CN101232736B - Method for setting initialization of cryptographic key existence counter among different access systems - Google Patents
Method for setting initialization of cryptographic key existence counter among different access systems Download PDFInfo
- Publication number
- CN101232736B CN101232736B CN2008100819296A CN200810081929A CN101232736B CN 101232736 B CN101232736 B CN 101232736B CN 2008100819296 A CN2008100819296 A CN 2008100819296A CN 200810081929 A CN200810081929 A CN 200810081929A CN 101232736 B CN101232736 B CN 101232736B
- Authority
- CN
- China
- Prior art keywords
- nas
- counter
- count
- key
- subscriber equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
An initialization setting method of a secret key expiry counting device for accessions to different systems is provided. When a user equipment (UE) moves from a UTRAN to an EUTRAN area and re-selects a cell, the value of START-NAS is initialized to the value of START and COUNT-NAS is initialized by employing the value of START-NAS, the cell-reselect request sent to the target MME contains the value of START-NAS. The target MME also employs START-NAS to initialize the value of COUNT-NAS. When a UE moves from a UTRAN to an EUTRAN area and re-selects the cell and receives a confirmation from target SGSN, a upper bit effective value of COUNT-NAS increases as much as one, which comes out as an initialized value of START. The invention avoids a security hole which the secret key expiry time is lengthened when the UE moves from the UTRAN to the EUTRAN area and re-selects the cell.
Description
Technical field
The present invention relates to moving communicating field, relate in particular to a kind of method that the cryptographic key existence counter among different access systems initialization is provided with that is used for.
Background technology
3GPP (3rd Generation Partnership Project; Third generation partner program) grouping system of evolution (Evolved Packet System; Be called for short EPS) by land radio access web (the Evolved UMTS Terrestrial Radio Access Network of evolution; Be called for short EUTRAN) and EPS core net (Evolved Packet Core is called for short EPC) composition.
Wherein, EPC comprises mobile management unit (MME, Mobility Management Entity), and mobile management unit is responsible for the processing of ambulant management, Non-Access Stratum signaling and the chain of command related works such as management of user security model.Wherein, MME preserves the root key K of EUTRAN
ASME(KeyAccess Security Management Entity, the secret key of access security management entity), and by K
ASMEThe Non-Access Stratum integrity protection key K that generates
NAS-int(Key Non Access Stratum integrity) and Confidentiality protection key K
NAS-enc(Key Non Access Stratum encryption).Also in store these three keys of while UE (User Equipment, subscriber equipment).Also there is a counter COUNT among UE and the MME
-NAS, responsible record has received key K
NAS-intAnd K
NAS-encNAS (Network Access Server, network access server) the signaling quantity of protection.COUNT
-NASValue two effects are arranged, one is the input parameter that is used for doing NAS layer integrity protection and Confidentiality protection, another one is to be used for strict restriction key K
ASMELife span, work as COUNT
-NASValue arrive family of power and influence's value that operator sets, UE and network side will trigger new Authentication and Key Agreement machine-processed (AKA, Authentication and key agreement) and produce new K
ASME, all EPS counters are changed to 0 simultaneously.When connecting, UE and MME use START
-NASValue come recording counter COUNT
-NASHigh Bit Significance.UE uses START
-NASCome count initialized device COUNT
-NAS, be about to START
-NASValue as COUNT
-NASThe value of high-order effective bit (MSB:Most Significance Bit, its concrete figure place is by standard definition) be high Bit Significance, break off when connecting, UE uses COUNT
-NAsThe value of high-order effective bit upgrade START
-NASValue.
3GPP UMTS (Universal Mobile Telecommunications System; UMTS) equipment of the management of responsible contextual management of mobility and/or user security model is SGSN (Serving GPRS Support Node, Serving GPRS Support Node) in the system.SGSN also is responsible for authentication UE, and generates key IK (Integrity Key, Integrity Key), CK (CipheringKey, encryption key).The connecting system of 3GPP UMTS system is UTRAN (UMTS TerrestrialRadio Access Network, a wireless access network).
UE also generates IK, CK simultaneously.In the PS territory, UE usage counter START record receives the signaling quantity of key IK and CK protection, when the family of power and influence who arrives setting when the value of START is worth; Make new AKA with triggering UE and SGSN, produce new IK, CK; The START value puts 0 simultaneously; Therefore at UMTS, counter START is the existence counter of key IK and CK, and its strictness has limited the life span of key.When connecting; UE and RNC (radio network controller; RadioNetwork Controller) or SGSN use the value of START to be used for the value of high-order effective bit of count initialized device COUNT-I and COUNT-C; When breaking off connection, UE uses the value of the high-order effective bit of COUNT-I and COUNT-C to upgrade the value of START.Wherein counter COUNT-I is the counter of network access server signaling quantity that writes down the Integrity Key IK protection of the land radio access web that receives evolution, and COUNT-C is the counter of network access server signaling quantity that writes down the encryption key IK protection of the land radio access web that receives evolution.
When UE moved to EUTRAN from UTRAN, UE and MME used IK and CK to produce K
-ASME, use COUNT simultaneously
-NASBe K
-ASMEExistence counter, IK and CK are called K
-ASMEFather's key, K
-ASMEThen be called CK, the sub-key of IK.When UE when EUTRAN transfers to UTRAN, UE and SGSN/RNC use K
-ASMEProduce key IK and CK, use START to limit CK simultaneously, the life span of IK, K
-ASMEThe father's key that is called IK and CK, IK and CK are K
-ASMESub-key.
Owing to when UE carries out district reselecting (TAU, Tracking AreaUpdate) between UTRAN and EUTRAN, do not have mandatory requirement to reuse AKA and carry out key updating, the sub-key that is produced by father's key may continue to use a period of time.
In the prior art; Between UTRAN and EUTRAN during district reselecting; The UE counter is not continued each other and add up, but directly the counter initial value is set to 0, so that behind the TAU; The life span that does not comprise his father's key the life cycle of key, the security breaches that cause key lifetimes to be extended.
Summary of the invention
The present invention provides a kind of initial setting method that is used for cryptographic key existence counter among different access systems, when initiating district reselecting to avoid UE between UTRAN and EUTRAN, to move, and the security breaches that key lifetimes is extended.
In order to solve the problems of the technologies described above; The invention provides a kind of initial setting method that is used for cryptographic key existence counter among different access systems; It is characterized in that; Subscriber equipment moves from the land radio access web of land radio access web to evolution, in the time of need carrying out district reselecting, carries out following steps:
Said subscriber equipment is the value of counter START with the value initialization of counter START-NAS, and usage counter START
-NASTo counter COUNT
-NASCarry out the initialization setting, in the cell re-selection request of sending, carry said counter START to the target mobile management unit
-NASValue;
After said target mobile management unit is received cell re-selection request, usage counter START
-NASTo counter COUNT
-NASCarry out the initialization setting;
Wherein, counter START is the Integrity Key IK of land radio access web and the existence counter of encryption key CK, counter COUNT
-NASIt is the Non-Access Stratum integrity protection key K that writes down the land radio access web that receives evolution
NAS-intWith the Confidentiality protection key K
NAS-encThe counter of the network access server signaling quantity of protection; Counter START
-NASBe recording counter COUNT
-NASThe counter of high Bit Significance.
Further, said method also can have following characteristics:
Said subscriber equipment and target mobile management unit usage counter START
-NASTo counter COUNT
-NASWhen carrying out initialization and being provided with, be with counter COUNT
-NASHigh Bit Significance be changed to counter START
-NASValue, all the other bit positions are 0.
Further, said method also can have following characteristics:
Said subscriber equipment is to counter COUNT
-NASAfter carrying out initialization and being provided with, also utilize the Integrity Key IK of land radio access web and the root key K that encryption key CK generates the land radio access web of evolution
ASMEBe access security managing entity key, Non-Access Stratum integrity protection key K
NAS-intWith the Confidentiality protection key K
NAS-enc, be used for the encryption of follow-up signaling.
Further, said method also can have following characteristics:
After said target mobile management unit is received cell re-selection request; Serving GPRS Support Node is sent out context request to the source; Said source Serving GPRS Support Node carries the Integrity Key and the encryption key of land radio access web in the context response of sending to said target mobile management unit, said target mobile management unit utilizes counter START again
-NASTo counter COUNT
-NASCarry out the initialization setting, and utilize said Integrity Key IK and encryption key CK to generate the root key K of the land radio access web of evolution
ASMEBe access security managing entity key, Non-Access Stratum integrity protection key K
NAS-intWith the Confidentiality protection key K
NAS-enc, be used for the encryption of follow-up signaling.
Further, said method also can have following characteristics:
Said target mobile management unit is to counter COUNT
-NASAfter carrying out initialization and being provided with, notify said subscriber equipment district reselecting to be accepted; After said subscriber equipment is received, send district reselecting to said target mobile management unit and accomplish message, the affirmation district reselecting is accomplished.
In order to solve the problems of the technologies described above; The present invention also provides a kind of initial setting method that is used for cryptographic key existence counter among different access systems; It is characterized in that; Subscriber equipment from the land radio access web of evolution landwards wireless access network move, in the time of need carrying out district reselecting, carry out following steps:
Said subscriber equipment sends cell re-selection request and gives the destination service GPRS Support Node, after receiving the district reselecting affirmation that said destination service GPRS Support Node is sent, with counter COUNT
-NASHigh Bit Significance add 1 at least after, as the initial value of counter START;
Wherein, counter START is the Integrity Key IK of land radio access web and the existence counter of encryption key CK, counter COUNT
-NASIt is the Non-Access Stratum integrity protection key K that writes down the land radio access web that receives evolution
NAS-intWith the Confidentiality protection key K
NAS-encThe counter of the network access server signaling quantity of protection.
Further, said method also can have following characteristics:
Said subscriber equipment is earlier with counter COUNT
-NASHigh Bit Significance add 1 at least after, compose to give counter START
-NAS, the value initialization with counter START is counter START then
-NASValue; Counter START wherein
-NASBe to be used for recording counter COUNT
-NASThe counter of high Bit Significance.
Further, said method also can have following characteristics:
Said subscriber equipment is earlier with counter COUNT
-NASHigh Bit Significance add 2 after, as the initial value of counter START.
Further, said method also can have following characteristics:
Said destination service GPRS Support Node sends context request to source mobile management unit after receiving that said subscriber equipment sends cell re-selection request; After said source mobile management unit is received, send context response to said destination service GPRS Support Node; Said destination service GPRS Support Node sends district reselecting to said subscriber equipment again to be confirmed, notifies its network acceptance area reselection request; Said subscriber equipment sends district reselecting to said target mobile management unit and accomplishes message after the initialization of accomplishing counter START is provided with, and the affirmation district reselecting is accomplished.
Further, said method also can have following characteristics:
In the process that the RRC that said subscriber equipment is initiated after district reselecting is accomplished connects; Said subscriber equipment and said destination service GPRS Support Node come count initialized device COUNT-I, COUNT-C with said START value again; Wherein COUNT-I is the counter of network access server signaling quantity that writes down the Integrity Key IK protection of the land radio access web that receives evolution, and COUNT-C is the counter of network access server signaling quantity that writes down the encryption key IK protection of the land radio access web that receives evolution.
The method of the invention is owing to adopt START and START
-NASContinue, and come the initialization associated counter, overcome in the prior art UE between UTRAN and EUTRAN during TAU, the safety defect that the key life cycle is extended with it.
Description of drawings
Fig. 1 moves to EUTRAN when carrying out TAU from UTRAN, the signaling process figure of UE counter initial setting method for embodiment of the invention UE;
Fig. 2 moves to UTRAN when carrying out TAU from EUTRAN, the signaling process figure of counter initial setting method for another embodiment of the present invention UE.
Embodiment
Design of the present invention is: UE moves between different access systems; In the time of district reselecting need being carried out, utilize the START value in the former connecting system, the START value in the initialization goal systems; And when connecting, use the counter in the START value initialization goal systems in the goal systems.
Aim to provide a kind of after UE carries out the TAU between UTRAN and the EUTRAN; The initial method of counter; Make the sub-key life cycle continue the life span of the preceding his father's key of TAU; And after the TAU success, continue the life span of sub-key that adds up, thereby avoid the life span of sub-key to be extended.
Below in conjunction with accompanying drawing and embodiment technical scheme according to the invention is described in detail.
First embodiment
Present embodiment be UE under idle condition, move to EUTRAN from UTRAN, in the time of need carrying out district reselecting, counter is carried out the method that initialization is provided with.Its signaling process is as shown in Figure 1, may further comprise the steps:
Step 101:UE is to START
-NASCarry out the initialization setting, make START
-NAS=START uses START then
-NASTo COUNT
-NASCarry out the initialization setting;
To COUNT
-NASWhen carrying out initialization and being provided with, be about to START
-NASValue as COUNT
-NASThe value of high-order effective bit, can be expressed as MSB (COUNT with formula
-NAS)=START
-NAS, COUNT
-NASAll the other bit positions be 0.
UE also need use IK and CK to generate K in this step
-ASME, K
NAS-intAnd K
NAS-enc, because need in follow-up TAU request, use this key to carry out integrity protection.
Step 102:UE sends out the TAU request to target MME, simultaneously with START
-NASIssue target MME;
Step 103: target MME sends out context request to source SGSN, and request source SGSN transmits IK, user profile such as CK;
Step 104: source SGSN sends out context response to target MME, and with CK, user related informations such as IK are passed to target MME;
Step 105: target MME uses START
-NASTo COUNT
-NASCarry out the initialization setting;
Here target MME also uses IK and CK to generate K
-ASME, K
NAS-intAnd K
NAS-enc, be used for the encipherment protection of subsequent message.
Step 106: target MME notifies UE, and TAU is accepted;
Step 107:UE sends out TAU and accomplishes message, confirms that TAU accomplishes.
Second embodiment
Present embodiment be UE under idle condition, move from EUTRAN and UTRAN, in the time of need carrying out TAU, counter is carried out the method that initialization is provided with.As shown in Figure 2, may further comprise the steps:
Step 201:UE sends out TAU and asks target SGSN;
Step 202: target SGSN send out context request to the source MME;
Step 203: source MME sends out context response to target SGSN;
Step 204: target SGSN is sent district reselecting to UE and is confirmed that notice UE network has been accepted TAU;
Step 205:UE is to START
-NASBe provided with, be about to COUNT
-NASThe value (being also referred to as high Bit Significance) of high-order effective bit add that 2 (also can add 1 here) backs composes and give START
-NAS, can be expressed as START
-NAS=MSB (COUNT
-NASInitialization, START=START are carried out to START then in)+2
-NAS
Step 206:UE sends out TAU and accomplishes acknowledge message.
When district reselecting, SGSN does not carry out the initialization setting to START, and after UE initiated the RRC connection, UE and SGSN used the COUNT-I of START value initialization, COUNT-C again.
From foregoing description, owing to adopt START and START
-NASContinue, and come the initialization associated counter, overcome in the prior art UE between UTRAN and EUTRAN during TAU, the safety defect that the key life cycle is extended with it.
The above is merely embodiments of the invention, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.All within spirit of the present invention and principle, any modification of being done, be equal to replacement, improvement etc., all should be included within the claim scope of the present invention.
Claims (12)
1. an initial setting method that is used for cryptographic key existence counter among different access systems is characterized in that, subscriber equipment moves from the land radio access web of land radio access web to evolution, in the time of need carrying out district reselecting, carries out following steps:
Said subscriber equipment is with counter START
-NASValue initialization be the value of counter START, and usage counter START
-NASTo counter COUNT
-NASCarry out the initialization setting, in the cell re-selection request of sending, carry said counter START to the target mobile management unit
-NASValue;
After said target mobile management unit is received cell re-selection request, usage counter START
-NASTo counter COUNT
-NASCarry out the initialization setting;
Wherein, counter START is the Integrity Key IK of land radio access web and the existence counter of encryption key CK, counter COUNT
-NASIt is the Non-Access Stratum integrity protection key K that writes down the land radio access web that receives evolution
NAS-intWith the Confidentiality protection key K
NAS-encThe counter of the network access server signaling quantity of protection; Counter START
-NASBe recording counter COUNT
-NASThe counter of high Bit Significance.
2. initial setting method as claimed in claim 1 is characterized in that:
Said subscriber equipment and target mobile management unit usage counter START
-NASTo counter COUNT
-NASWhen carrying out initialization and being provided with, be with counter COUNT
-NASHigh Bit Significance be changed to counter START
-NASValue, all the other bit positions are 0.
3. according to claim 1 or claim 2 initial setting method is characterized in that:
Said subscriber equipment is to counter COUNT
-NASAfter carrying out initialization and being provided with, also utilize the Integrity Key IK of land radio access web and the root key K that encryption key CK generates the land radio access web of evolution
ASMEBe access security managing entity key, Non-Access Stratum integrity protection key K
NAS-intWith the Confidentiality protection key K
NAS-enc, be used for the encryption of follow-up signaling.
4. initial setting method as claimed in claim 3 is characterized in that:
After said target mobile management unit is received cell re-selection request; Serving GPRS Support Node is sent out context request to the source; Said source Serving GPRS Support Node carries the Integrity Key and the encryption key of land radio access web in the context response of sending to said target mobile management unit, said target mobile management unit utilizes counter START again
-NASTo counter COUNT
-NASCarry out the initialization setting, and utilize said Integrity Key IK and encryption key CK to generate the root key K of the land radio access web of evolution
ASMEBe access security managing entity key, Non-Access Stratum integrity protection key K
NAS-intWith the Confidentiality protection key K
NAS-enc, be used for the encryption of follow-up signaling.
5. initial setting method as claimed in claim 1 is characterized in that:
Said target mobile management unit is to counter COUNT
-NASAfter carrying out initialization and being provided with, notify said subscriber equipment district reselecting to be accepted; After said subscriber equipment is received, send district reselecting to said target mobile management unit and accomplish message, the affirmation district reselecting is accomplished.
6. an initial setting method that is used for cryptographic key existence counter among different access systems is characterized in that, subscriber equipment from the land radio access web of evolution landwards wireless access network move, in the time of need carrying out district reselecting, carry out following steps:
Said subscriber equipment sends cell re-selection request and gives the destination service GPRS Support Node, after receiving the district reselecting affirmation that said destination service GPRS Support Node is sent, with counter COUNT
-NASHigh Bit Significance add 1 at least after, as the initial value of counter START;
Wherein, counter START is the Integrity Key IK of land radio access web and the existence counter of encryption key CK, counter COUNT
-NASIt is the Non-Access Stratum integrity protection key K that writes down the land radio access web that receives evolution
NAS-intWith the Confidentiality protection key K
NAS-encThe counter of the network access server signaling quantity of protection.
7. initial setting method as claimed in claim 6 is characterized in that:
Said subscriber equipment is earlier with counter COUNT
-NASHigh Bit Significance add 1 at least after, compose to give counter START
-NAS, the value initialization with counter START is counter START then
-NASValue; Counter START wherein
-NASBe to be used for recording counter COUNT
-NASThe counter of high Bit Significance.
8. like claim 6 or 7 described initial setting methods, it is characterized in that:
Said subscriber equipment is earlier with counter COUNT
-NASHigh Bit Significance add 2 after, as the initial value of counter START.
9. like claim 6 or 7 described initial setting methods, it is characterized in that:
Said destination service GPRS Support Node sends context request to source mobile management unit after receiving that said subscriber equipment sends cell re-selection request; After said source mobile management unit is received, send context response to said destination service GPRS Support Node; Said destination service GPRS Support Node sends district reselecting to said subscriber equipment again to be confirmed, notifies its network acceptance area reselection request; Said subscriber equipment sends district reselecting to the target mobile management unit and accomplishes message after the initialization of accomplishing counter START is provided with, and the affirmation district reselecting is accomplished.
10. initial setting method as claimed in claim 8 is characterized in that:
Said destination service GPRS Support Node sends context request to source mobile management unit after receiving that said subscriber equipment sends cell re-selection request; After said source mobile management unit is received, send context response to said destination service GPRS Support Node; Said destination service GPRS Support Node sends district reselecting to said subscriber equipment again to be confirmed, notifies its network acceptance area reselection request; Said subscriber equipment sends district reselecting to the target mobile management unit and accomplishes message after the initialization of accomplishing counter START is provided with, and the affirmation district reselecting is accomplished.
11., it is characterized in that like claim 6 or 7 described initial setting methods:
In the process that the RRC that said subscriber equipment is initiated after district reselecting is accomplished connects; Said subscriber equipment and said destination service GPRS Support Node come count initialized device COUNT-I, COUNT-C with said START value again; Wherein COUNT-I is the counter of network access server signaling quantity that writes down the Integrity Key IK protection of the land radio access web that receives evolution, and COUNT-C is the counter of network access server signaling quantity that writes down the encryption key CK protection of the land radio access web that receives evolution.
12. initial setting method as claimed in claim 8 is characterized in that:
In the process that the RRC that said subscriber equipment is initiated after district reselecting is accomplished connects; Said subscriber equipment and said destination service GPRS Support Node come count initialized device COUNT-I, COUNT-C with said START value again; Wherein COUNT-I is the counter of network access server signaling quantity that writes down the Integrity Key IK protection of the land radio access web that receives evolution, and COUNT-C is the counter of network access server signaling quantity that writes down the encryption key CK protection of the land radio access web that receives evolution.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2008100819296A CN101232736B (en) | 2008-02-22 | 2008-02-22 | Method for setting initialization of cryptographic key existence counter among different access systems |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2008100819296A CN101232736B (en) | 2008-02-22 | 2008-02-22 | Method for setting initialization of cryptographic key existence counter among different access systems |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101232736A CN101232736A (en) | 2008-07-30 |
CN101232736B true CN101232736B (en) | 2012-02-29 |
Family
ID=39898836
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2008100819296A Expired - Fee Related CN101232736B (en) | 2008-02-22 | 2008-02-22 | Method for setting initialization of cryptographic key existence counter among different access systems |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101232736B (en) |
Families Citing this family (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101409897B (en) * | 2008-10-31 | 2012-12-19 | 中兴通讯股份有限公司 | Control method and apparatus for counter |
CN101931951B (en) * | 2009-06-26 | 2012-11-07 | 华为技术有限公司 | Method, device and system for secret key deduction |
GB2472580A (en) * | 2009-08-10 | 2011-02-16 | Nec Corp | A system to ensure that the input parameter to security and integrity keys is different for successive LTE to UMTS handovers |
CN102025685B (en) * | 2009-09-21 | 2013-09-11 | 华为技术有限公司 | Authentication processing method and device |
US9197669B2 (en) | 2010-04-15 | 2015-11-24 | Qualcomm Incorporated | Apparatus and method for signaling enhanced security context for session encryption and integrity keys |
US9084110B2 (en) | 2010-04-15 | 2015-07-14 | Qualcomm Incorporated | Apparatus and method for transitioning enhanced security context from a UTRAN/GERAN-based serving network to an E-UTRAN-based serving network |
UA108099C2 (en) * | 2010-04-15 | 2015-03-25 | DEVICE AND METHOD OF SIGNALING ABOUT IMPROVED SECURITY CONTEXT FOR SESSION KEYS ENCRYPTION AND INTEGRITY | |
CN102845105B (en) | 2010-04-16 | 2016-03-16 | 高通股份有限公司 | For the apparatus and method shifted from the serving network node of support of enhanced security context to legacy service network node |
CN101835156B (en) * | 2010-05-21 | 2014-08-13 | 中兴通讯股份有限公司南京分公司 | Method and system for safeguarding user access |
CN102917350B (en) * | 2011-08-05 | 2015-12-02 | 华为技术有限公司 | Enable the method for safe key, access network node, subscriber equipment and system |
CN109922051B (en) * | 2013-09-11 | 2022-08-09 | 三星电子株式会社 | Method and system for enabling secure communication for inter-ENB transmission |
CN107579878B (en) * | 2017-09-19 | 2020-08-21 | 浙江明讯网络技术有限公司 | Signaling monitoring method and device |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6229806B1 (en) * | 1997-12-30 | 2001-05-08 | Motorola, Inc. | Authentication in a packet data system |
CN1404267A (en) * | 2002-10-01 | 2003-03-19 | 华中科技大学 | Safe network transmission method and system |
CN1564509A (en) * | 2004-03-23 | 2005-01-12 | 中兴通讯股份有限公司 | Key consaltation method in radio LAN |
-
2008
- 2008-02-22 CN CN2008100819296A patent/CN101232736B/en not_active Expired - Fee Related
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6229806B1 (en) * | 1997-12-30 | 2001-05-08 | Motorola, Inc. | Authentication in a packet data system |
CN1404267A (en) * | 2002-10-01 | 2003-03-19 | 华中科技大学 | Safe network transmission method and system |
CN1564509A (en) * | 2004-03-23 | 2005-01-12 | 中兴通讯股份有限公司 | Key consaltation method in radio LAN |
Also Published As
Publication number | Publication date |
---|---|
CN101232736A (en) | 2008-07-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101232736B (en) | Method for setting initialization of cryptographic key existence counter among different access systems | |
CN101232731B (en) | Method and system for UE to generate cryptographic key switching from UTRAN to EUTRAN | |
CN101715188B (en) | A kind of update method of air interface key and system | |
KR101102708B1 (en) | Methods and apparatus to implement non-access stratumnas security in a long term evolution wireless device | |
CN101257723A (en) | Method, apparatus and system for generating cipher key | |
CN201286113Y (en) | Wireless emission/receiving unit | |
CN101267668B (en) | Key generation method, Apparatus and system | |
CN101083839B (en) | Cipher key processing method for switching among different mobile access systems | |
EP3197191B1 (en) | Method and apparatuses for avoiding network security desynchronization | |
CN101304311A (en) | Method and system for generating cryptographic key | |
TW202037217A (en) | Apparatus and method for mobility procedure involving mobility management entity relocation | |
CN101483865A (en) | Cipher key replacing method, system and device | |
KR20130114561A (en) | Local security key update at a wireless communication device | |
CN101521873B (en) | Method for enabling local security context | |
WO2009152755A1 (en) | Method and system for generating an identity identifier of a key | |
CN102158855A (en) | Method of handling security in srvcc handover and related communication device | |
CN101925059A (en) | Method and system for generating keys in switching process | |
CN101299888B (en) | Cryptographic key generation method, switching method, mobile management entity and customer equipment | |
CN101478752B (en) | Cipher key replacing method, system and device | |
CN101552983A (en) | Key generating method, key generating device, mobile management entity and user equipment | |
CN101355507B (en) | Method and system for generating cipher key for updating tracking zonetime | |
CN101610507A (en) | A kind of method that inserts the 3G-WLAN internet | |
CN102264064A (en) | Method and system for synchronizing access stratum (AS) security algorithms | |
CN102572819A (en) | Method, device and system for generating secret key | |
CN101267670B (en) | An initialization setup method for secret key survival counter between different access systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120229 Termination date: 20180222 |
|
CF01 | Termination of patent right due to non-payment of annual fee |