CN101977378B - Information transferring method, network side and via node - Google Patents
Information transferring method, network side and via node Download PDFInfo
- Publication number
- CN101977378B CN101977378B CN201010507955.8A CN201010507955A CN101977378B CN 101977378 B CN101977378 B CN 101977378B CN 201010507955 A CN201010507955 A CN 201010507955A CN 101977378 B CN101977378 B CN 101977378B
- Authority
- CN
- China
- Prior art keywords
- key
- management interface
- network side
- binding
- network element
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a kind of information transferring method, network side and terminal, the method comprises: network side after management interface sets up secure connection, obtains management interface security related information from managed network element at managed network element and via node RN; Network side use management interface security relevant information and evolved packet system EPS safe key carry out the binding of key; Network side notice RN and EPS safe key carries out the binding of key, and uses the key after binding to carry out information transmission.By the present invention, improve the security performance communicated between network side and RN.
Description
Technical field
The present invention relates to the communications field, in particular to a kind of information transferring method, network side and via node.
Background technology
Long Term Evolution (Long Term Evolution, referred to as LTE) network, Fig. 1 is the schematic diagram of the LTE network framework according to correlation technique, as shown in Figure 1, by evolution Universal Terrestrial Radio Access Network (Evolved Universal Terrestrial Radio AccessNetwork, referred to as E-UTRAN) and evolution packet switching center (Evolved PacketCore, referred to as EPC) composition, this network presents flattening.EUTRAN is connected with EPC by S1 interface.Wherein, EUTRAN is made up of multiple interconnective evolution base station (Evolved NodeB, referred to as eNB), is connected between each eNB by X2 interface; EPC is made up of Mobility Management Entity (Mobility Management Entity, referred to as MME) and service gateway entity (Serving Gateway, referred to as S-GW).In addition, also has a Home Environment (Home Environment in the system architecture is described, referred to as HE), i.e. home subscriber server (Home Subscriber Server, referred to as HSS) or attaching position register (Home Location Register, referred to as HLR), as customer data base.This customer data base comprises user profile, performs authentication and the mandate of user, and can provide the information etc. of associated subscriber physical location.
In order to meet the demand of growing large bandwidth high-speed mobile access, third generation partnership project (Third Generation Partnership Projects, referred to as 3GPP) release senior Long Term Evolution (Long-Term Evolution advance, referred to as LTE-Advanced) standard.LTE-Advanced remains the core of LTE for the evolution of LTE system, adopts a series of technology to expand frequency domain, spatial domain on this basis, improves the availability of frequency spectrum, increases the objects such as power system capacity to reach.Namely wireless relay (Relay) technology is one of technology in LTE-Advanced, be intended to the coverage of Extended Cell, reduce the area, dead angle in communication, balanced load, the business of transfer hot zones, save subscriber equipment (User Equipment, referred to as UE) the i.e. transmitting power of terminal.Fig. 2 be according to the introducing via node of correlation technique after the schematic diagram of access network framework, as shown in Figure 2, a kind of new via node (Relay-Node is increased in the existing network architecture, referred to as RN), use wireless connections between this newly-increased RN and alms giver's evolution base station (Donor-eNB).Wherein, the interface between Donor-eNB and RN is called Un mouth, and wireless link is between the two called back haul link (backhaul link); Interface between RN and subscriber equipment is called Uu mouth, and wireless link is therebetween called access link (accesslink).Downlink data first arrives Donor-eNB, then passes to RN, and RN transfers to UE again, otherwise up.The alms giver's evolution base station DeNB Unify legislation connected by RN is in the following description evolution base station eNB.
Wireless connections between network side and RN, in order to ensure that on above-mentioned back haul link and Uu mouth, data normally send, the configuration of RN and host base station DeNB jurisdiction district is needed to adapt, namely the configuration of RN may timely modification, wherein the configuration parameter of a part can be adjusted according to self configuration and send to RN by eat dishes without rice or wine (i.e. Un mouth) by DeNB, but some configuration needs the operator of special delegated authority to do unified planning, frequency and power etc. that the such as certificates identified of RN equipment, or RN uses.And this task is generally completed by operation management maintain (Operator AdministrationMaintenance, referred to as OAM) network element by operator.OAM is present in the management entity that core net (i.e. EPC) is inner or be present in Ethernet.But in order to ensure the legitimacy configured, prevent external attacker from illegally configuring equipment or revising, and prevent the access etc. of illegal RN equipment, when OAM is configured RN, need the legitimacy ensureing RN and OAM both sides, need the connection of the management interface between RN and OAM being set up a safety for this reason, such as Transport Layer Security (Transport Layer Security, referred to as TLS) connect or Internet protocol safety (IP Security, referred to as IPsec) connect or SSL (Security Socket Layer, referred to as SSL) connect, above-mentioned secure connection process of establishing is utilized to realize OAM to the certification of RN and RN to the certification of OAM.The successful foundation of the secure connection on management interface also represent the legitimacy of OAM and RN equipment.
Accordingly, in wireless communication procedure, when RN is as a terminal equipment, RN can as common UE access of radio network.Common UE network side when accessing can carry out authentication and cryptographic key agreement (the Authentication and KeyAgreement of user to this its, referred to as AKA), in LTE system, this process is also referred to as evolved packet system (Evolved Packet System) AKA, i.e. EPS AKA.
It should be noted that, in above-mentioned verification process, UE refers to mobile device (MobileEquipment, referred to as ME) and Global Subscriber identification module (Universal SubscriberIdentity Module, USIM) general name, said process is actual to be completed by USIM, this process completes the certification of USIM, i.e. user authentication.After said process completes, USIM can generate IK and CK according to root key K and send to ME, ME generates intermediate key KASME according to IK and CK, complete network by said process and (or claim signing certification to the USIM certification of terminal, subscription Authentication) and cryptographic key agreement, it should be noted that the usim card said represents the Universal Integrated Circuit Card (UniversalIntegrated Circuit Card, UICC) of broad sense here.By user authentication, UE and network side can generate IK and CK according to root key K and send to ME, and ME generates intermediate key K according to IK and CK
aSME, then use other new keys of this key derivation, respectively to the protection of communication data realizing Access Layer (Acesss Stratum, referred to as AS) and Non-Access Stratum (Non-accessStratum, referred to as NAS).Wherein Access Layer safeguard protection key (such as wireless heterogeneous networks (Radio Resource Control, referred to as RRC) connect encryption key KRRCenc and RRC tegrity protection key KRRCint, the encryption key KUPenc in user face) derived from according to algorithms of different by key K eNB respectively, and KeNB can by MME according to KASME or down hop value (Next Hop, referred to as NH) derive from, also can by down hop value (the Next Hop of eNB according to the old KeNB of current use or preservation, referred to as NH) derive from, wherein down hop value NH is derived from according to KASME or old NH by MME.Concrete derivation algorithm used is the key derivation algorithm (Key Derivation Function, referred to as KDF) of agreement.
