[go: up one dir, main page]

CN101051967A - Communication system and its method for user's device in user's network - Google Patents

Communication system and its method for user's device in user's network Download PDF

Info

Publication number
CN101051967A
CN101051967A CNA2006100254380A CN200610025438A CN101051967A CN 101051967 A CN101051967 A CN 101051967A CN A2006100254380 A CNA2006100254380 A CN A2006100254380A CN 200610025438 A CN200610025438 A CN 200610025438A CN 101051967 A CN101051967 A CN 101051967A
Authority
CN
China
Prior art keywords
user equipment
user
management entity
communication
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2006100254380A
Other languages
Chinese (zh)
Inventor
钟永锋
张玲
刘玲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CNA2006100254380A priority Critical patent/CN101051967A/en
Priority to PCT/CN2007/001074 priority patent/WO2007112692A1/en
Priority to JP2009503394A priority patent/JP2009532959A/en
Priority to CNA2007800003737A priority patent/CN101317390A/en
Priority to KR1020087025794A priority patent/KR101076332B1/en
Publication of CN101051967A publication Critical patent/CN101051967A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/009Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本发明涉及通信领域,公开了一种用户网络中用户设备的通信系统及其方法,使得用户网络内UE间的通信信息能够得到安全保障。本发明中,用户网络内的两个UE建立点到点连接前,先通过接入网向管理实体请求对相关UE的安全认证,只有在相关UE的认证都通过时才建立的点到点连接。管理实体还可以通过向认证成功的UE提供密钥来保障数据传输的安全。如果两个UE在同一个人域网络内,则点对点连接是该个人域网络范围内的直接连接。如果两个UE不在同一个人域网络内,则点对点连接是通过各自的接入网建立的远程连接。

Figure 200610025438

The invention relates to the field of communication, and discloses a communication system and method for user equipment in a user network, so that the communication information between UEs in the user network can be safely guaranteed. In the present invention, before the two UEs in the user network establish a point-to-point connection, they first request the security authentication of the relevant UE to the management entity through the access network, and the point-to-point connection is only established when the authentication of the relevant UE passes. . The management entity can also ensure the security of data transmission by providing keys to UEs that have successfully authenticated. If two UEs are in the same personal area network, the point-to-point connection is a direct connection within the range of the personal area network. If the two UEs are not in the same personal area network, the point-to-point connection is a remote connection established through their respective access networks.

Figure 200610025438

Description

The communication system of subscriber equipment and method thereof in the user network
Technical field
The present invention relates to the communications field, particularly the communication technology between subscriber equipment in the user network.
Background technology
In recent years, along with development of science and technology and people increase to the high-tech product demand, increasing gradually of the ancillary equipment that people had, users not only may have a plurality of laptop computers, mobile phone etc. simultaneously, also may on the PC of oneself, connect ancillary equipment such as printer, scanner, modulator-demodulator, sometimes also to plug USB interface, with the photo in digital camera transmission and store in the hard disk and go.Insert continually and extract the various cables that twining behind a certain interface, the PC, all make the user when the experience new technology is brought enjoyment, have to stand some inconvenience again.In addition, information between the staff of each department of enterprises is delivered in the mobile that also information is transmitted in the modern enterprise and proposes higher requirement, in limited working environment, form local area network (LAN) and can realize information sharing and equipment shared (printer, scanner etc.), but thickly dotted wiring is made troubles to the people again.
At this phenomenon, academia has proposed a new notion: individual domain network (Personal AreaNetwork is called for short " PAN ").The PAN network is exactly in a space that radius of action is less, type of service is abundant, towards special group, realizes the mobile radio communication of wireless connections.This be a kind of and wide area network, local area network (LAN) side by side but the less wireless network of scope.
PAN server thought is, replaces traditional wire cable with radio or infrared ray, realizes the intelligent interconnected of personal information terminal, sets up personalized information network.From the angle of computer network, the PAN network is a local area network (LAN); From the angle of communication network, the PAN network is an Access Network, therefore has the people PAN network to be called the solution of communication network " last rice ".
The PAN network positions is in the application scenario of family and small office.Its main range of application comprises: Speech Communication gateway, data communication gateway, information appliance is interconnected and automatically exchange etc. of information.
The realization technology of PAN network mainly contains: the infrared communication technology of bluetooth (Bluetooth), Infrared Data Association's (InfraredData Association is called for short " IRDA ") etc.
Can be by the PAN network well to in-plant all the subscriber equipment (UserEquipment of same user, be called for short " UE ") manage and information exchange, yet the network range of PAN is less after all, can not be limited in the PAN network as the stronger UE of mobility such as mobile phone, the user manages all UE that it had for convenience, the UE that we will belong to same user forms user network, and this user network can comprise physically a plurality of UE of wide apart or the PAN network of being made up of UE.
In the prior art, communication between each UE in same user network comprises two kinds of situations, one, be that the UE both sides that communicate are in together in the same PAN network of same user network, be UE both sides' short-range communications, in this case, can adopt wireless technical approach, as adopt wireless technologys such as bluetooth, infrared communication, perhaps adopt wired technical approach, comprise the cable technology of USB cable as employing, directly carry out UE both sides' point-to-point communication, need not management by carrier network.That is to say that the UE both sides of communication need not through core net, only in the PAN network internal by closely connecting direct communication, as shown in Figure 1, be this kind communication mode between UE1 and UE2.
They are two years old, for not under same Access Network, the i.e. UE in same PAN network not is as UE1 among Fig. 1 and UE3, owing to need telecommunication, therefore the communication between them need exchange via the switching center that operator provides, that is to say, when UE1 need communicate with UE2, initiate request by its Access Network A by UE1, pass through switching center and Access Network B then, could arrive UE3.Except some control signalings, the transfer of data of UE1 needs successively to pass through Access Network A, switching center and Access Network B equally, just can be transferred to UE3.
In actual applications, there is following problem in such scheme: the fail safe of communicating by letter between each UE in same user network can't be guaranteed, and has taken switching center's resource in the communication largely between each UE.
Cause the main cause of this situation to be, owing to what adopt between the UE that is in same PAN network in the same user network is point-to-point communication, promptly Tong Xin UE both sides need not through core net, only directly connect and communicate in the PAN network internal, there is not any safety certification measure, thereby can't guarantees the fail safe of communicating by letter.And when the UE that communicates in the same user network was not in the same PAN network, communicating pair must just can communicate by switching center, had taken the ample resources of switching center.
Summary of the invention
In view of this, main purpose of the present invention is to provide the communication system and the method thereof of subscriber equipment in a kind of user network, makes that the communication information between the interior UE of user network can access safety guarantee.
For achieving the above object, the invention provides the communication system of subscriber equipment in a kind of user network, comprise at least two subscriber equipmenies and the Access Network thereof that belong to same user, also comprise:
Management entity is used to preserve the log-on message of described subscriber equipment and described subscriber equipment is carried out safety certification;
First subscriber equipment is set up when communicating by letter at needs and second subscriber equipment, by its Access Network communication request is sent to described management entity, described management entity carries out safety certification according to this communication request and the log-on message preserved to described first, second subscriber equipment, and first, second subscriber equipment is directly set up point-to-point connection behind authentication success.
Wherein, described communication request comprises the log-on message of described first subscriber equipment and the device id of described second subscriber equipment.
In this external described system, described management entity also is used for behind authentication success sending to described second subscriber equipment request message of the described communication that comprises described first customer equipment identification number, and receive the feedback information whether this second subscriber equipment accepts this request, if this second subscriber equipment is accepted this request, then this management entity generates temporary key, and this key is sent to this first, second subscriber equipment.
In this external described system, described management entity also is used for sending a notification message to described first subscriber equipment according to the feedback information of described second subscriber equipment, if this second subscriber equipment is accepted this request, then this management entity sends the affirmation message that allows this communication to this first subscriber equipment, and this first, second subscriber equipment uses described key to set up point-to-point connection.
In this external described system, described first, second subscriber equipment is positioned at same individual domain network, is undertaken alternately by same Access Network and described management entity, and described point-to-point connection is the direct connection in this individual domain network scope.
In this external described system, described first, second subscriber equipment is positioned at different individual domain networks or independently is connected with Access Network, Access Network and described management entity by separately carry out alternately, and described point-to-point connection is the long-range connection of setting up by Access Network separately.
The present invention also provides the communication means of subscriber equipment in a kind of user network, comprises following steps:
Two subscriber equipmenies that belong to same user are when needs are communicated by letter, and first subscriber equipment sends to communication request and preserves described user equipment registration management of information entity by its Access Network, and request foundation is connected with second subscriber equipment;
Described management entity carries out safety certification according to this communication request and the log-on message preserved to described first, second subscriber equipment;
Described first, second subscriber equipment is directly set up point-to-point connection behind authentication success.
Wherein, described communication request comprises the log-on message of described first subscriber equipment and the device id of described second subscriber equipment.
In this external described method, also comprise following steps:
Described first, second subscriber equipment is registered in described management entity in advance, and this management entity is preserved the log-on message of this first, second subscriber equipment.
In this external described method, also comprise following steps:
Described management entity is behind described authentication success, send the request message of the described communication that includes described first customer equipment identification number to described second subscriber equipment, when this second subscriber equipment receives this request message, return the feedback message of whether accepting this request to described management entity;
If described management entity receives the feedback message that described second subscriber equipment is accepted this request, then generate temporary key, this key is sent to described first, second subscriber equipment, and send the affirmation message that allows this communication to described first subscriber equipment;
Described first, second subscriber equipment uses described key to set up point-to-point connection.
By relatively finding, the main distinction of technical scheme of the present invention and prior art is, before two UE in the user network set up the point-to-point connection, earlier by Access Network to the safety certification of management entity request to relevant UE, only the authentication of relevant UE all by the time point-to-point just set up connect.By increasing the safety certification before connecting, prevented that illegal UE is to the unwarranted visit of UE in the user network.Management entity can also provide key to ensure data transmission safety by the UE to authentication success.
If two UE are in same individual domain network, then point-to-point connection is the direct connection in this individual domain network scope.If two UE are not in same individual domain network, then point-to-point connection is the long-range connection of setting up by Access Network separately.Because the point-to-point between two UE connects without switching center, so can save the resource of switching center when telecommunication.
Description of drawings
Fig. 1 is the schematic diagram that the UE in the same user network communicates in the prior art;
Fig. 2 is the communication system architecture figure according to UE in the user network of first embodiment of the invention;
Fig. 3 is the communication system architecture figure according to UE in the user network of second embodiment of the invention;
Fig. 4 is the communication means flow chart according to UE in the user network of third embodiment of the invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with accompanying drawing.
Core of the present invention is, when two UE that belong to same user need communicate, by the management entity in this user network communicating pair is carried out safety certification, guarantee the legitimacy of communicating pair, and after authentication is passed through, further provide key for communicating pair, make the communicating pair safety of data transmission be protected by management entity.
Principle according to the present invention below describes the communication system of UE in the first embodiment of the invention user network.
As shown in Figure 2, the communication system of UE comprises at least two UE and the Access Network thereof that belongs to same user in the user network, and is used to preserve the log-on message of these UE and it is carried out the management entity of safety certification.Wherein, above-mentioned each UE that belongs to same user is positioned at same PAN network, and is undertaken alternately by same Access Network and its management entity.
Specifically, a plurality of UE that belong to same user in the native system register in its management entity before needs communicate in advance, and simultaneously, this management entity is preserved the log-on message of each UE that registers.Thereafter, when this user's UE1 need communicate by letter with the UE2 foundation that belongs to this user, UE1 at first sends communication request by its common Access Network A to management entity, and request communicates with UE2, comprises the log-on message of UE1 itself and the device id of UE2 in this communication request.After management entity receives this request, according to the log-on message of being preserved before UE1 and UE2 are carried out safety certification, such as, whether the log-on message of UE1 is consistent with the log-on message of being preserved in the management entity contrast communication request, judge whether the UE1 that initiates communication request is legal, and judge that according to the identification number of UE2 whether UE2 has registered, and carries out safety certification to UE1 and UE2.If authentication success, then this management entity sends the request message of communicating by letter to UE2, comprises the device id of UE1 in the request message.After UE2 received this request message, whether decision was agreed to communicate with UE1, and sends corresponding feedback information according to this decision to management entity.Management entity is judged the feedback information that receives, the request that if UE2 accepts and UE1 communicates, then management entity further is that UE1 and UE2 generate temporary key, and this key sent to UE1 and UE2 respectively, simultaneously, management entity sends to UE1 with the affirmation message that UE2 accepts this communication.UE1 and UE2 set up its direct connection in the PAN network range after receiving this key, and after connecting foundation, the temporary key that provides by management entity communicates.
The second embodiment of the invention and first execution mode are roughly the same, as shown in Figure 3, in second execution mode in the user network communication system of UE comprise at least two UE and the Access Network thereof that belongs to same user, and be used to preserve the log-on message of these UE and it is carried out the management entity of safety certification, it is distinguished each UE that belongs to same user in the system that only is second execution mode and is positioned at same PAN network, each UE is undertaken alternately by Access Network and management entity separately, and the UE both sides that need communicate set up long-range connection by Access Network separately after the safety certification success.
Such as same user has a plurality of UE, and wherein, UE1 and UE3 be not in same PAN network, and UE1 is connected with Access Network A, and UE3 is connected with Access Network B.When UE1 need communicate with UE3, UE1 sent the communication request of communicating by letter with UE3 by Access Network A to management entity, comprises the log-on message of UE1 itself and the device id of UE3 in this communication request.Management entity carries out safety certification according to request message that receives and the log-on message of being preserved to UE1 and UE3, if safety certification is successful, then sends the communication request message of the device id that comprises UE1 to UE3.UE3 is by the request message of Access Network B reception from management entity, and whether decision is agreed to communicate with UE1, and sends corresponding feedback information according to this decision to management entity.If management entity receives the feedback information that this communication is carried out in the UE3 agreement, then further be that UE1 and UE3 generate temporary key, and this key sent to UE1 and UE3 respectively that simultaneously, management entity sends to UE1 with the affirmation message that UE2 accepts this communication.UE1 and UE3 set up long-range the connection by Access Network A with Access Network B respectively after receiving this key, and after connecting foundation, communicate by this temporary key.
The communication means of UE in the third embodiment of the invention user network, as shown in Figure 4, in step 410, UE1 sends the communication request of communicating by letter with UE2 to management entity in the time need communicating with the UE2 that belongs to same user.Specifically, the UE1 and the UE2 that belong to same user can be positioned at same PAN network, also can be positioned at different PAN networks, if UE1 and UE2 are positioned at same PAN network, then UE1 sends the communication request of communicating by letter with UE2 by its common Access Network to management entity when needs communicate with UE2; If UE1 is positioned at different PAN networks with UE2, then UE1 sends the communication request of communicating by letter with UE2 by the Access Network under it to management entity when needs communicate with UE2.Wherein, comprise the log-on message of UE1 and the device id of UE2 in the communication request.
Then enter step 420, management entity carries out safety certification according to information wherein to UE1 and UE2 after receiving communication request from UE1.
Specifically, each the UE needs that belongs to same user are registered in management entity in advance, and management entity also need be preserved the log-on message of registered UE.Therefore, after management entity receives communication request from UE1, can carry out safety certification to UE1 and UE2 according to information in this communication request and the log-on message of itself preserving.
Then enter step 430, whether through safety certification management entity judges UE1 and UE2, if by would enter step 450, otherwise, if do not pass through, then enter step 440, management entity returns this communication request failure to UE1.Because only the UE both sides of needs communication all through safety certification the time, management entity just continues this this communication request, thereby has prevented that effectively illegal UE to the unwarranted visit of UE in the user network, having ensured the fail safe of communicating pair.
In step 450, UE1 and UE2 through safety certification, management entity sends the request message of communication to UE2, comprises the device id of UE1 in the request message.
Then enter step 460, UE2 receives the request message from management entity, and whether agrees to carry out this communication according to the device id decision of UE1 wherein.Equally, if UE1 and UE2 are positioned at same PAN network, then UE2 passes through the request message of its common Access Network reception from management entity, and whether decision agrees to carry out this communication; If UE1 is positioned at different PAN networks with UE2, then UE2 passes through the request message of its affiliated Access Network reception from management entity, and whether decision agrees to carry out this communication.If UE2 agrees to carry out this communication, then send the feedback message of accepting this communication to management entity, enter step 480, otherwise, then enter step 470, UE2 sends the feedback message of refusing this communication to management entity, after management entity is received this refuse information, and then this communication request failure of notice UE1.
In step 480, because UE2 agrees to communicate with UE1, so management entity is this communication generation temporary key, and this temporary key is sent to UE1 and UE2 respectively, and simultaneously, management entity sends to UE1 with the affirmation message that UE2 accepts this communication.Because this temporary key is interim the generation when UE both sides need communicate, and stronger randomness and real-time are arranged, be difficult for being cracked by illegal user, communicating pair communicates by temporary key, has ensured safety of data transmission in the communication process.
Then enter step 490, UE1 and UE2 set up point-to-point connection and communicate after receiving this temporary key.Specifically, if UE1 and UE2 are in the same PAN network, then UE both sides set up the direct connection in its PAN network range, and after connecting foundation, the temporary key that provides by management entity communicates; If UE1 and UE2 are not in the same PAN network, then UE1 sets up long-range the connection by its Access Network separately respectively with UE2, and equally after connect setting up, communicates by this temporary key.Because when carrying out telecommunication, the UE both sides of communication no longer need to have saved the resource of switching center to a great extent by switching center, and its resource can more reasonably be utilized.
Though pass through with reference to some of the preferred embodiment of the invention, the present invention is illustrated and describes, but those of ordinary skill in the art should be understood that and can do various changes to it in the form and details, and without departing from the spirit and scope of the present invention.

Claims (10)

1.一种用户网络中用户设备的通信系统,包含属于同一用户的至少两个用户设备及其接入网,其特征在于,还包含:1. A communication system for user equipment in a user network, comprising at least two user equipment belonging to the same user and an access network thereof, characterized in that it also includes: 管理实体,用于保存所述用户设备的注册信息并对所述用户设备进行安全认证;A management entity, configured to save the registration information of the user equipment and perform security authentication on the user equipment; 第一用户设备在需要与第二用户设备建立通信时,通过其接入网将通信请求发送给所述管理实体,所述管理实体根据该通信请求以及所保存的注册信息对所述第一、第二用户设备进行安全认证,第一、第二用户设备在认证成功后直接建立点对点连接。When the first user equipment needs to establish communication with the second user equipment, it sends a communication request to the management entity through its access network, and the management entity performs the communication request for the first and second user equipment according to the communication request and the stored registration information. The second user equipment performs security authentication, and the first and second user equipment directly establish a point-to-point connection after successful authentication. 2.根据权利要求1所述的用户网络中用户设备的通信系统,其特征在于,所述通信请求包含所述第一用户设备的注册信息以及所述第二用户设备的设备标识号。2. The communication system for user equipment in a user network according to claim 1, wherein the communication request includes the registration information of the first user equipment and the device identification number of the second user equipment. 3.根据权利要求1所述的用户网络中用户设备的通信系统,其特征在于,所述管理实体还用于在认证成功后向所述第二用户设备发送包含所述第一用户设备标识号的所述通信的请求消息,并接收该第二用户设备是否接受本次请求的反馈信息,如果该第二用户设备接受本次请求,则该管理实体生成临时密钥,并将该密钥发送给该第一、第二用户设备。3. The communication system for user equipment in a user network according to claim 1, wherein the management entity is further configured to send a message containing the first user equipment identification number to the second user equipment after the authentication is successful. The request message of the communication, and receive the feedback information of whether the second user equipment accepts the request, if the second user equipment accepts the request, the management entity generates a temporary key, and sends the key to to the first and second user equipments. 4.根据权利要求3所述的用户网络中用户设备的通信系统,其特征在于,所述管理实体还用于根据所述第二用户设备的反馈信息向所述第一用户设备发送通知消息,如果该第二用户设备接受本次请求,则该管理实体向该第一用户设备发送允许本次通信的确认消息,该第一、第二用户设备使用所述密钥建立点对点的连接。4. The communication system for user equipment in a user network according to claim 3, wherein the management entity is further configured to send a notification message to the first user equipment according to the feedback information of the second user equipment, If the second user equipment accepts this request, the management entity sends a confirmation message to the first user equipment to allow this communication, and the first and second user equipment use the key to establish a point-to-point connection. 5.根据权利要求1至4中任一项所述的用户网络中用户设备的通信系统,其特征在于,所述第一、第二用户设备位于同一个个人域网络内,通过同一个接入网与所述管理实体进行交互,所述点对点连接是该个人域网络范围内的直接连接。5. The communication system for user equipment in a user network according to any one of claims 1 to 4, wherein the first and second user equipment are located in the same personal area network and are connected through the same access The network interacts with the management entity, and the point-to-point connection is a direct connection within the scope of the personal area network. 6.根据权利要求1至4中任一项所述的用户网络中用户设备的通信系统,其特征在于,所述第一、第二用户设备位于不同的个人域网络内或独立与接入网连接,通过各自的接入网与所述管理实体进行交互,所述点对点连接是通过各自的接入网建立的远程连接。6. The communication system for user equipment in a user network according to any one of claims 1 to 4, wherein the first and second user equipment are located in different personal area networks or are independent from the access network connection to interact with said management entity through a respective access network, said point-to-point connection being a remote connection established through a respective access network. 7.一种用户网络中用户设备的通信方法,其特征在于,包含以下步骤:7. A communication method for user equipment in a user network, comprising the following steps: 属于同一用户的两个用户设备在需要通信时,第一用户设备将通信请求通过其接入网发送给保存有所述用户设备注册信息的管理实体,请求建立与第二用户设备的连接;When two user equipment belonging to the same user need to communicate, the first user equipment sends a communication request to the management entity that stores the user equipment registration information through its access network, and requests to establish a connection with the second user equipment; 所述管理实体根据该通信请求以及所保存的注册信息对所述第一、第二用户设备进行安全认证;The management entity performs security authentication on the first and second user equipments according to the communication request and the stored registration information; 所述第一、第二用户设备在认证成功后直接建立点对点连接。The first and second user equipments directly establish a point-to-point connection after successful authentication. 8.根据权利要求7所述的用户网络中用户设备的通信方法,其特征在于,所述通信请求包含所述第一用户设备的注册信息以及所述第二用户设备的设备标识号。8. The communication method for user equipment in a user network according to claim 7, wherein the communication request includes the registration information of the first user equipment and the device identification number of the second user equipment. 9.根据权利要求7所述的用户网络中用户设备的通信方法,其特征在于,还包含以下步骤:9. The communication method for user equipment in the user network according to claim 7, further comprising the following steps: 所述第一、第二用户设备预先在所述管理实体中进行注册,该管理实体保存该第一、第二用户设备的注册信息。The first and second user equipments are registered in the management entity in advance, and the management entity saves the registration information of the first and second user equipments. 10.根据权利要求7所述的用户网络中用户设备的通信方法,其特征在于,还包含以下步骤:10. The communication method for user equipment in the user network according to claim 7, further comprising the following steps: 所述管理实体在所述认证成功后,向所述第二用户设备发送包含有所述第一用户设备标识号的所述通信的请求消息,该第二用户设备接收到该请求消息时,向所述管理实体返回是否接受本次请求的反馈消息;After the authentication is successful, the management entity sends to the second user equipment a request message for the communication including the identification number of the first user equipment, and when the second user equipment receives the request message, it sends the request message to the second user equipment The management entity returns a feedback message whether to accept this request; 如果所述管理实体接收到所述第二用户设备接受本次请求的反馈消息,则生成临时密钥,将该密钥发送给所述第一、第二用户设备,并向所述第一用户设备发送允许本次通信的确认消息;If the management entity receives a feedback message that the second user equipment accepts this request, generate a temporary key, send the key to the first and second user equipment, and send the key to the first user equipment The device sends a confirmation message to allow this communication; 所述第一、第二用户设备使用所述密钥建立点对点连接。The first and second user equipments use the key to establish a point-to-point connection.
CNA2006100254380A 2006-04-04 2006-04-04 Communication system and its method for user's device in user's network Pending CN101051967A (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
CNA2006100254380A CN101051967A (en) 2006-04-04 2006-04-04 Communication system and its method for user's device in user's network
PCT/CN2007/001074 WO2007112692A1 (en) 2006-04-04 2007-04-03 A communication method in the user network and a system thereof
JP2009503394A JP2009532959A (en) 2006-04-04 2007-04-03 Communication method and communication system in user network
CNA2007800003737A CN101317390A (en) 2006-04-04 2007-04-03 Communication method and system in user network
KR1020087025794A KR101076332B1 (en) 2006-04-04 2007-04-03 Method and system for communication in user network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNA2006100254380A CN101051967A (en) 2006-04-04 2006-04-04 Communication system and its method for user's device in user's network

Publications (1)

Publication Number Publication Date
CN101051967A true CN101051967A (en) 2007-10-10

Family

ID=38563114

Family Applications (2)

Application Number Title Priority Date Filing Date
CNA2006100254380A Pending CN101051967A (en) 2006-04-04 2006-04-04 Communication system and its method for user's device in user's network
CNA2007800003737A Pending CN101317390A (en) 2006-04-04 2007-04-03 Communication method and system in user network

Family Applications After (1)

Application Number Title Priority Date Filing Date
CNA2007800003737A Pending CN101317390A (en) 2006-04-04 2007-04-03 Communication method and system in user network

Country Status (4)

Country Link
JP (1) JP2009532959A (en)
KR (1) KR101076332B1 (en)
CN (2) CN101051967A (en)
WO (1) WO2007112692A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101772199A (en) * 2008-11-24 2010-07-07 华为终端有限公司 Method and device for establishing D2D network
WO2014047908A1 (en) * 2012-09-28 2014-04-03 Broadcom Corporation Methods, devices and computer program products improving device-to-device communication
CN102422703B (en) * 2009-03-12 2014-09-17 诺基亚通信公司 Device-to-device communication
CN108650090A (en) * 2018-07-17 2018-10-12 江苏亨通问天量子信息研究院有限公司 Quantum secure facsimile machine and quantum secure fasystem
CN111711522A (en) * 2020-05-13 2020-09-25 刘中恕 Multi-region entity identity authentication system based on cloud sharing mechanism

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8196186B2 (en) 2008-05-20 2012-06-05 Microsoft Corporation Security architecture for peer-to-peer storage system
US8548467B2 (en) * 2008-09-12 2013-10-01 Qualcomm Incorporated Ticket-based configuration parameters validation
US9148335B2 (en) 2008-09-30 2015-09-29 Qualcomm Incorporated Third party validation of internet protocol addresses
WO2013027916A1 (en) * 2011-08-24 2013-02-28 에스케이플래닛 주식회사 System and method for providing a cpns service

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002335263A (en) * 2001-05-08 2002-11-22 Olympus Optical Co Ltd Information terminal communication system
JP4117658B2 (en) * 2001-08-09 2008-07-16 大宏電機株式会社 Communication authentication method
WO2004071037A1 (en) * 2003-02-04 2004-08-19 Matsushita Electric Industrial Co., Ltd. Communication system, and communication control server and communication terminals constituting that communication system
JP4018584B2 (en) * 2003-04-01 2007-12-05 キヤノン株式会社 Wireless connection device authentication method and wireless connection device
US8009608B2 (en) * 2004-04-16 2011-08-30 Broadcom Corporation Method and system for extended network access services advertising via a broadband access gateway
US20050239445A1 (en) * 2004-04-16 2005-10-27 Jeyhan Karaoguz Method and system for providing registration, authentication and access via broadband access gateway
KR100678933B1 (en) * 2004-05-25 2007-02-07 삼성전자주식회사 Coordinator based wireless network communication method and communication method between coordinator based wireless networks connected to backbone network
EP1686444A1 (en) * 2005-01-27 2006-08-02 Research In Motion Limited Wireless personal area network having authentication and associated methods

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101772199A (en) * 2008-11-24 2010-07-07 华为终端有限公司 Method and device for establishing D2D network
CN102422703B (en) * 2009-03-12 2014-09-17 诺基亚通信公司 Device-to-device communication
US9572193B2 (en) 2009-03-12 2017-02-14 Nokia Solutions And Networks Oy Device-to-device communication
WO2014047908A1 (en) * 2012-09-28 2014-04-03 Broadcom Corporation Methods, devices and computer program products improving device-to-device communication
US9848453B2 (en) 2012-09-28 2017-12-19 Avago Technologies General Ip (Singapore) Pte. Ltd. Methods, devices and computer program products improving device-to-device communication
CN108650090A (en) * 2018-07-17 2018-10-12 江苏亨通问天量子信息研究院有限公司 Quantum secure facsimile machine and quantum secure fasystem
CN108650090B (en) * 2018-07-17 2024-05-03 江苏亨通问天量子信息研究院有限公司 Quantum security fax machine and quantum security fax system
CN111711522A (en) * 2020-05-13 2020-09-25 刘中恕 Multi-region entity identity authentication system based on cloud sharing mechanism

Also Published As

Publication number Publication date
KR20090006110A (en) 2009-01-14
WO2007112692A1 (en) 2007-10-11
WO2007112692A8 (en) 2007-12-06
JP2009532959A (en) 2009-09-10
KR101076332B1 (en) 2011-10-26
CN101317390A (en) 2008-12-03

Similar Documents

Publication Publication Date Title
CN101051967A (en) Communication system and its method for user's device in user's network
US11570315B2 (en) System and method for remote fax interconnect
CN1351789A (en) Method and apparatus for initializing secure communications among and for exclusively pairing wireless devices
CN1369183A (en) Method and system for verifying authenticity of first communication participants in communications network
CN1691603A (en) A method for implementing equipment group and intercommunication between grouped equipments
CN1756148A (en) Mobile authentication for web access
CN1682487A (en) WLAN Access Authentication System
CN1726483A (en) Authentication in a communication system
EP2647180B1 (en) Apparatus and method for subscription to a service and use of the service
CN101958822A (en) Encrypted communication system and gateway device
CN1728638A (en) Cordless communication network, wireless terminal, access server and method thereof
CN1941700A (en) Granting privileges and sharing resources in a telecommunications system
CN1277373C (en) Method for transmitting user position information in network communication system
CN101729557A (en) Method and system for realizing resource sharing of terminal equipment
CN1406034A (en) Electronic apparatus with relay function in wireless data communication
CN1976338A (en) Coordinate access control system of ternary structure
CN1602109A (en) A Method for Improving Handover Performance of Mobile Terminals in Wireless IP System
CN100571136C (en) Personal area network and communication method for devices therein
US20080155098A1 (en) Method and system for a portable wireless range
CN100370776C (en) System and method for realizing multi-user access by LAN terminal
CN101039227A (en) Communication system of sharing access network and method for performing service message interaction
CN1223155C (en) Method for realizing 802.1 X communication based on group management
KR101174028B1 (en) A virtualization gateway system for internet phone
CN1180605C (en) A kind of IP telephone system and its communication method
CN101106466A (en) Content business support system and method for realizing user single-point authentication interoperable access

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication