CN111132157B - Key processing method, device, base station and storage medium - Google Patents
Key processing method, device, base station and storage medium Download PDFInfo
- Publication number
- CN111132157B CN111132157B CN201911416024.4A CN201911416024A CN111132157B CN 111132157 B CN111132157 B CN 111132157B CN 201911416024 A CN201911416024 A CN 201911416024A CN 111132157 B CN111132157 B CN 111132157B
- Authority
- CN
- China
- Prior art keywords
- key
- base station
- root key
- cell information
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0433—Key management protocols
Abstract
The application relates to a key processing method, a device, a base station and a storage medium, wherein an auxiliary base station receives a root key of User Equipment (UE) sent by a main base station; then, according to the cell information and the root key of the cell established by the auxiliary base station, acquiring a target root key of the UE; finally, the cell information is sent to the UE; the cell information is used for indicating the UE to obtain a target root key according to the cell information and the root key of the UE, and calculating an auxiliary bearing key according to the target root key. By adopting the method, the risk of the attack of the auxiliary bearing key is reduced, and the safety performance of the system is improved.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a key processing method, a device, a base station, and a storage medium.
Background
In existing network deployments, deployment of fifth generation mobile communication technology (5 th generation mobile networks, abbreviated as 5G) will be an unavoidable trend. Before the 5G has not been fully popularized, in order to enable the terminal in the transition period to enjoy the high-speed data service experience brought by the 5G, a hybrid networking mode is generally adopted, that is, a networking mode in which a 4G base station is used as a Master base station (MN) and a 5G base station is used as a Secondary base Station (SN). In the hybrid networking mode, the terminal can transmit higher-efficiency and safer data through the 5G base station, so that it is important to establish a safe auxiliary bearer for the terminal.
In the traditional method, a main base station calculates a main bearing key and an auxiliary bearing key according to information of a terminal, and then the auxiliary bearing key is transmitted to an auxiliary base station through an auxiliary bearing adding request, so that the auxiliary base station can calculate a corresponding integrity protection key and an encryption key according to the auxiliary bearing key, and carry out integrity protection and encryption on data transmitted through the auxiliary bearing.
However, in the case where the security protection of the primary base station is broken, there is a security risk for the secondary bearer established on the secondary base station.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a key processing method, apparatus, base station, and storage medium.
A key processing method is applied to an auxiliary base station in a hybrid networking system, and comprises the following steps:
receiving a root key of User Equipment (UE) sent by a main base station;
acquiring a target root key of the UE according to the cell information and the root key of the cell established by the auxiliary base station;
transmitting the cell information to the UE; the cell information is used for indicating the UE to obtain a target root key according to the cell information and the root key of the UE, and calculating an auxiliary bearing key according to the target root key.
In one embodiment, the cell information includes a cell frequency; obtaining a target root key of the UE according to the cell information and the root key of the cell established by the auxiliary base station, wherein the method comprises the following steps:
and inputting the cell frequency and the root key into a preset algorithm model to obtain a target root key of the UE.
In one embodiment, the method further comprises:
and receiving a plurality of key algorithm types supported by the UE transmitted by the main base station.
In one embodiment, the method further comprises:
selecting a target key algorithm type from a plurality of key algorithm types;
and calculating the auxiliary bearing key of the UE according to the target root key and the target key algorithm type.
In one embodiment, selecting the target key algorithm type from the plurality of key algorithm types includes:
selecting an alternative key algorithm type matched with the key algorithm type supported by the auxiliary base station from a plurality of key algorithm types;
and selecting the candidate key algorithm type with the highest algorithm level as the target key algorithm type based on the preset algorithm level of each candidate key algorithm type from the candidate key algorithm types.
In one embodiment, the root key and the plurality of key algorithm types are carried in an auxiliary bearer addition request sent by the primary base station to the auxiliary base station.
In one embodiment, the sending the cell information to the UE includes:
sending an auxiliary bearer addition request response to the main base station; the auxiliary bearer addition request response carries the target key algorithm type and the cell information and is used for indicating the main base station to transmit the target key algorithm type and the cell information to the UE.
A key processing method is applied to a main base station in a hybrid networking system, and comprises the following steps:
transmitting a root key of User Equipment (UE) to an auxiliary base station; the root key is used for indicating the auxiliary base station to obtain a target root key of the UE according to the root key and the cell information of the auxiliary base station;
receiving cell information sent by an auxiliary base station; the cell information is used for indicating the UE to obtain a target root key according to the cell information and the root key of the UE, and calculating an auxiliary bearing key according to the target root key.
In one embodiment, the method further comprises:
transmitting a plurality of key algorithm types supported by the UE to the auxiliary base station; the plurality of key algorithm types are used for indicating the auxiliary base station to select a target key algorithm type from the plurality of key algorithm types; and calculating the auxiliary bearing key of the UE according to the root key and the target key algorithm type.
A key processing apparatus, said apparatus comprising:
the receiving module is used for receiving a root key of User Equipment (UE) sent by the main base station;
the acquisition module is used for acquiring a target root key of the UE according to the cell information and the root key of the cell established by the auxiliary base station;
a transmitting module, configured to transmit cell information to a UE; the cell information is used for indicating the UE to obtain a target root key according to the cell information and the root key of the UE, and calculating an auxiliary bearing key according to the target root key.
A key processing apparatus, said apparatus comprising:
a sending module, configured to send a root key of a user equipment UE to a secondary base station; the root key is used for indicating the auxiliary base station to obtain a target root key of the UE according to the root key and the cell information of the auxiliary base station;
the receiving module is used for receiving the cell information sent by the auxiliary base station; the cell information is used for indicating the UE to obtain a target root key according to the cell information and the root key of the UE, and calculating an auxiliary bearing key according to the target root key.
A base station comprising a memory storing a computer program and a processor implementing the steps of the key processing method when the processor executes the computer program.
A computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the key processing method described above.
The key processing method, the device, the base station and the storage medium, wherein the auxiliary base station receives the root key of the User Equipment (UE) sent by the main base station; then, according to the cell information and the root key of the cell established by the auxiliary base station, acquiring a target root key of the UE; finally, the cell information is sent to the UE; the cell information is used for indicating the UE to obtain a target root key according to the cell information and the root key of the UE, and calculating an auxiliary bearing key according to the target root key. The auxiliary base station receives the root key sent by the main base station and acquires a target root key of the UE according to the root key and the cell information of the cell established by the auxiliary base station, so that an auxiliary bearing key can be acquired based on the target root key; further, the auxiliary base station sends the cell information to the UE, so that the UE can calculate a target root key and an auxiliary bearing key according to the cell information, and therefore the UE and the auxiliary base station can perform security encryption on data transmitted in the auxiliary bearing through the same auxiliary bearing key; because the main base station does not participate in the calculation of the target root key of the UE and the calculation of the auxiliary bearing key, the auxiliary bearing key cannot be leaked under the condition that the security protection of the main base station is destroyed, so that the risk of the attack of the auxiliary bearing key is reduced, and the security performance of the system is improved.
Drawings
FIG. 1 is a diagram of an application environment for a key processing method in one embodiment;
FIG. 2 is a flow diagram of a key processing method in one embodiment;
FIG. 3 is a flow chart of a key processing method according to another embodiment;
FIG. 4 is a flow chart of a key processing method according to another embodiment;
FIG. 5 is a flow chart of a key processing method according to another embodiment;
FIG. 6 is a flow chart of a key processing method according to another embodiment;
FIG. 7 is a block diagram of a key processing device in one embodiment;
FIG. 8 is a block diagram of a key processing device in one embodiment;
FIG. 9 is a block diagram of a key processing device in one embodiment;
FIG. 10 is a block diagram of a key processing device in one embodiment;
fig. 11 is an internal structural diagram of a base station in one embodiment.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
The key processing method provided by the application can be applied to an application environment shown in figure 1. The UE300 is connected to the primary base station 100 and the secondary base station 200 through a dual connectivity networking manner. The UE300 may be, but is not limited to, various personal computers, notebook computers, smart phones, tablet computers, portable wearable devices, and the like. The above-mentioned main base station 100 and auxiliary base station 200 may be, but not limited to, base station devices of macro base station, micro base station, small base station, etc., evolved base station (Evolutional Node B, abbreviated eNB or eNodeB) in LTE, relay station or access point, base station in 5G network, customer premise equipment (Customer Premise Equipment, abbreviated CPE), etc., which are not limited herein.
In one embodiment, as shown in fig. 2, a key processing method is provided, which is illustrated by taking an example that the method is applied to the secondary base station 200 in fig. 1, and includes:
s101, receiving a root key of User Equipment (UE) sent by a main base station.
The root key may be obtained by the master base station from the core network. For example, the UE transmits a random access request to the master base station, and the master base station then delivers the random access request to the core network. The core network can determine which UE needs to access the main base station based on the random access request, calculate the root key of the UE according to the identification information of the UE carried in the random access request, and send the root key to the main base station through a context establishment request; the root key may be a root key of the UE stored in the master base station, and is not limited thereto.
Specifically, the secondary base station may receive the configuration message sent by the primary base station to obtain the root key, or may receive the root key through other instructions, which is not limited herein.
Optionally, the secondary base station may also receive multiple key algorithm types supported by the UE sent by the primary base station.
The key algorithm is an algorithm for converting data plaintext into data ciphertext according to a key, and the UE can support multiple types of key algorithms in the network of the same communication system. For example, in the LTE system, the type of key algorithm supported by the UE may be AES algorithm or KASUMI algorithm; in the 5G system, the key algorithm supported by the UE can comprise the key algorithm type in the legacy LTE system, and also can comprise a new algorithm type added in the 5G protocol.
The key algorithm type may be obtained from a core network by a master base station, for example, when the core network calculates a root key of a UE, the security capability of the master base station of the UE under the network where the master base station is located and the security capability of the slave base station of the UE under the network where the slave base station is located may be obtained. The security capability of the main base station carries a plurality of key algorithm types supported by the UE under the network of the main base station; the security capability of the auxiliary base station carries a plurality of key algorithm types supported by the UE under the network of the auxiliary base station. Further, the core network may send the above-mentioned primary base station security capability and secondary base station security capability to the primary base station together with the root key of the UE through a context establishment request. The primary base station may send the secondary base station security capability of the UE to the secondary base station.
Specifically, the secondary base station may receive the root key and the key algorithm type of the UE at the same time, or may receive the root key and the key algorithm type of the UE through different signaling, which is not limited herein.
S102, acquiring a target root key of the UE according to the cell information and the root key of the cell established by the auxiliary base station.
After the auxiliary bearer receives the root key kenb of the UE, the target root key kenb may be evolved according to the root key and the cell information of the cell established by the auxiliary base station. Further, the secondary base station may obtain the secondary bearer key of the UE according to the target root key, so as to encrypt data transferred in the secondary bearer. Since the primary base station does not participate in the calculation of the kenb, the kenb calculated by the secondary base station cannot be obtained, that is, the primary base station cannot obtain the secondary bearer key calculated by the secondary base station.
The cell information may be a cell frequency or a cell identifier, which is not limited herein.
Optionally, when calculating the target root key, the secondary base station may input the cell frequency and the root key into a preset algorithm model to obtain the target root key of the UE.
S103, transmitting the cell information to the UE; the cell information is used for indicating the UE to obtain a target root key according to the cell information and the root key of the UE, and calculating an auxiliary bearing key according to the target root key.
On the basis of the above steps, the auxiliary base station can send the cell information used in calculating the target root key to the UE, so that the UE can perform the same evolution process according to the received cell information and the root key stored by itself to obtain the target root key and the auxiliary bearer key.
Specifically, the secondary base station may add cell information to a reconfiguration message of the UE and then transmit the reconfiguration message to the primary base station through instruction transfer with the primary base station. After receiving the instruction sent by the secondary base station, the primary base station can send the reconfiguration message carrying the cell information to the UE without any processing of the reconfiguration message, so that the cell information in the reconfiguration message is invisible to the primary base station.
After the UE receives the reconfiguration message, the cell information in the reconfiguration message can be extracted, and a target root key of the UE is calculated according to the cell information and the root key stored in the UE; further, the UE may calculate a secondary bearer key with the secondary base station based on the target root key.
The auxiliary bearer key may include an integrity protection key and an encryption key. The integrity protection key can be used for carrying out integrity protection on data transmitted in the auxiliary bearer, so that data loss is avoided. The encryption key can be used for encrypting the data transmitted in the auxiliary bearer, so that the data security is ensured.
In the key processing method, the auxiliary base station receives the root key of the User Equipment (UE) sent by the main base station; then, according to the cell information and the root key of the cell established by the auxiliary base station, acquiring a target root key of the UE; finally, the cell information is sent to the UE; the cell information is used for indicating the UE to obtain a target root key according to the cell information and the root key of the UE, and calculating an auxiliary bearing key according to the target root key. The auxiliary base station receives the root key sent by the main base station and acquires a target root key of the UE according to the root key and the cell information of the cell established by the auxiliary base station, so that an auxiliary bearing key can be acquired based on the target root key; further, the auxiliary base station sends the cell information to the UE, so that the UE can calculate a target root key and an auxiliary bearing key according to the cell information, and therefore the UE and the auxiliary base station can perform security encryption on data transmitted in the auxiliary bearing through the same auxiliary bearing key; because the main base station does not participate in the calculation of the target root key of the UE and the calculation of the auxiliary bearing key, the auxiliary bearing key cannot be leaked under the condition that the security protection of the main base station is destroyed, so that the risk of the attack of the auxiliary bearing key is reduced, and the security performance of the system is improved.
Fig. 3 is a flow chart of a key processing method in an embodiment, where the embodiment relates to a manner in which a secondary base station obtains a secondary bearer key, and on the basis of the above embodiment, as shown in fig. 3, the method further includes:
s201, selecting a target key algorithm type from a plurality of key algorithm types.
After receiving the multiple key algorithm types of the UE, the secondary base station may select a target key algorithm type from the multiple key algorithm types to obtain a secondary bearer key corresponding to the UE.
Specifically, the secondary base station may randomly select one key algorithm type from a plurality of key algorithm types, or may select one key algorithm type according to a preset rule, and the selection manner is not limited herein.
In addition, the main base station can also select a key algorithm type from the security capability of the main base station, and calculate a main bearing key according to the key algorithm type and the root key of the UE; and transmitting the selected key algorithm type to the UE so that the UE can calculate the primary bearer key. After the master base station and the UE both obtain the master bearer key, the data transferred in the master bearer may be encrypted.
S202, calculating an auxiliary bearing key of the UE according to the target root key and the target key algorithm type.
After the secondary base station obtains the target key algorithm type, the secondary bearer key of the UE may be calculated according to the target root key and the target key algorithm type. Specifically, the auxiliary base station may substitute the target root key, the target key algorithm type, the identifier of the auxiliary base station cell to which the UE is to be connected, and the service frequency of the auxiliary base station cell into a preset calculation formula, and calculate the auxiliary bearer key.
According to the key processing method, the auxiliary base station calculates the auxiliary bearing key according to the target root key and the selected target key algorithm type, so that the auxiliary bearing key can be safer.
