Summary of the invention
Technical problem to be solved by this invention is, a kind of method that guarantees service wireless network controller SRNC and core net node cipher consistency is provided, solve in the existing communication network, because of SRNC and the inconsistent problem of core net node key that SRNC moves or the core net node change causes.
In order to address the above problem, the present invention proposes a kind of method that guarantees service wireless network controller SRNC and core net node cipher consistency, comprising:
In the universal mobile telecommunications system that strengthens, the core net node that strengthens and terminal are derived traditional secrete key the IK '/CK ' of mapping respectively according to identical algorithm, and the core net node of described enhancing sends to radio network controller as the enhancing of SRNC with traditional secrete key the IK '/CK ' of its described mapping of deriving.
Wherein, the core net node of described enhancing and described terminal are derived the step of traditional secrete key the IK '/CK ' of mapping respectively according to identical algorithm, are based on traditional secrete key CK/IK, and/or intermediate key K
RNC, and/or strengthen key IK
U/ CK
UDerive traditional secrete key the IK '/CK ' of mapping.
Wherein, the core net node of described enhancing and described terminal are derived the step of traditional secrete key the IK '/CK ' of mapping respectively according to identical algorithm, be when terminal is moved to the universal mobile telecommunications system of enhancing by the universal mobile telecommunications system that does not strengthen, or terminal initial is when being attached to network, or terminal is carried out when Idle state enters into activated state.
Further, in the time need moving to target radio network controller as the source radio network controller of the enhancing of SRNC, the source radio network controller of described enhancing sends traditional secrete key the IK '/CK ' of described mapping to described target radio network controller.
Further, when core net node need change, the source core net node of described enhancing sent traditional secrete key the IK '/CK ' of mapping to the target core network node.
Further, the core net node of described enhancing is also derived the enhancing key respectively according to identical algorithm with terminal, and the core net node of described enhancing sends to radio network controller as the enhancing of SRNC with its described enhancing key of deriving.
In the time need moving to target radio network controller as the source radio network controller of the enhancing of SRNC, the source radio network controller of described enhancing sends traditional secrete key the IK '/CK ' and the described enhancing key of described mapping to described target radio network controller.
Described target radio network controller is selected the safe key that self adopts from traditional secrete key the IK '/CK ' of described enhancing key and described mapping according to the inherently safe ability:
If the safety that described target radio network controller support strengthens then adopts described enhancing key as safe key, and preserves traditional secrete key the IK '/CK ' of described mapping;
If described target radio network controller is not supported the safety that strengthens, traditional secrete key the IK '/CK ' that then adopts described mapping is as safe key.
Described target radio network controller further transmits objective network security capabilities indication information to terminal, and described objective network security capabilities indication information is used to indicate the security capabilities of described target radio network controller and/or selected safe key.
When core net node need change, the source core net node of described enhancing sent traditional secrete key the IK '/CK ' and the described enhancing key of mapping to the target core network node.
Described target core network node is selected the safe key that self adopts from traditional secrete key the IK '/CK ' of described enhancing key and described mapping according to inherently safe ability and terminal security ability:
If described target core network node and terminal are all supported then to adopt the safety that strengthens described enhancing key as safe key, and preserve traditional secrete key the IK '/CK ' of described mapping;
If described target core network node and/or terminal are not supported the safety that strengthens, traditional secrete key the IK '/CK ' that then adopts described mapping is as safe key.
The source radio network controller of described enhancing sends traditional secrete key the IK '/CK ' of described mapping to described target radio network controller to the transparent RNC container of target by the source.The traditional secrete key IK ' of described mapping/CK ' is positioned over described source in the information word IK field and CK field of the transparent RNC container of target.
When terminal is carried out static SRNC migration, the source radio network controller of described enhancing sends to the core net node that strengthens and carries the traditional secrete key IK ' of described mapping and the migration of CK ' needs message, the migration request message that the core net node of described enhancing carries the traditional secrete key IK ' and the CK ' of described mapping to the target radio network controller transmission sends to described target radio network controller with traditional secrete key IK ' and the CK ' that shines upon.Described migration request message also carries the enhancing key.
When terminal is carried out static SRNC migration, if be attended by the change of core net node, then the source radio network controller of described enhancing sends to the source core net node that strengthens and carries the traditional secrete key IK ' of described mapping and the migration of CK ' needs message, and the source core net node of described enhancing sends the migration request message of transmitting the traditional secrete key IK ' and the CK ' that carry described mapping to the target core network node; Described target core network node sends the migration request message of the traditional secrete key IK ' and the CK ' that carry described mapping to target radio network controller.Described migration request message also carries the enhancing key.
