CN101232736B - Method for setting initialization of cryptographic key existence counter among different access systems - Google Patents

Method for setting initialization of cryptographic key existence counter among different access systems Download PDF

Info

Publication number
CN101232736B
CN101232736B CN2008100819296A CN200810081929A CN101232736B CN 101232736 B CN101232736 B CN 101232736B CN 2008100819296 A CN2008100819296 A CN 2008100819296A CN 200810081929 A CN200810081929 A CN 200810081929A CN 101232736 B CN101232736 B CN 101232736B
Authority
CN
China
Prior art keywords
nas
counter
count
key
subscriber equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2008100819296A
Other languages
Chinese (zh)
Other versions
CN101232736A (en
Inventor
张旭武
甘露
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN2008100819296A priority Critical patent/CN101232736B/en
Publication of CN101232736A publication Critical patent/CN101232736A/en
Application granted granted Critical
Publication of CN101232736B publication Critical patent/CN101232736B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

An initialization setting method of a secret key expiry counting device for accessions to different systems is provided. When a user equipment (UE) moves from a UTRAN to an EUTRAN area and re-selects a cell, the value of START-NAS is initialized to the value of START and COUNT-NAS is initialized by employing the value of START-NAS, the cell-reselect request sent to the target MME contains the value of START-NAS. The target MME also employs START-NAS to initialize the value of COUNT-NAS. When a UE moves from a UTRAN to an EUTRAN area and re-selects the cell and receives a confirmation from target SGSN, a upper bit effective value of COUNT-NAS increases as much as one, which comes out as an initialized value of START. The invention avoids a security hole which the secret key expiry time is lengthened when the UE moves from the UTRAN to the EUTRAN area and re-selects the cell.

Description

The initial setting method that is used for cryptographic key existence counter among different access systems
Technical field
The present invention relates to moving communicating field, relate in particular to a kind of method that the cryptographic key existence counter among different access systems initialization is provided with that is used for.
Background technology
3GPP (3rd Generation Partnership Project; Third generation partner program) grouping system of evolution (Evolved Packet System; Be called for short EPS) by land radio access web (the Evolved UMTS Terrestrial Radio Access Network of evolution; Be called for short EUTRAN) and EPS core net (Evolved Packet Core is called for short EPC) composition.
Wherein, EPC comprises mobile management unit (MME, Mobility Management Entity), and mobile management unit is responsible for the processing of ambulant management, Non-Access Stratum signaling and the chain of command related works such as management of user security model.Wherein, MME preserves the root key K of EUTRAN ASME(KeyAccess Security Management Entity, the secret key of access security management entity), and by K ASMEThe Non-Access Stratum integrity protection key K that generates NAS-int(Key Non Access Stratum integrity) and Confidentiality protection key K NAS-enc(Key Non Access Stratum encryption).Also in store these three keys of while UE (User Equipment, subscriber equipment).Also there is a counter COUNT among UE and the MME -NAS, responsible record has received key K NAS-intAnd K NAS-encNAS (Network Access Server, network access server) the signaling quantity of protection.COUNT -NASValue two effects are arranged, one is the input parameter that is used for doing NAS layer integrity protection and Confidentiality protection, another one is to be used for strict restriction key K ASMELife span, work as COUNT -NASValue arrive family of power and influence's value that operator sets, UE and network side will trigger new Authentication and Key Agreement machine-processed (AKA, Authentication and key agreement) and produce new K ASME, all EPS counters are changed to 0 simultaneously.When connecting, UE and MME use START -NASValue come recording counter COUNT -NASHigh Bit Significance.UE uses START -NASCome count initialized device COUNT -NAS, be about to START -NASValue as COUNT -NASThe value of high-order effective bit (MSB:Most Significance Bit, its concrete figure place is by standard definition) be high Bit Significance, break off when connecting, UE uses COUNT -NAsThe value of high-order effective bit upgrade START -NASValue.
3GPP UMTS (Universal Mobile Telecommunications System; UMTS) equipment of the management of responsible contextual management of mobility and/or user security model is SGSN (Serving GPRS Support Node, Serving GPRS Support Node) in the system.SGSN also is responsible for authentication UE, and generates key IK (Integrity Key, Integrity Key), CK (CipheringKey, encryption key).The connecting system of 3GPP UMTS system is UTRAN (UMTS TerrestrialRadio Access Network, a wireless access network).
UE also generates IK, CK simultaneously.In the PS territory, UE usage counter START record receives the signaling quantity of key IK and CK protection, when the family of power and influence who arrives setting when the value of START is worth; Make new AKA with triggering UE and SGSN, produce new IK, CK; The START value puts 0 simultaneously; Therefore at UMTS, counter START is the existence counter of key IK and CK, and its strictness has limited the life span of key.When connecting; UE and RNC (radio network controller; RadioNetwork Controller) or SGSN use the value of START to be used for the value of high-order effective bit of count initialized device COUNT-I and COUNT-C; When breaking off connection, UE uses the value of the high-order effective bit of COUNT-I and COUNT-C to upgrade the value of START.Wherein counter COUNT-I is the counter of network access server signaling quantity that writes down the Integrity Key IK protection of the land radio access web that receives evolution, and COUNT-C is the counter of network access server signaling quantity that writes down the encryption key IK protection of the land radio access web that receives evolution.
When UE moved to EUTRAN from UTRAN, UE and MME used IK and CK to produce K -ASME, use COUNT simultaneously -NASBe K -ASMEExistence counter, IK and CK are called K -ASMEFather's key, K -ASMEThen be called CK, the sub-key of IK.When UE when EUTRAN transfers to UTRAN, UE and SGSN/RNC use K -ASMEProduce key IK and CK, use START to limit CK simultaneously, the life span of IK, K -ASMEThe father's key that is called IK and CK, IK and CK are K -ASMESub-key.
Owing to when UE carries out district reselecting (TAU, Tracking AreaUpdate) between UTRAN and EUTRAN, do not have mandatory requirement to reuse AKA and carry out key updating, the sub-key that is produced by father's key may continue to use a period of time.
In the prior art; Between UTRAN and EUTRAN during district reselecting; The UE counter is not continued each other and add up, but directly the counter initial value is set to 0, so that behind the TAU; The life span that does not comprise his father's key the life cycle of key, the security breaches that cause key lifetimes to be extended.
Summary of the invention
The present invention provides a kind of initial setting method that is used for cryptographic key existence counter among different access systems, when initiating district reselecting to avoid UE between UTRAN and EUTRAN, to move, and the security breaches that key lifetimes is extended.
