CN101166177A - A method and system for initialization signaling transmission at non access layer - Google Patents
A method and system for initialization signaling transmission at non access layer Download PDFInfo
- Publication number
- CN101166177A CN101166177A CNA2006101138334A CN200610113833A CN101166177A CN 101166177 A CN101166177 A CN 101166177A CN A2006101138334 A CNA2006101138334 A CN A2006101138334A CN 200610113833 A CN200610113833 A CN 200610113833A CN 101166177 A CN101166177 A CN 101166177A
- Authority
- CN
- China
- Prior art keywords
- unit
- access device
- cryptographic algorithm
- initialization signaling
- access stratum
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention is in use for solving issue that hidden trouble in security is existed in the network system caused by that the user equipment does not encrypt initial signaling transmitted to non-access layer in current technique. The method includes steps: user equipment selects cryptographic algorithm based on own security capability and security capability of access equipment at network side, and using the selected cryptographic algorithm to encrypt initial signaling at non-access layer; user equipment sends message of service request including initial signaling cryptograph for non-access layer into the access equipment at network side. The invention guarantees security of user information, and enhances security performance of network system.
Description
Technical field
The present invention relates to the communications field, the method and system that particularly a kind of Non-Access Stratum initialization signaling transmits.
Background technology
In the radio interface protocol architecture as shown in Figure 1, Radio Resource control (the RRC of layer 3, RadioResource Control), the medium access control MAC (Medium Access Control) and the Radio Link control RLC (Radio Link Control) of layer 2 realize that in base station eNB (E-UTRAN Node B) side the PDCP PDCP (Packet Data Converge Protocol) of layer 2 realizes in IAD aGW (access Gateway) side.At the user plane of aGW, PDCP realizes the encryption of user data; At the control plane of aGW, PDCP realizes Non-Access Stratum NAS (encryption and the integrity protection of Non Access Stratum signaling.
Because an important need of Long Term Evolution LTE (Long Term Evolution) system is to reduce the time delay (being lower than 100ms) of control plane in the calling procedure, a general idea is, when user equipment (UE) (User Equipment) when making a call, the initial message of NAS (as service request) is by RRC message (as the RRC connection request) carrying, after receiving, admits eNB control, insert if allow, then directly send the RRC connection and set up message to UE, set up necessary Signaling Radio Bearer SRB (Signalling Radio Bearer), transmission channel and Physical Shared Channel thereof, by the signaling of S1 interface control plane, the service request of NAS is issued aGW simultaneously; After aGW receives this request; at first this user is carried out authentication; judge whether this user is validated user; if it is legal; then start and encrypt and integrity protection; and be this UE distribution system evolution architecture SAE (System ArchitectureEvolution) carrying according to the content in the message, the implementation procedure of user equipment (UE) access network as shown in Figure 2 is as follows:
Step 200, user equipment side Non-Access Stratum UE-NAS send initial message (Service Request) to user equipment side Radio Resource control UE-RRC.
Step 201, UE-RRC and base station eNB are passed through Random Access Channel RACH (Random AccessChannel) access network at random.
Step 202, UE-RRC send RRC connection request message (RRC ConnectionRequest) to eNB; The service request information that comprises UE-NAS in this message.
Step 203, eNB return the RRC connection to UE-RRC and set up message (RRC ConnectionSetup); ENB admits control after receiving the request message that UE-RRC sends, and sets up necessary Signaling Radio Bearer SRB, transmission channel and Physical Shared Channel thereof when allowing to insert.
Step 204, eNB send service request information (Service Request) to aGW; The signaling of eNB by S1 interface control plane sends to aGW with the service request information of UE-NAS.
Step 205, UE-RRC send RRC connection setup complete message (RRC ConnectionSetup Complete) to eNB.
Step 206, aGW carry out authentication to the user, generate encryption key CK (Cipher Key) and Integrity Key IK (Integrity Key).
Step 207, aGW start when judging that this user is validated user encrypts and integrity protection, and is terminal distribution SAE carrying according to the content in the service request information.
