CN101534506A - Method for indicating base station security information - Google Patents
Method for indicating base station security information Download PDFInfo
- Publication number
- CN101534506A CN101534506A CN200810083396A CN200810083396A CN101534506A CN 101534506 A CN101534506 A CN 101534506A CN 200810083396 A CN200810083396 A CN 200810083396A CN 200810083396 A CN200810083396 A CN 200810083396A CN 101534506 A CN101534506 A CN 101534506A
- Authority
- CN
- China
- Prior art keywords
- base station
- security
- information
- security information
- management entity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a method for indicating base station security information, which comprises the steps as follows: a base station sends an S1 SETUP REQUEST message to a mobile management entity, wherein the S1 SETUP REQUEST message carries first base station security information that is required for implementing security settings of the base station by an MME; and the MME implements the security settings according to the first base station security information and returns an S1 SETUP REQUES message to the base station, wherein the S1 SETUP REQUES message carries second base station security information that is related to the security settings implemented by the MME. The method for indicating the base station security information can realize the transmission of the base station security information between the base station and the MME.
Description
Technical field
The present invention relates to the communications field, particularly, relate to method for indicating base station security information based on Long Term Evolution (Long-TermEvolution abbreviates LTE as) system.
Background technology
At present, the LTE network is by E-UTRAN (Evolved UMTS Terrestrial RadioAccess Network, the evolution UMTS Terrestrial radio access network), the base station (Node B of evolution (Evolved Node B, abbreviate eNB as)) and evolution packet switching center (EvolvedPacket Core, abbreviate EPC as) form the network configuration flattening.
Wherein, E-UTRAN comprises the set of the eNB that is connected by the S1 interface with EPC, can connect by X2 interface between the eNB.S1, X2 are logic interfacing.An EPC can manage one or more eNB, and an eNB also can be controlled by a plurality of EPC, and simultaneously, an eNB can manage one or more sub-districts.
At present, at 3GPP (3rd Generation partnership project, third generation mobile partner plan) in 36.413 agreement, as base station and mobile management entity (MobileManagement Entity, abbreviate MME as) after transport layer sets up and to finish, S1SETUP REQUEST (the S1 interface is set up request) message can be initiated to MME in the base station, comprise time trail (Time Advance the abbreviates TA as) scope of supporting in base station Global ID (overall identification), base station title and base station in this message.
But; in the LTE system; the use of Home eNodeB causes the base station, and security issues become increasingly urgent; the user can comprise the signatory content of relevant safety when using certain base station; such as; other height of safety requirements level or additional safeguard protection configuration (such as the use of the optional security algorithm in backstage, base station, security algorithm comprises employed all cryptographic algorithm in the current communication system).Base station security information can be provided with in the attribute of base station in advance, also can be provided with in upper layer network node or network management system.
At present, how between base station and MME, to transmit, do not provide solution in the industry as yet for the security information of base station, and this obviously is unfavorable for realizing the flexibility of BTS management, can not ensure the safe in utilization of base station, therefore, needs are a kind of can solution to the problems described above.
Summary of the invention
Consider the problem of a kind of security information of between base station and MME, transmitting the base station of the needs that exist in the correlation technique and propose the present invention that for this reason, the present invention aims to provide method for indicating base station security information, in order to address the above problem.
To achieve these goals, according to an aspect of the present invention, provide a kind of method for indicating base station security information.
Method for indicating base station security information according to the embodiment of the invention comprises: the base station is to mobile management entity (Mobile Management Entity, MME) send S1SETUPREQUEST message, and in S1 SETUP REQUEST message, carry and be used for MME the first required base station security information of security set is carried out in the base station; MME carries out security set according to first base station security information, returns S1 SETUP REQUES message to the base station, and carries the second relevant base station security information of security set that carries out with MME in S1 SETUP REQUES message.
Wherein, comprise the authentication identification information in first base station security information, be used to indicate the base station whether to support authentication process, wherein, MME adjudicates whether initiate authorizing procedure according to the authentication identification information, and, judge under the situation of initiating the judgement flow process at MME, comprise authentication information in second base station security information.
Wherein, further comprise security algorithm information and/or base station level of security information in first base station security information, wherein, security algorithm information is used to the security algorithm of indicating MME can adopt or advise adopting, and base station level of security information is used to indicate the level of security of base station.
MME can be base station selected security algorithm according to security algorithm information and/or base station level of security information, wherein, comprises the security algorithm parameter information in second base station security information, and the security algorithm parameter information comprises: safe key, security algorithm index.
According to a further aspect in the invention, provide another kind of method for indicating base station security information.
Method for indicating base station security information according to the embodiment of the invention comprises: the base station sends S1 SETUP REQUEST message to MME, wherein, carries base station identification information in the S1 SETUP REQUEST message; MME searches first base station security information of base station in database according to base station identification information, carry out security set according to first base station security information that finds, return S1 SETUP REQUES message to the base station, and in S1SETUPREQUES message, carry the second relevant base station security information of security set that carries out with MME.
Wherein, comprise the authentication identification information in first base station security information, be used to indicate the base station whether to support authentication process, wherein, MME adjudicates whether initiate authorizing procedure according to the authentication identification information, and judge under the situation of initiating the judgement flow process at MME, comprise authentication information in second base station security information.
Wherein, further comprise security algorithm information and/or base station level of security information in first base station security information, wherein, security algorithm information is used to the security algorithm of indicating MME can adopt or advise adopting, and base station level of security information is used to indicate the level of security of base station.
MME is base station selected security algorithm according to security algorithm information and/or base station level of security information, wherein, comprises the security algorithm parameter information in second base station security information, and the security algorithm parameter information comprises: safe key, security algorithm index.
By above-mentioned at least one technical scheme provided by the invention, by setting up base station security information is set in the flow process at S1, solved the problem that the security information of the base station that exists in the correlation technique is transmitted between base station and MME,, can ensure the safe in utilization of base station than correlation technique.
Other features and advantages of the present invention will be set forth in the following description, and, partly from specification, become apparent, perhaps understand by implementing the present invention.Purpose of the present invention and other advantages can realize and obtain by specifically noted structure in the specification of being write, claims and accompanying drawing.
Description of drawings
Accompanying drawing is used to provide further understanding of the present invention, and constitutes the part of specification, is used from explanation the present invention with embodiments of the invention one, is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is a schematic diagram of setting up flow process according to the S1 of correlation technique;
Fig. 2 is the flow chart according to the method for indicating base station security information of first embodiment of the invention;
Fig. 3 is the Signalling exchange flow chart of method shown in Figure 2;
Fig. 4 is the schematic diagram according to the method for indicating base station security information of second embodiment of the invention;
Fig. 5 is the Signalling exchange flow chart of method shown in Figure 4.
Embodiment
Below in conjunction with accompanying drawing the preferred embodiments of the present invention are described, should be appreciated that preferred embodiment described herein only is used for description and interpretation the present invention, and be not used in qualification the present invention.
At first, as shown in Figure 1, when eNB and MME transport layer set up finish after, eNB can send S1 SETUP REQUEST message to MME, comprise the TA scope that base station Global ID, base station title and base station are supported in this message, further, MME sends S1 SETUP RESPONSE message to eNB.As mentioned above, in order to realize the flexibility of BTS management, need be in the security information of between base station and MME, transmitting the base station.
Based on foregoing, in method for indicating base station security information, set up increase eNB security information (cell) in the flow process at present S1 according to the embodiment of the invention, the present invention has provided following embodiment.
First embodiment
In the security information indicating means according to the embodiment of the invention, the secure information storage of eNB is in eNB this locality.
Fig. 2 is the flow chart according to the security information indicating means of the embodiment of the invention, and Fig. 3 is the Signalling exchange flow chart according to the security information indicating means of the embodiment of the invention.As shown in Figure 2, comprise following processing:
Step S202, the base station is to mobile management entity (Mobile Management Entity, MME) send S1 SETUP REQUEST message, and in S1 SETUP REQUEST message, carry and be used for MME the first required base station security information of security set is carried out in the base station; (corresponding to 301 among Fig. 3, eNB sends S1 SETUP REQUEST message to MME, and this message is expanded, and increases eNB associated safety ability cell)
Step S204, MME carries out security set according to first base station security information, and, return S1 SETUP REQUES message to the base station, and in S1 SETUP REQUES message, carry the second relevant base station security information of security set that carries out with MME if the S1 interface is set up successfully.(corresponding to 302 among Fig. 3, MME sends S1SETUPRESPONSE message to eNB, and this message is expanded, and increases eNB associated safety ability cell)
Particularly, in above-mentioned steps S202, wherein, first base station security information can comprise the authentication identification information, be used to indicate the eNB station whether to support authentication process, in this case, in step S204, whether MME initiates authorizing procedure according to authentication identification information judgement, and is included in MME judges authentication information under the situation of initiating the judgement flow process in second base station security information.
In addition, in step S202, first base station security information can also comprise security algorithm information and/or base station level of security information, wherein, security algorithm information is used to the security algorithm of indicating MME can adopt or advise adopting, can represent with the security algorithm index, the level of security that base station level of security information is used to indicate eNB, in this case, in step S204, MME can be that eNB selects security algorithm according to security algorithm information and/or base station level of security information, and comprises the security algorithm parameter information in second base station security information, and the security algorithm parameter information comprises: safe key, security algorithm index etc.
Preferably, eNB receives S1 SETUP RESPONSE message in step S206 after, second base station security information that MME is issued update stored in this locality (as Fig. 3 303 shown in).
Second embodiment
In the security information indicating means according to the embodiment of the invention, the eNB secure information storage is in upper layer network node or network management system (such as MME or NMS).
Fig. 4 is the flow chart that illustrates according to the method for the embodiment of the invention.As shown in Figure 4, specifically comprise following processing:
Step S402, base station (eNB) power on the back with after MME sets up the S1 transport layer and is connected, and the base station wherein, carries base station identification information in the S1 SETUPREQUEST message to MME transmission S1 SETUP REQUEST message; (corresponding to 501 among Fig. 5, eNB sends S1 SETUP REQUEST message to MME)
Step S404, MME searches first base station security information of base station according to base station identification information (for example, eNB Global ID, eNBName information) in database;
Step S406, MME carries out security set according to first base station security information that finds, and returns S1 SETUP REQUES message to the base station, and carry the second relevant base station security information of security set that carries out with MME in S1 SETUP REQUES message.(step S404 and step S406 are corresponding to 502 among Fig. 5, and MME sends S1SETUP RESPONSE message to eNB, and this message is expanded, and increase eNB associated safety ability cell)
Particularly, in above-mentioned steps S404, first base station security information that finds can comprise the authentication identification information, be used to indicate the eNB station whether to support authentication process, in this case, in step S406, MME adjudicates whether initiate authorizing procedure according to the authentication identification information, and judge under the situation of initiating the judgement flow process authentication information that in second base station security information, comprises at MME.
In addition, in step S404, first base station security information that finds can also comprise security algorithm information and/or base station level of security information, wherein, security algorithm information is used to indicate MME can adopt or advise the security algorithm that it adopts, can represent with the security algorithm index, the level of security that base station level of security information is used to indicate eNB, in this case, in step S406, MME can be that eNB selects security algorithm according to security algorithm information and/or base station level of security information, and comprises the security algorithm parameter information in second base station security information, wherein, the security algorithm parameter information comprises: safe key, security algorithm index etc.
Preferably, eNB receives S1 SETUP RESPONSE message in step S408 after, second base station security information that MME is issued update stored in this locality (as Fig. 5 305 shown in).
As mentioned above, by means of above-mentioned at least one technical scheme of the present invention, by method for indicating base station security information is provided, make under the situation of macro base station and Home eNodeB coexistence in the LTE system, can be by transmission eNB security information and the management between base station and MME, can realize the base station safety management, make BTS management more flexible, for network security management and base station access-in management provide effective means, for example beginning scene, shared network operation are safeguarded, many producers equipment controles etc. have broad applicability.
The above is the preferred embodiments of the present invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (14)
1. a method for indicating base station security information is used for carrying out the indication of base station security information between base station and mobile management entity, it is characterized in that, comprising:
Described base station sends the S1 interface to mobile management entity and sets up request message, and sets up request message at described S1 interface and carry and be used for mobile management entity the first required base station security information of security set is carried out in the base station;
Described mobile management entity carries out security set according to described first base station security information, return the S1 interface to described base station and set up response message, and set up at described S1 interface and to carry the second relevant base station security information of security set that carries out with described mobile management entity in the response message.
2. method according to claim 1 is characterized in that, comprises the authentication identification information in described first base station security information, is used to indicate described base station whether to support authentication process.
3. method according to claim 2 is characterized in that, described mobile management entity is specially according to the operation that described first base station security information carries out security set:
Whether described mobile management entity initiates authorizing procedure according to described authentication identification information judgement.
4. method according to claim 3 is characterized in that, initiates in described mobile management entity judges to comprise authentication information in described second base station security information under the situation of judgement flow process.
5. method according to claim 1 and 2, it is characterized in that, comprise security algorithm information and/or base station level of security information in described first base station security information, wherein, described security algorithm information is used to the security algorithm of indicating described mobile management entity can adopt or advise adopting, and described base station level of security information is used to indicate the level of security of described base station.
6. method according to claim 5 is characterized in that, described mobile management entity is specially according to the operation that described first base station security information carries out security set:
Described mobile management entity is described base station selected security algorithm according to described security algorithm information and/or base station level of security information.
7. method according to claim 6 is characterized in that, comprises the security algorithm parameter information in described second base station security information, and described security algorithm parameter information comprises:
Safe key, security algorithm index.
8. a method for indicating base station security information is used for carrying out the indication of base station security information between base station and mobile management entity, it is characterized in that, comprising:
Described base station sends the S1 interface to mobile management entity and sets up request message, and sets up at described S1 interface and to carry base station identification information in the request message;
Described mobile management entity is searched first base station security information of described base station in database according to described base station identification information;
Described mobile management entity carries out security set according to described first base station security information that finds, return the S1 interface to described base station and set up response message, and set up at described S1 interface and to carry the second relevant base station security information of security set that carries out with described mobile management entity in the response message.
9. method according to claim 8 is characterized in that, comprises the authentication identification information in described first base station security information, is used to indicate described base station whether to support authentication process.
10. method according to claim 9 is characterized in that, described mobile management entity is specially according to the operation that described first base station security information carries out security set:
Whether described mobile management entity initiates authorizing procedure according to described authentication identification information judgement.
11. method according to claim 10 is characterized in that, initiates in described mobile management entity judges to comprise authentication information in described second base station security information under the situation of judgement flow process.
12. according to Claim 8 or 9 described methods, it is characterized in that, comprise security algorithm information and/or base station level of security information in described first base station security information, wherein, described security algorithm information is used to the security algorithm of indicating described mobile management entity can adopt or advise adopting, and described base station level of security information is used to indicate the level of security of described base station.
13. method according to claim 12 is characterized in that, described mobile management entity is specially according to the operation that described first base station security information carries out security set:
Described mobile management entity is described base station selected security algorithm according to described security algorithm information and/or base station level of security information.
14. method according to claim 13 is characterized in that, comprises the security algorithm parameter information in described second base station security information, described security algorithm parameter information comprises: safe key, security algorithm index.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810083396A CN101534506B (en) | 2008-03-14 | 2008-03-14 | Method for indicating base station security information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810083396A CN101534506B (en) | 2008-03-14 | 2008-03-14 | Method for indicating base station security information |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101534506A true CN101534506A (en) | 2009-09-16 |
| CN101534506B CN101534506B (en) | 2012-09-05 |
Family
ID=41104843
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200810083396A Expired - Fee Related CN101534506B (en) | 2008-03-14 | 2008-03-14 | Method for indicating base station security information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101534506B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015139434A1 (en) * | 2014-03-21 | 2015-09-24 | 中兴通讯股份有限公司 | Method and apparatus for determining a security algorithm |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101001252A (en) * | 2006-06-25 | 2007-07-18 | 华为技术有限公司 | Registration method and consultation method and device of user safety algorithmic |
| CN101128066B (en) * | 2007-09-27 | 2012-07-18 | 中兴通讯股份有限公司 | Method and system without user interface encryption |
-
2008
- 2008-03-14 CN CN200810083396A patent/CN101534506B/en not_active Expired - Fee Related
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015139434A1 (en) * | 2014-03-21 | 2015-09-24 | 中兴通讯股份有限公司 | Method and apparatus for determining a security algorithm |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101534506B (en) | 2012-09-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104581843B (en) | For the processing delivering method and its communication device of the network-side of wireless communication system | |
| CN103188663B (en) | The safe communication method of carrier aggregation and equipment between base station | |
| KR101147067B1 (en) | Method, apparatus and system for key derivation | |
| US9681339B2 (en) | Security processing method and system in network handover process | |
| US9055442B2 (en) | Method and system for realizing integrity protection | |
| KR101469335B1 (en) | Method and system for controlling machine type communication equipment to access network | |
| EP3713296B1 (en) | Method and device for managing pcell or pscell | |
| CN108366398B (en) | Data transmission method, network equipment and terminal equipment | |
| WO2020071536A1 (en) | Procedure to update the parameters related to unified access control | |
| CN103178938B (en) | Signaling optimization processing method, equipment and system | |
| EP2813098A1 (en) | A fast-accessing method and apparatus | |
| CN109788544B (en) | Layer 2 processing method, CU and DU | |
| CN102215466B (en) | Method of handling call transferring and related communication device | |
| CN104349312A (en) | Safe processing method for supporting dual connection | |
| CN108307389A (en) | Data security protection method, network access equipment and terminal | |
| EP2997767A1 (en) | Mobility in mobile communications network | |
| CN108633108B (en) | Access control method, access method, device, base station, user equipment and entity | |
| CN102572816B (en) | Method and device for mobile switching | |
| EP3522668B1 (en) | Method and device for trust relationship establishment | |
| US9258711B2 (en) | Wireless communication system and authentication method thereof | |
| CN101552982A (en) | Method and user equipment for detecting degradation attack | |
| CN102264117A (en) | Method and system for restricting access to specified area | |
| CN101772127A (en) | Access control method, device and system | |
| US20170070867A1 (en) | Method and system for triggering terminal group | |
| CN102083063A (en) | Method, system and equipment for confirming AS key |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20170914 Address after: 252599 nursery, Liaocheng, Shandong, Guanxian Patentee after: Han Xiaoli Address before: 518057 Nanshan District science and Technology Industrial Park, Guangdong high tech Industrial Park, ZTE building Patentee before: ZTE Corporation |
|
| CB03 | Change of inventor or designer information | ||
| CB03 | Change of inventor or designer information |
Inventor after: Han Xiaoli Inventor before: Gao Yin |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120905 Termination date: 20180314 |