It is described when core net node need change, be meant the routing area updating RAU request, or adhere to request, or core net node changes in the service request process, target core network node after changing is to source core net node request contexts, and described source core net node returns the context of traditional secrete key the IK '/CK ' that carries mapping to the target core network node.The described context that carries traditional secrete key the IK '/CK ' of mapping is the MM context.
The present invention also provides a kind of system that guarantees service wireless network controller SRNC and core net node cipher consistency, comprise: terminal, the core net node of the enhancing in the universal mobile telecommunications system that strengthens and as the radio network controller of the enhancing of SRNC, wherein:
The core net node of described enhancing and terminal are used for deriving respectively according to identical algorithm traditional secrete key the IK '/CK ' of mapping;
The core net node of described enhancing sends to radio network controller as the enhancing of SRNC with traditional secrete key the IK '/CK ' of its described mapping of deriving.
Wherein, the traditional secrete key IK ' of described mapping/CK ' is based on traditional secrete key CK/IK, perhaps based on intermediate key K
RNC, and/or IK
U/ CK
UThe key of deriving.
Described system further comprises: target radio network controller, be used for when needs SRNC moves, and move to target radio network controller by source radio network controller as the enhancing of SRNC; The source radio network controller of described enhancing sends traditional secrete key the IK '/CK ' of described mapping to described target radio network controller.
Described system further comprises: the target core network node, when core net node need change, the source core net node of described enhancing sent traditional secrete key the IK '/CK ' of mapping to the target core network node.
Further, the core net node of described enhancing and terminal also are used for deriving the enhancing key respectively according to identical algorithm, and the core net node of described enhancing sends to radio network controller as the enhancing of SRNC with its described enhancing key of deriving;
In the time need moving to target radio network controller as the source radio network controller of the enhancing of SRNC, the source radio network controller of described enhancing sends traditional secrete key the IK '/CK ' and the described enhancing key of described mapping to described target radio network controller;
When core net node need change, the source core net node of described enhancing sent traditional secrete key the IK '/CK ' and the described enhancing key of mapping to the target core network node.
Described target radio network controller is selected the safe key that self adopts from traditional secrete key the IK '/CK ' of described enhancing key and described mapping according to the inherently safe ability: if the safety that described target radio network controller support strengthens, then adopt described enhancing key as safe key, and preserve traditional secrete key the IK '/CK ' of described mapping; If described target radio network controller is not supported the safety that strengthens, traditional secrete key the IK '/CK ' that then adopts described mapping is as safe key;
Described target core network node is selected the safe key that self adopts from traditional secrete key the IK '/CK ' of described enhancing key and described mapping according to the security capabilities of inherently safe ability and terminal: if described target core network node and terminal are all supported the safety that strengthens, then adopt described enhancing key as safe key, and preserve traditional secrete key the IK '/CK ' of described mapping; If described target core network node and/or terminal are not supported the safety that strengthens, traditional secrete key the IK '/CK ' that then adopts described mapping is as safe key.
Described target radio network controller further transmits objective network security capabilities indication information to terminal, and described objective network security capabilities indication information is used to indicate the security capabilities of described target radio network controller and/or selected safe key.
The system and method for assurance service wireless network controller SRNC of the present invention and core net node cipher consistency, in the UMTS that strengthens, core net node by terminal and enhancing generates the consistent enhancing key and traditional secrete key the IK '/CK ' of mapping earlier, to strengthen traditional secrete key the IK '/CK ' of key and mapping synchronously to the radio network controller that strengthens by the core net node that strengthens again, during the SRNC migration, traditional secrete key the IK '/CK ' that will be strengthened key and/or mapping by the source radio network controller that strengthens sends to target radio network controller, when the core net node change takes place, traditional secrete key the IK '/CK ' that will be strengthened key and/or mapping by the source core net node that strengthens sends to the target core network node, this just make SRNC and core net node before migration with move after the key that can both be consistent.Adopt system and method for the present invention, when UE moves to the objective network of not supporting the safety that strengthens, still can utilize traditional secrete key the IK '/CK ' of consistent mapping to communicate by letter safely.The consistency that also can keep simultaneously, traditional secrete key between target core network node and the Target RNC.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with accompanying drawing.