In order to solve the problems of the technologies described above; The invention provides a kind of initial setting method that is used for cryptographic key existence counter among different access systems; It is characterized in that; Subscriber equipment moves from the land radio access web of land radio access web to evolution, in the time of need carrying out district reselecting, carries out following steps:
Said subscriber equipment is the value of counter START with the value initialization of counter START-NAS, and usage counter START -NASTo counter COUNT -NASCarry out the initialization setting, in the cell re-selection request of sending, carry said counter START to the target mobile management unit -NASValue;
After said target mobile management unit is received cell re-selection request, usage counter START -NASTo counter COUNT -NASCarry out the initialization setting;
Wherein, counter START is the Integrity Key IK of land radio access web and the existence counter of encryption key CK, counter COUNT -NASIt is the Non-Access Stratum integrity protection key K that writes down the land radio access web that receives evolution NAS-intWith the Confidentiality protection key K NAS-encThe counter of the network access server signaling quantity of protection; Counter START -NASBe recording counter COUNT -NASThe counter of high Bit Significance.
Further, said method also can have following characteristics:
Said subscriber equipment and target mobile management unit usage counter START -NASTo counter COUNT -NASWhen carrying out initialization and being provided with, be with counter COUNT -NASHigh Bit Significance be changed to counter START -NASValue, all the other bit positions are 0.
Further, said method also can have following characteristics:
Said subscriber equipment is to counter COUNT -NASAfter carrying out initialization and being provided with, also utilize the Integrity Key IK of land radio access web and the root key K that encryption key CK generates the land radio access web of evolution ASMEBe access security managing entity key, Non-Access Stratum integrity protection key K NAS-intWith the Confidentiality protection key K NAS-enc, be used for the encryption of follow-up signaling.
Further, said method also can have following characteristics:
After said target mobile management unit is received cell re-selection request; Serving GPRS Support Node is sent out context request to the source; Said source Serving GPRS Support Node carries the Integrity Key and the encryption key of land radio access web in the context response of sending to said target mobile management unit, said target mobile management unit utilizes counter START again -NASTo counter COUNT -NASCarry out the initialization setting, and utilize said Integrity Key IK and encryption key CK to generate the root key K of the land radio access web of evolution ASMEBe access security managing entity key, Non-Access Stratum integrity protection key K NAS-intWith the Confidentiality protection key K NAS-enc, be used for the encryption of follow-up signaling.
Further, said method also can have following characteristics:
Said target mobile management unit is to counter COUNT -NASAfter carrying out initialization and being provided with, notify said subscriber equipment district reselecting to be accepted; After said subscriber equipment is received, send district reselecting to said target mobile management unit and accomplish message, the affirmation district reselecting is accomplished.
In order to solve the problems of the technologies described above; The present invention also provides a kind of initial setting method that is used for cryptographic key existence counter among different access systems; It is characterized in that; Subscriber equipment from the land radio access web of evolution landwards wireless access network move, in the time of need carrying out district reselecting, carry out following steps:
Said subscriber equipment sends cell re-selection request and gives the destination service GPRS Support Node, after receiving the district reselecting affirmation that said destination service GPRS Support Node is sent, with counter COUNT -NASHigh Bit Significance add 1 at least after, as the initial value of counter START;
Wherein, counter START is the Integrity Key IK of land radio access web and the existence counter of encryption key CK, counter COUNT -NASIt is the Non-Access Stratum integrity protection key K that writes down the land radio access web that receives evolution NAS-intWith the Confidentiality protection key K NAS-encThe counter of the network access server signaling quantity of protection.
Further, said method also can have following characteristics:
Said subscriber equipment is earlier with counter COUNT -NASHigh Bit Significance add 1 at least after, compose to give counter START -NAS, the value initialization with counter START is counter START then -NASValue; Counter START wherein -NASBe to be used for recording counter COUNT -NASThe counter of high Bit Significance.
Further, said method also can have following characteristics:
Said subscriber equipment is earlier with counter COUNT -NASHigh Bit Significance add 2 after, as the initial value of counter START.
Further, said method also can have following characteristics:
Said destination service GPRS Support Node sends context request to source mobile management unit after receiving that said subscriber equipment sends cell re-selection request; After said source mobile management unit is received, send context response to said destination service GPRS Support Node; Said destination service GPRS Support Node sends district reselecting to said subscriber equipment again to be confirmed, notifies its network acceptance area reselection request; Said subscriber equipment sends district reselecting to said target mobile management unit and accomplishes message after the initialization of accomplishing counter START is provided with, and the affirmation district reselecting is accomplished.
Further, said method also can have following characteristics:
In the process that the RRC that said subscriber equipment is initiated after district reselecting is accomplished connects; Said subscriber equipment and said destination service GPRS Support Node come count initialized device COUNT-I, COUNT-C with said START value again; Wherein COUNT-I is the counter of network access server signaling quantity that writes down the Integrity Key IK protection of the land radio access web that receives evolution, and COUNT-C is the counter of network access server signaling quantity that writes down the encryption key IK protection of the land radio access web that receives evolution.
The method of the invention is owing to adopt START and START -NASContinue, and come the initialization associated counter, overcome in the prior art UE between UTRAN and EUTRAN during TAU, the safety defect that the key life cycle is extended with it.
Description of drawings
Fig. 1 moves to EUTRAN when carrying out TAU from UTRAN, the signaling process figure of UE counter initial setting method for embodiment of the invention UE;
Fig. 2 moves to UTRAN when carrying out TAU from EUTRAN, the signaling process figure of counter initial setting method for another embodiment of the present invention UE.
Embodiment
Design of the present invention is: UE moves between different access systems; In the time of district reselecting need being carried out, utilize the START value in the former connecting system, the START value in the initialization goal systems; And when connecting, use the counter in the START value initialization goal systems in the goal systems.
Aim to provide a kind of after UE carries out the TAU between UTRAN and the EUTRAN; The initial method of counter; Make the sub-key life cycle continue the life span of the preceding his father's key of TAU; And after the TAU success, continue the life span of sub-key that adds up, thereby avoid the life span of sub-key to be extended.
Below in conjunction with accompanying drawing and embodiment technical scheme according to the invention is described in detail.
First embodiment
Present embodiment be UE under idle condition, move to EUTRAN from UTRAN, in the time of need carrying out district reselecting, counter is carried out the method that initialization is provided with.Its signaling process is as shown in Figure 1, may further comprise the steps:
Step 101:UE is to START -NASCarry out the initialization setting, make START -NAS=START uses START then -NASTo COUNT -NASCarry out the initialization setting;
To COUNT -NASWhen carrying out initialization and being provided with, be about to START -NASValue as COUNT -NASThe value of high-order effective bit, can be expressed as MSB (COUNT with formula -NAS)=START -NAS, COUNT -NASAll the other bit positions be 0.
UE also need use IK and CK to generate K in this step -ASME, K NAS-intAnd K NAS-enc, because need in follow-up TAU request, use this key to carry out integrity protection.
Step 102:UE sends out the TAU request to target MME, simultaneously with START -NASIssue target MME;
Step 103: target MME sends out context request to source SGSN, and request source SGSN transmits IK, user profile such as CK;
Step 104: source SGSN sends out context response to target MME, and with CK, user related informations such as IK are passed to target MME;
Step 105: target MME uses START -NASTo COUNT -NASCarry out the initialization setting;
Here target MME also uses IK and CK to generate K -ASME, K NAS-intAnd K NAS-enc, be used for the encipherment protection of subsequent message.
Step 106: target MME notifies UE, and TAU is accepted;
Step 107:UE sends out TAU and accomplishes message, confirms that TAU accomplishes.
Second embodiment
Present embodiment be UE under idle condition, move from EUTRAN and UTRAN, in the time of need carrying out TAU, counter is carried out the method that initialization is provided with.As shown in Figure 2, may further comprise the steps:
Step 201:UE sends out TAU and asks target SGSN;
Step 202: target SGSN send out context request to the source MME;
Step 203: source MME sends out context response to target SGSN;
Step 204: target SGSN is sent district reselecting to UE and is confirmed that notice UE network has been accepted TAU;
Step 205:UE is to START -NASBe provided with, be about to COUNT -NASThe value (being also referred to as high Bit Significance) of high-order effective bit add that 2 (also can add 1 here) backs composes and give START -NAS, can be expressed as START -NAS=MSB (COUNT -NASInitialization, START=START are carried out to START then in)+2 -NAS
Step 206:UE sends out TAU and accomplishes acknowledge message.
When district reselecting, SGSN does not carry out the initialization setting to START, and after UE initiated the RRC connection, UE and SGSN used the COUNT-I of START value initialization, COUNT-C again.
From foregoing description, owing to adopt START and START -NASContinue, and come the initialization associated counter, overcome in the prior art UE between UTRAN and EUTRAN during TAU, the safety defect that the key life cycle is extended with it.
The above is merely embodiments of the invention, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.All within spirit of the present invention and principle, any modification of being done, be equal to replacement, improvement etc., all should be included within the claim scope of the present invention.

Claims (12)

1. an initial setting method that is used for cryptographic key existence counter among different access systems is characterized in that, subscriber equipment moves from the land radio access web of land radio access web to evolution, in the time of need carrying out district reselecting, carries out following steps:
Said subscriber equipment is with counter START -NASValue initialization be the value of counter START, and usage counter START -NASTo counter COUNT -NASCarry out the initialization setting, in the cell re-selection request of sending, carry said counter START to the target mobile management unit -NASValue;
After said target mobile management unit is received cell re-selection request, usage counter START -NASTo counter COUNT -NASCarry out the initialization setting;
Wherein, counter START is the Integrity Key IK of land radio access web and the existence counter of encryption key CK, counter COUNT -NASIt is the Non-Access Stratum integrity protection key K that writes down the land radio access web that receives evolution NAS-intWith the Confidentiality protection key K NAS-encThe counter of the network access server signaling quantity of protection; Counter START -NASBe recording counter COUNT -NASThe counter of high Bit Significance.
2. initial setting method as claimed in claim 1 is characterized in that:
Said subscriber equipment and target mobile management unit usage counter START -NASTo counter COUNT -NASWhen carrying out initialization and being provided with, be with counter COUNT -NASHigh Bit Significance be changed to counter START -NASValue, all the other bit positions are 0.
3. according to claim 1 or claim 2 initial setting method is characterized in that:
Said subscriber equipment is to counter COUNT -NASAfter carrying out initialization and being provided with, also utilize the Integrity Key IK of land radio access web and the root key K that encryption key CK generates the land radio access web of evolution ASMEBe access security managing entity key, Non-Access Stratum integrity protection key K NAS-intWith the Confidentiality protection key K NAS-enc, be used for the encryption of follow-up signaling.
4. initial setting method as claimed in claim 3 is characterized in that:
After said target mobile management unit is received cell re-selection request; Serving GPRS Support Node is sent out context request to the source; Said source Serving GPRS Support Node carries the Integrity Key and the encryption key of land radio access web in the context response of sending to said target mobile management unit, said target mobile management unit utilizes counter START again -NASTo counter COUNT -NASCarry out the initialization setting, and utilize said Integrity Key IK and encryption key CK to generate the root key K of the land radio access web of evolution ASMEBe access security managing entity key, Non-Access Stratum integrity protection key K NAS-intWith the Confidentiality protection key K NAS-enc, be used for the encryption of follow-up signaling.
5. initial setting method as claimed in claim 1 is characterized in that:
Said target mobile management unit is to counter COUNT -NASAfter carrying out initialization and being provided with, notify said subscriber equipment district reselecting to be accepted; After said subscriber equipment is received, send district reselecting to said target mobile management unit and accomplish message, the affirmation district reselecting is accomplished.
6. an initial setting method that is used for cryptographic key existence counter among different access systems is characterized in that, subscriber equipment from the land radio access web of evolution landwards wireless access network move, in the time of need carrying out district reselecting, carry out following steps:
Said subscriber equipment sends cell re-selection request and gives the destination service GPRS Support Node, after receiving the district reselecting affirmation that said destination service GPRS Support Node is sent, with counter COUNT -NASHigh Bit Significance add 1 at least after, as the initial value of counter START;
Wherein, counter START is the Integrity Key IK of land radio access web and the existence counter of encryption key CK, counter COUNT -NASIt is the Non-Access Stratum integrity protection key K that writes down the land radio access web that receives evolution NAS-intWith the Confidentiality protection key K NAS-encThe counter of the network access server signaling quantity of protection.
7. initial setting method as claimed in claim 6 is characterized in that:
Said subscriber equipment is earlier with counter COUNT -NASHigh Bit Significance add 1 at least after, compose to give counter START -NAS, the value initialization with counter START is counter START then -NASValue; Counter START wherein -NASBe to be used for recording counter COUNT -NASThe counter of high Bit Significance.
8. like claim 6 or 7 described initial setting methods, it is characterized in that:
Said subscriber equipment is earlier with counter COUNT -NASHigh Bit Significance add 2 after, as the initial value of counter START.
9. like claim 6 or 7 described initial setting methods, it is characterized in that:
Said destination service GPRS Support Node sends context request to source mobile management unit after receiving that said subscriber equipment sends cell re-selection request; After said source mobile management unit is received, send context response to said destination service GPRS Support Node; Said destination service GPRS Support Node sends district reselecting to said subscriber equipment again to be confirmed, notifies its network acceptance area reselection request; Said subscriber equipment sends district reselecting to the target mobile management unit and accomplishes message after the initialization of accomplishing counter START is provided with, and the affirmation district reselecting is accomplished.
10. initial setting method as claimed in claim 8 is characterized in that:
Said destination service GPRS Support Node sends context request to source mobile management unit after receiving that said subscriber equipment sends cell re-selection request; After said source mobile management unit is received, send context response to said destination service GPRS Support Node; Said destination service GPRS Support Node sends district reselecting to said subscriber equipment again to be confirmed, notifies its network acceptance area reselection request; Said subscriber equipment sends district reselecting to the target mobile management unit and accomplishes message after the initialization of accomplishing counter START is provided with, and the affirmation district reselecting is accomplished.
11., it is characterized in that like claim 6 or 7 described initial setting methods:
In the process that the RRC that said subscriber equipment is initiated after district reselecting is accomplished connects; Said subscriber equipment and said destination service GPRS Support Node come count initialized device COUNT-I, COUNT-C with said START value again; Wherein COUNT-I is the counter of network access server signaling quantity that writes down the Integrity Key IK protection of the land radio access web that receives evolution, and COUNT-C is the counter of network access server signaling quantity that writes down the encryption key CK protection of the land radio access web that receives evolution.
12. initial setting method as claimed in claim 8 is characterized in that:
In the process that the RRC that said subscriber equipment is initiated after district reselecting is accomplished connects; Said subscriber equipment and said destination service GPRS Support Node come count initialized device COUNT-I, COUNT-C with said START value again; Wherein COUNT-I is the counter of network access server signaling quantity that writes down the Integrity Key IK protection of the land radio access web that receives evolution, and COUNT-C is the counter of network access server signaling quantity that writes down the encryption key CK protection of the land radio access web that receives evolution.
CN2008100819296A 2008-02-22 2008-02-22 Method for setting initialization of cryptographic key existence counter among different access systems Expired - Fee Related CN101232736B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2008100819296A CN101232736B (en) 2008-02-22 2008-02-22 Method for setting initialization of cryptographic key existence counter among different access systems

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2008100819296A CN101232736B (en) 2008-02-22 2008-02-22 Method for setting initialization of cryptographic key existence counter among different access systems

Publications (2)

Publication Number Publication Date
CN101232736A CN101232736A (en) 2008-07-30
CN101232736B true CN101232736B (en) 2012-02-29

Family

ID=39898836

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2008100819296A Expired - Fee Related CN101232736B (en) 2008-02-22 2008-02-22 Method for setting initialization of cryptographic key existence counter among different access systems

Country Status (1)

Country Link
CN (1) CN101232736B (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101409897B (en) * 2008-10-31 2012-12-19 中兴通讯股份有限公司 Control method and apparatus for counter
CN101931951B (en) * 2009-06-26 2012-11-07 华为技术有限公司 Method, device and system for secret key deduction
GB2472580A (en) * 2009-08-10 2011-02-16 Nec Corp A system to ensure that the input parameter to security and integrity keys is different for successive LTE to UMTS handovers
CN102025685B (en) * 2009-09-21 2013-09-11 华为技术有限公司 Authentication processing method and device
US9197669B2 (en) 2010-04-15 2015-11-24 Qualcomm Incorporated Apparatus and method for signaling enhanced security context for session encryption and integrity keys
US9084110B2 (en) 2010-04-15 2015-07-14 Qualcomm Incorporated Apparatus and method for transitioning enhanced security context from a UTRAN/GERAN-based serving network to an E-UTRAN-based serving network
UA108099C2 (en) * 2010-04-15 2015-03-25 DEVICE AND METHOD OF SIGNALING ABOUT IMPROVED SECURITY CONTEXT FOR SESSION KEYS ENCRYPTION AND INTEGRITY
CN102845105B (en) 2010-04-16 2016-03-16 高通股份有限公司 For the apparatus and method shifted from the serving network node of support of enhanced security context to legacy service network node
CN101835156B (en) * 2010-05-21 2014-08-13 中兴通讯股份有限公司南京分公司 Method and system for safeguarding user access
CN102917350B (en) * 2011-08-05 2015-12-02 华为技术有限公司 Enable the method for safe key, access network node, subscriber equipment and system
CN109922051B (en) * 2013-09-11 2022-08-09 三星电子株式会社 Method and system for enabling secure communication for inter-ENB transmission
CN107579878B (en) * 2017-09-19 2020-08-21 浙江明讯网络技术有限公司 Signaling monitoring method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6229806B1 (en) * 1997-12-30 2001-05-08 Motorola, Inc. Authentication in a packet data system
CN1404267A (en) * 2002-10-01 2003-03-19 华中科技大学 Safe network transmission method and system
CN1564509A (en) * 2004-03-23 2005-01-12 中兴通讯股份有限公司 Key consaltation method in radio LAN

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6229806B1 (en) * 1997-12-30 2001-05-08 Motorola, Inc. Authentication in a packet data system
CN1404267A (en) * 2002-10-01 2003-03-19 华中科技大学 Safe network transmission method and system
CN1564509A (en) * 2004-03-23 2005-01-12 中兴通讯股份有限公司 Key consaltation method in radio LAN

Also Published As

Publication number Publication date
CN101232736A (en) 2008-07-30

Similar Documents

Publication Publication Date Title
CN101232736B (en) Method for setting initialization of cryptographic key existence counter among different access systems
CN101232731B (en) Method and system for UE to generate cryptographic key switching from UTRAN to EUTRAN
CN101715188B (en) A kind of update method of air interface key and system
KR101102708B1 (en) Methods and apparatus to implement non-access stratumnas security in a long term evolution wireless device
CN101257723A (en) Method, apparatus and system for generating cipher key
CN201286113Y (en) Wireless emission/receiving unit
CN101267668B (en) Key generation method, Apparatus and system
CN101083839B (en) Cipher key processing method for switching among different mobile access systems
EP3197191B1 (en) Method and apparatuses for avoiding network security desynchronization
CN101304311A (en) Method and system for generating cryptographic key
TW202037217A (en) Apparatus and method for mobility procedure involving mobility management entity relocation
CN101483865A (en) Cipher key replacing method, system and device
KR20130114561A (en) Local security key update at a wireless communication device
CN101521873B (en) Method for enabling local security context
WO2009152755A1 (en) Method and system for generating an identity identifier of a key
CN102158855A (en) Method of handling security in srvcc handover and related communication device
CN101925059A (en) Method and system for generating keys in switching process
CN101299888B (en) Cryptographic key generation method, switching method, mobile management entity and customer equipment
CN101478752B (en) Cipher key replacing method, system and device
CN101552983A (en) Key generating method, key generating device, mobile management entity and user equipment
CN101355507B (en) Method and system for generating cipher key for updating tracking zonetime
CN101610507A (en) A kind of method that inserts the 3G-WLAN internet
CN102264064A (en) Method and system for synchronizing access stratum (AS) security algorithms
CN102572819A (en) Method, device and system for generating secret key
CN101267670B (en) An initialization setup method for secret key survival counter between different access systems

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20120229

Termination date: 20180222

CF01 Termination of patent right due to non-payment of annual fee