As from the foregoing, in the aGW side NAS signaling is encrypted and integrity protection in the prior art, and before RRC connects foundation, user equipment (UE) can not obtain safe mode command SMC (the Security Mode Command) message of current network, so user equipment side RRC can not encrypt and integrity protection Initial R RC connection request message and the NAS signaling of carrying thereof, and in NAS initialization signaling (as service request), can comprise some IE and user's privacy information, and such as: called telephone number, user ID and type of service and quality of service QoS (Quality of Service) etc.; Therefore the NAS initialization signaling not being added secret meeting brings user profile to be acquired easily and causes network system to have the problem of potential safety hazard.
Summary of the invention
The invention provides the method and system that a kind of Non-Access Stratum initialization signaling transmits, it is not encrypted and cause network system to have the problem of potential safety hazard in order to solve in the prior art when transmitting the Non-Access Stratum initialization signaling subscriber equipment.
The invention provides following technical scheme:
The method that a kind of Non-Access Stratum initialization signaling transmits comprises step:
Subscriber equipment is selected cryptographic algorithm according to the security capabilities of inherently safe ability and network side access device, and utilizes the cryptographic algorithm of selecting to encrypt the Non-Access Stratum initialization signaling;
The service request information that described subscriber equipment will comprise Non-Access Stratum initialization signaling ciphertext sends to the network side access device.
Described method also comprises step:
Utilization of described network side access device and the corresponding decipherment algorithm of described cryptographic algorithm are deciphered the Non-Access Stratum initialization signaling ciphertext in the described service request information.
Described subscriber equipment obtains and preserves the security capabilities information of described access device from network system information.
When described subscriber equipment changes at the security capabilities of described access device, upgrade the security capabilities information of the local described access device of preserving.
Also comprise the relevant information of encrypting described Non-Access Stratum initialization signaling in the described service request information.
Described relevant information comprises the sign of cryptographic algorithm.
Described relevant information also comprises the encrypted reference value.
Described subscriber equipment recomputates described encrypted reference value when connection status transits to idle condition.
When described encrypted reference value was greater than or equal to default reference threshold, described user equipment requests network re-authenticated.
A kind of terminal equipment comprises:
Be used to obtain the unit of the security capabilities information of network side access device;
Be used to preserve the unit of the security capabilities information of encryption key and described access device;
Be used for selecting cryptographic algorithm, and utilize the cryptographic algorithm of selecting to encrypt the unit of Non-Access Stratum initialization signaling according to the security capabilities of inherently safe ability and network side access device;
Be used to send the unit of the service request information that comprises Non-Access Stratum initialization signaling ciphertext.
Described terminal equipment also comprises:
Be used to preserve the unit of encrypted reference value.
Described terminal equipment also comprises:
Be used for when connection status transits to idle condition, recomputating the unit of described encrypted reference value the user;
Be used for when described encrypted reference value is greater than or equal to default reference threshold the unit that the request network re-authenticates.
A kind of access device comprises:
Be used to preserve unit to the encryption key that generates after the subscription authentication;
Be used to receive the unit of the service request information that comprises Non-Access Stratum initialization signaling ciphertext;
Be used for deciphering the Non-Access Stratum initialization signaling ciphertext of described service request information, and handle Non-Access Stratum initialization signaling after the deciphering the unit.
A kind of communication system comprises:
Terminal equipment is used for selecting cryptographic algorithm according to the security capabilities of inherently safe ability and network side access device, and utilizes the cryptographic algorithm of selecting to encrypt the Non-Access Stratum initialization signaling, and sends the service request information that comprises Non-Access Stratum initialization signaling ciphertext;
The base station is used for and will transmits the service request information of described terminal equipment;
Access device is used for utilizing the Non-Access Stratum initialization signaling ciphertext of deciphering described service request information with the corresponding decipherment algorithm of described cryptographic algorithm.
Described base station is to the security capabilities information of the described access device of described end-point device broadcast.
When described terminal equipment changes at the security capabilities of described access device, upgrade the security capabilities information of the local described access device of preserving.
Beneficial effect of the present invention is as follows:
Subscriber equipment is selected cryptographic algorithm according to the security capabilities of inherently safe ability and network side access device among the present invention, utilize the cryptographic algorithm of selecting that the Non-Access Stratum initialization signaling is encrypted, the utilization of network side access device and the corresponding decipherment algorithm of described cryptographic algorithm that receive the service request information that comprises Non-Access Stratum initialization signaling ciphertext are decrypted described ciphertext; Adopt the present invention to guarantee safety of user information, strengthened the security of network system energy.
