IDENTIFICATION NETWORK END-TO-END SECURITY ESTABLISHING METHOD, NETWORK SIDE DEVICE AND SYSTEM

摘要

Embodiments of the present invention provide an identification network end-to-end security establishing method, a network side device and a system. The method comprises: after a GBA bootstrapping procedure of an identification network terminal and a bootstrapping service function entity is completed, the identification network terminal or an IMS terminal proxy generating a derivative key Ks_NAF for the identification network terminal, and then the identification network terminal and a network service application entity establishing a security alliance; and in the procedure of establishing the security alliance, the bootstrapping service function entity generating a derivative key Ks_NAF, being the same as Ks_NAF of the identification network terminal, for the network service application entity, different identification network terminals having different Ks_NAF. By means of the solution of the present invention, when different identification network terminals access the same NAF, derivative shared keys Ks_NAF are different, and in this way even if one Ks_NAF is leaked, other Ks_NAF is not affected, thereby ensuring security.