1和 UE2间即为该种通信 方式。  In the prior art, communication between UEs in the same user network includes two situations. First, both UEs performing communication are in the same PAN network of the same user network, that is, the UE communicates with each other in close proximity. In this case, wireless technology can be used, such as wireless technology such as Bluetooth or infrared communication, or wired technology, such as wired technology including USB cable, to directly perform point-to-point communication between UEs. No need to manage through the carrier network. That is to say, the UEs of the communication do not need to go through the core network, and only communicate directly through the short-distance connection within the PAN network. As shown in FIG. 1, the communication mode between UE1 and UE2 is the same.
其二, 对于不在同一个接入网下, 即不在同一 PAN网络中的 UE, 如 图 1中的 UE1和 UE3, 由于需要远距离通信, 因此它们之间的通信需要经 由运营商提供的交换中心进行交换, 也就是说, 在 UE1需要与 UE2进行 通信时,由 UE1通过其接入网 A发起请求,然后经过交换中心和接入网 B, 才能到达 UE3。 除了一些控制信令外, UE1的数据传输同样需要先后通过 接入网 A、 交换中心和接入网 B, 才能传输到 UE3。  Second, for UEs that are not in the same access network, that is, in the same PAN network, UE1 and UE3 in Figure 1, because of the need for long-distance communication, communication between them needs to be provided through the switching center provided by the operator. The exchange is performed, that is, when UE1 needs to communicate with UE2, UE1 initiates a request through its access network A, and then passes through the switching center and access network B to reach UE3. In addition to some control signaling, the data transmission of UE1 also needs to pass through access network A, switching center and access network B in order to be transmitted to UE3.
在实际应用中, 采用上述方案在同一用户网络内各 UE间通信的安全 性无法得到保证, 且各 UE间的通信较大程度上占用了交换中心资源。  In practical applications, the security of communication between UEs in the same user network cannot be guaranteed by using the above solution, and the communication between UEs occupies the switching center resources to a large extent.
由于同一用户网络内处于同一 PAN 网络的 UE 间采用的是点对点通 信, 即通信的 UE双方无需经过核心网, 仅在: PAN网络内部直接建立连接 进行通信, 不存在任何安全认证措施, 从而无法保证通信的安全性。 而当 同一用户网络内进行通信的 UE不处于同一 PAN网络中时, 通信双方必须 通过交换中心才能进行通信, 占用了交换中心的大量资源。 发明内容  Since the UEs in the same PAN network in the same user network use peer-to-peer communication, that is, the two communicating UEs do not need to go through the core network, and only the PAN network directly establishes a connection for communication, and there is no security authentication measure, which cannot be guaranteed. The security of communication. When the UEs communicating in the same user network are not in the same PAN network, the two communication parties must communicate through the switching center, occupying a large amount of resources of the switching center. Summary of the invention
本发明实施例提供一种用户网络中用户设备的通信系统及其方法, 使 得用户网络内 UE间的通信信息能够得到安全保障。 Embodiments of the present invention provide a communication system for a user equipment in a user network, and a method thereof. The communication information between UEs in the user network can be secured.
本发明实施例提供一种用于用户网络中的通信方法, 包括以下步骤: 当属于同一用户的两个用户设备需要通信时,第一用户设备将通信请 求发送给保存有所述用户设备注册信息的管理实体,请求建立与第二用户 设备的连接;  An embodiment of the present invention provides a communication method for a user network, including the following steps: When two user equipments belonging to the same user need to communicate, the first user equipment sends a communication request to the user equipment registration information. Management entity requesting to establish a connection with the second user equipment;
所述管理实体根据该通信请求以及所保存的注册信息对所述第一、第 二用户设备进行安全认证;  The management entity performs security authentication on the first and second user equipments according to the communication request and the saved registration information;
在所述认证成功后,所述第一用户设备与第二用户设备直接建立点对 点连接。  After the authentication succeeds, the first user equipment directly establishes a point-to-point connection with the second user equipment.
本发明实施例提供一种用户网络通信系统,具有属于同一用户的至少 两个用户设备及其接入网, 该系统包括:  An embodiment of the present invention provides a user network communication system, which has at least two user equipments belonging to the same user and an access network thereof, and the system includes:
管理实体,用于保存所述用户设备的注册信息并对所述用户设备进行 安全认证;  a management entity, configured to save registration information of the user equipment and perform security authentication on the user equipment;
第一用户设备在需要与第二用户设备建立通信时,将通信请求发送给 所述管理实体,所述管理实体根据该通信请求以及所保存的注册信息对所 述第一、 第二用户设备进行安全认证;  When the first user equipment needs to establish communication with the second user equipment, the communication request is sent to the management entity, and the management entity performs the first and second user equipment according to the communication request and the saved registration information. safety certificate;
在所述认证成功后, 第一用户设备与第二用户设备直接建立点对点连 接。  After the authentication succeeds, the first user equipment directly establishes a point-to-point connection with the second user equipment.
综上所述, 本发明实施例提供的技术方案中, 用户网络内的两个 UE 建立点到点连接前,先通过接入网向管理实体请求对相关 UE的安全认证, 只有在相关 UE的认证都通过时才建立点到点连接。 通过增加连接前的安 全认证, 防止了非法 UE对用户网络内 UE未经授权的访问。 管理实体还 可以通过向认证成功的 UE提供密钥来保障数据传输的安全。  In summary, in the technical solution provided by the embodiment of the present invention, before establishing a point-to-point connection, two UEs in the user network first request security authentication of the relevant UE from the access entity through the access network, only in the relevant UE. A point-to-point connection is established when authentication passes. By increasing the security authentication before the connection, the unauthorized UE is prevented from unauthorized access to the UE in the user network. The management entity can also guarantee the security of data transmission by providing a key to the UE that successfully authenticates.
当属于同一用户的两个 UE需要进行通信时, 通过该用户网络中的管 理实体对通信双方进行安全认证, 保证通信双方的合法性, 并在认证通过 后, 进一步通过管理实体为通信双方提供密钥, 使得通信双方数据传输的 安全性得到保障。  When two UEs belonging to the same user need to communicate, the two parties in the user network perform security authentication on both sides of the communication to ensure the legality of both parties. After the authentication is passed, the management entity further provides the communication parties with a secret. The key ensures the security of data transmission between the two parties.
如果两个 UE不在同一个人域网络内, 则点对点连接是通过各自的接 入网建立的远程连接。 因为两个 UE间的点到点连接不经过交换中心, 所 以在远巨离通信时可以节省交换中心的资源。 附图说明 If two UEs are not in the same personal area network, the point-to-point connection is a remote connection established through the respective access network. Because the point-to-point connection between the two UEs does not go through the switching center, It can save resources of the switching center when it is far away from communication. DRAWINGS
图 1是现有技术中同一用户网络中的 UE进行通信的示意图; 图 2是根据本发明第一实施例的用户网络中 UE的通信系统结构图; 图 3是根据本发明第二实施例的用户网络中 UE的通信系统结构图; 图 4是根据本发明第三实施例的用户网络中 UE的通信方法流程图。 具体实施方式  1 is a schematic diagram of communication of a UE in a same user network in the prior art; FIG. 2 is a structural diagram of a communication system of a UE in a user network according to a first embodiment of the present invention; FIG. 3 is a second embodiment of the present invention. FIG. 4 is a flowchart of a communication method of a UE in a user network according to a third embodiment of the present invention; FIG. detailed description
为使本发明的目的、 技术方案和优点更加清楚, 下面将结合附图对本 发明作进一步地详细描述。  The present invention will be further described in detail below with reference to the accompanying drawings.
下面根据本发明的原理对本发明第一实施例的用户网络中 UE的通信 系统进行说明。  The communication system of the UE in the user network according to the first embodiment of the present invention will be described below based on the principle of the present invention.
如图 2所示, 用户网络中 UE的通信系统包含属于同一用户的至少两 个 UE及其接入网, 以及用于保存这些 UE的注册信息并对其进行安全认 证的管理实体。其中,上述属于同一用户的各 UE位于同一个 PAN网络内, 并通过同一个接入网与其管理实体进行交互。  As shown in FIG. 2, the communication system of the UE in the user network includes at least two UEs belonging to the same user and their access networks, and a management entity for storing and authenticating the registration information of the UEs. Each of the UEs belonging to the same user is located in the same PAN network, and interacts with its management entity through the same access network.
