CN101540981B - Method and system for performing safety ability negotiation during emergent call - Google Patents
Method and system for performing safety ability negotiation during emergent call Download PDFInfo
- Publication number
- CN101540981B CN101540981B CN200910083287.8A CN200910083287A CN101540981B CN 101540981 B CN101540981 B CN 101540981B CN 200910083287 A CN200910083287 A CN 200910083287A CN 101540981 B CN101540981 B CN 101540981B
- Authority
- CN
- China
- Prior art keywords
- algorithm
- request
- enb
- mme
- urgent call
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The invention discloses a method and a system for performing safety ability negotiation during emergent call, aiming at solving the technical problem of how to select null algorithm during emergent call of MME and eNB. In the invention, the safety algorithm of MME and eNB is dynamically regulated during emergent call, so that MME and eNB can select null algorithm to continue normal communication process.
Description
Technical field
The present invention relates to carry out in the communications field method of negotiating safety capability, relate in particular to a kind of method and system of carrying out negotiating safety capability in urgent call.
Background technology
Third generation partner program (3rd Generation Partnership Project, abbreviation 3GPP) grouping system (the Evolved Packet System of evolution, be called for short EPS) by land radio access web (the Evolved UMTS Terrestrial Radio Access Network of evolution, be called for short EUTRAN) and packet-based core networks (Evolved Packet Core the is called for short EPC) composition of EPS evolution.
EPC packet-based core networks comprise mobile management entity (Mobility Management Entity is called for short MME), and MME is responsible for the processing of ambulant management, Non-Access Stratum signaling and the relevant work of the chains of command such as management of user security model.In EUTRAN, the base station that base station equipment is evolution (evolvedNode-B is called for short eNB), is mainly responsible for radio communication, wireless communications management and the contextual management of mobility.
Non-access layer information between MME and user equipment (UE) (User Equipment) is encrypted and integrity protection.UE sends to MME by UE security capabilities (Security Capability), and the UE security capabilities (Security Capability) that MME sends according to UE, and the algorithm list of MME support, carry out algorithm selection.Wherein, the security capabilities of UE comprises the algorithm list that UE supports, the algorithm list that MME supports is according to priority arrangement.MME issues UE by selected algorithm.
RRC between eNB and user equipment (UE) (User Equipment) (control of Radio resource control Radio Resource) message and UP (User Plane, user's face) message are encrypted and integrity protection.MME is transmitted to eNB by the security capabilities of UE, and the UE security capabilities (Security Capability) that eNB sends according to UE, and the algorithm list of eNB support, carry out algorithm selection.ENB issues UE by selected algorithm.
The algorithm list that the algorithm list that above-mentioned MME supports and eNB support comprises list of integrity algorithms and cryptographic algorithm list.The security capabilities that is UE comprises list of integrity algorithms and the cryptographic algorithm list that UE supports, the algorithm list that MME supports comprises list of integrity algorithms and cryptographic algorithm list, and the algorithm list that eNB supports comprises list of integrity algorithms and cryptographic algorithm list.
After UE network authentication success, MME preserve EUTRAN root key---(Key Access Security Management Entity, is abbreviated as K to connection security management entity key
aSME).MME is used K
aSMEgenerate Non-Access Stratum encryption key K with selected cryptographic algorithm
nASenc, use K
aSMEgenerate Non-Access Stratum integrity protection key K with selected protection algorithm integrallty
nASint.
For the root key of the Access Layer of eNB, be that (Key eNB, is abbreviated as K for the base station key of evolution
eNB).MME is used K
aSMEgenerate K with Non-Access Stratum thus up counter
eNB, and K
eNBsend to eNB.ENB is used K
eNBgenerate RRC encryption key K with selected RRC cryptographic algorithm
rRCenc, use K
eNBgenerate RRC integrity protection key K with selected RRC protection algorithm integrallty
rRCint, use K
eNBgenerate K with selected UP cryptographic algorithm
uPenc.
When UE cannot pass through network authentication, also need to initiate, under the state of urgent call, between UE and network, cannot authenticate, also cannot generate key, so cannot carry out safeguard protection.For communication process is normally carried out, MME and eNB need to select empty algorithm, but in the prior art, also do not have a kind of method to make MME and eNB can select empty algorithm in the situation that of urgent call.
Summary of the invention
In view of this, one of main purpose of the present invention is to provide a kind of method of carrying out negotiating safety capability in urgent call, for solving the technical problem of MME and the eNB empty algorithm of How to choose the urgent call in the situation that.For achieving the above object, technical scheme of the present invention is achieved in that
In urgent call, carry out a method for negotiating safety capability, comprising:
Mobile management entity MME judges the request connecting, if described in the request mark that connects be emergency call request, MME adjusts supported security algorithm priority list; The current connection request of MME notice evolution base station eNB is urgent call, and eNB adjusts supported security algorithm priority list; The described adjustment that MME and eNB carry out makes MME and eNB when carrying out algorithm selection, choose sky algorithm; Or;
Evolution base station eNB judges the request connecting, if described in the request that is urgent call of the request mark that connects, eNB adjusts supported security algorithm priority list, makes eNB carry out when algorithm is selected, choosing sky algorithm.
Based on such scheme; further; the security algorithm priority list that the security algorithm priority list that described MME supports and eNB support comprises cryptographic algorithm priority list and protection algorithm integrallty priority list, and the method that MME and eNB adjust described security algorithm priority list is: empty algorithm priority is adjusted to the highest or empty algorithm is adjusted to the algorithm into unique support.
Further, described in the request that connects be the request of adhering to that MME receives when adhering to, or the initial context that eNB receives sets up request, or handover request.In the described request connecting, carry the sign of urgent call.
Another object of the present invention is to provide a kind of system of carrying out negotiating safety capability in urgent call, for achieving the above object, technical scheme of the present invention is achieved in that
In urgent call, carry out a system for negotiating safety capability, comprising:
Urgent call judge module: for judging whether the request connecting is the request that is designated urgent call; If notify the first security algorithm adjusting module and the second security algorithm adjusting module to carry out, or notify the second security algorithm adjusting module to carry out;
The first security algorithm adjusting module: be arranged in mobile management entity MME, adjust for the security algorithm priority list to supported, make MME choose sky algorithm when carrying out algorithm selection;
The second security algorithm adjusting module: be arranged in evolution base station eNB, adjust for the security algorithm priority list to supported, make eNB choose sky algorithm when carrying out algorithm selection.
Based on such scheme, further, described urgent call judge module comprises:
The first urgent call judge module, is arranged in MME, for judging whether the request connecting that MME receives is the request that is designated urgent call; If notifying the first security algorithm adjusting module carries out; The request connecting that described MME receives is for adhering to request;
The second urgent call judge module, is arranged in eNB, for judging whether the request connecting that eNB receives is the request that is designated urgent call; If notifying the second security algorithm adjusting module carries out; The request connecting that described eNB receives is that initial context is set up request or handover request.
Further, the security algorithm priority list that the security algorithm priority list that described MME supports and eNB support comprises cryptographic algorithm priority list and protection algorithm integrallty priority list; During request that described the first security algorithm adjusting module and the second security algorithm adjusting module are urgent call in the described request connecting, empty algorithm priority is adjusted to the highest or empty algorithm is adjusted to the algorithm into unique support.In the described request connecting, carry the sign of urgent call.
Technical solution of the present invention is adjusted the security algorithm of MME and eNB dynamically in the situation that of urgent call, makes MME and eNB can choose sky algorithm, thereby communication process is gone on normally.
Accompanying drawing explanation
When being urgent call of the present invention, Fig. 1 adjusts the flow chart of supporting algorithm priority;
Fig. 2 is that the present invention adjusts the signaling process figure that supports algorithm priority while using attachment flow to initiate urgent call;
Fig. 3 is in urgent call of the present invention, adjusts the signaling process figure that supports algorithm priority when UE switches between the eNB being connected with a MME;
Fig. 4 is in urgent call of the present invention, adjusts the signaling process figure that supports algorithm priority while switching between the eNB that UE connects at the MME from different.
Embodiment
For making the object, technical solutions and advantages of the present invention clearer, by the following examples and with reference to accompanying drawing, the present invention is described in more detail.
When Fig. 1 is urgent call, adjust the flow chart of supporting algorithm priority, concrete steps are:
Step 102, MME or eNB receive the request connecting;
For example, when adhering to, MME receives adheres to request; Or when switching, the handover request that eNB receives.
Step 104, MME or eNB judge, if the request that these request marks are urgent call, and do not carry out authentication, go to step so 106, otherwise go to step 108.
Step 106, MME or eNB adjust supported security algorithm priority list, empty algorithm priority are adjusted to the highest, or empty algorithm are adjusted to the algorithm into unique support.
Step 108, MME or eNB do not adjust supported security algorithm priority list.
Fig. 2 adjusts the signaling process figure that supports algorithm priority while initiating urgent call for use attachment flow.As shown in Figure 2, the present embodiment comprises:
Step 202, UE sends and adheres to request to eNB, and in this message, indicating type of attachment is urgent call.
Step 204, eNB forwards and adheres to request to MME.
Step 206, MME accepts this and adheres to request, judges that this adheres to request type is urgent call.
Step 208, MME does not authenticate, or MME accepts authentification failure, and continues attaching process.
Step 210, MME adjusts the priority of the algorithm support, empty algorithm priority is made as the highest, or empty algorithm is made as to the algorithm of unique support.MME adjusts supported protection algorithm integrallty list, and it is the highest or for unique algorithm that empty algorithm is set to priority.MME adjusts supported cryptographic algorithm list, and it is the highest or for unique algorithm that empty algorithm is set to priority.
Step 212; MME carries out algorithm selection according to the algorithm list of the security capabilities of UE and MME support; in algorithm due to MME support; empty algorithm is the high or the most unique algorithm of priority; the Non-Access Stratum protection algorithm integrallty that MME selects is empty algorithm, and the Non-Access Stratum cryptographic algorithm that MME selects is empty algorithm.
Step 213, MME notice UE is used selected empty algorithm.MME and UE bring into use sky algorithm to protect non-access layer information
Step 214, MME sends initial context and sets up request, and notice eNB type of attachment is urgent call.Send to adhere to simultaneously and accept message.
Step 216, eNB receives initial context and sets up request, and judgement type of attachment is urgent call.
Step 218, eNB adjusts the priority of the algorithm support, empty algorithm priority is made as the highest, or empty algorithm is made as to the algorithm of unique support.ENB adjusts supported protection algorithm integrallty list, and it is the highest or for unique algorithm that empty algorithm is set to priority.ENB adjusts supported cryptographic algorithm list, and it is the highest or for unique algorithm that empty algorithm is set to priority.
Step 220; eNB carries out algorithm selection according to the algorithm list of the security capabilities of UE and eNB support; in algorithm due to eNB support; empty algorithm is the high or the most unique algorithm of priority; the RRC protection algorithm integrallty that eNB selects is empty algorithm, and RRC cryptographic algorithm and UP cryptographic algorithm that eNB selects are empty algorithm.
Step 222, eNB notice UE is used selected empty algorithm.ENB and UE bring into use sky algorithm to protect RRC message and UP message.
Step 224, eNB sends RRC connection and reshuffles.
Step 226, UE replys RRC connection to eNB and has reshuffled.
Step 228, eNB sends initial context to MME and sets up response.
Step 230, UE sends direct message transfer to eNB.
Step 232, eNB sends and has adhered to MME.
Fig. 3 is in urgent call, adjusts the signaling process figure that supports algorithm priority when UE switches between the eNB being connected with a MME.
Step 302, UE sends measurement report to source eNB
Step 304, source base station sends handover request to target eNB, and in this handover request, indicating this calling is urgent call.
Step 306, target eNB receives handover request, and judgement type of attachment is urgent call.
Step 308, the priority of the algorithm that target eNB adjustment is supported, is made as empty algorithm priority the highest, or empty algorithm is made as to the algorithm of unique support.Target eNB is adjusted supported protection algorithm integrallty list, and it is the highest or for unique algorithm that empty algorithm is set to priority.Target eNB is adjusted supported cryptographic algorithm list, and it is the highest or for unique algorithm that empty algorithm is set to priority.
Step 310; target eNB is carried out algorithm selection according to the algorithm list of the security capabilities of UE and target eNB support; in algorithm due to target eNB support; empty algorithm is the high or the most unique algorithm of priority; the RRC protection algorithm integrallty that target eNB is selected is empty algorithm, and RRC cryptographic algorithm and UP cryptographic algorithm that target eNB is selected are empty algorithm.
Step 312, target eNB notice UE is used selected empty algorithm.ENB and UE bring into use sky algorithm to protect RRC message and UP message.
Step 314, target eNB sends Handover Request Acknowledge to source eNB.
Step 316, source eNB sends RRC connection to UE and reshuffles,
Step 318, UE replys RRC connection to target eNB and has reshuffled.
Step 320, target eNB, to the conversion of MME sendaisle, need to notify MME should call out as urgent call simultaneously.
Step 322, MME replys Channel-shifted and confirms, is confirmed to be urgent call simultaneously.If MME changes, MME likely confirms to the former MME of coming.
Fig. 4 is in urgent call, adjusts the signaling process figure that supports algorithm priority while switching between the eNB that UE connects at the MME from different.
Step 402, UE sends measurement report to source eNB;
Step 404, eNBXiang source, source MME sends handover request, comprises urgent call sign in this handover request, and indicating this calling is urgent call.
Step 406, source MME receives handover request, to target MME, sends and forwards re-positioning request;
Step 408, target MME sends handover request to target eNB, and in this handover request, indicating this calling is urgent call.
Step 410, target eNB receives this handover request, and judgement type of call is urgent call.
Step 412, the priority of the algorithm that target eNB adjustment is supported, is made as empty algorithm priority the highest, or empty algorithm is made as to the algorithm of unique support.Target eNB is adjusted supported protection algorithm integrallty list, and it is the highest or for unique algorithm that empty algorithm is set to priority.Target eNB is adjusted supported cryptographic algorithm list, and it is the highest or for unique algorithm that empty algorithm is set to priority.
Step 414; target eNB is carried out algorithm selection according to the algorithm list of the security capabilities of UE and target eNB support; in algorithm due to target eNB support; empty algorithm is the high or the most unique algorithm of priority; the RRC protection algorithm integrallty that target eNB is selected is empty algorithm, and RRC cryptographic algorithm and UP cryptographic algorithm that target eNB is selected are empty algorithm.
Step 416, target eNB notice UE is used selected empty algorithm.ENB and UE bring into use sky algorithm to protect RRC message and UP message.Can be by follow-up Handover Request Acknowledge, forward reorientation corresponding, switching command be notified.
Step 418, target eNB sends Handover Request Acknowledge to target MME.
Step 420, target MME sends and forwards reorientation reply to source MME.
Step 422, MMEXiang source, source eNB sends switching command.
Step 424, source eNB sends switching command to UE
Step 426, UE replys to switch to target eNB and confirms.
Step 428, target eNB sends and switches circular to target MME.
Step 430, target MME sends to source MME the reorientation forwarding and completes.
Step 432, source MME sends to target MME the reorientation forwarding and completes confirmation.
The above, be only preferred embodiment of the present invention, is not intended to limit protection scope of the present invention.
Claims (8)
1. in urgent call, carry out a method for negotiating safety capability, it is characterized in that, comprising:
Mobile management entity MME judges the request connecting, if described in the request that connects be emergency call request, MME adjusts supported security algorithm priority list; The current connection request of MME notice evolution base station eNB is urgent call, and eNB adjusts supported security algorithm priority list; The described adjustment that MME and eNB carry out makes MME and eNB when carrying out algorithm selection, choose sky algorithm; Or,
Evolution base station eNB judges the request connecting, if described in the request that the connects request that is urgent call, eNB adjusts supported security algorithm priority list, makes eNB carry out when algorithm is selected, choosing sky algorithm.
2. method according to claim 1; it is characterized in that; the security algorithm priority list that the security algorithm priority list that described MME supports and eNB support comprises cryptographic algorithm priority list and protection algorithm integrallty priority list, and the method that MME and eNB adjust described security algorithm priority list is: empty algorithm priority is adjusted to the highest or empty algorithm is adjusted to the algorithm into unique support.
3. method according to claim 1, is characterized in that, described in the request that connects be the request of adhering to that MME receives when adhering to, or the initial context that eNB receives sets up request, or handover request.
4. according to the method described in claim 1,2 or 3, it is characterized in that, described in carry the sign of urgent call in the request that connects.
5. in urgent call, carry out a system for negotiating safety capability, it is characterized in that, comprising:
Urgent call judge module: for judging whether the request connecting is the request that is designated urgent call; If notify the first security algorithm adjusting module and the second security algorithm adjusting module to carry out, or notify the second security algorithm adjusting module to carry out;
The first security algorithm adjusting module: be arranged in mobile management entity MME, adjust for the security algorithm priority list to supported, make MME choose sky algorithm when carrying out algorithm selection;
The second security algorithm adjusting module: be arranged in evolution base station eNB, adjust for the security algorithm priority list to supported, make eNB choose sky algorithm when carrying out algorithm selection.
6. system according to claim 5, is characterized in that, described urgent call judge module comprises:
The first urgent call judge module, is arranged in MME, for judging whether the request connecting that MME receives is the request that is designated urgent call; If notifying the first security algorithm adjusting module carries out; The request connecting that described MME receives is for adhering to request;
The second urgent call judge module, is arranged in eNB, for judging whether the request connecting that eNB receives is the request that is designated urgent call; If notifying the second security algorithm adjusting module carries out; The request connecting that described eNB receives is that initial context is set up request or handover request.
7. system according to claim 6, is characterized in that, the security algorithm priority list that the security algorithm priority list that described MME supports and eNB support comprises cryptographic algorithm priority list and protection algorithm integrallty priority list; During request that described the first security algorithm adjusting module and the second security algorithm adjusting module are urgent call in the described request connecting, empty algorithm priority is adjusted to the highest or empty algorithm is adjusted to the algorithm into unique support.
8. system according to claim 5, is characterized in that, described in carry the sign of urgent call in the request that connects.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200910083287.8A CN101540981B (en) | 2009-04-30 | 2009-04-30 | Method and system for performing safety ability negotiation during emergent call |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200910083287.8A CN101540981B (en) | 2009-04-30 | 2009-04-30 | Method and system for performing safety ability negotiation during emergent call |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101540981A CN101540981A (en) | 2009-09-23 |
CN101540981B true CN101540981B (en) | 2014-03-12 |
Family
ID=41123907
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN200910083287.8A Expired - Fee Related CN101540981B (en) | 2009-04-30 | 2009-04-30 | Method and system for performing safety ability negotiation during emergent call |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101540981B (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101883346B (en) * | 2009-05-04 | 2015-05-20 | 中兴通讯股份有限公司 | Safe consultation method and device based on emergency call |
CN102036326B (en) * | 2009-09-25 | 2014-12-24 | 华为技术有限公司 | Random access measurement method, switching delay optimization method, device and system |
CN102378140B (en) * | 2010-08-19 | 2015-08-12 | 中兴通讯股份有限公司 | Emergency call realization method, interoperability functive, mobile switching centre and base station |
CN107071768B (en) * | 2012-02-22 | 2020-03-20 | 华为技术有限公司 | Method, device and system for establishing security context |
CN103686704B (en) * | 2012-09-19 | 2017-02-15 | 华为技术有限公司 | Method and device for communication between terminal and network side |
CN104967984B (en) * | 2015-04-29 | 2019-04-05 | 大唐移动通信设备有限公司 | A kind of method and system for the information obtaining user equipment |
CN108809635A (en) | 2017-05-05 | 2018-11-13 | 华为技术有限公司 | Anchor key generation method, equipment and system |
CN111092998A (en) * | 2020-02-21 | 2020-05-01 | 深圳震有科技股份有限公司 | Telephone emergency calling method, system and storage medium |
-
2009
- 2009-04-30 CN CN200910083287.8A patent/CN101540981B/en not_active Expired - Fee Related
Also Published As
Publication number | Publication date |
---|---|
CN101540981A (en) | 2009-09-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101540981B (en) | Method and system for performing safety ability negotiation during emergent call | |
CN101883346B (en) | Safe consultation method and device based on emergency call | |
CN102625302B (en) | Cipher key derivative method, equipment and system | |
KR102123959B1 (en) | Communication method and device | |
AU2007304555B2 (en) | Encryption in a wireless telecommunications | |
EP2203008B1 (en) | Method of handling security configuration in wireless communications system and related communication device | |
CN102137400B (en) | Safety treatment method and system when re-establishing RRC (radio resource control) connection | |
EP3203805B1 (en) | Radio resource control (rrc) message processing method, apparatus, and system | |
WO2018138379A1 (en) | Methods for integrity protection of user plane data | |
CN101267668B (en) | Key generation method, Apparatus and system | |
CN102833741B (en) | A kind of safety parameter modification method and base station | |
EP2884803B1 (en) | Switching control method and apparatus | |
US20150245403A1 (en) | Radio communication system, radio station, radio terminal, communication control method, and computer readable medium | |
WO2015062097A1 (en) | Dual connection mode key processing method and device | |
CN104581843A (en) | Method of Handling Handover for Network of Wireless Communication System and Communication Device Thereof | |
WO2006112561A1 (en) | Mixed mobile communication system of asynchronous communication network and synchronous communic ation network having handover function of mobile communication terminal, and handover method in the same | |
KR20200086731A (en) | Method and device for reporting location information | |
CN102223632B (en) | A kind of Access Layer security algorithm synchronous method and system | |
CN102572816B (en) | Method and device for mobile switching | |
EP2685751B1 (en) | Handover method, base station, user equipment and mobility management entity | |
CN101841807B (en) | Execution method and system of security process | |
US20120252456A1 (en) | Mobile communication terminal, mobile communication controller, mobile communication system, and mobile communication method | |
CN102065420B (en) | Method, system and device for determining secret key |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20190203 Address after: Delaware Patentee after: Open Invention Network Co.,Ltd. Address before: 518057 Nanshan District high tech Industrial Park, Shenzhen, Guangdong, Ministry of justice, Zhongxing Road, South China road. Patentee before: ZTE Corp. |
|
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20140312 |