CN101022647B - Realizing method and device for determining safe consultation parameter in switching process - Google Patents
Realizing method and device for determining safe consultation parameter in switching process Download PDFInfo
- Publication number
- CN101022647B CN101022647B CN2006100035951A CN200610003595A CN101022647B CN 101022647 B CN101022647 B CN 101022647B CN 2006100035951 A CN2006100035951 A CN 2006100035951A CN 200610003595 A CN200610003595 A CN 200610003595A CN 101022647 B CN101022647 B CN 101022647B
- Authority
- CN
- China
- Prior art keywords
- negotiation parameter
- security negotiation
- target
- message
- portable terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
A method for confirming safety consultation parameter in switching over process includes confirming that switch-over is occurred on mobile terminal by service base station of mobile terminal then sending safety consultation parameter information corresponding said mobile terminal to object base station by service base station to let switched-over object base station obtain mobile terminal safety consultation parameter obtained by consultation of service base station.
Description
Technical field
The present invention relates to wireless communication technology field, relate in particular to a kind of hand-off process technology that relates to the security negotiation parameter.
Background technology
In wireless communication system, because the mobility of portable terminal makes it move to another base station coverage area through regular meeting from a base station coverage area.For this reason, need in communication system, realize corresponding handoff process.
In the hand-off process flow process, still can carry out communication service safely for guaranteeing the portable terminal after the switching, just need in handoff procedure, corresponding security information be passed to target BS from serving BS, at present, the security information that needs to transmit in handoff procedure comprises: the content in the content in the context of authorization key, the context of Security Association.
As can be seen, in existing handoff procedure, from passing to the security information of target BS, serving BS do not comprise the security negotiation parameter.
Described security negotiation parameter is to be determined by common negotiation of portable terminal and base station in the process of subscribing to the platform basic capability negotiating, wherein specifically comprises: information such as the version support of IKMP, delegated strategy support, message authentication code modes, packet number window size.
At present, when portable terminal when a base station switches to a target BS, subscribe to the platform basic capability negotiation process and can omit and do not do.If target BS omit to be subscribed to the platform basic capability negotiation process, then target BS through consultation process obtain corresponding security negotiation parameter.
But owing to the algorithm of the direct and follow-up secure communication of eating dishes without rice or wine of described security negotiation parameter is selected to have closely to get in touch, therefore, target BS still needs to obtain corresponding security negotiation parameter in order to continue secure communication with portable terminal.
Yet, also do not have a kind of feasible implementation can guarantee can get access to corresponding security negotiation parameter information reliably at present, thereby make that the communication performance after switching can't reliably be guaranteed at the back target BS that switches.
Summary of the invention
The purpose of this invention is to provide implementation method and the device of determining the security negotiation parameter in a kind of handoff process, make the target BS after switching can get access to the security negotiation parameter information of former serving BS reliably, thus the reliability of communication procedure after having guaranteed to switch.
The objective of the invention is to be achieved through the following technical solutions:
The invention provides the implementation method of determining the security negotiation parameter in a kind of handoff process, comprising:
The serving BS of A, portable terminal determines that portable terminal switches;
B, serving BS send to target BS with the security negotiation parameter information of this portable terminal correspondence.
Described security negotiation parameter comprises: message authentication code modes.
Described security negotiation parameter also comprises: the version support information of delegated strategy support, IKMP and/or packet number window size.
Described steps A also comprises:
Serving BS is determined to omit in the handoff procedure subscription platform basic capability negotiation process and maybe can't be determined whether to omit when subscribing to the platform basic capability negotiation process execution in step B.
Described step B specifically comprises:
The message of the message of serving BS by handoff preparation phase, switch step or the message of unusual handoff procedure send to target BS with the security negotiation parameter information of portable terminal correspondence.
Described step B comprises:
Serving BS sends handoff request message to candidate target base station, is carrying described security negotiation parameter information in the message;
Perhaps,
The switch indicating information that serving BS is sent according to portable terminal, and send switch acknowledgment message to target BS according to the identifier of the target BS that carries in the message, carrying described security negotiation parameter information in the message;
Perhaps,
After target BS receives the paging request message of portable terminal, send Information Request to serving BS, serving BS is carried on the security negotiation parameter information of correspondence according to the identifier of the portable terminal in the Information Request and replies to target BS in the session information response message.
The present invention also provides the implement device of determining the security negotiation parameter in a kind of handoff process, comprising:
Handoff procedure is confirmed module: be used to confirm whether portable terminal switches, and trigger security negotiation parameter sending module in the back that switches;
Security negotiation parameter sending module: the security negotiation parameter information that is used for the portable terminal correspondence that will switch sends to target BS, and described security negotiation parameter comprises message authentication code modes.
Described device also comprises by handoff procedure affirmation module determines the identification module that portable terminal switches and afterwards triggers, be used for discerning portable terminal and whether omit subscription platform basic capability negotiation process, and after confirming to omit subscription platform basic capability negotiation process, trigger security negotiation parameter sending module at handoff procedure.
Described security negotiation parameter sending module is specially:
Handoff request message processing module: be used in handoff preparation phase, the security negotiation parameter is carried in the handoff request message that sends to target BS, and send;
Perhaps,
Switch acknowledgment message processing module: be used in switch step, the security negotiation parameter is carried in the switch acknowledgment message that sends to target BS, and send;
Perhaps,
Session information response message processing module: be used for the security negotiation parameter being carried in the session information response message that sends to target BS, and sending at unusual handoff procedure.
As seen from the above technical solution provided by the invention; the invention enables target BS after switching can get access to the security negotiation parameter information of former serving BS reliably; thereby guaranteed to switch the version that the back target BS can correctly be selected IKMP; selected message integrity protection algorithm correctly; use correct window value effectively to prevent Replay Attack; with the assurance reliability of communication procedure, and make that the realization of handoff procedure is more reasonable.
Description of drawings
Fig. 1 is the specific implementation schematic diagram one of method of the present invention;
Fig. 2 is the specific implementation schematic diagram two of method of the present invention;
Fig. 3 is the specific implementation schematic diagram three of method of the present invention;
Fig. 4 is the specific implementation schematic diagram four of method of the present invention;
Fig. 5 is the specific implementation structural representation of device of the present invention.
Embodiment
The present invention is to provide in wireless network, switch after, target BS is determined the technological means of corresponding security negotiation parameter, specifically be to send the security negotiation parameter to target BS by serving BS, make and on a last base station, consult the security negotiation parameter of coming out, can on target BS, continued to use after the switching, thereby make the reliability of communication procedure after switching be guaranteed.
Wherein, need be comprised by the security negotiation parameter of serving BS to the target BS transmission: message authentication code modes simultaneously, also comprises alternatively: the version support information of delegated strategy support, IKMP, packet number window size.
In communication network, during the portable terminal initial access network, need consult the security negotiation parameter in the process of subscribing to the platform basic capability negotiating, described security negotiation parameter comprises: the version support of IKMP, delegated strategy support, message authentication code modes and packet number window size; And described security negotiation parameter can be configured on the base station.
Among the present invention, when portable terminal switches between different base stations, if show in the handover optimization indication parameter to omit and subscribe to the platform basic capability negotiation process, then show after the switching can't be again through consultation process generate corresponding security negotiation parameter, just need that for this reason some or all security negotiation parameters of using are gone up in the base station (being serving BS) of portable terminal before switching and pass to new base station (being target BS), to guarantee the correct use of security negotiation parameter.
The present invention is in the specific implementation process, and corresponding processing mode is specially as shown in Figure 1:
When confirming to switch, serving BS then is transferred to target BS with the security negotiation parameter.The security negotiation parameter that must comprise in the parameter has: message authentication code modes comprises: the version support of delegated strategy support, IKMP and packet number window size information simultaneously alternatively.
Wherein, serving BS can initiatively send to target BS with described security negotiation parameter, also can send to target BS passively according to the request of target BS.
Among the present invention, described security negotiation parameter specifically can be carried in the different message and be transferred to target BS, for example, the session information response message of the switch acknowledgment message of the handoff request message of handoff preparation phase, switch step or unusual handoff procedure etc.
For ease of the understanding of the present invention, specific implementation provided by the invention is described in detail below in conjunction with accompanying drawing.
To describe specific implementation of the present invention with several specific embodiments below.
(1) embodiment one
In this embodiment, be to transmit described security negotiation parameter information by switching set-up procedure, specifically as shown in Figure 2, comprising:
Step 21: it is the switching set-up procedure of certain portable terminal that serving BS is judged current, and indication is omitted and is subscribed to the platform basic capability negotiation process in definite handoff procedure parameters optimization, then will send handoff request message, comprise the security negotiation parameter information of corresponding mobile terminal correspondence in this handoff request message to candidate target base station;
The security negotiation parameter that must comprise in the message has: message authentication code modes.Optional comprising: the version support of delegated strategy support, IKMP, packet number window size.
Step 22: after candidate target base station is received handoff request message, resolve and obtain described security negotiation parameter, simultaneously, also need to reply switching response message to serving BS.
(2) embodiment two
In this embodiment, be to transmit described security negotiation parameter information by switching the affirmation process, as shown in Figure 3, specifically comprise:
Step 31: portable terminal sends switch indicating information to serving BS, comprises the identifier of target BS in the described message;
Step 32: serving BS is judged the handoff procedure parameters optimization, to determine whether target BS has omitted subscription platform basic capability negotiation process: as if judging target BS omission subscription platform basic capability negotiation process or can't judging, then need in switch acknowledgment message, be with the security negotiation parameter, otherwise, need not in switch acknowledgment message, to carry described security negotiation parameter;
The security negotiation parameter that must comprise in the described switch acknowledgment message has: message authentication code modes simultaneously, also comprises alternatively: parameter informations such as the version support of delegated strategy support, IKMP and packet number window size.
(3) embodiment three
In this embodiment, be to transmit described security negotiation parameter information by the process of unusual switching, specifically as shown in Figure 4, comprising:
Step 41: portable terminal sends RNG-REQ (paging request) message to target BS;
Step 42: the target BS discovery is the RNG-REQ message after switching, and can send Information Request to serving BS, will have the identifier of portable terminal in the message;
Step 43: serving BS is replied session information response message to target BS, before replying session information response message, whether the handoff procedure parameters optimization that needs to judge target BS indicates the platform capability negotiation process of subscribing to of omitting, if can't judge or judge the platform capability negotiation process of subscribing to of omitting, then the security negotiation parameter should be carried in the described session information response message, otherwise, need not to carry;
The security negotiation parameter that must comprise in the described session information response message comprises: message authentication code modes, and comprise alternatively: parameter informations such as the version support of delegated strategy support, IKMP and packet number window size.
The present invention also provides the implement device of determining the security negotiation parameter in a kind of handoff process, and this device is arranged in the base station, and its specific implementation specifically comprises following functional module as shown in Figure 5:
(1) handoff procedure is confirmed module
This module is used for confirming whether portable terminal switches, and confirming to trigger identification module after portable terminal switches, described identification module is optional module, when omitting identification module, directly triggers security negotiation parameter sending module when then this module is confirmed to switch;
(2) identification module
This module is used for discerning portable terminal and whether omits subscription platform basic capability negotiation process at handoff procedure, and triggers security negotiation parameter sending module after confirming to omit subscription platform basic capability negotiation process;
(3) security negotiation parameter sending module
This module is used for the security negotiation parameter information of the portable terminal correspondence that switches under the serving BS is sent to target BS;
Owing to can by different message described security negotiation parameter be sent to target BS in the different stages, therefore, described security negotiation parameter sending module is specifically as follows following arbitrary module:
(31) handoff request message processing module
Be used in handoff preparation phase, the security negotiation parameter is carried in the handoff request message that sends to target BS, and send;
(32) switch acknowledgment message processing module
Be used in switch step, the security negotiation parameter is carried in the switch acknowledgment message that sends to target BS, and send;
(33) session information response message processing module
Be used for the security negotiation parameter being carried in the session information response message that sends to target BS, and sending at unusual handoff procedure.
In sum, the security negotiation parameter of consulting before the present invention can guarantee still can continue to use after portable terminal switches, thus guaranteed the reasonable realization of handoff process, and the reliability of communication procedure after switching.
The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (8)
1. determine the implementation method of security negotiation parameter in the handoff process, it is characterized in that, comprising:
The serving BS of A, portable terminal determines that portable terminal switches;
B, serving BS send to target BS with the security negotiation parameter information of this portable terminal correspondence, and described security negotiation parameter comprises message authentication code modes.
2. method according to claim 1 is characterized in that, described security negotiation parameter also comprises: the version support information of delegated strategy support, IKMP and/or packet number window size.
3. method according to claim 1 is characterized in that, described steps A also comprises:
Serving BS is determined to omit in the handoff procedure subscription platform basic capability negotiation process and maybe can't be determined whether to omit when subscribing to the platform basic capability negotiation process execution in step B.
4. according to claim 1,2 or 3 described methods, it is characterized in that described step B specifically comprises:
The message of the message of serving BS by handoff preparation phase, switch step or the message of unusual handoff procedure send to target BS with the security negotiation parameter information of portable terminal correspondence.
5. method according to claim 4 is characterized in that, described step B comprises:
Serving BS sends handoff request message to candidate target base station, is carrying described security negotiation parameter information in the message;
Perhaps,
The switch indicating information that serving BS is sent according to portable terminal, and send switch acknowledgment message to target BS according to the identifier of the target BS that carries in the message, carrying described security negotiation parameter information in the message;
Perhaps,
After target BS receives the paging request message of portable terminal, send Information Request to serving BS, serving BS is carried on the security negotiation parameter information of correspondence according to the identifier of the portable terminal in the Information Request and replies to target BS in the session information response message.
6. determine the implement device of security negotiation parameter in the handoff process, it is characterized in that, comprising:
Handoff procedure is confirmed module: be used to confirm whether portable terminal switches, and trigger security negotiation parameter sending module in the back that switches;
Security negotiation parameter sending module: the security negotiation parameter information that is used for the portable terminal correspondence that will switch sends to target BS, and described security negotiation parameter comprises message authentication code modes.
7. device according to claim 6, it is characterized in that, described device also comprises by handoff procedure affirmation module determines the identification module that portable terminal switches and afterwards triggers, be used for discerning portable terminal and whether omit subscription platform basic capability negotiation process, and after confirming to omit subscription platform basic capability negotiation process, trigger security negotiation parameter sending module at handoff procedure.
8. according to claim 6 or 7 described devices, it is characterized in that described security negotiation parameter sending module is specially:
Handoff request message processing module: be used in handoff preparation phase, the security negotiation parameter is carried in the handoff request message that sends to target BS, and send;
Perhaps,
Switch acknowledgment message processing module: be used in switch step, the security negotiation parameter is carried in the switch acknowledgment message that sends to target BS, and send;
Perhaps,
Session information response message processing module: be used for the security negotiation parameter being carried in the session information response message that sends to target BS, and sending at unusual handoff procedure.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2006100035951A CN101022647B (en) | 2006-02-15 | 2006-02-15 | Realizing method and device for determining safe consultation parameter in switching process |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2006100035951A CN101022647B (en) | 2006-02-15 | 2006-02-15 | Realizing method and device for determining safe consultation parameter in switching process |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101022647A CN101022647A (en) | 2007-08-22 |
| CN101022647B true CN101022647B (en) | 2010-09-08 |
Family
ID=38710271
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2006100035951A Active CN101022647B (en) | 2006-02-15 | 2006-02-15 | Realizing method and device for determining safe consultation parameter in switching process |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101022647B (en) |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101309500B (en) | 2007-05-15 | 2011-07-20 | 华为技术有限公司 | Security negotiation method and apparatus when switching between different wireless access technologies |
| CN103260161B (en) * | 2008-02-29 | 2016-01-27 | 华为技术有限公司 | A kind of method for evaluating security state of terminal, the network equipment and system |
| CN101741551B (en) * | 2008-11-07 | 2012-02-22 | 华为技术有限公司 | Method, network equipment, user equipment and communication system for ensuring forward security |
| CN101909337B (en) * | 2009-06-04 | 2014-08-13 | 中兴通讯股份有限公司 | Switching function-based information transmitting methods |
| CN101931977B (en) * | 2009-06-19 | 2013-07-10 | 电信科学技术研究院 | Method and device for optimizing ping-pong switching |
| CN101998529B (en) * | 2009-08-21 | 2014-06-11 | 中兴通讯股份有限公司 | Method and system for avoiding terminal capability from being narrowed after handover |
| CN101998527A (en) * | 2009-08-21 | 2011-03-30 | 中兴通讯股份有限公司 | Method and system for avoiding narrowing of terminal capability after controlled switching |
| CN102104926B (en) * | 2009-12-18 | 2014-05-07 | 华为技术有限公司 | Switching trigger method and device |
| CN102821384A (en) * | 2012-04-13 | 2012-12-12 | 中兴通讯股份有限公司 | Method and device for reestablishing wireless links |
| CN107277807B (en) * | 2013-12-27 | 2020-10-09 | 华为技术有限公司 | Security key context distribution method, mobile management entity and base station |
| CN106304143A (en) * | 2015-06-12 | 2017-01-04 | 中兴通讯股份有限公司 | Network resource optimization method based on terminal and device |
| US11121818B2 (en) * | 2016-07-22 | 2021-09-14 | Peraso Technologies Inc. | Method and apparatus for unsolicited block acknowledgements |
| CN110430064B (en) * | 2017-03-30 | 2020-12-04 | 腾讯科技(深圳)有限公司 | Block chain system, message processing method and storage medium |
| CN110958650B (en) * | 2018-09-26 | 2021-06-08 | 维沃移动通信有限公司 | User equipment capacity determination method and node |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6295452B1 (en) * | 1998-11-11 | 2001-09-25 | Lg Information & Communications, Ltd. | Mobile communication system that supports soft handoff between switching stations and method for implementing handoff |
| CN1337134A (en) * | 1999-01-08 | 2002-02-20 | 艾利森电话股份有限公司 | Reuse of security associations for improving hand-over performance |
| CN1481651A (en) * | 1999-11-23 | 2004-03-10 | ��˹��ŵ�� | Transfer of security association during mobile terminal handover |
-
2006
- 2006-02-15 CN CN2006100035951A patent/CN101022647B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6295452B1 (en) * | 1998-11-11 | 2001-09-25 | Lg Information & Communications, Ltd. | Mobile communication system that supports soft handoff between switching stations and method for implementing handoff |
| CN1337134A (en) * | 1999-01-08 | 2002-02-20 | 艾利森电话股份有限公司 | Reuse of security associations for improving hand-over performance |
| CN1481651A (en) * | 1999-11-23 | 2004-03-10 | ��˹��ŵ�� | Transfer of security association during mobile terminal handover |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101022647A (en) | 2007-08-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101022647B (en) | Realizing method and device for determining safe consultation parameter in switching process | |
| US8638936B2 (en) | Security protected non-access stratum protocol operation supporting method in a mobile telecommunication system | |
| CN1968534B (en) | A method for connection re-establishment in a mobile communication system | |
| CN102625302B (en) | Cipher key derivative method, equipment and system | |
| CN102196520B (en) | Leave over and advanced access service network internetworking | |
| CN102209321A (en) | Switching processing method, communication system and associated equipment | |
| CN102413568B (en) | Method and device for paging user equipment (UE) | |
| KR20120100473A (en) | Apparatus and method for controlling relay mode of base station in communication system | |
| EP2520109B1 (en) | Method for interworking among wireless technologies | |
| EP2432262B1 (en) | Method and system for switching station in centralized wlan when wpi is performed by access controller | |
| EP2209266B1 (en) | Optimization method of multiple service flows operation for wimax system | |
| CN101730171B (en) | Switching control method and switching control system | |
| CN101389131B (en) | Method and device for notifying redirection to terminal | |
| WO2007117824A2 (en) | Wireless data session handoff using location update message | |
| CN104507133A (en) | Voice switching method and device | |
| TWI279150B (en) | Authentication in a hybrid communications network | |
| CN101516121B (en) | Method for transmitting switching information of base station, system and device thereof | |
| KR100703291B1 (en) | Method for notifying according to converting of communication service in wireless terminal | |
| CN108235826B (en) | CSFB (Circuit switched Fall Back) fall result detection method and device and computer storage medium | |
| CN105813224A (en) | Communication device and wireless communication method with effciency | |
| CN1997213B (en) | Method for security information acquisition of the switched target base station in the wireless communication system | |
| CN108135018B (en) | CSFB (Circuit switched Fall Back) fall result detection method and device and computer storage medium | |
| CN110062427B (en) | Trusted service management method and device supporting wireless network switching and electronic equipment | |
| US20100067438A1 (en) | Communication method and, terminal apparatus and base station apparatus using the method | |
| CN101516084B (en) | Method and device for acquiring an address of an anchoring data channel functional entity |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |