CN101772019A - Method of handling inter-system handover security and related communication device - Google Patents
Method of handling inter-system handover security and related communication device Download PDFInfo
- Publication number
- CN101772019A CN101772019A CN201010002117A CN201010002117A CN101772019A CN 101772019 A CN101772019 A CN 101772019A CN 201010002117 A CN201010002117 A CN 201010002117A CN 201010002117 A CN201010002117 A CN 201010002117A CN 101772019 A CN101772019 A CN 101772019A
- Authority
- CN
- China
- Prior art keywords
- golden key
- secret
- key group
- inter
- golden
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The present invention relates to a method of handling inter-system handover security and a related communication device. The method of handling inter-system handover security for a communication device in a wireless communication system includes creating a first security key set for security with a serving network, creating a second security key set with a deactivating state, receiving an inter-system handover command for an inter-system handover from the serving network to a target network, selecting either the first security key set or the second security key set during the inter-system handover, and using the selected security key set for security with the target network, wherein the selected security key set is identical with a third security key set that is used by the target network for security with the communication device.
Description
Technical field
The present invention relates to a kind of method and communication device thereof that is used for a wireless telecommunication system, particularly relate to a kind of wireless telecommunication system that is used for and be used for handling method and communication device thereof about inter-system handover security.
Background technology
In mobile communcations system, the information privacy technology is used for protecting signaling and user plane, and (UserPlane, UP) message is to avoid data theft and malicious modification.At universal mobile telecommunications system (Universal Mobile Telecommunications System; UMTS) or evolved packet system (Evolved Packet System; EPS) in; the information privacy technology is used and is encrypted and dialectical protection (Integrity Protection) mechanism, and it cooperates modes such as multiple golden key and counter to realize.Evolved packet system comprises a Long Term Evolution (long term evolution, LTE) radio access system and an evolved block core (Evolved Packet Core, EPC) system.In general; one client (UserEquipment; UE) utilize a secret interior literary composition; realize user plane, non-level of access (Non AccessStratum; NAS) and level of access (Access Stratum, AS) protection mechanism, wherein; literary composition includes maintain secrecy golden key, encryption/dialectical protection algorithm in maintaining secrecy, and golden key is derived function etc.
One authorizes golden key authentication (authentication and key agreement, AKA) program is used for a general land global radio access network (UMTS Terrestrial Radio Access Network, UTRAN) or an evolved general land global radio access network (Evolved UMTS TerrestrialRadio Access Network, E-UTRAN) in, be used for producing brand-new secret golden key.In UTRAN, authorize golden key authentication procedure, or be called UMTS and authorize golden key authentication procedure, mainly be to be used for producing one to encrypt a golden key CK and a dialectical golden key IK, and in E-UTRAN, authorize golden key authentication procedure, or be called EPS and authorize golden key authentication procedure, mainly be to be used for producing the intermediary gold key of sharing between a client and the mobile management unit (Mobility Management Entity, MME)) (Intermediate Key).
Above-mentioned authorizing in the golden key authentication procedure, when client had the golden key that is using, client may not can be enabled new golden key immediately.In other words, client has two groups of golden key groups of maintaining secrecy before enabling new secret golden key group.The existence of two groups of golden key groups of maintaining secrecy can cause client striding radio access technology (inter-Radio Access Technology, inter-RAT) handover, or during interdepartmental system (inter-system) handover, open the problem of beginning function of keeping secret.
In the radio access technology of the striding handover of UTRAN to E-UTRAN, the gold key K ' of an intermediary
ASMENeed to derive function by a unidirectional golden key, draw from encryption gold key CK and the dialectical golden key IK that shares with UTRAN, then client need be used the gold key K ' of intermediary
ASMEDraw a golden key of encryption and a dialectical golden key of sharing with E-UTRAN.Radio Resource control (the RadioResource Control of one client in UTRAN, RRC) online mode, and have two groups of golden key groups of maintaining secrecy corresponding to a network field (packet switching or circuit switched field), each group all comprises one and encrypts a golden key CK and a dialectical golden key IK.Wherein a secret golden key group is used at present and encryption and dialectical protection between UTRAN, and another golden key group of maintaining secrecy then is to authorize golden key authentication procedure by youngest UMTS to draw, and it is not used (or not being activated) as yet.When client is instructed to stride radio access technology handover, during the evolved base station of handover to E-UTRAN, prior art and unspecified client should be used the golden key of how organizing in aforementioned two groups of gold keys, draw the gold key K ' of intermediary that is used for handover
ASMETherefore, client may select to be different from the employed golden key group of MME (an objective network end) (promptly using different encryption gold key CK and dialectical golden key IK).If client uses different secret golden key groups to draw the gold key K ' of intermediary with MME
ASME, then client and evolved base station can use different encryptions and dialectical golden key to encrypt and dialectical protection, cause in handover to E-UTRAN, and communication link is interrupted between client and the evolved base station.
In the radio access technology of the striding handover of E-UTRAN to UTRAN, client must be by the gold key K of an intermediary
ASMEDraw one and encrypt golden key CK ' and dialectical golden key IK '.The RRC online mode of one client in E-UTRAN, and have the gold key K of two intermediaries
ASMEIntermediary gold key K wherein
ASMEBe used in encryption and dialectical protection between present and E-UTRAN, and the gold key K of another intermediary
ASMEAuthorize golden key authentication procedure by youngest EPS and draw, it is not used (or not being activated) as yet.In the case, carry out this when client and stride the radio access technology, during from the E-UTRAN handover to UTRAN, in the two intermediaries gold key what prior art and unspecified client should use intermediary's gold key, draws the encryption gold key CK ' that is used for handover and reach dialectical golden key IK '.If client is used the different gold key K of intermediary with MME
ASMEDraw and encrypt golden key CK ' and dialectical golden key IK ', then client can be used different encryptions and dialectical golden key with UTRAN, and then causes in handover to UTRAN, and the communication link between client and the UTRAN is interrupted.
Summary of the invention
Therefore, the invention provides a kind of method and communication device thereof that a wireless telecommunication system is used for handling the inter-system handover security function that be used for, with the communication link interruption of avoiding using different secret golden key groups to be caused by client and network terminal.
The present invention discloses a kind of method of handling inter-system handover security, is used for a communication device of a wireless telecommunication system, and this method includes: produce the one first secret golden key group that is used for carrying out with a servo network function of keeping secret; Produce one second secret golden key group of a not enabled state; Receive inter-system handover instruction, this this communication device of inter-system handover instruction request carries out from an inter-system handover of this servo network handover to an objective network; During inter-system handover, select this first maintain secrecy one of them of golden key group of golden key group and this second of maintaining secrecy, wherein selecteed secret golden key group is identical with one the 3rd secret golden key group, and this objective network uses the 3rd secret golden key group and this communication device to carry out function of keeping secret; And use selecteed secret golden key group in carrying out function of keeping secret with this objective network.
The present invention also discloses a kind of method of handling inter-system handover security, a communication device that is used for a wireless telecommunication system, this method includes: receive inter-system handover instruction, this this communication device of inter-system handover instruction request carries out from a handover procedure of servo network handover to an objective network; And when being used for carrying out one first secret golden key group of function of keeping secret in user mode with this servo network, and when one second secret golden key group of a not enabled state has produced, transmit and be used for responding a handover fail message of this inter-system handover instruction to this servo network.
The present invention also discloses an a kind of communication device that is used for a wireless telecommunication system, is used for correctly handling inter-system handover security, and this communication device includes a computer-readable medium storing and a processor.This computer-readable medium storing is used for storing the program code about a flow process.This processor couples this computer-readable medium storing, is used for handling this program code, to carry out this flow process.Wherein, this flow process includes: produce the one first secret golden key group that is used for carrying out with a servo network function of keeping secret; Produce one second secret golden key group of a not enabled state; Receive inter-system handover instruction, this this communication device of inter-system handover instruction request carries out from an inter-system handover of this servo network handover to an objective network; During inter-system handover, select this first maintain secrecy one of them of golden key group of golden key group and this second of maintaining secrecy, wherein selecteed secret golden key group is identical with one the 3rd secret golden key group, and this objective network uses the 3rd secret golden key group and this communication device to carry out function of keeping secret; And use selecteed secret golden key group in carrying out function of keeping secret with this objective network.
The present invention also discloses an a kind of communication device that is used for a wireless telecommunication system, is used for correctly handling inter-system handover security, and this communication device includes a computer-readable medium storing and a processor.This computer-readable medium storing is used for storing the program code about a flow process.This processor couples this computer-readable medium storing, is used for handling this program code, to carry out this flow process.Wherein, this flow process includes: receive inter-system handover instruction, this this communication device of inter-system handover instruction request carries out from a handover procedure of servo network handover to an objective network; And when being used for carrying out one first secret golden key group of function of keeping secret in user mode with this servo network, and when one second secret golden key group of a not enabled state has produced, transmit and be used for responding a handover fail message of this inter-system handover instruction to this servo network.
Description of drawings
Fig. 1 is the schematic diagram of a wireless telecommunication system.
Fig. 2 is the schematic diagram of the embodiment of the invention one communication device.
Fig. 3 is the schematic diagram of a program code shown in Figure 2.
Fig. 4~Fig. 5 is the flow chart of the embodiment of the invention.
The reference numeral explanation
10 wireless telecommunication systems
12 core networks
14 radio access networks
20 communication devices
200 processors
210 computer-readable medium storings
212 storage datas
214 program codes
220 communication interface units
230 control units
300 the 3rd layers
310 second layers
320 ground floors
40,50 flow processs
400、410、420、430、440、450、460、500、510、520、530
Step
Embodiment
Please refer to Fig. 1, Fig. 1 is the schematic diagram of a wireless telecommunication system 10.Simply, wireless telecommunication system 10 includes a core network 12, a radio access network (radio access network, RAN) 14 and one communication device 20.Radio access network 14 can be a second generation mobile communication networking (2G), as strengthen data transfer rate GSM evolution radio access network (GSM/EDEG Radio AccessNetwork, GERAN), one third generation mobile networking (3G), as general land global radio access network (UMTS Terrestrial Radio Access Network, UTRAN), an or evolved third generation network (evolved 3G), as evolved general land global radio access network (EvolvedUMTS Terrestrial Radio Access Network, E-UTRAN), and include a plurality of base stations, as base station (Node-Bs) or heavier-duty base station (evolved Node-Bs, eNBs).According to different system, core network 12 has different frameworks, for example: the core network 12 of 3G system comprises the global packet radio service of a service (Global Packet Radio Service, GPRS) support node (Serving GPRS Support Node, SGSN), or the core network 12 of evolved 3G system comprise a mobile management unit (Mobility Management Entity, MME).Communication device 20 can be mobile phone or personal digital assistant (Personal Digital Assistant, PDA), can be described as client (user equipment, UE) or travelling carriage (mobile stations, MS), and support a plurality of radio access technology (Radio Access Technologies, RATs), global system for mobile communications (Global System for Mobile Communications as the aforementioned, GSM)/universal mobile telecommunications system (Universal Mobile Telecommunications System, UMTS)/Long Term Evolution (LongTerm Evolution, LTE) system.
Please refer to Fig. 2, Fig. 2 is the schematic diagram of the embodiment of the invention one communication device 20.Communication device 20 includes a processor 200, one computer-readable medium storings 210, one communication interface units 220, and a control unit 230.Computer-readable medium storing 210 can be arbitrary data memory device, in order to storing a program code 214, and is read and is handled by processor 200.Computer-readable medium storing 210 can be subscriber identification module (SubscriberIdentity Module, SIM), USIM (Universal Subscriber Identity Module, USIM), read-only memory (read-only memory, ROM), random access memory (random-access memory, RAM), compact disc read-only memory (CD-ROMs), tape (magnetic tapes), hard disk (harddisks) or optical data storage device (optical data storage devices).Control unit 230 is used for according to the result of this processor 200, the state and relevant running of control communication interface unit 220 and communication device 20.Communication interface unit 220 can preferably be a wireless receiver, in order to the result according to processor 200, carries out wireless telecommunications with network terminal.
Preferably, communication device 20 is supported LTE and UMTS system, and its relevant golden key group of maintaining secrecy includes: the secret golden key group that is used for LTE system (also as E-UTRAN) includes gold key (intermediate key) K of an intermediary
ASME(being used for the mobile management level gold key between client and the mobile management unit), the identification of heavier-duty gold key group (evolved Key Set Identifier, eKSI), a Radio Resource controls dialectical protective money key K
RRCint, Radio Resource control encrypts golden key K
RRCencAnd golden key K is encrypted on a user plane
UPencAnd the secret golden key group that is used for UMTS system (also as UTRAN) includes the golden key of an encryption (Ciphering Key, CK) and a dialectical golden key (Integrity Key, IK), it is corresponding to a packet switching (Packet Switched, PS) field or a circuit switched (Circuited Switched, CS) field.
If above-mentioned secret golden key group when existing, can be stored in the computer-readable medium storing 210, and is handled by processor 200 by program code 214.
Please refer to Fig. 3, Fig. 3 is the schematic diagram of the program code 214 of the embodiment of the invention.Program code 214 comprises the program code of a plurality of protocol layer, from top to bottom is one the 3rd layer of 300, one second layer 310 and a ground floor 320.Be used for for the 3rd layer 300 according to information component (information elements, IEs) and from the Radio Resource that network terminal received control (radio resource control, RRC) message (or Radio Resource (Radio Resource, RR) message), set the golden key of maintaining secrecy, and the 3rd layer of 300 a plurality of RRC programs of management are as inter-system handover program and RRC reconstruction algorithm.When the second layer 310 is used for the UMTS system, include wireless link control (radio link control, RLC) layer and medium access control (media access control, MAC) layer, and when being used for the LTE system, then include a packet data polymerized agreement (Packet Data Convergence Protocol, PDCP) layer, a rlc layer and a MAC layer.Ground floor 320 be a physical layer (physical, PHY).The function of the second layer 310 and the 3rd layer 300 is the known technology of field person of the present invention, does not repeat them here.
Please refer to Fig. 4, Fig. 4 is the schematic diagram of first embodiment of the invention one flow process 40.Flow process 40 is used for client, is used for handling inter-system handover security.Flow process 40 can be compiled as program code 214 and comprise following steps:
Step 400: beginning.
Step 410: produce the one first secret golden key group that is used for carrying out function of keeping secret with a servo network.
Step 420: the one second secret golden key group that produces a not enabled state (deactivating state).
Step 430: receive inter-system handover instruction, from this servo network inter-system handover to an objective network.
Step 440: during inter-system handover, select one of them of this first secret golden key group and this second secret golden key group.
Step 450: use selecteed secret golden key group in carrying out function of keeping secret with this objective network.
Step 460: finish.
According to flow process 40, second client of maintaining secrecy golden key group that has produced the first secret golden key group and not enabled state receives from the handover of servo network instructs, to carry out inter-system handover.The second secret golden key group of not enabled state represents that the secret golden key group that is produced is not used as yet, and it can produce by the key updating program.In the case, client is selected one of them of the first secret golden key group and the second secret golden key group during inter-system handover.Selecteed secret golden key group must to carry out one of the function of keeping secret golden key group of maintaining secrecy identical with objective network be used in and client.At last, client uses selecteed secret golden key group in carrying out function of keeping secret with objective network, as according to selected secret golden key group, produces the required golden key of objective network.Therefore, by flow process 40, client and objective network carry out function of keeping secret according to identical secret golden key group, to avoid during the inter-system handover or connection failure behind the inter-system handover.
In flow process 40, the employed secret golden key group of objective network can be during inter-system handover, from servo network transfers to objective network.In addition, the handover instruction can be used to the employed secret golden key group of indicating target network, client is learnt should be selected the secret golden key group of what group.
Notion with flow process 40 illustrates, its about client from the UTRAN inter-system handover to E-UTRAN.The RRC connection mode of client in UTRAN, for example: sub-district exclusive channel (CELL_DCH) state or sub-district sharing channel (CELL_FACH) state, and have two groups of golden key groups of maintaining secrecy corresponding to identical network field (PS or CS field), wherein each golden key group of maintaining secrecy includes a golden key CK of encryption and a dialectical golden key IK.Wherein a secret golden key group is encryption and the dialectical protection that client and UTRAN share at present, and another golden key group of maintaining secrecy is to authorize golden key authentication procedure from youngest UMTS to draw, and it is not activated as yet.Then, client receives handover instruction, and this handover instruction request client is carried out inter-system handover to E-UTRAN.During handover, SGSN receives encryption gold key CK and the dialectical golden key IK that shares at present with UTRAN from UTRAN, and transmits this and encrypt golden key CK and dialectical golden key IK to mobile management unit.In addition, the handover instruction can comprise gold medal key change indication (keyChangeIndicator) information component or other spendable information component, is used to refer to the encryption gold key CK and the dialectical golden key IK that share at present with UTRAN.Perhaps, the handover instruction can directly be used for transmitting encryption gold key CK and the dialectical golden key IK that shares at present.According to the handover instruction, client selects to use encryption gold key CK and the dialectical golden key IK that shares at present with UTRAN, carries out encryption and dialectical protection with E-UTRAN.In the case, client and mobile management unit all use encryption gold key CK and the dialectical golden key IK that shares at present with UTRAN, draw the gold key K ' of intermediary
ASMEThen, client is from the gold key K ' of intermediary
ASMEDraw base station level gold key K
ENB, and use base station level gold key K
ENBDraw the encryption and the dialectical golden key that are used for carrying out function of keeping secret, control dialectical protective money key K as Radio Resource with E-UTRAN
RRCint, Radio Resource control encrypts golden key K
RRCencAnd golden key K is encrypted on a user plane
UPenc
Lift another example explanation, its about client from the UTRAN inter-system handover to E-UTRAN.During the RRC connection mode of client in UTRAN, and have two groups of golden keys of maintaining secrecy with the identical behaviour in service of above-mentioned example.Above-mentioned youngest UMTS authorizes golden key authentication procedure and can trigger by SGSN, uses to draw encryption gold key CK and the dialectical golden key IK that is not enabled by client as yet.Then, client receives the handover instruction, and it requires client to carry out inter-system handover to E-UTRAN.During handover, SGSN transmits by youngest UMTS and authorizes encryption gold key CK that golden key authentication procedure drawn and dialectical golden key IK to mobile management unit.In the case, the handover instruction can comprise " keyChangeIndicator " information component or other spendable information component, is used to refer to by youngest UMTS and authorizes encryption gold key CK and the dialectical golden key IK that golden key authentication procedure is drawn.Perhaps, the handover instruction can directly transmit this group encryption gold key CK and dialectical golden key IK.Then, client is selected encryption gold key CK and the dialectical golden key IK be instructed to.In the case, client and mobile management unit all use by youngest UMTS and authorize encryption gold key CK and the dialectical golden key IK that golden key authentication procedure is drawn, and draw the gold key K ' of intermediary
ASMEClient is again from the gold key K ' of intermediary
ASMEDraw base station level gold key K
ENB, and use base station level gold key K
ENBDraw the encryption and the dialectical golden key that are used for carrying out function of keeping secret with E-UTRAN.
According to the notion of flow process 40, other lifts an example explanation, its about client from the E-UTRAN inter-system handover to UTRAN.The RRC connection mode of client in E-UTRAN, and have two groups of golden key groups of maintaining secrecy, each golden key group of maintaining secrecy includes the gold key K of an intermediary
ASMEIntermediary gold key K wherein
ASMEIn user mode and be used at present encryption and dialectical protection with E-UTRAN, and the golden key K of another intermediary
ASMEAuthorizing golden key authentication procedure by youngest EPS draws and is not used as yet.Then, client receives handover instruction, the intermediary gold key K of its indication in user mode
ASME, and requesting client is carried out inter-system handover to UTRAN.According to the handover instruction, client is chosen in the gold key K of intermediary in the user mode
ASMEIn the case, client and mobile management unit all use and are used to encrypt and the gold key K of intermediary of dialectical protection
ASME, draw the encryption gold key and the dialectical golden key that are used for carrying out function of keeping secret with UTRAN.
In above-mentioned example, another kind of mode is that E-UTRAN can produce handover instruction, and its indication has by youngest EPS and authorizes the gold key K of intermediary that golden key authentication procedure is drawn
ASMEIn the case, client and mobile management unit all use by youngest EPS and authorize the gold key K of intermediary that golden key authentication procedure is drawn
ASMEIn encrypting and dialectical protection, encrypt golden key and dialectical golden key to draw.
Please refer to Fig. 5, Fig. 5 is the schematic diagram of second embodiment of the invention one flow process 50.Flow process 50 is used for client, provides to be different from the method that flow process 40 is handled inter-system handover security.Flow process 50 can be compiled as program code 214 and comprise following steps:
Step 500: beginning.
Step 510: receive inter-system handover instruction, from servo network inter-system handover to an objective network.
Step 520: maintain secrecy golden key group in user mode when being used for carrying out one first of function of keeping secret with this servo network, and when one second secret golden key group of a not enabled state has produced, transmit and be used for responding a handover fail message of this inter-system handover instruction to this servo network.
Step 530: finish.
According to flow process 50, after receiving the handover instruction, when client has two groups of golden key groups of maintaining secrecy, one group in user mode and be used for carrying out function of keeping secret with servo network, then when the not enabled state, then client transmits the handover fail message to servo network to another group.In addition, the handover fail message can indicate the handover failure cause to be " function of keeping secret starts failure ".When handover was instructed not the employed secret golden key group of indicating target network, flow process 50 can avoid client and objective network to use different golden keys, and then prevents the secret failure behind the inter-system handover.
According to the notion of flow process 50, for the example of a client from the UTRAN inter-system handover to E-UTRAN.During the RRC connection mode of client in UTRAN, and have two groups of secret golden key groups corresponding to identical network field (PS or CS field), each golden key group of maintaining secrecy includes one and encrypts a golden key CK and a dialectical golden key IK.Wherein an encryption gold key CK and a dialectical golden key IK who maintains secrecy golden key group is used in encryption and dialectical protection, and the encryption gold key CK and the dialectical golden key IK of another golden key group of maintaining secrecy authorize golden key authentication procedure by youngest UMTS to draw and be not activated as yet.Client receives the handover instruction, and its requesting client is carried out inter-system handover to E-UTRAN.According to flow process 50, client is judged the inter-system handover failure, and transmits a handover fail message to UTRAN.Therefore, when client has two groups during simultaneously corresponding to the encryption gold key CK of a service field and dialectical golden key IK, client can not carried out handover, uses and avoids using the golden key group that is different from E-UTRAN/ mobile management unit (objective network).
According to the notion of flow process 50, again for the example of a client from the E-UTRAN inter-system handover to UTRAN.The RRC connection mode of client in E-UTRAN, and have two groups of golden key groups of maintaining secrecy, each golden key group of maintaining secrecy includes the gold key K of an intermediary
ASMEWherein the golden key group of maintaining secrecy is used in and encrypts and dialectical protection, and another golden key group of maintaining secrecy authorizes golden key authentication procedure by youngest EPS and draws and be not used as yet.Instruct when client receives handover, in the time of need carrying out inter-system handover to UTRAN, client is judged the inter-system handover failure, and transmits the handover fail message to E-UTRAN.Therefore, in E-UTRAN, has two intermediaries gold key K when client
ASMEThe time, client can not carried out handover, uses and avoids using the golden key that is different from UTRAN/SGSN (objective network).
In sum, the embodiment of the invention can prevent client and the different secret golden key group of objective network use, interrupts to avoid communication link.
The above only is preferred embodiment of the present invention, and all equalizations of doing according to claim of the present invention change and modify, and all should belong to covering scope of the present invention.
Claims (10)
1. method of handling inter-system handover security is used for a communication device of a wireless telecommunication system, and this method includes:
Generation is used for carrying out with a servo network one first secret golden key group of function of keeping secret;
Produce one second secret golden key group of a not enabled state;
Receive inter-system handover instruction, this this communication device of inter-system handover instruction request carries out from an inter-system handover of this servo network handover to an objective network;
During inter-system handover, select this first maintain secrecy one of them of golden key group of golden key group and this second of maintaining secrecy, wherein selecteed secret golden key group is identical with one the 3rd secret golden key group, and this objective network uses the 3rd secret golden key group and this communication device to carry out function of keeping secret; And
Use selecteed secret golden key group in carrying out function of keeping secret with this objective network.
2. the method for claim 1, wherein this inter-system handover instruction indication the 3rd golden key group of maintaining secrecy.
3. the method for claim 1, wherein use selecteed secret golden key group to include in carrying out function of keeping secret with this objective network:
One first golden key of encryption from selecteed secret golden key group and one first dialectical golden key draw intermediary gold key;
Draw a base station level gold key from this intermediary's gold key; And
Draw one second golden key of encryption and the one second dialectical golden key that is used for carrying out function of keeping secret from this base station level gold key with this objective network.
4. the method for claim 1, wherein use selecteed secret golden key group to include in carrying out function of keeping secret with this objective network:
Draw a base station level gold key from the intermediary gold key of selecteed secret golden key group; And
Draw a golden key of encryption and a dialectical golden key that is used for carrying out function of keeping secret from this base station level gold key with this objective network.
5. the method for claim 1 wherein the 3rd is maintained secrecy golden key group during inter-system handover, from this servo network transfers to this objective network.
6. the method for claim 1, wherein this first golden key group and this second golden key group of maintaining secrecy of maintaining secrecy belongs to the identical network service field.
7. method of handling inter-system handover security is used for a communication device of a wireless telecommunication system, and this method includes:
Receive inter-system handover instruction, this this communication device of inter-system handover instruction request carries out from a handover procedure of servo network handover to an objective network; And
Maintain secrecy golden key group in user mode when being used for carrying out one first of function of keeping secret with this servo network, and when one second secret golden key group of a not enabled state has produced, transmit and be used for responding a handover fail message of this inter-system handover instruction to this servo network.
8. method as claimed in claim 7, wherein this second golden key group of maintaining secrecy of this not enabled state is to authorize golden key by one of the beginning that this servo network opens to recognize the journey preface and produce.
9. method as claimed in claim 8, wherein this first maintain secrecy golden key group and this second maintain secrecy golden key group comprise respectively one encrypt golden key, a dialectical golden key and intermediary gold key at least one of them.
10. method as claimed in claim 7, wherein this first secret golden key group and this second secret golden key group belong to the identical network service field.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US14238209P | 2009-01-05 | 2009-01-05 | |
| US61/142,382 | 2009-01-05 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101772019A true CN101772019A (en) | 2010-07-07 |
Family
ID=42504539
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010002117A Pending CN101772019A (en) | 2009-01-05 | 2010-01-05 | Method of handling inter-system handover security and related communication device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101772019A (en) |
| TW (1) | TW201027961A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012022188A1 (en) * | 2010-08-17 | 2012-02-23 | 刘建 | Method for deriving key by multisystem radio access network and multisystem radio access network |
| WO2012083873A1 (en) * | 2010-12-22 | 2012-06-28 | 华为技术有限公司 | Method, apparatus and system for key generation |
| CN102625300A (en) * | 2011-01-28 | 2012-08-01 | 华为技术有限公司 | Generation method and device for key |
-
2010
- 2010-01-05 CN CN201010002117A patent/CN101772019A/en active Pending
- 2010-01-05 TW TW099100091A patent/TW201027961A/en unknown
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012022188A1 (en) * | 2010-08-17 | 2012-02-23 | 刘建 | Method for deriving key by multisystem radio access network and multisystem radio access network |
| WO2012083873A1 (en) * | 2010-12-22 | 2012-06-28 | 华为技术有限公司 | Method, apparatus and system for key generation |
| CN102625300A (en) * | 2011-01-28 | 2012-08-01 | 华为技术有限公司 | Generation method and device for key |
| WO2012100749A1 (en) * | 2011-01-28 | 2012-08-02 | 华为技术有限公司 | Key generating method and apparatus |
| US9049594B2 (en) | 2011-01-28 | 2015-06-02 | Huawei Technologies Co., Ltd. | Method and device for key generation |
| CN102625300B (en) * | 2011-01-28 | 2015-07-08 | 华为技术有限公司 | Generation method and device for key |
Also Published As
| Publication number | Publication date |
|---|---|
| TW201027961A (en) | 2010-07-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10674360B2 (en) | Enhanced non-access stratum security | |
| CN109309920B (en) | Security implementation method, related device and system | |
| CN101772021B (en) | Method of handling security configuration in wireless communications system and related communication device | |
| US11856402B2 (en) | Identity-based message integrity protection and verification for wireless communication | |
| US10687213B2 (en) | Secure establishment method, system and device of wireless local area network | |
| CN101399767B (en) | Method, system and apparatus for security capability negotiation during terminal moving | |
| CN101754191B (en) | Method of handling handover security configuration and related communication device | |
| US9667413B2 (en) | Encryption realization method and system | |
| EP2293515B1 (en) | Method, network element, and mobile station for negotiating encryption algorithms | |
| CN102158855B (en) | Method of handling security in srvcc handover and related communication device | |
| US20160135041A1 (en) | Wi-fi privacy in a wireless station using media access control address randomization | |
| CN104285422A (en) | Secure communications for computing devices utilizing proximity services | |
| CN102404721A (en) | Safety protecting method of Un interface, device and base station | |
| CN1937487A (en) | LTE authentication and encryption method | |
| WO2020056433A2 (en) | SECURE COMMUNICATION OF RADIO RESOURCE CONTROL (RRC) REQUEST OVER SIGNAL RADIO BEARER ZERO (SRBo) | |
| CN101772019A (en) | Method of handling inter-system handover security and related communication device | |
| CN101909368B (en) | Wireless network security solution method and equipment | |
| CN101162955B (en) | Method of obtaining login key of handset television service system | |
| CN101383702A (en) | Method and system protecting cipher generating parameter in tracing region updating | |
| KR101385846B1 (en) | Communications method and communications systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20100707 |