CN101820622B - The method and system of managing empty mapping keys in wireless communication system - Google Patents

The method and system of managing empty mapping keys in wireless communication system Download PDF

Info

Publication number
CN101820622B
CN101820622B CN201010121128.5A CN201010121128A CN101820622B CN 101820622 B CN101820622 B CN 101820622B CN 201010121128 A CN201010121128 A CN 201010121128A CN 101820622 B CN101820622 B CN 101820622B
Authority
CN
China
Prior art keywords
target rnc
srnc
key
sends
air interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201010121128.5A
Other languages
Chinese (zh)
Other versions
CN101820622A (en
Inventor
冯成燕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201010121128.5A priority Critical patent/CN101820622B/en
Publication of CN101820622A publication Critical patent/CN101820622A/en
Priority to PCT/CN2011/070436 priority patent/WO2011095077A1/en
Application granted granted Critical
Publication of CN101820622B publication Critical patent/CN101820622B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
    • H04W36/0038Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/10Reselecting an access point controller
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/12Access point controller devices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides the method and system of managing empty mapping keys in a kind of wireless communication system, relate to; Described method, comprising: after SRNC migration is carried out in service radio resource controller (SRNC+) decision-making strengthened, and described SRNC+ sends air interface key information to Target RNC, comprises mapping key.

