Abstract: The present embodiments provide a method for managing a hardware resource, a method for querying a location of a hardware resource, and a related apparatus. The method for managing a hardware resource includes receiving, by a virtualized infrastructure manager (VIM), a hardware resource allocation request message sent by a VNF management entity, where the hardware resource allocation request message is used to request the VIM to allocate a hardware resource to a virtual machine that runs a VNFC, and the hardware resource allocation request message includes location information of the hardware resource that the virtual machine requests to allocate. The method also includes allocating, by the VIM, the hardware resource at a corresponding location to the virtual machine according to the location information of the hardware resource.

Abstract: The present embodiments provide a method for managing a hardware resource, a method for querying a location of a hardware resource, and a related apparatus. The method for managing a hardware resource includes receiving, by a virtualized infrastructure manager (VIM), a hardware resource allocation request message sent by a VNF management entity, where the hardware resource allocation request message is used to request the VIM to allocate a hardware resource to a virtual machine that runs a VNFC, and the hardware resource allocation request message includes location information of the hardware resource that the virtual machine requests to allocate. The method also includes allocating, by the VIM, the hardware resource at a corresponding location to the virtual machine according to the location information of the hardware resource.

Abstract: The present embodiments provide a method for managing a hardware resource, a method for querying a location of a hardware resource, and a related apparatus. The method for managing a hardware resource includes receiving, by a virtualized infrastructure manager (VIM), a hardware resource allocation request message sent by a VNF management entity, where the hardware resource allocation request message is used to request the VIM to allocate a hardware resource to a virtual machine that runs a VNFC, and the hardware resource allocation request message includes location information of the hardware resource that the virtual machine requests to allocate. The method also includes allocating, by the VIM, the hardware resource at a corresponding location to the virtual machine according to the location information of the hardware resource.

Abstract: The present invention discloses a software security verification method, a device, and a system, and relates to the communications field, so as to resolve a problem in the prior art that security verification on a VNF packet increases a VNF instantiation delay and reduces VNF instantiation performance. In a specific solution, after a first device receives an instantiation request of a VNF, the first device performs security verification on a stored VNF packet of the VNF when or after starting to instantiate the VNF according to the instantiation request of the VNF, and the first device sends first result information to a second device when security verification on the VNF packet of the VNF succeeds. The first result information includes information that security verification on the VNF packet of the VNF succeeds. The present invention is applied to software security verification.

Abstract: A certificate management method, a device, and a system relate to the communications field and for certificate management are used to resolve a problem that communication security of a virtual network system is degraded because after a virtualized network function (VNF) instance is terminated in the virtual network system, a private key corresponding to a certificate of the VNF instance may be illegally obtained by an attacker to forge an identity of the VNF instance. A specific solution includes obtaining, by a first device, a certificate identifier of a first instance, and updating certificate status information of the first instance to a revocation state according to the certificate identifier of the first instance, or sending, by the first device, a first request message to a second device, where the first request message requests to revoke a certificate of the first instance.

Abstract: A certificate acquiring method and device, where the method includes receiving a certificate application representation message sent by a newly installed virtualized network function component (VNFC) instance, sending a certificate request message to a certification authority, and acquiring a certificate issued by the certification authority. In this way, the newly installed VNFC instance does not need to use a current manner for a virtualized network function (VNF) to acquire a certificate, which effectively avoids a problem of a cumbersome and more complex process caused when the newly installed VNFC instance acquires a certificate.

Abstract: The embodiments of the present invention disclose a certificate acquiring method and device. A virtualized network function manager (VNFM) receives a certificate application proxy message sent by a virtualized network function (VNF) instance. The VNFM uses the authentication information to authenticate the VNF instance, and when the authentication succeeds, sends a certificate application message to a certificate authority (CA). Then the VNFM receives a certificate issued by the CA, and sends the certificate to the VNF instance. In this way, through a trusted link between the VNFM and the certificate authority, the instantiated VNF instance applies for a certificate issued by the certificate authority, thereby effectively ensuring security of a management channel between the VNF instance and the VNFM.

Abstract: The invention discloses a network function virtualization-based certificate configuration method, apparatus, and system. A virtualized network management entity obtains initial credential information of a virtualized network function entity; and installs the initial credential information onto the virtualized network function entity during or after instantiation of the virtualized network function entity, so that the virtualized network function entity obtains, from a certificate authority by using the initial credential information, a formal certificate issued by a network operator of the virtualized network function entity. The invention not only can apply to a network function virtualization scenario, but also can resolve a problem of a security risk in network function virtualization.

Abstract: The present invention discloses a software security verification method, a device, and a system, and relates to the communications field, so as to resolve a problem in the prior art that security verification on a VNF packet increases a VNF instantiation delay and reduces VNF instantiation performance. In a specific solution, after a first device receives an instantiation request of a VNF, the first device performs security verification on a stored VNF packet of the VNF when or after starting to instantiate the VNF according to the instantiation request of the VNF, and the first device sends first result information to a second device when security verification on the VNF packet of the VNF succeeds. The first result information includes information that security verification on the VNF packet of the VNF succeeds. The present invention is applied to software security verification.

Abstract: A certificate management method, a device, and a system relate to the communications field and for certificate management are used to resolve a problem that communication security of a virtual network system is degraded because after a virtualized network function (VNF) instance is terminated in the virtual network system, a private key corresponding to a certificate of the VNF instance may be illegally obtained by an attacker to forge an identity of the VNF instance. A specific solution includes obtaining, by a first device, a certificate identifier of a first instance, and updating certificate status information of the first instance to a revocation state according to the certificate identifier of the first instance, or sending, by the first device, a first request message to a second device, where the first request message requests to revoke a certificate of the first instance.

Abstract: The present embodiments provide a method for managing a hardware resource, a method for querying a location of a hardware resource, and a related apparatus. The method for managing a hardware resource includes receiving, by a virtualized infrastructure manager (VIM), a hardware resource allocation request message sent by a VNF management entity, where the hardware resource allocation request message is used to request the VIM to allocate a hardware resource to a virtual machine that runs a VNFC, and the hardware resource allocation request message includes location information of the hardware resource that the virtual machine requests to allocate. The method also includes allocating, by the VIM, the hardware resource at a corresponding location to the virtual machine according to the location information of the hardware resource.

Abstract: The embodiments of the present invention disclose a certificate acquiring method and device. A virtualized network function manager (VNFM) receives a certificate application proxy message sent by a virtualized network function (VNF) instance. The VNFM uses the authentication information to authenticate the VNF instance, and when the authentication succeeds, sends a certificate application message to a certificate authority (CA). Then the VNFM receives a certificate issued by the CA, and sends the certificate to the VNF instance.

Abstract: A certificate acquiring method and device, where the method includes receiving a certificate application representation message sent by a newly installed virtualized network function component (VNFC) instance, sending a certificate request message to a certification authority, and acquiring a certificate issued by the certification authority. In this way, the newly installed VNFC instance does not need to use a current manner for a virtualized network function (VNF) to acquire a certificate, which effectively avoids a problem of a cumbersome and more complex process caused when the newly installed VNFC instance acquires a certificate.

Abstract: The invention discloses a network function virtualization-based certificate configuration method, apparatus, and system. A virtualized network management entity obtains initial credential information of a virtualized network function entity; and installs the initial credential information onto the virtualized network function entity during or after instantiation of the virtualized network function entity, so that the virtualized network function entity obtains, from a certificate authority by using the initial credential information, a formal certificate issued by a network operator of the virtualized network function entity. The invention not only can apply to a network function virtualization scenario, but also can resolve a problem of a security risk in network function virtualization.

Abstract: The disclosure provides a method for updating an air interface key, a core network node and user equipment. The update method comprises: a core network node receives a relocation indication message, wherein the relocation indication message is configured to indicate that the User Equipment (UE) is about to relocate to a target Radio Network Controller (RNC) from a source RNC (Step S602); the core network node uses the key parameter to calculate a next hop enhanced key (Step S604); and then the core network node sends the next hop enhanced key to the target RNC (Step S606). Through the disclosure, the forward security of the user is guaranteed, and thus the communication security of the radio access system is improved.

Abstract: The disclosure provides an anchor authenticator relocation method and system. The method includes: after an old authenticator accepts an anchor authenticator relocation request of a Mobile Station (MS), a new authenticator sends an authenticator relocation request to an AAA server; when the AAA server's verification on the new authenticator is passed and the old authenticator confirms that the new authenticator is trusted, the anchor authenticator is relocated to the new authenticator. The disclosure provides a detailed solution to perform anchor authenticator relocation without re-authentication.

Abstract: The disclosure discloses a method for updating an air interface key, a core network node and a radio access system, wherein the method for updating an air interface key comprises: a core network node receives a relocation complete indication message from a target RNC (S502), the relocation complete indication message is configured to indicate the successful relocation of User Equipment (UE) from a source RNC to the target RNC; the core network node uses the saved traditional key and the current enhanced key to calculate a next hop enhanced key (S504); the core network node sends the next hop enhanced key to the target RNC (S506). Through the disclosure, the forward security of users is guaranteed effectively, thus the communication security of the radio access system is improved overall.

Abstract: The disclosure discloses a method for updating and generating an air interface key and a radio access system. The updating method comprises: a source Radio Network Controller (RNC) completes the static relocation towards a target RNC; the target RNC performs intra-Serving-RNC (SRNC) relocation; during the intra-SRNC relocation, the target RNC updates enhanced key of itself according to a key received from the source RNC or a core network node. With the disclosure, the enhanced air interface key can be updated during the SRNC static relocation process without increasing the time delay of the SRNC relocation, and security and efficiency of the system are improved.

Abstract: The disclosure provides a method and a system for establishing an enhanced air interface key. During a serving Radio Network Controller (RNC) relocation process, a target RNC with an enhanced security capability enables a received legacy key to perform security protection on communication in the serving RNC relocation process when the target RNC cannot learn from a relocation request sent by a source RNC whether or not a user equipment supports the enhanced security capability (500); and when the target RNC receives a message from the user equipment and learns that the user equipment supports the enhanced security capability, the target RNC notifies a core network to establish and enable the enhanced air interface keys on the network side and in the user equipment respectively (501).

Abstract: The present invention discloses a method and system for establishing an enhanced key when a terminal moves from an EUTRAN to an enhanced UTRAN, so as to ensure that the terminal can carry out normal communication safely in the enhanced UTRAN. The method includes: when the terminal moves from the EUTRAN to the enhanced UTRAN, a target enhanced serving GPRS support node (SGSN+) in the enhanced UTRAN deducing an intermediate key used in the UTRAN according to a mapped traditional key obtained from a source mobile management entity; and the terminal, after deducing the mapped traditional key, further deduces the intermediate key used in the enhanced UTRAN by using an algorithm which is the same as that of the target SGSN+ according to the mapped traditional key.