CYBER SECURITY MANAGEMENT SYSTEM, METHOD, AND APPARATUS

US 20190159029A1
Filed: 01/05/2019
Published: 05/23/2019
Est. Priority Date: 07/05/2016
Status: Active Grant

First Claim

Patent Images

1. A cyber security management system, wherein the management system is configured to implement security management of a network comprising at least two network slices, and the cyber security management system comprises user equipment (UE), an access network (AN), a network function selection module, and at least two authentication modules, whereinthe UE is configured to send a first service request to the network function selection module, wherein the first service request carries authentication protocol information;

the network function selection module is configured to;

select a target authentication module from the at least two authentication modules based on the authentication protocol information, and send a second service request to the target authentication module, whereinthe target authentication module is configured to;

receive the second service request, and perform mutual authentication with the UE; and

the target authentication module is further configured to;

determine a first security configuration according to a specified security policy of a specified network slice to which the UE is to be attached, and send a second service request response to the AN, wherein the second service request response carries the first security configuration; and

the AN is configured to;

determine a second security configuration based on the first security configuration or the specified security policy, and send a first service request response to the UE, wherein the first service request response carries the second security configuration.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention disclose a cyber security management system, method, and apparatus. The system includes UE, an AN, a network function selection module, and at least two authentication modules. The UE is configured to send a first service request to the network function selection module, where the first service request carries authentication protocol information. The network function selection module is configured to: select a target authentication module based on the authentication protocol information, and send a second service request to the target authentication module. The target authentication module is configured to perform mutual authentication with the UE. The target authentication module is further configured to: determine a first security configuration according to a specified security policy, and send the first security configuration to the AN.

Citations

20 Claims

1. A cyber security management system, wherein the management system is configured to implement security management of a network comprising at least two network slices, and the cyber security management system comprises user equipment (UE), an access network (AN), a network function selection module, and at least two authentication modules, whereinthe UE is configured to send a first service request to the network function selection module, wherein the first service request carries authentication protocol information;
- the network function selection module is configured to;
  
  select a target authentication module from the at least two authentication modules based on the authentication protocol information, and send a second service request to the target authentication module, whereinthe target authentication module is configured to;
  
  receive the second service request, and perform mutual authentication with the UE; and
  
  the target authentication module is further configured to;
  
  determine a first security configuration according to a specified security policy of a specified network slice to which the UE is to be attached, and send a second service request response to the AN, wherein the second service request response carries the first security configuration; and
  
  the AN is configured to;
  
  determine a second security configuration based on the first security configuration or the specified security policy, and send a first service request response to the UE, wherein the first service request response carries the second security configuration.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The cyber security management system according to claim 1, wherein the authentication protocol information comprises an identifier of a first authentication protocol selected by the UE;
    - andthe network function selection module is specifically configured to;
      
      select the target authentication module that supports the first authentication protocol from the at least two authentication modules based on the identifier of the first authentication protocol.
  - 3. The cyber security management system according to claim 2, wherein if more than one authentication module supports the first authentication protocol, the network function selection module is configured to:
    - select, based on a load status of each authentication module that supports the first authentication protocol, an authentication module having a least load from the authentication modules as the target authentication module.
  - 4. The cyber security management system according to claim 1, wherein the authentication protocol information comprises an identifier of a first authentication protocol selected by the UE;
    - the first service request further carries an identifier of the specified network slice; and
      
      the network function selection module is configured to;
      
      select the target authentication module that supports the first authentication protocol and the specified network slice from the at least two authentication modules based on the identifier of the first authentication protocol and the identifier of the specified network slice.
  - 5. The cyber security management system according to claim 4, wherein if more than one authentication module supports the first authentication protocol and the specified network slice, the network function selection module is configured to:
    - select, based on a load status of each authentication module that supports the first authentication protocol and the specified network slice, an authentication module having a least load from the authentication modules as the target authentication module.
  - 6. The cyber security management system according to claim 1, wherein the authentication protocol information comprises identifiers of at least two second authentication protocols supported by the UE;
    - andthe network function selection module is configured to;
      
      select, based on the identifiers of the second authentication protocols, a to-be-selected authentication module that supports at least one of the second authentication protocols from the at least two authentication modules as the target authentication module.
  - 7. The cyber security management system according to claim 1, wherein the authentication protocol information comprises identifiers of at least two second authentication protocols supported by the UE;
    - the first service request further carries an identifier of the specified network slice; and
      
      the network function selection module is specifically configured to;
      
      select, based on the identifiers of the second authentication protocols, a to-be-selected authentication module that supports at least one of the second authentication protocols and supports the specified network slice from the at least two authentication modules as the target authentication module.
  - 8. The cyber security management system according to claim 1, wherein the authentication protocol information comprises identifiers of at least two second authentication protocols supported by the UE;
    - andthe network function selection module is configured to;
      
      determine, based on an authentication protocol selection priority that is set in the network, an authentication protocol with a highest selection priority from the second authentication protocols supported by the UE, and select a to-be-selected authentication module that supports the authentication protocol with a highest selection priority from the at least two authentication modules as the target authentication module.
  - 9. The cyber security management system according to claim 6, wherein if there is more than one to-be-selected authentication module, the network function selection module is configured to:
    - select, based on a load status of each of the more than one to-be-selected authentication module, an authentication module have a least load from the authentication modules as the target authentication module.
  - 10. The cyber security management system according to claim 1, wherein the authentication protocol information comprises identifiers of at least two authentication protocols supported by the UE and a selection priority of each of the at least two authentication protocols;
    - andthe network function selection module is configured to;
      
      select a to-be-selected authentication module that supports at least one of the authentication protocols from the at least two authentication modules based on the identifiers of the authentication protocols; and
      
      if there is more than one to-be-selected authentication module, select, based on a selection priority of each authentication protocol, an authentication module that supports an authentication protocol with a highest selection priority from all to-be-selected authentication modules as the target authentication module.

11. A cyber security management method, comprising:
- receiving, by a network function selection module, a first service request sent by user equipment (UE), wherein the first service request carries authentication protocol information;
  
  selecting, by the network function selection module based on the authentication protocol information, a target authentication module from at least two authentication modules in a network; and
  
  sending, by the network function selection module, a second service request to the target authentication module.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The management method according to claim 11, wherein the authentication protocol information comprises an identifier of a first authentication protocol selected by the UE;
    - andselecting, by the network function selection module based on the authentication protocol information, a target authentication module from at least two authentication modules comprised in a network comprises;
      
      selecting, by the network function selection module, the target authentication module that supports the first authentication protocol from the at least two authentication modules based on the identifier of the first authentication protocol.
  - 13. The management method according to claim 12, wherein if more than one authentication module supports the first authentication protocol, the method further comprises:
    - selecting, based on a load status of each authentication module that supports the first authentication protocol, an authentication module having a least load from the authentication modules as the target authentication module.
  - 14. The management method according to claim 11, wherein the authentication protocol information comprises an identifier of a first authentication protocol selected by the UE;
    - the first service request further carries an identifier of a specified network slice; and
      
      selecting, by the network function selection module based on the authentication protocol information, the target authentication module from at least two authentication modules in the network comprises;
      
      selecting, by the network function selection module, the target authentication module that supports the first authentication protocol and the specified network slice from the at least two authentication modules based on the identifier of the first authentication protocol and the identifier of the specified network slice.
  - 15. The management method according to claim 14, wherein if more than one authentication module supports the first authentication protocol and the specified network slice, the method further comprises:
    - selecting, based on a load status of each authentication module that supports the first authentication protocol and the specified network slice, an authentication module having a least load from the authentication modules as the target authentication module.

16. A cyber security management apparatus, comprising:
- a receiving unit, configured to receive a first service request sent by user equipment UE, wherein the first service request carries authentication protocol information;
  
  a selection unit, configured to select, based on the authentication protocol information received by the receiving unit, a target authentication module from at least two authentication modules comprised in a network; and
  
  a sending unit, configured to send a second service request to the target authentication module selected by the selection unit.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The management apparatus according to claim 16, wherein the authentication protocol information comprises an identifier of a first authentication protocol selected by the UE;
    - andthe selection unit is specifically configured to;
      
      select the target authentication module that supports the first authentication protocol from the at least two authentication modules based on the identifier of the first authentication protocol.
  - 18. The management apparatus according to claim 17, wherein if more than one authentication module supports the first authentication protocol,the selection unit is configured to:
    - select, based on a load status of each authentication module that supports the first authentication protocol, an authentication module with least load from the authentication modules as the target authentication module.
  - 19. The management apparatus according to claim 16, wherein the authentication protocol information comprises an identifier of a first authentication protocol selected by the UE;
    - the first service request further carries an identifier of a specified network slice; and
      
      the selection unit is configured to;
      
      select the target authentication module that supports the first authentication protocol and the specified network slice from the at least two authentication modules based on the identifier of the first authentication protocol and the identifier of the specified network slice.
  - 20. The management apparatus according to claim 19, wherein if more than one authentication module supports the first authentication protocol and the specified network slice, the selection unit is configured to:
    - select, based on a load status of each authentication module that supports the first authentication protocol and the specified network slice, an authentication module with least load from the authentication modules as the target authentication module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
LI, Lichun, LIU, Fei, SPINI, Marco

Granted Patent

US 10,897,712 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0869   for achieving mutual authen...

H04L 63/0892   by using authentication-aut...

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

H04L 67/1001   for accessing one among a p...

H04L 9/40   Network security protocols

H04W 12/03   Protecting confidentiality,...

H04W 12/06   Authentication

H04W 12/10   Integrity

CYBER SECURITY MANAGEMENT SYSTEM, METHOD, AND APPARATUS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CYBER SECURITY MANAGEMENT SYSTEM, METHOD, AND APPARATUS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links