WO2015117489A1 - 安全算法选择方法、装置及系统 - Google Patents
安全算法选择方法、装置及系统 Download PDFInfo
- Publication number
- WO2015117489A1 WO2015117489A1 PCT/CN2014/093308 CN2014093308W WO2015117489A1 WO 2015117489 A1 WO2015117489 A1 WO 2015117489A1 CN 2014093308 W CN2014093308 W CN 2014093308W WO 2015117489 A1 WO2015117489 A1 WO 2015117489A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- group
- security
- security algorithm
- capability information
- core network
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/065—Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/16—Arrangements for providing special services to substations
- H04L12/18—Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
- H04L12/185—Arrangements for providing special services to substations for broadcast or conference, e.g. multicast with management of multicast group membership
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/06—Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services
- H04W4/08—User group management
Definitions
- the present invention relates to the field of communications, and in particular, to a security algorithm selection method, apparatus, and system.
- a security encryption mechanism is defined in the protocol, that is, the terminal reports the security encryption algorithm supported by the terminal (UE) to the core network when attached, and the core network receives the The UE's security capability information and its calculated root key information are transmitted to the base station.
- the base station selects a set of security encryption algorithms for the current terminal service according to the capabilities of the UE and the base station support capability, and calculates the root key transmitted by the core network.
- the concept of the shared channel is introduced for the cluster service of the group call, that is, one group call service allocates only one set of physics under one cell.
- the resource connection is shared by multiple users in the group in the group call, that is, the data of one service is received by multiple terminals. Because it is the same data, the corresponding security algorithm and key may only be one set.
- the security capabilities of multiple terminals in the group are different. The security algorithm and key may not guarantee that all terminals in the group support it. Therefore, it is impossible to ensure that all terminals in the group can successfully receive business data.
- the embodiment of the invention provides a method, a device and a system for selecting a security algorithm, so as to at least solve the problem that all terminals in the related technology can ensure that all terminals can successfully receive service data in the cluster service.
- a security algorithm selection method including: receiving, by a core network, an attach request from a first terminal UE to a broadband cluster network, where the attach request carries the UE supported a first security capability information; the core network determines a group to which the first UE belongs, and acquires security capability information of each second UE in the group; the core network selects security capability information of the first UE and The security capability information of each of the second UEs supports a security algorithm, and the selected security algorithm is sent to the first UE as the security algorithm of the group.
- the method further includes: the core network determines that the selected security algorithm is different from the saved security algorithm of the group, and then updates the security algorithm of the group to the selected security algorithm, And selecting the selected security algorithm to send the security algorithm of the group to each of the second UEs in the group.
- the selected security algorithm sends the security algorithm of the group to each of the second UEs in the group, where the core network sends a group information update message to each of the second UEs.
- the group information update message carries the selected security algorithm.
- the method further includes: the core network saving the security capability information of the first UE.
- the core network selects the security capability information of the first UE and the security capability information of each of the second UEs to support the security algorithm, including: determining, by the core network, the first UE security capability information Whether the first UE supports the security algorithm of the current group, and if yes, selects the security algorithm of the current group; otherwise, the first UE security capability information and the security capability information of each second UE are taken. The intersection of the security algorithms selected by the intersection.
- the method further includes: when the group network initiates the group call service of the group, notifying the selected security algorithm and the corresponding key to the base station, indicating that the base station is performing the group
- the security algorithm and the key are used to encrypt the signaling and the service data.
- a security algorithm selection apparatus including: a receiving module, configured to initiate, by the first terminal UE, an attach request to a broadband cluster network, where the attach request carries the a security capability information supported by the UE; an obtaining module, configured to determine a group to which the first UE belongs, acquire security capability information of each second UE in the group; and select a module, configured to select the first UE security
- the capability information and the security capability information of each of the second UEs support the security algorithm;
- the sending module is configured to send the selected security algorithm as the security algorithm of the group to the first UE.
- the device further includes: a determining module, configured to determine whether the selected security algorithm is the same as the saved security algorithm of the group, and if not, trigger an update module; the update module is configured to The security algorithm of the group is updated to the selected security algorithm, and the selected security algorithm is sent to each of the second UEs in the group.
- a determining module configured to determine whether the selected security algorithm is the same as the saved security algorithm of the group, and if not, trigger an update module
- the update module is configured to The security algorithm of the group is updated to the selected security algorithm, and the selected security algorithm is sent to each of the second UEs in the group.
- the device further includes: a storage module, configured to save security capability information of the first UE.
- the selecting module includes: a determining unit, configured to determine, according to the security capability information of the first UE, whether the first UE supports a security algorithm of the current group; and the selecting unit is configured to be in the determining If the determination result of the unit is yes, the security algorithm of the current group is selected, and if the determination result of the determining unit is negative, the security capability information of the first UE and each of the second An intersection of security capability information of the UE, selecting a security algorithm supported by the intersection.
- a determining unit configured to determine, according to the security capability information of the first UE, whether the first UE supports a security algorithm of the current group
- the selecting unit is configured to be in the determining If the determination result of the unit is yes, the security algorithm of the current group is selected, and if the determination result of the determining unit is negative, the security capability information of the first UE and each of the second An intersection of security capability information of the UE, selecting a security algorithm supported by the intersection.
- the device further includes: a notification module, configured to: when the group call service of the group is initiated, notify the selected security algorithm and a corresponding key to the base station, indicating that the base station is performing the When the group call service is delivered, the security algorithm and the key are used to encrypt the signaling and the service data.
- a notification module configured to: when the group call service of the group is initiated, notify the selected security algorithm and a corresponding key to the base station, indicating that the base station is performing the When the group call service is delivered, the security algorithm and the key are used to encrypt the signaling and the service data.
- a security algorithm selection system including: a core network and a base station, where the core network includes the foregoing security algorithm selection device; and the base station is configured to follow the core network
- the security algorithm of the notified group and the corresponding key are used to encrypt the signaling and service data when performing the group call service delivery of the group.
- the core network When the core network receives the attach request from the UE to the broadband cluster network, the core network selects a security algorithm supported by all the UEs to which the UE belongs, and sends the security algorithm to the UE as the security algorithm of the group.
- the problem that all the terminals can successfully receive the service data cannot be ensured in the group, so that all the UEs in the group can successfully receive the service data, thereby ensuring the reliability of the cluster service.
- FIG. 1 is a flow chart of a method for selecting a security algorithm according to an embodiment of the present invention
- FIG. 2 is a schematic structural diagram of a security algorithm selection apparatus according to an embodiment of the present invention.
- FIG. 3 is a schematic structural diagram of a security algorithm selection system according to an embodiment of the present invention.
- Figure 5 is a flow chart of the second embodiment.
- the encryption network can be directly configured by the core network to directly notify the base station and the terminal, so that if configured If the algorithm terminal does not support, then the terminal will not be able to receive the service data in the group.
- the embodiment of the present invention provides a solution.
- the core network selects a security encryption algorithm supported by all terminals in the group according to the security capabilities of each terminal in the group.
- a security algorithm selection method is provided.
- FIG. 1 is a flowchart of a security algorithm selection method according to an embodiment of the present invention. As shown in FIG. 1, the method mainly includes the following steps S102-S106.
- step S102 the core network receives the attach request from the first UE to the broadband cluster network, where the attach request carries the security capability information supported by the first UE.
- Step S104 The core network determines the group to which the first UE belongs, and obtains security capability information of each second UE in the group.
- the core network may store the identification information of the terminal in each service group and the security capability information, such as the IMSI. Therefore, optionally, after receiving the attach request, the core network may The identification information of the UE and the security capability information are saved in the group to which the UE belongs.
- the terminal carries its own capability information, including the security capability information of the terminal, such as a security encryption algorithm supported by the terminal, and the core network stores the security capability information supported by each terminal.
- Step S106 The core network selects the security capability information of the first UE and the security capability information of each of the second UEs to support the security algorithm, and sends the selected security algorithm as the security algorithm of the group to the First UE.
- the core network selects the security algorithm as the security algorithm of the group, and initiates the process of updating the group information to which the terminal belongs, and sends the group information and the group-related configuration information of the terminal to the terminal, including the corresponding group.
- Information such as security algorithms.
- the core network When the core network generates the security algorithm information corresponding to the group update message, it needs to traverse the security capabilities supported by all the attached terminals included in the group, and take the intersection of all the terminals to support the security capabilities, that is, select the security algorithms supported by all the terminals. Issued to the terminal.
- the method may further include: the core network determines that the selected security algorithm is different from the saved security algorithm of the group, and then the group Updating the security algorithm to the selected security algorithm, and transmitting the selected security algorithm as the security algorithm of the group to the security algorithm
- the core network may send a group information update message to each of the second UEs, where the group information update message carries the selected security algorithm.
- step S106 when the core network selects the security capability information of the first UE and the security capability information of each of the second UEs to support the security algorithm, Determining, by the first security capability information, whether the first UE supports the security algorithm of the current group, and if yes, selecting a security algorithm of the current group; otherwise, acquiring security capability information and each location of the first UE An intersection of the security capability information of the second UE is selected, and a security algorithm supported by the intersection is selected.
- the security algorithm calculated by the group in which the terminal is located changes, the group information update message needs to be resent to other connected terminals in the group to update the saved information in the terminal.
- the security algorithm corresponding to the group is not limited to the group.
- the core network when the core network initiates the group call service establishment, the core network may notify the base station to notify the security algorithm and the key corresponding to the group to the base station, and indicate that the base station is performing the group.
- the security algorithm and the key are used to encrypt the signaling and the service data.
- the number of groups to which the first UE belongs may be multiple, and for each group, step S104 and step S106 are respectively performed.
- the security algorithm selected for the service group is a security algorithm supported by all the terminals in the group, so that all the terminals in the group can successfully receive the service data.
- a security algorithm selecting apparatus is further provided, which may be configured to implement the foregoing method.
- the apparatus mainly includes: a receiving module 22, configured to initiate an attach request to a broadband cluster network by a first terminal UE, where The attachment request carries the security capability information supported by the first UE; the obtaining module 24 is configured to determine the group to which the first UE belongs, and obtain security capability information of each second UE in the group; 26. The security capability information that is selected to select the first UE and the security capability information of each of the second UEs are supported by the security algorithm.
- the sending module 28 is configured to use the selected security algorithm as the security algorithm of the group. Sent to the first UE.
- the device may further include: a determining module, configured to determine whether the selected security algorithm is the same as the saved security algorithm of the group, and if not, trigger an update module; the update module is set to Updating the security algorithm of the group to the selected security algorithm, and transmitting the selected security algorithm as the security algorithm of the group to each of the second UEs in the group.
- a determining module configured to determine whether the selected security algorithm is the same as the saved security algorithm of the group, and if not, trigger an update module
- the update module is set to Updating the security algorithm of the group to the selected security algorithm, and transmitting the selected security algorithm as the security algorithm of the group to each of the second UEs in the group.
- the device may further include: a storage module, configured to save security capability information of the first UE.
- the selecting module may be configured to: determine, according to the security capability information of the first UE, whether the first UE supports a security algorithm of the current group, and a selecting unit, configured to When the determination result of the determination unit is YES, the security algorithm of the current group is selected, and if the determination result of the determination unit is negative, the security capability information of the first UE and each of the first An intersection of two UE security capability information, selecting a security algorithm supported by the intersection.
- the device may further include: a notification module, configured to: when the group call service of the group is initiated, notify the selected security algorithm and the corresponding key to the base station, indicating that the base station is performing When the group call service is delivered, the security algorithm and the key are used to encrypt the signaling and the service data.
- a notification module configured to: when the group call service of the group is initiated, notify the selected security algorithm and the corresponding key to the base station, indicating that the base station is performing When the group call service is delivered, the security algorithm and the key are used to encrypt the signaling and the service data.
- a security algorithm selection system is also provided.
- FIG. 3 is a schematic structural diagram of a security algorithm selection system according to an embodiment of the present invention.
- the system includes: a core network 32 and a base station 34.
- the core network 32 may include the security algorithm selection device of each embodiment described above;
- the base station 34 is configured to perform the group of the group according to the security algorithm of the group notified by the core network and the corresponding key.
- the security algorithm and the key are used to encrypt the signaling and the service data.
- a group to which the UE belongs is a service group as an example.
- FIG. 4 is a signaling flowchart of selecting a security algorithm corresponding to a group in the embodiment. As shown in FIG. 4, the method mainly includes the following steps:
- the UE1 is expected to use the broadband trunking service to initiate the attach procedure to the broadband cluster network, first establish an RRC connection with the eNodeB, and carry the capability information supported by the UE1 to the core network in the attached message, including the supported security algorithm, and the core network.
- the capability information of UE1 is saved.
- Step 402 The core network retrieves the configuration information, determines the group to which the UE1 belongs, and cyclically acquires each user registered in the group. In this embodiment, if the UE1 is the first registered user in the group, the core network directly selects the UE1. An algorithm in the reported security algorithm is used as a security algorithm used by users in the group to initiate group information. The new process sends the group-related content and the security algorithm corresponding to the group to UE1, and saves the new security algorithm corresponding to the group.
- Step 403 The UE2 expects to use the broadband trunking service to initiate an attach procedure to the broadband cluster network, first establish an RRC connection with the eNodeB, and carry the capability information supported by the UE2 to the core network in the attached message, including a supported security algorithm, etc., the core network The capability information of UE2 is saved.
- Step 404 The core network retrieves the configuration information, determines the group to which the UE2 belongs, and cyclically acquires each user registered in the group, and assumes that other users in the group to which the UE2 belongs have already completed registration, for example, UE1, the core network according to the group After the user has been registered, including the intersection of the security capabilities supported by UE1 and UE2, a security algorithm is selected as the security algorithm used by the users in the group, and the group information update process is initiated, and the related content of the group and the security algorithm corresponding to the group are selected. It is sent to UE2 and saves the new security algorithm corresponding to the group.
- Step 405 The newly calculated security algorithm in the core network judgment group is inconsistent with the security algorithm saved in the previous group, initiates a group update process, and notifies the new security algorithm to other users in the group, such as UE1.
- Step 406 UE2 initiates establishment of a cluster group call service, and establishes an RRC connection and a shared bearer of the cluster.
- step 407 the core network notifies the eNodeB of the group security algorithm of the current service.
- the eNodeB uses the security algorithm to complete the signaling and encrypt the signaling and service data.
- Step 408 If the UE1 is not in the cell where the UE2 is located, the UE1 responds to the paging response after receiving the paging of the group call service, and the eNodeB and the UE1 start to establish the service bearer of the cluster shared channel.
- step 409 the core network notifies the eNodeB of the group security algorithm of the current service.
- the eNodeB uses the security algorithm to complete the signaling and encrypt the signaling and service data.
- the processing logic of selecting a security algorithm for the core network is described by taking a group to which the UE belongs as an example.
- FIG. 5 is a flowchart of selecting a security algorithm for a core network according to the embodiment. As shown in FIG. 5, the method mainly includes the following steps:
- Step 501 After receiving the new UE attach message, the core network saves the capability information of the UE, including the security capability information.
- Step 502 The core network retrieves all group information to which the UE belongs and the security algorithm currently used by the group.
- step 503 the group to which the UE belongs is traversed one by one. For each group, it is determined whether the security algorithm currently used by the group is in the security capability set supported by the UE. If yes, the group maintains the original security algorithm. If not, the group needs to be taken within the group. All UEs include all the capability information of the newly added UE, and the intersections are taken to determine the security algorithm corresponding to the current group, and are saved;
- Step 504 The core network initiates a group update process for the newly attached UE, and brings parameters such as security algorithms of all groups to which the UE belongs to the UE.
- Step 505 Determine whether the security encryption algorithm corresponding to the group has a change. If there is a change, execute step 506. Otherwise, end the secure encryption algorithm selection process.
- step 506 the group update process is re-initiated for other UEs in the group, and the new security algorithm is notified to other UEs in the group.
- the core network when receiving the attach request from the UE to the broadband cluster network, the core network selects a security algorithm supported by all the UEs to which the UE belongs, and sends the security algorithm to the The UE solves the problem that the UE can successfully receive the service data in the group when the cluster service is in the related technology, so that all the UEs in the group can successfully receive the service data and ensure the reliability of the cluster service.
- modules or steps of the present invention described above can be implemented by a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein.
- the steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated as a single integrated circuit module.
- the invention is not limited to any specific combination of hardware and software.
- the security algorithm selection method, apparatus, and system provided by the embodiments of the present invention have the following beneficial effects: the problem that the terminal can ensure that all terminals can successfully receive service data in the group cannot be guaranteed in the related art. It achieves the effect that all UEs in the group can successfully receive service data and ensure the reliability of the cluster service.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
Description
Claims (12)
- 一种安全算法选择方法,包括:核心网接收到第一终端UE发起到宽带集群网络的附着请求,其中,所述附着请求中携带有所述UE支持的第一安全能力信息;所述核心网确定所述第一UE所属的组,获取所述组内的各个第二UE的安全能力信息;所述核心网选择所述第一UE的安全能力信息和所述各个第二UE的安全能力信息均支持安全算法,并将选择的所述安全算法作为所述组的安全算法发送给所述第一UE。
- 根据权利要求1所述的方法,其中,所述方法还包括:所述核心网确定选择的所述安全算法与保存的所述组的安全算法不相同,则将所述组的安全算法更新为选择的所述安全算法,并将选择的所述安全算法为所述组的安全算法发送给所述组内的各个所述第二UE。
- 根据权利要求2所述的方法,其中,将选择的所述安全算法为所述组的安全算法发送给所述组内的各个所述第二UE,包括:所述核心网向各个所述第二UE发送组信息更新消息,所述组信息更新消息中携带选择的所述安全算法。
- 根据权利要求1所述的方法,其中,核心网接收到第一用户终端UE发起到宽带集群网络的附着请求之后,所述方法还包括:所述核心网保存所述第一UE的安全能力信息。
- 根据权利要求1所述的方法,其中,所述核心网选择所述第一UE的安全能力信息和所述各个第二UE的安全能力信息均支持安全算法,包括:所述核心网根据所述第一UE安全能力信息判断所述第一UE是否支持当前所述组的安全算法,如果是,则选择当前所述组的安全算法,否则,取所述第一UE安全能力信息与所述各个第二UE的安全能力信息的交集,选择所述交集支持的一个安全算法。
- 根据权利要求1至5中任一项所述的方法,其中,所述方法还包括:所述核心网在发起所述组的组呼业务时,将选择的所述安全算法及对应的密钥通知到基站,指示所述基站在进行所述组呼业务传递时,使用所述安全算法及密钥对信令和业务数据进行加密。
- 一种安全算法选择装置,包括:接收模块,设置为第一终端UE发起到宽带集群网络的附着请求,其中,所述附着请求中携带有所述第一UE支持的安全能力信息;获取模块,设置为确定所述第一UE所属的组,获取所述组内的各个第二UE的安全能力信息;选择模块,设置为选择所述第一UE安全能力信息和所述各个第二UE的安全能力信息均支持安全算法;发送模块,设置为将选择的所述安全算法作为所述组的安全算法发送给所述第一UE。
- 根据权利要求7所述的装置,其中,所述装置还包括:判断模块,设置为判断选择的所述安全算法与保存的所述组的安全算法是否相同,如果不同,则触发更新模块;所述更新模块,设置为将所述组的安全算法更新为选择的所述安全算法,并将选择的所述安全算法发送给所述组内的各个所述第二UE。
- 根据权利要求7所述的装置,其中,所述装置还包括:存储模块,设置为保存所述第一UE的安全能力信息。
- 根据权利要求7所述的装置,其中,所述选择模块包括:判断单元,设置为根据所述第一UE的安全能力信息判断所述第一UE是否支持当前所述组的安全算法;选择单元,设置为在所述判断单元的判断结果为是的情况下,选择当前所述组的安全算法,以及在所述判断单元的判断结果为否的情况下,取所述第一UE的安全能力信息与各个所述第二UE的安全能力信息的交集,选择所述交集支持的一个安全算法。
- 根据权利要求7至11中任一项所述的装置,其中,所述装置还包括:通知模块,设置为在发起所述组的组呼业务时,将选择的所述安全算法及对应的密钥通知到基站,指示所述基站在进行所述组呼业务传递时,使用所述安全算法及密钥对信令和业务数据进行加密。
- 一种安全算法选择系统,包括:核心网和基站,其中,所述核心网包括权利要求7-11中任一项所述的装置;所述基站,设置为按照所述核心网通知的组的安全算法及对应的密钥,在进行所述组的组呼业务传递时,使用所述安全算法及密钥对信令和业务数据进行加密。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/329,089 US20170208095A1 (en) | 2014-07-31 | 2014-12-08 | Method, device and system for selecting a security algorithm |
KR1020177005499A KR20170039247A (ko) | 2014-07-31 | 2014-12-08 | 보안 알고리즘 선택 방법, 장치 및 시스템 |
EP14881972.5A EP3177052B1 (en) | 2014-07-31 | 2014-12-08 | Method, device and system for selecting security algorithm |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410375477.8A CN105323231B (zh) | 2014-07-31 | 2014-07-31 | 安全算法选择方法、装置及系统 |
CN201410375477.8 | 2014-07-31 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2015117489A1 true WO2015117489A1 (zh) | 2015-08-13 |
Family
ID=53777295
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2014/093308 WO2015117489A1 (zh) | 2014-07-31 | 2014-12-08 | 安全算法选择方法、装置及系统 |
Country Status (5)
Country | Link |
---|---|
US (1) | US20170208095A1 (zh) |
EP (1) | EP3177052B1 (zh) |
KR (1) | KR20170039247A (zh) |
CN (1) | CN105323231B (zh) |
WO (1) | WO2015117489A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105873011A (zh) * | 2016-06-06 | 2016-08-17 | 海能达通信股份有限公司 | 集群业务数据传输、控制方法、装置和设备 |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2017039310A1 (ko) * | 2015-08-31 | 2017-03-09 | 엘지전자 주식회사 | 기기 그룹을 이용한 통신 방법 및 이를 이용한 기기 |
CN107786511A (zh) * | 2016-08-27 | 2018-03-09 | 北京信威通信技术股份有限公司 | 集群系统中实现群组通信安全的方法 |
US20180083972A1 (en) * | 2016-09-20 | 2018-03-22 | Lg Electronics Inc. | Method and apparatus for security configuration in wireless communication system |
EP3570577B1 (en) * | 2017-06-17 | 2021-04-07 | LG Electronics Inc. -1- | Method and apparatus for supporting security for separation of cu-cp and cu-up in wireless communication system |
WO2018231031A2 (ko) * | 2017-06-17 | 2018-12-20 | 엘지전자 주식회사 | 무선 통신 시스템에서 cu-cp와 cu-up의 분리를 위한 보안을 지원하는 방법 및 장치 |
WO2019161538A1 (zh) | 2018-02-23 | 2019-08-29 | Oppo广东移动通信有限公司 | 一种安全算法的确定方法及装置、计算机存储介质 |
CN110519709B (zh) * | 2018-05-21 | 2021-08-31 | 华为技术有限公司 | 上下文管理方法及装置 |
CN109617689A (zh) * | 2018-12-20 | 2019-04-12 | 惠州Tcl移动通信有限公司 | 通话方法、终端及核心网设备 |
EP4236205A3 (en) * | 2019-01-21 | 2023-11-29 | Telefonaktiebolaget LM Ericsson (publ) | Securing the user plane path for a group communication session based on a security policy common to all devices in the group |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1599485A (zh) * | 2003-09-19 | 2005-03-23 | 华为技术有限公司 | 一种在集群系统中更新组密钥的方法 |
CN101001252A (zh) * | 2006-06-25 | 2007-07-18 | 华为技术有限公司 | 一种注册方法和一种用户面安全算法的协商方法及装置 |
CN101128061A (zh) * | 2007-09-27 | 2008-02-20 | 中兴通讯股份有限公司 | 移动管理单元、演进基站、确定用户面是否加密的方法和系统 |
CN101883346A (zh) * | 2009-05-04 | 2010-11-10 | 中兴通讯股份有限公司 | 基于紧急呼叫的安全协商方法与装置 |
CN102487502A (zh) * | 2010-12-01 | 2012-06-06 | 电子科技大学 | 一种集群通信安全方法 |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2454204A (en) * | 2007-10-31 | 2009-05-06 | Nec Corp | Core network selecting security algorithms for use between a base station and a user device |
CN101854625B (zh) * | 2009-04-03 | 2014-12-03 | 华为技术有限公司 | 安全算法选择处理方法与装置、网络实体及通信系统 |
CN102833742B (zh) * | 2011-06-17 | 2016-03-30 | 华为技术有限公司 | 机器类通信设备组算法的协商方法和设备 |
CN104618089B (zh) * | 2013-11-04 | 2019-05-10 | 华为技术有限公司 | 安全算法的协商处理方法、控制网元和系统 |
-
2014
- 2014-07-31 CN CN201410375477.8A patent/CN105323231B/zh active Active
- 2014-12-08 US US15/329,089 patent/US20170208095A1/en not_active Abandoned
- 2014-12-08 WO PCT/CN2014/093308 patent/WO2015117489A1/zh active Application Filing
- 2014-12-08 EP EP14881972.5A patent/EP3177052B1/en not_active Not-in-force
- 2014-12-08 KR KR1020177005499A patent/KR20170039247A/ko not_active IP Right Cessation
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1599485A (zh) * | 2003-09-19 | 2005-03-23 | 华为技术有限公司 | 一种在集群系统中更新组密钥的方法 |
CN101001252A (zh) * | 2006-06-25 | 2007-07-18 | 华为技术有限公司 | 一种注册方法和一种用户面安全算法的协商方法及装置 |
CN101128061A (zh) * | 2007-09-27 | 2008-02-20 | 中兴通讯股份有限公司 | 移动管理单元、演进基站、确定用户面是否加密的方法和系统 |
CN101883346A (zh) * | 2009-05-04 | 2010-11-10 | 中兴通讯股份有限公司 | 基于紧急呼叫的安全协商方法与装置 |
CN102487502A (zh) * | 2010-12-01 | 2012-06-06 | 电子科技大学 | 一种集群通信安全方法 |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105873011A (zh) * | 2016-06-06 | 2016-08-17 | 海能达通信股份有限公司 | 集群业务数据传输、控制方法、装置和设备 |
Also Published As
Publication number | Publication date |
---|---|
EP3177052A1 (en) | 2017-06-07 |
CN105323231B (zh) | 2019-04-23 |
EP3177052A4 (en) | 2017-09-27 |
CN105323231A (zh) | 2016-02-10 |
US20170208095A1 (en) | 2017-07-20 |
EP3177052B1 (en) | 2019-07-10 |
KR20170039247A (ko) | 2017-04-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2015117489A1 (zh) | 安全算法选择方法、装置及系统 | |
US11350482B2 (en) | Method for keeping mobile initiated connection only mode user equipment in connected mode | |
CN109076422B (zh) | 一种通信系统间移动方法、用户设备和存储介质 | |
WO2018014741A1 (zh) | 一种数据发送、接收和传输方法及装置 | |
WO2018228505A1 (zh) | 通信方法、网络设备、终端设备和系统 | |
US20190357296A1 (en) | Ue identifier in rrc resume | |
US11089520B2 (en) | Session migration method and device | |
WO2017121199A1 (zh) | 一种信息传输方法、装置、系统和计算机存储介质 | |
WO2018014661A1 (zh) | 一种数据或者信令发送、传输方法及装置 | |
US10034173B2 (en) | MTC service management using NFV | |
JP2015503291A (ja) | E−utraへのアタッチ方法及び移動性管理エンティーティー | |
EP3318007B1 (en) | Proximity services priority control for multicast traffic in proximity services user equipment network relay scenario | |
CN109196889B (zh) | 用户信息获取方法、标识对应关系保存方法及装置与设备 | |
WO2017219701A1 (zh) | 一种系统消息更新的方法和设备 | |
CN111886885B (zh) | 恢复rrc连接时的安全验证 | |
CN109964500B (zh) | 用于导出用于中继通信的安全密钥的方法、设备、系统和非暂时性计算机可读存储介质 | |
JP7393428B2 (ja) | パラメータ設定のための方法および装置 | |
JP2019506762A (ja) | 車車間・路車間通信システムにおけるデータ伝送のための方法 | |
WO2016062075A1 (zh) | 一种管理设备间d2d通信分组的方法及设备 | |
CN108124238B (zh) | 一种集群组的信令处理方法和装置 | |
WO2017121281A1 (zh) | 一种实现数据传输方式切换的方法、装置和系统 | |
WO2014127699A1 (zh) | 一种建立直接通信路径的方法、设备及系统 | |
WO2013029553A1 (zh) | 组呼的方法及设备 | |
CN106341798B (zh) | 一种集群组呼迟后接入的方法及装置 | |
JP2017103536A (ja) | 無線基地局及び無線通信方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14881972 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 15329089 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 20177005499 Country of ref document: KR Kind code of ref document: A |
|
REEP | Request for entry into the european phase |
Ref document number: 2014881972 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2014881972 Country of ref document: EP |