Method for protecting security of data, network entity and communication terminal
First Claim
1. A method for protecting security of data, which is applied to a machine type communication, comprising:
- querying, by a network side entity, a home subscribe server (HSS) whether there is machine type communication (MTC) characteristic information of a communication terminal;
determining, by the network side entity, whether communication between the communication terminal and the network side entity is a small data transmission according to the MTC characteristic information of the communication terminal;
storing, by the network side entity, information pertaining to security context if the communication terminal which communicates with the network side entity is a small data transmission, wherein the step of storing the information pertaining to the security context is performed subsequent to the step of querying the HSS;
obtaining, by the network side entity, a current security context according to the information pertaining to security context; and
protecting, by the network side entity, security of communication data by employing the current security context,wherein the information pertaining to the security context comprises;
an algorithm and an authentication vector (AV) comprising a random number (RAND) and an authentication token (AUTN), oran algorithm and a root key (Kasme).
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention relates to communication technologies and discloses a method and an apparatus for protecting security of data, so as to solve the problem of the prior art in which the security of data transmission between a communication terminal which has a characteristic of small data transmission and the network cannot be guaranteed. Information relevant to security context is stored if a communication terminal has a characteristic of small data transmission; current security context is obtained according to the information relevant to security context; and security protection of communication data is performed by employing the current security context. The embodiments of the present invention may be applied to a communication system having a characteristic of small data transmission, such as an MTC and the like.
7 Citations
13 Claims
-
1. A method for protecting security of data, which is applied to a machine type communication, comprising:
-
querying, by a network side entity, a home subscribe server (HSS) whether there is machine type communication (MTC) characteristic information of a communication terminal; determining, by the network side entity, whether communication between the communication terminal and the network side entity is a small data transmission according to the MTC characteristic information of the communication terminal; storing, by the network side entity, information pertaining to security context if the communication terminal which communicates with the network side entity is a small data transmission, wherein the step of storing the information pertaining to the security context is performed subsequent to the step of querying the HSS; obtaining, by the network side entity, a current security context according to the information pertaining to security context; and protecting, by the network side entity, security of communication data by employing the current security context, wherein the information pertaining to the security context comprises; an algorithm and an authentication vector (AV) comprising a random number (RAND) and an authentication token (AUTN), or an algorithm and a root key (Kasme). - View Dependent Claims (2, 3, 4)
-
-
5. A method for protecting security of data, which is applied to a machine type communication (MTC), comprising:
-
obtaining, by a communication terminal, MTC characteristic information of the communication terminal according to configuration information; determining, by the communication terminal, whether communication with the communication terminal is a small data transmission according to the MTC characteristic information of the communication terminal; storing, by the communication terminal, information pertaining to a security context if the communication with the communication terminal is a small data transmission, wherein the step of storing the information pertaining to the security context is performed subsequent to the step of obtaining the MTC characteristic information; obtaining, by the communication terminal, a current security context according to the information pertaining to the security context; and protecting, by the communication terminal, security of communication data by employing the current security context, wherein the information pertaining to the security context comprises; an algorithm and an authentication vector (AV) comprising a random number (RAND) and an authentication token (AUTN), or an algorithm and a root key (Kasme). - View Dependent Claims (6, 7, 8, 9)
-
-
10. A communication terminal, which is applied to a machine type communication (MTC), comprising:
-
a storing module, configured to store information pertaining to a security context if communication with the communication terminal is a small data transmission; a first obtaining module, configured to obtain a current security context according to the information pertaining to the security context; and a security protecting module, configured to protect security of communication data by employing the current security context, wherein the storing module further comprises; a determining module, configured to determine whether communication with the communication terminal is a small data transmission according to machine type communication (MTC) characteristic information, wherein the determining module is further configured to obtain its own MTC characteristic information according to configuration information, and wherein the first obtaining module further comprises; a receiving sub-module, configured to receive a detach request message or a detach accept message sent by a network side entity; a storing sub-module, configured to store a random number (RAND) and an authentication token (AUTN) in the detach request message or the detach accept message; a first generating sub-module, configured to validate the AUTN, and generate a root key (Kasme) according to the random number (RAND) and the authentication token (AUTN); and a third generating sub-module, configured to generate the current security context according to the generated root key (Kasme) and an algorithm in the information pertaining to the security context. - View Dependent Claims (11, 12, 13)
-
Specification