Description

The method and system of managing empty mapping keys in wireless communication system
Technical field
The present invention relates to the communications field, particularly relate to the method and system of managing empty mapping keys in a kind of wireless communication system.
Background technology
3GPP (3rdGenerationPartnershipProject, third generation partner program) in Release7, have employed OFDM (OrthogonalFrequencyDivisionMultiplexing, and multiple-input and multiple-output (Multiple-InputMultiple-Output OFDM), MIMO) technology completes HSDPA (HighSpeedDownlinkPacketAccess, high-speed downlink packet accesses) and HSUPA (HighSpeedUplinkPacketAccess, High Speed Uplink Packet access) following evolution road HSPA+.HSPA+ is the enhancing technology of 3GPPHSPA (comprising HSDPA and HSUPA), for HSPA operator provide low complex degree, low cost from HSPA to the approach of LTE smooth evolution.
HSPA+ is by adopting high order modulation (as downlink 64 QAM (QuadratureAmplitudeModulation, quadrature amplitude modulation) and up 16QAM), MIMO (Multiple-InputMultiple-Out-put, multiple-input and multiple-output) and the technology such as high-stage modulation and the combination of MIMO, improve peak data rate and spectrum efficiency.On the other hand, in order to better support Packet Service, HSPA+ additionally uses other enhancing technology a series of to reach adding users capacity, reduce time delay, to reduce terminal power consumption, supports the targets such as the multicast/broadcast ability of ip voice communication (VOIP) and elevator system better.
Be compared to HSPA, HSPA+ in system architecture by radio network controller (RadioNetworkController, RNC) function transfers to base-station node B (NodeB), forms the Radio Access Network framework of complete flattening, as shown in Figure 1.Now claim the NodeB being integrated with complete RNC function to be EvolvedHSPANodeB, or strengthen Node B (NodeB+).SGSN+ has carried out upgrading supporting SGSN (SERVICEGPRSSUPPORTNODE, the Serving GPRS Support Node of HSPA+ safety function; GPRS (GeneralPacketRadioSystem, General Packet Radio System).ME+ is the subscriber terminal equipment supporting HSPA+ safety function.The HSPA system of evolution can use 3GPPRel-5 and later version of eating dishes without rice or wine, to the HSPA business of eating dishes without rice or wine without any amendment.After adopting this scheme, each NodeB+ becomes the node that is equivalent to RNC, having Iu-PS interface can directly and PSCN (CoreNetwork, core net) connect, Iu-PS user face terminates at SGSN, if wherein network support direct tunnel function, Iu-PS user face also can terminate at GGSN (GatewayGPRSSupportNode, Gateway GPRS Support Node).Communication between the HSPANodeB of evolution is performed by Iur interface.NodeB+ has the ability of independence networking, and supports complete mobility functions, comprises between system and intra-system handover.
After flattening, user face data without RNC, directly can arrive GGSN, this means that the encryption of user plane and integrity protection function must move forward to NodeB+.The HSPA+ safe key hierarchical structure that current Ericsson proposes as shown in Figure 2.Wherein, K (Key, i.e. root key), CK (CipheringKey, i.e. encryption key) and IK (IntegrityKey, i.e. Integrity Key) definition and UMTS (UniversalMobileTelecommunicationsSystem, universal mobile telecommunications system) in completely the same.Namely K is stored in AuC (AuthenticationCenter, AUC) and USIM (UNIVERSALSUBSCRIBERIDENTITYMODULE, general subscription person's identity module) in root key, CK and IK is the encryption key that calculated by K when carrying out AKA (AuthenticationandKeyAgreement, certification and cryptographic key agreement) of subscriber equipment and HSS and Integrity Key.In umts, namely RNC uses CK and IK to be encrypted and integrity protection data.Due in HSPA+ framework, the function of RNC is all transferred to base station NodeB+, then encryption and decryption all need be carried out at NodeB+ place, and NodeB+ is arranged in unsafe environment, and fail safe is not high especially.Therefore HSPA+ introduces one and is similar to EUTRAN (EvolvedUniversalTerrestrialRadioAccessNetwork, the universal terrestrial access network of evolution) key hierarchy, i.e. UTRAN key hierarchy (UTRANKeyHierarchy).In UTRAN key hierarchies, intermediate key K aSMEUbe the key that HSPA+ newly introduces, being derived by CK and IK generates.Further, K aSMEUgenerate CK uand IK u, wherein CK ufor encrypting user face data and chain of command signaling, IK ufor carrying out integrity protection to chain of command signaling.
In a wcdma system, the concept of SRNC (ServingRNC) and DRNC (DriftRNC) is created due to the introducing of Iur interface.SRNC and DRNC is for some concrete UE, is a concept in logic.Briefly, for some UE, in the connection between itself and CN, be directly connected with CN, and be the SRNC of this UE to the RNC that all resources of UE control; In connection between UE and CN, be not connected with CN, being only UE provides the RNC of resource to be the DRNC of this UE.The UE being in connection status and must can only have a SRNC, can have 0 or multiple DRNC.
SRNC migration (SRNCRelocation) refers to that the SRNC of UE becomes the process of another RNC from a RNC.According to there is the difference of UE present position before and after migration, static migrating can be divided into and with migration two kinds of situations, or (UEInvolved) that (UENotInvolved) that be divided into UE not relate to and UE relate to.
Occur the condition of static migrating be UE from a DRNC, and only to access from a DRNC.Because transition process does not need the participation of UE, so be also referred to as (UENotInvolved) migration that UE do not relate to.After moving, the connection of Iur interface is released, and Iu interface moves, and former DRNC becomes SRNC, as shown in Figure 3.Cause when static migrating is soft handover, because Iur interface, so migration is not very anxious, waits all wireless links all after DRNC, just start to move.
Refer to that UE is from SRNC direct-cut operation to Target RNC with migration, simultaneously the process that changes of Iu interface, as shown in Figure 4.Because transition process needs the participation of UE, so be also referred to as (UEInvolved) migration that UE relates to.
In the umts system, before and after SRNC moves, encryption key CK and Integrity Key IK does not change.DRNC obtains integrity protection information's (comprising the protection algorithm integrallty of Integrity Key IK and permission) and/or the enciphered message (comprising the cryptographic algorithm of encryption key CK and permission) of this UE from SRNC or SGSN place.
The SRNC migration related in HSPA+, can regard the combination of NodeB and RNC as by NodeB+.The two is a physical entity, but still can regard 2 different logic entities as.Therefore support in the present invention that the logic module in the NodeB+ of HSPA+ key hierarchy also can regard the RNC upgraded in UMTS as.In order to distinguish, we can be referred to as RNC+.Therefore the SRNC+ in the present invention and source NodeB+ is equal to, DRNC+ and target NodeB+and equivalent.
In the network topology of reality, support the network entity of HSPA+ safety function and do not support the network entity of HSPA+ and deposit, when SRNC moves, subscriber equipment will be there is and support that the SRNC+ of HSPA+ safety function moves to the scene that is not supported the Target RNC of HSPA+ safety function from one.And when SRNC+ makes migration decision-making, be likely and do not know whether Target RNC supports HSPA+ safety function.Now how carrying out the mapping of safe context, is an open question.
Summary of the invention
The invention provides the method and system of managing empty mapping keys in a kind of wireless communication system, realize the mapping of safe context.
To achieve the above object of the invention, the invention provides following technical scheme:
A method for managing empty mapping keys in wireless communication system, comprising:
After SRNC migration is carried out in service radio resource controller (SRNC+) decision-making strengthened, described SRNC+ sends air interface key information to Target RNC, comprises mapping key.
Further, described method also has following features: during following arbitrary condition, and described SRNC+ sends the air interface key information comprising mapping key, comprising:
Described SRNC+ can not know the support information of described Target RNC to HSPA+ safety function;
Described SRNC+ can know the support information of described Target RNC to HSPA+ safety function, but described Target RNC can not support HSPA+ safety function.
Further, described method also has following features: specifically comprise:
Described SRNC+ sends migration request message to Target RNC, carries described air interface key information; Or,
Described SRNC+ sends described air interface key information by core net node to described Target RNC.
Further, described method also has following features: described SRNC+ sends described air interface key information by core net node, specifically comprises:
Described SRNC+ sends migration to described core net node needs request, carries described air interface key information;
Described core net node sends migration request message to described Target RNC, carries described key information.
Further, described method also has following features: described core net node is following any one or its combination in any, comprising: the MSC/VLR (MSC/VLR+) of Serving GPRS Support Node (SGSN), mobile switching centre-location register (MSC/VLR), the SGSN (SGSN+) strengthened and enhancing.
Further, described method also has following features: described air interface key information is stored in SRNC+ and sends in the transparent vessel of Target RNC.
Further, described method also has following features: described mapping key is Integrity Key and/or encryption key.
Further, described method also has following features: the generation parameter of described mapping key comprises intermediate key K aSMEUwith at least one in following parameter:
Cryptographic algorithm mark (enc-alg-ID) selected, integral algorithm mark (int-alg-ID) selected, Target RNC is the frequency (UARFCN) of user equipment allocation, Target RNC is the scrambler (ScramblingCode) of user equipment allocation, comprise IMSI, TMSI and Radio Network Temporary Identifier RNTI is in interior user ID, Target RNC identifies, start (START) parameter, integrality sequence number (COUNT-I), upstream or downstream wireless heterogeneous networks sequence number (RRCSN) and upstream or downstream wireless spread-spectrum technology sequence number (RLCSN), random number FRESH, strengthen the Physical Cell Identifier (PCI) of Node B and strengthen the absolute frequency of Node B.
Further, described method also has following features: if SRNC+ can not know whether Target RNC supports HSPA+ safety function, then the described air interface key information that SRNC+ sends to Target RNC also comprises intermediate key K aSMEU.
Further, described method also has following features: comprise intermediate key K when described Target RNC receives aSMEUair interface key information after, also comprise: if Target RNC does not support HSPA+ safety function, described Target RNC ignores intermediate key K aSMEU, memory integrity key and/or encryption key; Or, if during Target RNC support HSPA+ safety function, described Target RNC is according to described intermediate key K aSMEUprocess.
A kind of wireless communication system, is characterized in that, comprise multiple radio resource controller,
After SRNC migration is carried out in service radio resource controller (SRNC+) decision-making strengthened, described SRNC+ sends air interface key information to Target RNC, comprises mapping key.
Further, described system also has following features: during following arbitrary condition, and described SRNC+ sends the air interface key information comprising mapping key, comprising:
Described SRNC+ can not know the support information of described Target RNC to HSPA+ safety function;
Described SRNC+ can know the support information of described Target RNC to HSPA+ safety function, but described Target RNC can not support HSPA+ safety function.
Further, described system also has following features: specifically comprise:
Described SRNC sends migration request message to Target RNC, carries described air interface key information; Or,
Described SRNC sends described air interface key information by core net node to described Target RNC.
Further, described system also has following features: when described SRNC+ sends described air interface key information by core net node, specifically comprise:
Described SRNC+ sends migration to described core net node needs request, carries described air interface key information;
Described core net node sends migration request message to described Target RNC, carries described key information.
Further, described system also has following features: described core net node is following any one or its combination in any, comprising: Serving GPRS Support Node (SGSN), mobile switching centre-location register (MSC/VLR), the SGSN (SGSN+) strengthened, the MSC/VLR (MSC/VLR+) that strengthens.
Further, described system also has following features: described air interface key information is stored in SRNC+ and sends in the transparent vessel of Target RNC.
Further, described system also has following features: described mapping key is Integrity Key and/or encryption key.
Further, described system also has following features: the generation parameter of described mapping key comprises intermediate key K aSMEUwith at least one in following parameter:
Cryptographic algorithm mark (enc-alg-ID) selected, integral algorithm mark (int-alg-ID) selected, Target RNC is the frequency (UARFCN) of user equipment allocation, Target RNC is the scrambler (ScramblingCode) of user equipment allocation, comprise IMSI, TMSI and Radio Network Temporary Identifier RNTI is in interior user ID, Target RNC identifies, start (START) parameter, integrality sequence number (COUNT-I), upstream or downstream wireless heterogeneous networks sequence number (RRCSN) and upstream or downstream wireless spread-spectrum technology sequence number (RLCSN), random number FRESH, strengthen the Physical Cell Identifier (PCI) of Node B and strengthen the absolute frequency of Node B.
Further, described system also has following features: if SRNC+ can not know whether Target RNC supports HSPA+ safety function, then the described air interface key information that SRNC+ sends to Target RNC also comprises intermediate key K aSMEU.
Intermediate key K is comprised when described Target RNC receives aSMEUair interface key information after, also comprise:
If Target RNC does not support HSPA+ safety function, described Target RNC ignores intermediate key K aSMEU, memory integrity key and/or encryption key; Or, if during Target RNC support HSPA+ safety function, described Target RNC is according to described intermediate key K aSMEUprocess.
Technical scheme provided by the invention, after SRNC migration is carried out in SRNC decision-making, described SRNC sends empty mapping keys information to Target RNC, realizes the mapping of safe context, is convenient to practical application.
Accompanying drawing explanation
Fig. 1 is the configuration diagram of the Radio Access Network adopting HSPA+ technology in prior art;
Fig. 2 is HSPA+ safe key hierarchical structure schematic diagram in prior art;
Fig. 3 is SRNC static migrating schematic diagram in prior art;
Fig. 4 is SRNC adjoint migration schematic diagram in prior art;
Fig. 5 is the update method flow chart of air interface key in the present invention;
Fig. 6 is another flow chart of the update method of air interface key in the present invention;
Fig. 7 is the another flow chart of the update method of air interface key in the present invention.
Embodiment
Below in conjunction with accompanying drawing, technical scheme provided by the invention is described further.
Embodiment one
The present embodiment illustrates that SRNC+ is when SRNC migration is carried out in decision-making, derivation mapping key: Integrity Key IK, and/or the method for encryption key CK:
The derivation parameter of the Integrity Key IK/ encryption key CK mapped is except intermediate key K aSMEUin addition, at least comprise one of following parameter or its combination in any: cryptographic algorithm mark (enc-alg-ID) of selection, integral algorithm mark (int-alg-ID) selected, Target RNC is the frequency (UARFCN) of this user equipment allocation, Target RNC is the scrambler (ScramblingCode) of this user equipment allocation, user ID is (as IMSI, TMSI, Radio Network Temporary Identifier RNTI etc.), Target RNC identifies, beginning (START) parameter defined in UMTS, upstream or downstream integrality sequence number (COUNT-I) parameter defined in UMTS, upstream or downstream wireless heterogeneous networks sequence number (RRCSN) parameter defined in UMTS, upstream or downstream wireless spread-spectrum technology sequence number (RLCSN) parameter defined in UMTS, random number FRESH, strengthen the Physical Cell Identifier (PCI) of Node B and strengthen the absolute frequency (UARFCN) of Node B.
Below provide several examples deriving from the Integrity Key IK/ encryption key CK mapped, the parameter arrangement in its bracket is regardless of tandem, and multiple parameter can connect with " ‖ " cascade or the different form obtained:
(CK,IK)=F(K ASMEU,RRCSN)
Or (CK, IK)=F (K aSMEU, RLCSN)
Or (CK, IK)=F (K aSMEU, COUNT-I)
Or (CK, IK)=F (K aSMEU, START)
Or (CK, IK)=F (K aSMEU, PCI, UARFCN)
Or (CK, IK)=F (K aSMEU, PCI, UARFCN, ScramblingCode)
Wherein F is arbitrary key generating algorithm, such as: can be the KDF algorithm of 3GPP definition.
Wherein, described random number FRESH is defined parameter in UMTS.This random number length is 32.When connection establishment, by RNC (correspond in HSPA+, be NodeB+ or SRNC+) for each user generates a random number FRESH, and be handed down to user by Security Mode Command message.In the duration of whole connection, network and user use this random number to calculate Message Authentication Code (MAC-I), for the protection of the Replay Attack of network from subscriber signaling message.
Wherein, starting parameter (START) is defined parameter in UMTS, be stored in subscriber equipment (UE) and Global Subscriber identification card (UniversalSubscriberIdentityModule, USIM) in, for the life cycle of managing cryptographic keys and Integrity Key, once successfully among certification and key agreement procedure, in ME and USIM, be initialized to 0 with the START value of newly-generated cipher key associated.When setting up wireless connections, the value starting parameter is sent to radio network controller by wireless spread-spectrum technology connection setup complete message by subscriber equipment, in wireless connections maintenance process, subscriber equipment and radio network controller increase progressively beginning parameter value according to networking rule.After START value reaches the threshold value of regulation, key is disabled.
Integrality sequence number (COUNT-I) length is 32, is made up of the RRC sequence number (RRCSN) of 4 and the Hyper Frame Number of 28.Hyper Frame Number increased progressively in each RRCSN cycle, and RRC sequence number (RRCSN) increases progressively in the wireless spread-spectrum technology message of each integrity protection.
The Physical Cell Identifier (PCI) and the absolute frequency that strengthen Node B can be broadcasted in the system broadcast message strengthening Node B.Strengthening Node B assigns is obtain from network side before user and network set up wireless connections to the scrambler of subscriber equipment.
Embodiment two
The present embodiment illustrates that user is from the management method of SRNC (SRNC+) to empty mapping keys in the RNC transition process not supporting HSPA+ safety function supporting HSPA+ safety function.In the present embodiment, the NodeB+ of flattening is regarded as the RNC (RNC+) of evolution, and this process uses the SRNC strengthened to move flow process, namely directly communicates between source RNC and Target RNC, need not by the transfer of core net node.Detailed process is as shown in Figure 5:
Step 501, SRNC+ decision-making carry out SRNC migration.
Wherein the trigger condition of this decision-making comprises:
Receive the measurement report of subscriber equipment;
Cell update is carried out in the up signalling instruction requirement receiving Target RNC transmission;
URA renewal is carried out in the up signalling instruction requirement receiving Target RNC transmission.
Step 502, SRNC+ are according to intermediate key K aSMEUderive and map Integrity Key IK and/or mapping encrypting ciphering key K.
In this step, if SRNC+ can not determine whether Target RNC supports HSPA+ safety function, then whether this operation Target RNC supports that HSPA+ safety function is all carried out; If SRNC+ can know whether Target RNC supports HSPA+ safety function, then only just carry out when Target RNC does not support HSPA+ safety function.Wherein the derivation formula of mapping key is see embodiment one, repeats no more herein.
Step 503, SRNC+ send migration request message to Target RNC, carry the key material of this subscriber equipment.Described key material comprises one of following parameter or its combination in any: intermediate key K aSMEU, map Integrity Key IK and mapping encrypting ciphering key K.Wherein said key material can be carried at SRNC+ and send in the transparent vessel of Target RNC.Wherein this transparent vessel refers to that recipient's (as Target RNC) of information in container only information just resolves, and does not resolve for intermediate node (as SGSN (+) or MSC/VLR (+)).Wherein SGSN (+) represents it can is support HSPA+ safety function (SGSN namely strengthened, referred to as SGSN+), also can not support HSPA+ safety function (i.e. SGSN); In like manner MSC/VLR (+).
If step 504 Target RNC supports HSPA+ safety function, then Target RNC+directly use intermediate key K aSMEU, move security mechanism according to the SRNC of HSPA+ definition and process, repeat no more, flow process terminates herein.If Target RNC does not support HSPA+ safety function, then ignore intermediate key K aSMEU, Target RNC need store the mapping Integrity Key IK and/or mapping encrypting ciphering key K that receive, and proceeds step 505 ~ 510.
Step 505, Target RNC are user resource allocation, send migration response message to SRNC+, and optional carrying uses the contextual indication information of mapping for notifying user equipment.
Step 506, SRNC+ send physical channel reconfiguration message or UTRAN mobility information message to subscriber equipment, and optional carrying uses the contextual indication information of mapping for notifying user equipment.
Step 507, subscriber equipment are according to intermediate key K aSMEUderive and map Integrity Key IK and/or mapping encrypting ciphering key K.The derivation formula of mapping key, see embodiment one, repeats no more herein.This step also can perform before step 505.
Step 508, establish after RRC connects between subscriber equipment and Target RNC, Target RNC is the good necessary Radio Resource of user equipment allocation, and subscriber equipment has reshuffled message or UTRAN mobility information acknowledge message to Target RNC transmission physical channel.
Optionally, the Integrity Key IK of mapping can also be adopted to carry out integrity protection to the message that subscriber equipment sends, or, adopt mapping Integrity Key IK and mapping encrypting ciphering key K to carry out integrality and encipherment protection to the message that subscriber equipment sends simultaneously.
Step 509, Target RNC receive subscriber equipment send physical channel reshuffled message or UTRAN mobility information acknowledge message after, adopt Integrity Key IK and/or mapping encrypting ciphering key K this message is decrypted and/or is verified.
Iu interface between the release of step 510, core net and source RNC, wherein said core net node is following any one or its combination in any, comprising: the MSC/VLR (MSC/VLR+) of Serving GPRS Support Node (SGSN), mobile switching centre-location register (MSC/VLR), the SGSN (SGSN+) strengthened and enhancing.
Embodiment three
This example demonstrates the another kind of example of SRNC+ migration.In this embodiment, the interacting message between SRNC+ and Target RNC needs the transfer by core net node CNN (+) (SGSN (+) or MSC/VLR (+)), as shown in Figure 6:
Step 601, SRNC+ decision-making carry out SRNC migration.
Wherein the trigger condition of this decision-making comprises:
Receive the measurement report of subscriber equipment;
Cell update is carried out in the up signalling instruction requirement receiving Target RNC transmission;
URA renewal is carried out in the up signalling instruction requirement receiving Target RNC transmission.
Step 602, SRNC+ are according to intermediate key K aSMEUderive and map Integrity Key IK and/or mapping encrypting ciphering key K.If SRNC+ can not determine whether Target RNC supports HSPA+ safety function, then whether this operation Target RNC supports that HSPA+ safety function is all carried out; If SRNC+ can know whether Target RNC supports HSPA+ safety function, then this operation is only when Target RNC does not support that HSPA+ safety function is just carried out.The derivation formula of mapping key, see embodiment one, repeats no more herein.
Step 603, SRNC+ send migration to the whole core net nodes be connected with SRNC needs message.
The wherein said whole core net nodes be connected with SRNC+ can be the combinations of one or more SGSN (+) and/or MSC/VLR (+) node.
Optionally, described migration needs message to carry to comprise the key material of one of following parameter or its combination in any: intermediate key K aSMEU, map Integrity Key IK and mapping encrypting ciphering key K.Wherein this key material can be carried on SRNC+ and sends in the transparent vessel of Target RNC.
Step 604, core net node send migration request message to Target RNC, at least carry one of following parameter or its combination in any: intermediate key K aSMEU, map Integrity Key IK and mapping encrypting ciphering key K.This key material can be carried on SRNC+ and send in the transparent vessel of Target RNC.
If step 605 Target RNC supports HSPA+ safety function, then Target RNC directly uses intermediate key K aSMEU, move security mechanism according to the SRNC of HSPA+ definition and process, repeat no more, flow process terminates herein.If Target RNC does not support HSPA+ safety function, then ignore intermediate key K aSMEU, the mapping Integrity Key IK that Target RNC storage receives and/or mapping encrypting ciphering key K, and perform step 606 ~ 612.
Step 606, Target RNC send migration request acknowledge message to core net node, and optional carrying uses the contextual indication information of mapping for notifying user equipment.
Optionally, before the message is sent, Target RNC and core net set up new Iu carrying, are the resources such as user equipment allocation RRC connection resource and wireless link.
Step 607, core net send migration command messages to SRNC+, and optional carrying uses the contextual indication information of mapping for notifying user equipment.
Step 608, SRNC+ send physical channel reconfiguration message or UTRAN mobility information message to subscriber equipment, carry and use the contextual indication information of mapping for notifying user equipment.
Step 609, subscriber equipment are according to intermediate key K aSMEUderive and map Integrity Key IK and/or mapping encrypting ciphering key K.The derivation formula of mapping key, as described in above-described embodiment, repeats no more herein.This step can perform before step 607.
Step 610, subscriber equipment send physical channel to Target RNC and have reshuffled message or UTRAN mobility information acknowledge message.
Optionally, the Integrity Key IK of mapping can also be adopted to carry out integrity protection to the message that subscriber equipment sends, or, adopt mapping Integrity Key IK and mapping encrypting ciphering key K to carry out integrality and encipherment protection to the message that subscriber equipment sends simultaneously.
Step 611, Target RNC receive UTRAN mobility information acknowledge message that subscriber equipment sends or after physical channel reshuffled message, adopt to map Integrity Key IK and/or mapping encrypting ciphering key K and be decrypted this message and/or verify.If the information authentication success that Target RNC sends subscriber equipment, then Target RNC and core net node carry out interacting message, notify that the whole core net node SRNC be connected with Target RNC have moved.The wherein said whole core net nodes be connected with Target RNC with SRNC+ can be nodes (as SGSN+ or MSC/VLR+), also can be multiple core net node (as SGSN+ and SGSN, or MSC/VLR+ and MSC/VLR).
Iu interface between the release of step 612, core net node and SRNC+, wherein said core net node is following any one or its combination in any, comprising: Serving GPRS Support Node (SGSN), mobile switching centre-location register (MSC/VLR), the SGSN (SGSN+) strengthened, the MSC/VLR (MSC/VLR+) that strengthens.
Embodiment four
A kind of example of air interface key renewal is carried out, as shown in Figure 7 when this example demonstrates URA (UMTSRigistrationArea, UMTS Acceditation Area) renewal or cell update.Upgrade at this URA or in cell updating course, carried out SRNC migration simultaneously.Step is described as follows:
After cell reselection made by step 701, subscriber equipment, send URA updating message or cell update message to UTRAN.
Step 702, Target RNC are by receiving URA updating message or the cell update message of this unknown subscriber's equipment, and the SRNC+ to this user sends up signalling Indication message.
Step 703, SRNC+ decision-making initiate SRNC transition process.
SRNC migration is carried out between SRNC+ and Target RNC in step 704 ~ 709.This process is identical to step 607 with the step 602 in embodiment three, repeats no more herein.
Step 710, SRNC+ send migration to Target RNC and submit message to, and request target RNC proceeds migration, and optional carrying maps contextual indication information for notifying user equipment use.
Step 711, Target RNC and core net node carry out alternately, confirm that SRNC has moved.
Step 712, Target RNC send URA to subscriber equipment and upgrade acknowledge message or community acknowledge message, and optional carrying uses the contextual indication information of mapping for notifying user equipment.
Wherein step 710 and step 711 sequencing regardless of time.
Step 713, subscriber equipment are according to intermediate key K aSMEUderive and map Integrity Key IK and/or mapping encrypting ciphering key K.Wherein the derivation formula of mapping key is see embodiment one, repeats no more herein.This step also can perform before step 712.
Step 714, subscriber equipment send UTRAN mobility information acknowledge message to Target RNC, or physical channel has reshuffled message.
Optionally, the Integrity Key IK of mapping can also be adopted to carry out integrity protection to the message that subscriber equipment sends, or, adopt mapping Integrity Key IK and mapping encrypting ciphering key K to carry out integrality and encipherment protection to the message that subscriber equipment sends simultaneously.
Step 715, Target RNC receive UTRAN mobility information acknowledge message that subscriber equipment sends or after physical channel reshuffled message, are decrypted with mapping Integrity Key IK and/or mapping encrypting ciphering key K and/or verify this message.If the information authentication success that Target RNC sends subscriber equipment, the Iu interface between core net release and SRNC+.This step and step 711, step 712 sequencing regardless of time.
In the SRNC transition process of this embodiment, the interacting message between Target RNC and SRNC+ also can not by the transfer of core net node.
Corresponding with above-described embodiment, a kind of wireless communication system of the present invention, comprises multiple radio resource controller,
After SRNC migration is carried out in service radio resource controller (SRNC+) decision-making strengthened, described SRNC+ sends air interface key information to Target RNC, comprises mapping key.
Wherein when following arbitrary condition, described SRNC+ sends the air interface key information comprising mapping key, comprising:
Described SRNC+ can not know the support information of described Target RNC to HSPA+ safety function;
Described SRNC+ can know the support information of described Target RNC to HSPA+ safety function, but described Target RNC can not support HSPA+ safety function.
Wherein said SRNC+ sends described air interface key information and specifically comprises:
Described SRNC sends migration request message to Target RNC, carries described air interface key information; Or,
Described SRNC sends described air interface key information by core net node to described Target RNC.
When described SRNC+ sends described air interface key information by core net node, described SRNC+ sends migration to described core net node needs request, carries described air interface key information; Described core net node sends migration request message to described Target RNC, carries described key information.
Wherein said core net node is as next and combination in any, comprising: Serving GPRS Support Node (SGSN), mobile switching centre-location register (MSC/VLR), the SGSN (SGSN+) strengthened and the MSC/VLR (MSC/VLR+) strengthened.
Further, described air interface key information is stored in SRNC+ and sends in the transparent vessel of Target RNC.
Described mapping key is Integrity Key and/or encryption key.
Optionally, the generation parameter of described mapping key comprises intermediate key K aSMEUwith at least one in following parameter: selection cryptographic algorithm mark (enc-alg-ID), integral algorithm mark (int-alg-ID) selected, Target RNC is the frequency (UARFCN) of user equipment allocation, Target RNC is the scrambler (ScramblingCode) of user equipment allocation, comprise IMSI, TMSI and Radio Network Temporary Identifier RNTI is in interior user ID, Target RNC identifies, start (START) parameter, integrality sequence number (COUNT-I), upstream or downstream wireless heterogeneous networks sequence number (RRCSN) and upstream or downstream wireless spread-spectrum technology sequence number (RLCSN), random number FRESH, strengthen the Physical Cell Identifier (PCI) of Node B and strengthen the absolute frequency (UARFCN) of Node B.
If SRNC+ can not know whether Target RNC supports HSPA+ safety function, the described air interface key information that SRNC+ sends to Target RNC also comprises intermediate key K aSMEU.
Intermediate key K is comprised when described Target RNC receives aSMEUair interface key information after, also comprise:
If Target RNC does not support HSPA+ safety function, described Target RNC ignores intermediate key K aSMEU, memory integrity key and/or encryption key; Or, if during Target RNC support HSPA+ safety function, described Target RNC is according to described intermediate key K aSMEUprocess.
One of ordinary skill in the art will appreciate that all or part of step realizing above-described embodiment is that the hardware that can carry out instruction relevant by program completes, described program can be stored in a kind of computer-readable recording medium, this program perform time, step comprising embodiment of the method one or a combination set of.
In addition, each functional unit in each embodiment of the present invention can adopt the form of hardware to realize, and the form of software function module also can be adopted to realize.If described integrated module using the form of software function module realize and as independently production marketing or use time, also can be stored in a computer read/write memory medium.
The above-mentioned storage medium mentioned can be read-only memory, disk or CD etc.
The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, is anyly familiar with those skilled in the art in the technical scope that the present invention discloses; change can be expected easily or replace, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range described in claim.

Claims (16)

1. the method for managing empty mapping keys in wireless communication system, is characterized in that, comprising:
After SRNC migration is carried out in the service radio resource controller SRNC+ decision-making strengthened, described SRNC+ sends air interface key information to Target RNC, comprises mapping key;
If SRNC+ can not know whether Target RNC supports HSPA+ safety function, then the described air interface key information that SRNC+ sends to Target RNC also comprises intermediate key K aSMEU;
Described air interface key information is stored in SRNC+ and sends in the transparent vessel of Target RNC.
2. method according to claim 1, is characterized in that, during following arbitrary condition, described SRNC+ sends the air interface key information comprising mapping key, comprising:
Described SRNC+ can not know the support information of described Target RNC to HSPA+ safety function;
Described SRNC+ can know the support information of described Target RNC to HSPA+ safety function, but described Target RNC can not support HSPA+ safety function.
3. method according to claim 1, is characterized in that, specifically comprises:
Described SRNC+ sends migration request message to Target RNC, carries described air interface key information; Or,
Described SRNC+ sends described air interface key information by core net node to described Target RNC.
4. method according to claim 3, is characterized in that, when described SRNC+ sends described air interface key information by core net node, specifically comprises:
Described SRNC+ sends migration to described core net node needs request, carries described air interface key information;
Described core net node sends migration request message to described Target RNC, carries described key information.
5. method according to claim 4, it is characterized in that, described core net node is following any one or its combination in any, comprising: the MSC/VLR (MSC/VLR+) of Serving GPRS Support Node (SGSN), mobile switching centre-location register (MSC/VLR), the SGSN (SGSN+) strengthened and enhancing.
6. method according to claim 5, is characterized in that, described mapping key is Integrity Key and/or encryption key.
7. method according to claim 6, is characterized in that, the generation parameter of described mapping key comprises intermediate key K aSMEUwith at least one in following parameter:
Cryptographic algorithm mark (enc-alg-ID) selected, integral algorithm mark (int-alg-ID) selected, Target RNC is the frequency (UARFCN) of user equipment allocation, Target RNC is the scrambler (ScramblingCode) of user equipment allocation, comprise IMSI, TMSI and Radio Network Temporary Identifier RNTI is in interior user ID, Target RNC identifies, start (START) parameter, integrality sequence number (COUNT-I), upstream or downstream wireless heterogeneous networks sequence number (RRCSN) and upstream or downstream wireless spread-spectrum technology sequence number (RLCSN), random number FRESH, strengthen the Physical Cell Identifier (PCI) of Node B and strengthen the absolute frequency of Node B.
8. method according to claim 1, is characterized in that, comprises intermediate key K when described Target RNC receives aSMEUair interface key information after, also comprise:
If Target RNC does not support HSPA+ safety function, described Target RNC ignores intermediate key K aSMEU, memory integrity key and/or encryption key; Or, if during Target RNC support HSPA+ safety function, described Target RNC is according to described intermediate key K aSMEUprocess.
9. a wireless communication system, is characterized in that, comprises multiple radio resource controller,
After SRNC migration is carried out in the service radio resource controller SRNC+ decision-making strengthened, described SRNC+ sends air interface key information to Target RNC, comprises mapping key;
If SRNC+ can not know whether Target RNC supports HSPA+ safety function, then the described air interface key information that SRNC+ sends to Target RNC also comprises intermediate key K aSMEU;
Described air interface key information is stored in SRNC+ and sends in the transparent vessel of Target RNC.
10. system according to claim 9, is characterized in that, during following arbitrary condition, described SRNC+ sends the air interface key information comprising mapping key, comprising:
Described SRNC+ can not know the support information of described Target RNC to HSPA+ safety function;
Described SRNC+ can know the support information of described Target RNC to HSPA+ safety function, but described Target RNC can not support HSPA+ safety function.
11. systems according to claim 9, is characterized in that, specifically comprise:
Described SRNC+ sends migration request message to Target RNC, carries described air interface key information; Or,
Described SRNC+ sends described air interface key information by core net node to described Target RNC.
12. systems according to claim 11, is characterized in that, when described SRNC+ sends described air interface key information by core net node, specifically comprise:
Described SRNC+ sends migration to described core net node needs request, carries described air interface key information;
Described core net node sends migration request message to described Target RNC, carries described key information.
13. systems according to claim 12, it is characterized in that, described core net node is following any one or its combination in any, comprising: Serving GPRS Support Node (SGSN), mobile switching centre-location register (MSC/VLR), the SGSN (SGSN+) strengthened, the MSC/VLR (MSC/VLR+) that strengthens.
14. systems according to claim 9, is characterized in that, described mapping key is Integrity Key and/or encryption key.
15. systems according to claim 14, is characterized in that, the generation parameter of described mapping key comprises intermediate key K aSMEUwith at least one in following parameter:
Cryptographic algorithm mark (enc-alg-ID) selected, integral algorithm mark (int-alg-ID) selected, Target RNC is the frequency (UARFCN) of user equipment allocation, Target RNC is the scrambler (ScramblingCode) of user equipment allocation, comprise IMSI, TMSI and Radio Network Temporary Identifier RNTI is in interior user ID, Target RNC identifies, start (START) parameter, integrality sequence number (COUNT-I), upstream or downstream wireless heterogeneous networks sequence number (RRCSN) and upstream or downstream wireless spread-spectrum technology sequence number (RLCSN), random number FRESH, strengthen the Physical Cell Identifier (PCI) of Node B and strengthen the absolute frequency of Node B.
16. systems according to claim 10, is characterized in that, comprise intermediate key K when described Target RNC receives aSMEUair interface key information after, also comprise:
If Target RNC does not support HSPA+ safety function, described Target RNC ignores intermediate key K aSMEU, memory integrity key and/or encryption key; Or, if during Target RNC support HSPA+ safety function, described Target RNC is according to described intermediate key K aSMEUprocess.
CN201010121128.5A 2010-02-05 2010-02-05 The method and system of managing empty mapping keys in wireless communication system Active CN101820622B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201010121128.5A CN101820622B (en) 2010-02-05 2010-02-05 The method and system of managing empty mapping keys in wireless communication system
PCT/CN2011/070436 WO2011095077A1 (en) 2010-02-05 2011-01-20 Method, system and apparatus for managing air interface mapping key in wireless communication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201010121128.5A CN101820622B (en) 2010-02-05 2010-02-05 The method and system of managing empty mapping keys in wireless communication system

Publications (2)

Publication Number Publication Date
CN101820622A CN101820622A (en) 2010-09-01
CN101820622B true CN101820622B (en) 2016-02-10

Family

ID=42655515

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201010121128.5A Active CN101820622B (en) 2010-02-05 2010-02-05 The method and system of managing empty mapping keys in wireless communication system

Country Status (2)

Country Link
CN (1) CN101820622B (en)
WO (1) WO2011095077A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102469454A (en) * 2010-11-08 2012-05-23 华为技术有限公司 Key setting method in radio network controller (RNC) and wireless network controller as well as terminal
CN102137398B (en) * 2011-03-10 2017-04-12 中兴通讯股份有限公司 Updating method, device and user facility of improved secret key
WO2017004828A1 (en) * 2015-07-09 2017-01-12 华为技术有限公司 Method and device for upgrading cryptographic algorithm
CN111182539B (en) 2017-03-24 2023-04-07 华为技术有限公司 Communication method and device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101715188A (en) * 2010-01-14 2010-05-26 中兴通讯股份有限公司 Updating method and updating system of air interface key
CN101835149A (en) * 2009-03-12 2010-09-15 华为技术有限公司 Method for realizing migration, method for reporting failure, communication system and related devices

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1889399B1 (en) * 2005-06-10 2012-03-14 Samsung Electronics Co., Ltd. Method for managing group traffic encryption key in wireless portable internet system
CN100488281C (en) * 2005-08-24 2009-05-13 华为技术有限公司 Method for acquring authentication cryptographic key context from object base station
CN101009644B (en) * 2006-12-25 2011-03-30 华为技术有限公司 A holding method for cross-Iur interface connection of the multicast service and DRNC

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101835149A (en) * 2009-03-12 2010-09-15 华为技术有限公司 Method for realizing migration, method for reporting failure, communication system and related devices
CN101715188A (en) * 2010-01-14 2010-05-26 中兴通讯股份有限公司 Updating method and updating system of air interface key

Also Published As

Publication number Publication date
CN101820622A (en) 2010-09-01
WO2011095077A1 (en) 2011-08-11

Similar Documents

Publication Publication Date Title
CN101715188B (en) A kind of update method of air interface key and system
US8712054B2 (en) Method and system for establishing enhanced key when terminal moves to enhanced universal terminal radio access network (UTRAN)
CN101742500B (en) A kind of method and system of deriving air interface secret key
US8565433B2 (en) Method and system for managing air interface key
US9848323B2 (en) Method for resolving security issues using NH and NCC pairs in mobile communication system
CN101841810B (en) The update method of air interface key, core net node and wireless access system
CN101835154B (en) A kind of method and system setting up the air interface key of enhancing
CN101909292B (en) The update method of air interface key, core net node and subscriber equipment
CN101820622B (en) The method and system of managing empty mapping keys in wireless communication system
CN101860862B (en) Method and system for establishing enhanced key in moving process from terminal to enhanced universal terrestrial radio access network (UTRAN)
CN101645877A (en) Method, system and network node for consulting cipher key derivative function
CN101917717B (en) The method and system of key are set up when interconnecting between a kind of GERAN and enhancing UTRAN
CN101902738B (en) The update method of air interface key, device and wireless access system
CN102137398B (en) Updating method, device and user facility of improved secret key

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant