CYBER SECURITY MANAGEMENT SYSTEM, METHOD, AND APPARATUS
First Claim
1. A cyber security management system, wherein the management system is configured to implement security management of a network comprising at least two network slices, and the cyber security management system comprises user equipment (UE), an access network (AN), a network function selection module, and at least two authentication modules, whereinthe UE is configured to send a first service request to the network function selection module, wherein the first service request carries authentication protocol information;
- the network function selection module is configured to;
select a target authentication module from the at least two authentication modules based on the authentication protocol information, and send a second service request to the target authentication module, whereinthe target authentication module is configured to;
receive the second service request, and perform mutual authentication with the UE; and
the target authentication module is further configured to;
determine a first security configuration according to a specified security policy of a specified network slice to which the UE is to be attached, and send a second service request response to the AN, wherein the second service request response carries the first security configuration; and
the AN is configured to;
determine a second security configuration based on the first security configuration or the specified security policy, and send a first service request response to the UE, wherein the first service request response carries the second security configuration.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present invention disclose a cyber security management system, method, and apparatus. The system includes UE, an AN, a network function selection module, and at least two authentication modules. The UE is configured to send a first service request to the network function selection module, where the first service request carries authentication protocol information. The network function selection module is configured to: select a target authentication module based on the authentication protocol information, and send a second service request to the target authentication module. The target authentication module is configured to perform mutual authentication with the UE. The target authentication module is further configured to: determine a first security configuration according to a specified security policy, and send the first security configuration to the AN.
-
Citations
20 Claims
-
1. A cyber security management system, wherein the management system is configured to implement security management of a network comprising at least two network slices, and the cyber security management system comprises user equipment (UE), an access network (AN), a network function selection module, and at least two authentication modules, wherein
the UE is configured to send a first service request to the network function selection module, wherein the first service request carries authentication protocol information; -
the network function selection module is configured to;
select a target authentication module from the at least two authentication modules based on the authentication protocol information, and send a second service request to the target authentication module, whereinthe target authentication module is configured to;
receive the second service request, and perform mutual authentication with the UE; andthe target authentication module is further configured to;
determine a first security configuration according to a specified security policy of a specified network slice to which the UE is to be attached, and send a second service request response to the AN, wherein the second service request response carries the first security configuration; andthe AN is configured to;
determine a second security configuration based on the first security configuration or the specified security policy, and send a first service request response to the UE, wherein the first service request response carries the second security configuration. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A cyber security management method, comprising:
-
receiving, by a network function selection module, a first service request sent by user equipment (UE), wherein the first service request carries authentication protocol information; selecting, by the network function selection module based on the authentication protocol information, a target authentication module from at least two authentication modules in a network; and sending, by the network function selection module, a second service request to the target authentication module. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A cyber security management apparatus, comprising:
-
a receiving unit, configured to receive a first service request sent by user equipment UE, wherein the first service request carries authentication protocol information; a selection unit, configured to select, based on the authentication protocol information received by the receiving unit, a target authentication module from at least two authentication modules comprised in a network; and a sending unit, configured to send a second service request to the target authentication module selected by the selection unit. - View Dependent Claims (17, 18, 19, 20)
-
Specification