Abstract: A method, system and apparatus for implementing secure call forwarding are provided in the present invention. The method includes: a calling party calling a called party, the called party triggering the subscribed call forwarding service; a key management server (KMS) obtaining information of a legal call-forwarded party of the called party through an application server; the call-forwarded party obtaining a media key from the KMS; and the calling party establishing a call connection with the call-forwarded party.

Abstract: A method and a system for single sign-on are provided by the present invention, wherein the method comprises: a terminal sending an authentication request carrying a user identity identification to an RP and the RP redirecting the authentication request to an authentication center; the authentication center authenticating the terminal by means of SIP Digest and redirecting the authentication result to the RP via the terminal; and the RP providing services for the terminal according to an authentication result. By the present invention, the resources required by the operators to deploy GBAs are reduced, at the same time the requirement of non-UICC terminals accessing IMS network can be met, and the relevant application services of the IMS network can be accessed by means of SSO.

Abstract: It is provided a method and system for multi-access authentication in Next Generation Network (NGN). A network side authentication center (NSAC) generates an authentication vector after receiving, from a user terminal (UT), UT information including subscription information and multi-access information of the UT; after receiving an authentication request including authentication information from the NSAC, the UT performs authentication on the network side, generates keying material and network side authentication information (NSAI) upon successful authentication, and sends the NSAI to the NSAC, which performs authentication on the NSAI using the authentication vector, generates keying material according to the multi-access information of the UT upon successful authentication, and informs an access forwarding functional module (AFFM) of the keying material; the AFFM encrypts and decrypts access service information of the UT according to the keying material.

Abstract: An authentication method and an authentication system based on forking, and a forking authentication device are provided.

Abstract: The disclosure discloses a method for protecting security of layer-3 mobility user plane data in Next Generation Network (NGN), includes: performing authentication by a terminal with an authentication server; after the authentication is passed, obtaining a shared key material by both the terminal and the authentication server; generating, by the terminal and the authentication server, a mobility data security key according to the shared key material; transmitting, by the authentication server, the generated mobility data security key to a mobility data transmission module; protecting security of the layer-3 mobility user plane data, by the terminal and the mobility data transmission module, by using the mobility data security key. The disclosure also discloses a system for protecting security of layer-3 mobility user plane data in NGN.

Abstract: The present invention relates to a method for realizing a secure forking call session, which comprises: performing authentication between a calling party and a KMS or between each called party and the KMS, and acquiring a shared key between the calling party and the KMS or a shared key between each called party and the KMS; generating a random number by the calling party and calling each called party through an IMS; generating a random number by each called party and acquiring a media root key from the KMS; generating a media key, which is shared with the calling party, by each called party according to the media root key and the random number generated by the called party; sending the media root key and the generated random number by a called response party in the called parties, who responds the call, to the calling party through the IMS network; generating a media key identical to that of the called response party by the calling party according to the media root key and the random number generated by the c

Abstract: A method for transmitting deferred media information in an Internet Protocol (IP) multimedia subsystem (IMS) includes: a sending party of the media information sends a key generation parameter encrypted with a Ka to a mailbox application server of a receiving party of the media information, the mailbox application server stores or saves the encrypted key generation parameters, and sends the encrypted key generation parameters to a key management server (KMS); the KMS generates a media key K and forwards it to the sending party through the mailbox application server of the receiving party; the receiving party obtains the encrypted key generation parameter from the mailbox application server and sends it to the KMS; the KMS generates the K and sends it to the receiving party; the receiving party decrypts the encrypted media information by using the K. A corresponding system is also disclosed.

Abstract: The present invention provides a safe handover method and system which are applied in a handover process of a terminal in the next generation network, wherein the next generation network comprises a handover management module, an authentication server and a terminal. The safe handover method comprises: presetting initial safety parameters in the authentication server and the terminal, and generating safety parameters from the initial safety parameters; the handover management module obtaining the safety parameters; and the handover management module and the terminal interacting with each other by using the generated safety parameters to ensure a communication safety between the two communication parties. The present invention can ensure the communication safety between the terminal and the handover management module.

Abstract: The present invention discloses a method for obtaining key management server information, and an intercepting method, system and device, including: in the process of a user equipment registering an IP multimedia subsystem (IMS), storing the KMS information corresponding to the user equipment in a preset IMS core network network element; and when a lawful intercepting device monitors a session initiated by the user equipment, intercepting a session request signaling sent by the user equipment, and obtaining an identification information of the user equipment from the session request signaling, and searching the KMS information corresponding to the user equipment from the preset IMS core network network element according to the identification information of the user equipment. The technical solution of the present invention makes the requirement of lawful intercepting be met without depending on security of the signaling plane when a plurality of KMSs are deployed in the IP multimedia subsystem.

Abstract: A method and system for supporting mobility security in a next generation network are provided. A Transport Authentication and Authorization Functional Entity (TAA-FE) and a mobile agent functional entity are configured in the network, and a reference point for transmitting key material is established between the TAA-FE and the mobile agent functional entity; when a terminal moves, the mobile agent functional entity receives the key material from the TAA-FE, and performs security protection for signaling between the terminal and the mobile agent functional entity.

Abstract: A method for monitoring a picture or multimedia video pictures in a communication system is provided. The method includes following steps: a monitoring node extracts a picture or multimedia video pictures from communication data; a preprocessing system divides the picture or multimedia video pictures into multiple parts, and executes hash calculation respectively to obtain hash value of each part; the preprocessing system processes multiple hash values to construct a single ID; a primary monitoring system searches a template base for the ID, the template base includes multiple items, and each item includes an ID and hash values of which the ID in the item is composed; if the ID is not found, the primary monitoring system searches the template base for each hash value respectively; and the primary monitoring system informs the search result to the preprocessing system and the monitoring node. The present invention improves the efficiency of monitoring a picture or multimedia video pictures in communications.

Abstract: The disclosure provides a method for multi-access authentication in Next Generation Network (NGN), which includes: a network side authentication center generates an authentication vector after receiving user terminal information from a user terminal, wherein the user terminal information includes subscription information and multi-access information of the user terminal; the user terminal performs authentication on the network side after receiving an authentication request from the network side authentication center, and generates keying material and network side authentication information upon successful authentication, and sends the network side authentication information to the network side authentication center, wherein the authentication request includes authentication information; the network side authentication center performs authentication on the network side authentication information using the authentication vector, generates keying material according to the multi-access information of the user ter

Abstract: A method and a system for single sign-on are provided by the present invention, wherein the method comprises: a terminal sending an authentication request carrying a user identity identification to an RP and the RP redirecting the authentication request to an authentication center; the authentication center authenticating the terminal by means of SIP Digest and redirecting the authentication result to the RP via the terminal; and the RP providing services for the terminal according to an authentication result. By the present invention, the resources required by the operators to deploy GBAs are reduced, at the same time the requirement of non-UICC terminals accessing IMS network can be met, and the relevant application services of the IMS network can be accessed by means of SSO.

Abstract: The disclosure discloses a method for protecting security of layer-3 mobility user plane data in Next Generation Network (NGN), includes: performing authentication by a terminal with an authentication server; after the authentication is passed, obtaining a shared key material by both the terminal and the authentication server; generating, by the terminal and the authentication server, a mobility data security key according to the shared key material; transmitting, by the authentication server, the generated mobility data security key to a mobility data transmission module; protecting security of the layer-3 mobility user plane data, by the terminal and the mobility data transmission module, by using the mobility data security key. The disclosure also discloses a system for protecting security of layer-3 mobility user plane data in NGN.

Abstract: The disclosure discloses a method for implementing key mapping applied to a Next Generation Network (NGN), which mainly includes: when a handoff of a terminal from an original network to a destination network is performed, an authentication server receiving a key material mapping request from the terminal, mapping an original key material in the original network to obtain a destination key material in the destination network, and setting up communication security between the terminal and the destination network. In addition, the disclosure further discloses an authentication server, a terminal and a system for implementing key mapping. By applying the solution of the disclosure, when the handoff of the terminal between different NGNs is performed, it is possible to improve the efficiency of session key generation and to reduce the time delay of the handoff of the terminal between the networks, and it is advantageous to reduce authentication signaling interaction and the load of the authentication server.

Abstract: The present invention discloses a method for obtaining key management server information, and an intercepting method, system and device, including: in the process of a user equipment registering an IP multimedia subsystem (IMS), storing the KMS information corresponding to the user equipment in a preset IMS core network network element; and when a lawful intercepting device monitors a session initiated by the user equipment, intercepting a session request signaling sent by the user equipment, and obtaining an identification information of the user equipment from the session request signaling, and searching the KMS information corresponding to the user equipment from the preset IMS core network network element according to the identification information of the user equipment. The technical solution of the present invention makes the requirement of lawful intercepting be met without depending on security of the signaling plane when a plurality of KMSs are deployed in the IP multimedia subsystem.

Abstract: A method, system and apparatus for implementing secure call forwarding are provided in the present invention. The method includes: a calling party calling a called party, the called party triggering the subscribed call forwarding service; a key management server (KMS) obtaining information of a legal call-forwarded party of the called party through an application server; the call-forwarded party obtaining a media key from the KMS; and the calling party establishing a call connection with the call-forwarded party.

Abstract: The present invention provides a safe handover method and system which are applied in a handover process of a terminal in the next generation network, wherein the next generation network comprises a handover management module, an authentication server and a terminal. The safe handover method comprises: presetting initial safety parameters in the authentication server and the terminal, and generating safety parameters from the initial safety parameters; the handover management module obtaining the safety parameters; and the handover management module and the terminal interacting with each other by using the generated safety parameters to ensure a communication safety between the two communication parties. The present invention can ensure the communication safety between the terminal and the handover management module.

Abstract: A method for transmitting deferred media information in an Internet Protocol (IP) multimedia subsystem (IMS) includes: a sending party of the media information sends a key generation parameter encrypted with a Ka to a mailbox application server of a receiving party of the media information, the mailbox application server stores or saves the encrypted key generation parameters, and sends the encrypted key generation parameters to a key management server (KMS); the KMS generates a media key K and forwards it to the sending party through the mailbox application server of the receiving party; the receiving party obtains the encrypted key generation parameter from the mailbox application server and sends it to the KMS; the KMS generates the K and sends it to the receiving party; the receiving party decrypts the encrypted media information by using the K. A corresponding system is also disclosed.

Abstract: The present invention provides a method and a system for transmitting delay media information in an IP multimedia subsystem, the system includes: a sending party of media information, a receiving party of the media information, a KMS and a mailbox server of the receiving party of the media information. The method and system of the present invention establishes an end-to-end security association between the sending party and the receiving party of the media information to encrypt the media information between them, without any need for the KMS to store the media key; at the same time, the security association is also established between the sending party and the mailbox server of the receiving party, and between the mailbox server of the receiving party and the receiving party, to perform an integrity protection and a mutual authentication between them, thus the security transmission of the IMS delay media information can be realized.