RN is the general name of relay node equipment (or being called RN platform) and usim card (or claiming UICC card), and RN can complete the USIM certification of RN according to said process.If but RN is as base station, before this base station service UE, first need the legitimacy guaranteeing this base station, because if this base station is an illegality equipment, then may threaten the subscriber equipment of its service.
In addition, even RN is a legal equipment, also there is following security threat, Fig. 3 is the rogue attacks schematic diagram according to correlation technique, as shown in Figure 3, if there is rogue attacks person (Attacker) that legal usim card is inserted illegal RN equipment, inserted by illegal usim card in legal RN equipment, when certification, assailant uses legal USIM and RN to complete corresponding user authentication and device authentication respectively simultaneously.In practical communication process; illegal RN equipment can get the Access Layer safeguard protection key that legal usim card certification produces; and the safeguard protection cryptographic key protection of section communication data acquisition Access Layer between RN and network side, assailant just can distort or eavesdrop Content of Communication between RN and DeNB by illegal RN equipment.
Summary of the invention
Main purpose of the present invention is to provide a kind of information transferring method, via node and side, networking, uses the RN that gets and network side safety Protective Key to distort or steal the problem of RN and DeNB Content of Communication to solve assailant in above-mentioned correlation technique.
To achieve these goals, according to an aspect of the present invention, a kind of information transferring method is provided.
Information transferring method according to the present invention comprises: network side after management interface sets up secure connection, obtains management interface security related information from managed network element at managed network element and via node RN; Network side use management interface security relevant information and evolved packet system EPS safe key carry out the binding of key; Network side notice RN and EPS safe key carries out the binding of key, and uses the key after binding to carry out information transmission.
To achieve these goals, according to a further aspect in the invention, a kind of network side is provided.
Network side according to the present invention comprises: acquisition module, at managed network element and via node RN after management interface sets up secure connection, obtain management interface security related information from managed network element; Key bindings module, carries out the binding of key for use management interface security relevant information and evolved packet system EPS safe key; Notification module, for notifying that RN carries out carrying out with EPS safe key the binding of key; Transport module, carries out information transmission for using the key after binding.
To achieve these goals, according to another aspect of the invention, a kind of via node is provided.
Via node according to the present invention comprises: generation module, key K _ RN:K_RN=KDF (the EPS safe key with management interface secure binding is generated according to following formula for using EPS safe key and management interface security related information, secure connection relevant information, Y), wherein, KDF is predetermined key derivation algorithm, and Y is optional parameters, and optional parameters comprises one of following: the random number that parameter, RN or network side that RN and network side are shared generate; Binding module, carries out key bindings for using key K _ RN as one of following: new intermediate key; New AS layer and/or new NAS layer key.
Pass through the present invention; adopt network side at RN after managed network element sets up secure connection; the secure connection relevant information that use gets and EPS safe key carry out the binding of key; and use the key of this binding to carry out information transmission; solving assailant in correlation technique uses the RN that gets and network side safety Protective Key to distort or steal the problem of RN and DeNB Content of Communication, and then reaches the effect improving the security performance communicated between network side and RN.
Accompanying drawing explanation
Accompanying drawing described herein is used to provide a further understanding of the present invention, and form a application's part, schematic description and description of the present invention, for explaining the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is the schematic diagram of the LTE network framework according to correlation technique;
Fig. 2 be according to the introducing via node of correlation technique after the schematic diagram of access network framework;
Fig. 3 is the rogue attacks schematic diagram according to correlation technique;
Fig. 4 is the flow chart of the information transferring method according to the embodiment of the present invention;
Fig. 5 is the flow chart one of key bindings method according to the preferred embodiment of the invention;
Fig. 6 is the flowchart 2 of key bindings method according to the preferred embodiment of the invention;
Fig. 7 is the flow chart 3 of key bindings method according to the preferred embodiment of the invention;
Fig. 8 is the flow chart four of key bindings method according to the preferred embodiment of the invention;
Fig. 9 is secret generating schematic diagram according to the preferred embodiment of the invention;
Figure 10 is the structured flowchart of network side according to the preferred embodiment of the invention;
Figure 11 is the preferred structured flowchart of network side according to the preferred embodiment of the invention; And
Figure 12 is the structured flowchart of RN according to the preferred embodiment of the invention.
Embodiment
It should be noted that, when not conflicting, the embodiment in the application and the feature in embodiment can combine mutually.Below with reference to the accompanying drawings and describe the present invention in detail in conjunction with the embodiments.
Present embodiments provide a kind of information transferring method, Fig. 4 is the flow chart of the information transferring method according to the embodiment of the present invention, and as shown in Figure 4, the method comprises:
Step S402: network side after management interface sets up secure connection, obtains management interface security related information from managed network element at managed network element and RN.
Step S404: network side use management interface security relevant information and EPS safe key carry out the binding of key.
Step S406: network side notice RN and EPS safe key carries out the binding of key, and uses the key after binding to carry out information transmission.
Pass through above-mentioned steps; network side and RN are after RN and managed network element set up secure connection; the management interface security related information that use gets and EPS safe key carry out the binding of key; and use the key of this binding to carry out the protection of information transmission; overcoming assailant in correlation technique uses the RN that gets and network side safety Protective Key to distort or steal RN and network side (such as DeNB) Content of Communication, improves the reliability communicated between network side and RN.
Preferably, management interface security related information comprises one of following: the TLS set up with management interface is connected, IPsec connects, the security parameter of SSL join dependency.