Fig. 4 is a flow chart of a key processing method in an embodiment, which relates to a manner in which a secondary base station selects a target key algorithm type, and on the basis of the above embodiment, as shown in fig. 4, the above S201 includes:
s301, selecting an alternative key algorithm type matched with the key algorithm type supported by the auxiliary base station from a plurality of key algorithm types.
Specifically, when the auxiliary base station selects the target key algorithm type, the auxiliary base station can match a plurality of key algorithm types supported by the UE with the key algorithm types supported by the auxiliary base station, so as to obtain an alternative key algorithm type supported by the UE and the auxiliary base station simultaneously. For example, the plurality of key algorithm types supported by the UE received by the secondary base station are A1, A2, and A3, and among the above key algorithm types, the secondary base station supports only A2 and A3, and thus, the secondary base station can determine A2 and A3 as alternative key algorithm types.
S302, selecting the candidate key algorithm type with the highest algorithm level as a target key algorithm type based on the preset algorithm level of each candidate key algorithm type in the candidate key algorithm types.
Further, the secondary base station may obtain a preset algorithm level of each candidate key algorithm type, and according to the candidate key algorithm type with the highest selection algorithm level, the candidate key algorithm type is the target key algorithm type.
The preset algorithm level may be a system calibration level, or may be a level determined by sorting based on the key length of the algorithm, which is not limited herein.
According to the key processing method, the auxiliary base station selects the target key algorithm type according to the preset algorithm level, so that the auxiliary base station and the UE can obtain the auxiliary bearing key based on the key algorithm type of the high level, and the data security in the auxiliary bearing is further improved.
In an embodiment, a manner of transferring a root key and multiple key algorithm types between a secondary base station and a primary base station is related, and on the basis of the foregoing embodiment, the secondary base station may receive a secondary bearer addition request sent by the primary base station when receiving the root key and multiple key algorithm types sent by the primary base station. The root key and the multiple key algorithm types are carried in an auxiliary bearer addition request sent to the auxiliary base station by the main base station.
Correspondingly, when the auxiliary base station sends the target key algorithm type and the cell information to the UE through the main base station, an auxiliary bearer addition request response can be sent to the main base station; the auxiliary bearer addition request response carries cell information and a target key algorithm type and is used for indicating the main base station to transparently transmit the cell information and the target key algorithm type to the UE.
According to the key processing method, the spoke base station receives the auxiliary bearer establishment request sent by the main base station to acquire the root key supported by the UE and the multiple key algorithm types, so that the auxiliary bearer key can be directly determined when the auxiliary bearer is established, and the safety performance of the system is improved.
In one embodiment, as shown in fig. 5, a key processing method is provided, which is illustrated by taking as an example that the method is applied to the master base station 100 in fig. 1, and includes:
s401, transmitting a root key of User Equipment (UE) to a secondary base station; the root key is used for indicating the auxiliary base station to obtain the target root key of the UE according to the root key and the cell information of the auxiliary base station.
S402, receiving cell information sent by an auxiliary base station; the cell information is used for indicating the UE to obtain a target root key according to the cell information and the root key of the UE, and calculating an auxiliary bearing key according to the target root key.
In one embodiment, the primary base station also transmits to the secondary base station a plurality of key algorithm types supported by the UE; the plurality of key algorithm types are used for indicating the auxiliary base station to select a target key algorithm type from the plurality of key algorithm types, so that the UE calculates an auxiliary bearing key according to the root key and the target key algorithm type.
In one embodiment, the root key and the plurality of key algorithm types are carried in a secondary bearer addition request sent by the primary base station to the secondary base station.
In one embodiment, when the primary base station receives the cell information and the target key algorithm type sent by the secondary base station, the primary base station may receive a secondary bearer addition request response sent by the secondary base station; the auxiliary bearer addition request response carries cell information and a target key algorithm type and is used for indicating the main base station to transparently transmit the cell information and the target key algorithm type to the UE.
The implementation principle and technical effects of the key processing method in the above embodiment are similar to those of the embodiments corresponding to fig. 2 to 4, and are not described herein again.
In one embodiment, a key processing method is provided, as shown in fig. 6, including:
s501, a main base station sends a plurality of key algorithm types supported by User Equipment (UE) and a root key of the UE to an auxiliary base station through an auxiliary bearer addition request;
s502, an auxiliary base station receives a plurality of key algorithm types supported by User Equipment (UE) and a root key of the UE, wherein the key algorithm types are carried in an auxiliary bearer addition request sent by a main base station;
s503, the auxiliary base station acquires a target root key of the UE according to the cell information and the root key of the established cell;
s504, the auxiliary base station selects a target key algorithm type from a plurality of key algorithm types;
s505, the auxiliary base station calculates an auxiliary bearing key of the UE according to the target root key and the target key algorithm type;
s506, the auxiliary base station sends an auxiliary bearer addition request response to the main base station, wherein the auxiliary bearer addition request response carries the target key algorithm type and the cell information;
s507, the main base station receives an auxiliary bearer addition request response sent by the auxiliary base station;
and S508, the main base station transparently transmits the target key algorithm type and the cell information to the UE.
The implementation principle and technical effects of the key processing method in the above embodiment are similar to those of the embodiments corresponding to fig. 2 to 5, and are not described herein again.
It should be understood that, although the steps in the flowcharts of fig. 2-6 are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps of fig. 2-6 may include multiple sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, nor does the order in which the sub-steps or stages are performed necessarily occur in sequence, but may be performed alternately or alternately with at least a portion of other steps or sub-steps or stages of other steps.
In one embodiment, as shown in fig. 7, there is provided a key processing apparatus including: a receiving module 110, an acquiring module 120, and a transmitting module 130, wherein:
a receiving module 110, configured to receive a root key of a user equipment UE sent by a master base station;
an obtaining module 120, configured to obtain a target root key of the UE according to cell information and a root key of a cell established by the secondary base station;
a transmitting module 130, configured to transmit cell information to a UE; the cell information is used for indicating the UE to obtain a target root key according to the cell information and the root key of the UE, and calculating an auxiliary bearing key according to the target root key.
The key processing device provided by the embodiment of the application can realize the method embodiment, and the implementation principle and the technical effect are similar, and are not repeated here.
In one embodiment, the cell information includes a cell frequency based on the above embodiment; the obtaining module 120 is specifically configured to: and inputting the cell frequency and the root key into a preset algorithm model to obtain a target root key of the UE.
In one embodiment, on the basis of the above embodiment, the receiving module 110 is further configured to: and receiving a plurality of key algorithm types supported by the UE transmitted by the main base station.
In one embodiment, on the basis of the above embodiment, as shown in fig. 8, the above apparatus further includes:
a selection module 140, configured to select a target key algorithm type from a plurality of key algorithm types;
the calculating module 150 is configured to calculate a secondary bearer key of the UE according to the target root key and the target key algorithm type.
In one embodiment, based on the above embodiment, as shown in fig. 9, the selecting module 140 includes:
an alternative unit 1401, configured to select, from a plurality of key algorithm types, an alternative key algorithm type that matches a key algorithm type supported by the secondary base station;
a selecting unit 1402, configured to select, among the candidate key algorithm types, a candidate key algorithm type with a highest algorithm level as a target key algorithm type based on a preset algorithm level of each candidate key algorithm type.
In one embodiment, the root key and the plurality of key algorithm types are carried in a secondary bearer addition request sent by the primary base station to the secondary base station on the basis of the above embodiment.
In one embodiment, based on the foregoing embodiment, the sending module 130 is specifically configured to: sending an auxiliary bearer addition request response to the main base station; the auxiliary bearer addition request response carries the target key algorithm type and the cell information and is used for indicating the main base station to transmit the target key algorithm type and the cell information to the UE.
The key processing device provided by the embodiment of the application can realize the method embodiment, and the implementation principle and the technical effect are similar, and are not repeated here.
In one embodiment, as shown in fig. 10, there is provided a key processing apparatus including: a transmitting module 210 and a receiving module 220, wherein:
a sending module 210, configured to send a root key of a user equipment UE to a secondary base station; the root key is used for indicating the auxiliary base station to obtain a target root key of the UE according to the root key and the cell information of the auxiliary base station;
a receiving module 220, configured to receive cell information sent by the secondary base station; the cell information is used for indicating the UE to obtain a target root key according to the cell information and the root key of the UE, and calculating an auxiliary bearing key according to the target root key.
The key processing device provided by the embodiment of the application can realize the method embodiment, and the implementation principle and the technical effect are similar, and are not repeated here.
In one embodiment, on the basis of the foregoing embodiment, the foregoing sending module 210 is further configured to: transmitting a plurality of key algorithm types supported by the UE to the auxiliary base station; the plurality of key algorithm types are used for indicating the auxiliary base station to select a target key algorithm type from the plurality of key algorithm types, so that the UE calculates an auxiliary bearing key according to the root key and the target key algorithm type.
The key processing device provided by the embodiment of the application can realize the method embodiment, and the implementation principle and the technical effect are similar, and are not repeated here.
For specific limitations of the key processing apparatus, reference may be made to the above limitations of the key processing method, and no further description is given here. The respective modules in the above-described key processing apparatus may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a base station is provided, which may be a server, and the internal structure of which may be as shown in fig. 11. The base station includes a processor, memory, network interface, and database connected by a system bus. Wherein the processor of the base station is configured to provide computing and control capabilities. The memory of the base station comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the base station is used to store key processing data. The network interface of the base station is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a key processing method.
It will be appreciated by those skilled in the art that the structure shown in fig. 11 is merely a block diagram of a portion of the structure associated with the present inventive arrangements and is not limiting of the base station to which the present inventive arrangements are applied, and that a particular base station may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a base station is provided, comprising a memory and a processor, the memory having stored therein a computer program, the processor, when executing the computer program, performing the steps of:
receiving a root key of User Equipment (UE) sent by a main base station;
acquiring a target root key of the UE according to the cell information and the root key of the cell established by the auxiliary base station;
transmitting the cell information to the UE; the cell information is used for indicating the UE to obtain a target root key according to the cell information and the root key of the UE, and calculating an auxiliary bearing key according to the target root key.
In one embodiment, the cell information includes a cell frequency; the processor when executing the computer program also implements the steps of: and inputting the cell frequency and the root key into a preset algorithm model to obtain a target root key of the UE.
In one embodiment, the processor when executing the computer program further performs the steps of: and receiving a plurality of key algorithm types supported by the UE transmitted by the main base station.
In one embodiment, the processor when executing the computer program further performs the steps of: selecting a target key algorithm type from a plurality of key algorithm types; and calculating the auxiliary bearing key of the UE according to the target root key and the target key algorithm type.
In one embodiment, the processor when executing the computer program further performs the steps of: selecting an alternative key algorithm type matched with the key algorithm type supported by the auxiliary base station from a plurality of key algorithm types; and selecting the candidate key algorithm type with the highest algorithm level as the target key algorithm type based on the preset algorithm level of each candidate key algorithm type from the candidate key algorithm types.
In one embodiment, the root key and the plurality of key algorithm types are carried in a secondary bearer addition request sent by the primary base station to the secondary base station.
In one embodiment, the processor when executing the computer program further performs the steps of: sending an auxiliary bearer addition request response to the main base station; the auxiliary bearer addition request response carries the target key algorithm type and the cell information and is used for indicating the main base station to transmit the target key algorithm type and the cell information to the UE.
In one embodiment, the processor when executing the computer program further performs the steps of: transmitting a root key of User Equipment (UE) to an auxiliary base station; the root key is used for indicating the auxiliary base station to obtain a target root key of the UE according to the root key and the cell information of the auxiliary base station;
receiving cell information sent by an auxiliary base station; the cell information is used for indicating the UE to obtain a target root key according to the cell information and the root key of the UE, and calculating an auxiliary bearing key according to the target root key.
In one embodiment, the processor when executing the computer program further performs the steps of: transmitting a plurality of key algorithm types supported by the UE to the auxiliary base station; the plurality of key algorithm types are used for indicating the auxiliary base station to select a target key algorithm type from the plurality of key algorithm types, so that the UE calculates an auxiliary bearing key according to the root key and the target key algorithm type.
The base station provided in this embodiment has similar implementation principles and technical effects to those of the above method embodiments, and will not be described herein.
In one embodiment, a computer readable storage medium is provided having a computer program stored thereon, which when executed by a processor, performs the steps of:
receiving a root key of User Equipment (UE) sent by a main base station;
acquiring a target root key of the UE according to the cell information and the root key of the cell established by the auxiliary base station;
transmitting the cell information to the UE; the cell information is used for indicating the UE to obtain a target root key according to the cell information and the root key of the UE, and calculating an auxiliary bearing key according to the target root key.
In one embodiment, the cell information includes a cell frequency; the computer program when executed by the processor also performs the steps of: and inputting the cell frequency and the root key into a preset algorithm model to obtain a target root key of the UE.
In one embodiment, the computer program when executed by the processor further performs the steps of: and receiving a plurality of key algorithm types supported by the UE transmitted by the main base station.
In one embodiment, the computer program when executed by the processor further performs the steps of: selecting a target key algorithm type from a plurality of key algorithm types; and calculating the auxiliary bearing key of the UE according to the target root key and the target key algorithm type.
In one embodiment, the computer program when executed by the processor further performs the steps of: selecting an alternative key algorithm type matched with the key algorithm type supported by the auxiliary base station from a plurality of key algorithm types; and selecting the candidate key algorithm type with the highest algorithm level as the target key algorithm type based on the preset algorithm level of each candidate key algorithm type from the candidate key algorithm types.
In one embodiment, the root key and the plurality of key algorithm types are carried in a secondary bearer addition request sent by the primary base station to the secondary base station.
In one embodiment, the computer program when executed by the processor further performs the steps of: sending an auxiliary bearer addition request response to the main base station; the auxiliary bearer addition request response carries the target key algorithm type and the cell information and is used for indicating the main base station to transmit the target key algorithm type and the cell information to the UE.
In one embodiment, the computer program when executed by the processor further performs the steps of: transmitting a root key of User Equipment (UE) to an auxiliary base station; the root key is used for indicating the auxiliary base station to obtain a target root key of the UE according to the root key and the cell information of the auxiliary base station;
receiving cell information sent by an auxiliary base station; the cell information is used for indicating the UE to obtain a target root key according to the cell information and the root key of the UE, and calculating an auxiliary bearing key according to the target root key.
In one embodiment, the computer program when executed by the processor further performs the steps of: transmitting a plurality of key algorithm types supported by the UE to the auxiliary base station; the plurality of key algorithm types are used for indicating the auxiliary base station to select a target key algorithm type from the plurality of key algorithm types, so that the UE calculates an auxiliary bearing key according to the root key and the target key algorithm type.
The computer readable storage medium provided in this embodiment has similar principles and technical effects to those of the above method embodiment, and will not be described herein.
Those skilled in the art will appreciate that implementing all or part of the above-described methods may be accomplished by way of a computer program, which may be stored on a non-transitory computer readable storage medium and which, when executed, may comprise the steps of the above-described embodiments of the methods. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The foregoing examples illustrate only a few embodiments of the application, which are described in detail and are not to be construed as limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of protection of the present application is to be determined by the appended claims.
Claims (12)
1. The key processing method is characterized by being applied to a secondary base station in a hybrid networking system and comprising the following steps of:
receiving a root key of User Equipment (UE) sent by a main base station;
acquiring a target root key of the UE according to the cell information of the cell established by the auxiliary base station and the root key, and acquiring an auxiliary bearing key of the UE according to the target root key of the UE;
adding the cell information into a reconfiguration message carrying the cell information and sending the reconfiguration message to the UE; the cell information is used for indicating the UE to obtain the target root key according to the cell information and the root key of the UE, and calculating an auxiliary bearing key according to the target root key; the auxiliary bearing key comprises an integrity protection key and an encryption key;
the cell information comprises a cell frequency; the obtaining the target root key of the UE according to the cell information of the cell established by the secondary base station and the root key includes:
and inputting the cell frequency and the root key into a preset algorithm model to obtain a target root key of the UE.
2. The key processing method according to claim 1, characterized in that the method further comprises:
and receiving a plurality of key algorithm types supported by the UE and transmitted by the main base station.
3. The key processing method according to claim 2, characterized in that the method further comprises:
selecting a target key algorithm type from the plurality of key algorithm types;
and calculating the auxiliary bearing key of the UE according to the target root key and the target key algorithm type.
4. A key processing method according to claim 3, wherein selecting a target key algorithm type from the plurality of key algorithm types comprises:
selecting an alternative key algorithm type matched with the key algorithm type supported by the auxiliary base station from the plurality of key algorithm types;
and selecting the candidate key algorithm type with the highest algorithm level as the target key algorithm type based on the preset algorithm level of each candidate key algorithm type in the candidate key algorithm types.
5. The key processing method according to claim 3 or 4, wherein the root key and the plurality of key algorithm types are carried in a secondary bearer addition request sent by the primary base station to the secondary base station.
6. The key processing method according to claim 5, wherein the adding the cell information to a reconfiguration message carrying the cell information is sent to the UE, and comprises:
sending an auxiliary bearer addition request response to the main base station; the auxiliary bearer addition request response carries the target key algorithm type and the cell information and is used for indicating the main base station to transparently transmit the target key algorithm type and the cell information to the UE.
7. A key processing method, wherein the method is applied to a master base station in a hybrid networking system, and comprises:
transmitting a root key of User Equipment (UE) to an auxiliary base station; the root key is used for indicating the auxiliary base station to obtain a target root key of the UE according to the root key and the cell information of the auxiliary base station, and obtaining an auxiliary bearing key of the UE according to the target root key of the UE;
receiving the cell information added to the reconfiguration message carrying the cell information, which is sent by the auxiliary base station; the cell information is used for indicating the UE to obtain the target root key according to the cell information and the root key of the UE, and calculating an auxiliary bearing key according to the target root key; the auxiliary bearing key comprises an integrity protection key and an encryption key;
the cell information comprises a cell frequency; the obtaining the target root key according to the cell information and the root key of the UE includes:
and inputting the cell frequency and the root key into a preset algorithm model to obtain a target root key of the UE.
8. The key processing method according to claim 7, wherein the method further comprises:
transmitting a plurality of key algorithm types supported by the UE to the auxiliary base station; the plurality of key algorithm types are used for indicating the auxiliary base station to select a target key algorithm type from the plurality of key algorithm types, so that the UE calculates an auxiliary bearing key according to the root key and the target key algorithm type.
9. A key processing apparatus, the apparatus comprising:
the receiving module is used for receiving a root key of User Equipment (UE) sent by the main base station;
the acquisition module is used for acquiring a target root key of the UE according to the cell information of the cell established by the auxiliary base station and the root key, and acquiring an auxiliary bearing key of the UE according to the target root key of the UE;
a sending module, configured to add the cell information to a reconfiguration message carrying the cell information, and send the reconfiguration message to the UE; the cell information is used for indicating the UE to obtain the target root key according to the cell information and the root key of the UE, and calculating an auxiliary bearing key according to the target root key; the auxiliary bearing key comprises an integrity protection key and an encryption key;
the cell information comprises a cell frequency; the obtaining the target root key of the UE according to the cell information of the cell established by the secondary base station and the root key includes:
and inputting the cell frequency and the root key into a preset algorithm model to obtain a target root key of the UE.
10. A key processing apparatus, the apparatus comprising:
a sending module, configured to send a root key of a user equipment UE to a secondary base station; the root key is used for indicating the auxiliary base station to obtain a target root key of the UE according to the root key and the cell information of the auxiliary base station, and obtaining an auxiliary bearing key of the UE according to the target root key of the UE;
the receiving module is used for receiving the cell information which is sent by the auxiliary base station and added into the reconfiguration message carrying the cell information; the cell information is used for indicating the UE to obtain the target root key according to the cell information and the root key of the UE, and calculating an auxiliary bearing key according to the target root key; the auxiliary bearing key comprises an integrity protection key and an encryption key;
the cell information comprises a cell frequency; the obtaining the target root key according to the cell information and the root key of the UE includes: and inputting the cell frequency and the root key into a preset algorithm model to obtain a target root key of the UE.
11. A base station comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 8 when the computer program is executed.
12. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911416024.4A CN111132157B (en) | 2019-12-31 | 2019-12-31 | Key processing method, device, base station and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911416024.4A CN111132157B (en) | 2019-12-31 | 2019-12-31 | Key processing method, device, base station and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111132157A CN111132157A (en) | 2020-05-08 |
| CN111132157B true CN111132157B (en) | 2023-08-18 |
Family
ID=70506797
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911416024.4A Active CN111132157B (en) | 2019-12-31 | 2019-12-31 | Key processing method, device, base station and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111132157B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016074444A1 (en) * | 2014-11-13 | 2016-05-19 | 中兴通讯股份有限公司 | Key updating method, device and primary transmission point (tp) |
| CN108282836A (en) * | 2017-01-06 | 2018-07-13 | 展讯通信(上海)有限公司 | Auxiliary base station switch method, device and base station |
| CN108377548A (en) * | 2016-10-12 | 2018-08-07 | 中国电信股份有限公司 | A kind of motion management method, UE and communication system |
| WO2018212539A1 (en) * | 2017-05-15 | 2018-11-22 | Samsung Electronics Co., Ltd. | Apparatus and method for managing security keys in wireless communication system |
| CN109041143A (en) * | 2017-08-31 | 2018-12-18 | 华为技术有限公司 | Communication means, device and system |
| CN109565719A (en) * | 2016-08-03 | 2019-04-02 | 瑞典爱立信有限公司 | Method, equipment and the computer program changed for main plot |
| CN109565727A (en) * | 2016-08-13 | 2019-04-02 | 高通股份有限公司 | Method and apparatus for prothetic group station mobility |
-
2019
- 2019-12-31 CN CN201911416024.4A patent/CN111132157B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016074444A1 (en) * | 2014-11-13 | 2016-05-19 | 中兴通讯股份有限公司 | Key updating method, device and primary transmission point (tp) |
| CN109565719A (en) * | 2016-08-03 | 2019-04-02 | 瑞典爱立信有限公司 | Method, equipment and the computer program changed for main plot |
| CN109565727A (en) * | 2016-08-13 | 2019-04-02 | 高通股份有限公司 | Method and apparatus for prothetic group station mobility |
| CN108377548A (en) * | 2016-10-12 | 2018-08-07 | 中国电信股份有限公司 | A kind of motion management method, UE and communication system |
| CN108282836A (en) * | 2017-01-06 | 2018-07-13 | 展讯通信(上海)有限公司 | Auxiliary base station switch method, device and base station |
| WO2018212539A1 (en) * | 2017-05-15 | 2018-11-22 | Samsung Electronics Co., Ltd. | Apparatus and method for managing security keys in wireless communication system |
| CN109041143A (en) * | 2017-08-31 | 2018-12-18 | 华为技术有限公司 | Communication means, device and system |
Non-Patent Citations (1)
| Title |
|---|
| S3-140026;HUAWEI;《3GPP TSG SA WG3 (Security) Meeting #74》;20140130;第1-7页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111132157A (en) | 2020-05-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110099104B (en) | File transmission method, system and storage medium | |
| EP2309698B1 (en) | Exchange of key material | |
| US11665535B2 (en) | Method, apparatus, and system for dual-connectivity communication | |
| US20170359719A1 (en) | Key generation method, device, and system | |
| CN108605225B (en) | Safety processing method and related equipment | |
| EP2813098A1 (en) | A fast-accessing method and apparatus | |
| WO2014134786A1 (en) | Key interaction method and device | |
| CN101237444B (en) | Secret key processing method, system and device | |
| WO2018219181A1 (en) | Method and device for determining identifier of terminal device | |
| CN107801187B (en) | Encryption and decryption method, device and system | |
| US11275852B2 (en) | Security procedure | |
| CN109428853B (en) | Communication method and related equipment | |
| US20240098488A1 (en) | Communication channel management methods and apparatuses | |
| US20220338002A1 (en) | Security key generation in wireless networks | |
| CN111194032B (en) | Communication method and device thereof | |
| US20190149326A1 (en) | Key obtaining method and apparatus | |
| CN109417470B (en) | Key agreement method and device | |
| CN111132157B (en) | Key processing method, device, base station and storage medium | |
| CN114765502A (en) | Message processing method and device, terminal and network side equipment | |
| CN110830421B (en) | Data transmission method and device | |
| US20190158282A1 (en) | Optimized security key refresh procedure for 5g mc | |
| CN113472626B (en) | Data message transmission method, electronic device and storage medium | |
| CN102026184B (en) | Authentication method, authentication system and relevant device | |
| CN112350824B (en) | Key distribution method, system and computer equipment in data sharing exchange | |
| CN113766494A (en) | Key obtaining method and device, user equipment and network side equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20210803 Address after: 510663 Shenzhou Road 10, Guangzhou Science City, Guangzhou economic and Technological Development Zone, Guangzhou, Guangdong Applicant after: Jingxin Network System Co.,Ltd. Address before: 510730, No. 6, Jin Lu, Guangzhou economic and Technological Development Zone, Guangdong, Guangzhou Applicant before: COMBA TELECOM TECHNOLOGY (GUANGZHOU) Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |