WO2010111964A1 - 安全算法选择处理方法与装置、网络实体及通信系统 - Google Patents
安全算法选择处理方法与装置、网络实体及通信系统 Download PDFInfo
- Publication number
- WO2010111964A1 WO2010111964A1 PCT/CN2010/071522 CN2010071522W WO2010111964A1 WO 2010111964 A1 WO2010111964 A1 WO 2010111964A1 CN 2010071522 W CN2010071522 W CN 2010071522W WO 2010111964 A1 WO2010111964 A1 WO 2010111964A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- security
- security algorithm
- list
- network entity
- supported
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
- H04W12/106—Packet or message integrity
Definitions
- TECHNICAL FIELD The present invention relates to communication technologies, and more particularly to a security algorithm selection processing method and apparatus, a network entity, and a communication system.
- BACKGROUND OF THE INVENTION Long Term Evolve (LTE) is the next evolution target of the mobile broadband network standard defined by the Third Generation Partnership Project (3GPP), supporting the paired spectrum. And non-paired frequency operations enable efficient use of existing and future wireless bands. As shown in FIG.
- E-UTRAN Evolved UMTS Terrestrial Radio Access Network
- eNB Evolved NodeB
- MME mobility management entity
- EPC Evolved Packet Core
- S-GW Serving Gateway
- FIG. 2 it is a schematic diagram of a security architecture of an LTE System Architecture Evolution (LTE-SAE) system.
- LTE-SAE LTE System Architecture Evolution
- the LTE-SAE system has the following two layers of security protection: One layer is an access layer (Access Stratum, hereinafter referred to as AS) between a user equipment (User Equipment, hereinafter referred to as UE) and an eNB, and is mainly used for UE and The user data of the Radio Resource Control (hereinafter referred to as RRC) signaling and the User Plane (hereinafter referred to as UP) are secured by the eNB, including cryptographic protection and integrity protection of the RRC signaling.
- RRC Radio Resource Control
- UP User Plane
- NAS non-access stratum
- the capabilities of the UE include a UE radio capability and a UE network capability.
- the UE air interface capability is used between the UE and the eNB, and is mainly embodied in the AS security algorithm list supported by the UE for the AS. It is assumed that the set of algorithms in the AS security algorithm list is represented as ⁇ A ⁇ .
- the UE network capability is used between the UE and the MME, and includes the UE's security capability on the NAS, which is embodied in a list of NAS security algorithms supported by the NAS, assuming that the set of algorithms in the NAS security algorithm list is represented as ⁇ B ⁇ .
- the UE When the security mode of the AS and the NAS is started, the UE reports the AS security algorithm ⁇ A ⁇ and the NAS security algorithm ⁇ B ⁇ to the network entity eNB and the MME respectively; assume that the security algorithm list indicating the eNB's own security algorithm support capability is ⁇ a ⁇ , indicating The security algorithm list of the MME self-security algorithm support capability is ⁇ b ⁇ , and the eNB selects the AS security algorithm from ⁇ A ⁇ ⁇ ⁇ a ⁇ , including: RRC encryption algorithm, namely: Evolved Packet System, The following is abbreviated as: EPS) AS encryption algorithm (EPS AS Encryption Algorithm, hereinafter referred to as EAEA), RRC integrity protection algorithm, namely: EPS AS Integrity Algorithm (EPS Asia Integrity Algorithm, hereinafter referred to as EAIA), And the user plane encryption algorithm, namely: EPS User-plan Encryption Algorithm (hereinafter referred to as: EUEA),
- the security algorithm of the AS selected by the eNB may be the same as the security algorithm of the NAS selected by the MME; and the list of AS security algorithms in the UE includes the security algorithm of the RRC signaling and the security algorithm of the UP,
- the security algorithm of the RRC signaling selected according to the prior art is identical to the security algorithm of the UP.
- the network entity eNB and the MME cannot select the security algorithm of the corresponding AS and the security algorithm of the NAS based on different data types, service types, and user requirements, and therefore cannot be based on different data types, service types, and users.
- the demand carries different security protections for the corresponding business. Summary of the invention
- the purpose of the embodiments of the present invention is to provide a security algorithm selection processing method and apparatus, a network entity, and a communication system, so as to select different security algorithms for different services for security protection.
- the security algorithm list supported by the user terminal and/or the network entity is separately set according to different security protection requirements, or the user terminal and the security algorithm list supported by the network entity are respectively used to represent the user terminal and the network entity. Security capabilities.
- the first obtaining module is configured to acquire security protection information of the service request message sent by the user terminal begging;
- a first selection module configured to select, according to a security protection requirement of the service request message, a security algorithm from a list of security algorithms supported by the user terminal and the network entity; the security algorithm list supported by the user terminal and/or the network entity is based on Different security protection requirements are respectively set, or the user terminal and the security algorithm list supported by the network entity are respectively used to indicate the security capability of the user terminal and the network entity.
- a communication system includes a network entity, and further includes a security algorithm selection processing device, configured to acquire a security protection requirement of a service request message sent by the user terminal, and according to a security protection requirement corresponding to the service request message. And selecting a security algorithm from the list of security algorithms supported by the user terminal and the network entity; the security algorithm list supported by the user terminal and/or the network entity is separately set according to different security protection requirements, or the user terminal and the The list of security algorithms supported by the network entity is used to indicate the security capabilities of the user terminal and the network entity, respectively.
- the security algorithm selection processing method, the security algorithm selection processing device, and the communication system provided by the foregoing embodiments of the present invention, because the user terminal and/or the network entity, for example, the eNB and the MME, the list of supported security algorithms are respectively based on different security protection requirements.
- different security algorithms can be selected according to the security protection requirements of different service request messages, so as to perform different security protections on the corresponding services, which not only improves the security of the service, but also comprehensively considers the complexity of each algorithm in the communication system.
- the overhead is used to improve the performance of the communication system while effectively protecting the service.
- a first storage module configured to store a list of security algorithms supported by the user terminal, where the security algorithm list is separately set or used to indicate the security capability of the user terminal according to different security protection requirements;
- a second obtaining module configured to obtain a security algorithm list from the first storage module, or query a security protection requirement of the service request message, and obtain the security protection requirement from the first storage module Find a list of corresponding security algorithms
- a first sending module configured to generate and send a service request message to the network entity, where the service request message includes a list of security algorithms acquired by the second acquiring module;
- the first receiving module is configured to receive a security algorithm returned by the network entity, where the security algorithm selects from a security algorithm list supported by the user terminal and the network entity according to the security protection requirement of the service request message.
- a second storage module configured to store a security algorithm list or a security algorithm selection policy supported by the network entity, where the security algorithm list is separately set or used to represent a security capability of the network entity according to different security protection requirements, and the security algorithm selects a policy. Based on the security algorithm list settings supported by the network entity;
- a second receiving module configured to receive a service request message sent by the user terminal, where the service request message includes a list of security algorithms supported by the user terminal;
- a second selection module configured to: according to the security algorithm list or the security algorithm selection policy stored in the second storage module, and the security algorithm list in the service request message, a list of security algorithms supported by the user terminal and the network entity Select the security algorithm corresponding to the security protection requirement;
- a second sending module configured to send the security algorithm selected by the second selecting module to the user terminal.
- Another communication system provided by the embodiment of the present invention includes a network entity, where the network entity stores a security algorithm list or a security algorithm selection policy supported by the network entity, and the security algorithm list is separately set or used according to different security protection requirements. Representing the security capability of the network entity, the security algorithm selection policy is based on a security algorithm list setting supported by the network entity;
- the network entity is configured to receive a service request message sent by the user terminal, where the service request message includes a list of security algorithms supported by the user terminal or a security algorithm list corresponding to a security protection requirement of the service request message, according to the network entity support.
- Security algorithm list or security calculation a method for selecting a security algorithm corresponding to the security protection request from the list of security algorithms supported by the user terminal and the network entity, and sending the selected security algorithm to the security algorithm list User terminal.
- the list of supported security algorithms is separately set based on different security protection requirements due to the user terminal and/or the network entity, and the user terminal supports all of the supported
- the network entity may select a security corresponding to the security protection requirement of the service request message from the security algorithm supported by the user terminal and the network entity.
- the algorithm is used to perform corresponding security protection for the service, thereby improving the security of the service.
- the complexity and the overhead of each algorithm in the communication system can be comprehensively considered, and the communication can be effectively protected while effectively protecting the service. System performance.
- a first storage module configured to store a list of security algorithms supported by the user terminal, where the security algorithm list is separately set or used to indicate the security capability of the user terminal according to different security protection requirements;
- a first sending module configured to generate and send a service request message to the network entity
- a first receiving module configured to receive a security algorithm list, a security algorithm selection policy, or a security algorithm selection policy identifier returned by the network entity, where the security algorithm list is a security algorithm list supported by the network entity or the security algorithm list and the service A security algorithm list corresponding to the security protection requirement of the request message, where the security algorithm selection policy is based on a security algorithm list setting supported by the network entity;
- a third selection module configured to select, according to the security algorithm list stored in the first storage module, the security algorithm list received by the first receiving module, from the list of security algorithms supported by the user terminal and the network entity The security algorithm corresponding to the security protection requirement.
- a second storage module configured to store a list of security algorithms supported by the network entity, and a security algorithm Selecting a policy or a security algorithm to select a policy identifier, the security algorithm list being separately set or used to indicate a security capability of the network entity based on different security protection requirements, the security algorithm selection policy being based on a security algorithm list setting supported by the network entity;
- a second receiving module configured to receive a service request message sent by the user terminal
- a fourth sending module configured to send the security algorithm list stored in the second storage module, the security algorithm list corresponding to the security protection requirement of the service request message, the security algorithm selection policy, or the security algorithm selection policy identifier to the user terminal.
- a further communication system provided by the embodiment of the present invention includes a network entity, where the network entity stores a security algorithm list, a security algorithm selection policy, or a security algorithm selection policy identifier supported by the network entity, where the security algorithm list is based on different security.
