WO2007131451A1 - Procédé, dispositif et système d'initialisation de cryptage côté utilisateur - Google Patents

Procédé, dispositif et système d'initialisation de cryptage côté utilisateur Download PDF

Info

Publication number
WO2007131451A1
WO2007131451A1 PCT/CN2007/001579 CN2007001579W WO2007131451A1 WO 2007131451 A1 WO2007131451 A1 WO 2007131451A1 CN 2007001579 W CN2007001579 W CN 2007001579W WO 2007131451 A1 WO2007131451 A1 WO 2007131451A1
Authority
WO
WIPO (PCT)
Prior art keywords
user terminal
security mode
encryption
initial parameter
user plane
Prior art date
Application number
PCT/CN2007/001579
Other languages
English (en)
Chinese (zh)
Inventor
Weihua Hu
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2007131451A1 publication Critical patent/WO2007131451A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Definitions

  • the present invention relates to the field of communications, and in particular, to a method, device and system for starting user plane encryption when a mobile management entity and a user plane entity are physically separated in an evolved network. Background technique
  • the evolutionary mobile communication network system architecture is in the development stage.
  • 3GPP 3rd Generation Partnership Project
  • the work of access technology evolution is being carried out within the 3GPP organization.
  • the use of packet technology within the 3GPP system needs to be further enhanced.
  • the most important parts of this type of technology evolution include: reduced latency and latency, faster data rates, increased system capacity and coverage, and lower overall carrier costs.
  • the evolved network structure is also an important indicator for the backward compatibility of existing networks.
  • the user security procedures in the evolved network must ensure that at least the same level of security mechanisms as the current 2G and 3G systems are provided.
  • the mobile communication system has a unique air interface portion (hereinafter referred to as an air interface).
  • the user's data and signaling in the entire transmission path, one section is carried in the wireless access part, directly exposed to the air interface, may be intercepted by criminals, there is a considerable security risk. For this reason, in the mobile communication system, there is a clear need to encrypt the signaling and data transmitted on the air interface.
  • the mobile communication system encrypts the user's data and signaling to ensure the security of the user's data. Through the integrity protection of the signaling and data, the user data is guaranteed to be destroyed during the transmission process. Distortion, such as being inserted into extra data.
  • both entities performing encryption and integrity protection need to negotiate before initiating encryption and integrity protection.
  • Some information, including initial parameters, integrity protection, and encryption activation time, etc., can only be successfully initiated if both parties performing integrity protection and encryption negotiate a consistent initial parameter.
  • the network entity performing the encryption/integrity protection of the signaling plane and the user plane is the same, for example, the serving general packet radio service support node in the 2G system (Serving GPRS Support Node) , SGSN), Radio Network Controller (RCX) in 3G system, and the architecture of the evolved network is different from that of 2G and 3G mobile communication system architectures. Therefore, the encryption/integrity protection of the signaling plane and user plane is also Different.
  • the core network (Evolved Packet Core) of the wireless evolved network mainly includes a Mobility Management Entity (MME) User Plane Entity (UPE) and an Inter-System Anchor Point (Inter AS System). Anchor, IASA) Three logical functional entities.
  • MME Mobility Management Entity
  • UPE User Plane Entity
  • Inter AS System Inter-System Anchor Point
  • IASA Inter AS System
  • the MME is responsible for mobility management of the control plane, including user context and mobility state management, assigning user temporary identity, security functions, etc., which corresponds to the control plane of the current SGSN of the Universal Mobile Telecommunication System (UMTS).
  • UMTS Universal Mobile Telecommunication System
  • the UPE is responsible for initiating paging for downlink data in an idle state, managing and storing IP bearer parameters and intra-network routing information, etc., which corresponds to the data plane portion of the current SGSN system SGSN; Inter AS System Anchor acts as a different access system User plane anchor. The function and existence of each interface in Figure 1 is still not finalized.
  • the data plane part of the Gateway GPRS Support Node (GGSN) may be located in the UPE or in the Inter AS System Anchor.
  • the encryption and integrity protection functions of the non-access stratum (NAS) signaling are moved to the logical functional entity of the core network because the RNC no longer exists.
  • the encryption of the user plane data is simultaneously performed on the logical function entity UPE.
  • the algorithm for encrypting and protecting the integrity of the control plane and the user plane, the encryption key and the integrity key are shared, and the startup timing of the encryption and integrity protection is also synchronized. Therefore, it is possible to rely on a unified security-related signaling process to complete negotiation and control.
  • the MME and the UPE are separated, that is, the MME and the UPE are not located in the same physical entity, the encryption and integrity protection of the control plane and the user plane need to be separately controlled.
  • the encryption initial parameters of the control plane and the user plane need to be negotiated separately, and the timing of starting the encryption is different considering the security context of the user plane and the control plane.