Preferably, at managed network element and RN before management interface sets up secure connection, said method also comprises: network side and RN carry out EPS AKA, and generate EPS safe key, and wherein, EPS safe key comprises: intermediate key K
aSMEor the Access Layer AS key using intermediate key to generate and/or Non-Access Stratum NAS key, AS key comprise following one of at least: key K
eNB, down hop value NH, AS layer RRC connect encryption key K
rRCenc, tegrity protection key K
rRCint, user face encryption key
kUPenc; NAS key comprises: NAS encryption key K
nASencwith NAS tegrity protection key K
nASint.By the generation step of the preferred embodiment, RN generates EPS safe key, ensure that the legitimacy of RN as a terminal use.
Below one of step S404 is preferred embodiment described.Network side uses EPS safe key and management interface security related information to generate key K _ RN:K_RN=KDF (the EPS safe key with management interface secure binding according to following formula, management interface security related information, Y), wherein, KDF is predetermined key derivation algorithm, Y is optional parameters, and optional parameters comprises one of following: the random number that parameter, RN or network side that RN and network side are shared generate; Network side uses key K _ RN to carry out key bindings as one of following: new intermediate key; New AS layer and/or new NAS layer key.By the generation step of the preferred embodiment, network side generates the key with management interface secure binding according to EPS safe key and management interface security related information, improves the fail safe communicated between RN and network side.
After the process that network side use management interface security relevant information and EPS safe key carry out key bindings also can occur in and notify that RN carries out key bindings process.
Preferably, network side obtains management interface security related information from managed network element and comprises: network side one of in the following manner obtains management interface security related information from managed network element: the message sent by managed network element directly obtains management interface security related information; Sent a request message to managed network element by the network side at its place, secure connection relevant information is sent to network side by response message by managed network element; Secure connection relevant information is indirectly obtained by network element transfer or from predetermined network element.By the preferred embodiment, network side obtains management interface security related information by direct or indirect mode, improves the flexibility that network side obtains management interface security related information.
Preferably, the binding that network side notice RN carries out carrying out with EPS safe key key comprises: by one of following message, network side notifies that RN and EPS safe key carries out the binding of key: existing NAS, AS message; Newly-increased NAS or AS layer message, the indication information wherein carrying key bindings in message is used to indicate RN to carry out management interface security related information and is used to indicate corresponding binding algorithm to the algorithm identification information that EPS secure cryptographic key information is bound and/or key bindings uses.By the preferred embodiment, use above-mentioned message informing RN and EPS safe key to carry out key bindings, improve the reliability of key bindings.
Preferably, after step S406, also comprise: RN uses EPS safe key and management interface security related information to generate key K _ RN:K_RN=KDF (the EPS safe key with management interface secure binding according to following formula, secure connection relevant information, Y), wherein, KDF is predetermined key derivation algorithm, Y is optional parameters, and optional parameters comprises one of following: the random number that parameter, RN or network side that RN and network side are shared generate; RN uses key K _ RN to carry out key bindings as one of following: new intermediate key; New AS layer and/or new NAS layer key.By the preferred embodiment, RN carries out key bindings, improves the reliability of communication.
Preferably, network side comprises one of following: mobile management unit (MME) or evolution base station (eNB); Managed network element comprises one of following: operation management maintain OAM or the network element for the management interface secure connection that manages RN.By the preferred embodiment, improve the flexibility of key bindings method.
Embodiment one
Step 1: management interface security related information is informed to network side by managed network element and RN after management interface successfully sets up secure connection.
Preferably; above-mentioned secure connection refers to the interface channel by safeguard protection that managed network element and RN set up on management interface; such as current Transport Layer Security (TransportLayer Security; referred to as TLS) connection or Internet protocol safety (IPSecurity, referred to as IPsec) connection etc.
Preferably, above-mentioned management interface security related information refers to: in the security parameter information relevant to above-mentioned secure connection, such as the protection of the safe key of secure connection, or the security parameter etc. that RN and managed network element are shared by secure connection.
Preferably, management interface security related information is informed to network side by managed network element can one of in the following ways:
(1) directly inform network side by managed network element by message, or initiated to obtain request process by network side.
(2) indirectly inform network side, as by other network element transfers of centre, or management interface security related information is stored in special network element by managed network element, by network side active obtaining etc.
Step 2: EPS safe key and management interface security related information are bound after network side receives, generates the new key with management interface secure binding.
Preferably, above-mentioned EPS safe key refers to the intermediate key K reached an agreement on after RN and network side carry out certification by EPS AKA to user in connection establishment process
aSME, or use intermediate key K
aSMEderive from AS and/or NAS key in one or more.NAS layer key comprises: NAS encryption key K
nASenc, NAS tegrity protection key K
nASint; Access layer secret key comprises: key K
eNB, down hop value NH, AS layer RRC connect encryption key K
rRCencwith tegrity protection key K
rRCint, user face encryption key K
uPencdeng.
Preferably, the method that EPS safe key and management interface security related information are bound comprises by above-mentioned network side:
Use EPS safe key and management interface security related information as input, the key of the new and management interface secure binding that key derivation algorithm according to a preconcerted arrangement generates, that is: with the key=key derivation algorithm (EPS safe key, management interface security related information) of management interface secure binding.
Wherein, can as new intermediate key with the key of management interface secure binding, or new AS layer and/or NAS layer key, unlike, now new key is bound with management interface security-related parameters.RN and network side can use new key, or other key derived from by new key is for the protection of the communication security between RN and network side.
Preferably, what can also use other in this generation computational process enters ginseng, such as, use the parameter that RN and network side are shared, or the random number etc. using RN and/or network side to generate.
Step 3: network side receives backward RN and initiates security key change process, notice RN carries out identical key bindings process.
Preferably, above-mentioned security key change process can NAS or the AS message of multiplexing current existence, such as: NAS safe mode command (NAS security mode command, or wireless resource control connection reconfiguration (Radio Resource ControlConnection Reconfiguration NASSMC), referred to as RRC ConnectionReconfiguration) message, also can by newly-increased NAS or AS layer message.Carry in the message key bindings indication information and or the algorithm identification information that uses of key bindings, be respectively used to instruction RN and carry out management interface security related information and bind to EPS secure cryptographic key information and corresponding binding algorithm.
Preferably, managed network element refers to OAM, also can be the network element of other the management interface secure connection for managing RN, such as security gateway (Security Gateway, referred to as SeGW).Network side comprise MME and eNB.Singly can refer to MME or eNB in specific implementation process, also can refer to MME and eNB.
Alternatively, in above-mentioned steps, the key bindings process of network side, i.e. step 2, also can occur after step 3.Namely network side first carries out the binding of safe key by security key change process notifications RN, carries out the key bindings process of network side after waiting the response receiving RN again.
It should be noted that, the agreement key derivation algorithm in above-described embodiment is the cipher key calculation method that RN and network side consult, and can adopt existing known method, not repeat them here.
By this preferred embodiment, the key of the identical and management interface secure binding that RN and network side all generate, can using these keys as new EPS safe key, for the protection of the communication data safety between RN and network side; Or utilize these keys to derive from other AS layer or NAS layer key information as new EPS safe key, improve the fail safe of the communication data between RN and network side.
Embodiment two
The present embodiment combines above-described embodiment and preferred implementation wherein, present embodiments provide a kind of key bindings method, in the present embodiment, RN and managed network element set up secure connection, and management interface security information is informed to MME, do key bindings by MME, and notify that RN also carries out the generation of new key, Fig. 5 is the flow chart one of key bindings method according to the preferred embodiment of the invention, and as shown in Figure 5, the method comprises the steps:
Step 501:RN and MME carries out EPS AKA process and carries out user authentication, and the intermediate key K that reaches an agreement on
aSME, and utilize intermediate key K
aSMEwireless connections between other AS layers derived from or cryptographic key protection RN and the eNB of NAS layer and MME.
Step 503: the wireless connections based on RN and network side carry, RN sets up and sets up TLS secure connection with corresponding managed network element OAM, the Handshake Protocol connected by TLS obtains the relevant key information Ktls of secure connection, optionally, Ktls here also can be other parameter informations shared by this secure connection.
The key information Ktls that secure connection is correlated with by step 505:OAM sends to the MME be connected with RN.
Step 507:MME utilizes existing intermediate key KASME and the Ktls received as parameter, key derivation algorithm according to a preconcerted arrangement generates new for key K ASME '=KDF (KASME that is management interface secure binding, Ktls), Fig. 9 is secret generating schematic diagram according to the preferred embodiment of the invention, and said process as shown in Figure 9.
Preferably, can also be introduced other enter ginseng in this computational process, the parameter etc. that such as network identity (such as PLMN id) or other RN and MME are shared.
Preferably, also new key K eNB can be generated, and/or down hop NH, and/or NAS layer key, such as:
K
eNB'=KDF (K
aSME, Ktls, X), wherein X is for can be selected into ginseng, such as current up NAS count value Uplink NAS COUNT.
NH '=KDF (K
aSME, Ktls, Y), wherein Y is for can be selected into ginseng, such as current down hop NH.
K '
nAsencor K '
nASint=KDF (K
aSME, Ktls, Z), wherein Z is for can be selected into ginseng, such as algorithm identification information etc.
Step 509:MME sends NAS safe mode command (Security ModeCommand, SMC) message to RN, wherein carries key bindings indication information, and this information can be independently indication information element, and/or the algorithm mark etc. of key bindings.
Preferably, MME also can carry out key bindings by other NAS message notice RN; Accordingly, the response response message corresponding with this request message of follow-up RN.
After step 511:RN receives, the binding method identical with MME is adopted to generate new for key that is management interface secure binding;
Step 513:RN replys NAS safe mode to MME and completes (Security ModeComplete, referred to as SMC Complete) message.
By this preferred embodiment, the key of the identical and management interface secure binding that RN and network side all generate.Utilize this key or communicated by other keys of this key derivation, improve the communications security of RN and network side.
Embodiment three
The present embodiment combines above-described embodiment and preferred implementation wherein, present embodiments provide a kind of key bindings method, in the present embodiment, the IPsec setting up user's conservative management interface security between RN with managed network element is connected, and by managed network element, the relevant information with this management interface safety is notified MME, the binding with the safe key of Access Layer is carried out by MME, then security key change process is initiated by message trigger eNB, Fig. 6 is the flowchart 2 of key bindings method according to the preferred embodiment of the invention, as shown in Figure 6, the method comprises following step:
Step 601:RN and MME carries out EPS AKA process and carries out user authentication, and the intermediate key K that reaches an agreement on
aSME, and utilize intermediate key K
aSMEderive key K
eNB, preferably, also have down hop NH value and other AS layer or the key of NAS layer, for the protection of the wireless connections between RN and eNB and MME.
Step 603: the wireless connections based on RN and network side carry, RN sets up and sets up IPsec secure connection with corresponding managed network element OAM, the relevant key information Kipsec of secure connection is obtained by IKEv2 agreement, preferably, Kipsec herein also can be other parameter informations shared by this secure connection.
The key information Kipsec that secure connection is correlated with by step 605:OAM sends to the MME be connected with RN; Concrete can be that OAM directly notifies MME, also can by other network element transfer.
Step 607:MME utilizes existing key K
eNBwith the Kipsec received as parameter, Fig. 9 is secret generating schematic diagram according to the preferred embodiment of the invention, and as shown in Figure 9, key derivation algorithm according to a preconcerted arrangement generates new for key K that is management interface secure binding
eNB'=KDF (K
eNB, Kipsec).
Preferably, can also be introduced other enter ginseng in this computational process, the parameter etc. that such as device identification or other RN and MME are shared.
Preferably, also new key K can be generated according to down hop value
eNB', and/or generate new down hop NH ', such as:
K
eNB'=KDF (NH, Kipsec, X), wherein X is for optionally other enter ginseng, such as current down hop count value (NH chaining count, referred to as NCC).
NH '=KDF (NH/K
eNB, Ktls, Y), wherein Y is for optionally other enter ginseng, such as intermediate key K
aSME.
Step 609:MME sends customer equipment context amendment request (UE Context Modification Request) message, wherein with key that is newly-generated and management interface secure binding to the service eNB of RN; Preferably, in order to distinguish common key, in message, extra indication information can also be increased.
Optionally, MME also can send above-mentioned information by other known S1 mouth message, and newly-increased message can also be used to replace above-mentioned UE context modification request message.Accordingly, follow-up response message also will use the message corresponding with request message.
Wireless resource control connection reconfiguration (Radio Resource Control Connection Reconfiguration is sent to RN after step 611:eNB receives, RRCConnection Reconfiguration) message, the indication information of key bindings is wherein carried out with instruction RN.Optionally, indication information can be independently indication information element, and/or the algorithm mark etc. of key bindings.
Alternatively, eNB also can send above-mentioned indication information by other RRC information, and newly-increased RRC information also can be used to transmit above-mentioned binding indication information; The response of corresponding follow-up RN also will use corresponding response message.
After step 613:RN receives, the binding method identical with MME is adopted to generate new for key that is management interface secure binding.
Step 615:RN replys RRC connection reprovision to eNB and completes (RRCReconfiguration Complete) message.
UE contextual modifications response (UEContext Modification Response) message is sent to MME after step 617:eNB receives.
By this preferred embodiment, the key of the identical and management interface secure binding that RN and network side all generate.Utilize this key or communicated by other keys of this key derivation, improve the communications security of RN and network side.
Embodiment four
The present embodiment combines above-described embodiment and preferred implementation wherein, present embodiments provide a kind of key bindings method, in the present embodiment, the secure connection for the protection of corresponding management interface that RN and managed network element are set up can also be SSL secure connection, wherein managed network element here also can be that other outside OAM are for setting up the network element of management interface secure connection, can be such as security gateway (Security Gateway, SeGW); Parameter information relevant for management interface safety is sent to eNB by MME by managed network element simultaneously, and the binding being carried out key by eNB is changed, and then eNB trigger key changes process notifications RN.Fig. 7 is the flow chart 3 of key bindings method according to the preferred embodiment of the invention, and as shown in Figure 7, the method comprises the steps:
Step 701:RN and MME carries out EPS AKA process and carries out user authentication, and the intermediate key K that reaches an agreement on
aSME, and utilize intermediate key K
aSMEderive from the key of other AS layers or NAS layer, comprise key K
eNB, RRC tegrity protection key K
rRCint, RRC encryption key K
rRCencdeng, optionally, also have down hop NH value, and can set up between RN and eNB by the wireless connections of AS layer cryptographic key protection.
Step 703:RN sets up and sets up SSL secure connection with corresponding managed network element (such as SeGW), the relevant key information Kssl of secure connection is obtained by ssl handshake protocol, optionally, Kssl here also can be other parameter informations shared by this secure connection.
The key information Kssl that secure connection is correlated with by step 705:SeGW sends to the MME be connected with RN; Concrete can be that SeGW directly notifies MME, also can by other network element transfers.
Step 707:MME sends customer equipment context amendment request (UEContext Modification Request) message, wherein with the parameter information Kssl that secure connection is relevant to eNB.
Preferably, MME also can send above-mentioned information by other known S1 mouth message, and newly-increased message can also be used to replace above-mentioned UE context modification request message.Correspondingly, follow-up response message also will use the message corresponding with request message.
Step 709:eNB utilizes existing key K
eNBwith the Kssl received as parameter, key derivation algorithm according to a preconcerted arrangement generates new for key K that is management interface secure binding
eNB'=KDF (K
eNB, Kssl), Fig. 9 is secret generating schematic diagram according to the preferred embodiment of the invention, and said process is as shown in Figure 9.
Preferably, can also be introduced other enter ginseng, the Physical Cell Identifier PCI of such as community and/or the downstream frequency information EARFCN-DL of community in this computational process, or the parameter etc. that other RN and eNB share.
Preferably, also new key K can be generated according to down hop value NH
eNB', or generate the encryption/tegrity protection key of new RRC or user face UP, such as:
K
eNB'=KDF (NH, Kssl, X), wherein X is for optionally other enter ginseng, than the Physical Cell Identifier PCI of community and/or the downstream frequency information EARFCN-DL of community.
K '
rRCencor K '
rRCintor K '
uPenc=KDF (K
eNB/ NH, Kssl, Y), wherein Y enters ginseng for optional other, such as algorithm identification information and or algorithm types information etc.
Step 711:eNB sends RRC connection to RN and reshuffles (RRC ConnectionReconfiguration) message, wherein, carries out the indication information of key bindings with instruction RN.Preferably, indication information can be independently indication information element, and/or the algorithm mark etc. of key bindings.
Preferably, eNB also can send above-mentioned indication information by other RRC information, and newly-increased RRC information also can be used to transmit above-mentioned binding indication information; The response of corresponding follow-up RN also will use corresponding response message.
After step 713:RN receives, the binding method identical with eNB is adopted to generate new for key that is management interface secure binding.
Step 715:RN replys RRC connection reprovision to eNB and completes (RRCReconfiguration Complete) message.
UE contextual modifications response (UEContext Modification Response) message is sent to MME after step 717:eNB receives.
Embodiment five
The present embodiment combines above-described embodiment and preferred implementation wherein; present embodiments provide a kind of key bindings method; in the present embodiment; RN and managed network element set up the safety of secure connection for the protection of equipment control interface of other types; the parameter information (such as secure connection relevant information) relevant to management interface safety is directly sent to eNB by managed network element simultaneously; eNB trigger key changing process notice RN binds; Fig. 8 is the flow chart four of key bindings method according to the preferred embodiment of the invention; as shown in Figure 8, the method comprises:
Step 801:RN and MME carries out EPS AKA process and carries out user authentication, and the intermediate key K that reaches an agreement on
aSME, and utilize intermediate key K
aSMEderive from corresponding AS layer safe key, comprise K
eNB, NH, K
rRCint, K
rRCenc, K
uPenc, between RN and eNB, established shielded wireless connections;
Step 803:RN sets up and sets up certain secure connection with corresponding managed network element (such as OAM), the relevant parameter information Ksec of management interface safety is obtained by this secure connection, optionally, Ksec here also can be other parameter informations shared by this secure connection.
The key information Ksec that secure connection is correlated with by step 805:OAM sends to the eNB be connected with RN; Concrete can be that SeGW directly notifies MME, also can by other network element transfers.
Step 807:eNB utilizes key K
eNBwith the Ksec received and the Physical Cell Identifier PCI of community and the downstream frequency information EARFCN-DL of community as parameter, key derivation algorithm according to a preconcerted arrangement generates new for key K that is management interface secure binding
eNB'=KDF (K
eNB, Ksec, PCI, EARFCN-DL), as shown in Figure 8.
Preferably, the Physical Cell Identifier PCI of the parameter cell in this computational process and the downstream frequency information EARFCN-DL of community is optional parameters.
Preferably, can also be introduced other enter ginseng in this computational process, the arbitrary parameter that such as RN and eNB shares, or the random number etc. that RN and/or eNB generates.
Preferably, also new key K can be generated according to down hop value NH
eNB', or generate the encryption/tegrity protection key of new RRC or user face UP, such as:
K
eNB'=KDF (NH, Ksec, X), wherein X is for optionally other enter ginseng, than the Physical Cell Identifier PCI of community and/or the downstream frequency information EARFCN-DL of community.
K
rRCencor K
rRCintor K
uPenc=KDF (K
eNB/ NH, Ksec, Y), wherein Y enters ginseng for optional other, such as algorithm identification information and or algorithm types information etc.
Step 809:eNB sends RRC to RN and connects reprovision (RRC ConnectionReconfiguration) message, and wherein carry key bindings indication information, this information can be independently indication information element, and/or the algorithm mark etc. of key bindings.
Preferably, eNB also can send above-mentioned indication information by other RRC information, and newly-increased RRC information also can be used to transmit above-mentioned binding indication information; The response of corresponding follow-up RN also will use corresponding response message.
After step 811:RN receives, the binding method identical with eNB is adopted to generate new for key that is management interface secure binding.
Step 813:RN replys RRC connection reprovision to eNB and completes (RRC ConnectionReconfiguration Complete) message.
It should be noted that, arranging key derivation algorithm in above-mentioned five embodiments is the cipher key calculation method that RN and network side consult, and can adopt existing known method, not repeat them here.
Preferably; pass through said method; the key of the identical and management interface secure binding that RN and network side all generate; can using these keys as new EPS safe key; for the protection of the communication data safety between RN and network side; also can according to the key information of the new NAS layer of these key derivations or AS layer, concrete derived method can be consistent with the derived method of current EPS safe key, such as utilizes newly-generated K
eNB' encryption and the tegrity protection key in new RRC or user face can be derived from:
K
RRCenc/K
RRCint/K
UPenc=KDF(K
eNB’,Algorithm TypeDistinguisher,Algorithm identity)
Wherein, Algorithm Type Distinguisher and Algorithm identity are respectively and derive from the algorithm types that uses of different key and algorithm identification information;
Preferably, newly-generated K is used
eNB' or down hop value NH ' generate new key K
eNB*:
K
eNB*=KDF (K
eNB'/NH ', PCI, EARFCN-DL), wherein, PCI and EARFCN-DL is respectively the downstream frequency information of Physical Cell Identifier corresponding to current service cell and community.
It should be noted that, can perform in the computer system of such as one group of computer executable instructions in the step shown in the flow chart of accompanying drawing, and, although show logical order in flow charts, but in some cases, can be different from the step shown or described by order execution herein.
Embodiments provide a kind of network side, this RN may be used for realizing above-mentioned information transferring method.Figure 10 is the structured flowchart of network side according to the preferred embodiment of the invention, and as shown in Figure 10, this RN comprises: acquisition module 102, key bindings module 104, notification module 106 and transport module 108, be described in detail said structure below:
Acquisition module 102, at managed network element and RN after management interface sets up secure connection, obtain management interface security related information from managed network element.Key bindings module 104, is connected to acquisition module 102, and the management interface security related information got for using acquisition module 102 and EPS safe key carry out the binding of key; Notification module 106, for notifying that RN carries out carrying out with EPS safe key the binding of key; Transport module 108, is connected to key bindings module 104, and the key after binding for using key bindings module 104 carries out information transmission.
Preferably, management interface security related information comprises one of following: the security parameter that the Transport Layer Security TLS set up with management interface is connected, procotol fail safe IPsec connects, SSL SSL connects.
Figure 11 is the structured flowchart of network side according to the preferred embodiment of the invention, and as shown in figure 11, this network side also comprises: EPS AKA module 112, EPS safe key generation module 114; Key bindings module 104 comprises: secret generating submodule 1042 and key bindings submodule 1044, be described in detail to said structure below.
EPS AKA module 112, for carrying out EPS authentication and cryptographic key agreement AKA with RN; EPS safe key generation module 114, be connected to EPS AKA module 112, for generating EPS safe key, wherein, EPS safe key comprises: intermediate key KASME or the Access Layer AS key using intermediate key to generate and/or Non-Access Stratum NAS key, AS key comprise following one of at least: the RRC of key K eNB, down hop value NH, AS layer connects the encryption key KUPenc in encryption key KRRCenc, tegrity protection key KRRCint, user face; NAS key comprises: NAS encryption key KNASenc and NAS tegrity protection key KNASint.
Key bindings module 104 comprises: secret generating submodule 1042, key K _ RN:K_RN=KDF (the EPS safe key with management interface secure binding is generated according to following formula for using EPS safe key and management interface relevant information, secure connection relevant information, Y), wherein, KDF is predetermined key derivation algorithm, and Y is optional parameters, and optional parameters comprises one of following: the random number that parameter, RN or network side that RN and network side are shared generate; Key bindings submodule 1044, is connected to secret generating submodule 1042, and the key K _ RN generated for using secret generating submodule 1042 carries out key bindings as one of following: new intermediate key; New AS layer and/or new NAS layer key.
Acquisition module 102 one of in the following manner obtains management interface security related information from managed network element: the message sent by managed network element directly obtains management interface security related information; Sent a request message to managed network element by the network side at its place, secure connection relevant information is sent to network side by response message by managed network element; Secure connection relevant information is indirectly obtained by network element transfer or from predetermined network element.
Notification module 106 carries out by one of following message notice RN the binding carrying out key with EPS safe key: existing NAS, AS message; Newly-increased NAS or AS layer message, the indication information wherein carrying key bindings in message is used to indicate RN to carry out management interface security related information and is used to indicate corresponding binding algorithm to the algorithm identification information that EPS secure cryptographic key information is bound and/or key bindings uses.
Embodiments provide a kind of RN, this EN may be used for realizing above-mentioned information transferring method.Figure 12 is the structured flowchart of RN according to the preferred embodiment of the invention, and as shown in figure 12, this network side comprises: generation module 122 and binding module 124, be described in detail to said structure below:
Generation module 122, key K _ RN:K_RN=KDF (the EPS safe key with management interface secure binding is generated according to following formula for using EPS safe key and management interface security related information, secure connection relevant information, Y), wherein, KDF is predetermined key derivation algorithm, and Y is optional parameters, and optional parameters comprises one of following: the random number that parameter, RN or network side that RN and network side are shared generate;
Binding module 124, is connected to generation module 122, and the key K _ RN generated for using generation module 122 carries out key bindings as one of following: new intermediate key; New AS layer and/or new NAS layer key.
It should be noted that, the network side described in above-described embodiment and RN correspond to above-mentioned embodiment of the method, and its concrete implementation procedure carried out detailed description in embodiment of the method, did not repeat them here.
In sum, pass through above-described embodiment, network side is after managed network element and RN set up secure connection, the secure connection relevant information that use gets and EPS safe key carry out the binding of key, and use the key of this binding to carry out information transmission, rogue attacks person cannot learn the security parameter relevant to the secure connection on management interface, thus cannot derive or crack final safe key that is that generate and management interface secure binding, and then rogue attacks can be prevented the eavesdropping of communication data between RN and network side and distort, ensure that the safety of whole communication network.Simultaneously because the secure connection process of establishing on management interface is necessary step, use the security parameter information in this process that network side can be avoided again to initiate the extra identifying procedure to equipment.In addition, because the secure connection on the management interface of RN is relatively stable, can not change because of moving of RN, therefore decrease because the security key change that causes of the frequent change of interface, improve the stability of key bindings.
Obviously, those skilled in the art should be understood that, above-mentioned of the present invention each module or each step can realize with general calculation element, they can concentrate on single calculation element, or be distributed on network that multiple calculation element forms, alternatively, they can realize with the executable program code of calculation element, thus, they can be stored and be performed by calculation element in the storage device, and in some cases, step shown or described by can performing with the order be different from herein, or they are made into each integrated circuit modules respectively, or the multiple module in them or step are made into single integrated circuit module to realize.Like this, the present invention is not restricted to any specific hardware and software combination.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (13)
1. an information transferring method, is characterized in that, comprising:
Network side at managed network element and via node RN after management interface sets up secure connection, management interface security related information is obtained from described managed network element, wherein, described management interface security related information comprises one of following: the Transport Layer Security TLS set up with management interface is connected, procotol fail safe IPsec connects, the security parameter of SSL SSL join dependency;
Network side uses described management interface security related information and evolved packet system EPS safe key to carry out the binding of key, and wherein, described EPS safe key comprises: intermediate key K
aSMEor the Access Layer AS key using described intermediate key to generate and/or Non-Access Stratum NAS key;
Network side notifies that described RN and described EPS safe key carry out the binding of key, and uses the key after binding to carry out information transmission.
2. method according to claim 1, is characterized in that, at managed network element and RN before management interface sets up secure connection, also comprises:
Described network side and described RN carry out EPS authentication and cryptographic key agreement AKA, and generate described EPS safe key, wherein, described AS key comprise following one of at least: key K
eNB, down hop value NH, AS layer RRC connect encryption key K
rRCenc, tegrity protection key K
rRCint, user face encryption key K
uPenc; Described NAS key comprises: NAS encryption key K
nASencwith NAS tegrity protection key K
nASint.
3. method according to claim 2, is characterized in that, the binding that network side uses described management interface security related information and EPS safe key to carry out key comprises:
Described network side uses described EPS safe key and described management interface security related information to generate key K _ RN:K_RN=KDF (the EPS safe key with management interface secure binding according to following formula, secure connection relevant information, Y), wherein, KDF is predetermined key derivation algorithm, Y is optional parameters, and described optional parameters comprises one of following: the random number that parameter, described RN or described network side that described RN and described network side are shared generate;
Described network side uses described key K _ RN to carry out key bindings as one of following: new intermediate key; New AS layer and/or new NAS layer key.
4. method according to claim 1, is characterized in that, described network side obtains management interface security related information from described managed network element and comprises:
Described network side one of in the following manner obtains described management interface security related information from described managed network element: the message sent by described managed network element directly obtains described management interface security related information; Sent a request message to described managed network element by the network side at its place, described secure connection relevant information is sent to described network side by response message by described managed network element; Described secure connection relevant information is indirectly obtained by network element transfer or from predetermined network element.
5. method according to claim 1, is characterized in that, described network side notifies that the binding that described RN carries out carrying out key with described EPS safe key comprises:
By one of following message, described network side notifies that described RN carries out carrying out with EPS safe key the binding of key: existing NAS, AS message; Newly-increased NAS or AS layer message, the indication information carrying key bindings in wherein said message is used to indicate RN to carry out management interface security related information and is used to indicate corresponding binding algorithm to the algorithm identification information that described EPS secure cryptographic key information is bound and/or key bindings uses.
6. method according to claim 1, after network side notifies that described RN carries out carrying out the binding of key with described EPS safe key, also comprises:
Described RN uses described EPS safe key and described management interface security related information to generate key K _ RN:K_RN=KDF (the EPS safe key with management interface secure binding according to following formula, secure connection relevant information, Y), wherein, KDF is predetermined key derivation algorithm, Y is optional parameters, and described optional parameters comprises one of following: the random number that parameter, described RN or described network side that described RN and described network side are shared generate;
Described RN uses described key K _ RN to carry out key bindings as one of following: new intermediate key; New AS layer and/or new NAS layer key.
7. method according to any one of claim 1 to 6, is characterized in that,
Described network side comprises one of following: mobile management unit MME or evolution base station eNB;
Described managed network element comprises one of following: operation management maintain OAM network element or the network element for the management interface secure connection that manages RN.
8. a network side, is characterized in that, comprising:
Acquisition module, for at managed network element and via node RN after management interface sets up secure connection, management interface security related information is obtained from described managed network element, wherein, described management interface security related information comprises one of following: the security parameter that the Transport Layer Security TLS set up with management interface is connected, procotol fail safe IPsec connects, SSL SSL connects;
Key bindings module, for the binding using described management interface security related information and evolved packet system EPS safe key to carry out key, wherein, described EPS safe key comprises: intermediate key K
aSMEor the Access Layer AS key using described intermediate key to generate and/or Non-Access Stratum NAS key;
Notification module, for notifying that described RN carries out carrying out with described EPS safe key the binding of key;
Transport module, carries out information transmission for using the key after binding.
9. network side according to claim 8, is characterized in that, also comprises:
EPS AKA module, for carrying out EPS authentication and cryptographic key agreement AKA with described RN;
EPS safe key generation module, for generating described EPS safe key, wherein, described AS key comprise following one of at least: key K
eNB, down hop value NH, AS layer RRC connect encryption key K
rRCenc, tegrity protection key K
rRCint, user face encryption key K
uPenc; Described NAS key comprises: NAS encryption key K
nASencwith NAS tegrity protection key K
nASint.
10. network side according to claim 8, is characterized in that, described key bindings module comprises:
Secret generating submodule, key K _ RN:K_RN=KDF (the EPS safe key with management interface secure binding is generated according to following formula for using described EPS safe key and described management interface relevant information, secure connection relevant information, Y), wherein, KDF is predetermined key derivation algorithm, and Y is optional parameters, and described optional parameters comprises one of following: the random number that parameter, described RN or described network side that described RN and described network side are shared generate;
Key bindings submodule, carries out the new intermediate key of key bindings for using described key K _ RN as one of following; New AS layer and/or new NAS layer key.
11. network sides according to claim 8, is characterized in that, also comprise:
Described acquisition module one of in the following manner obtains described management interface security related information from described managed network element: the message sent by described managed network element directly obtains described management interface security related information; Sent a request message to described managed network element by the network side at its place, described secure connection relevant information is sent to described network side by response message by described managed network element; Described secure connection relevant information is indirectly obtained by network element transfer or from predetermined network element.
12. network sides according to claim 8, is characterized in that,
By one of following message, described notification module notifies that described RN carries out carrying out with EPS safe key the binding of key: existing NAS, AS message; Newly-increased NAS or AS layer message, the indication information carrying key bindings in wherein said message is used to indicate RN to carry out management interface security related information and is used to indicate corresponding binding algorithm to the algorithm identification information that described EPS secure cryptographic key information is bound and/or key bindings uses.
13. 1 kinds of via node RN, is characterized in that, comprising:
Generation module, key K _ RN:K_RN=KDF (the EPS safe key with management interface secure binding is generated according to following formula for using EPS safe key and management interface security related information, secure connection relevant information, Y), wherein, KDF is predetermined key derivation algorithm, Y is optional parameters, described optional parameters comprises one of following: the parameter that described RN and network side are shared, the random number that described RN or described network side generate, wherein, described management interface security related information comprises one of following: the Transport Layer Security TLS set up with management interface is connected, procotol fail safe IPsec connects, the security parameter that SSL SSL connects, described EPS safe key comprises: intermediate key K
aSMEor the Access Layer AS key using described intermediate key to generate and/or Non-Access Stratum NAS key,
Binding module, carries out key bindings for using described key K _ RN as one of following: new intermediate key; New AS layer and/or new NAS layer key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010507955.8A CN101977378B (en) | 2010-09-30 | 2010-09-30 | Information transferring method, network side and via node |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010507955.8A CN101977378B (en) | 2010-09-30 | 2010-09-30 | Information transferring method, network side and via node |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101977378A CN101977378A (en) | 2011-02-16 |
| CN101977378B true CN101977378B (en) | 2015-08-12 |
Family
ID=43577218
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010507955.8A Expired - Fee Related CN101977378B (en) | 2010-09-30 | 2010-09-30 | Information transferring method, network side and via node |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101977378B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102724102B (en) | 2011-03-29 | 2015-04-08 | 华为技术有限公司 | Method and apparatus for establishing connection with network management system and communication system |
| CN103929740B (en) * | 2013-01-15 | 2017-05-10 | 中兴通讯股份有限公司 | Safe data transmission method and LTE access network system |
| CN104754575B (en) | 2013-12-31 | 2018-07-31 | 华为技术有限公司 | A kind of method, apparatus and system of terminal authentication |
| WO2018000590A1 (en) | 2016-07-01 | 2018-01-04 | 华为技术有限公司 | Security negotiation method, security functional entity, core network element, and user equipment |
| WO2018120150A1 (en) * | 2016-12-30 | 2018-07-05 | 华为技术有限公司 | Method and apparatus for connection between network entities |
| CN109936444B (en) * | 2017-12-18 | 2021-07-09 | 华为技术有限公司 | Key generation method and device |
| CN115604337A (en) * | 2021-06-28 | 2023-01-13 | 网联清算有限公司(Cn) | Communication connection establishing method and device, electronic equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101500229A (en) * | 2008-01-30 | 2009-08-05 | 华为技术有限公司 | Method for establishing security association and communication network system |
| CN101500230A (en) * | 2008-01-30 | 2009-08-05 | 华为技术有限公司 | Method for establishing security association and communication network system |
-
2010
- 2010-09-30 CN CN201010507955.8A patent/CN101977378B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101500229A (en) * | 2008-01-30 | 2009-08-05 | 华为技术有限公司 | Method for establishing security association and communication network system |
| CN101500230A (en) * | 2008-01-30 | 2009-08-05 | 华为技术有限公司 | Method for establishing security association and communication network system |
Non-Patent Citations (1)
| Title |
|---|
| 7.1 Relay Node Securities;ZTE;《3GPP TSG-SA3 (Security) Meeting –SA3 Ad Hoc S3-101063》;20100929;第1节至第2节,图1 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101977378A (en) | 2011-02-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210135878A1 (en) | Authentication Mechanism for 5G Technologies | |
| US20230353379A1 (en) | Authentication Mechanism for 5G Technologies | |
| CN109417709B (en) | Method and system for authenticating access in a mobile wireless network system | |
| US10887295B2 (en) | System and method for massive IoT group authentication | |
| CN101945387B (en) | The binding method of a kind of access layer secret key and equipment and system | |
| CN101931955B (en) | Authentication method, device and system | |
| CN101945386B (en) | A kind of method and system realizing safe key synchronous binding | |
| CN101931953B (en) | Generate the method and system with the safe key of apparatus bound | |
| CN101977378B (en) | Information transferring method, network side and via node | |
| CN102823282B (en) | Key authentication method for binary CDMA | |
| US8605908B2 (en) | Method and device for obtaining security key in relay system | |
| CN101951590B (en) | Authentication method, device and system | |
| CN105764052A (en) | TD-LTE authentication and protective encryption method | |
| US10412056B2 (en) | Ultra dense network security architecture method | |
| CN102595403A (en) | Authentication method and authentication device for relay node binding |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150812 Termination date: 20200930 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |