Abstract: The present invention discloses a method and a device for realizing PUSH service of GAA. The method includes the steps: the network side determines a PUSH service cryptographic key; the subscriber side communicates with the network side, and determines the PUSH service cryptographic key in accordance with the network side, and communicates with the network side using the PUSH service cryptographic key. By means of the method, the cryptographic key type of the PUSH service can be selected conveniently and agilely according to the actual application situation, and the network side and the subscriber side can select the derivation cryptographic key of the cryptographic key type meeting the requirement to communicate with each other.

Abstract: A method for updating a key in an active state is disclosed according to the embodiments of the present invention. The method includes steps of: initiating a key update by a user equipment in the active state or a network side when a pre-defined condition is met; updating the key by the network side and the user equipment, and negotiating an activation time of the new keys. An apparatus for updating a key in an active state is also disclosed according to the present invention. With the present invention, the user equipment in an active state and the network side may actively initiate the key update procedure in different cases, thereby solving the problem concerning the key update for a session in an active state.

Abstract: A method, a system and a device for maintaining user service continuity are provided in an embodiment of the present invention. The method includes prohibiting a UE from accessing a forbidden network before handover is complete when the UE needs to perform network handover if the UE adopts a SIM access technology, thus avoiding service interruption of a SIM user due to access to an incorrect network. A system and a device for maintaining user service continuity are provided in an embodiment of the present invention.

Abstract: A method for updating a key in an active state is disclosed according to the embodiments of the present invention. The method includes steps of: initiating a key update by a user equipment in the active state or a network side when a pre-defined condition is met; updating the key by the network side and the user equipment, and negotiating an activation time of the new keys. An apparatus for updating a key in an active state is also disclosed according to the present invention. With the present invention, the user equipment in an active state and the network side may actively initiate the key update procedure in different cases, thereby solving the problem concerning the key update for a session in an active state.

Abstract: A method for updating a key in an active state is disclosed according to the embodiments of the present invention. The method includes steps of: initiating a key update by a user equipment in the active state or a network side when a pre-defined condition is met; updating the key by the network side and the user equipment, and negotiating an activation time of the new keys. An apparatus for updating a key in an active state is also disclosed according to the present invention. With the present invention, the user equipment in an active state and the network side may actively initiate the key update procedure in different cases, thereby solving the problem concerning the key update for a session in an active state.

Abstract: A method for updating a key in an active state is disclosed according to the embodiments of the present invention. The method includes steps of: initiating a key update by a user equipment in the active state or a network side when a pre-defined condition is met; updating the key by the network side and the user equipment, and negotiating an activation time of the new keys. An apparatus for updating a key in an active state is also disclosed according to the present invention. With the present invention, the user equipment in an active state and the network side may actively initiate the key update procedure in different cases, thereby solving the problem concerning the key update for a session in an active state.

Abstract: A method, a system and a device for maintaining user service continuity are provided in an embodiment of the present invention. The method includes prohibiting a UE from accessing a forbidden network before handover is complete when the UE needs to perform network handover if the UE adopts a SIM access technology, thus avoiding service interruption of a SIM user due to access to an incorrect network. A system and a device for maintaining user service continuity are provided in an embodiment of the present invention.

Abstract: A method for preventing abuse of an Authentication Vector (AV) and a system and apparatus for implementing the method are provided. Access network information of a non-3rd Generation Partnership Project (3GPP) access network where a user resides is bound to an AV of the user, so that when the user accesses an Evolved Packet System (EPS) through the non-3GPP access network, even if an entity in the non-3GPP access network is breached, or an Evolved Packet Data Gateway (ePDG) connected to an untrusted non-3GPP access network is breached, the stolen AV cannot be applied to other non-3GPP access networks by an attacker.

Abstract: A method for updating a key in an active state is disclosed according to the embodiments of the present invention. The method includes steps of: initiating a key update by a user equipment in the active state or a network side when a pre-defined condition is met; updating the key by the network side and the user equipment, and negotiating an activation time of the new keys. An apparatus for updating a key in an active state is also disclosed according to the present invention. With the present invention, the user equipment in an active state and the network side may actively initiate the key update procedure in different cases, thereby solving the problem concerning the key update for a session in an active state.

Abstract: A method for generating a local interface key includes: generating a variable parameter; and deriving the local interface key, according to the variable parameter generated and related parameters for calculating the local interface key. The method simplifies the process in which the terminal obtains the local interface key and the system resources are saved. Moreover, the local interface key is derived through the variable parameter and the valid key information. Thus, the security level between the UICC and the terminal is ensured.

Abstract: The present invention discloses a method and a device for realizing PUSH service of GAA. The method includes the steps: the network side determines a PUSH service cryptographic key; the subscriber side communicates with the network side, and determines the PUSH service cryptographic key in accordance with the network side, and communicates with the network side using the PUSH service cryptographic key. By means of the method, the cryptographic key type of the PUSH service can be selected conveniently and agilely according to the actual application situation, and the network side and the subscriber side can select the derivation cryptographic key of the cryptographic key type meeting the requirement to communicate with each other.

Abstract: A method, system and apparatus for protecting a bootstrapping service function (BSF) entity from attack includes: obtaining a first temporary identity and a second temporary identity after a user equipment (UE) performing mutual authentication with the BSF entity, where the first temporary identity is different from the second temporary identity; by the UE, originating a re-authentication request to the BSF entity through the first temporary identity; and originating a service request to a NAF entity through the second temporary identity. The present disclosure prevents attackers from intercepting the temporary identity at the Ua interface and using the temporary identity to originate a re-authentication request at the Ub interface, thus protecting the BSF entity from attack and avoiding unnecessary load on the BSF entity and saving resources.