The NGN, as an evolved network framework which is based on packet switching, is given more and more attentions. Extensive studies and standardization work have been done concerning NGN framework model, service and relevant field by International Telegraph Union (ITU-T) and other regional standards organizations, such as European Telecommunications Standards Institute (ETSI), the Alliance For Telecommunications Industry Solutions (ATIS) and so on. The NGN can support heterogeneous network access, inter-network roaming and seamless handover. When handover is performed by a mobile user terminal, the continuity of service needs to be guaranteed, meanwhile, the privacy and the completeness of signaling plane data and user plane data between the mobile user terminal and NGN network access point should be guaranteed.
After authentication of a NGN user is passed, a sub-key material is generated through negotiation by using a shared key owned by both the user and NGN network side, for protecting the security of communication between the user and the NGN network. In the present NGN network, there is a scheme for protecting signaling plane security, that is: the user and the NGN network side generate a mobility security sub-key used for protecting the security of the mobility signaling plane by using the shared key obtained after the authentication is passed, when the NGN network side receives a mobility signaling initialized by a NGN user, validates legality of the mobility signaling by using the same mobility security sub-key generated by the NGN user and the networks side so as to protect the mobility signaling; likewise, when the NGN user receives a mobility signaling initialized by the NGN network side, also validates legality of the mobility signaling by using the same mobility security sub-key generated by the NGN user and the networks side so as to protect the mobility signaling.
However, in the present NGN mobility security solutions, there is no technical scheme for protecting the security of user plane data between the NGN user and the NGN network side; thus, it is inconvenient in practical application.