具体地说, 本系统中属于同一用户的多个 UE在需要进行通信前, 预 先在其管理实体中进行注册, 同时, 该管理实体保存进行注册的各 UE的 注册信息。 其后, 当该用户的 UE1需要与同属于该用户的 UE2建立通信 时, UE1 首先通过其共同的接入网 A向管理实体发送通信请求, 请求与 UE2进行通信, 该通信请求中包含 UE1本身的注册信息以及 UE2的设备 标识号。 管理实体接收到该请求后,才艮据之前所保存的注册信息对 UE1和 UE2进行安全认证, 比如说, 管理实体对比通信请求中 UE1的注册信息与 所保存的注册信息是否一致, 判断发起通信请求的 UE1是否合法, 并根据 UE2的标识号判断 UE2是否已经注册等, 对 UE1和 UE2进行安全认证。 如果认证成功, 则该管理实体向 UE2发送通信的请求消息,请求消息中包 含 UE1 的设备标识号。 UE2接收到该请求消息后, 决定是否同意与 ΌΈ1 进行通信, 并根据该决定向管理实体发送相应的反馈信息。 管理实体对接 收到的反馈信息进行判断, 如果 UE2接受与 UE1进行通信的请求, 则管 理实体进一步为 UE1和 UE2生成临时密钥, 并将该密钥分别发送给 UE1 和 UE2, 同时, 管理实体将 UE2接受本次通信的确认消息发送给 UE1。 UEl和 UE2在接收到该密钥后, 建立其在 PAN网络范围内的直接连接, 并在连接建立后, 通过管理实体提供的临时密钥进行通信。 Specifically, a plurality of UEs belonging to the same user in the system register in advance in their management entities before communication is required, and the management entity stores registration information of each UE that is registered. Thereafter, when the UE1 of the user needs to establish communication with the UE2 that belongs to the user, the UE1 first sends a communication request to the management entity through its common access network A, requesting communication with the UE2, where the communication request includes the UE1 itself. Registration information and the device identification number of UE2. After receiving the request, the management entity performs security authentication on the UE1 and the UE2 according to the previously stored registration information. For example, the management entity compares the registration information of the UE1 in the communication request with the saved registration information, and determines to initiate the communication. Whether the requested UE1 is legal, and whether the UE2 has been registered or the like according to the identification number of the UE2, performs security authentication on the UE1 and the UE2. If the authentication is successful, the management entity sends a request message for communication to the UE2, where the request message includes the device identification number of the UE1. After receiving the request message, UE2 decides whether to agree to communicate with ΌΈ1, and sends corresponding feedback information to the management entity according to the decision. The management entity determines the received feedback information. If the UE2 accepts the request for communication with the UE1, the management entity further generates a temporary key for the UE1 and the UE2, and sends the key to the UE1. And UE2, at the same time, the management entity sends an acknowledgement message that UE2 accepts the current communication to UE1. After receiving the key, UE1 and UE2 establish a direct connection within the scope of the PAN network, and after the connection is established, communicate through the temporary key provided by the management entity.
本发明第二实施例与第一实施例大致相同, 如图 3所示, 第二实施例 中用户网络中 UE的通信系统包含属于同一用户的至少两个 UE及其接入 网, 以及用于保存这些 UE的注册信息并对其进行安全认证的管理实体, 其区别仅在于第二实施方式的系统中属于同一用户的各 ΌΕ并非位于同一 个 PAN网络内, 各 UE通过各自的接入网与管理实体进行交互, 且需要进 行通信的 UE双方在安全认证成功后, 通过各自的接入网建立远程连接。  The second embodiment of the present invention is substantially the same as the first embodiment. As shown in FIG. 3, the communication system of the UE in the user network in the second embodiment includes at least two UEs belonging to the same user and their access networks, and is used for The management entity that stores the registration information of these UEs and performs security authentication is different only in that the systems belonging to the same user in the system of the second embodiment are not located in the same PAN network, and each UE passes through its own access network. The management entity interacts, and both UEs that need to communicate establish a remote connection through their respective access networks after the security authentication succeeds.
比如说, 同一用户拥有多个 UE, 其中, UE1和 UE3不在同一个 PAN 网络中, UE1与接入网 A相连接, UE3与接入网 B相连接。 当 UE1需要 与 UE3进行通信时, UE1通过接入网 A向管理实体发送与 UE3通信的通 信请求, 该通信请求中包含 UE1本身的注册信息以及 UE3的设备标识号。 管理实体根据接收到的请求消息以及所保存的注册信息对 UE1和 UE3进 行安全认证, 如果安全认证成功, 则向 ΌΕ3发送包含 UE1的设备标识号 的通信请求消息。 UE3通过接入网 B接收来自管理实体的请求消息, 决定 是否同意与 UE1 进行通信, 并根据该决定向管理实体发送相应的反馈信 息。 管理实体如果接收到 UE3同意进行本次通信的反馈信息, 则进一步为 UE1和 UE3生成临时密钥, 并将该密钥分别发送给 UE1和 UE3 , 同时, 管理实体将 UE2接受本次通信的确认消息发送给 UE1。 UEl和 UE3在接 收到该密钥后, 分别通过接入网 A和接入网 B建立远程连接, 并在连接建 立后, 通过该临时密钥进行通信。  For example, the same user has multiple UEs, where UE1 and UE3 are not in the same PAN network, UE1 is connected to access network A, and UE3 is connected to access network B. When the UE1 needs to communicate with the UE3, the UE1 sends a communication request to the management entity to communicate with the UE3 through the access network A, where the communication request includes the registration information of the UE1 itself and the device identification number of the UE3. The management entity performs security authentication on UE1 and UE3 according to the received request message and the saved registration information. If the security authentication is successful, the communication request message including the device identification number of UE1 is sent to ΌΕ3. The UE3 receives the request message from the management entity through the access network B, decides whether to agree to communicate with the UE1, and sends corresponding feedback information to the management entity according to the decision. If the management entity receives the feedback information that the UE3 agrees to perform the current communication, the UE further generates a temporary key for the UE1 and the UE3, and sends the key to the UE1 and the UE3, respectively, and the management entity accepts the confirmation of the current communication by the UE2. The message is sent to UE1. After receiving the key, UE1 and UE3 establish a remote connection through access network A and access network B respectively, and then communicate through the temporary key after the connection is established.
本发明第三实施例的用户网络中 UE的通信方法, 如图 4所示, 在步 骤 410中, UE1在需要与属于同一用户的 UE2进行通信时, 向管理实体发 送与 ΌΈ2通信的通信请求。 具体地说, 属于同一用户的 UE1和 UE2可位 于同一个 PAN网络内, 也可以位于不同的 PAN网絡内, 如果 UE1和 UE2 位于同一个 PAN网络, 则 UE1在需要与 UE2进行通信时, 通过其共同的 接入网向管理实体发送与 UE2通信的通信请求; 如果 UE1和 UE2位于不 同的 PAN网络内, 则 UE1在需要与 UE2进行通信时, 通过其所属的接入 网向管理实体发送与 UE2通信的通信请求。 其中, 通信请求中包含 UE1 的注册信息和 UE2的设备标识号。 In the communication method of the UE in the user network according to the third embodiment of the present invention, as shown in FIG. 4, in step 410, when the UE1 needs to communicate with the UE 2 belonging to the same user, the UE1 sends a communication request to the management entity to communicate with the ΌΈ2. Specifically, UE1 and UE2 belonging to the same user may be located in the same PAN network, or may be located in different PAN networks. If UE1 and UE2 are located in the same PAN network, UE1 needs to communicate with UE2 when it needs to communicate with UE2. The common access network sends a communication request to the management entity to communicate with the UE2; if the UE1 and the UE2 are located in different PAN networks, the UE1 needs to access the UE2 when it needs to communicate with the UE2. The network sends a communication request to the management entity to communicate with the UE2. The communication request includes the registration information of the UE1 and the device identification number of the UE2.
接着进入步骤 420, 管理实体接收到来自 UE1的通信请求后, 根据其 中的信息对 UE1和 UE2进行安全认证。  Next, proceeding to step 420, after receiving the communication request from UE1, the management entity performs security authentication on UE1 and UE2 according to the information therein.
具体地说, 属于同一用户的各 UE需要预先在管理实体中进行注册, 而管理实体也需保存已注册 UE的注册信息。 因此, 当管理实体接收到来 自 UE1的通信请求后,可以根据该通信请求中的信息以及其本身所保存的 注册信息对 UE1和 UE2进行安全认证。  Specifically, each UE belonging to the same user needs to register in the management entity in advance, and the management entity also needs to save the registration information of the registered UE. Therefore, when the management entity receives the communication request from the UE1, it can perform security authentication on the UE1 and the UE2 according to the information in the communication request and the registration information held by itself.
接着进入步骤 430, 管理实体判断 UE1与 UE2是否通过安全认证,如 果通过则进入步骤 450, 反之, 如果未通过, 则进入步骤 440;  Next, proceeding to step 430, the management entity determines whether UE1 and UE2 have passed the security authentication, and if yes, proceeds to step 450, and if not, proceeds to step 440;
在步骤 440中, 管理实体向 UE1返回本次通信请求失败的消息。 由于 只有在需要通信的 UE双方都通过安全认证时, 管理实体才继续本此通信 请求, 从而有效防止了非法 UE对用户网络内 UE未经授权的访问, 保障 了通信双方的安全性。  In step 440, the management entity returns a message to the UE1 that the communication request failed. The management entity continues the communication request only when both UEs that need to communicate pass the security authentication, thereby effectively preventing the unauthorized UE from accessing the UE in the user network, thereby ensuring the security of both parties.
在步骤 450中, UE1与 UE2通过安全认证, 管理实体向 UE2发送通 信的请求消息, 倩求消息中包含 UE1的设备标识号。  In step 450, the UE1 and the UE2 pass the security authentication, and the management entity sends a request message for the communication to the UE2, where the message includes the device identification number of the UE1.
接着进入步骤 460, UE2接收来自管理实体的请求消息, 并根据其中 UE1 的设备标识号决定是否同意进行本次通信。 同样, 如果 UE1和 UE2 位于同一个 PAN网络, 则 UE2通过其共同的接入网接收来自管理实体的 请求消息, 并决定是否同意进行本次通信; 如果 UE1和 UE2位于不同的 PAN网絡内, 则 UE2通过其所属的接入网接收来自管理实体的请求消息, 并决定是否同意进行本次通信。 如果 UE2同意进行本次通信, 则向管理实 体发送接受本次通信的反馈消息, 进入步骤 480, 反之, 则进入步骤 470; 在步骤 470中, UE2向管理实体发送拒绝本次通信的反馈消息, 管理 实体收到该拒绝消息后, 进而通知 UE1本次通信请求失败。  Next, proceeding to step 460, UE2 receives the request message from the management entity, and determines whether to agree to perform the current communication according to the device identification number of UE1. Similarly, if UE1 and UE2 are located in the same PAN network, UE2 receives the request message from the management entity through its common access network, and decides whether to agree to perform the current communication; if UE1 and UE2 are located in different PAN networks, The UE 2 receives the request message from the management entity through the access network to which it belongs, and decides whether or not to agree to perform the current communication. If the UE2 agrees to perform the current communication, the feedback message of the current communication is sent to the management entity, and the process proceeds to step 480. Otherwise, the process proceeds to step 470. In step 470, the UE2 sends a feedback message rejecting the current communication to the management entity. After receiving the rejection message, the management entity further notifies UE1 that the communication request failed.
在步骤 480中, 由于 UE2同意与 UE1进行通信, 因此管理实体为本 次通信生成临时密钥, 并将该临时密钥分别发送给 UE1和 UE2, 同时, 管 理实体将 UE2接受本次通信的确认消息发送给 UE1。由于该临时密钥是在 UE 双方需要进行通信时临时产生的, 有较强的随机性和实时性, 不易被 不法用户破解, 通信双方通过临时密钥进行通信, 保障了通信过程中数据 传输的安全性。 In step 480, since the UE2 agrees to communicate with the UE1, the management entity generates a temporary key for the current communication, and transmits the temporary key to the UE1 and the UE2, respectively, and the management entity accepts the confirmation of the current communication by the UE2. The message is sent to UE1. Since the temporary key is temporarily generated when the UE needs to communicate with each other, it has strong randomness and real-time performance, and is not easily Unscrupulous user cracking, the communication parties communicate through the temporary key, which ensures the security of data transmission during the communication process.
接着进入步骤 490, UE1和 UE2在接收到该临时密钥后, 建立点对点 连接进行通信。 具体地说, 如果 UE1和 UE2处于同一个 PAN网络内, 则 UE双方建立其 PAN网络范围内的直接连接, 并在连接建立后, 通过管理 实体提供的临时密钥进行通信; 如果 UE1和 UE2不处于同一个 PAN网络 内, 则 UE1和 UE2分别通过其各自的接入网建立远程连接, 并同样在连 接建立后, 通过该临时密钥进行通信。  Next, proceeding to step 490, UE1 and UE2 establish a point-to-point connection to communicate after receiving the temporary key. Specifically, if UE1 and UE2 are in the same PAN network, both UEs establish a direct connection within the scope of their PAN network, and after the connection is established, communicate through the temporary key provided by the management entity; if UE1 and UE2 do not Within the same PAN network, UE1 and UE2 establish remote connections through their respective access networks, and also communicate through the temporary key after the connection is established.
由于在进行远程通信时, 通信的 UE双方不再需要通过交换中心, 很 大程度上节约了交换中心的资源, 使其资源能够被更合理地利用。  Since the UEs of the communication no longer need to pass through the switching center when performing remote communication, the resources of the switching center are greatly saved, and the resources can be more rationally utilized.
虽然通过参照本发明的某些优选实施方式, 已经对本发明进行了图示 和描述, 但本领域的普通技术人员应该明白, 可以在形式上和细节上对其 作各种改变和等同替换, 而不偏离本发明的精神和范围。  While the invention has been illustrated and described with reference to the preferred embodiments embodiments The spirit and scope of the invention are not departed.

Claims

权 利 要 求 Rights request
1. 一种用户网络通信系统, 具有属于同一用户的至少两个用户设备 及其接入网, 其特征在于, 该系统包括: A user network communication system, having at least two user equipments belonging to the same user and an access network thereof, wherein the system comprises:
管理实体,用于保存所述用户设备的注册信息并对所述用户设备进行 安全认证;  a management entity, configured to save registration information of the user equipment and perform security authentication on the user equipment;
第一用户设备在需要与第二用户设备建立通信时,通过其接入网将通 信请求发送给所述管理实体,所述管理实体根据该通信请求以及所保存的 注册信息对所述第一、 第二用户设备进行安全认证, 在所述认证成功后, 第一用户设备与第二用户设备直接建立点对点连接。  When the first user equipment needs to establish communication with the second user equipment, the communication request is sent to the management entity through the access network, and the management entity performs the first, according to the communication request and the saved registration information. The second user equipment performs security authentication. After the authentication succeeds, the first user equipment directly establishes a point-to-point connection with the second user equipment.
2. 根据权利要求 1所述的通信系统, 其特征在于, 所述通信倚求携 带有所述第一用户设备的注册信息以及所述第二用户设备的设备标识号。  2. The communication system according to claim 1, wherein the communication relies on carrying registration information of the first user equipment and a device identification number of the second user equipment.
3. 根据权利要求 1所述的通信系统, 其特征在于, 所述管理实体在 认证成功后向所述第二用户设备发送携带有所述第一用户设备标识号的 通信请求消息, 当根据第二用户设备的反馈信息,确定该第二用户设备接 受本次请求时, 该管理实体生成临时密钥, 并将该密钥发送给该第一、 第 二用户设备。  The communication system according to claim 1, wherein the management entity sends a communication request message carrying the first user equipment identification number to the second user equipment after the authentication is successful, according to the The feedback information of the user equipment determines that the second user equipment accepts the current request, the management entity generates a temporary key, and sends the key to the first and second user equipments.
4. 根据权利要求 3所述的通信系统, 其特征在于, 所述管理实体根 据所述第二用户设备的反馈信息向所述第一用户设备发送通知消息,如果 该第二用户设备接受本次请求,则该管理实体向该第一用户设备发送允许 本次通信的确认消息, 该第一、 第二用户设备使用所述密钥建立点对点的 连接。  The communication system according to claim 3, wherein the management entity sends a notification message to the first user equipment according to the feedback information of the second user equipment, if the second user equipment accepts the current The request, the management entity sends an acknowledgement message allowing the current communication to the first user equipment, and the first and second user equipments establish a point-to-point connection using the key.
5. 根据权利要求 1至 4中任一项所述的通信系统, 其特征在于, 所 述第一、 第二用户设备位于同一个个人域网络内, 通过同一个接入网与所 述管理实体进行交互, 所述点对点连接是该个人域网络范围内的直接连 接。  The communication system according to any one of claims 1 to 4, wherein the first and second user equipments are located in the same personal area network, and the same access network and the management entity Interacting, the point-to-point connection is a direct connection within the scope of the personal domain network.
6. 根据权利要求 1至 4中任一项所述的通信系统, 其特征在于, 所 述第一、 第二用户设备位于不同的个人域网络内或独立与接入网连接, 通 过各自的接入网与所述管理实体进行交互,所述点对点连接是通过各自的 接入网建立的远程连接。 The communication system according to any one of claims 1 to 4, wherein the first and second user equipments are located in different personal area networks or are independently connected to the access network, and are connected by respective The network access interacts with the management entity, and the point-to-point connection is a remote connection established through a respective access network.
7. 一种用于用户网络中的通信方法, 其特征在于, 包括以下步骤: 当属于同一用户的两个用户设备需要通信时,第一用户设备将通信请 求通过其接入网发送给保存有所述用户设备注册信息的管理实体,请求建 立与第二用户设备的连接; A communication method for use in a user network, comprising the steps of: when two user equipments belonging to the same user need to communicate, the first user equipment sends a communication request through the access network to save The management entity of the user equipment registration information requests to establish a connection with the second user equipment;
所述管理实体根据该通信请求以及所保存的注册信息对所述第一、第 二用户设备进行安全认证;  The management entity performs security authentication on the first and second user equipments according to the communication request and the saved registration information;
在所述认证成功后,所述第一用户设备与第二用户设备直接建立点对 点连接。  After the authentication succeeds, the first user equipment directly establishes a point-to-point connection with the second user equipment.
8. 根据权利要求 7所述的通信方法, 其特征在于, 所述通信请求携 带有所述第一用户设备的注册信息以及所述第二用户设备的设备标识号。  The communication method according to claim 7, wherein the communication request carries registration information of the first user equipment and a device identification number of the second user equipment.
9. 根据权利要求 7所述的通信方法, 其特征在于, 还包括以下步骤: 所述第一、 第二用户设备预先在所述管理实体中进行注册, 该管理实 体保存该第一、 第二用户设备的注册信息。  The communication method according to claim 7, further comprising the steps of: the first and second user equipments are registered in the management entity in advance, and the management entity saves the first and second User device registration information.
10. 根据权利要求 7所述的通信方法, 其特征在于, 所述第一用户设 备与第二用户设备直接建立点对点连接包括以下步骤:  The communication method according to claim 7, wherein the establishing, by the first user equipment, the point-to-point connection directly with the second user equipment comprises the following steps:
所述管理实体在所述认证成功后,所述第二用户设备接收来自所述管 理实体的携带有所述第一用户设备标识号的请求消息,并向所述管理实体 返回是否接受本次请求的反馈消息;  After the authentication is successful, the second user equipment receives a request message from the management entity that carries the first user equipment identification number, and returns to the management entity whether to accept the request. Feedback message;
如果所述管理实体接收到所述第二用户设备接受本次请求的反馈消 息, 则生成临时密钥, 将该密钥发送给所述第一、 第二用户设备, 并向所 述第一用户设备发送允许本次通信的确认消息;  If the management entity receives the feedback message that the second user equipment accepts the current request, generates a temporary key, sends the key to the first and second user equipments, and sends the key to the first user. The device sends a confirmation message allowing this communication;
所述第一、 第二用户设备使用所述密钥建立点对点连接。  The first and second user equipment establish a point-to-point connection using the key.
PCT/CN2007/001074 2006-04-04 2007-04-03 A communication method in the user network and a system thereof WO2007112692A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2009503394A JP2009532959A (en) 2006-04-04 2007-04-03 Communication method and communication system in user network

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200610025438.0 2006-04-04
CNA2006100254380A CN101051967A (en) 2006-04-04 2006-04-04 Communication system and its method for user's device in user's network

Publications (2)

Publication Number Publication Date
WO2007112692A1 true WO2007112692A1 (en) 2007-10-11
WO2007112692A8 WO2007112692A8 (en) 2007-12-06

Family

ID=38563114

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/001074 WO2007112692A1 (en) 2006-04-04 2007-04-03 A communication method in the user network and a system thereof

Country Status (4)

Country Link
JP (1) JP2009532959A (en)
KR (1) KR101076332B1 (en)
CN (2) CN101051967A (en)
WO (1) WO2007112692A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009142851A2 (en) * 2008-05-20 2009-11-26 Microsoft Corporation Security architecture for peer-to-peer storage system
JP2012502586A (en) * 2008-09-12 2012-01-26 クゥアルコム・インコーポレイテッド Validating ticket-based configuration parameters
US9148335B2 (en) 2008-09-30 2015-09-29 Qualcomm Incorporated Third party validation of internet protocol addresses

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101772199A (en) * 2008-11-24 2010-07-07 华为终端有限公司 Method and device for establishing D2D network
WO2010102668A1 (en) 2009-03-12 2010-09-16 Nokia Siemens Networks Oy Device-to-device communication
WO2013027916A1 (en) * 2011-08-24 2013-02-28 에스케이플래닛 주식회사 System and method for providing a cpns service
US9848453B2 (en) 2012-09-28 2017-12-19 Avago Technologies General Ip (Singapore) Pte. Ltd. Methods, devices and computer program products improving device-to-device communication
CN108650090B (en) * 2018-07-17 2024-05-03 江苏亨通问天量子信息研究院有限公司 Quantum security fax machine and quantum security fax system
CN111711522A (en) * 2020-05-13 2020-09-25 刘中恕 Multi-region entity identity authentication system based on cloud sharing mechanism

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004304710A (en) * 2003-04-01 2004-10-28 Canon Inc Authentication method for wireless connection apparatus
CN1691653A (en) * 2004-04-16 2005-11-02 美国博通公司 Method and system for providing registration, authentication and access via broadband access gateway
CA2530908A1 (en) * 2005-01-27 2006-04-01 Research In Motion Limited Wireless personal area network having authentication and associated methods

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002335263A (en) * 2001-05-08 2002-11-22 Olympus Optical Co Ltd Information terminal communication system
JP4117658B2 (en) * 2001-08-09 2008-07-16 大宏電機株式会社 Communication authentication method
EP1608117A1 (en) * 2003-02-04 2005-12-21 Matsushita Electric Industrial Co., Ltd. Communication system, and communication control server and communication terminals constituting that communication system
US8009608B2 (en) * 2004-04-16 2011-08-30 Broadcom Corporation Method and system for extended network access services advertising via a broadband access gateway
KR100678933B1 (en) * 2004-05-25 2007-02-07 삼성전자주식회사 Method for communication in coordinator-based wireless network, and method for communication between coordinator-based wireless networks connected with back bone network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004304710A (en) * 2003-04-01 2004-10-28 Canon Inc Authentication method for wireless connection apparatus
CN1691653A (en) * 2004-04-16 2005-11-02 美国博通公司 Method and system for providing registration, authentication and access via broadband access gateway
CA2530908A1 (en) * 2005-01-27 2006-04-01 Research In Motion Limited Wireless personal area network having authentication and associated methods

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009142851A2 (en) * 2008-05-20 2009-11-26 Microsoft Corporation Security architecture for peer-to-peer storage system
WO2009142851A3 (en) * 2008-05-20 2010-02-25 Microsoft Corporation Security architecture for peer-to-peer storage system
US8196186B2 (en) 2008-05-20 2012-06-05 Microsoft Corporation Security architecture for peer-to-peer storage system
JP2012502586A (en) * 2008-09-12 2012-01-26 クゥアルコム・インコーポレイテッド Validating ticket-based configuration parameters
US8913995B2 (en) 2008-09-12 2014-12-16 Qualcomm Incorporated Ticket-based configuration parameters validation
US9148335B2 (en) 2008-09-30 2015-09-29 Qualcomm Incorporated Third party validation of internet protocol addresses

Also Published As

Publication number Publication date
KR20090006110A (en) 2009-01-14
CN101317390A (en) 2008-12-03
CN101051967A (en) 2007-10-10
JP2009532959A (en) 2009-09-10
KR101076332B1 (en) 2011-10-26
WO2007112692A8 (en) 2007-12-06

Similar Documents

Publication Publication Date Title
US8464322B2 (en) Secure device introduction with capabilities assessment
WO2007112692A1 (en) A communication method in the user network and a system thereof
JP7035163B2 (en) Network security management methods and equipment
CN102111766B (en) Network accessing method, device and system
EP2941855B1 (en) Authenticating a wireless dockee to a wireless docking service
US7530098B2 (en) Device ownership transfer from a network
WO2004102876A1 (en) Radio lan access authentication system
JP2008500607A (en) Method for realizing device grouping and conversation between grouped devices
WO2007056383A1 (en) Method and system for managing access to a wireless network
WO2013033999A1 (en) Method and apparatus for mobile device point-to-point data transmission
WO2014026438A1 (en) Mobile terminal for transmitting wifi hotspot key or certificate by using nfc
EP2234438B1 (en) Wireless personal area network accessing method
WO2006000151A1 (en) A method for managing the local terminal equipment to access the network
US20060179303A1 (en) Network security
JP2012134703A (en) Wireless lan connection method, wireless lan client, and wireless lan access point
JP6030600B2 (en) Wireless communication apparatus, wireless LAN system, and communication method
JP2009512368A (en) Communication system and communication method
WO2007115505A1 (en) A personal area network and a communication method and device for the equipment thereof
WO2013182126A1 (en) Unified management and control method and platform for ubiquitous terminal
JP2012070225A (en) Network relay device and transfer control system
WO2010124569A1 (en) Method and system for user access control
JP2005217679A (en) Authentication server performing authentication of communication partner
JP2006345302A (en) Gateway device and program
WO2024062373A1 (en) Registration handling of ledger-based identity
KR100703741B1 (en) Method and system for managing a wireless network using portable key generation delivery device

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200780000373.7

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07720648

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2009503394

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: KR

Ref document number: 1020087025794

Country of ref document: KR

122 Ep: pct application non-entry in european phase

Ref document number: 07720648

Country of ref document: EP

Kind code of ref document: A1