  • the user plane entity may allow multiple, and the encryption start timing of the user plane needs to be controlled by the user plane entity itself.
  • the solution of the user plane encryption initiation when the MME and the UPE entity are physically separated is not explicitly stated in the specification of the evolved network. Summary of the invention
  • An embodiment of the present invention provides a method for starting user plane encryption, which is used to implement user plane encryption initiation when a mobile management entity and a user plane entity are physically separated in an evolved network, and the method includes the following steps:
  • the user plane entity sends a user to the user through the mobility management entity.
  • the terminal sends an encryption initial parameter that needs to be negotiated with the terminal;
  • the user terminal accepts the encryption initial parameter, sends the confirmation information to the user plane entity through the mobility management entity, and performs the uplink data sent to the user plane entity by using the received encryption initial parameter.
  • Encryption after receiving the confirmation information, the user plane entity confirms that the encryption startup is successful, and encrypts the downlink data sent to the user terminal by using the encryption initial parameter.
  • Another embodiment of the present invention provides a user plane entity, where the user plane entity includes: a sending unit, configured to send, to the mobility management entity, an encrypted initial parameter that needs to be negotiated with the user terminal;
  • a receiving unit configured to receive, from the mobility management entity, confirmation information that the user terminal accepts the encryption initial parameter
  • an encryption activation unit configured to: after the receiving unit receives the confirmation information, encrypt the downlink data sent to the user terminal by using the encryption initial parameter.
  • a mobility management entity the mobile management entity packet: a first receiving unit, configured to receive a security mode request message sent by a user plane entity, and carry an encryption initial parameter that needs to be negotiated with the user terminal. ;
  • a second receiving unit configured to receive a security mode complete message sent by the user terminal, and carry the confirmation information that the user terminal accepts the encrypted initial parameter
  • a signaling forwarding unit configured to forward the security mode request message received by the first receiving unit to the user terminal, and forward the security mode complete message received by the second receiving unit to a user plane entity.
  • Another embodiment of the present invention also provides a mobility management entity, the mobility management entity including:
  • a first receiving unit configured to receive a signaling request message sent by the user plane entity, and carry a security mode request message sent to the user terminal, where the security mode request message carries an encryption initial parameter that needs to be negotiated with the user terminal;
  • a second receiving unit configured to receive the transparent signaling sent by the user terminal, and carry a security mode completion message sent to the user plane entity, where the security mode completion message carries the confirmation information that the user terminal accepts the encryption initial parameter;
  • a signaling transparent transmission unit configured to transparently transmit the security mode request message received by the first receiving unit to the user terminal, and transparently transmit the security mode completion message received by the second receiving unit Give the user a face entity.
  • Another embodiment of the present invention provides a user terminal, where the user terminal includes: a signaling receiving unit, configured to receive a security mode request message forwarded by a mobility management entity, where the security mode request message is sent by a user plane entity
  • the user terminal carries an encryption initial parameter that needs to be negotiated with the user terminal;
  • a signaling sending unit configured to: when the user terminal accepts the encryption initial parameter, send a security mode complete message to the mobility management entity, where the message carries the user terminal accepting the confirmation information of the encryption initial parameter;
  • An encryption activation unit configured to: when the user terminal accepts the encryption initial parameter, The encryption initial parameter encrypts the uplink data sent to the user plane entity.
  • Another embodiment of the present invention further provides a user terminal, where the user terminal includes: a signaling receiving unit, configured to receive a transparently transmitted message by a mobility management entity, where the transparent transmission message carries a user plane entity and sends the message to the user a security mode request message of the terminal, where the security mode request message carries an encryption initial parameter that needs to be negotiated with the user terminal;
  • a signaling receiving unit configured to receive a transparently transmitted message by a mobility management entity, where the transparent transmission message carries a user plane entity and sends the message to the user a security mode request message of the terminal, where the security mode request message carries an encryption initial parameter that needs to be negotiated with the user terminal;
  • a signaling sending unit configured to: when the user terminal accepts the encryption initial parameter, send a transparent message to the mobility management entity, where the transparent message carries a security mode complete message sent to the user plane entity, where the security mode is The completion message carries the confirmation information that the user terminal accepts the encryption initial parameter;
  • the encryption activation unit is configured to encrypt, when the user terminal accepts the encryption initial parameter, the uplink data sent to the user plane entity by using the encryption initial parameter.
  • Another embodiment of the present invention provides an encryption initiation system, including: a user plane entity, a mobility management entity, and a user terminal;
  • a user plane entity configured to send, to the mobility management entity, an encryption initial parameter that needs to be negotiated with the user terminal; receiving, from the mobility management entity, the acknowledgement information returned by the user terminal to accept the encryption initial parameter, and using the encryption initial parameter pair
  • the downlink data sent to the user terminal is encrypted; the mobility management entity is configured to send the encryption initial parameter of the user plane entity to the user terminal, and send the acknowledgement information sent by the user terminal to receive the encrypted initial parameter to the user Face entity
  • the user terminal is configured to receive the encryption initial parameter, send the acknowledgement information to the mobility management entity, and encrypt the uplink data sent to the user plane entity by using the received encryption initial parameter.
  • the foregoing embodiment of the present invention is directed to an architecture in which the mobility management entity and the user plane entity are physically separated in the evolved mobile communication network, and the mobile management entity transits the signaling interaction between the user plane entity and the mobile terminal, so that the user plane entity can independently perform the encryption initial parameter.
  • Negotiation controlling the startup of user plane encryption.
  • 1 is a schematic structural diagram of an existing wireless evolution network
  • FIG. 2 is a schematic diagram of a user plane protocol stack that may be used by an evolved network according to an embodiment of the present invention
  • FIG. 3 is a schematic flowchart of user plane encryption initialization parameter negotiation according to Embodiment 1 of the present invention
  • FIG. 4 is a user plane encryption according to Embodiment 2 of the present invention
  • the embodiment of the present invention provides a method for negotiating the initial parameters of the user plane encryption, that is, on the premise that the user plane and the mobile terminal complete the algorithm negotiation and the key synchronization. How to perform initial parameter negotiation of the encryption algorithm and control user plane encryption startup.
  • FIG. 2 is a schematic diagram of a user plane protocol stack that may be adopted by an evolved network according to an embodiment of the present invention.
  • the user plane in the evolved network adopts the Packet Data Convergence Protocol (PDCP) stack as the bearer protocol for data transmission between the mobile terminal and the core network user plane entity UPE.
  • PDCP Packet Data Convergence Protocol
  • the XXX protocol stack and the ⁇ protocol stack in Figure 2 are pending protocol stacks (XXX and YYY are the new protocol stack codes, do not represent the final protocol stack name), and may not need to exist.
  • PDCP does not support the control signaling required for encryption, so it must be extended to enhance or rely on signaling outside the PDCP layer to support encryption and integrity-related control.
  • the mobility management entity MME transits or transparently transmits the signaling interaction between the user plane entity UPE and the mobile terminal, so as to achieve the purpose of controlling the user plane encryption initiation.
  • the UPE controls the user plane encryption initiation by using the MME to transfer the interaction signaling between the UPE and the user terminal.
  • FIG. 3 is a schematic flowchart of a user plane encryption initialization parameter negotiation process according to Embodiment 1 of the present invention.
  • the IP connection bearer is successfully established, and the context of the corresponding user plane is established. It has been established on the corresponding UPE.
  • the user terminal and the UPE have negotiated the encryption algorithm and the key used for user plane encryption.
  • the user plane encryption startup process is:
  • the UPE sends a security mode request message to the MME.
  • the security mode request message sent by the UPE to the MME carries initial parameters that need to be negotiated with the user terminal when initiating user plane encryption, such as the time of downlink encryption activation, the initial parameters of the encryption algorithm, and the like.
  • the security mode request message also carries a user identifier to enable the M E to specify to which user terminal the request message is sent.
  • the security mode request message may also carry the identifier of the UPE, which is convenient for the user terminal to identify which UPE the request message is sent in the case of multiple UPEs.
  • the MME sends a security mode command message to the designated user terminal.
  • the MME After receiving the security mode request message sent by the UPE, the MME extracts initial parameters, UPE identifiers, and user identifiers that need to be negotiated with the user terminal when initiating user plane encryption, constructs a security mode command message, and extracts the extracted initial parameters and UPE.
  • the identifier is carried in the security mode command message and sent to the user terminal corresponding to the user identifier.
  • the user terminal executes a security mode command and sends a security mode complete message to the MME.
  • the user terminal accepts the encryption initial parameter specified by the UPE, and sends a security mode complete message to confirm, so that the user terminal can use the negotiated encryption at the downlink encryption activation time specified by the UPE.
  • the initial parameters of the algorithm and the encryption algorithm decrypt the received downlink data.
  • the security mode complete message carries the UPE identifier, so that the MME forwards the security mode complete message to the corresponding UPE.
  • the security mode completion message may also carry an encryption initial parameter specified by the user terminal, such as the time when the uplink encryption is initiated.
  • the user terminal starts to adopt the currently negotiated encryption initial parameters (such as part specified by the user terminal, such as the time of the uplink encryption start, and part of the initial parameters specified by the UPE), and starts the encryption of the uplink data sent to the UPE.
  • the uplink data is encrypted by using the initial parameters of the encryption algorithm and the encryption algorithm that have been negotiated with the UPE.
  • the MME sends a security mode response message to the UPE corresponding to the UPE identifier.
  • the MME After receiving the security mode complete message sent by the user terminal, the MME extracts a very strong initial parameter and a UPE identifier from the corpse terminal, determines a user identifier according to the received signaling connection of the security mode completion message, and then constructs a security mode response message. And carrying the extracted encryption initial parameter and the encryption initiation confirmation information, and the user identifier, and sending the UPE corresponding to the UPE identifier.
  • the UPE After receiving the security mode response message, the UPE confirms that the encryption is successful, and encrypts the downlink data sent to the user by using the currently negotiated encryption initial parameter (that is, the encryption initial parameter specified by the UPE). For example, the UPE is in the UPE.
  • the specified downlink data encryption startup time is encrypted by using the encryption parameters of the encryption algorithm and the encryption algorithm that have been negotiated with the user terminal. If the security mode response message received by the UPE carries the encryption initial parameter specified by the user terminal, and the time when the encryption is started, the UPE uses the negotiated encryption algorithm and the initial parameter of the encryption algorithm to decrypt the user terminal to send the uplink encryption start time. Upstream data.
  • the UPE controls the user plane encryption initiation by the interaction signaling between the UPE and the user terminal.
  • the PDCP protocol stack may not need to be extended, or a corresponding protocol stack (such as the YYY protocol stack) may be added to support the letter for negotiating the initial parameters of the encryption.
  • the MME itself has the NAS signaling integrity protection function, the reliability of the interaction signaling between the UPE and the user terminal that is transited by the MME can be guaranteed, and the UPE does not need to additionally support the integrity protection function.
  • the security mode request message sent by the UPE to the MME, the security mode command message sent by the MME to the user terminal, and the user terminal sent to the MME in this embodiment are determined.
  • the security mode completion message may not carry the UPE identifier.
  • the mobility management entity MME transparently transmits the interaction signaling between the user plane entity UPE and the user terminal, so that the UPE controls the user plane encryption startup.
  • FIG. 4 is a schematic flowchart of a user plane encryption initialization parameter negotiation process according to Embodiment 2 of the present invention.
  • the IP connection bearer is successfully established, and the context of the corresponding user plane is established. It has been established on the corresponding UPE.
  • the user terminal and the UPE have negotiated a different method and a key for user plane encryption.
  • the user plane encryption startup process is:
  • the UPE sends a signaling request message to the MME, requesting to send a security mode command message.
  • the UPE sends a request message to the MME requesting to send downlink signaling.
  • the request message carries the target user identifier and downlink signaling to the target user, that is, a security mode command message.
  • the security mode command message carries the initial parameters that need to be negotiated with the user terminal when initiating the user plane encryption, such as the time of the downlink encryption activation, the initial parameters of the encryption algorithm, etc.
  • the security mode command message may also carry the UPE identifier to make the user terminal clear. Which UPE the security mode command comes from.
  • the MME transparently transmits the security mode command message sent by the UPE to the user terminal.
  • the MME After receiving the request message sent by the UPE, the MME extracts the security mode command message, and performs the encapsulation according to the format of the inter-transmission signaling between the MME and the user terminal without any analysis, and according to the user identifier specified by the UPE, The encapsulated security mode command message is sent to the corresponding user terminal.
  • the user terminal executes a security mode command and sends a security mode complete message to the MME.
  • the user terminal parses the security mode command sent by the UPE, accepts the initial encryption parameter specified by the UPE, constructs a security mode completion message, confirms the acknowledgment, and performs transparent signaling along with the MME.
  • the format is encapsulated and sent to the MME.
  • the constructed security mode completion message carries the confirmation information, and may also carry the encryption initial parameters specified by the user terminal, such as the uplink encryption startup time.
  • the target UPE identifier is indicated in the transparent signaling message header for encapsulating the security mode completion message.
  • the user terminal starts to use the currently negotiated encryption initial parameters to initiate encryption of the uplink data addressed to the UPE.
  • the MME sends a security mode completion message sent by the UPE transparent transmission user terminal to the UPE.
  • the MME After receiving the transparent signaling message that is sent by the user terminal and including the security mode complete message, the MME extracts a complete security mode complete message that needs to be transparently transmitted to the UPE, according to the received user end.
  • the signaling connection of the transparent signaling message containing the security mode complete message determines the user identity and follows
  • the transparent transmission mode between the MME and the UPE encapsulates the security mode completion message, adds the user ID, and sends the UPE to the UPE.
  • the UPE After receiving the security mode complete message transmitted by the MME, the UPE parses the encryption initial parameter and the encryption initiation confirmation message reported by the user terminal, confirms that the encryption is successfully initiated, and uses the currently negotiated encryption initial parameter to send the downlink to the user: According to the encryption.
  • the MME transparently transmits the interaction signaling between the UPE and the user terminal, and the UPE controls the user plane to encrypt and start.
  • the MME does not need to understand and parse the meaning of the interaction message between the UPE and the user terminal, and the UPE and the user terminal need to parse the signaling sent by the peer, that is, the end-to-end correspondence between the UPE and the user terminal is required.
  • an interaction signaling message for controlling encryption initial parameter negotiation and startup control is added in the PDCP protocol stack; or an YYY protocol stack is added, in which an interaction between the UPE and the user terminal for completing the encryption initial parameter negotiation is defined.
  • Signaling message Although there is an end-to-end signaling interaction between the UPE and the user terminal, since the interaction signaling between the UPE and the user terminal is transparently transmitted through the MME, the NAS signaling integrity protection function provided by the MME can be utilized, so the UPE still does not need additional Support for integrity protection.
  • the evolved network determines that each user has only one UPE to provide the service, in this embodiment, the UPE, the MME, and the user terminal may not carry the UPE identifier in the signaling.
  • Inter-System Anchor The network location of the Inter AS Anchor does not affect the application of the embodiments of the present invention.
  • the embodiment of the present invention is directed to the physical separation of the MME and the UPE in the evolved mobile communication network, and the MME is used to transfer or transparently transmit the signaling interaction between the UPE and the mobile terminal, and effectively utilizes the integrity of the NAS signaling provided by the MME.
  • the protection function protects the signaling interaction between the UPE and the terminal, so that the UPE can independently negotiate the initial parameters of the encryption and control the encryption of the user plane. move.
  • the signaling interaction between the UPE and the mobile terminal is prevented by the MME, which avoids the need for interactive signaling between the mobile terminal and the UPE, that is, it is not necessary to change or increase the protocol stack support between the UPE and the mobile terminal.
  • negotiation the signaling interaction of the encryption initial parameters.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Un procédé, un dispositif et un système d'initialisation d'un cryptage côté utilisateur sont appliqués pour lancer le cryptage côté utilisateur ou l'entité de gestion mobile MME et l'entité côté utilisateur UPE sont séparées physiquement dans le réseau évolué. Le procédé consiste à envoyer par UPE un paramètre d'initialisation de cryptage au terminal utilisateur avec lequel UPE négocie moyennant MME; à faire accepter par le terminal utilisateur le paramètre d'initialisation de cryptage, à envoyer un message d'accusé de réception à UPE moyennant MME et à crypter les données de liaison ascendante envoyées à UPE avec le paramètre d'initialisation de cryptage accepté; à faire confirmer par UPE le lancement réussi du cryptage et à crypter les données de liaison descendante envoyées au terminal utilisateur avec le paramètre d'initialisation de cryptage. L'UPE peut négocier séparément le paramètre d'initialisation de cryptage, gérer le lancement du cryptage côté utilisateur et protéger l'interaction de signalisation entre UPE et le terminal au moyen d'une fonction de protection totale fournie par la MME à la signalisation NAS.
PCT/CN2007/001579 2006-05-16 2007-05-16 Procédé, dispositif et système d'initialisation de cryptage côté utilisateur WO2007131451A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200610081315.9 2006-05-16
CN2006100813159A CN101075865B (zh) 2006-05-16 2006-05-16 一种用户面加密的启动方法

Publications (1)

Publication Number Publication Date
WO2007131451A1 true WO2007131451A1 (fr) 2007-11-22

Family

ID=38693551

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/001579 WO2007131451A1 (fr) 2006-05-16 2007-05-16 Procédé, dispositif et système d'initialisation de cryptage côté utilisateur

Country Status (2)

Country Link
CN (1) CN101075865B (fr)
WO (1) WO2007131451A1 (fr)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101267668B (zh) * 2008-04-16 2015-11-25 中兴通讯股份有限公司 密钥生成方法、装置及系统
WO2010078684A1 (fr) * 2008-12-30 2010-07-15 中兴通讯股份有限公司 Procédé de traitement d'activation de sécurité initiale et terminal associé
CN101917712A (zh) * 2010-08-25 2010-12-15 中兴通讯股份有限公司 一种移动通讯网中数据加解密方法和系统
CN105429990B (zh) 2010-12-03 2019-06-07 诺基亚技术有限公司 非确认模式下的上行加密参数同步方法和设备
US10455414B2 (en) 2014-10-29 2019-10-22 Qualcomm Incorporated User-plane security for next generation cellular networks
RU2761445C2 (ru) * 2017-01-30 2021-12-08 Телефонактиеболагет Лм Эрикссон (Пабл) Способы для защиты целостности данных пользовательской плоскости
EP4228301A1 (fr) 2017-03-17 2023-08-16 Telefonaktiebolaget LM Ericsson (publ) Solution de sécurité pour la mise en marche et l'arrêt de la sécurité pour des données de up entre un ue et un ran dans un 5g
WO2018201506A1 (fr) * 2017-05-05 2018-11-08 华为技术有限公司 Procédé de communication et dispositif associé
CN110891269B (zh) * 2018-09-10 2022-04-05 华为技术有限公司 一种数据保护方法、设备及系统

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030046565A1 (en) * 2001-08-31 2003-03-06 Toshiba Tec Kabushiki Kaisha Method for encrypting and decrypting contents data distributed through network, and system and user terminal using that method
CN1444811A (zh) * 2000-08-01 2003-09-24 诺基亚有限公司 数据传输方法、用户设备和gprs/edge无线接入网
CN1551557A (zh) * 2003-05-19 2004-12-01 日本电气株式会社 通信系统中的密码通信方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1444811A (zh) * 2000-08-01 2003-09-24 诺基亚有限公司 数据传输方法、用户设备和gprs/edge无线接入网
US20030046565A1 (en) * 2001-08-31 2003-03-06 Toshiba Tec Kabushiki Kaisha Method for encrypting and decrypting contents data distributed through network, and system and user terminal using that method
CN1551557A (zh) * 2003-05-19 2004-12-01 日本电气株式会社 通信系统中的密码通信方法

Also Published As

Publication number Publication date
CN101075865B (zh) 2011-02-02
CN101075865A (zh) 2007-11-21

Similar Documents

Publication Publication Date Title
WO2007131451A1 (fr) Procédé, dispositif et système d'initialisation de cryptage côté utilisateur
KR101078615B1 (ko) 무선 원격통신에서의 암호화
KR101213285B1 (ko) 이동통신 시스템에서 아이들모드 단말기의 세션 설정 프로토콜 데이터를 전송하는 방법 및 장치
US7020455B2 (en) Security reconfiguration in a universal mobile telecommunications system
KR101507482B1 (ko) Lte 모바일 유닛에서의 비접속 계층(nas) 보안을 가능하게 하는 방법 및 장치
CN109417740B (zh) 保持相同无线终端的切换期间的安全密钥使用
EP2584802B1 (fr) Procédés et dispositifs de régulation de sécurité dans un système de communication mobile acceptant les appels d'urgence
KR101002799B1 (ko) 이동통신 네트워크 및 상기 이동통신 네트워크에서 이동 노드의 인증을 수행하는 방법 및 장치
JP5131501B2 (ja) 通信システム
WO2014169451A1 (fr) Procédé et dispositif pour la transmission de données
WO2008095428A1 (fr) Procédé, dispositif et système de réseau de négociation d'algorithmes de sécurité
WO2009152755A1 (fr) Procédé et système de génération d'un identifiant d'identité d'une clé
WO2011091771A1 (fr) Procédé, dispositif et système d'authentification de noeud de relais
WO2009152656A1 (fr) Procédé et système de génération d’identifiant d’identité de clé lors du transfert du dispositif utilisateur
WO2007131455A1 (fr) Procédé, système et appareil de synchronisation de clés entre la commande et l'utilisateur
WO2012083828A1 (fr) Procédé, station de base et système de mise en œuvre de trafic d'acheminement local
CN101336000B (zh) 协议配置选项传输方法及系统、用户终端
WO2022150339A1 (fr) Gestion de connexions d'équipement utilisateur après changement de topologie de réseau
WO2008022498A1 (fr) Procédé servant à modifier l'algorithme de cryptage en réadressage
WO2009149666A1 (fr) Dispositif, procédé et système de négociation d'algorithme
CN115699986A (zh) 非活动状态下的数据通信
WO2012072053A1 (fr) Procédé et dispositif destinés à synchroniser des paramètres de cryptage en liaison montante en mode non reconnu
TW202344092A (zh) 用於無線通訊的方法及使用者設備
CN117426136A (zh) 管理早期数据通信中的随机接入

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07721152

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07721152

Country of ref document: EP

Kind code of ref document: A1