- the protection requirement respectively sets a security capability corresponding to the user terminal or the network entity, and the security algorithm selection policy is based on a security algorithm list setting supported by the network entity;
- the network entity is configured to receive the service request message sent by the user terminal, and send the security algorithm list stored by the network entity, the security algorithm list corresponding to the security protection requirement, the security algorithm selection policy, or the security algorithm selection policy identifier to the user terminal.
- the user terminal selects a security algorithm corresponding to the security protection requirement according to the security algorithm list stored by the user terminal, the security algorithm list returned by the network entity, the security algorithm selection policy, or the security algorithm selection policy identifier.
- the list of supported security algorithms is separately set based on different security protection requirements due to the user terminal and/or the network entity, and the network
- the entity may return a list of all security algorithms supported by the entity or a security algorithm list corresponding to the security protection requirement of the service request message to the user terminal, so that the user terminal and the network entity from the user terminal
- the security protection algorithm of the service request message is selected to be corresponding to the security algorithm, so that the corresponding security protection is performed on the service in the subsequent manner, and the security of the service is improved; in addition, the complexity of each algorithm in the communication system can be comprehensively considered.
- FIG. 1 is a schematic structural diagram of an E-UTRAN as part of an access network in an LTE system
- FIG. 2 is a schematic diagram of a security architecture of an LTE-SAE system
- FIG. 3 is a flowchart of a security algorithm selection processing method according to an embodiment of the present invention
- FIG. 4 is a flowchart of an embodiment of a security algorithm selection processing method according to the present invention
- FIG. 6 is a flowchart of still another embodiment of a security algorithm selection processing method according to the present invention
- FIG. 7 is a flowchart of still another embodiment of a security algorithm selection processing method according to the present invention
- FIG. 9 is a flowchart of still another embodiment of a security algorithm selection processing method according to the present invention
- FIG. 10 is a schematic structural diagram of an embodiment of a security algorithm selection processing apparatus according to the present invention
- FIG. 12 is a schematic structural diagram of another embodiment of a communication system according to the present invention
- FIG. 10 is a schematic structural diagram of another embodiment of a communication system according to the present invention
- FIG. 12 is a schematic structural diagram of another embodiment of a communication system according to the present invention
- FIG. 13 is a schematic structural diagram of a UE according to an embodiment of the present invention.
- FIG. 14 is a schematic structural diagram of another embodiment of a UE according to the present invention.
- FIG. 15 is a schematic structural diagram of still another embodiment of a UE according to the present invention.
- 16 is a schematic structural diagram of an embodiment of a network entity according to the present invention.
- FIG. 17 is a schematic structural diagram of another embodiment of a network entity according to the present invention.
- FIG. 18 is a schematic structural diagram of an embodiment of an application server according to the present invention.
- FIG. 19 is a schematic structural diagram of another embodiment of a communication system according to the present invention.
- FIG. 20 is a schematic structural diagram of still another embodiment of a communication system according to the present invention.
- FIG. 21 is a schematic structural diagram of still another embodiment of a UE according to the present invention.
- FIG. 22 is a schematic structural diagram of still another embodiment of a UE according to the present invention.
- 23 is a schematic structural diagram of still another embodiment of a network entity according to the present invention.
- 24 is a schematic structural diagram of still another embodiment of a network entity according to the present invention.
- 25 is a schematic structural diagram of still another embodiment of a communication system according to the present invention.
- a security algorithm selection processing method includes: Sl, receiving a service request message sent by a UE; S2, from a UE and a network entity according to security protection requirements of a service request message. Select the security algorithm from the list of supported security algorithms.
- the security algorithm list supported by the UE and/or the network entity is separately set according to different security protection requirements, or the security algorithm list supported by the UE and the network entity is used to indicate the security capability of the UE and the network entity, respectively.
- the list of supported security algorithms is set separately according to different security protection requirements, different security algorithms may be selected according to the security protection requirements of different service request messages, so as to perform different security protections on the corresponding services. It not only improves the security of the service, but also comprehensively considers the complexity and overhead of each algorithm in the communication system, and improves the performance of the communication system while effectively protecting the service.
- the security protection requirements may include any one or more of a data type, a service type, and a user requirement.
- the security protection level requirement or the security algorithm list corresponding to the data type the security protection level requirement corresponding to the service type, or the security algorithm list or the security algorithm policy, where the security algorithm corresponding to the service type is used to indicate that the service type is in different conditions.
- the data type may be RRC signaling, UP user data, or NAS signaling.
- the security algorithm may be an RRC encryption algorithm, a RRC integrity protection algorithm, a UP encryption algorithm, a UP integrity protection algorithm, a NAS encryption algorithm, or a NAS integrity algorithm.
- the list of security algorithms supported by the UE includes a list of the Radio Capability algorithm of the UE and a list of network Capability algorithms.
- the service request message sent by the UE may be a service request message Service Request or an attach request message Attach Requests.
- the security capability of the UE for example, the algorithm capability set, may be different according to different data type security protection requirements, for example: distinguishing signaling from user plane data, respectively, to define different algorithm capability sets, respectively.
- a data type or a different security protection level provides a list of different security protection algorithms supported by the UE.
- the level of security protection includes AS and NAS.
- the security capability of the network entity may specifically provide a list of different security protection algorithms supported by the network entity for different data types or different security protection levels. Due to the complexity of different security algorithms, the overhead is different from the efficiency of encryption and decryption, integrity verification code calculation and verification. The characteristics of data packets and traffic of different data types are different, and the security protection requirements are also different. Different, for example: Signaling and user data are different data types.
- the security capability of the UE is set according to different data types, service types, or security requirements of the user requirements, and different security algorithm capability sets are set in the UE and/or the network entity, so that the UE or the network entity can According to different security protection requirements, different security algorithms are selected to protect the corresponding services, which not only improves the security of the service, but also comprehensively considers the complexity and occupation cost of each algorithm in the communication system, and effectively protects the service. Protection while improving the performance of the communication system.
- the integrity of the UP user data is not protected.
- the characteristics of the security algorithm itself for example, complexity, occupation overhead, etc.
- the corresponding security algorithm is preset according to the security protection requirements subscribed by the user. The list, so that more suitable and integrity protection algorithms can be used, for example: using a lower computational integrity algorithm, or a specific part of the data integrity check method, to protect the integrity of the corresponding UP user data.
- the network entity may be an eNB or an MME.
- the corresponding service request message is an RRC request message or an UP.
- the user data, the service request message sent by the UE is specifically: the eNB receives the RRC request message sent by the UE or the user data of the UP.
- the corresponding service request message is a NAS request message, and the service request message sent by the UE is specifically: The MME receives the NAS request message sent by the eNB and sent by the UE.
- the security algorithm corresponding to the security protection requirement of the service request message is selected from the security algorithm list supported by the UE and the network entity
- the security algorithm list supported by the UE and the network entity corresponds to the security protection requirement of the service request message
- the security algorithm for service protection can be selected from the qualified algorithms according to a preset priority order.
- the preset priority order may be included in the security algorithm list itself, or the priority order of each security algorithm in the security algorithm list may be stored at a location other than the security algorithm list.
- different security algorithm lists may be separately set according to different security protection requirements in the UE and/or the network entity, and may be related to the UE and/or the network entity according to actual requirements.
- the list of security algorithms is added, deleted, or updated.
- the security algorithm corresponding to the security protection requirement of the service request message is selected from the security algorithm list supported by the UE and the network entity, the UE and the network entity, for example, between the UE and the eNB, the UE and the MME. In the meantime, the service can be securely protected according to the selected security algorithm.
- the eNB sends the UE to the UE.
- the integrity-protected AS security mode command is sent, which carries the key identifiers KSIasme, EAEA, EAIA, EUEA, and AS message integrity protection (AS Message Authentication Codes, AS-MAC).
- the UE enters the AS.
- the security mode returns an integrity-protected AS security mode response to the eNB, which carries the AS-MAC, thereby enabling the AS security mode.
- the security protection algorithm selected by the eNB pairs the data and the letter. Make it safe to protect.
- MME After selecting ENEA and ENIA from the list of security algorithms supported by the MME and the UE, the UE sends an integrity-protected NAS security mode command carrying the key identifiers KSIasme, ENEA, ENIA and NAS message integrity protection.
- the NAS message authentication code (NAS-MAC) the UE enters the NAS security mode and returns an integrity-protected NAS security mode response to the MME, which carries the NAS-MAC, thereby starting the NAS security mode.
- data and signaling are secured by the security protection algorithm selected by the MME.
- FIG. 4 it is a flowchart of an embodiment of a security algorithm selection processing method according to the present invention, which includes the following steps:
- Step 101 The network entity receives a service request message sent by the UE, where the service request message includes a list of security algorithms supported by the UE.
- the network entity therein may be an eNB or an MME. If the network entity is an eNB, the eNB may perform information exchange with the UE, and obtain a list of security algorithms supported by the UE directly from the UE. In addition, the UE may also send a list of security algorithms it supports to the MME, and the eNB acquires a list of security algorithms supported by the UE from the MME. If the network entity is the MME, the MME sends the service request message to the eNB, and then the eNB forwards the service request message to the MME. The message sending process in other embodiments is the same, and will not be described again.
- the service request message in step 101 may not include the security algorithm list supported by the UE, and the network entity pre-stores the security algorithm list supported by the UE, or is provided by the security capability information about the UE stored in the application server.
- step 102 the network entity obtains the security protection requirement of the service request message sent by the UE according to the correspondence between the service request message and the security protection requirement.
- Step 103 The network entity obtains a list of security algorithms corresponding to security protection requirements in the list of security algorithms supported by the network, and obtains a list of security algorithms corresponding to security protection requirements in the list of security algorithms supported by the UE.
- the UE or the network entity that separately sets the security algorithm list based on different security protection requirements performs the operation of step 103, and the security algorithm in the security algorithm list that is not separately set based on different security protection requirements is considered.
- the security algorithms obtained from the UE or network entity that does not separately set the security algorithm list based on different security protection requirements are Is a list of all security algorithms in the UE or network entity. Other embodiments are similar.
- the list of security algorithms supported by the UE includes three algorithms: A, B, and C, and the security algorithm list is not separately set based on different security protection requirements, and the list of security algorithms supported by the network entity includes eight, B, D, and E.
- the security algorithm list is not separately set based on different security protection requirements
- the list of security algorithms supported by the network entity includes eight, B, D, and E.
- F five algorithms, in the security algorithm list, the security algorithms corresponding to the first user requirement are A and B, and the security algorithms corresponding to the second user requirement are D, E, and F, and then the service request sent by the user terminal
- the security protection requirement of the message is the first user requirement, and all security algorithms in the security algorithm list supported by the UE supported by the security algorithm corresponding to the first user requirement, namely: A, B, and C, are obtained from the network entity.
- the security algorithms corresponding to the first user requirement are eight and B.
- Step 104 The network entity selects, in the list of obtained security algorithms, a security protection algorithm that is a service requested by the service request message from a list of security algorithms supported by the UE and the network entity.
- a or B can be selected as the security protection algorithm of the service requested by the service request message. If the priority order of the A security algorithm and the B security algorithm is set in advance, A or B is selected as the security protection algorithm of the service requested by the service request message according to the priority order. Otherwise, A or B may be selected according to other rules or randomly as the security protection algorithm of the service requested by the service request message.
- the UE carries a list of security algorithms supported by the UE when the service request message is sent to the network entity, and the network entity directly lists the security algorithm supported by the UE and the list of security algorithms supported by the network entity.
- the corresponding security protection algorithm is selected, the process of the prior art is changed little, and the process is simple and easy to implement.
- Step 103 and step 104 in the embodiment of the present invention may have no chronological relationship, for example: Step 104 may also be performed before or at the same time as step 103.
- the security algorithm supported by the UE and the network entity may be selected in step 104, and then the security algorithm corresponding to the security protection requirement of the service request message is selected.
- step 103 selecting a security algorithm supported by both the security algorithm list of the UE and the security algorithm list of the network entity as A and B, and then selecting the corresponding user requirements from A and B.
- Security algorithm: A and B, then A or B can be selected according to the priority order or randomly as the security protection algorithm of the service requested by the service request message.
- Table 1 the list of security algorithms supported by the UE is as shown in Table 1 below.
- the identifier in the signaling protocol includes a key length-security algorithm name abbreviation supported by the security algorithm, for example: "128-EEA0" indicates that the security algorithm supported by the Null ciphering algorithm supports a key length of 128.
- the algorithm name is abbreviated as EEA0.
- V indicates that the security algorithm is applicable to a certain service
- V indicates that the security algorithm is not applicable to a certain service
- the security algorithm Null ciphering and AES are applicable to the RRC encryption service
- the security algorithm SNOW 3G is not applicable.
- RRC encryption service that is:
- the UE supports the Null ciphering and AES security algorithms.
- the security algorithm may be assigned a security algorithm number according to the priority order selected by the security algorithm, that is, in various algorithms corresponding to a security protection requirement, the number with a smaller number or a larger number may be preferentially selected.
- the algorithm acts as an algorithm for securing the corresponding service.
- V eNB The list of security algorithms supported by V eNB is shown in Table 2 below.
- the security algorithm supported by the eNB is applicable to the security protection requirements of all services. That is, the list of security algorithms supported by the eNB is not based on The same security protection requirements are set separately.
- the security protection requirements in Tables 1 and 2 are based on data types only. If the network entity receives the service request message sent by the UE as an RRC request message, determining that the data type is RRC signaling, and according to step 103, the security algorithm list selected from the security algorithm list supported by the UE in the RRC request message includes a security algorithm. Null ciphering and AES, the list of security algorithms selected from the list of security algorithms supported by the eNB includes the security algorithms Null ciphering, SNOW 3G and AES. Therefore, the eNB can select a security algorithm from Null ciphering and AES as the encryption of RRC signaling. algorithm.
- the eNB selects Null ciphering and Null ciphering with higher priority in AES as the encryption algorithm of RRC signaling.
- the SNOW 3G security algorithm is selected for the user data of the UP, so that different security algorithms are selected for the user data of the UP and the RRC signaling.
- the priority order of the security algorithm in the UE conflicts with the UE, the priority may be selected according to the priority order in the UE or the network entity according to a preset setting, or the priority order conflict security. The algorithm does not select, or directly ends this security algorithm selection.
- the UE may select a security algorithm list corresponding to the security protection requirement from the security algorithm list supported by the UE according to the security protection requirement of the service request message to be sent; correspondingly, in step 101, the service The request message includes a security algorithm list corresponding to the security protection requirement supported by the UE.
- the network entity only needs to obtain the security algorithm corresponding to the obtained security protection requirement in the list of security algorithms supported by the network.
- the list of security algorithms in the network entity is not set separately based on different security protection requirements, and the network entity obtains a list of security algorithms supported by itself.
- FIG. 5 it is a flowchart of another embodiment of a security algorithm selection processing method according to the present invention. It includes the following steps:
- Step 201 The network entity receives a service request message sent by the UE.
- Step 202 The network entity obtains a list of the directed security algorithms supported by the network entity, and sends the list to the UE.
- Step 203 The UE acquires a security protection requirement of the service request message sent by the UE according to the corresponding relationship information between the service request message and the security protection requirement.
- Step 203 may also be performed simultaneously with step 202 or prior to step 202.
- Step 204 The UE selects a security algorithm corresponding to the security protection requirement from the list of security algorithms supported by the UE and the network entity.
- the UE may select a security algorithm corresponding to the security protection requirement from the list of security algorithms supported by the UE and the network entity by referring to steps 103-104.
- the network entity after receiving the service request message sent by the UE, the network entity feeds back to the UE a list of security algorithms supported by the network entity, and the UE directly supports the security algorithm list and network entity supported by the UE.
- the security algorithm is selected in the security algorithm list, and the UE does not need to report the supported security algorithm list to the network entity. Therefore, the security algorithm corresponding to the security protection requirement can be selected relatively quickly.
- the network entity may obtain the security protection requirement of the service request message sent by the UE according to the correspondence information between the service request message and the security protection requirement, and select from the list of security algorithms supported by the network. Get a list of security algorithms corresponding to the security protection requirements.
- the network entity sends only the obtained security algorithm list corresponding to the security protection requirement to the UE.
- the security algorithm corresponding to the security protection requirement sent by the UE from the network entity and the security algorithm list corresponding to the security protection requirement acquired by the step 203 in the UE itself are selected as a service requested by the service message. Security protection algorithm.
- step 203 need not be performed.
- step 204 the UE needs to send security protection from the network entity.
- a security algorithm is selected as a security protection algorithm for the service requested by the service message in the list of security algorithms supported by the UE and the security algorithm list supported by the UE.
- the security algorithm selection policy is stored in the network entity
- the security algorithm selection policy supported by the network entity is returned to the UE, and the security algorithm selection policy is based on the security algorithm list setting supported by the network entity, for example: security algorithm selection
- the policy may be a security algorithm that specifically corresponds to the data type, the service type, and the user requirement in the list of security algorithms supported by the network entity, or further includes the priority order of the security algorithm.
- the UE selects a security algorithm corresponding to the security protection requirement from the security algorithm list supported by the UE and the network entity according to the security algorithm selection policy sent by the network entity.
- the network entity may store multiple security algorithm selection policies, and the security algorithm selects related information of the policy, for example: a policy name, a policy identifier (identifier, hereinafter referred to as ID), and a security algorithm applied by the security protection requirement in both the terminal and the network entity.
- ID policy identifier
- ID security algorithm applied by the security protection requirement in both the terminal and the network entity.
- the security algorithm selection strategy that the UE and the UE can support for each other is known as the security method.
- the security algorithm selection strategy can be transmitted to the UE through the security protection, the legal method,
- the UE is instructed to use the corresponding security algorithm to protect subsequent communication services.
- Table 3 shows the security algorithm strategy 1 and the security algorithm strategy 2 stored in the network entity.
- the security algorithm algorithm gives a security algorithm that is specifically applied to different data types, service types, and user requirements.
- the network traffic can be used to transmit the limited number of network bandwidth resources to the UE.
- the network entity can send the security algorithm selection policy ID of the security algorithm selection policy corresponding to the service request message sent by the user terminal to the UE.
- the UE determines a security algorithm selection policy identified by the security algorithm selection policy ID sent by the network entity, and selects a security protection requirement corresponding to the security algorithm list supported by the UE and the network entity according to the security algorithm selection policy.
- Security algorithm
- An application server may be set in the communication network, in which a security algorithm list and security are respectively set based on different security protection requirements.
- the algorithm selection strategy or the security algorithm selects the policy ID, wherein the security algorithm selection policy is based on the security protection requirement setting, and the setting method can refer to the setting method of the security algorithm selection policy in the network entity.
- the security algorithm is selected from the list of security algorithms supported by the UE and the network entity and stored by the application server. It may be preset that when the security algorithm selected by the UE or the network entity conflicts with the security algorithm selected by the application server, the security algorithm selected by the application server shall prevail.
- FIG. 6 is a flowchart of still another embodiment of a security algorithm selection processing method according to the present invention, which includes the following steps:
- Step 301 The UE sends an acquisition request message to the application server, and obtains a security algorithm list stored by the application server, or a security algorithm list corresponding to the security protection requirement of the service request message to be sent in the security algorithm list, or a security algorithm selection policy. , or the security algorithm selects the policy ID.
- Step 302 The UE acquires the security algorithm list supported by the UE from the application server.
- the security algorithm list, the security algorithm selection policy, or the security algorithm selection policy ID correspondingly select the security algorithm list supported by the UE and stored by the application server, or select the security corresponding to the security protection requirement of the service request message stored by the UE and stored by the application server.
- Algorithm list Algorithm list.
- the UE If the UE obtains the security algorithm selection policy ID from the application server, the UE first obtains a corresponding security algorithm selection policy according to the correspondence between the security algorithm selection policy and the security algorithm selection policy ID.
- the list of security algorithms selected by the UE is specifically a list of security algorithms supported by the UE and corresponding to the security protection requirements of the service request message, or a list of security algorithms supported by the UE and stored by the application server, which may be preset according to communication requirements. .
- the UE sends a service request message to the network entity, where the service request message includes a security algorithm list selected by the UE, which is specifically a list of security algorithms supported by the UE and stored by the application server, or supported by the UE and stored by the application server. A list of security algorithms corresponding to the security protection requirements of the request message.
- Step 304 The network entity obtains the security protection requirement of the service request message sent by the UE according to the correspondence between the service request message and the security protection requirement.
- Step 305 If the service request message includes a security algorithm list that is supported by the UE and is stored by the application server and corresponds to the security protection requirement of the service request message, the network entity obtains the security protection requirement in the list of security algorithms supported by the network entity. A list of corresponding security algorithms.
- the network entity further selects a list of security algorithms corresponding to the security protection requirements from the list of security algorithms.
- the security algorithm list included in the specific service request message is a list of security algorithms supported by the UE and stored by the application server and corresponding to the security protection requirements of the service request message, or a list of security algorithms supported by the UE and stored by the application server, which may be according to communication requirements. pre-setting.
- Step 306 The network entity selects from a list of security algorithms supported by the UE and corresponding to the security protection requirements of the service request message, and a list of security algorithms selected by the UE in the service request message.
- a security protection algorithm that is the service requested by the service request message.
- the UE first selects a list of security algorithms supported by the UE and stored by the application server, or selects a list of security algorithms corresponding to the security protection requirements of the service request message stored by the UE and stored by the application server. And then sent to the network entity, reducing the network traffic that the UE sends all the algorithm lists supported by the UE and the full algorithm list stored by the application server. Moreover, when the network entity selects the security algorithm list, the security algorithm list stored by the application server is also considered, which further limits the security algorithms of different security protection requirements, and facilitates unified management and update of the security algorithm selection.
- FIG. 7 is a flowchart of still another embodiment of a security algorithm selection processing method according to the present invention, which includes the following steps:
- Step 401 The UE sends an acquisition request message to the application server, obtains a security algorithm list stored by the application server, or a security algorithm list corresponding to the security protection requirement of the service request message to be sent in the security algorithm list, or a security algorithm selection policy. , or the security algorithm selects the policy ID.
- Step 402 The UE sends a service request message to the network entity, where the service request message includes a security algorithm list supported by the UE, or a security algorithm list corresponding to the security protection requirement of the service request message to be sent in the security algorithm list, and the obtained The list of security algorithms stored by the application server, or a list of security algorithms corresponding to the security protection requirements in the security algorithm list, or a security algorithm selection policy, or a security algorithm selection policy ID.
- the security algorithm list in the service request message is specifically a security algorithm list supported by the UE, or a security algorithm list corresponding to the security protection requirement of the service request message to be sent in the security algorithm list, which is a list of security algorithms stored by the application server. It is also a list of security algorithms corresponding to security protection requirements in the list of security algorithms, which can be preset according to communication requirements.
- Step 403 The network entity acquires a security protection requirement of the service request message sent by the UE according to the correspondence between the service request message and the security protection requirement.
- Step 404 if the service request message includes the UE support and the application server stores, A list of security algorithms corresponding to the security protection requirement, and the network entity obtains a list of security algorithms corresponding to the obtained security protection requirements in the list of security algorithms supported by the network entity.
- the network entity further selects the UE support and A list of security algorithms stored by the application server that correspond to the security protection requirements.
- the mapping between the same security algorithm selection policy and the security algorithm selection policy ID is set in advance in the network entity and the application server, and the network entity selects according to the security algorithm.
- the policy ID obtains the corresponding security algorithm selection policy.
- the security algorithm list included in the specific service request message is a security algorithm list supported by the UE and stored by the application server and corresponding to the security protection requirement, or is a security algorithm list, a security algorithm selection policy, or a security algorithm supported by the UE and stored by the application server. Select the policy ID, which can be preset according to communication needs.
- Step 405 The network entity selects, as the service request, a security algorithm list that is supported by the network and that corresponds to the security protection requirement, and a security algorithm list that is supported by the UE and is corresponding to the security protection requirement that is stored by the application server.
- the security protection algorithm of the service requested by the message is not limited to the security protection requirement.
- the UE lists the security algorithm list supported by the UE and the security algorithm list stored by the application server, or the security algorithm list corresponding to the security protection requirement in the security algorithm list, or the security algorithm selection policy.
- the security algorithm selects the policy ID and sends it to the network entity.
- the network entity selects the security algorithm list, it also considers the security algorithm list stored by the application server, further restricts the security algorithms of different security protection requirements, and facilitates the unification of the security algorithm selection. Management and updates.
- FIG. 8 is a flowchart of still another embodiment of a security algorithm selection processing method according to the present invention, which includes the following steps:
- Step 501 The UE sends a service request message to the network entity, where the service request message includes A list of security algorithms supported by the UE, or a list of security algorithms corresponding to the security protection requirements selected by the UE from the list of security algorithms supported by the UE according to the security protection requirements of the service request message.
- the list of security algorithms in the service request message is specifically a list of security algorithms supported by the UE and corresponding to the security protection requirements of the service request message, or a list of security algorithms supported by the UE, which can be preset according to communication requirements.
- Step 502 After receiving the service request message sent by the UE, the network entity obtains a list of security algorithms stored by the application server, a list of security algorithms stored by the application server and corresponding to the security protection requirement, a security algorithm selection policy, or a security algorithm selection policy. ID.
- step 503 the network entity obtains the security protection requirement of the service request message sent by the UE according to the correspondence between the service request message and the security protection requirement.
- Step 504 If the network entity obtains the security algorithm list corresponding to the security protection requirement of the service request message supported by the UE and the application server, the network entity obtains the security information in the list of security algorithms supported by the network entity. A list of security algorithms corresponding to the protection requirements.
- the network entity obtains the security algorithm list supported by the UE and the security algorithm list, the security algorithm selection policy, or the security algorithm selected by the application server, the network entity further selects the policy ID in step 504.
- the mapping between the same security algorithm selection policy and the security algorithm selection policy ID is set in advance in the network entity and the application server, and the network entity selects according to the security algorithm.
- the policy ID obtains the corresponding security algorithm selection policy.
- Step 505 The network entity selects, as the service request, a list of security algorithms that are supported by the network and that are corresponding to the security protection requirement, and a list of security algorithms that are supported by the UE and are stored by the application server and corresponding to the security protection requirement.
- the security protection algorithm of the service requested by the message In the embodiment shown in FIG. 8 , after receiving the service request message sent by the UE, the network entity acquires itself without acquiring the security algorithm list stored by the retransmission application server, or the security protection requirement list in the security algorithm list.
- Corresponding security algorithm list, or security algorithm selection policy, or security algorithm selection policy ID reducing the security algorithm list sent by the UE to the application server, or the security algorithm selection policy, or the security algorithm selecting the network bandwidth occupied by the policy ID;
- the network entity selects the security algorithm list, it also considers the security algorithm list stored by the application server, further restricts the security algorithms of different security protection requirements, and facilitates unified management and update of the selection of the security algorithm.
- the selected security algorithm can be sent by the security mode command.
- the UE is used to ensure that the UE and the network entity secure the corresponding service by using the security algorithm. Specifically, if the network entity is an eNB, the eNB may directly send the selected security algorithm to the UE. If the network entity is the MME, the MME may send the selected security algorithm to the eNB, and the eNB forwards the security algorithm to the UE. The other message flows sent by the network entity to the UE are similar and will not be described again.
- FIG. 9 is a flowchart of still another embodiment of a security algorithm selection processing method according to the present invention, which includes the following steps:
- Step 601 The UE sends an acquisition request message to the application server, and obtains a security algorithm list stored by the application server, or a security algorithm list corresponding to the security protection requirement of the service request message to be sent in the security algorithm list, or a security algorithm selection policy. , or the security algorithm selects the policy ID.
- the UE needs to obtain a corresponding security algorithm selection policy according to the correspondence between the security algorithm selection policy and the security algorithm selection policy ID .
- Step 602 The UE sends a service request message to the network entity.
- step 602 may also be performed concurrently with step 601 or prior to step 601.
- Step 603 After receiving the service request message sent by the UE, the network entity returns a list of security algorithms supported by the network entity to the UE, or a security algorithm list corresponding to the security protection requirement, or a security algorithm selection policy, or a security algorithm selection policy. ID, the security algorithm selection policy is based on the security algorithm list settings supported by the network entity.
- the UE needs to obtain a corresponding security algorithm selection policy according to the correspondence between the security algorithm selection policy and the security algorithm selection policy ID.
- the network entity returns the list of security algorithms it supports, or the list of security algorithms corresponding to the security protection requirements, or the security algorithm selection policy, and the security algorithm selection policy ID, which can be preset according to communication requirements.
- Step 604 The UE selects a security algorithm list or a security algorithm selection policy stored by the application server, and a security algorithm list or a security algorithm selection policy of the network entity according to the security algorithm list supported by the UE, and selects a security protection requirement with the service request message. Corresponding security algorithm.
- the UE may first select a security algorithm list that is supported by the UE and the network entity and that is stored by the application server and corresponds to the security protection requirement. If the network entity or the application server returns the support, And the list of security algorithms corresponding to the security protection requirements does not need to be performed. Then, a common security algorithm is selected from the list of three security algorithms. For specific implementation, refer to the corresponding steps in Figure 4-8.
- the network entity or the application server itself returns a list of supported security algorithms, a security algorithm selection policy, or a security algorithm selection policy ID, the UE may first select a security algorithm supported by the UE and the network entity and stored by the application server. List, and then choose a security algorithm corresponding to the security protection requirements.
- the UE obtains a list of security algorithms supported by the network entity and a list of security algorithms stored by the application server, or a list of security algorithms corresponding to the security protection requirements in the security algorithm list, or a security algorithm selection.
- the policy, or the security algorithm selects the policy ID, and accordingly selects the security protection requirement that the UE and the network entity support and the application server stores.
- the security algorithm list has less changes to the prior art process.
- the UE selects the security algorithm list it also considers the security algorithm list stored by the application server, further restricts the security algorithms of different security protection requirements, and facilitates the selection of the security algorithm. Conduct unified management and updates.
- FIG. 10 it is a schematic structural diagram of an embodiment of a security algorithm selection processing apparatus according to the present invention, which includes a first obtaining module 701 and a first selecting module 702.
- the first obtaining module 701 is configured to acquire a security protection requirement of the service request message sent by the UE.
- the first selection module 702 is configured to select a security algorithm from a list of security algorithms supported by the UE and the network entity according to the security protection requirement of the service request message.
- the security algorithm list supported by the UE and/or the network entity is separately set based on different security protection requirements, or the security algorithm list supported by the UE and the network entity is used to indicate the security capability of the UE and the network entity, respectively.
- FIG. 11 is a schematic structural diagram of another embodiment of a security algorithm selection processing apparatus according to the present invention.
- the first selection module 702 in this embodiment includes a first obtaining unit 7021 and The first selection unit 7022.
- the first obtaining unit 7021 is configured to obtain a security algorithm list supported by the UE, or a security algorithm list supported by the UE and corresponding to a security protection requirement of the service request message sent by the UE, and a list of security algorithms supported by the network entity, A security algorithm list, a security algorithm selection policy, or a security algorithm selection policy ID corresponding to the security protection requirement of the service request message in the security algorithm list, where the security algorithm selection policy is based on a security algorithm list setting supported by the network entity.
- the first selecting unit 7022 is configured to select, according to the security algorithm list obtained by the first acquiring unit 7021 from the UE, the security algorithm list, the security algorithm selection policy, or the security algorithm selection policy ID obtained from the network entity, and select the security corresponding to the security protection requirement. algorithm.
- the first obtaining unit 7021 may further obtain a security algorithm list stored by the application server, a security algorithm list corresponding to the security protection requirement of the service request message in the security algorithm list, and security.
- the algorithm selection policy or the security algorithm selects the policy ID.
- the security algorithm selection policy is based on the security protection requirement setting, and the security algorithm list stored by the application server is separately set based on different security protection requirements.
- the first selection unit 7022 For selecting a UE, a network entity, and an application server according to the security algorithm list obtained by the first obtaining unit 7021 from the UE, and the security algorithm list, the security algorithm selection policy, or the security algorithm selection policy ID respectively obtained from the network entity and the application server.
- the security algorithm selection processing device of the embodiment of the present invention may select different security algorithms according to the security protection requirements of different service request messages, because the security algorithm list of the UE, the network entity, and/or the application server is separately set based on different security protection requirements.
- Different security protections are implemented for the corresponding services between the UE and the network entity, which not only improves the security of the service, but also comprehensively considers the complexity and the overhead of the algorithms in the communication system, while effectively protecting the service. Improve the performance of the communication system.
- the security algorithm selection processing device provided by the foregoing embodiments of the present invention can be used to implement the corresponding process of each security algorithm selection process in the foregoing embodiment of the present invention.
- a communication system provided by an embodiment of the present invention includes a network entity 1 and a security algorithm selection processing device 2.
- the security algorithm selection processing device 2 is configured to acquire a security protection requirement of the service request message sent by the UE, and select a security algorithm from a list of security algorithms supported by the UE and the network entity 1 according to the security protection requirement corresponding to the service request message. .
- the security algorithm list supported by the UE and/or the network entity 1 is set separately according to different security protection requirements, or the security algorithm list supported by the UE and the network entity 1 is used to indicate the security capability of the UE and the network entity 1, respectively.
- the security algorithm selection processing device 2 in this embodiment can be implemented based on the security algorithm selection processing device of the embodiment shown in Fig. 10 or Fig. 11.
- the communication system may further include an application server 3, configured to store a security algorithm list, a security algorithm selection policy, or a security algorithm selection policy identifier stored by the application server 3, wherein the security algorithm selection policy is based on a security protection requirement setting, and the application The list of security algorithms stored by the server 3 is separately set based on different security protection requirements.
- the security algorithm selection processing device 2 can also obtain the security algorithm list, the security algorithm selection policy or the security algorithm selection policy ID stored by the application server 3, according to the security algorithm list obtained from the UE, and the slave network respectively.
- the security algorithm list, the security algorithm selection policy, or the security algorithm selection policy ID obtained by the entity 1 and the application server 3 select a security algorithm corresponding to the security protection requirement of the service request message sent by the UE.
- the security algorithm selection policy of the network entity 1 is based on the security algorithm list setting supported by the network entity 1.
- the security algorithm selection processing device 2 in this embodiment can be implemented based on the security algorithm selection processing device of the embodiment shown in FIG. As shown in FIG. 12, it is a schematic structural diagram of an embodiment of a communication system according to the present invention.
- the security algorithm selection processing apparatus 2 of this embodiment adopts the security algorithm selection processing apparatus of the embodiment shown in FIG.
- FIG. 13 is a schematic structural diagram of a UE according to an embodiment of the present invention.
- the UE in this embodiment may implement a corresponding process in the embodiment shown in FIG. 4 and FIG. 8 of the present invention, and includes a first storage module 801,
- the first storage module 801 is configured to store a list of security algorithms supported by the UE, where the security algorithm list is separately set or used to indicate the security capability of the UE according to different security protection requirements.
- the second obtaining module 802 is configured to obtain a security algorithm list from the first storage module 801, or query a security protection requirement of the service request message, and obtain a security algorithm list corresponding to the security protection requirement from the first storage module 801.
- the first sending module 803 is configured to generate and send a service request message to the network entity, where the service request message includes a list of security algorithms acquired by the second obtaining module 802.
- the first receiving module 804 is configured to receive a security algorithm returned by the network entity according to the service request message, and the security algorithm is selected from a list of security algorithms supported by the UE and the network entity according to the security protection requirement of the service request message.
- FIG. 14 is a schematic structural diagram of another embodiment of the UE according to the present invention.
- the UE in this embodiment can implement the corresponding process in the embodiment shown in FIG. 7 of the present invention.
- the UE of this embodiment further includes a third obtaining module 805, configured to obtain a security algorithm list stored by the application server, or a security algorithm list corresponding to the security protection requirement, or a security algorithm.
- the selection policy, or the security algorithm selects the policy ID.
- the security algorithm selection policy is based on the security protection requirement setting, and the security algorithm list stored by the application server is separately set based on different security protection requirements.
- the service request message sent by the first sending module 803 to the network entity is included in the message
- the second obtained module 802 obtains the security algorithm list obtained from the first storage module 801 and the security algorithm list, the security algorithm selection policy, or the security algorithm selection policy ID obtained by the third obtaining module 805 from the application server.
- FIG. 15 is a schematic structural diagram of another embodiment of the UE according to the present invention.
- the UE in this embodiment can implement the corresponding process in the embodiment shown in FIG. 6 of the present invention.
- the UE of this embodiment further includes a third obtaining module 805, configured to obtain a security algorithm list stored by the application server, or corresponding to a security protection requirement of the service request message sent by the UE.
- the security algorithm list, or the security algorithm selection policy, or the security algorithm selection policy ID which is based on the security protection requirement setting.
- the second obtaining module 802 includes a second obtaining unit 8021 and a second selecting unit 8022.
- the second obtaining unit 8021 is configured to obtain the security algorithm list from the first storage module 801, or query the security protection requirement of the service request message, and obtain the security algorithm list corresponding to the security protection requirement from the first storage module 801.
- the second selecting unit 8022 is configured to select, according to the security algorithm list stored in the first storage module 801 by the second obtaining unit 8021, the security algorithm list, the security algorithm selection policy, or the security algorithm selected by the third obtaining module 805 from the application server.
- the policy ID is a list of security algorithms supported by the UE and stored by the application server, or a list of security algorithms supported by the UE and stored by the application server and corresponding to the security protection requirements of the service request message sent by the UE.
- the security algorithm list in the service request message sent by the UE to the network entity is specifically the security algorithm list selected by the second selecting unit 8022.
- FIG. 16 is a schematic structural diagram of an embodiment of a network entity according to the present invention.
- the network entity of the embodiment may be used to implement a corresponding process in the embodiment shown in FIG. 4, which includes a second storage module 901, and a second The receiving module 902, the second selecting module 903, and the second sending module 904.
- the second storage module 901 is configured to store a security algorithm list or a security algorithm selection policy supported by the network entity, where the security algorithm list is separately set or used to represent the security capability of the network entity, and the security algorithm is selected according to different security protection requirements.
- the policy is based on the security algorithm list settings supported by the network entity.
- the second receiving module 902 is configured to receive a service request message sent by the UE, where The service request message includes a list of security algorithms supported by the UE.
- the second selection module 903 is configured to use the security algorithm list or the security algorithm selection policy stored in the second storage module 901, and the security algorithm list in the service request message received by the second receiving module 902, which is supported by both the UE and the network entity. In the list of security algorithms, select the security algorithm corresponding to the security protection requirement.
- the second sending module 904 is configured to send the security algorithm selected by the second selecting module 903 to the UE.
- the security algorithm list in the service request message received by the second receiving module 902 may specifically be supported by the UE and stored by the application server.
- the second selection module 903 selects a policy from the security algorithm list or the security algorithm stored in the second storage module 901, and selects a security algorithm corresponding to the security protection requirement from the security algorithm list in the service request message.
- the service request message received by the second receiving module 902 may further include a list of security algorithms stored by the application server, or the security A list of security algorithms corresponding to the security protection requirements of the service request message, or a security algorithm selection policy, or a security algorithm selection policy ID, where the security algorithm selection policy is based on the security protection requirement setting, and the security algorithm list stored by the application server is based on Different security protection requirements are set separately.
- the second selection module 903 selects a policy according to the security algorithm list or the security algorithm stored in the second storage module 901, and the security algorithm list of the UE in the service request message, and the security algorithm list and security protection requirements stored by the application server.
- Corresponding security algorithm list, security algorithm selection policy or security algorithm selection policy ID select the security algorithm corresponding to the security protection requirement.
- FIG. 17 is a schematic structural diagram of another embodiment of a network entity according to the present invention.
- the security algorithm list in the service request message received by the second receiving module 902 is specifically supported by the UE and is related to the UE.
- the network entity further includes a fourth obtaining module 905, configured to obtain a security algorithm list stored by the application server, or a security algorithm list corresponding to the security protection requirement in the security algorithm list, or a security algorithm selection policy, or a security algorithm selection policy ID,
- the security algorithm selection policy is based on the security protection requirement setting, and the security algorithm list stored by the application server is separately set based on different security protection requirements.
- the second selection module 903 is configured according to the security algorithm list or the security algorithm selection policy stored in the second storage module 901, and the security algorithm list in the service request message received by the second receiving module 902, and the fourth obtaining module 905.
- the obtained security algorithm list stored by the application server, the security algorithm list corresponding to the security protection requirement, the security algorithm selection policy, or the security algorithm selection policy ID, and the security algorithm corresponding to the security protection requirement are selected.
- the application server of the embodiment includes a third storage module 1001, a third receiving module 1002, and a third sending module 1003.
- the third storage module 1001 is configured to store a security algorithm list, a security algorithm selection policy, or a security algorithm selection policy ID of the application server, where the security algorithm selection policy is based on the security protection requirement setting.
- the third receiving module 1002 is configured to receive an acquisition request message sent by the UE or the network entity.
- the third sending module 1003 is configured to return a security algorithm list, a security algorithm selection policy, or a security algorithm selection policy stored in the third storage module 1001 to the corresponding UE that sends the acquisition request message.
- a communication system of another embodiment provided by the present invention includes a network entity 1.
- the UE stores a list of security algorithms supported by the UE, and the security algorithm list is separately set based on different security protection requirements.
- the network entity 1 stores a security algorithm list or a security algorithm selection policy supported by the network entity 1, where the security algorithm list is separately set based on different security protection requirements, and the security algorithm selection policy is based on the security algorithm list setting supported by the network entity 1. .
- the UE generates and sends a service request message to the network entity 1, where the service request message includes a security algorithm list supported by the UE or a security algorithm list corresponding to the security protection requirement of the service request message, and a security algorithm returned by the receiving network entity 1,
- the security algorithm is supported by the network entity 1 according to the security protection requirements of the service request message, and is supported by both the UE and the network entity 1. Select from the list of security algorithms.
- the network entity 1 receives the service request message sent by the UE, according to the security algorithm list or the security algorithm selection policy supported by the network entity 1, and the security algorithm list carried in the service request message, from the list of security algorithms supported by the UE and the network entity 1
- the security algorithm corresponding to the security protection requirement of the service request message sent by the UE is selected, and the selected security algorithm is sent to the UE.
- the communication system of this embodiment can be used to implement the process of the embodiment shown in FIG. 4 of the present invention.
- the UE can adopt the UE of the embodiment shown in FIG. 13, and the network entity 1 can adopt the network entity of the embodiment shown in FIG.
- FIG. 19 is a schematic structural diagram of another embodiment of a communication system according to the present invention.
- the communication system of the embodiment of the present invention may further include an application server 3, configured to store a security algorithm list, a security algorithm selection policy, or a security algorithm selection policy ID of the application server 3, where the security algorithm selection policy is based on security protection requirements.
- the security algorithm list stored by the application server 3 is set separately according to different security protection requirements, and the security algorithm list, the security algorithm selection policy, or the security algorithm selection policy identifier stored by the application server 3 is returned to the UE according to the acquisition request message sent by the UE. .
- the UE may be further configured to obtain a security algorithm list stored by the application server 3, or a security algorithm list, a security algorithm selection policy, or a security algorithm selection policy ID corresponding to the security protection requirement, and send the message to the network through the service request message.
- Entity 1 or, selects a list of security algorithms supported by the UE and stored by the application server 3, or a list of security algorithms corresponding to the security protection requirements, and sends the information to the network entity 1 through the service request message.
- the network entity 1 selects a security algorithm list or a security algorithm selection policy supported by the network entity 1 and selects a security algorithm list carried in the service request message, and selects the UE and the network entity 1 to be supported by the application server 3 and is associated with the security protection.
- FIG. 20 is a schematic structural diagram of still another embodiment of the communication system of the present invention.
- FIG. 21 is a schematic structural diagram of still another embodiment of a UE according to the present invention.
- the UE can implement the corresponding processes in the embodiments shown in FIG. 5 and FIG. 8 of the present invention. It includes a first storage module 801, a first sending module 803, a first receiving module 804, and a third selecting module 806.
- the first storage module 801 is configured to store a security algorithm list supported by the UE, where the security algorithm list is separately set or used to indicate the security capability of the UE according to different security protection requirements.
- the first sending module 803 is configured to generate and send a service request message to the network entity.
- the first receiving module 804 is configured to receive a security algorithm list, a security algorithm selection policy, or a security algorithm selection policy ID returned by the network entity, where the security algorithm list is a security algorithm list supported by the network entity, or a service request message sent by the UE A list of security algorithms corresponding to the security protection requirements, wherein the security algorithm selection policy is based on a security algorithm list setting supported by the network entity.
- the third selection module 806 is configured to select a security protection requirement from a list of security algorithms supported by the UE and the network entity according to the security algorithm list stored in the first storage module 801 and the security algorithm list received by the first receiving module 804. Security algorithm.
- FIG. 22 it is a schematic structural diagram of another embodiment of the UE according to the present invention.
- the UE in this embodiment can implement the corresponding process in the embodiment shown in FIG. 9 of the present invention.
- the UE of this embodiment further includes a third obtaining module 805, configured to obtain a security algorithm list stored by the application server, or corresponding to a security protection requirement of the service request message sent by the UE.
- the security algorithm list, or the security algorithm selection policy, or the security algorithm selection policy ID wherein the security algorithm selection policy is based on the security protection requirement setting.
- the third selection module 806 selects a security algorithm list, a security algorithm selection policy, or a security algorithm selection policy ID obtained from the application server according to the security algorithm list stored in the first storage module 801, and the third selection module 805.
- a security algorithm list, a security algorithm selection policy, or a security algorithm selection policy ID of the network entity received by the receiving module 804, and the security protection requirement corresponding to the service request message sent by the UE and supported by the application server and supported by the UE is selected. Security algorithm.
- the network entity of the embodiment can implement the corresponding process in the embodiment shown in FIG. 5 of the present invention.
- the network entity of this embodiment includes a second storage module 901, a second receiving module 902, and a fourth sending module 907.
- the second storage module 901 is configured to store a security algorithm list, a security algorithm selection policy, or a security algorithm selection policy ID supported by the network entity, where the security algorithm list is separately set or used to represent the network entity according to different security protection requirements. Security capability, security algorithm selection policy is based on the security algorithm list settings supported by the network entity.
- the second receiving module 902 is configured to receive a service request message sent by the UE.
- the fourth sending module 907 is configured to send the security algorithm list stored in the second storage module 901, the security algorithm list, the security algorithm selection policy, or the security algorithm selection policy ID corresponding to the security protection requirement of the service request message to the UE.
- the network entity of the embodiment can implement the corresponding process in the embodiment shown in FIG. 9 of the present invention.
- the network entity of this embodiment further includes a fourth obtaining module 905 and a second selecting module 903.
- the fourth obtaining module 905 is configured to obtain a security algorithm list stored by the application server, a security algorithm list corresponding to the security protection requirement in the security algorithm list, a security algorithm selection policy, or a security algorithm selection policy ID, where the security algorithm selection policy is selected.
- the list of security algorithms stored by the application server is separately set based on different security protection requirements.
- the second selection module 903 is configured to: according to the security algorithm list or the security algorithm selection policy stored in the second storage module 901, the security algorithm list and the security algorithm list corresponding to the security protection requirements stored by the application server acquired by the fourth obtaining module 905,
- the security algorithm selects a policy or a security algorithm to select a policy ID, or further selects a list of security algorithms supported by the network entity and stored by the application server, a list of security algorithms corresponding to the security protection requirements, a security algorithm selection policy, or a security algorithm selection policy ID.
- the fourth sending module 907 compares the security algorithm list or the security algorithm selection policy stored in the second storage module 901 with the security algorithm list stored by the application server acquired by the fourth obtaining module 905, the security algorithm list corresponding to the security protection requirement, and the security algorithm.
- the selection policy or the security algorithm selects the policy ID to send to the UE, or sends the security algorithm list selected by the second selection module 903, the security algorithm list corresponding to the security protection requirement, the security algorithm selection policy, or the security algorithm selection policy ID to the UE.
- the UE supports the security supported by the UE.
- a full algorithm list which is set separately based on different security protection requirements.
- the network entity 1 stores a security algorithm list, a security algorithm selection policy, or a security algorithm selection policy ID supported by the network entity 1, where the security algorithm list is separately set or correspondingly indicates the security of the UE or the network entity 1 based on different security protection requirements.
- the capability, security algorithm selection policy is based on the security algorithm list settings supported by network entity 1.
- the UE generates and sends a service request message to the network entity 1, and receives a security algorithm list, a security algorithm selection policy, or a security algorithm selection policy ID returned by the network entity 1, where the security algorithm list is a list of security algorithms supported by the network entity 1 or A security algorithm list corresponding to the security protection requirement of the service request message, and selecting a service request sent by the UE according to the security algorithm list stored by the UE, the security algorithm list returned by the network entity 1, the security algorithm selection policy, or the security algorithm selection policy ID The security algorithm corresponding to the security protection requirements of the message.
- the network entity 1 is configured to receive a service request message sent by the UE, send the security algorithm list stored by the network entity 1, the security algorithm list corresponding to the security protection requirement of the service request message, the security algorithm selection policy, or the security algorithm selection policy ID.
- the communication system of this embodiment can be used to implement the process of the embodiment shown in FIG. 5 of the present invention, wherein the UE can adopt the UE of the embodiment shown in FIG. 21, and the network is the entity 1 can adopt the corresponding embodiment in the embodiment shown in FIG. Network entity.
- FIG. 25 is a schematic structural diagram of still another embodiment of a communication system according to the present invention.
- the application server 3 may be further configured to store a security algorithm list, a security algorithm selection policy, or a security algorithm selection policy ID of the application server 3, where the security algorithm selection policy is set based on security protection requirements. And returning, according to the acquisition request message sent by the UE, the security algorithm list stored by the application server 3, the security algorithm list corresponding to the security protection requirement of the service request message sent by the UE, the security algorithm selection policy, or the security algorithm selection policy ID,
- the network entity 1 is further configured to obtain, by using the acquisition request message, a security algorithm list stored by the application server 3, or a security algorithm list, a security algorithm selection policy, or a security algorithm selection policy ID corresponding to the security protection requirement, and send the UE to the UE.
- FIG. 26 is a schematic structural diagram of still another embodiment of a communication system according to the present invention.
- the embodiments of the present invention can select different security algorithms according to the security protection requirements of different service request messages, so as to perform different security protections on the corresponding services, which not only improves the security of the service, but also comprehensively considers the complexity of each algorithm in the communication system. Degree and occupation overhead, improve the performance of the communication system while effectively protecting the service.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Storage Device Security (AREA)
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
MX2011010433A MX2011010433A (es) | 2009-04-03 | 2010-04-02 | Metodo y aparato para procesamiento de seleccion de algoritmo de seguridad, entidad de red y sistema de comunicaciones. |
BRPI1015037A BRPI1015037A2 (pt) | 2009-04-03 | 2010-04-02 | método e aparelho para processamento de seleção de algoritmo de segurança, entidade de rede, e sistema de comunicação. |
EP10758066.4A EP2416521B1 (en) | 2009-04-03 | 2010-04-02 | Method, device, network entity and communication system for selecting and processing security algorithm |
US13/251,595 US8898729B2 (en) | 2009-04-03 | 2011-10-03 | Method and apparatus for security algorithm selection processing, network entity, and communication system |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200910081161.7A CN101854625B (zh) | 2009-04-03 | 2009-04-03 | 安全算法选择处理方法与装置、网络实体及通信系统 |
CN200910081161.7 | 2009-04-03 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/251,595 Continuation US8898729B2 (en) | 2009-04-03 | 2011-10-03 | Method and apparatus for security algorithm selection processing, network entity, and communication system |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2010111964A1 true WO2010111964A1 (zh) | 2010-10-07 |
Family
ID=42805832
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2010/071522 WO2010111964A1 (zh) | 2009-04-03 | 2010-04-02 | 安全算法选择处理方法与装置、网络实体及通信系统 |
Country Status (6)
Country | Link |
---|---|
US (1) | US8898729B2 (zh) |
EP (1) | EP2416521B1 (zh) |
CN (1) | CN101854625B (zh) |
BR (1) | BRPI1015037A2 (zh) |
MX (1) | MX2011010433A (zh) |
WO (1) | WO2010111964A1 (zh) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130036191A1 (en) * | 2010-06-30 | 2013-02-07 | Demand Media, Inc. | Systems and Methods for Recommended Content Platform |
EP2611227A1 (en) * | 2011-01-10 | 2013-07-03 | Huawei Technologies Co., Ltd. | Method, device and system for sending communication information |
CN103260156A (zh) * | 2012-02-15 | 2013-08-21 | 中国移动通信集团公司 | 密钥流生成装置及方法、机密性保护装置及方法 |
US10162486B2 (en) | 2013-05-14 | 2018-12-25 | Leaf Group Ltd. | Generating a playlist based on content meta data and user parameters |
US10509831B2 (en) | 2011-07-29 | 2019-12-17 | Leaf Group Ltd. | Systems and methods for time and space algorithm usage |
WO2024098414A1 (zh) * | 2022-11-11 | 2024-05-16 | 华为技术有限公司 | 一种通信的方法和装置 |
Families Citing this family (42)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2454204A (en) * | 2007-10-31 | 2009-05-06 | Nec Corp | Core network selecting security algorithms for use between a base station and a user device |
US8819765B2 (en) * | 2008-01-22 | 2014-08-26 | Telefonaktiebolaget L M Ericsson (Publ) | Security policy distribution to communication terminals |
US8965415B2 (en) | 2011-07-15 | 2015-02-24 | Qualcomm Incorporated | Short packet data service |
US9185080B2 (en) | 2011-08-12 | 2015-11-10 | Intel Deutschland Gmbh | Data transmitting devices, data receiving devices, methods for controlling a data transmitting device, and methods for controlling a data receiving device |
CN103179559B (zh) * | 2011-12-22 | 2016-08-10 | 华为技术有限公司 | 一种低成本终端的安全通信方法、装置及系统 |
PT2807847T (pt) * | 2012-01-26 | 2020-12-15 | Ericsson Telefon Ab L M | Funcionamento de um nó de serviço numa rede |
US8660078B2 (en) * | 2012-02-07 | 2014-02-25 | Qualcomm Incorporated | Data radio bearer (DRB) enhancements for small data transmissions apparatus, systems, and methods |
CN102595369B (zh) * | 2012-02-29 | 2015-02-25 | 大唐移动通信设备有限公司 | 一种nas算法的传输方法及装置 |
US9355261B2 (en) | 2013-03-14 | 2016-05-31 | Appsense Limited | Secure data management |
WO2014184938A1 (ja) * | 2013-05-16 | 2014-11-20 | 富士通株式会社 | 端末装置、通信システム及び通信制御プログラム |
CN104244247B (zh) * | 2013-06-07 | 2019-02-05 | 华为技术有限公司 | 非接入层、接入层安全算法处理方法及设备 |
CN104281621A (zh) * | 2013-07-11 | 2015-01-14 | 腾讯科技(深圳)有限公司 | 网页浏览方法及装置 |
US9215251B2 (en) * | 2013-09-11 | 2015-12-15 | Appsense Limited | Apparatus, systems, and methods for managing data security |
CN104618089B (zh) | 2013-11-04 | 2019-05-10 | 华为技术有限公司 | 安全算法的协商处理方法、控制网元和系统 |
WO2015094346A1 (en) * | 2013-12-20 | 2015-06-25 | Hewlett-Packard Development Company, L.P. | Digital switchboard |
US10462660B2 (en) * | 2014-05-12 | 2019-10-29 | Nokia Technologies Oy | Method, network element, user equipment and system for securing device-to-device communication in a wireless network |
CN105323231B (zh) * | 2014-07-31 | 2019-04-23 | 中兴通讯股份有限公司 | 安全算法选择方法、装置及系统 |
US9565216B2 (en) | 2014-10-24 | 2017-02-07 | At&T Intellectual Property I, L.P. | Methods, systems, and computer program products for security protocol selection in internet protocol multimedia subsystem networks |
CN104936172A (zh) * | 2015-05-11 | 2015-09-23 | 柳州天运寰通科技有限公司 | 北斗定位数据传输加密系统 |
CN106302152A (zh) * | 2015-05-21 | 2017-01-04 | 中兴通讯股份有限公司 | 一种生成路由的控制方法及路由设备 |
CN106452776A (zh) * | 2015-08-12 | 2017-02-22 | 航天信息股份有限公司 | 一种数据加密方法 |
US11374941B2 (en) * | 2015-11-02 | 2022-06-28 | Telefonaktiebolaget Lm Ericsson (Publ) | Wireless communications |
WO2017121854A1 (en) * | 2016-01-14 | 2017-07-20 | Nokia Solutions And Networks Oy | Flexible selection of security features in mobile networks |
GB2547040A (en) * | 2016-02-05 | 2017-08-09 | Vodafone Ip Licensing Ltd | Controlling bearer security in a telecommunications connection |
CN106899562A (zh) * | 2016-04-21 | 2017-06-27 | 中国移动通信有限公司研究院 | 物联网的安全算法协商方法、网元及物联网终端 |
CN107566115B (zh) * | 2016-07-01 | 2022-01-14 | 华为技术有限公司 | 密钥配置及安全策略确定方法、装置 |
US20180083972A1 (en) * | 2016-09-20 | 2018-03-22 | Lg Electronics Inc. | Method and apparatus for security configuration in wireless communication system |
WO2018076298A1 (zh) * | 2016-10-28 | 2018-05-03 | 华为技术有限公司 | 一种安全能力协商方法及相关设备 |
WO2018132952A1 (zh) * | 2017-01-17 | 2018-07-26 | 华为技术有限公司 | 无线通信的方法和装置 |
CN110024331B (zh) * | 2017-01-26 | 2021-11-19 | 华为技术有限公司 | 数据的保护方法、装置和系统 |
WO2018201506A1 (zh) * | 2017-05-05 | 2018-11-08 | 华为技术有限公司 | 一种通信方法及相关装置 |
EP3747165B1 (en) * | 2018-02-03 | 2022-09-14 | Nokia Technologies Oy | Application based routing of data packets in multi-access communication networks |
CN110351092A (zh) * | 2019-06-11 | 2019-10-18 | 北京思源互联科技有限公司 | 数据包的传输方法和装置、存储介质、电子装置 |
WO2020254113A1 (en) * | 2019-06-17 | 2020-12-24 | Telefonaktiebolaget Lm Ericsson (Publ) | Key distribution for hop by hop security in iab networks |
CN110430573A (zh) * | 2019-07-31 | 2019-11-08 | 维沃移动通信有限公司 | 一种信息认证方法、电子设备及网络侧设备 |
CN115004634B (zh) * | 2020-04-03 | 2023-12-19 | Oppo广东移动通信有限公司 | 信息处理方法、装置、设备及存储介质 |
CA3185313A1 (en) * | 2020-05-29 | 2021-12-02 | Huawei Technologies Co., Ltd. | Communications method and apparatus |
EP4185003A4 (en) * | 2020-07-30 | 2023-09-13 | Huawei Technologies Co., Ltd. | COMMUNICATION METHOD AND DEVICE |
JP2022114391A (ja) * | 2021-01-26 | 2022-08-05 | 京セラドキュメントソリューションズ株式会社 | 電子機器 |
CN115470513A (zh) * | 2021-06-11 | 2022-12-13 | 支付宝(杭州)信息技术有限公司 | 针对隐私计算进行算法协商的方法、装置及系统 |
CN115879143A (zh) * | 2021-09-29 | 2023-03-31 | 华为技术有限公司 | 数据安全策略配置方法、设备以及系统 |
CN115589321A (zh) * | 2022-10-11 | 2023-01-10 | 中国电信股份有限公司 | 安全上下文隔离策略协商方法、装置、设备及存储介质 |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1895706A1 (en) * | 2006-08-31 | 2008-03-05 | Nortel Networks Limited | Method for securing an interaction between nodes and related nodes |
CN101170811A (zh) * | 2006-10-24 | 2008-04-30 | 中兴通讯股份有限公司 | 通用引导体系中安全等级的协商方法 |
CN101242629A (zh) * | 2007-02-05 | 2008-08-13 | 华为技术有限公司 | 选择用户面算法的方法、系统和设备 |
CN101262337A (zh) * | 2008-02-05 | 2008-09-10 | 中兴通讯股份有限公司 | 安全功能控制方法和系统 |
CN101330376A (zh) * | 2007-06-22 | 2008-12-24 | 华为技术有限公司 | 安全算法的协商方法 |
CN101378591A (zh) * | 2007-08-31 | 2009-03-04 | 华为技术有限公司 | 终端移动时安全能力协商的方法、系统及装置 |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6941459B1 (en) | 1999-10-21 | 2005-09-06 | International Business Machines Corporation | Selective data encryption using style sheet processing for decryption by a key recovery agent |
FI111423B (fi) * | 2000-11-28 | 2003-07-15 | Nokia Corp | Järjestelmä kanavanvaihdon jälkeen tapahtuvan tietoliikenteen salauksen varmistamiseksi |
EP2618597B1 (en) * | 2004-03-02 | 2015-01-14 | Panasonic Intellectual Property Corporation of America | Negotiation of functions between wireless access point and control node |
US7194763B2 (en) * | 2004-08-02 | 2007-03-20 | Cisco Technology, Inc. | Method and apparatus for determining authentication capabilities |
CN100571130C (zh) * | 2004-11-08 | 2009-12-16 | 中兴通讯股份有限公司 | 一种通用的安全等级协商方法 |
CN1835436B (zh) * | 2005-03-14 | 2010-04-14 | 华为技术有限公司 | 一种通用鉴权网络及一种实现鉴权的方法 |
-
2009
- 2009-04-03 CN CN200910081161.7A patent/CN101854625B/zh active Active
-
2010
- 2010-04-02 BR BRPI1015037A patent/BRPI1015037A2/pt not_active Application Discontinuation
- 2010-04-02 WO PCT/CN2010/071522 patent/WO2010111964A1/zh active Application Filing
- 2010-04-02 MX MX2011010433A patent/MX2011010433A/es active IP Right Grant
- 2010-04-02 EP EP10758066.4A patent/EP2416521B1/en active Active
-
2011
- 2011-10-03 US US13/251,595 patent/US8898729B2/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1895706A1 (en) * | 2006-08-31 | 2008-03-05 | Nortel Networks Limited | Method for securing an interaction between nodes and related nodes |
CN101170811A (zh) * | 2006-10-24 | 2008-04-30 | 中兴通讯股份有限公司 | 通用引导体系中安全等级的协商方法 |
CN101242629A (zh) * | 2007-02-05 | 2008-08-13 | 华为技术有限公司 | 选择用户面算法的方法、系统和设备 |
CN101330376A (zh) * | 2007-06-22 | 2008-12-24 | 华为技术有限公司 | 安全算法的协商方法 |
CN101378591A (zh) * | 2007-08-31 | 2009-03-04 | 华为技术有限公司 | 终端移动时安全能力协商的方法、系统及装置 |
CN101262337A (zh) * | 2008-02-05 | 2008-09-10 | 中兴通讯股份有限公司 | 安全功能控制方法和系统 |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130036191A1 (en) * | 2010-06-30 | 2013-02-07 | Demand Media, Inc. | Systems and Methods for Recommended Content Platform |
US9721035B2 (en) * | 2010-06-30 | 2017-08-01 | Leaf Group Ltd. | Systems and methods for recommended content platform |
EP2611227A1 (en) * | 2011-01-10 | 2013-07-03 | Huawei Technologies Co., Ltd. | Method, device and system for sending communication information |
EP2611227A4 (en) * | 2011-01-10 | 2014-01-15 | Huawei Tech Co Ltd | METHOD, DEVICE AND SYSTEM FOR SENDING COMMUNICATION INFORMATION |
US8989381B2 (en) | 2011-01-10 | 2015-03-24 | Huawei Technologies Co., Ltd. | Method, apparatus, and system for data protection on interface in communications system |
US9301147B2 (en) | 2011-01-10 | 2016-03-29 | Huawei Technologies Co., Ltd. | Method, apparatus, and system for data protection on interface in communications system |
US10509831B2 (en) | 2011-07-29 | 2019-12-17 | Leaf Group Ltd. | Systems and methods for time and space algorithm usage |
CN103260156A (zh) * | 2012-02-15 | 2013-08-21 | 中国移动通信集团公司 | 密钥流生成装置及方法、机密性保护装置及方法 |
US10162486B2 (en) | 2013-05-14 | 2018-12-25 | Leaf Group Ltd. | Generating a playlist based on content meta data and user parameters |
US11119631B2 (en) | 2013-05-14 | 2021-09-14 | Leaf Group Ltd. | Generating a playlist based on content meta data and user parameters |
WO2024098414A1 (zh) * | 2022-11-11 | 2024-05-16 | 华为技术有限公司 | 一种通信的方法和装置 |
Also Published As
Publication number | Publication date |
---|---|
MX2011010433A (es) | 2011-11-29 |
US20120066737A1 (en) | 2012-03-15 |
BRPI1015037A2 (pt) | 2016-04-12 |
CN101854625A (zh) | 2010-10-06 |
EP2416521A1 (en) | 2012-02-08 |
US8898729B2 (en) | 2014-11-25 |
CN101854625B (zh) | 2014-12-03 |
EP2416521B1 (en) | 2018-06-20 |
EP2416521A4 (en) | 2012-04-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2010111964A1 (zh) | 安全算法选择处理方法与装置、网络实体及通信系统 | |
JP5392879B2 (ja) | 通信デバイスを認証するための方法および装置 | |
US11582602B2 (en) | Key obtaining method and device, and communications system | |
US10798082B2 (en) | Network authentication triggering method and related device | |
WO2018170617A1 (zh) | 一种基于非3gpp网络的入网认证方法、相关设备及系统 | |
WO2019017837A1 (zh) | 网络安全管理的方法及装置 | |
JP2022502908A (ja) | Nasメッセージのセキュリティ保護のためのシステム及び方法 | |
CN103609154B (zh) | 一种无线局域网接入鉴权方法、设备及系统 | |
WO2019004929A2 (zh) | 网络切片分配方法、设备及系统 | |
WO2019206286A1 (zh) | 一种网络切片接入的方法、装置和系统 | |
WO2009030164A1 (fr) | Procédé, système et dispositif pour empêcher l'attaque par dégradation pendant qu'un terminal se déplace | |
WO2009030155A1 (en) | Method, system and apparatus for negotiating the security ability when a terminal is moving | |
KR20100054178A (ko) | 이동 통신 시스템에서 단말 보안 능력 관련 보안 관리 방안및 장치 | |
JP2004164576A (ja) | 公衆無線lanサービスシステムにおけるユーザ認証方法およびユーザ認証システム、ならびに記録媒体 | |
US10278073B2 (en) | Processing method for terminal access to 3GPP network and apparatus | |
WO2011000315A1 (zh) | 群组管理方法、网络设备和网络系统 | |
WO2009043278A1 (fr) | Procédé, système et dispositif pour négocier la capacité de sécurité pendant qu'un terminal se déplace | |
WO2010094244A1 (zh) | 一种进行接入认证的方法、装置及系统 | |
WO2015100974A1 (zh) | 一种终端认证的方法、装置及系统 | |
US10172003B2 (en) | Communication security processing method, and apparatus | |
JP2007529763A (ja) | ネットワークアプリケーションエンティティのためにユーザーの身元確認を得る方法 | |
WO2013127190A1 (zh) | 一种nas算法的传输方法及装置 | |
WO2013185709A1 (zh) | 一种呼叫认证方法、设备和系统 | |
WO2013152740A1 (zh) | 用户设备的认证方法、装置及系统 | |
WO2018076298A1 (zh) | 一种安全能力协商方法及相关设备 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10758066 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: MX/A/2011/010433 Country of ref document: MX |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2010758066 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 7758/CHENP/2011 Country of ref document: IN |
|
REG | Reference to national code |
Ref country code: BR Ref legal event code: B01A Ref document number: PI1015037 Country of ref document: BR |
|
ENP | Entry into the national phase |
Ref document number: PI1015037 Country of ref document: BR Kind code of ref document: A2 Effective date: 20111003 |