Abstract: The present invention discloses a software security verification method, a device, and a system, and relates to the communications field, so as to resolve a problem in the prior art that security verification on a VNF packet increases a VNF instantiation delay and reduces VNF instantiation performance. In a specific solution, after a first device receives an instantiation request of a VNF, the first device performs security verification on a stored VNF packet of the VNF when or after starting to instantiate the VNF according to the instantiation request of the VNF, and the first device sends first result information to a second device when security verification on the VNF packet of the VNF succeeds. The first result information includes information that security verification on the VNF packet of the VNF succeeds. The present invention is applied to software security verification.

Abstract: A certificate management method, a device, and a system relate to the communications field and for certificate management are used to resolve a problem that communication security of a virtual network system is degraded because after a virtualized network function (VNF) instance is terminated in the virtual network system, a private key corresponding to a certificate of the VNF instance may be illegally obtained by an attacker to forge an identity of the VNF instance. A specific solution includes obtaining, by a first device, a certificate identifier of a first instance, and updating certificate status information of the first instance to a revocation state according to the certificate identifier of the first instance, or sending, by the first device, a first request message to a second device, where the first request message requests to revoke a certificate of the first instance.

Abstract: Embodiments of the present invention disclose an identity authentication method and apparatus. The NFV system includes a VNF including a first virtual network function component VNFC and a second VNFC. The method includes: generating a public key and a private key of the first VNFC and a public key and a private key of the second VNFC; writing or sending the private key of the first VNFC and the public key of the second VNFC to the first VNFC; and writing or sending the public key of the first VNFC and the private key of the second VNFC to the second VNFC, where the public key and the private key of the first VNFC and the public key and the private key of the second VNFC are used for identity authentication of the first VNFC and the second VNFC.

Abstract: Embodiments of the present invention disclose a method, an apparatus, and a system for increasing network security. The method for increasing network security includes: receiving, by a network management system, a certificate message reported by a network element; generating, by the network management system, a first list; when determining that a certificate corresponding to certificate information in the first list needs to be revoked, generating, by the network management system, a certificate revocation request file according to the certificate information, and removing the certificate information in the first list from the first list; and sending, by the network management system, the certificate revocation request file to a public key infrastructure (PKI) system.

Abstract: A method of establishing a group trust relationship in an Internet of Things (IoT) system using a first IoT device within a group of IoT devices is provided. The method includes generating, by the first IoT device, a first set of keys corresponding to the first IoT device, deriving, by the first IoT device, a group set of keys corresponding the group of IoT devices, and discarding the first set of keys and storing the group set of keys after the first IoT device transmits data toward a base station and goes idle, wherein the group set of keys is used by each IoT device within the group of IoT devices for subsequent transmissions of data to the base station.

Abstract: The embodiments of the present invention disclose a certificate acquiring method and device. A virtualized network function manager (VNFM) receives a certificate application proxy message sent by a virtualized network function (VNF) instance. The VNFM uses the authentication information to authenticate the VNF instance, and when the authentication succeeds, sends a certificate application message to a certificate authority (CA). Then the VNFM receives a certificate issued by the CA, and sends the certificate to the VNF instance.

Abstract: A certificate acquiring method and device, where the method includes receiving a certificate application representation message sent by a newly installed virtualized network function component (VNFC) instance, sending a certificate request message to a certification authority, and acquiring a certificate issued by the certification authority. In this way, the newly installed VNFC instance does not need to use a current manner for a virtualized network function (VNF) to acquire a certificate, which effectively avoids a problem of a cumbersome and more complex process caused when the newly installed VNFC instance acquires a certificate.

Abstract: A method for establishing a trust relationship in an ultra dense network is provided. The method comprises receiving, by a user equipment (UE), a reconfiguration request from a macrocell; deriving, by the UE, a user plane encryption key according to information in the reconfiguration request; transmitting, by the UE, a first user plane signaling message to a first microcell in a group of microcells when the UE is attached to the first microcell; and transmitting, by the UE, a second user plane signaling message to a second microcell in the group of microcells when the UE is attached to the second microcell, wherein the first user plane signaling message and the second user plane signaling message are both encrypted according to the user plane encryption key.

Abstract: Embodiments of the present invention disclose a method, an apparatus, and a system for increasing network security. The method for increasing network security includes: receiving, by a network management system, a certificate message reported by a network element; generating, by the network management system, a first list; when determining that a certificate corresponding to certificate information in the first list needs to be revoked, generating, by the network management system, a certificate revocation request file according to the certificate information, and removing the certificate information in the first list from the first list; and sending, by the network management system, the certificate revocation request file to a public key infrastructure (PKI) system.

Abstract: The present invention discloses a method for measuring IP network performance and controlling IP network QoS, and apparatus and system thereof. In embodiments of the present invention, the information about the measurement contents, the data stream to be measured, and the measurement modes is sent to the IP network performance measurement peer end, and the end-to-end IP network performance measurement of the measurement contents of the data stream to be measured is started according to the measurement modes.

Abstract: A network node, a communication system, and a method for transmitting a clock packet through a tunnel are disclosed. The method includes: encapsulating a tunnel ingress clock packet received at an ingress of a tunnel in an encapsulation mode corresponding to the tunnel, and performing clock correction for the encapsulated clock packet; and sending the corrected clock packet to an egress of the tunnel. The network node for processing a clock packet includes an encapsulating module and a sending module. The communication system includes the network node for processing a clock packet, and further includes an intra-tunnel network node and a tunnel egress network node. According to the present invention, a clock packet is re-encapsulated and transmitted through a tunnel. In the subsequent process of transmitting the clock packet transparently, the node itself serves as a clock reference point, and all network nodes do not need to synchronize time absolutely.

Abstract: The present invention discloses a method for measuring IP network performance and controlling IP network QoS, and apparatus and system thereof. In embodiments of the present invention, the information about the measurement contents, the data stream to be measured, and the measurement modes is sent to the IP network performance measurement peer end, and the end-to-end IP network performance measurement of the measurement contents of the data stream to be measured is started according to the measurement modes.

Abstract: A network node, a communication system, and a method for transmitting a clock packet through a tunnel are disclosed. The method includes: encapsulating a tunnel ingress clock packet received at an ingress of a tunnel in an encapsulation mode corresponding to the tunnel, and performing clock correction for the encapsulated clock packet; and sending the corrected clock packet to an egress of the tunnel. The network node for processing a clock packet includes an encapsulating module and a sending module. The communication system includes the network node for processing a clock packet, and further includes an intra-tunnel network node and a tunnel egress network node. According to the present invention, a clock packet is re-encapsulated and transmitted through a tunnel. In the subsequent process of transmitting the clock packet transparently, the node itself serves as a clock reference point, and all network nodes do not need to synchronize time absolutely.