The security capabilities that the present invention is directed to radio network controller (RNC) or core net node may exist inconsistent, the different network elements that may cause adopts the different situation of key possibility, for guaranteeing service wireless network controller SRNC and core net node cipher consistency, the core network element that adopt to strengthen generates traditional secrete key the IK '/CK ' that strengthens key and mapping with terminal by identical algorithms, and is sent to as the radio network controller of the enhancing of SRNC and by its reservation by traditional secrete key IK '/CK ' that the core net node of enhancing will strengthen key and mapping.When SRNC moves, to strengthen traditional secrete key the IK '/CK ' of key and/or mapping by radio network controller as the enhancing of SRNC, sending to target radio network controller preserves, when the core net node change takes place, traditional secrete key the IK '/CK ' of described mapping is sent to the target core network node and by its preservation by the core net node that strengthens.So just realized the consistency of each network element safe key.
Further, described target radio network controller and target core network node also can determine it is to adopt traditional secrete key the IK '/CK ' that strengthens key or adopt mapping according to the inherently safe ability, after selecting security information are notified to terminal.
A kind of method that guarantees service wireless network controller SRNC and core net node cipher consistency of the present invention comprises:
In the universal mobile telecommunications system that strengthens, the core net node that strengthens and terminal are derived traditional secrete key the IK '/CK ' of mapping respectively according to identical algorithm, and the core net node of described enhancing sends to radio network controller as the enhancing of SRNC with traditional secrete key the IK '/CK ' of its described mapping of deriving.
Wherein, the core net node of described enhancing and described terminal are derived the step of traditional secrete key the IK '/CK ' of mapping respectively according to identical algorithm, are based on traditional secrete key CK/IK, and/or intermediate key K
RNC, and/or strengthen key IK
U/ CK
UDerive traditional secrete key the IK '/CK ' of mapping
Wherein, the core net node of described enhancing and described terminal are derived the step of traditional secrete key the IK '/CK ' of mapping respectively according to identical algorithm, be when terminal is moved to the universal mobile telecommunications system of enhancing by the universal mobile telecommunications system that does not strengthen, or terminal initial is when being attached to network, or terminal is carried out when Idle state enters into activated state.
The system of assurance service wireless network controller SRNC of the present invention and core net node cipher consistency comprises: terminal, and the core net node of the enhancing in the universal mobile telecommunications system of enhancing and as the radio network controller of the enhancing of SRNC, wherein:
The core net node of described enhancing and terminal are used for deriving respectively according to identical algorithm traditional secrete key the IK '/CK ' of mapping;
The core net node of described enhancing sends to radio network controller as the enhancing of SRNC with traditional secrete key the IK '/CK ' of its described mapping of deriving.
Wherein, the traditional secrete key IK ' of described mapping/CK ' is based on traditional secrete key CK/IK, perhaps based on intermediate key K
RNC, and/or IK
U/ CK
UThe key of deriving.
Described system further comprises: target radio network controller, be used for when needs SRNC moves, and move to target radio network controller by source radio network controller as the enhancing of SRNC; The source radio network controller of described enhancing sends traditional secrete key the IK '/CK ' of described mapping to described target radio network controller.
Described system further comprises: the target core network node, when core net node need change, the source core net node of described enhancing sent traditional secrete key the IK '/CK ' of mapping to the target core network node.
Further, the core net node of described enhancing and terminal also are used for deriving the enhancing key respectively according to identical algorithm, and the core net node of described enhancing sends to radio network controller as the enhancing of SRNC with its described enhancing key of deriving;
In the time need moving to target radio network controller as the source radio network controller of the enhancing of SRNC, the source radio network controller of described enhancing sends traditional secrete key the IK '/CK ' and the described enhancing key of described mapping to described target radio network controller;
When core net node need change, the source core net node of described enhancing sent traditional secrete key the IK '/CK ' and the described enhancing key of mapping to the target core network node.
Described target radio network controller is selected the safe key that self adopts from traditional secrete key the IK '/CK ' of described enhancing key and described mapping according to the inherently safe ability: if the safety that described target radio network controller support strengthens, then adopt described enhancing key as safe key, and preserve traditional secrete key the IK '/CK ' of described mapping; If described target radio network controller is not supported the safety that strengthens, traditional secrete key the IK '/CK ' that then adopts described mapping is as safe key;
Described target core network node is selected the safe key that self adopts from traditional secrete key the IK '/CK ' of described enhancing key and described mapping according to the security capabilities of inherently safe ability and terminal: if described target core network node and terminal are all supported the safety that strengthens, then adopt described enhancing key as safe key, and preserve traditional secrete key the IK '/CK ' of described mapping; If described target core network node and/or terminal are not supported the safety that strengthens, traditional secrete key the IK '/CK ' that then adopts described mapping is as safe key.
Described target radio network controller further transmits objective network security capabilities indication information to terminal, and described objective network security capabilities indication information is used to indicate the security capabilities of described target radio network controller and/or selected safe key.
Because attachment stage, the core net node of enhancing is consistent with key between the radio network controller of enhancing and the terminal.When migration, at various scenes, the source radio network controller of enhancing sends key to target radio network controller, especially target radio network controller do not support to strengthen safe the time, all adopt traditional secrete key the IK '/CK ' of mapping, this has just guaranteed the key agreement between each network element; When change took place core net node, the source core net node of enhancing also can send to the target core network node with traditional secrete key the IK '/CK ' of mapping, like this, has also guaranteed the consistency of its key between target radio network controller and the target core network node.Therefore, use the present invention and can guarantee service wireless network controller SRNC and core net node cipher consistency, solved when the SGSN+ that strengthens is moved to the SGSN that does not strengthen Target RNC and the inconsistent problem of target SGSN place stored traditional secrete key.
Below, various scenes and flow process when moving at SRNC, the method and system to assurance cipher consistency of the present invention are elaborated in conjunction with the accompanying drawings.
A kind of example when embodiment 1:UE adheres to illustrates mapping key IK '/CK ' generative process and ways of distribution.
As shown in Figure 4, the core net node that strengthens is in this embodiment generating enhancing key (K according to traditional secrete key IK/CK
RNCAnd/or IK
U, CK
U) after, generate traditional secrete key the IK '/CK ' that shines upon based on IK/CK or enhancing key again.When the traditional secrete key IK ' of this mapping/CK ' is used for UE and moves to the legacy network of not supporting the safety that strengthens, as the safe key of communicating by letter between UE and the objective network.When initially adhering to, or UE is when Idle state is converted to connected state, and core net node is issued to traditional secrete key the IK '/CK ' of mapping in the Serving RNC (being SRNC).When migration took place, the source RNC of enhancing or the source core net node of enhancing can send to Target RNC or target core network node to the traditional secrete key IK ' of this mapping/CK '.Concrete migration handoff procedure is with reference to the several embodiment in back.
Concrete steps are described as follows:
S401:ME+ sends to the core net node (SGSN+ or MSC/VLR+) that strengthens and adheres to (attach) request message, carries UE security capabilities information in this Attach Request message.
The HSS of S402:ME+ and network carries out EAP A KA process, finishes mutual authentication.This step is optional.
S403: the core net node of enhancing is derived according to traditional secrete key IK/CK and is strengthened key.The enhancing key of Tui Daoing is herein: intermediate key K
RNC, and/or IK
U/ CK
U
S404: traditional secrete key IK '/CK ' that the core net node of enhancing is derived and shone upon.Wherein, the derivation of the traditional secrete key IK ' of this mapping/CK ' can be derived based on traditional secrete key CK/IK, perhaps based on intermediate key K
RNC, and/or IK
U/ CK
UDerive.
S405: the core net node of enhancing is selected protection algorithm integrallty collection and/or cryptographic algorithm collection (this step and step S403, S404 sequencing regardless of time).The core net node that strengthens sends Security Mode Command message to the radio network controller as the enhancing of SRNC+.Carry in the message: strengthen key, the traditional secrete key CK ' of mapping/IK ', protection algorithm integrallty collection and/or cryptographic algorithm collection.
The enhancing key that the S406:SRNC+ preservation receives and traditional secrete key the CK '/IK ' of mapping select high cryptographic algorithm and the protection algorithm integrallty of priority.
Alternatively, in this step S406, if do not comprise IK in the enhancing key that SRNC+ receives
U/ CK
U, then SRNC+ is based on the intermediate key (K that receives
RNC) the enhancing key IK that can derive and eat dishes without rice or wine to use
U/ CK
U
S407:SRNC+ sends Security Mode Command message to ME+.Carry in this Security Mode Command message and use IK
UThe Message Authentication Code that calculates.
S408:ME+ is according to traditional secrete key IK/CK, strengthens key according to deriving with the same operation of core net node of the enhancing of network side.The enhancing key of herein deriving is: intermediate key K
RNC, and/or IK
U/ CK
UThis step also can betide before the step 407.Described same operation is meant adopts identical key parameter and key algorithm to derive.
S409:ME+ according to network side same operation derive traditional secrete key the IK '/CK ' of mapping.Wherein, the derivation of the traditional secrete key IK ' of this mapping/CK ' can be derived based on traditional secrete key CK/IK, perhaps based on intermediate key K
RNC, and/or IK
U/ CK
UDerive.Described same operation is meant adopts identical key parameter and key algorithm to derive.
The integrality of S410:ME+ checking message starts integrity protection by the back to subsequent message.ME+ sends safe mode to SRNC+ and finishes message.Carry in this message and use IK
UThe Message Authentication Code that calculates.
The integrality of message is received in the S411:SRNC+ checking.If be proved to be successful, SRNC+ sends safe mode to core net node and finishes message.
After this, ME+ and network promptly can begin the encryption and decryption operation.
Embodiment 1A:
Present embodiment has illustrated as SRNC moves to when strengthening RNC the process that the traditional secrete key IK ' of mapping/CK ' generates from legacy RNC.
After the core net node that strengthens was received the migration requirement message, the key that former RNC (legacy RNC) band is come was IK/CK (actual capabilities is original I K/CK, may be mapping key the IK '/CK ' during at first from the RNC migration that strengthens);
The core net node that strengthens is at first derived according to traditional secrete key IK/CK and is strengthened key, and the enhancing key of Tui Daoing is herein: intermediate key K
RNC, and/or IK
U/ CK
UTraditional secrete key IK '/CK ' that the core net node that strengthens is derived and shone upon, wherein, the derivation of the traditional secrete key IK ' of this mapping/CK ' can be derived based on traditional secrete key CK/IK, perhaps based on intermediate key K
RNC, and/or IK
U/ CK
UDerive, account form is identical with mode among the embodiment 1.
Carrying parameter when then, the RNC that strengthens to the target of migration of the core net node of enhancing sends migration request message comprises: intermediate key K
RNCWith mapping key IK '/CK ', after this normally finish transition process.Wherein after ME+ receives the physical channel reallocation message, carry out and the same calculating of core net node that strengthens, derive intermediate key K
RNCWith mapping key IK '/CK '.
Embodiment 2:
Present embodiment has illustrated when carrying out core net node (is example with SGSN) migration, source core net node SGSN+ with the enhancing that strengthens security capabilities sends to the traditional secrete key of mapping the process of target core network node SGSN (target SGSN herein may be supported the safety that strengthens, also may not support the safety that strengthens).
As shown in Figure 5, concrete steps are described as follows:
S501: target SGSN sends the SGSN context request message to source SGSN+, the related context of request UE.The trigger event of this step comprises: target SGSN receives Routing Area Update request message or Attach Request message or the business request information etc. that the user sends.
S502: possess the source SGSN+ that strengthens security capabilities and send the SGSN context response information to target SGSN, this message is carried parameter: the traditional secrete key IK ' of mapping/CK ', and/or strengthen key (intermediate key K
RNC, and/or IK
U/ CK
U).
S503: the related context that the target SGSN storage receives, and to source SGSN+ transmission SGSN context acknowledgement message.
Embodiment 3:
Present embodiment has illustrated that the source RNC of enhancing sent to traditional secrete key the IK '/CK ' of mapping a kind of example of the process of Target RNC when UE carried out direct-cut operation and follows the SRNC migration.Wherein the source RNC of Zeng Qianging is the enhancing RNC as Serving RNC, and UE is the terminal ME+ that strengthens, and Target RNC may support the safety that strengthens also may not support the safety that strengthens.As shown in Figure 6, concrete steps are described as follows:
S601: the SRNC transition process is initiated in the source RNC decision-making of enhancing.The triggering of this decision-making can be: the source RNC of enhancing receives the measurement report of UE, receives that perhaps the up signaling transmission indication that Target RNC sends requires to carry out cell update or URA (user range accuracy, User Range Accuracy) renewal etc.
S602-S603: the source RNC of enhancing sends migration to the core net node (SGSN+ or MSC+) that strengthens needs message, and the core net node of enhancing sends migration request message to Target RNC.
Above-mentioned migration needs message and migration request message to carry parameter to comprise: described enhancing key (intermediate key K
RNC, and/or IK
U/ CK
U), the traditional secrete key IK ' of described mapping/CK '.Preferably, this parameter is arranged in the transparent RNC container of source to target.Wherein, the traditional secrete key IK ' of this mapping/CK ' is positioned in the information word IK field and CK field of described message, and described enhancing key can be placed in other field.
S604: the enhancing key that the Target RNC storage is received and traditional secrete key the IK '/CK ' of described mapping, select the inherently safe key according to the inherently safe ability, as if the safety of not supporting to strengthen, then directly with the value of IK field in the migration request message that receives as traditional secrete key IK, the value of CK field is stored as traditional secrete key CK, and this moment is promptly at Target RNC, IK=IK ', CK=CK '; If support the safety of enhancing, then select to strengthen key as senior safe key.Target RNC sends the migration request acknowledge message to the core net node that strengthens.Carry parameter in this message: the security capabilities indication information of objective network is used to indicate the security capabilities of Target RNC and/or selected safe key.
S605: the core net node of enhancing sends the migration command messages to the source RNC that strengthens.Carry parameter in this message: the security capabilities indication information of objective network.
S606: the source RNC of enhancing sends the physical channel reallocation message to UE.Carry parameter in this message: the security capabilities indication information of objective network.
S607:UE is if know that from the objective network security capabilities indication information that receives Target RNC do not support the safety that strengthens, and then decision-making uses traditional secrete key the IK '/CK ' of mapping to be used for the protection of communicating by letter with Target RNC.UE sends the physical channel reprovision to Target RNC and finishes message.
S608: Target RNC sends migration to the core net node that strengthens and finishes message.
S609:Iu connects release: the Iu interface between the core net node of enhancing (SGSN+ or MSC/VLR+) release and the source RNC.
Embodiment 4:
Present embodiment has illustrated that UE carries out direct-cut operation and follows SRNC when migration, and the source RNC of enhancing sends to the another kind of example of Target RNC with traditional secrete key the IK '/CK ' of described enhancing key and mapping, as shown in Figure 7.The SRNC migration of describing in this embodiment is to realize by the transition process that strengthens, promptly, directly communicates between the source RNC of enhancing and the Target RNC in the migration preparatory stage, and need not be by the transfer of the core net node that strengthens.
Concrete steps are described as follows:
S701: the SRNC transition process is initiated in the source RNC decision-making of enhancing.
S702: the source RNC of enhancing sends the migration request message that strengthens to Target RNC, and this message is carried parameter and comprised: the traditional secrete key IK ' of mapping/CK ' and/or enhancing key.Preferably, the traditional secrete key IK ' of this mapping/CK ' parameter is arranged in the transparent RNC container of source to target.The traditional secrete key IK ' of described mapping/CK ' is positioned in the information word IK field and CK field of described message, and described enhancing key can place other field.
S703: the value of IK field is as traditional secrete key IK in the migration request message of the enhancing that Target RNC directly will receive, and the value of CK field is stored as traditional secrete key CK.Target RNC sends the migration response message that strengthens to the source RNC that strengthens.Carrying parameter in this message comprises: the security capabilities indication information of objective network.
S704: the source RNC of enhancing sends the physical channel reallocation message to UE.Carry parameter in this message: the security capabilities indication information of objective network.
S705:UE knows that from the objective network security capabilities indication information that receives Target RNC do not support the safety that strengthens, and then decision-making uses the traditional secrete key of mapping to be used for the protection of communicating by letter with Target RNC.UE sends the physical channel reprovision to Target RNC and finishes message.
S706: Target RNC sends the migration that strengthens to the core net that strengthens and finishes request message.
S707: the core net node of enhancing sends the migration that strengthens to Target RNC and finishes response message.
S708:Iu connects release.
Embodiment 5:
Present embodiment has illustrated when UE carries out direct-cut operation and follows core net node (CN+) migration, the source RNC that strengthens sends to Target RNC with the traditional secrete key of mapping, and/or the source core net node that strengthens sends to a kind of example of target core network node with the traditional secrete key of mapping, as shown in Figure 8.Traditional secrete key the IK '/CK ' that has described mapping in this embodiment is in the core net node transition process, from the source RNC that strengthens through the source core net node that strengthens to the target core network node again to the transmission and the processing procedure of Target RNC, comprise between the source core net node of enhancing and the target core network node processing about the traditional secrete key of mapping.
Concrete steps are described as follows:
S801: the SRNC transition process is initiated in the source RNC decision-making of enhancing.
S802: the source RNC of enhancing sends migration to the core net node (SGSN+ or MSC+) that strengthens needs message.This message is carried parameter: traditional secrete key the IK '/CK ' that strengthens key and mapping.Preferably, the traditional secrete key IK ' of this parameter maps/CK ' is arranged in the transparent RNC container of source to target.The traditional secrete key IK ' of this mapping/CK ' is positioned in the information word IK field and CK field of described message.
S803: the source core net node of enhancing is judged the not one's own join domain of Target RNC, prepares to forward to the service core net node of Target RNC, i.e. the target core network node.The source core net node that strengthens sends the forward pass migration request message to the target core network node.Preferably, carry transparent RNC container and the MM context IE of source in this message to target.In the transparent RNC container and MME context IE of target, all comprise traditional secrete key the IK '/CK ' of mapping in this source.IK '/CK ' parameter is positioned over the position of conventional I K/CK field.
S804: after the target core network node was received the forward pass migration request, as traditional Integrity Key IK, the value of CK field was stored as conventional cryptography ciphering key K with the value of IK field among the MM context IE.
S805: the target core network node sends migration request message to Target RNC.This message is carried parameter: the traditional secrete key IK ' of mapping/CK '.Preferably, this parameter is arranged in the transparent RNC container of source to target.The traditional secrete key IK ' of this mapping/CK ' is positioned in the information word IK field and CK field of described message.
S806a: Target RNC directly with the value of IK field in the migration request message that receives as traditional secrete key IK, the value of CK field is stored as traditional secrete key CK.
S806: Target RNC sends the migration request acknowledge message to the target core network node.Carry parameter in this message: the security capabilities indication information of objective network.
S807: the target core network node sends forward pass migration response message to the source core net node that strengthens.Carry parameter in this message: the security capabilities indication information of objective network.
S808: the source core net node of enhancing sends the migration command messages to source RNC.Carry parameter in this message: the security capabilities indication information of objective network.
S809: the source RNC of enhancing sends the physical channel reallocation message to UE.Carry parameter in this message: the security capabilities indication information of objective network.
S810:UE knows that from the objective network security capabilities indication information that receives Target RNC do not support the safety that strengthens, and then decision-making uses traditional secrete key the IK '/CK ' of mapping to be used for the protection of communicating by letter with Target RNC.UE sends the physical channel reprovision to Target RNC and finishes message.
S811: Target RNC sends the migration that strengthens to the target core network node and finishes request message.
S812: the target core network node sends the forward pass migration to the source core net node that strengthens and finishes message.
S813: the source core net node of enhancing sends the forward pass migration to the target core network node and finishes acknowledge message.
S814:Iu connects release.
S815: the target core network node sends the migration that strengthens to Target RNC and finishes response message.
Embodiment 6:
Present embodiment has illustrated that UE carries out a kind of example of RAU (Routing Area Update, Routing Area Update) renewal process, as shown in Figure 9.Described in this embodiment at UE and carried out in the RAU renewal process change of core net node having taken place, after the change, by the process of target core network node to source core net node request the IK '/CK ' that strengthens.Present embodiment is also applicable to the scene that core net node changes takes place in attach request procedure or the service request process.
Concrete steps are described as follows:
S901: subscriber equipment ME+ sends the RAU updating message by Target RNC to the target core network node.
S902: it is not in this registration that the target core network node is judged this user, sends the SGSN context request message to the source core net node that strengthens, to obtain user's MM context and PDP Context.
S903-S904: the source core net node of enhancing is to the source RNC request SRNS context that strengthens, and the source RNC of enhancing responds the SRNS context.
S905: the source core net node of enhancing returns back the SGSN context response information to the target core network node, has carried enhancing key and/or IK '/CK ' parameter in the message.
S906: after the target core network node is received the SGSN context response information, preserve enhancing key and/or IK '/CK ' parameter, return the SGSN context acknowledgement message.The context of the described IK of carrying '/CK ' is the MM context.
S907: two core net nodes and HLR upgrade user position information.
S908-S909: finish the RAU renewal process.
Embodiment 7:
Present embodiment has illustrated that UE carries out a kind of example of static migrating, as shown in figure 10.Traditional secrete key the IK '/CK ' that has described mapping in this embodiment comprises two kinds of dispositions in the process of the core net node CN+ that strengthens from the source RNC process that strengthens to Target RNC transmission and processing: a kind of is a traditional secrete key IK '/CK ' who only transmits mapping; Another kind is not only to transmit IK '/CK ', also transmits the enhancing key IK of source RNC and the current use of UE
UAnd/or CK
U
Concrete steps are described as follows:
S1001: user equipment (UE) sends the URA updating message to UTRAN, or cell update message, or measurement report message.
S1002: Target RNC is by receiving the URA updating message of this UE, or cell update message, or measurement report message, sends up signaling transmission indicating information to the source RNC of the enhancing of this UE.
S1003: the SRNC transition process is initiated in the source RNC decision-making of enhancing.
S1004-S1005: what the source RNC of enhancing determined triggering is static SRNC migration, and the source RNC of enhancing carries out the SRNC migration flow process identical with traditional UMTS.Promptly the source RNC of Zeng Qianging sends migration to the core net node (SGSN+ or MSC+) that strengthens needs message, and the core net node of enhancing sends migration request message to Target RNC.Above-mentioned migration needs message and migration request message to carry parameter: the traditional secrete key IK ' of mapping and CK '.Preferably, the traditional secrete key IK ' of described mapping/CK ' is positioned over the source in the transparent vessel of Target RNC.
Alternatively, the traditional secrete key IK ' of mapping and CK ' are positioned over migration respectively needs the IK of message and migration request message and CK field to transmit.
Alternatively, above-mentioned migration needs message and migration request message also to carry parameter: the enhancing key IK of the current use of source RNC of enhancing
UAnd/or CK
U
If the source RNC that strengthens is positioned under the different core net nodes with Target RNC, then above-mentioned migration needs message and the migration request message need be through the transfer of two core net nodes: promptly the source core net node of Zeng Qianging sends to the target core network node and transmits migration request message, carries parameter in this message and comprises: the traditional secrete key IK ' of mapping and CK '.In addition, the source core net node of enhancing can also carry at the MM of this message context field: the traditional secrete key IK ' of mapping/CK '.The target core network node sends migration request message to Target RNC, carries parameter in this message: the traditional secrete key IK ' of mapping and CK '.
Need message and migration request message by migration, realized moving effective transmission of required key and other parameter.
S1006: the key that the source RNC of the enhancing that the Target RNC storage receives sends.
If traditional secrete key the IK '/CK ' of the mapping that receives of Target RNC is arranged in the IK and/or the CK field of the migration request message that the core net node of enhancing sends, then Target RNC is considered as traditional secrete key IK and/or CK with it.
S1007-S1008: Target RNC sends the migration request acknowledge message to the core net node that strengthens, and the core net node of enhancing sends the migration command messages to the source RNC that strengthens.
If the source RNC that strengthens is positioned under the different core net nodes with Target RNC, then this message need be through the transfer of 2 core net nodes: promptly the target core network node sends to the source core net node that strengthens and transmits the migration response message; The source core net node that strengthens sends the migration command messages to source RNC.
S1009: the source RNC of enhancing sends migration to Target RNC and submits message to.
S1010: Target RNC sends the migration detect-message to the core net node that strengthens.Carry parameter in this message: the security capabilities indication information of objective network.
S1011: Target RNC sends URA to UE and upgrades acknowledge message, or the cell update acknowledge message, or RAN mobility information message.This acknowledge message is carried the indication information of the security capabilities of Target RNC.This message is carried out safeguard protection with the traditional secrete key IK ' and/or the CK ' of mapping; Perhaps if the key material that source RNC sends to Target RNC comprises the key of enhancing, this message also can be with strengthening key IK
UAnd/or CK
UCarry out safeguard protection.
S1012:UE sends UTRAN mobility information acknowledge message, perhaps RAN mobility information acknowledge message to Target RNC.This message is carried the indication information of UE security capabilities.
This message is carried out safeguard protection with the traditional secrete key IK ' and/or the CK ' of mapping; Perhaps, if the key material that source RNC sends to Target RNC comprises the key of enhancing, this message also can be with strengthening key IK
UAnd/or CK
UCarry out safeguard protection.
S1013: the core net node of Target RNC and enhancing carries out alternately, confirms to move and finishes.
Alternatively, in this process, the core net node of enhancing carries out the renewal of key material, and the key material that upgrades is sent to the Target RNC preservation, uses during in order to SRNC migration next time.
If the source RNC of Target RNC and enhancing is positioned under the different core net nodes, then the source core net node of target core network node and enhancing carries out interacting message, confirms to move and finishes.
S1014: the source RNC release of enhancing and the Iur interface between the core net node.
S1015: Target RNC decision-making carrying out SRNC internal migration.Promptly source RNC of Zeng Qianging and Target RNC all are same RNC.In this internal migration process, Target RNC is finished the key IK of enhancing
UAnd/or CK
URenewal.
The above is embodiments of the invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within the claim scope of the present invention.