Description of drawings
Fig. 1 is a radio interface protocol architecture schematic diagram in the prior art;
Fig. 2 is the realization flow figure of subscriber equipment access network in the prior art;
Fig. 3 is the main realization flow figure that the Non-Access Stratum initialization signaling transmits in the embodiment of the invention;
Fig. 3 A is the principle schematic of f8 cryptographic algorithm;
Fig. 3 B is a structural representation of encrypting counter COUNT-C in the f8 cryptographic algorithm;
Fig. 4 is the structural representation of communication system in the embodiment of the invention;
Fig. 4 A is the structural representation of subscriber equipment in the embodiment of the invention;
Fig. 4 B is the structural representation of IAD in the embodiment of the invention;
Fig. 5 is the realization flow figure of subscriber equipment access network in the embodiment of the invention;
Fig. 6 is the process chart of network discharges subscriber equipment in the embodiment of the invention RRC subscriber equipment when connecting.
Embodiment
Subscriber equipment is selected cryptographic algorithm according to the security capabilities of self and the security capabilities of IAD in the present embodiment when making a call, and utilizing described cryptographic algorithm that the NAS initialization signaling is encrypted, the access device that receives NAS initialization signaling ciphertext is decrypted it according to the corresponding decipherment algorithm of cryptographic algorithm.
Present embodiment selects the f8 cryptographic algorithm that the Non-Access Stratum initialization signaling is encrypted as example in the LTE network architecture with subscriber equipment, in conjunction with Figure of description technical solution of the present invention is elaborated.
As shown in Figure 3, the main realization flow that the NAS initialization signaling transmits in the present embodiment is as follows:
The RRC that step 302, UE will comprise service request information connects and to set up request message and send to the base station, by the chain of command signaling described service request information is sent to IAD by the base station, comprise cryptographic algorithm sign, START value and NAS initialization signaling ciphertext in this service request information.
Step 303, IAD are decrypted described NAS initialization signaling ciphertext according to corresponding decipherment algorithm and the START value of cryptographic algorithm sign.
In the f8 cryptographic algorithm as shown in Figure 3A, the NAS initialization signaling generates corresponding NAS initialization signaling ciphertext with f8 key stream XOR; Input parameter as this cryptographic algorithm comprises encryption key CK (128bit), encryption counter COUNT-C (32bit), radio bearer sign BEARER (5bit), key stream Length Indication LENGTH (16bit) and uplink downlink indication DIRECTION (1bit); Wherein, after network is finished authentication, generate when encryption key CK is user access network, and preserve by subscriber equipment; Encrypt counter COUNT-C, shown in Fig. 3 B, constitute by START value (20bit) and reserved value (12bit), the START value is kept in the subscriber equipment in the corresponding memory cell, when connection status transits to idle condition, need recomputate the START value at subscriber equipment, and when this value was greater than or equal to START threshold value (by the Virtual network operator setting), the request network re-authenticated and generates new encryption key, at this moment, subscriber equipment calculates the zero clearing of current START value again.
A kind of communication system in the present embodiment as shown in Figure 4, this system comprises by the interconnected a plurality of subscriber equipmenies (UE) 40 of communication interface, a plurality of base station (eNB) 41 and IAD (aGW) 42, wherein, interconnected between the base station by X2 interface, interconnected between base station and the IAD by the S1 interface; Described subscriber equipment 40 is used for selecting cryptographic algorithm according to the security capabilities of security capabilities of self and IAD 42, and utilize the encryption key (CK) and the encrypted reference value (START value) of preserving Non-Access Stratum (NAS) initialization signaling to be encrypted, and cryptographic algorithm sign, START value and NAS initialization signaling ciphertext are sent to base station 41 by RRC connection request message at radio resource control layer (RRC); Described base station 41 sends to IAD 42 by the chain of command signaling with cryptographic algorithm sign, START value and the NAS initialization signaling ciphertext that receives; Described IAD 42 is decrypted NAS initialization signaling ciphertext according to the cryptographic algorithm sign and the START value that receive, and startup is encrypted and integrity protection also is that described subscriber equipment 40 distributes the SAE carrying.
Shown in Fig. 4 A, described subscriber equipment 40 comprises acquiring unit 400, be used to obtain the security capabilities information of IAD, this information comprises the cryptographic algorithm of IAD support etc., this security capabilities information can be obtained from the system information of base station 41 broadcasting, also can obtain by carrying out information interaction with IAD; Memory cell 401 is used to preserve encryption key CK and START value; Ciphering unit 402 is used for selecting cryptographic algorithm according to the security capabilities of inherently safe ability and IAD, and utilizes the cryptographic algorithm of selecting, the encryption key and the START value of preservation that the Non-Access Stratum initialization signaling is encrypted; Computing unit 403 is used for calculating the START value at subscriber equipment when connection status transits to idle condition; Processing unit 404, be used for when the START value is greater than or equal to the START threshold value, send the request of re-authenticating by Non-Access Stratum to network side and generate new CK, and trigger described memory cell 401 and preserve new CK and remove the START value of current preservation, and trigger described computing unit 403 and recomputate the START value; Transmitting element 405, the connection request message that is used for comprising Non-Access Stratum initialization signaling ciphertext sends to the base station, and this connection request message comprises information such as cryptographic algorithm sign, START value.
Shown in Fig. 4 B, described IAD 42 comprises memory cell 420, is used to preserve the encryption key to generating after the subscription authentication; Receiving element 421 is used to receive the service request information that the base station sends, and comprises NAS signaling ciphertext, cryptographic algorithm sign and START value in this information; Decrypting device 422; be used for NAS initialization signaling ciphertext being resolved acquisition NAS initialization signaling and being used for when the user who determines access network is validated user, starting encryption and integrity protection, and distribute the SAE carrying for this user according to described NAS signaling content according to described cryptographic algorithm and START value.
Consult Fig. 5, the specific implementation flow process of subscriber equipment access network is as follows in the present embodiment:
Step 500, user equipment (UE) obtain the security capabilities information of the IAD aGW that indicates in the network system information, and with its preservation.
Step 501, user equipment side Non-Access Stratum UE-NAS send NAS initial message (Service Request) to user equipment side Radio Resource control UE-RRC.
Step 502, UE-RRC and base station eNB are passed through Random Access Channel access network at random.
Step 503, UE-RRC encrypt the NAS initial message;
In this step, UE-RRC selects cryptographic algorithm according to the security capabilities of self with the security capabilities that receives the aGW in the system information, utilizes the encryption key CK of current preservation and START value that the NAS initial message is encrypted simultaneously.
Step 504, UE-RRC send RRC connection request message (RRC ConnectionRequest) to eNB; The cryptographic algorithm, START value and the NAS initialization signaling ciphertext that comprise selection in this message.
Step 505, eNB return the RRC connection to UE-RRC and set up message (RRC ConnectionSetup); ENB admits control after receiving the request message that UE-RRC sends, and sets up necessary SRB, transmission channel and Physical Shared Channel thereof when allowing to insert.
Step 506, eNB send service request information (Service Request) to aGW; ENB sends to aGW by the signaling of S1 interface control plane with this service request information; Wherein, carry RRC in this service request information and connect cryptographic algorithm, START value and the NAS initialization signaling ciphertext that comprises in the request of foundation.
Step 507, UE-RRC send RRC connection setup complete message (RRC ConnectionSetup Complete) to eNB.
Step 508, aGW are decrypted the initial ciphertext of NAS according to cryptographic algorithm and START value.
Step 509, aGW carry out authentication to the user.
Step 510, aGW send safe mode command (Security Mode Command) message to eNB when judging that this user is validated user.
Step 511, eNB are to the UE-RRC Security Mode Command message that direct transfers.
Step 512, UE-RRC return safe mode to eNB and finish message (Security ModeComplete).
Step 513, eNB are finished message to the aGW safe mode that direct transfers.
Step 514, aGW send SAE carrying assignment messages (SAE Bearer Allocation) to eNB.
Step 515, eNB send radio bearer to UE-RRC and set up message (Radio Bearer Setup).
When network discharges the RRC connection of user equipment (UE), user equipment (UE) just transits to idle condition from connection status and carries out the sub-district gravity treatment, and the necessary system information of acquisition, at this moment, if the security capabilities of IAD aGW changes, user equipment (UE) then upgrades its inner security capabilities variable, persistent district.If subscriber equipment is found the START value and is greater than or equal to threshold value that user equipment side Non-Access Stratum UE-NAS request network re-authenticates, and generates new CK and IK; As shown in Figure 6, when network discharged the RRC connection of user equipment (UE), the handling process of user equipment (UE) was as follows:
Step 600, eNB send RRC connection release message (RRC ConnectionRelease) to UE-RRC.
Step 601, UE-RRC return RRC to eNB and connect Release complete (RRC ConnectionRelease Complete).
Step 602, UE-RRC send Radio Resource to UE-NAS and discharge request (RR ReleaseRequest).
Step 603, UE-RRC transit to idle condition from connection status, carry out the sub-district gravity treatment.
When step 604, UE-NAS are greater than or equal to threshold value in the START value, re-authenticate to the network side triggering, generate new CK and IK, UE will this newly-generated CK and IK preservation.
Technical solution of the present invention is not limited to realize in the LTE network system, also is applicable to other network architecture systems; The cryptographic algorithm that subscriber equipment is selected in the technical solution of the present invention also is not limited to the f8 cryptographic algorithm, can also repeat no more by the encryption of other cryptographic algorithm realizations to the NAS initialization signaling.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.
Claims (20)
1. the method that the Non-Access Stratum initialization signaling transmits is characterized in that, comprises step:
Subscriber equipment is selected cryptographic algorithm according to the security capabilities of inherently safe ability and network side access device, and utilizes the cryptographic algorithm of selecting to encrypt the Non-Access Stratum initialization signaling;
The service request information that described subscriber equipment will comprise Non-Access Stratum initialization signaling ciphertext sends to the network side access device.
2. the method for claim 1 is characterized in that, also comprises step:
Utilization of described network side access device and the corresponding decipherment algorithm of described cryptographic algorithm are deciphered the Non-Access Stratum initialization signaling ciphertext in the described service request information.
3. the method for claim 1 is characterized in that, described subscriber equipment obtains and preserve the security capabilities information of described access device from network system information.
4. method as claimed in claim 3 is characterized in that, when described subscriber equipment changes at the security capabilities of described access device, upgrades the security capabilities information of the local described access device of preserving.
5. as each described method of claim 1 to 4, it is characterized in that, also comprise the relevant information of encrypting described Non-Access Stratum initialization signaling in the described service request information.
6. method as claimed in claim 5 is characterized in that described relevant information comprises the sign of cryptographic algorithm.
7. method as claimed in claim 6 is characterized in that described relevant information also comprises the encrypted reference value.
8. method as claimed in claim 7 is characterized in that, described subscriber equipment recomputates described encrypted reference value when connection status transits to idle condition.
9. method as claimed in claim 8 is characterized in that, when described encrypted reference value was greater than or equal to default reference threshold, described user equipment requests network re-authenticated.
10. a terminal equipment is characterized in that, comprising:
Be used to obtain the unit of the security capabilities information of network side access device;
Be used to preserve the unit of the security capabilities information of encryption key and described access device;
Be used for selecting cryptographic algorithm, and utilize the cryptographic algorithm of selecting to encrypt the unit of Non-Access Stratum initialization signaling according to the security capabilities of inherently safe ability and network side access device;
Be used to send the unit of the service request information that comprises Non-Access Stratum initialization signaling ciphertext.
11. terminal equipment as claimed in claim 10 is characterized in that, also comprises:
Be used to preserve the unit of encrypted reference value.
12. terminal equipment as claimed in claim 11 is characterized in that, also comprises:
Be used for when connection status transits to idle condition, recomputating the unit of described encrypted reference value the user;
Be used for when described encrypted reference value is greater than or equal to default reference threshold the unit that the request network re-authenticates.
13. an access device is characterized in that, comprising:
Be used to preserve unit to the encryption key that generates after the subscription authentication;
Be used to receive the unit of the service request information that comprises Non-Access Stratum initialization signaling ciphertext;
Be used for deciphering the Non-Access Stratum initialization signaling ciphertext of described service request information, and handle Non-Access Stratum initialization signaling after the deciphering the unit.
14. a communication system is characterized in that, comprising:
Terminal equipment is used for selecting cryptographic algorithm according to the security capabilities of inherently safe ability and network side access device, and utilizes the cryptographic algorithm of selecting to encrypt the Non-Access Stratum initialization signaling, and sends the service request information that comprises Non-Access Stratum initialization signaling ciphertext;
The base station is used for and will transmits the service request information of described terminal equipment;
Access device is used for utilizing the Non-Access Stratum initialization signaling ciphertext of deciphering described service request information with the corresponding decipherment algorithm of described cryptographic algorithm.
15. communication system as claimed in claim 14 is characterized in that, described base station is to the security capabilities information of the described access device of described end-point device broadcast.
16. communication system as claimed in claim 15 is characterized in that, when described terminal equipment changes at the security capabilities of described access device, upgrades the security capabilities information of the local described access device of preserving.
17., it is characterized in that described terminal equipment comprises as each described communication system of claim 14 to 16:
Be used to obtain the unit of the security capabilities information of network side access device;
Be used to preserve the unit of the security capabilities information of encryption key and described access device;
Be used for selecting cryptographic algorithm, and utilize the cryptographic algorithm of selecting to encrypt the unit of Non-Access Stratum initialization signaling according to the security capabilities of inherently safe ability and network side access device;
Be used to send the unit of the service request information that comprises Non-Access Stratum initialization signaling ciphertext.
18. communication system as claimed in claim 17 is characterized in that, described terminal equipment also comprises:
Be used to preserve the unit of encrypted reference value.
19. communication system as claimed in claim 17 is characterized in that, described terminal equipment also comprises:
Be used for when connection status transits to idle condition, recomputating the unit of described encrypted reference value the user;
Be used for when described encrypted reference value is greater than or equal to default reference threshold the unit that the request network re-authenticates.
20., it is characterized in that described access device comprises as each described communication system of claim 14 to 16:
Be used to preserve unit to the encryption key that generates after the subscription authentication;
Be used to receive the unit of the service request information that comprises Non-Access Stratum initialization signaling ciphertext;
Be used for deciphering the Non-Access Stratum initialization signaling ciphertext of described service request information, and this request message carried out the unit of respective handling.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2006101138334A CN101166177B (en) | 2006-10-18 | 2006-10-18 | A method and system for initialization signaling transmission at non access layer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2006101138334A CN101166177B (en) | 2006-10-18 | 2006-10-18 | A method and system for initialization signaling transmission at non access layer |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101166177A true CN101166177A (en) | 2008-04-23 |
| CN101166177B CN101166177B (en) | 2010-09-22 |
Family
ID=39334650
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2006101138334A Active CN101166177B (en) | 2006-10-18 | 2006-10-18 | A method and system for initialization signaling transmission at non access layer |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101166177B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102300210A (en) * | 2011-09-01 | 2011-12-28 | 重庆中天重邮通信技术有限公司 | Method for decrypting cipher text of long term evolution (LTE) non-access stratum and signaling monitoring device |
| CN103813308B (en) * | 2012-11-13 | 2017-11-10 | 电信科学技术研究院 | A kind of uplink data transmission method, apparatus and system |
| CN110536291A (en) * | 2019-01-18 | 2019-12-03 | 中兴通讯股份有限公司 | A kind of authentication method, device and system |
| CN111182539A (en) * | 2017-03-24 | 2020-05-19 | 华为技术有限公司 | Communication method and device |
| CN111557104A (en) * | 2018-12-11 | 2020-08-18 | 联发科技(新加坡)私人有限公司 | Apparatus and method for protecting initial non-access stratum (NAS) messages after a Public Land Mobile Network (PLMN) change |
| WO2022082667A1 (en) * | 2020-10-22 | 2022-04-28 | 华为技术有限公司 | Method and apparatus for secure transmission of data |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2332594B (en) * | 1997-12-19 | 2002-12-11 | Motorola Ireland Ltd | Method of processing a service request in a communications system, and control unit for same |
| FI111423B (en) * | 2000-11-28 | 2003-07-15 | Nokia Corp | A system for securing post-handover communications |
| US6983376B2 (en) * | 2001-10-16 | 2006-01-03 | Qualcomm Incorporated | Method and apparatus for providing privacy of user identity and characteristics in a communication system |
| AU2002336891A1 (en) * | 2002-08-16 | 2004-03-11 | Siemens Aktiengesellschaft | Method for identifying a communications terminal |
-
2006
- 2006-10-18 CN CN2006101138334A patent/CN101166177B/en active Active
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102300210A (en) * | 2011-09-01 | 2011-12-28 | 重庆中天重邮通信技术有限公司 | Method for decrypting cipher text of long term evolution (LTE) non-access stratum and signaling monitoring device |
| CN102300210B (en) * | 2011-09-01 | 2017-08-04 | 重庆中天重邮通信技术有限公司 | LTE Non-Access Stratum ciphertext decryption methods and its monitoring signaling device |
| CN103813308B (en) * | 2012-11-13 | 2017-11-10 | 电信科学技术研究院 | A kind of uplink data transmission method, apparatus and system |
| CN111182539A (en) * | 2017-03-24 | 2020-05-19 | 华为技术有限公司 | Communication method and device |
| CN111182539B (en) * | 2017-03-24 | 2023-04-07 | 华为技术有限公司 | Communication method and device |
| CN111557104A (en) * | 2018-12-11 | 2020-08-18 | 联发科技(新加坡)私人有限公司 | Apparatus and method for protecting initial non-access stratum (NAS) messages after a Public Land Mobile Network (PLMN) change |
| CN111557104B (en) * | 2018-12-11 | 2023-11-10 | 联发科技(新加坡)私人有限公司 | Apparatus and method for protecting NAS message after PLMN change |
| CN110536291A (en) * | 2019-01-18 | 2019-12-03 | 中兴通讯股份有限公司 | A kind of authentication method, device and system |
| WO2020147854A1 (en) * | 2019-01-18 | 2020-07-23 | 中兴通讯股份有限公司 | Authentication method, apparatus and system, and storage medium |
| WO2022082667A1 (en) * | 2020-10-22 | 2022-04-28 | 华为技术有限公司 | Method and apparatus for secure transmission of data |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101166177B (en) | 2010-09-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10397775B2 (en) | Key exchange method and apparatus | |
| KR102269726B1 (en) | A secondary base station apparatus, a communication method for a secondary base station apparatus, a master base station apparatus, a communication method for a master base station apparatus, a mobile terminal apparatus, a communication method for a mobile terminal apparatus, and an integrated circuit | |
| CN102291680B (en) | Encrypted group calling method based on long term evolution (TD-LTE) trunking communication system | |
| US8627092B2 (en) | Asymmetric cryptography for wireless systems | |
| US8045715B2 (en) | Method of handling security key change and related communication device | |
| CN102594555B (en) | Security protection method for data, entity on network side and communication terminal | |
| CN103179558B (en) | Group system group exhales encryption implementation method and system | |
| EP2109278B1 (en) | Method and apparatus for generating a new key | |
| EP3700127B1 (en) | Method and system for key distribution in a wireless communication network | |
| US20200228977A1 (en) | Parameter Protection Method And Device, And System | |
| EP2946581A1 (en) | Secure communications in a cellular system with split user and control planes | |
| US20120170745A1 (en) | Method and device for encrypting user identity during paging procedure | |
| CN101562813A (en) | Method for implementing real-time data service, real-time data service system and mobile terminal | |
| CN101166177B (en) | A method and system for initialization signaling transmission at non access layer | |
| US20150229620A1 (en) | Key management in machine type communication system | |
| WO2012084484A1 (en) | Operator-assisted key establishment | |
| CN102056157A (en) | Method, system and device for determining keys and ciphertexts | |
| CN101820629A (en) | Identity authentication method, device and system in wireless local area network (WLAN) | |
| KR20100087023A (en) | End-to-end encrypted communication | |
| WO2014131356A1 (en) | Method, system, and terminal for hierarchical management of group keys of broadband cluster system | |
| CN103369523A (en) | Method for improving cluster downlink safety | |
| CN102404721A (en) | Safety protecting method of Un interface, device and base station | |
| KR102256875B1 (en) | How to provide security for multiple NAS connections using separate counts, and associated network nodes and wireless terminals | |
| CN108156604B (en) | Group calling encryption transmission method and device of cluster system, cluster terminal and system | |
| CN103813272A (en) | Cluster group calling downlink transmission method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |