密钥配置及安全策略确定方法、装置制造方法及图纸

本申请提供了一种密钥配置方法，会话管理网元接收端到端的通信的请求并获取安全策略，所述安全策略依据归属用户服务器中预置的所述用户设备的用户安全需求、来自所述用户设备的业务安全需求、所述用户设备支持的安全能力需求、来自运营商网络的安全能力需求和所述端到端的通信的另一端设备的安全需求的至少一种确定。会话管理网元获取用于对所述端到端的通信进行保护的保护密钥，所述保护密钥依据所述安全策略以及所述用户设备与所述运营商网络之间的共享密钥确定。会话管理网元向端到端的通信的两端的设备发送安全策略和/或保护密钥。可以看出，会话管理网元能够为端到端通信的两端设备配置会话保护密钥，从而提高端到端通信的安全性。

Key Configuration and Security Policy Determining Method and Device

This application provides a key configuration method in which session management network elements receive end-to-end communication requests and obtain security policies based on user security requirements of the user equipment preset in the home user server, business security requirements from the user equipment, security capability requirements supported by the user equipment, and security capabilities from the operator network. Force requirements and at least one determination of the security requirements of the device at the other end of the end-to-end communication. The session management network element acquires a protection key for protecting the end-to-end communication, which is determined according to the security policy and the shared key between the user equipment and the operator network. Session management network elements send security policies and/or protection keys to devices at both ends of end-to-end communication. It can be seen that session management network elements can configure session protection keys for end-to-end devices, thus improving the security of end-to-end communication.

【技术实现步骤摘要】
【国外来华专利技术】PCT国内申请，说明书已公开。

【技术保护点】
PCT国内申请，权利要求书已公开。

【技术特征摘要】
【国外来华专利技术】2016.07....

【专利技术属性】
技术研发人员：张博，吴荣，甘露，
申请(专利权)人：华为技术有限公司，
类型：发明
国别省市：广东,44