WO2018000936A1 - Procédé et appareil de configuration de clé et de détermination d'une politique de sécurité - Google Patents

Procédé et appareil de configuration de clé et de détermination d'une politique de sécurité Download PDF

Info

Publication number
WO2018000936A1
WO2018000936A1 PCT/CN2017/083265 CN2017083265W WO2018000936A1 WO 2018000936 A1 WO2018000936 A1 WO 2018000936A1 CN 2017083265 W CN2017083265 W CN 2017083265W WO 2018000936 A1 WO2018000936 A1 WO 2018000936A1
Authority
WO
WIPO (PCT)
Prior art keywords
security
user equipment
requirement
key
policy
Prior art date
Application number
PCT/CN2017/083265
Other languages
English (en)
Chinese (zh)
Inventor
张博
吴�荣
甘露
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CN201710060318.2A external-priority patent/CN107566115B/zh
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to EP22168723.9A priority Critical patent/EP4135256A1/fr
Priority to RU2019102608A priority patent/RU2719447C1/ru
Priority to KR1020197000802A priority patent/KR102144303B1/ko
Priority to EP17818933.8A priority patent/EP3481000B1/fr
Priority to BR112018077338-7A priority patent/BR112018077338A2/pt
Priority to CN201780030820.7A priority patent/CN109314638B/zh
Priority to JP2018568816A priority patent/JP6737910B2/ja
Publication of WO2018000936A1 publication Critical patent/WO2018000936A1/fr
Priority to US16/224,999 priority patent/US11057775B2/en
Priority to US17/336,650 priority patent/US11689934B2/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/106Packet or message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/162Implementing security features at a particular protocol layer at the data link layer

Definitions

  • the present application relates to the field of communications, and in particular, to a key configuration and a security policy determining method and apparatus.
  • the session management network element establishes a session between the user equipment and the gateway (or DN server, or another user equipment) according to the service requirements of the user equipment.
  • the present application provides a key configuration and security policy determination method and apparatus, and aims to solve the problem of how to establish a security mechanism based on a future mobile communication architecture.
  • a first aspect of the present application provides a key configuration method including the steps of: a session management network element receiving an end-to-end communication request, the end-to-end communication request including one end of the end-to-end communication The identity of the user device.
  • the session management network element obtains a security policy, and the security policy is based on user security requirements of the user equipment preset in the home subscriber server, service security requirements from the user equipment, security capability requirements supported by the user equipment, and At least one determination of the security capability requirements of the carrier network and the security requirements of the other end device of the end-to-end communication.
  • the session management network element obtains a protection key, and the protection key is used to protect the end-to-end communication, where the protection key is based on the security policy and the user equipment and the operator network.
  • the shared key is determined.
  • the session management network element sends the security policy and/or the protection key to the user equipment.
  • the session management network element sends the security policy and/or the protection key to the other end device of the end-to-end communication. It can be seen from the above process that the session management network element can configure the session protection key for the devices at both ends of the end-to-end communication, thereby improving the security of the end-to-end communication. Moreover, it has higher security than the existing method of segment encryption.
  • a second aspect of the present application discloses a session management network element comprising a communication component and a processor.
  • the communication component is configured to receive a request for end-to-end communication, the request for the end-to-end communication including an identification of the user equipment as one end of the end-to-end communication.
  • the processor is configured to obtain a security policy, where the security policy is based on user security requirements of the user equipment preset in the home subscriber server, service security requirements from the user equipment, security capability requirements supported by the user equipment, and operations.
  • At least one determination of a security capability requirement of the quotient network and a security requirement of the other end device of the end-to-end communication, and obtaining a protection key for protecting the end-to-end communication is determined according to the security policy and a shared key between the user equipment and the operator network.
  • the communication component is further configured to send the security policy and/or the protection key to the user equipment, and send the security policy and/or the protection secret to another end device of the end-to-end communication key.
  • the request for the end-to-end communication further includes: at least one of a network identifier and a service parameter. At least one of the network identification and the service parameters can be used for the generation of subsequent keys.
  • the acquiring the protection key includes: according to the security policy, the shared key, and The parameter derivation obtains the protection key, and the parameter includes at least one of an identifier of the user equipment, the network identifier, and the service parameter.
  • the method further includes: the session management network element to the operator
  • the policy control network element sends a security policy request, where the security policy request includes at least one of an identifier of the user equipment, the network identifier, and a service parameter, and the identifier of the user equipment, the network identifier, and the service parameter. At least one item is used by the policy control network element to identify the security policy.
  • the session management network element receives the security policy sent by the policy control network element of the operator.
  • the security policy request further includes: a security requirement set acquired by the session management network element in advance, where the security requirement set includes a user of the user equipment preset in the home user server At least one of a security requirement, a service security requirement from the user equipment, a security capability requirement supported by the user equipment, and a security requirement of the other end equipment of the end-to-end communication.
  • the method further includes: obtaining a preset preset in the home user server User security requirements of the user equipment at one end of the end-to-end communication, service security requirements from the user equipment, security capability requirements supported by the user equipment, security capability requirements from the operator network, and the end-to-end communication At least one of the security requirements of the other end device; according to the obtained user security requirement of the user equipment at one end of the end-to-end communication preset in the home subscriber server, service security requirements from the user equipment,
  • the security policy is determined by at least one of a security capability requirement supported by the user equipment, a security capability requirement from an operator network, and a security requirement of the other end device of the end-to-end communication.
  • the specific implementation manner of obtaining the user security requirement of the user equipment at the end of the end-to-end communication preset in the home subscriber server is: after receiving the request for the end-to-end communication, Sending a security requirement request to the network element of the carrier network to obtain a user security requirement of the user equipment preset in the home subscriber server, or acquiring the request from the end-to-end communication request A user security requirement of the user equipment preset in the user server.
  • the specific implementation manner of obtaining the service security requirement from the user equipment and the security capability requirement supported by the user equipment is: acquiring, from the request for the end-to-end communication, the The service security requirements of the user equipment and/or the security capability requirements supported by the user equipment.
  • the specific implementation manner of obtaining the security capability requirement from the carrier network is: sending a security requirement request to the policy control network element of the carrier network, where the security requirement request includes the user equipment And at least one of the identifier of the network.
  • the specific implementation manner of obtaining the security requirement of the other end device of the end-to-end communication is: sending a security requirement request to the policy control network element of the operator network. Receiving a policy of the operator network to control a security requirement of the other end device of the end-to-end communication sent by the network element. Or sending a security requirement request to the other end device of the end-to-end communication, and receiving a security requirement of the other end device of the end-to-end communication sent by the other end device of the end-to-end communication.
  • the security requirement request includes the identifier of the user equipment and At least one of the service parameters, the identifier of the user equipment and the at least one of the service parameters are used by the other end device for the end-to-end communication to find the security requirement of the other end device of the end-to-end communication .
  • the user security requirement of the user equipment at the end of the end-to-end communication, the service security requirement from the user equipment, and the security capability supported by the user equipment, which are preset in the home subscriber server are required.
  • the specific implementation manner of the security policy is determined according to at least one of a demand, a security capability requirement of the carrier network, and a security requirement of the other end device of the end-to-end communication: according to the preset in the home subscriber server
  • User security requirements of the user equipment at the end of the end-to-end communication, service security requirements from the user equipment, security capability requirements supported by the user equipment, security capability requirements from the operator network, and the end-to-end One of the security requirements of the other end of the communication device determines the security policy.
  • the security capability requirements of the quotient network and the security requirements of the other end device of the end-to-end communication, and the security policy is determined according to preset rules.
  • the method further includes: the session management network element according to the user
  • the configuration information or the node policy of the device, or the configuration information or the node policy of the user equipment is obtained from the local storage, or according to the security requirement of the service, the security requirement of the server side, the service type, the security capability of the user equipment, or the slicing policy.
  • the session management network element receives the node configuration parameter from the policy control network element of the operator, the node configuration parameter indicating the endpoint of the security protection In the user plane node UPF.
  • the UPF is a UPF of the visited public land mobile communication network VPLMN, the security capability requirement from the operator network is a security requirement of the gateway of the VPLMN; the UPF is a home public land mobile The UPF of the communication network HPLMN, the security capability requirement from the carrier network is the security requirement of the gateway of the HPLMN.
  • the content of the security requirement includes: an algorithm for security protection
  • the algorithm for the security protection includes an encryption algorithm and/or an integrity protection algorithm.
  • the content of the security requirement further includes: a length of a key and/or an update time of a key.
  • the format of the security requirement includes: a plurality of 8-bit bytes, the plurality of 8-bit bytes including any one of the following: an 8-bit byte for indicating an identifier of the security requirement, for An 8-bit byte representing the length of the content of the security requirement, an 8-bit byte indicating whether the security requirement requires an encryption algorithm, an 8-bit byte indicating whether the security requirement requires an integrity protection algorithm, and an encryption algorithm for indicating 8-bit byte of length, 8-bit byte used to indicate the length of the integrity protection algorithm, 8-bit byte used to indicate whether the key needs to be updated, 8-bit byte used to represent a specific encryption algorithm, An 8-bit byte used to represent a specific integrity protection algorithm.
  • the method further includes: receiving, by the key management center of the carrier network, sending The shared key.
  • the shared key is obtained locally.
  • acquiring the protection key includes: sending a key to the operator's key management center.
  • the request, the key request includes at least one of an identifier of the user equipment, the network identifier, the service parameter, and a security policy, an identifier of the user equipment, the network identifier, and the service parameter. At least one item is used by the key management center to determine the shared key. Receiving the protection key sent by the key management center.
  • the method further includes: the session management network element sends the network identifier to one end of the end-to-end communication; and/or, the session management network element communicates to the end-to-end The other end device sends the network identifier.
  • a third aspect of the present application provides a key configuration method, including the following steps: a key management center receives a key request, and determines a sharing between the user equipment and an operator network according to the identifier of the user equipment. a key, and a protection key for protecting the end-to-end communication in accordance with the security policy, the shared key, and the parameter.
  • the key management center sends the protection key to the user equipment, and sends the protection key to the other end device of the end-to-end communication.
  • the key request includes a security policy and a parameter
  • the parameter includes at least one of an identifier, a network identifier, and a service parameter of the user equipment that is one end of the end-to-end communication.
  • the security policy is based on user security requirements of the user equipment preset in the home subscriber server, service security requirements from the user equipment, security capability requirements supported by the user equipment, security capability requirements from an operator network, and At least one determination of the security requirements of the other end device of the end-to-end communication.
  • a fourth aspect of the present application provides a key management center including a communication component and a processor.
  • the communication component is configured to receive a key request, and the processor is configured to determine a shared key between the user equipment and the operator network according to the identifier of the user equipment, and according to the security policy, The shared key and the parameters generate a protection key.
  • the communication component is further configured to send the protection key to the user equipment, and send the protection key to the other end device of the end-to-end communication.
  • the parameter includes at least one of an identifier, a network identifier, and a service parameter of the user equipment as one end of the end-to-end communication; the security policy is based on user security requirements of the user equipment preset in the home subscriber server. At least one determination of a service security requirement from the user equipment, a security capability requirement supported by the user equipment, a security capability requirement from an operator network, and a security requirement of the other end device of the end-to-end communication.
  • the method further includes: the key management center to the operator The session management network element sends the protection key.
  • the shared key is a shared key between the user equipment and the operator network obtained after the user equipment and the operator network are authenticated in both directions.
  • a fifth aspect of the present application provides a key configuration method, including: a user equipment sends a request, where the request includes an identifier of the user equipment.
  • the user equipment receives a response, and the response carries a security policy, where the security policy is based on user security requirements of the user equipment preset in the home subscriber server, service security requirements from the user equipment, and the user equipment.
  • the user equipment acquires a protection key, where the protection key is used to protect the end-to-end communication, where the protection key is based on the security policy and between the user equipment and the carrier network. Shared key ok.
  • a sixth aspect of the present application provides a user equipment, including a communication component and a processor.
  • the communication component is configured to send a request, where the request includes an identifier of the user equipment. And receiving a response, the response carrying security Strategy.
  • the security policy is based on user security requirements of the user equipment preset in the home subscriber server, service security requirements from the user equipment, security capability requirements supported by the user equipment, security capability requirements from an operator network, and At least one determination of the security requirements of the other end device of the end-to-end communication.
  • the processor is configured to obtain a protection key, where the protection key is used to protect the end-to-end communication, where the protection key is based on the security policy and sharing between the user equipment and the operator network Key determination.
  • the specific implementation manner in which the user equipment sends a request is: the user equipment sends a service parameter and a security requirement set, where the security requirement set includes a service security requirement of the user equipment, and/or the Security capability requirements supported by user devices.
  • the request further includes:
  • the session ID, bearer ID, flow flow ID or slice ID generated by the user equipment.
  • the obtaining the protection key includes: obtaining the protection key according to the security policy, the shared key, and a parameter derivation, where the parameter includes an identifier of the user equipment, the network identifier And at least one of the business parameters.
  • the method before the obtaining the protection key according to the security policy, the shared key, and the parameter deduction, the method further includes receiving the shared key sent by the key management center of the operator. .
  • the shared key is obtained locally. Or obtaining a shared key between the user equipment and the operator network after the user equipment and the operator network are authenticated in both directions.
  • the method before the obtaining the protection key according to the security policy, the shared key, and the parameter deduction, the method further includes: receiving the network sent by the session management network element of the carrier network Logo.
  • the acquiring the protection key includes: the user equipment receiving the protection key sent by a key management center of the carrier network or a session management center.
  • a seventh aspect of the present application provides a security policy determining method, including: an operator's policy control network element receives a security policy request, where the security policy request includes user security of the user equipment preset in a home user server. At least one of a demand, a service security requirement from the user equipment, and a security capability requirement supported by the user equipment, the parameter including an identification, a network identifier, and a user equipment as one end of the end-to-end communication At least one of the business parameters.
  • the policy control network element generates and sends a security policy according to the security requirement set, where the security requirement set includes at least a user security requirement of the user equipment preset in the home subscriber server, and service security from the user equipment. At least one of a demand and a security capability requirement supported by the user equipment.
  • An eighth aspect of the present application provides a policy control network element, including: a communication component and a processor.
  • the communication component is configured to receive a security policy request, where the security policy request includes a user security requirement of the user equipment preset in the home subscriber server, a service security requirement from the user equipment, and a security capability supported by the user equipment.
  • the security policy request includes a user security requirement of the user equipment preset in the home subscriber server, a service security requirement from the user equipment, and a security capability supported by the user equipment.
  • At least one of the requirements and the parameter, the parameter comprising at least one of an identification, a network identification, and a service parameter of the user equipment as one end of the end-to-end communication.
  • the processor is configured to generate a security policy according to the security requirement set, where the security requirement set includes at least a user security requirement of the user equipment preset in the home subscriber server, a service security requirement from the user equipment, and the user At least one of the security capability requirements supported by the device.
  • the communication component is further configured to send the security policy.
  • the security requirement set further includes: at least one of a security capability requirement from the carrier network and a security requirement of the other end device of the end-to-end communication.
  • obtaining the security requirement of the operator network includes: acquiring the pre-stored security requirement of the operator network from the local after receiving the security policy request.
  • the security requirement of the other end device that obtains the end-to-end communication includes: receiving a security requirement of the other end device of the end-to-end communication sent by the session management network element. Or sending a security requirement request to the other end device of the end-to-end communication, and receiving a security requirement sent by the other end device of the end-to-end communication.
  • the security requirement request includes at least one of an identifier, a network identifier, and a service parameter of the user equipment, where at least one of an identifier, a network identifier, and a service parameter of the user equipment is used for the end-to-end communication.
  • the other end device marks the security requirements of the other end device of the end-to-end communication.
  • the generating the security policy according to the security requirement set includes: according to the user security requirement of the user equipment at one end of the end-to-end communication preset in the home subscriber server, the service from the user equipment
  • a security policy is determined by one of a security requirement, a security capability requirement supported by the user equipment, a security capability requirement from an operator network, and a security requirement of the other end device of the end-to-end communication.
  • the security capability requirements of the quotient network and the security requirements of the other end device of the end-to-end communication, and the security policy is determined according to preset rules.
  • the method before the generating the security policy according to the security requirement set, the method further includes: the policy control network element of the operator is obtained according to the configuration information or the node policy of the user equipment, or obtained from the local storage.
  • the configuration information of the user equipment or the node policy, or the security protection end point is determined by the user plane node UPF according to the security requirements of the service, the server side security requirement, the service type, the security capability of the user equipment, or the slicing policy.
  • the UPF is a UPF of the visited public land mobile communication network VPLMN, the security capability requirement from the operator network is a security requirement of the gateway of the VPLMN; the UPF is a home public land mobile The UPF of the communication network HPLMN, the security capability requirement from the carrier network is the security requirement of the gateway of the HPLMN.
  • the method before the generating the security policy according to the security requirement set, the method further includes: the policy control network element of the operator determines that the security protection endpoint is at a branching point or an uplink data classifier function ULCL;
  • the requirement set further includes: the branking point or the security requirement of the ULCL.
  • the content of the security requirement includes: an algorithm for security protection
  • the algorithm for the security protection includes an encryption algorithm and/or an integrity protection algorithm.
  • the content of the security requirement further includes: a length of a key and/or an update time of a key.
  • a ninth aspect of the present application provides a security policy determining method, including: a mobility management network element receiving a request of a user equipment, where the request of the user equipment includes the user equipment as one end of the end-to-end communication Logo.
  • the mobility management network element sends an end-to-end communication request, where the end-to-end communication request includes an identifier of the user equipment, and the end-to-end communication request is used to trigger establishment of a security session,
  • the security policy is based on at least one of user security requirements of the user equipment preset in the home server, service security requirements from the user equipment, security capability requirements supported by the user equipment, and security capability requirements from the operator network. Kind of determination.
  • a tenth aspect of the present application provides a mobility management network element including a communication component and a processor.
  • the communication component is configured to receive a request of the user equipment, where the request of the user equipment includes one of the end-to-end communications The identifier of the user equipment at the end. And sending a request for end-to-end communication, the request for the end-to-end communication includes an identifier of the user equipment, and the request for the end-to-end communication is used to trigger establishment of a security session, where the security policy is based on a home user At least one determination of a user security requirement of the user equipment preset in the server, a service security requirement from the user equipment, a security capability requirement supported by the user equipment, and a security capability requirement from an operator network.
  • the method before the mobility management network element sends the end-to-end communication request, the method further includes: the mobility management network element generating the network identifier.
  • the network identifier is also included in the request for the end-to-end communication.
  • the method further includes: obtaining, by the mobility management network element, a user identifier from a home subscriber server and a user security requirement of the user equipment preset in the home subscriber server. Acquiring the user security requirement of the user equipment preset in the home subscriber server according to the identifier of the user equipment in the request for the end-to-end communication.
  • the request for the end-to-end communication further includes: a user security requirement of the user equipment preset in the home subscriber server.
  • the request of the user equipment further includes: at least one of a service parameter, a service security requirement from the user equipment, and a security capability requirement supported by the user equipment.
  • the request for the end-to-end communication further includes: at least one of a service parameter, a service security requirement from the user equipment, and a security capability requirement supported by the user equipment.
  • the eleventh aspect of the present application provides a method for determining a security policy, including: receiving, by a home subscriber server, a security requirement request, where the security requirement request includes a user identifier, where the home subscriber server saves the The user security requirements of the user equipment are set.
  • the home subscriber server determines, according to the user identifier, a user security requirement of the user equipment preset in the home subscriber server.
  • the home user server sends the user security requirement of the user equipment preset in the home subscriber server, and the user security requirement of the user equipment preset in the home subscriber server is used to generate a security policy.
  • a twelfth aspect of the present application provides a home subscriber server, including: a memory for storing a user security requirement of the user equipment preset in the home subscriber server, and a security requirement request for receiving a user identifier And a communication component for determining a user security requirement of the user equipment preset in the home subscriber server according to the user identifier.
  • the communication component is further configured to send a user security requirement of the user equipment preset in the home subscriber server, where a user security requirement of the user equipment preset in the home subscriber server is used to generate a security policy.
  • a thirteenth aspect of the present application provides a key configuration method, comprising: a session management network element receiving a request for end-to-end communication, the request for the end-to-end communication being included as one end of the end-to-end communication An identifier of the user equipment; the session management network element obtains a security policy, where the security policy is based on a user security requirement of the user equipment preset in the home subscriber server, a service security requirement from the user equipment, and the user equipment At least one determination of a supported security capability requirement, a security capability requirement from an operator network, and a security requirement of the other end device of the end-to-end communication; the session management network element acquiring a first key, the first The key is used to protect the end-to-end communication, where the first key is determined according to the security policy and a shared key between the user equipment and the operator network; the session management network element Generating an encryption protection key and/or an integrity protection key according to the security policy and the first key, where the encryption protection key is used for the end The
  • a fourteenth aspect of the present application provides a mobility management network element, including:
  • a communication component for receiving an end-to-end communication request, the request for the end-to-end communication including an identification of a user equipment as one end of the end-to-end communication.
  • a processor configured to obtain a security policy, where the security policy is based on a user security requirement of the user equipment preset in the home subscriber server, a service security requirement from the user equipment, and a security capability requirement supported by the user equipment, At least one determination of a security capability requirement from an operator network and a security requirement of the other end device of the end-to-end communication; and obtaining a first key for the end-to-end
  • the communication is protected, the first key is determined according to the security policy and a shared key between the user equipment and the operator network; and the encryption is generated according to the security policy and the first key a protection key and/or an integrity protection key for confidentiality protection of the end-to-end communication, the integrity protection key being used to complete the end-to-end communication Sex.
  • the communication component is further configured to: send the security policy to
  • the session management network element sends the first key to the user equipment, so that the user equipment generates the encryption protection secret according to the security policy and the first key. Key and/or the integrity protection key.
  • the method further includes: the session management network element sending the encryption protection key and/or the integrity protection key to the user equipment.
  • a fifteenth aspect of the present application provides a key configuration method, including: a user equipment sends a request, where the request includes an identifier of the user equipment; the user equipment receives a response, where the response carries a security policy,
  • the security policy is based on user security requirements of the user equipment preset in the home subscriber server, service security requirements from the user equipment, security capability requirements supported by the user equipment, security capability requirements from the operator network, and the At least one determination of a security requirement of the other end device of the end-to-end communication; the user device acquiring an encryption protection key and/or an integrity protection key, the encryption protection key being used for the end-to-end communication Confidentiality protection is performed, which is used to integrity the end-to-end communication.
  • the sixteenth aspect of the present application provides a user equipment, including:
  • a communication component configured to send a request, where the request includes an identifier of the user equipment, and receiving a response, where the response carries a security policy, where the security policy is based on the user equipment preset in the home subscriber server At least one of a user security requirement, a service security requirement from the user equipment, a security capability requirement supported by the user equipment, a security capability requirement from an operator network, and a security requirement of the other end device of the end-to-end communication determine. And a processor for obtaining an encryption protection key and/or an integrity protection key.
  • the acquiring, by the user equipment, the encryption protection key and/or the integrity protection key includes: acquiring, by the user equipment, a first key, where the first key is according to the security policy and the user
  • the shared key between the device and the carrier network determines that an encryption protection key and/or an integrity protection key is generated according to the security policy and the first key.
  • the acquiring, by the user equipment, the encryption protection key and/or the integrity protection key comprises: receiving, by the user equipment, an encryption protection key and/or an integrity protection key.
  • the seventeenth aspect of the present application provides a security policy determining method, including: an operator's policy control network element or a mobility management network element determines an endpoint of security protection; and the security protection endpoint is a user plane node.
  • the policy control network element or the mobility management network element is based on user security requirements of the user equipment preset in the home subscriber server, service security requirements from the user equipment, and supported by the user equipment.
  • the policy control network element or the mobility management network element is based on user security requirements of the user equipment preset in the home subscriber server, service security requirements from the user equipment, and the user equipment support. At least one of the security capability requirements and the security requirements of the other devices generate security policies.
  • Other equipment includes a branching point or ULCL.
  • the eighteenth aspect of the present application provides a policy control network element or a mobility management network element, including: a processor, configured to determine an endpoint of security protection, where the endpoint of the security protection is a user plane node UPF In the case of at least one of the user security requirements of the user equipment preset in the home subscriber server, the service security requirements from the user equipment, and the security capability requirements supported by the user equipment, and from the carrier network.
  • At least one of a security capability requirement and a security requirement of the other end device of the end-to-end communication generates a security policy; in case the endpoint of the security protection is another device, according to a preset in the home subscriber server
  • a security policy is generated by at least one of a user security requirement of the user equipment, a service security requirement from the user equipment, and a security capability requirement supported by the user equipment, and a security requirement of the other device, where the other device includes Branching point or ULCL.
  • the determining the endpoint of the security protection comprises: obtaining, according to configuration information or a node policy of the user equipment from other functional network elements of the network of the operator, or obtaining the The configuration information of the user equipment or the node policy, or the security protection end point according to the security requirements of the received service, or the security requirements, service type or slicing policy of the server side.
  • the UPF is a UPF of the visited public land mobile communication network VPLMN, the security capability requirement from the operator network is a security requirement of the gateway of the VPLMN; the UPF is a home public land mobile The UPF of the communication network HPLMN, the security capability requirement from the carrier network is the security requirement of the gateway of the HPLMN.
  • 1 is a schematic diagram of a network architecture of future mobile communications
  • FIG. 2 is a flowchart of a method for determining a security policy disclosed in an embodiment of the present application
  • FIG. 3 is a flowchart of still another method for determining a security policy according to an embodiment of the present application
  • FIG. 4 is a flowchart of still another method for determining a security policy according to an embodiment of the present application.
  • FIG. 5 is a flowchart of still another method for determining a security policy according to an embodiment of the present application
  • FIG. 6 is a flowchart of still another method for determining a security policy according to an embodiment of the present application.
  • FIG. 7 is a flowchart of still another method for determining a security policy according to an embodiment of the present application.
  • FIG. 8 is a flowchart of a key configuration method according to an embodiment of the present disclosure.
  • FIG. 9 is a flowchart of still another method for configuring a key according to an embodiment of the present application.
  • FIG. 10 is a flowchart of still another method for configuring a key according to an embodiment of the present application.
  • FIG. 11 is a flowchart of still another method for configuring a key according to an embodiment of the present application.
  • FIG. 12 is a flowchart of still another method for configuring a key according to an embodiment of the present application.
  • FIG. 13 is a flowchart of still another method for configuring a key according to an embodiment of the present application.
  • FIG. 14 is a flowchart of still another method for configuring a key according to an embodiment of the present application.
  • FIG. 15 is a flowchart of still another method for configuring a key according to an embodiment of the present application.
  • 16(a) and 16(b) are schematic views of a scene of branching
  • FIG. 17 is a schematic diagram of a scenario in which a session link is a UE-AN-UPF (ULCL)-UPF (anchor);
  • ULCL UE-AN-UPF
  • anchor anchor
  • FIG. 18 is a schematic diagram of a Home-routed roaming scenario
  • FIG. 19 is a schematic structural diagram of a session management network element according to an embodiment of the present disclosure.
  • FIG. 20 is a schematic structural diagram of a user equipment according to an embodiment of the present disclosure.
  • Figure 1 shows the network architecture of future mobile communications. among them:
  • the user equipment is a logical entity, and may specifically include:
  • Intelligent devices such as mobile phones, smart terminals and other terminal devices, or communication devices such as servers, gateways, base stations, controllers, or Internet of Things (IoT) devices, such as sensors, meters, water meters, etc.
  • IoT Internet of Things
  • the UE accesses the carrier network through an access network (English: Access Network, AN).
  • an access network English: Access Network, AN.
  • the carrier network includes:
  • Mobility Management (MM) network element Mobility Management (MM) network element.
  • Session management network element (English: Session Management, SM), used to perform session, slice, flow flow or bearer establishment and management.
  • An authentication unit (English: Authentication Unit, or Authentication Function, AU or AF) is used to perform mutual authentication with the UE.
  • the AU can be deployed as a separate logical function entity or in the MM or SM. That is, the MM or SM plays the role of the AU.
  • the server node of the operator, or the home subscriber server including the AAA server of the operator (English: Authentication, Authorization, Accounting server, authentication, authorization, and accounting server), or Home Subscriber Server (HSS), or authentication. Center (English: Authentication Centre, AuC) server, or user registration information center (English: subscriber repository).
  • AAA stores authentication information and user information for each UE, such as authentication root density. Key, security algorithm, user registration information, etc.
  • KMS Key Management System
  • the Key Management System is responsible for key generation, management, and negotiation, and supports lawful interception.
  • the KMS can be deployed as a separate logical function entity or in the AU, MM or SM, ie the AU, MM or SM plays the role of KMS.
  • the gateway also known as User Plane-Gateway (UP-GW)
  • UP-GW User Plane-Gateway
  • DN Data Network
  • the AN can also be connected to the DN via GW.
  • DN server including application server or business server. It can be deployed inside the carrier network or outside the carrier network.
  • the MM, the AU, and the SM may be deployed separately, or may be integrated into one entity at least two or two.
  • SM and MM are deployed in one entity, AU is deployed separately; or SM and AU are deployed in one entity, and MM is deployed separately.
  • a key configuration apparatus is added to the architecture shown in FIG.
  • Both the UE1 and the gateway (or DN server, or UE2) of the end-to-end communication configure a protection key so that both parties can encrypt the communication using the protection key.
  • the key configuration apparatus includes: a security policy determination module and a key configuration module.
  • the security policy determining module is configured to ensure security requirements of one end (ie, UE1) of the end-to-end communication, security requirements of the other end of the end-to-end communication (ie, the DN server or the UE2), and security of the carrier network (ie, the gateway). At least one of the requirements to determine the security policy.
  • the key configuration module is configured to use the shared key and the security policy between the end of the end-to-end communication (ie, UE1) and the network element (such as AU, KMS, SM, or MM) of the carrier network, and configured for the protection end ( That is, the protection key of the communication of the UE1) to the end (ie, the DN server or the UE2).
  • the shared key may be a shared key preset between the UE and the operator's network element (for example, AU, KMS, SM, or MM); or may be a network element of the UE and the operator network (for example, AU, KMS)
  • the shared key is obtained, and the shared key is sent to other network elements.
  • the shared key is obtained; the AU sends the shared key to the KMS, SM or MM; or the UE and the KMS (SM or MM) perform the authentication, and then send the shared key to the Other network elements.
  • the shared key obtained after authentication includes but is not limited to at least one of CK, IK, and Kasme.
  • the shared key includes but is not limited to the authenticated key form in LTE, and includes other authentication methods, such as certificate-based, identity-based, user-based password, and the like; and the shared key is obtained based on the authentication.
  • the security requirement of the UE1 at the end of the end-to-end communication includes the user security requirement of the UE1 preset in the HSS (for the convenience of the following description, in the embodiment of the present application, referred to as security requirement 1 for short), the service security requirement from the UE1. (referred to as security requirement 2) and the security capability requirements supported by the UE (referred to as security requirement 5), for example, the UE only supports the ZUC algorithm.
  • Security requirement 1 is a user security requirement preset in the HSS. It exists in the user's subscription data and can be stored as a single parameter or as part of the user QoS (Quality of Service) in the HSS.
  • Security requirement 2 is sent by the UE to the carrier network when UE1 initiates a communication request.
  • the security requirements of the carrier network include the security capability requirements from the carrier network (gateway side).
  • the security requirement 3 it is stored in the Policy control network element, and may be stored as a parameter separately, or may be part of the QoS in the Policy control, or may be stored in the SM network element.
  • the other end of the end-to-end communication that is, the security requirement of the DN server (or UE2) (referred to as security requirement 4) is: when the UE1 establishes the communication or the DN server (or UE2) triggers the establishment of the communication, some scenarios require the DN server or the UE2. Participation, the DN server or UE2 will propose security protection requirements, such as the requirement to use the ZUC security algorithm.
  • AF application function network element
  • PCF Policy Control Function
  • the content of the security requirement includes: an algorithm for security protection, and optionally, a key length and a key update time (for example, 6 hours, 12 hours, 1 day, 2 days, January, 1 year, etc.).
  • a key length and a key update time for example, 6 hours, 12 hours, 1 day, 2 days, January, 1 year, etc.
  • the security protection algorithm includes an encryption algorithm and/or an integrity protection algorithm.
  • the encryption algorithm is used to specify which encryption algorithm, including but not limited to null (an empty algorithm, indicating no encryption), AES, Snow 3G or ZUC, is used for encryption protection.
  • the integrity protection algorithm is used to specify which integrity protection algorithm, including but not limited to null (empty algorithm, means no integrity protection), AES, Snow 3G, ZUC, HMAC, CMAC, for integrity protection.
  • An algorithm that may be secure in a security requirement includes multiple encryption algorithms and/or multiple integrity protection algorithms; in this case, the security requirements also include prioritization of the algorithm, ie indicating which algorithm to use preferentially.
  • the length of the protection key includes 64, 128, 256, or 512 bits, and the like.
  • the first possibility is that the security requirement contains only one protection key length, and the subsequent encryption and integrity protection have the same protection key length, which is the protection key length defined in the security requirement.
  • the second possibility is that the security requirements include two protection key lengths, one for specifying the length of the encryption key and one for specifying the length of the integrity protection key.
  • Any of the above security requirements specifically includes the following information: whether the encryption algorithm, the length of the encryption key, the integrity protection algorithm, the length of the integrity protection key, whether the key needs to be updated, and at least one of the updated periods are required. .
  • security requirements or security policies is whether to include encryption, integrity protection, and possibly key length, or key update time.
  • the finalized security policy also includes encryption, integrity protection, and may include the length of the key or the update time of the key.
  • Another possibility for security requirements or security policies is to include integrity protection; it may also include encryption, key length, or key update time.
  • the finalized security policy also includes integrity protection; it may also include encryption, key length, or key update time.
  • Another possibility for security requirements or security policies is whether to include encryption; it may also include integrity protection, key length, or key update time.
  • the finalized security policy also includes whether to encrypt; it may also include integrity protection, key length, or key update time.
  • EA represents the encryption algorithm encryptionalgorithm.
  • IA stands for integrity control algorithm integrity algorithm.
  • Security requirement IEI indicates the identity of the security requirement.
  • Length of security requirement contents indicates the length of the security requirement content.
  • the security requirement consists of five octets, which are used to indicate the identity of the security requirement, and octet 2 is used to indicate the length of the content of the security requirement.
  • 8-bit byte 3 is used to indicate whether the encryption algorithm and the length of the encryption key are required, wherein the highest bit value of 8-bit byte 3 is used to indicate whether an encryption algorithm is required, 0 means no encryption algorithm is required, and 1 means encryption is required. algorithm.
  • the remaining 7 bits can respectively indicate the length of the encryption key. For example, in Table 1, the next highest bit indicates that the length of the encryption key is 128, and the following bits can indicate that the length of the encryption key is 256, etc. (only in Table 1) Two examples of 128 and 256 are given, and other lengths can be set according to actual needs).
  • a value of 0 indicating a length of the encryption key indicates a length not represented by the bit, and a value of 1 indicates a length represented by the bit. If there are multiple bits representing the length of the encryption key, the value of the bit is 1, indicating that the security requirement supports multiple lengths of encryption keys.
  • 8-bit byte 4 is used to indicate whether the integrity protection algorithm and the length of the integrity protection key are required, where the highest bit value of the 8-bit byte is used to indicate whether an integrity protection algorithm is required, and 0 means no integrity is required. Protection algorithm, 1 indicates that an integrity protection algorithm is required. The remaining 7 bits can respectively represent the length of the integrity protection key. For example, in Table 1, the next highest bit indicates that the integrity protection key has a length of 128, and the following bits can respectively indicate that the integrity protection key has a length of 256. Etc. (only two examples of 128 and 256 are given in Table 1, and other lengths can be set according to actual needs).
  • a value of 0 indicating the length of the integrity protection key indicates that the length represented by the bit is not used, and a value of 1 indicates the length represented by the bit. If there are multiple bits representing the length of the integrity protection key, the value of the bit is 1, indicating that the security requirement supports multiple lengths of integrity protection keys.
  • 8-bit byte 5 is optional and is used to indicate whether the key needs to be updated and the period of the update.
  • the value of the highest bit of the octet 5 is used to indicate whether an update is needed, 0 means no update is required, and 1 means update is required.
  • the remaining 7 bits can respectively indicate the update period. For example, in Table 1, the next highest bit indicates that the update period is 24 hours, and the following bits can indicate that the update period is 48 hours, etc. (only 24 hours are given in Table 1) And 48 hours two examples, other cycles can be set according to actual needs).
  • a value of 0 indicating a period of the updated period indicates that the period is not employed, and a period of 1 indicates that the period is employed. If there are multiple bits representing the updated period, the value of the bit is 1, indicating that the security requirement supports multiple update cycles.
  • the examples in the tables are not limited.
  • the 6th and 7th of the 3rd octet in Table 1 indicate the length of the encryption key.
  • the length of the encryption key can also be used in the 3rd octet.
  • the other bits represent, and are not limited to, the 7th and 6th bits of the 3rd octet.
  • the bytes other than the 7th and 6th bits of the 4th octet in Table 1 can also be used to indicate the length of the integrity protection key.
  • Table 2 differs from Table 1 in that the highest bit of the 8-bit byte 3 to the 8-bit byte 5 is represented by a null, and if the value is 1, it represents a null algorithm, that is, it is not required. For example, a value of 1 for the most significant bit of octet 3 indicates that no encryption calculation is required, and a value of 0 indicates that encryption calculation is required (or the meaning of the value is reversed). It is also possible that the highest bit of octet 3 and octet 4 represents a key length of length 0, and a value of 1 means no encryption is required.
  • EEA0 represents an Evolved Packet System (EPS) encryption algorithm 0, where EEA represents an EPS encryption algorithm, that is, an EPS encryption algorithm, and EIA0 represents an EPS integrity protection algorithm 0, where EIA represents an EPS integrity algorithm, That is EPS integrity algorithm.
  • EPS Evolved Packet System
  • UEA0 represents a Universal Mobile Telecommunication System (UMTS) encryption algorithm 0, where UEA stands for UMTS encryption algorithm, ie UMTS encryptionalgorithm.
  • UEA0 represents UMTS integrity algorithm 0, where UIA stands for UMTS integrity algorithm, ie UMTS integrity algorithm.
  • GEA stands for General Packet Radio Service (GPRS) encryption algorithm, ie GPRS encryption algorithm.
  • GPRS General Packet Radio Service
  • bytes 5-6 are optional.
  • bytes 5-6 are optional.
  • Table 3 differs from Table 1 and Table 2 in that Tables 1 and 2 show at least one of encryption, key length, and length of time.
  • the specific supported security algorithms are given in Table 3.
  • Table 4 The difference between Table 4 and Table 3 is that 8-bit bytes 8-10 are added on the basis of Table 3.
  • the definition of 8-bit bytes 8-10 can be referred to Table 1.
  • the definition of 8-bit bytes 3-7 can be referred to Table 4.
  • the other 8-bit byte 8-10 can be replaced with the function of 8-bit byte 3-5 in Table 2.
  • the function description of 8-bit byte 3-5 is shown in Table 2.
  • Table 5 differs from Table 3 in that the encryption algorithm and integrity protection algorithm for the next generation communication are added in Table 5.
  • NEA0 represents the next generation communication encryption algorithm 0, wherein NEA stands for Next generation encryption algorithm, ie, Next generation encryption algorithm, and NIA0 represents next generation integrity protection algorithm 0, where NIA stands for Next generation integrity algorithm, ie, Next generation integrity algorithm.
  • Tables 1 to 5 are only examples of the security requirement format.
  • the security requirements may also include the priority of the security requirement (in the specific format, represented by the value of the bit), or At least one of the above is included in the security requirements.
  • security endpoints may also include security endpoint selection. That is, a new byte is added, where one bit represents the user plane protection termination point at the access network node or the core network user plane function node.
  • the two requirements for the above-mentioned service security requirements and/or server-side security requirements can also reflect whether the upper layer of the service is encrypted. For example, it is possible to complete the feature of encryption by adding a byte in the above representation.
  • the protection of the end-to-end communication described in the present application includes end-to-end protection of the session, and also includes end-to-end protection based on slices, flow flow or bearing bearer.
  • the protection of the end-to-end session will be described as an example. Since UE2 is not included in the following figures, the UEs described below are all UE1.
  • the security policy determination module may be configured in the UE1, the network element of the carrier network (for example, AN, MM, AU, KMS, AAA, SM, Policy control network element), the gateway, and the DN network element (for example, the DN server) shown in FIG. ), or in UE2.
  • the determination of the security policy may be performed during the UE attaching to the network, or after the UE is attached to the network.
  • the following is an example of the security policy determination module setting in the Policy control network element and the security policy determination module setting in the SM.
  • FIG. 2 shows the process of determining the security policy of the Policy control network element (that is, the security policy determination module is set in the Policy control network element), including the following steps:
  • the AU obtains the security requirement 1 from the AAA.
  • the home subscriber server receives the security requirement request of the AU, including the user identifier, determines the security requirement 1 according to the user identifier, and sends the security requirement 1 to the AU.
  • the MM generates a network identifier (Identity, ID), such as a session ID, and initiates a session request to the SM.
  • ID network identifier
  • the session request includes:
  • UE ID used for network identification users, including but not limited to IMEI, International Mobile Subscriber Identity (IMSI), IP Multimedia Private Identity (IMPI), TMSI, IP Multimedia Public Identity (IP Multimedia Public Identity, IMPU), at least one of the user's App ID, MAC address, IP address, mobile number, and GUTI.
  • IMEI International Mobile Subscriber Identity
  • IMPI IP Multimedia Private Identity
  • TMSI IP Multimedia Public Identity
  • IP Multimedia Public Identity IP Multimedia Public Identity
  • App ID MAC address
  • IP address IP address
  • mobile number mobile number
  • GUTI IP Multimedia Public Identity
  • Network ID used by the network to identify the user's process (such as slice, bearer, session or flow flow), including but not limited to session ID, bearer ID, flow flow ID, slice ID, PLMN ID One.
  • Service parameters (optional): used to identify the user's service or application, and related service characteristics, including: service ID, APP ID, server server ID, serial number SN in the service, timestamp and fresh parameters (Freshparameter1) At least one of them.
  • the foregoing UE ID and/or service parameter may be obtained by the MM from an access message sent by the UE to the MM, or obtained directly from the AU or AAA, where the AU or AAA is accessed from the UE to the network. Obtained in the message.
  • MM may also obtain security requirements directly from AAA1.
  • the security requirement 2 and/or the security requirement 5 may also be sent to the network; at this time, the session request sent by the MM also includes the security requirement 2 and/or the security requirement 5.
  • the SM After receiving the session request, the SM sends the security requirement 1, and may also include the UE ID and the network ID (for example, the session ID) to the Policy control network element.
  • the SM may send the security requirement 1 in the policy request message to the Policy control network element.
  • the request message may further include at least one of a UE ID and a network ID.
  • the security requirement 2 and/or the security requirement 5 are sent to the policy control.
  • the Policy control network element obtains at least one of the pre-stored security requirements 3, or security requirement 1, security requirement 2, security requirement 3, and security requirement 5, and determines the security policy according to security requirement 1 and security requirement 3.
  • the security policy is determined according to the following preset rules: the security policy is determined according to the content of one or more security requirements. If the security policy is determined based only on the content of a security requirement, the content of the security policy is the same as the content of this security requirement. If you determine your security policy based on the content of multiple security requirements, you can follow these guidelines:
  • the protection key length is 64
  • the protection key length in the content of security requirement 2 is 128, and the protection key length of the security policy is 128.
  • the security policy is determined, that is, the more resource-saving content of the content of multiple security requirements is used as the content of the security policy.
  • the content of each security requirement includes an encryption algorithm
  • the integrity protection algorithm of the content of some security requirements is null
  • the content of the security policy includes an encryption algorithm, and does not include an integrity protection algorithm
  • the security policy is determined by following the priority of security requirements. That is, if the priority of the algorithm is specified in a security requirement, the priority of the algorithm is used as the basis for the negotiation of the security algorithm; the final algorithm selected is an algorithm supported by all security requirements, and the algorithm has the highest priority as the highest priority. The content of the security policy.
  • the security policy is negotiated. For example, according to the priority of several encryption algorithms specified in security requirement 2, according to the priority specification, determine which encryption is used in the security policy. algorithm.
  • multiple security requirements specify the priority of the algorithm.
  • the algorithm priority of a security requirement may be dominant.
  • the priority according to security requirement 2 is the primary priority.
  • the manner in which the security policy is determined above is also applicable to security requirements that only include integrity protection, or whether encryption, or integrity protection and encryption.
  • the Policy control NE sends a security policy to the SM.
  • the Policy control NE carries the security policy in the response message.
  • the network ID may be generated by the SM instead of the MM, for example, the session ID, that is, after the SM receives the session request sent by the MM, the SM generates Network ID, such as session ID.
  • FIG. 3 is still another security policy determining process.
  • the SM controls the network element in addition to the network ID and security requirement 1 (and possibly the UE ID).
  • Send a service parameter such as at least one of a service ID and an APP ID.
  • the Policy control network element sends a security requirement request to the DN server or UE2 (not shown in FIG. 3), where the security requirement request includes the UE ID and the service parameter (such as the service ID or the APP ID). At least one.
  • the Policy control NE receives the DN server, or the security requirement 4 fed back by UE2.
  • the Policy control NE determines the security policy based on security requirements 1, security requirements 3, and security requirements 4.
  • the security request can be sent by the SM to the DN server or the UE2; and the DN server or the security requirement 4 fed back by the UE2 is received, and then the security requirement 4 is sent by the SM to the Policy control network element.
  • the SM may first obtain the security requirement 4, and then send the security requirement 2 and the security requirement 4 to the Policy control network element.
  • steps 1 to 2 are processes for the SM to obtain security requirements 1 and various identifiers and parameters.
  • the network elements of the carrier network may use other methods to implement security requirements 1 and The identification and parameters are transmitted to the SM:
  • the AU obtains the security requirement 1 pre-stored in the AAA from the AAA.
  • the AU does not pass the MM but sends a session request directly to the SM.
  • the specific content of the session request is shown in FIG. 2 or FIG. 3, and details are not described herein again.
  • the SM receives the session request sent by the AN, the AU, or the MM, and the session request includes at least one of a UE ID, a network identifier, and a service parameter.
  • the SM obtains the pre-stored security requirement 1 locally according to the UE ID.
  • the third type is the third type.
  • the SM receives the session request sent by the AN, the AU, or the MM, and the session request includes at least one of a UE ID, a network identifier, and a service parameter.
  • the SM obtains the pre-stored security requirement 1 from AAA, MM or AU.
  • security requirement 1 can also be pre-stored in other network elements in FIG. Since AAA is currently used to store user registration information, the advantage of pre-storing security requirement 1 in AAA is that it is more secure and facilitates unified management.
  • the security requirement 3 can also be pre-stored in other network elements in FIG. Because the policy control network element is used for the QoS negotiation in the current (for example, LTE) network architecture, the security requirement 3 is pre-stored in the policy control network element, which is beneficial to the security policy determination scheme of the present embodiment.
  • the strategy determines that the process is logically compatible.
  • the execution manner of the HSS may refer to the flow shown in FIG. 2, and details are not described herein again.
  • FIG. 4 is still another security policy determining process.
  • the difference compared with FIG. 2 or FIG. 3 is that UE1 initiates a session request after the UE attaches to the network.
  • UE1 can provide security requirement 2 and/or security.
  • Requirement 5 so that the Policy control network element determines the security policy based on more security requirements.
  • Figure 6 includes the following steps:
  • the UE After the UE is attached to the network, the UE initiates a session request to the MM, where the session request includes: a UE ID and a security requirement, and optionally, a network ID and/or a service parameter.
  • security requirements include security requirements 2 and/or security requirements 5.
  • the specific contents of the UE ID, the security requirement, the network ID, and the service parameters are as described above, and are not described here.
  • the security request 2 and/or the security requirement 5 may also be carried in the access request sent by the UE.
  • the security requirement 1 is stored in the MM.
  • the MM After receiving the session request, the MM generates a network ID (for example, a session ID), and the MM sends a session request to the SM.
  • the session request includes security requirements 1, security requirements 2 and/or security requirements 5, UE ID, network ID, and may also include service parameters.
  • the SM After receiving the session request, the SM sends the security requirement 1, the security requirement 2, and/or the security requirement 5, and may also include the UE ID and the network ID (for example, the session ID) to the Policy control network element.
  • the Policy control NE determines the security policy based on the security requirements sent by the SM and the pre-stored security requirements. The specific rules for determining the security policy are as described above and will not be described here.
  • the Policy control NE sends the security policy to the SM.
  • the session request sent by the UE1 may not include the network ID.
  • the MM After receiving the session request of the UE1, the MM generates a network ID and sends it to the SM. .
  • the network ID may be generated by the SM instead of the MM.
  • the SM After the SM receives the session request sent by the MM, the SM generates a network ID, such as a session ID.
  • the UE directly sends the session request to the SM.
  • the manner in which the SM obtains the security requirement 1 can refer to the previous acquisition process.
  • FIG. 5 is still another security policy determining process.
  • the acquisition process of the security requirement 4 is added.
  • the SM receives the UE ID, the network ID, and the security requirements.
  • service parameters such as at least one of a service ID and an APP ID, are also sent to the Policy control network element.
  • the policy control network element After obtaining the security requirement sent by the SM, the policy control network element sends a security requirement request to the DN server or the UE2, where the security requirement request includes at least one of the UE ID and the APP ID.
  • the Policy control NE receives the DN server, or the security requirement 4 fed back by UE2.
  • the Policy control NE determines the security policy based on the security requirements and security requirements sent by the SM.
  • the security request may be sent by the SM to the DN server or the UE2, and the DN server or the security requirement 4 fed back by the UE2 may be received, and then the security requirement 4 is sent by the SM to the Policy control network element.
  • the specific manner for the SM to obtain and send the security requirement 4 to the Policy control network element can be seen in FIG. 4, and details are not described herein again.
  • the SM receives a session request sent by the AN, AU, or MM, and the session request is as shown in FIG. 4 or FIG. 5.
  • the SM obtains the pre-stored security requirement 1 locally according to the UE ID.
  • the SM receives the session request sent by the AN, AU, or MM, and the session request request is as shown in FIG. 4 or FIG. 5.
  • the SM obtains the pre-stored security requirement 1 from AAA, MM or AU.
  • the above examples are all processes in which the Policy control network element determines the security policy according to each security requirement.
  • the security policy determination module can also be set in the SM.
  • the process of the SM to determine the security policy according to the security requirements the process of obtaining the security requirement 1, the security requirement 2 and/or the 5, the UE ID, the network ID, and the service parameter of the SM may be referred to FIG. 2 to FIG. 5 , and details are not described herein again.
  • the SM can obtain the security requirement 4 by using the method of FIG. 2 to FIG. 5, or obtain the security requirement 4 by the Policy control network element in the manner of FIG. 2 to FIG. 5, and then receive the security requirement 4 sent by the Policy control network element.
  • the SM may send a security requirement request (including at least one of a UE ID, a network ID, or a service parameter) to the Policy control network element to obtain the security requirement 3 from the Policy control network element.
  • Figure 6 to Figure 7 are only examples of SM's security policy. None is exhausted here.
  • both the Policy control NE and the SM determine the security policy based on at least two security requirements.
  • security policies can also be determined according to a security requirement: receiving at least one security requirement, but only using some of them to determine the security policy, or receiving at least one security policy, determining security based on all received security requirements. Strategy.
  • the embodiments of the present application are not limited.
  • the session ID, bearer ID, flow flow ID or slice ID in the network ID are all determined by the operator.
  • Network elements of the network such as AN, MM, AU, KMS, AAA, SM, or Policy control network elements are generated.
  • the session ID, the bearer ID, the flow flow ID, or the slice ID may also be generated by the UE1, and carried in the attach request or the session request sent by the UE1 to the operator network, and sent to the network element in the operator network.
  • AN, MM, AU, KMS, AAA, SM or Policy control network element For example, in FIG.
  • the UE1 sends an attach request message carrying the session ID, the bearer ID, the flow flow ID, or the slice ID to the carrier network (the process belonging to the UE1 attaching to the carrier network).
  • the callback request sent by the UE1 to the MM further carries a session ID, a bearer ID, a flow flow ID, or a slice ID.
  • the network element in the carrier network such as an AN, MM, AU, KMS, AAA, SM or Policy control network element , will not generate session ID, bearer ID, stream flow ID or slice ID.
  • the key configuration module may be configured in the UE1, the network element of the carrier network (for example, AN, MM, AU, KMS, AAA, SM, Policy control network element), the gateway, the network element of the DN (for example, the DN server), or the UE2.
  • the producer of the protection key needs to obtain the security policy and the shared key K to calculate the protection key, and distribute the protection key to other network elements such as the UE, the gateway (or the DN server, or the UE 2).
  • the protection key generation party may send the protection key to the KMS, and the KMS sends the protection key to the UE, the gateway (or the DN server, or the UE2) and other network elements, or directly distribute the protection key to the UE and the gateway. (or DN server, or UE2) and other network elements.
  • the following is an example of setting one or more of the SM, KMS, or UE with the key configuration module.
  • FIG 8 includes the following specific steps:
  • the SM sends a key request message to the KMS.
  • the key request message includes: a UE ID and a security policy, and optionally, a network ID and/or a service parameter.
  • the specific contents of the UE ID, the security requirement, the network ID, and the service parameters are as described above, and are not described here.
  • the KMS calculates the protection key according to the security policy and the shared key K.
  • the protection key is used to protect the session between the UE and the gateway (or DN server, or UE2).
  • the shared key K between the KMS and the UE may be allocated to the UE and the KMS in the process of establishing the context between the UE accessing the network and the MM, or may be allocated to the UE and the KMS in the two-way authentication process or after the two-way authentication process; It may be preset inside the UE and KMS.
  • a protection key may be calculated according to the security policy, and may be used for encryption and/or integrity protection, or may be separately calculated. Encryption protection key and integrity protection key.
  • K SID KDF (K, (UE ID, session ID, bearer ID, flow ID, slice ID, PLMN ID, service parameter, at least one of nonce), policy set).
  • K SID KDF (K, (UE ID, Session ID, Bearer ID, Flow ID, Slice ID, PLMN ID, Service Parameter, at least one of nonce)).
  • K SID_enc KDF (K SID , encryption algorithm ID, (UE ID, session ID, bearer ID, flow ID, slice ID, PLMN ID, service parameter, at least one of nonce)).
  • K SID_enc KDF (K SID , encrypted identity, (UE ID, session ID, bearer ID, flow ID, slice ID, PLMN ID, service parameter, at least one of nonce)).
  • K SID_enc KDF (K SID , Encryption Algorithm ID).
  • the policy set is a security policy
  • K is a shared key between the UE and the KMS.
  • the encryption identifier can be a string that identifies the result of this derivation as an encryption key.
  • the nonce is a random parameter, which can be selected by the KMS, or carried by the UE in the session request. The purpose of using the random number calculation is to improve the security and randomness of the key.
  • the integrity protection key K SID_int is:
  • K SID_int KDF (K SID , integrity protection algorithm ID).
  • K SID_enc KDF (K SID , integrity protection identifier, (UE ID, session ID, bearer ID, flow ID, slice ID, PLMN ID, service parameter, at least one of nonce)).
  • K SID_int KDF (K SID , integrity protection algorithm ID, (UE ID, session ID, bearer ID, flow ID, slice ID, PLMN ID, service parameter, at least one of nonce)).
  • the integrity protection identifier can be a string that identifies the result of this derivation as an integrity protection key.
  • the above KDF is a key derivation function, including but not limited to the following cryptographic derivation functions: HMAC (such as HMAC-SHA256, HMAC-SHA1), NMAC, CMAC, OMAC, CBC-MAC, PMAC, UMAC and VMAC, and HASH algorithm. Wait.
  • HMAC such as HMAC-SHA256, HMAC-SHA1
  • NMAC such as HMAC-SHA256, HMAC-SHA1
  • CMAC CMAC
  • OMAC OMAC
  • CBC-MAC CBC-MAC
  • PMAC UMAC and VMAC
  • HASH algorithm HASH algorithm
  • KMS may also use only one algorithm to generate protection.
  • the key is then generated by truncate or extension, etc. to generate other lengths of protection keys.
  • the KMS handles the protection of the key length, including but not limited to the above processing.
  • the parameter bearer ID, the flow ID, the slice ID, the encryption algorithm ID, and the session ID used in the above may be carried in the session request sent by the UE together with the security requirement 2 and/or the security requirement 5 described above.
  • the KMS sends the protection key to the SM, which may also include the UE ID and/or the network ID.
  • the SM distributes the protection key, the network ID, and the UE ID to the gateway (or DN server, or UE2) and UE1. Specifically, the SM may carry the protection key in a User Plane Setup message and send it to the network. Off (or the server, or UE2), the protection key is carried in the Session Setup Complete message and sent to the UE.
  • the KMS sends the network ID and the protection key directly to the gateway (or DN server, or UE2), and the sent message may also contain the UE ID.
  • the KMS will also send the nonce to the SM, and then the SM sends it to the UE; or the KMS directly sends the nonce to the UE.
  • the difference between FIG. 9 and FIG. 8 is that the UE receives the security policy from the SM, and calculates the protection key according to the security policy. If the UE calculates the protection key to use the random parameter, the random parameter may be sent by the KMS to the UE, or may be generated by the UE itself.
  • KMS will send the protection key to the MM.
  • the MM may request the session protection key from the KMS after sending the session request to the SM and receiving the session response sent by the SM.
  • the shared key K is pre-stored in the SM, or after the UE performs mutual authentication with the AU, the KMS obtains the shared key K, and the KMS sends the shared key K to the SM. Both the UE and the SM calculate the protection key.
  • FIG. 10 is still another method for allocating a key according to an embodiment of the present application, including the following steps:
  • the SM sends a key request message to the KMS.
  • the key request message includes: a UE ID and a security policy, and optionally, a network ID and/or a service parameter.
  • the specific contents of the UE ID, the security requirement, the network ID, and the service parameters are as described above, and are not described here.
  • the KMS calculates the first key according to the security policy and the shared key K.
  • the first key is used for the UE and the gateway (or the server (including the server of the DN or the carrier network, hereinafter referred to as the server for short), or the controller (including the controller of the DN or the carrier network, hereinafter referred to as the controller) ), or the session between UE2) is protected.
  • the shared key K between the KMS and the UE may be allocated to the UE and the KMS in the process of establishing the context between the UE accessing the network and the MM, or may be allocated to the UE and the KMS in the two-way authentication process or after the two-way authentication process. It may be preset inside the UE and KMS.
  • a first key may be calculated according to the security policy, and may be used for encryption and/or integrity protection, or may be respectively The encryption protection key and the integrity protection key are calculated.
  • the protection key according to the security policy and the shared key K including but not limited to the following ways:
  • the first key (that is, the protection key in the foregoing embodiment, in order to be unified with the foregoing embodiment, hereinafter collectively referred to as a protection key) is:
  • K SID KDF(K, (UE ID, session ID, bearer ID, flow ID, slice ID, PLMN ID, service parameter, nonce
  • At least one), policy set ).
  • K SID KDF (K, (UE ID, Session ID, Bearer ID, Flow ID, Slice ID, PLMN ID, Service Parameter, at least one of nonce)).
  • the encryption protection key K _SID_enc is:
  • K SID_enc KDF (K, (encryption algorithm ID, UE ID, session ID, bearer ID, flow ID, slice ID, PLMN ID, service parameter, nonce, at least one of policy set)).
  • K SID_enc KDF (K, (encrypted identity, UE ID, session ID, bearer ID, flow ID, slice ID, PLMN ID, service parameter, nonce, at least one of policy set)).
  • the policy set is a security policy
  • K is a shared key between the UE and the KMS.
  • the definition of the UE ID is as described in the previous embodiment.
  • the encryption identifier can be a string that identifies the result of this derivation as an encryption key.
  • the nonce is a random parameter, which can be selected by the KMS, or carried by the UE in the session request. The purpose of using the random number calculation is to improve the security and randomness of the key. It is also possible that the key derivation includes at least one of two nonces, one of which comes from the KMS (selected by the KMS, sent directly to the UE, or sent to the UE through the SM), and the other nonce is from the UE (the session is carried by the UE) Request).
  • the integrity protection key K SID_int is:
  • K SID_int KDF (K, (integrity protection identifier, UE ID, session ID, bearer ID, flow ID, slice ID, PLMN ID, service parameter, nonce, at least one of policy set)).
  • K SID_int KDF (K, (integrity protection algorithm ID, UE ID, session ID, bearer ID, flow ID, slice ID, PLMN ID, service parameter, nonce, at least one of policy set)).
  • the integrity protection identifier can be a string that identifies the result of this derivation as an integrity protection key.
  • the nonce is a random parameter, which can be selected by the KMS, or carried by the UE in the session request. The purpose of using the random number calculation is to improve the security and randomness of the key. It is also possible that the key derivation includes at least one of two nonces, one of which comes from the KMS (selected by the KMS, sent directly to the UE, or sent to the UE through the SM), and the other nonce is from the UE (the session is carried by the UE) Request).
  • the parameter bearer ID, flow ID, slice ID, and session ID used in the above may be carried in the session request sent by the UE together with the security requirement 2 and/or the security requirement 5, or carried in the first access operation of the UE.
  • the request of the commerce network is carried in the key request message.
  • the encryption algorithm ID and the integrity protection algorithm ID may be the content of the security policy.
  • the KMS sends the key obtained in the second step (ie, at least one of the protection key K SID , the encryption protection key K SID_enc and the integrity protection key K SID_int ) to the SM, possibly including the UE ID and / or network ID.
  • the SM distributes the key obtained in the second step (ie, at least one of the protection key K SID , the encryption protection key K SID_enc and the integrity protection key K SID_int ) to the gateway (or server, or controller) , or UE2) and UE1.
  • the message may also include at least one of a network ID, a UE ID, and a security policy.
  • the SM may carry the protection key in a User Plane Setup message to the gateway (or server, or controller, or UE2).
  • step 4 the SM does not send the key obtained in step 2 to the UE, and proceeds to the following steps:
  • the SM sends a security policy to the UE, and the message may further include at least one of a network ID and a UE ID.
  • the UE receives the security policy from the SM (or policy control, or KMS), and according to the security policy, calculates at least the K SID , the encryption protection key K SID_enc, and the integrity protection key K SID_int in the same manner as described above.
  • the random parameter may be sent by the KMS to the UE, or may be generated by the UE itself.
  • the key derivation includes at least one of two nonces, one of which comes from the KMS (selected by the KMS, sent directly to the UE, or sent to the UE through the SM), and the other nonce is from the UE (the session is carried by the UE) Request).
  • the UE itself generates or obtains at least one of the protection key K SID , the encryption protection key K SID_enc and the integrity protection key from the SM, and in addition, it is also possible that the UE is from the KMS (or the policy control network) At least one of the protection key K SID , the encryption protection key K SID_enc and the integrity protection key, and the security policy are received.
  • FIG. 11 is still another method for key distribution according to an embodiment of the present application, including the following steps:
  • the SM sends a key request message to the KMS.
  • the key request message includes: a UE ID and a security policy, and optionally, a network ID and/or a service parameter.
  • the specific contents of the UE ID, the security requirement, the network ID, and the service parameters are as described above, and are not described here.
  • the KMS calculates the protection key according to the security policy and the shared key K.
  • the protection key is used to protect the session between the UE and the gateway (or server, or controller, or UE2).
  • the shared key K between the KMS and the UE may be allocated to the UE and the KMS in the process of establishing the context between the UE accessing the network and the MM, or may be allocated to the UE and the KMS in the two-way authentication process or after the two-way authentication process. It may be preset inside the UE and KMS.
  • a protection key may be calculated according to the security policy, and may be used for encryption and/or integrity protection, or may be separately calculated. Encryption protection key and integrity protection key. There are various ways to calculate the protection key according to the security policy and the shared key K, including but not limited to the following ways:
  • K SID KDF (K, (UE ID, session ID, bearer ID, flow ID, slice ID, PLMN ID, service parameter, at least one of nonce), policy set).
  • K SID KDF (K, (UE ID, Session ID, Bearer ID, Flow ID, Slice ID, PLMN ID, Service Parameter, at least one of nonce)).
  • the parameter bearer ID, the flow ID, the slice ID, the encryption algorithm ID, and the session ID used in the above may be carried in the session request sent by the UE together with the security requirement 2 and/or the security requirement 5, or carried in the UE.
  • the request to access the carrier network for the first time is carried in the key request message.
  • the encryption algorithm ID and the integrity protection algorithm ID may be the content of the security policy.
  • the nonce is a random parameter, which can be selected by the KMS, or carried by the UE in the session request. The purpose of using the random number calculation is to improve the security and randomness of the key.
  • the key derivation includes at least one of two nonces, one of which comes from the KMS (selected by the KMS, sent directly to the UE, or sent to the UE through the SM), and the other nonce is from the UE (the session is carried by the UE) Request).
  • the KMS sends the protection key K SID to the SM, possibly including the UE ID and/or the network ID.
  • the SM calculates an encryption protection key and/or an integrity protection key according to the security policy and the K_SID. Calculation methods include but are not limited to the following methods:
  • the encryption protection key K SID_enc is:
  • K SID_enc KDF (K SID , (encryption algorithm ID, UE ID, session ID, bearer ID, flow ID, slice ID, PLMN ID, service parameter, nonce, at least one of policy set)).
  • K SID_enc KDF (K SID , (encrypted identity, UE ID, session ID, bearer ID, flow ID, slice ID, PLMN ID, service parameter, nonce, at least one of policy set)).
  • K is the shared key between the UE and the KMS, and the UE ID
  • the encryption identifier can be a string that identifies the result of this derivation as an encryption key.
  • the nonce is a random parameter, which can be selected by the KMS, or carried by the UE in the session request. The purpose of using the random number calculation is to improve the security and randomness of the key. It is also possible that the key derivation includes at least one of two nonces, one of which comes from the KMS (selected by the KMS, sent directly to the UE, or sent to the UE through the SM), and the other nonce is from the UE (the session is carried by the UE) Request).
  • the integrity protection key K SID_int is:
  • K SID_int KDF (K SID , (integrity protection identifier, UE ID, session ID, bearer ID, flow ID, slice ID, PLMN ID, service parameter, nonce, at least one of policy set)).
  • K SID_int KDF (K SID , (integrity protection algorithm ID, UE ID, session ID, bearer ID, flow ID, slice ID, PLMN ID, service parameter, nonce, at least one of policy set)).
  • the integrity protection identifier can be a string that identifies the result of this derivation as an integrity protection key.
  • the nonce is a random parameter, which can be selected by the KMS, or carried by the UE in the session request. The purpose of using the random number calculation is to improve the security and randomness of the key. It is also possible that the key derivation includes at least one of two nonces, one of which comes from the KMS (selected by the KMS, sent directly to the UE, or sent to the UE through the SM), and the other nonce is from the UE (the session is carried by the UE) Request).
  • the parameter bearer ID, flow ID, slice ID, and session ID used in the above may be carried in the session request sent by the UE together with the security requirement 2 and/or the security requirement 5, or carried in the first access operation of the UE.
  • the request of the commerce network is carried in the key request message.
  • the encryption algorithm ID and the integrity protection algorithm ID may be the content of the security policy.
  • SM keys obtained in step 4 i.e., encryption and integrity protection key K SID_enc protection key K SID _int least a
  • the message may also include at least one of a network ID, a UE ID, and a security policy.
  • the SM may carry the protection key in a User Plane Setup message to the gateway (or the server, or the controller, or the UE2), and carry the protection key in the Session Setup Complete message. Send to the UE.
  • step 5 the SM does not send the key obtained in step 4 to the UE, but performs either of the following two processes:
  • the first possible process the SM sends a security policy to the UE, and the message may further include at least one of a network ID and a UE ID.
  • the UE receives from the SM (or policy control, or KMS) To the security policy, according to the security policy, the protection key is calculated in the same manner as the above embodiment. If the UE calculates the protection key to use the random parameter, the random parameter may be sent by the KMS to the UE, or may be generated by the UE itself.
  • the key derivation includes at least one of two nonces, one of which comes from the KMS (selected by the KMS, sent directly to the UE, or sent to the UE through the SM), and the other nonce is from the UE (the session is carried by the UE) Request).
  • the first possible process the SM sends the K SID and the security policy to the UE, and the UE receives the K SID and the security policy from the SM (or policy control, or KMS), according to the security policy, in the same manner as the above embodiment.
  • Calculate the protection key If the UE calculates the protection key to use the random parameter, the random parameter may be sent by the KMS to the UE, or may be generated by the UE itself. It is also possible that the key derivation includes at least one of two nonces, one of which comes from the KMS (selected by the KMS, sent directly to the UE, or sent to the UE through the SM), and the other nonce is from the UE (the session is carried by the UE) Request).
  • the UE itself generates or obtains at least one of the protection key K SID , the encryption protection key K SID_enc and the integrity protection key K SID_int from the SM, and in addition, it is also possible that the UE is from the KMS (or policy)
  • the control network element receives at least one of a protection key K SID , an encryption protection key K SID_enc and an integrity protection key, and a security policy.
  • the difference between FIG. 11 and FIG. 8 to FIG. 10 is that after the KMS derives the K SID , the K SID is sent to the SM, and the SM further derives the encryption protection key K SID_enc according to the K SID . / or integrity protection key K SID_int , and then send the encryption protection key K SID_enc and / or integrity protection key K SID_int to both ends of the end-to-end communication. That is to say, two different network element devices perform key derivation each time.
  • FIG. 12 The difference between FIG. 12 and FIG. 11 is that after the KMS derives the K SID , the K SID is sent to the SM, and the SM sends the K SID to the gateway (or the server, or the controller, or the UE 2) and the UE; the gateway (or the server) , or the controller, or UE2) and UE1 derive the encryption protection key K SID_enc and/or the integrity protection key K SID_int according to the K SID .
  • the SM derives the encryption protection key K SID_enc and/or the integrity protection key K SID_int according to the K SID , and transmits K SID_enc and K SID_int to the UE.
  • the SM only sends the security policy to the UE, and the UE derives the encrypted protection key K SID_enc and/or the integrity protection key K SID_int according to the security policy.
  • the above message may include at least one of a security policy, a network ID, and a UE ID.
  • the difference between FIG. 13 and FIG. 11 is that the SM holds the shared key, derives the K SID , and then derives the encryption protection key K SID_enc and/or the integrity protection key K SID_int based on the K SID and sends the encryption.
  • the protection key K SID_enc and/or the integrity protection key K SID_int to the gateway (or server, or controller, or UE2) and the UE.
  • the SM sends the K SID and the security policy to the UE to cause the UE to derive the encryption protection key K SID_enc and/or the integrity protection key K SID_int .
  • the SM only sends the security policy to the UE, and the UE derives the encrypted protection key K SID_enc and/or the integrity protection key K SID_int according to the security policy.
  • the above message includes at least one of a security policy, a network ID, and a UE ID.
  • Figure 14 differs from Figure 11 in that the SM derives the K SID and then sends the K SID to the gateway (or server, or controller, or UE2) and the UE; then the gateway (or server, or controller, or UE2) And the UE, according to the K SID , derives the encryption protection key K SID_enc and/or the integrity protection key K SID_int .
  • the SM derives the encryption protection key K SID_enc and/or the integrity protection key K SID_int according to the K SID , and transmits K SID_enc and K SID_int to the UE.
  • the SM only sends the security policy to the UE, and the UE derives the encrypted protection key K SID_enc and/or the integrity protection key K SID_int according to the security policy.
  • the above message may include at least one of a security policy, a network ID, and a UE ID.
  • the key derivation is mainly performed by using a KMS or an SM.
  • the protection key may also be used by the UE, AN, MM, AU, KMS, AAA, SM, or The Policy control network element is derived.
  • the policy control can perform the derivation of the key by the same process as the above KMS, that is, after receiving the key request, the key is deduced. It is also possible to perform the derivation of the security key immediately after the policy control determines the security policy. The process is shown in Figure 15.
  • the policy control network element derives the process of deriving the protection key, including the following steps:
  • the security control network element determines the security policy or receives the security policy from the SM, it derives the key into a key. Specifically, at least one of K SID , K SID_enc and K SID_int can be directly calculated, or K can be calculated first. SID , and then calculate at least one of K SID_enc and K SID_int according to K SID .
  • the policy control may receive the shared key from other network elements (KMS, AU, SM, MM or AAA) after the end of the terminal authentication; or initiate a key request, the UE ID is protected in the request, and the shared key is obtained. .
  • the policy control NE sends the generated key (and possibly the security policy) to the SM, and then the SM sends the key to both ends of the end-to-end communication.
  • the policy control network element sends the generated key (and possibly a security policy) to the UE through the SM, and directly sends the generated key to the other end of the end-to-end communication.
  • the UE receives the security policy from the SM (or policy control, or KMS), and calculates the protection key in the same manner as the above embodiment according to the security policy. If the UE needs to use a random parameter to calculate the protection key, the random parameter may be sent by the KMS to the UE, or may be generated by the UE itself. It is also possible that the key derivation includes at least one of two nonces, one of which comes from the KMS (selected by the KMS, sent directly to the UE, or sent to the UE through the SM), and the other nonce is from the UE (the session is carried by the UE) Request).
  • the UE receives at least one of the protection key K SID , the encryption protection key K SID_enc and the integrity protection key K SID_int from the SM (or policy control, or KMS), or after the UE receives the K SID , K SID_enc and K SID_int are calculated according to K SID .
  • the parameter bearer ID used in the UE derivation may be internal to the UE, or may be sent to the UE by the network element (such as KMS, MM, SM, policy control, AU, gateway, AAA, etc.). , as sent to the UE via a session response message.
  • the network element such as KMS, MM, SM, policy control, AU, gateway, AAA, etc.
  • the security algorithm (including the encryption algorithm, or the integrity protection algorithm, or the encryption algorithm and the integrity protection algorithm) is determined according to the security capability of the UE and the priority of the UPF algorithm stored in the SMF, and then generated.
  • a security key (including an encryption key, or an integrity protection key, or an encryption key and an integrity protection key); the determined security algorithm and the generated key are sent to the UPF.
  • the SMF also sends a determined security algorithm to the UE, so that the UE generates a security key corresponding to the security algorithm.
  • the SMF may also send a security policy to the UE.
  • the SMF calculates the key K_SID and sends the security policy and K_SID to the UPF.
  • the UPF can also receive the security capabilities of the UE through the SMF.
  • the UPF determines a security algorithm (including an encryption algorithm, or an integrity protection algorithm, or an encryption algorithm and an integrity protection algorithm) according to the security capabilities and algorithm priorities of the UE, and generates a security key (including an encryption key, or integrity protection).
  • the key, or the encryption key and the integrity protection key) the UPF sends the security algorithm to the SMF, and the SMF sends the security algorithm to the UE, so that the UE generates the security key corresponding to the security algorithm.
  • the UPF directly sends the security algorithm to the UE, so that the UE generates a security key corresponding to the security algorithm.
  • Possibility 3 After the SMF obtains the security policy, the security policy is sent to the AN, so that the AN determines the security protection algorithm between the UE and the AN according to the security policy, the security capability of the UE, and the algorithm priority list of the AN itself, and then the AN. Sending a security protection algorithm to the UE, so that the UE generates a security key corresponding to the security algorithm.
  • the above is the flow of security policy negotiation and distribution for data protection between the UE and the UPF.
  • the process of the security policy negotiation and distribution for the data protection between the UE and the AN is similar to the process between the UE and the UPF.
  • the security policy needs to consider the security capability of the AN or the algorithm priority list of the AN.
  • the security policy can be a certain security algorithm, or it can be integrity protection, or whether it is encrypted, or whether it is confidential and integrity protected.
  • the finalized security policy may be a prioritized list of security algorithms, including a prioritized list of encryption algorithms, or a prioritized list of integrity protection algorithms, or a prioritized list of encryption and integrity protection algorithms.
  • the UPF can then determine the security protection algorithm of the UPF according to the security capabilities of the UE, the security algorithm priority list, and the security capabilities of the UPF.
  • the other processes are then the same as in the previous embodiment.
  • the finalized security policy may be a prioritized list of security algorithms, including a prioritized list of encryption algorithms, or a prioritized list of integrity protection algorithms, or a prioritized list of encryption and integrity protection algorithms.
  • the AN can then determine the security protection algorithm of the AN according to the security capabilities of the UE, the security algorithm priority list, and the security capabilities of the AN.
  • the other processes are then the same as in the previous embodiment.
  • the above illustration is only an example of end-to-end session protection. It should be emphasized that The end-to-end protection of the load, flow, or slice is similar to the above example, but the session parameters in the above illustration need to be replaced with the corresponding parameters. Specifically, the session ID is replaced with the bearer ID, flow flow ID, or slice ID. . The user plane setup message is replaced with a bearer setup message, a flow flow setup message, or a slice setup message.
  • the key negotiation process and the security policy negotiation process have no specific sequence.
  • the generation of the K SID key can be performed before, during, or after the establishment of the session (bearer, flow flow, or slice).
  • the generation of the encryption and/or integrity protection key can be done at any node after the K SID is generated.
  • the process shown in FIG. 7 is a process of determining a security policy or a key configuration process when the UE1 sends a session, bearer, flow flow, or slice request to the carrier network, and the operator network agrees to the request. It should be noted that if the operator network does not agree with the session, bearer, flow flow or slice request of UE1, a reject message is sent to UE1.
  • the security requirement is the case where the security-based endpoint is in the User plane function (UPF).
  • the endpoint of security protection may also be branching point or ULCL at the branch point.
  • the endpoint of the security protection may be determined by a Mobility Management (MM) network element, a session management network element (SMS), an Authentication Service Function (AUSF), and a security anchor function network element.
  • MM Mobility Management
  • SMS Security Anchor Function
  • MME Mobility Management Entity
  • HSS Home Subscriber Server
  • AuC Authentication Center
  • ARPF Authentication Trust Store and Processing Function Network Authentication Credential Repository and Processing Function
  • SCMF Security Context Management Function
  • AMF Access and Mobility Management Function
  • Access Node Access network
  • AN User plane function
  • UPF User plane function
  • the security policy determination module may further perform the steps of: determining the endpoint of the security protection. If the security protection endpoint is UPF, performing the two-way authentication in the process shown in FIG. 2-9 or the UE1 sending the session request. If the endpoint of the security protection is AN, the security requirement 3 in the process shown in FIG. 2-9 or the security requirement of UE2 (a case of security requirement 4) is replaced with the security requirement of the AN.
  • the security requirement of the AN may be obtained by, on the basis of the previous embodiment, after receiving the request message of the UE1, the AN sends the security requirements of the AN to the network together.
  • 16(a) and 16(b) are scenes of branch branching.
  • the security policy determination module needs to determine whether the endpoint of the security protection is the branching point or the UPF. If the endpoint of the security protection is UPF, the steps of the two-way authentication in the flow shown in FIG. 2-9 or the UE1 sending the session request are performed. If the endpoint of the security protection is the branching point, the security requirement 3 in the process shown in FIG. 2-9 or the security requirement of UE2 (a case of security requirement 4) is replaced with the security requirement of the branching point.
  • the session link is a UE-AN-UPF (uplink classifier functionality, ULCL)-UPF (anchor).
  • the security policy determination module needs to determine The endpoint of the security protection is UPF (ULCL) or UPF (anchor). If it is UPF (anchor), the steps of bidirectional authentication in the flow shown in FIG. 2 to FIG. 9 or UE1 after sending the session request are performed. If the endpoint of the security protection is ULCL, the security requirement 3 in the process shown in Figures 2-9 or the security requirement of UE2 (a case of security requirement 4) is replaced with the security requirement of ULCL.
  • the user plane path is UE-AN-UPF (VPLMN)-UPF (HPLMN).
  • the end point of the end-to-end security protection may be UPF (visited public land mobile network, VPLMN) or UPF (home public land mobile network, HPLMN).
  • the security policy determines whether the endpoint to determine whether the security protection needs to be UPF (VPLMN) or UPF (HPLMN). If it is UPF (VPLMN), security requirement 3 is the security requirement of the gateway of the VPLMN. If it is UPF (HPLMN), then Security requirement 3 is the security requirement for the gateway of HPLMN.
  • the security policy determining module may receive the configuration information or the node policy of the UE1 according to other functional network elements, such as the HSS, AUSF, ARPF, AMF, SEAF, SCMF, SM, or AuC, or obtain the UE or the session from the local storage ( Or the configuration information or the node policy of the flow, bearer, and slice, and determine whether the endpoint of the security protection is AN, branching point, ULCL, or UPF according to the configuration information of the UE or the session (or flow, bearer, slice).
  • This node policy can be a node policy for each UE, can be a node policy for such a service, can be a node policy for such a slice, and can be a node policy for such a data type.
  • the security policy determination module may also determine the endpoint of the security protection according to the security requirements of the service or the security requirements of the server side, the service type, the slice type, or the slicing policy.
  • the above examples are all security policy negotiation for session granularity and session data protection key generation and distribution process. It should be noted that the above method is also applicable to security policy negotiation for slice granularity and generation and distribution of data protection keys in slices.
  • the specific implementation is similar to the session granularity, except that the session ID is a slice ID, and the protection key of the UE in the slice is determined, and the protection node may be a function network element in the slice, such as UPF.
  • the security policy determination module of the slice may be set in a mobility management (MM) network element, a session management network element (Sssion Management, SM), an authentication service controller (AUSF), and a security anchor function network element.
  • MM mobility management
  • Security Anchor Function SEAF
  • MME Mobility Management Entity
  • HSS Home Subscriber Server
  • AuC Authentication Center
  • ARPF Authentication Trust Store and Processing Function Network Authentication Credential Repository and Processing Function
  • SCMF Security Context Management Function
  • AMF Access and Mobility Management Function
  • AN node UPF A node
  • UPF A node UPF A node
  • CP-AU Control Plane-Authentication Unit
  • the specific security policy determination process is divided into the following three cases:
  • the slice security policy determining module (for example, the security policy determining module may be equivalent to the foregoing security policy determining module), after the authentication is completed, in the same manner as the previous embodiment, according to the security capability of the UE1, the service security requirement, and the intra-slice functional network element.
  • Security capability, network preset UE1 security capability and application server side security requirements at least one of determining a slice security policy, wherein the security capability of the functional network element within the slice can be through HSS, AUSF, ARPF, Obtained by AMF, SEAF, SCMF, SM or AuC.
  • the slice security policy is determined in a similar manner as before.
  • the session establishment process does not include the negotiation of the security policy and the key, and after the session is established, the security policy of the slice is determined.
  • the security policy determination module determines the security policy of the slice
  • the security policy of the slice is sent to the UE.
  • the process of distributing the key is similar to the process of the session.
  • the UE and the intra-slice function network element obtain the security protection key and security protection policy.
  • the key configuration process in the embodiment of the present application can configure a session protection key for the UE and the gateway (or the DN server or the UE 2). Therefore, the end-to-end session protection is implemented based on the 5G mobile communication architecture. Compared with the existing method of segment encryption, it has better security.
  • the security policy can be determined according to the security requirements of the UE, the carrier network, and the data network. Therefore, the session protection key can be determined according to the security requirements of different parties, and all the service data in the prior art are the same on the base station side. In terms of encryption of the protection key, differentiated security protection can be achieved.
  • FIG. 19 is a schematic diagram of an SM network element, a communication component, and a processor, and may further include a memory.
  • the communication component is configured to receive a request for end-to-end communication.
  • the processor is used to obtain security policies.
  • the communication component is further configured to send the security policy and/or the protection key to the user equipment, and send the security policy and/or the protection key to another end device of the end-to-end communication .
  • FIG. 2 to FIG. 15 For the specific implementation of the functions of the communication component and the processor, refer to FIG. 2 to FIG. 15 , and details are not described herein again.
  • the embodiment of the present application further discloses a KMS, MM, HSS, and Policy control network element.
  • the specific structure includes the functions of the communication component and the processor. For details, refer to FIG. 2 to FIG. 15 , and details are not described herein again.
  • FIG. 20 is a user equipment according to an embodiment of the present disclosure, including a communication component and a processor, and the communication component and the processor can communicate through a bus.
  • the communication component is used to send a request and receive a response.
  • the request includes an identifier of the user equipment.
  • the response carries a security policy.
  • the processor is configured to obtain a protection key, where the protection key is used to protect the end-to-end communication, where the protection key is based on the security policy and sharing between the user equipment and the operator network Key determination.
  • the above various devices can realize the determination of the security policy and the generation of the end-to-end protection key by mutual cooperation, thereby implementing end-to-end session protection based on the 5G mobile communication architecture.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne un procédé de configuration d'une clé ; un élément de réseau de gestion de session reçoit une demande de communication de terminal à terminal et acquiert une politique de sécurité, la politique de sécurité étant déterminée en fonction d'au moins une exigence de sécurité d'utilisateur d'un dispositif d'utilisateur prédéfini dans un serveur d'utilisateur, une exigence de sécurité de service en provenance du dispositif d'utilisateur, une exigence de capacité de sécurité prise en charge par le dispositif d'utilisateur, une exigence de capacité de sécurité en provenance d'un réseau d'opérateur et une exigence de sécurité de l'autre dispositif dans la communication de terminal à terminal. L'élément de réseau de gestion de session acquiert une clé de protection pour protéger la communication de terminal à terminal, la clé de protection étant déterminée en fonction de la politique de sécurité et d'une clé partagée du dispositif d'utilisateur et du réseau d'opérateur. L'élément de réseau de gestion de session envoie la politique de sécurité et/ou la clé de protection aux deux dispositifs dans la communication de terminal à terminal. De cette manière, l'élément de réseau de gestion de session est apte à configurer une clé de protection de session pour les deux dispositifs dans la communication de terminal à terminal, ce qui permet d'améliorer la sécurité de la communication de terminal à terminal.
PCT/CN2017/083265 2016-07-01 2017-05-05 Procédé et appareil de configuration de clé et de détermination d'une politique de sécurité WO2018000936A1 (fr)

Priority Applications (9)

Application Number Priority Date Filing Date Title
EP22168723.9A EP4135256A1 (fr) 2016-07-01 2017-05-05 Procédé de configuration de clé, procédé de détermination de politique de sécurité et appareil
RU2019102608A RU2719447C1 (ru) 2016-07-01 2017-05-05 Способ конфигурирования ключа, способ определения политики безопасности и устройство
KR1020197000802A KR102144303B1 (ko) 2016-07-01 2017-05-05 키 구성 방법, 보안 정책 결정 방법 및 장치
EP17818933.8A EP3481000B1 (fr) 2016-07-01 2017-05-05 Procédé et appareil de configuration de clé et de détermination d'une politique de sécurité
BR112018077338-7A BR112018077338A2 (pt) 2016-07-01 2017-05-05 método de configuração de chave, método de determinação de política de segurança e aparelho
CN201780030820.7A CN109314638B (zh) 2016-07-01 2017-05-05 密钥配置及安全策略确定方法、装置
JP2018568816A JP6737910B2 (ja) 2016-07-01 2017-05-05 鍵構成方法、セキュリティポリシー決定方法、及び装置
US16/224,999 US11057775B2 (en) 2016-07-01 2018-12-19 Key configuration method, security policy determining method, and apparatus
US17/336,650 US11689934B2 (en) 2016-07-01 2021-06-02 Key configuration method, security policy determining method, and apparatus

Applications Claiming Priority (8)

Application Number Priority Date Filing Date Title
CN201610511486.4 2016-07-01
CN201610511486 2016-07-01
CN201610592312 2016-07-25
CN201610592312.5 2016-07-25
CN201710060318.2A CN107566115B (zh) 2016-07-01 2017-01-24 密钥配置及安全策略确定方法、装置
CN201710060318.2 2017-01-24
PCT/CN2017/078312 WO2018000867A1 (fr) 2016-07-01 2017-03-27 Procédé et appareil pour configurer une clé et déterminer une politique de sécurité
CNPCT/CN2017/078312 2017-03-27

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US16/224,999 Continuation US11057775B2 (en) 2016-07-01 2018-12-19 Key configuration method, security policy determining method, and apparatus

Publications (1)

Publication Number Publication Date
WO2018000936A1 true WO2018000936A1 (fr) 2018-01-04

Family

ID=60786638

Family Applications (2)

Application Number Title Priority Date Filing Date
PCT/CN2017/078312 WO2018000867A1 (fr) 2016-07-01 2017-03-27 Procédé et appareil pour configurer une clé et déterminer une politique de sécurité
PCT/CN2017/083265 WO2018000936A1 (fr) 2016-07-01 2017-05-05 Procédé et appareil de configuration de clé et de détermination d'une politique de sécurité

Family Applications Before (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/078312 WO2018000867A1 (fr) 2016-07-01 2017-03-27 Procédé et appareil pour configurer une clé et déterminer une politique de sécurité

Country Status (1)

Country Link
WO (2) WO2018000867A1 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110365470A (zh) * 2018-03-26 2019-10-22 华为技术有限公司 一种密钥生成方法和相关装置
CN110830991A (zh) * 2018-08-10 2020-02-21 华为技术有限公司 安全会话方法和装置
CN111641582A (zh) * 2019-03-01 2020-09-08 华为技术有限公司 一种安全保护方法及装置
CN112788594A (zh) * 2020-06-03 2021-05-11 中兴通讯股份有限公司 数据传输方法、装置和系统、电子设备、存储介质
CN114286339A (zh) * 2021-12-21 2022-04-05 中国电信股份有限公司 安全策略的确定方法及系统

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110636639A (zh) * 2018-06-25 2019-12-31 大唐移动通信设备有限公司 一种会话管理方法及装置
US11252652B2 (en) 2019-04-02 2022-02-15 Electronics And Telecommunications Research Institute Non-IP data delivery authorization update method and connection release method for non-IP data delivery, and device for performing the method
US11991525B2 (en) 2021-12-02 2024-05-21 T-Mobile Usa, Inc. Wireless device access and subsidy control

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101188492A (zh) * 2006-11-17 2008-05-28 中兴通讯股份有限公司 实现安全业务的系统和方法
CN101330469A (zh) * 2008-07-25 2008-12-24 中兴通讯股份有限公司 下一代网络中资源控制部分收集安全参数的实现方法
CN104092668A (zh) * 2014-06-23 2014-10-08 北京航空航天大学 一种可重构网络安全服务构造方法
US20150281276A1 (en) * 2014-03-26 2015-10-01 Juniper Networks, Inc. Monitoring compliance with security policies for computer networks

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1773903A (zh) * 2004-11-08 2006-05-17 中兴通讯股份有限公司 通用安全策略构造方法
CN101296225B (zh) * 2007-04-29 2012-08-08 华为技术有限公司 会话管理功能装置及提供业务的系统和方法
CN101557289A (zh) * 2009-05-13 2009-10-14 大连理工大学 基于身份认证的存储安全密钥管理方法
CN101990202B (zh) * 2009-07-29 2013-06-12 中兴通讯股份有限公司 更新用户策略的方法及应用服务器
WO2015013685A1 (fr) * 2013-07-25 2015-01-29 Convida Wireless, Llc Sessions de couches de service m2m de bout en bout

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101188492A (zh) * 2006-11-17 2008-05-28 中兴通讯股份有限公司 实现安全业务的系统和方法
CN101330469A (zh) * 2008-07-25 2008-12-24 中兴通讯股份有限公司 下一代网络中资源控制部分收集安全参数的实现方法
US20150281276A1 (en) * 2014-03-26 2015-10-01 Juniper Networks, Inc. Monitoring compliance with security policies for computer networks
CN104092668A (zh) * 2014-06-23 2014-10-08 北京航空航天大学 一种可重构网络安全服务构造方法

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110365470A (zh) * 2018-03-26 2019-10-22 华为技术有限公司 一种密钥生成方法和相关装置
CN110365470B (zh) * 2018-03-26 2023-10-10 华为技术有限公司 一种密钥生成方法和相关装置
CN110830991A (zh) * 2018-08-10 2020-02-21 华为技术有限公司 安全会话方法和装置
US11778459B2 (en) 2018-08-10 2023-10-03 Huawei Technologies Co., Ltd. Secure session method and apparatus
CN111641582A (zh) * 2019-03-01 2020-09-08 华为技术有限公司 一种安全保护方法及装置
CN112788594A (zh) * 2020-06-03 2021-05-11 中兴通讯股份有限公司 数据传输方法、装置和系统、电子设备、存储介质
CN114286339A (zh) * 2021-12-21 2022-04-05 中国电信股份有限公司 安全策略的确定方法及系统

Also Published As

Publication number Publication date
WO2018000867A1 (fr) 2018-01-04

Similar Documents

Publication Publication Date Title
US11689934B2 (en) Key configuration method, security policy determining method, and apparatus
US11695742B2 (en) Security implementation method, device, and system
US20200084631A1 (en) Key Configuration Method, Apparatus, and System
WO2018000936A1 (fr) Procédé et appareil de configuration de clé et de détermination d'une politique de sécurité
CN110830991B (zh) 安全会话方法和装置
WO2022134089A1 (fr) Procédé et appareil de génération de contexte de sécurite, et support de stockage lisible par ordinateur
WO2019119130A1 (fr) Système et procédé de filtrage par tunnel
NZ755869B2 (en) Security implementation method, device and system
JP2022502908A (ja) Nasメッセージのセキュリティ保護のためのシステム及び方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17818933

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2018568816

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

REG Reference to national code

Ref country code: BR

Ref legal event code: B01A

Ref document number: 112018077338

Country of ref document: BR

ENP Entry into the national phase

Ref document number: 20197000802

Country of ref document: KR

Kind code of ref document: A

ENP Entry into the national phase

Ref document number: 2017818933

Country of ref document: EP

Effective date: 20190201

ENP Entry into the national phase

Ref document number: 112018077338

Country of ref document: BR

Kind code of ref document: A2

Effective date: 20181227