Abstract: The present disclosure provides an information processing method, an information processing device and a computer-readable storage medium, which relate to the field of communication technology to improve the security of edge computing services. The method includes: obtaining first authentication information for a terminal; and in the case of determining that authentication of the terminal is successful according to the first authentication information, sending information of a second network element to the terminal, so that the terminal obtains information of a target network element from the second network element, the information of the target network element is sent by the second network element to the terminal when edge computing authorization information of the terminal is verified, and the target network element is used to provide an edge computing service for the terminal.

Abstract: Method, device, and system for deriving keys are provided in the field of mobile communications technologies. The method for deriving keys may be used, for example, in a handover process of a User Equipment (UE) from an Evolved Universal Terrestrial Radio Access Network (EUTRAN) to a Universal Terrestrial Radio Access Network (UTRAN). If a failure occurred in a first handover, the method ensures that the key derived by a source Mobility Management Entity (MME) for a second handover process of the UE is different from the key derived for the first handover process of the UE. This is done by changing input parameters used in the key derivation, so as to prevent the situation in the prior art that once the key used on one Radio Network Controller (RNC) is obtained, the keys on other RNCs can be derived accordingly, thereby enhancing the network security.

Abstract: Method, device, and system for deriving keys are provided in the field of mobile communications technologies. The method for deriving keys may be used, for example, in a handover process of a User Equipment (UE) from an Evolved Universal Terrestrial Radio Access Network (EUTRAN) to a Universal Terrestrial Radio Access Network (UTRAN). If a failure occurred in a first handover, the method ensures that the key derived by a source Mobility Management Entity (MME) for a second handover process of the UE is different from the key derived for the first handover process of the UE. This is done by changing input parameters used in the key derivation, so as to prevent the situation in the prior art that once the key used on one Radio Network Controller (RNC) is obtained, the keys on other RNCs can be derived accordingly, thereby enhancing the network security.

Abstract: Embodiments of the present invention provide a method and a terminal for message verification, which can enhance timeliness of event message verification. The method includes: receiving an event message sent by a cell broadcast entity; obtaining a public key of a CA according to pre-configured information for determining the public key of the CA and information for determining the public key of the CA and obtained from a network side, or according to information of the CA obtained from the network side; then, obtaining a public key of the cell broadcast entity according to the obtained public key of the CA and an implicit certificate of the cell broadcast entity; verifying a signature of the cell broadcast entity over the event message according to the public key of the cell broadcast entity; and finally, determining legitimacy of the event message according to the verification result.

Abstract: Embodiments of the present invention disclose a method, an apparatus, and a system for data transmission. The method for data transmission includes: determining that data to be transmitted is control plane signaling related to a user equipment that camps on a relay node; and transmitting the data through a first user data bearer established between the relay node and a donor base station, where the first user data bearer provides integrity protection for the data. According to the embodiments of the present invention, when the control plane signaling related to the user equipment that camps on the relay node is transmitted between the relay node and the donor base station, integrity protection is provided for the control plane signaling, and therefore attacks such as the denial of a service attack are prevented.

Abstract: Embodiments of the present invention provide a method and a terminal for message verification, which can enhance timeliness of event message verification. The method includes: receiving an event message sent by a cell broadcast entity; obtaining a public key of a CA according to pre-configured information for determining the public key of the CA and information for determining the public key of the CA and obtained from a network side, or according to information of the CA obtained from the network side; then, obtaining a public key of the cell broadcast entity according to the obtained public key of the CA and an implicit certificate of the cell broadcast entity; verifying a signature of the cell broadcast entity over the event message according to the public key of the cell broadcast entity; and finally, determining legitimacy of the event message according to the verification result.

Abstract: A method and an apparatus for updating a public key, a UE and a CA are disclosed. The method includes: receiving a first message including CA public key information, where the CA public key information includes a CA public key or CA public key acquiring information; and updating a local CA public key of a UE according to the CA public key or to the CA public key acquiring information. The present invention can realize update of the CA public key in the UE.

Abstract: A method and an apparatus for authentication are disclosed. The method includes: deciding to release a connection or continue a current service according to native information and network policy after an AKA authentication procedure fails. When the EPS AKA authentication procedure fails, the connection is not released immediately in the present invention, but the connection is released or the current service is continued according to the native information and network policy, thus avoiding unnecessary release of connections and saving resources.

Abstract: Embodiments of the present invention disclose a relay node authentication method, apparatus, and system. The method provided in an embodiment of the present invention includes: sending, by a relay node, an authentication request message to a peer node, where the authentication request message includes a certificate of the relay node, so that the peer node authenticates the relay node according to the certificate of the relay node, where the peer node is a network side node or a security gateway in a security domain where the network side node is located; and receiving, by the relay node, an authentication response message sent by the peer node, where the authentication response message includes a certificate of the peer node, and authenticating the peer node according to the certificate of the peer node.

Abstract: Embodiments of the present invention provide a method for testing a network under an IPsec mechanism, and relate to the field of wireless communications, so as to correct an error generated by a disorder of service data packet receiving during network testing under the IPsec mechanism. The method for testing a network under the IPsec mechanism includes: receiving a session request message, where the session request message contains information about a quantity of IPsec data packets and a sending time interval of the IPsec data packets; after a session is established with a sending end, receiving an IPsec data packet that carries testing information; and performing error detection for the received IPsec data packet according to the received testing information as well as the information about the quantity of IPsec data packets and the sending time interval of the IPsec data packets in the session request message.

Abstract: A method and a device for obtaining a security key in a relay system are disclosed in the embodiment of the present invention. A node in the relay system obtains an initial key, according to the initial key, the node obtains a root key of an air interface protection key between the node and another node that is directly adjacent to the node, and according to the root key, the node obtains the air interface protection key between the node and said another node that is directly adjacent to the node. Therefore, according to the initial key, each lower-level node obtains a root key of an air interface protection key between each lower-level node, so that data of a UE on a Un interface link may be respectively protected, that is, each active UE has a set of security parameters on the Un interface link, and effective security protection is performed on data on each segment of an air interface.

Abstract: Embodiments of the present invention disclose a relay node authentication method, apparatus, and system. The method provided in an embodiment of the present invention includes: sending, by a relay node, an authentication request message to a peer node, where the authentication request message includes a certificate of the relay node, so that the peer node authenticates the relay node according to the certificate of the relay node, where the peer node is a network side node or a security gateway in a security domain where the network side node is located; and receiving, by the relay node, an authentication response message sent by the peer node, where the authentication response message includes a certificate of the peer node, and authenticating the peer node according to the certificate of the peer node.

Abstract: A method and a device for obtaining a security key in a relay system are disclosed in the embodiment of the present invention. A node in the relay system obtains an initial key, according to the initial key, the node obtains a root key of an air interface protection key between the node and another node that is directly adjacent to the node, and according to the root key, the node obtains the air interface protection key between the node and said another node that is directly adjacent to the node. Therefore, according to the initial key, each lower-level node obtains a root key of an air interface protection key between each lower-level node, so that data of a UE on a Un interface link may be respectively protected, that is, each active UE has a set of security parameters on the Un interface link, and effective security protection is performed on data on each segment of an air interface.

Abstract: Embodiments of the present invention disclose a method, an apparatus, and a system for data transmission. The method for data transmission includes: determining that data to be transmitted is control plane signaling related to a user equipment that camps on a relay node; and transmitting the data through a first user data bearer established between the relay node and a donor base station, where the first user data bearer provides integrity protection for the data. According to the embodiments of the present invention, when the control plane signaling related to the user equipment that camps on the relay node is transmitted between the relay node and the donor base station, integrity protection is provided for the control plane signaling, and therefore attacks such as the denial of a service attack are prevented.

Abstract: Method, device, and system for deriving keys are provided in the field of mobile communications technologies. The method for deriving keys may be used, for example, in a handover process of a User Equipment (UE) from an Evolved Universal Terrestrial Radio Access Network (EUTRAN) to a Universal Terrestrial Radio Access Network (UTRAN). If a failure occurred in a first handover, the method ensures that the key derived by a source Mobility Management Entity (MME) for a second handover process of the UE is different from the key derived for the first handover process of the UE. This is done by changing input parameters used in the key derivation, so as to prevent the situation in the prior art that once the key used on one Radio Network Controller (RNC) is obtained, the keys on other RNCs can be derived accordingly, thereby enhancing the network security.

Abstract: A method and an apparatus for authentication are disclosed. The method includes: deciding to release a connection or continue a current service according to native information and network policy after an AKA authentication procedure fails. When the EPS AKA authentication procedure fails, the connection is not released immediately in the present invention, but the connection is released or the current service is continued according to the native information and network policy, thus avoiding unnecessary release of connections and saving resources.