CN101938744A - Method and system for ensuring key consistency of SRNC (Serving Radio Network Controller) and core network node - Google Patents

Method and system for ensuring key consistency of SRNC (Serving Radio Network Controller) and core network node Download PDF

Info

Publication number
CN101938744A
CN101938744A CN2010102214420A CN201010221442A CN101938744A CN 101938744 A CN101938744 A CN 101938744A CN 2010102214420 A CN2010102214420 A CN 2010102214420A CN 201010221442 A CN201010221442 A CN 201010221442A CN 101938744 A CN101938744 A CN 101938744A
Authority
CN
China
Prior art keywords
key
enhancing
network controller
mapping
radio network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2010102214420A
Other languages
Chinese (zh)
Other versions
CN101938744B (en
Inventor
李阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Changshu intellectual property operation center Co.,Ltd.
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201010221442.0A priority Critical patent/CN101938744B/en
Publication of CN101938744A publication Critical patent/CN101938744A/en
Application granted granted Critical
Publication of CN101938744B publication Critical patent/CN101938744B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a method and a system for ensuring the key consistency of an SRNC (Serving Radio Network Controller) and a core network node, belonging to the technical field of mobile communication. In the invention, the method comprises the following steps of: firstly, ensuring a terminal, an enhanced core network code and an enhanced RNC to have consistent enhanced key and mapping traditional key 1K'/CK'; and transmitting the enhanced key and/or the mapping traditional key 1K'/CK' to a target core network node and/or a target RNC when the SRNC transfers or the core network node changes so as to ensure the key consistency of the core network node and the SRNC before and after transferring under various transferring occasions. Particularly, the consistent mapped traditional key 1K'/CK' can be still utilized for safe communication when UE (User Equipment) is transferred to a target network without supporting enhanced security.

Description

A kind of method and system that guarantee SRNC and core net node cipher consistency
Technical field
The present invention relates to wireless communication technology field, relate in particular to a kind of method and system that guarantee service wireless network controller SRNC and core net node cipher consistency.
Background technology
Third generation partner program 3GPP (3rd Generation Partnership Project) has adopted OFDM (Orthogonal Frequency DivisionMultiplexing in agreement the 7th edition (Release7); Be called for short " OFDM ") and multiple-input and multiple-output (Multiple-Input Multiple-Output is called for short " MIMO ") technology finish the following evolution road HSPA+ that high-speed downlink packet inserts HSDPA (High Speed DownlinkPacket Access) and High Speed Uplink Packet access HSUPA (High Speed Uplink PacketAccess). HSPA+ is the 3GPP HSPA enhancement techniques of (comprising HSDPA and HSUPA), for HSPA operator low complex degree is provided, cheaply from the approach of HSPA to LTE (Long Term Evolution, Long Term Evolution) smooth evolution.
Be compared to HSPA, HSPA+ transfers to base-station node B (Node B) with the function of radio network controller (Radio NetworkController is called for short " RNC ") on system architecture, form the Radio Access Network framework of complete flattening, as shown in Figure 1.The Node B that claims this moment complete RNC function integrated is Evolved HSPA Node B, perhaps abbreviates as to strengthen Node B (Node B+).SGSN+ has carried out upgrading supporting the SGSN (SERVICE GPRS SUPPORTNODE, service GPRS (GPRS:General Packet Radio System, General Packet Radio System) support node) of HSPA+ function.The ME+ (not shown) is for supporting the subscriber terminal equipment of HSPA+ function.The HSPA system of evolution can use 3GPP Rel-5 and later air interface version, to the HSPA business of air interface without any modification.After adopting this scheme, each Node B+ becomes a node that is equivalent to RNC, having Iu-PS interface can be directly and PS CN (Core Network, core net) (as SGSN among Fig. 1 and GGSN) is connected, Iu-PS user's face terminates at SGSN, if wherein tunnelling function is led directly in network support, Iu-PS user's face also can terminate at GGSN (Gateway GPRSSupport Node, Gateway GPRS Support Node).Communication between the HSPA Node B of evolution is carried out by the Iur interface.Node B+ has the ability of independent networking, and supports complete mobility functions, comprises between system and intra-system handover.
Because after the flattening, user face data can directly arrive GGSN without RNC, this means that the encryption of user plane and integrity protection function must move forward to Node B+.A kind of HSPA+ safe key hierarchical structure of definition as shown in Figure 2 at present.Wherein, K (Key, root key), CK (CipheringKey, encryption key) and IK (IntegrityKey, Integrity Key) in full accord among definition and the UMTS (UniversalMobile Telecommunications System, universal mobile telecommunications system).Be that K is stored in AuC (Authentication Center, AUC) and USIM (UNIVERSALSUBSCRIBERIDENTITY MODULE, general subscription person's identity module) root key in, traditional secrete key CK and IK are subscriber equipment and HSS (Home Subscriber Server, the encryption key and the Integrity Key that calculate by K when home subscriber server) carrying out AKA (Authentication and Key Agreement, authentication and cryptographic key agreement).
In UMTS, RNC uses traditional air interface ciphering key K and IK that data are encrypted and integrity protection.Because in the HSPA+ framework, the function of RNC is all transferred to base station node B+, then encryption and decryption all needs to carry out at Node B+ place, and Node B+ is arranged in unsafe environment, fail safe is not high.Therefore HSPA+ has introduced one and has been similar to E-UTRAN (Evolved Universal TerrestrialRadio Access Network, the universal terrestrial access network of evolution) key hierarchy, i.e. UTRAN key hierarchy (UTRAN Key Hierarchy).In UTRAN key hierarchy structure, intermediate key K RNC(be also referred to as K ASMEU) be the new key of introducing of HSPA+, being derived by CK and IK generates.Further, K RNCGenerate the air interface key CK that strengthens UAnd IK U, CK wherein UBe used for encrypting user face data and chain of command signaling, IK UBe used for the chain of command signaling is carried out integrity protection.
Also has the another kind of safe key hierarchical structure that strengthens at present as shown in Figure 3.In this kind key framework, strengthen ciphering key K UAnd IK UDirectly in ME+ and core net node (SGSN+ or MSC+), generate respectively by traditional secrete key CK, IK.Core net node will strengthen ciphering key K UAnd IK UBe handed down to RNC+.
In the UMTS system, produced the notion of SRNC/DRNC (Drift RNC, Drift Radio Network Controller) owing to the introducing of Iur interface.SRNC and DRNC are the logical concept for some concrete UE (UserEquipment, subscriber equipment).Briefly, for some UE, its direct and CN (Core Network, core net) links to each other, and be the Serving RNC of this UE, i.e. SRNC (Serving Radio Network Controller, service wireless network controller) to the RNC that all resources of UE are controlled; UE is not connected with CN, only the Drift Radio Network Controller that provides the RNC of resource to be this UE for UE, i.e. DRNC (Drift Radio NetworkController, floating radio network controller).The UE that is in connection status must and can only have a SRNC, and 0 or a plurality of DRNC can be arranged.
When carrying out the migration of SGSN owing to moving of UE, the source SGSN+ of support enhancing safety function can not confirm the security capabilities of target SGSN probably.If target SGSN is not supported the safety that strengthens, then target SGSN only can be discerned source SGSN and send to the traditional secrete key IK/CK of oneself.If source SGSN+ is when carrying out the SGSN migration; directly the traditional secrete key IK/CK that oneself preserves is sent to target SGSN; and target SGSN does not possess the security capabilities of enhancing; target SGSN will be handed down to Serving RNC to this traditional secrete key IK/CK so, will directly use this traditional secrete key IK/CK to protect eating dishes without rice or wine between network and the UE.Because when the network at SGSN+ place, source and UE communicate, the enhancing key IK of use U/ CK UBe based on that traditional secrete key IK/CK derives, and the root key IK/CK that should strengthen key exposes at not too safe Access Network, therefore thinks unsafe.For fear of this problem, there is scheme to propose source SGSN+ when carrying out the SGSN migration at present, according to traditional secrete key IK '/CK ' replacement traditional secrete key IK/CK of the key derivation mapping of storing, and the traditional secrete key IK ' that will shine upon/CK ' sends to target SGSN.
But in the SRNC transition process, also probably can cause the migration of core net node SGSN.At this moment, if Target RNC is not supported the safety that strengthens, Target RNC directly with the content of conventional I K/CK field in the message that receives as traditional secrete key IK/CK.And this traditional secrete key IK/CK is the enhancing key derivation of source RNC according to current use.Will cause like this: when the migration of SGSN took place, the traditional secrete key that the target SGSN place receives was that source SGSN+ derives, and the traditional secrete key that the Target RNC place receives is source RNC+ derivation.The two is very big may to be inconsistent.For traditional UMTS system, it should be identical that core net node (SGSN or MSC) is located with SRNC place stored traditional secrete key.If the two is inconsistent; so in ensuing flow process; especially after UE enters the IDLE state; may cause the key of UE and SGSN storage inconsistent; so, when UE entered the CONNECTED state once more, UE may use different keys to communicate safeguard protection with network side; cause the safeguard protection failure, communication can't be carried out.
Summary of the invention
Technical problem to be solved by this invention is, a kind of method that guarantees service wireless network controller SRNC and core net node cipher consistency is provided, solve in the existing communication network, because of SRNC and the inconsistent problem of core net node key that SRNC moves or the core net node change causes.
In order to address the above problem, the present invention proposes a kind of method that guarantees service wireless network controller SRNC and core net node cipher consistency, comprising:
In the universal mobile telecommunications system that strengthens, the core net node that strengthens and terminal are derived traditional secrete key the IK '/CK ' of mapping respectively according to identical algorithm, and the core net node of described enhancing sends to radio network controller as the enhancing of SRNC with traditional secrete key the IK '/CK ' of its described mapping of deriving.
Wherein, the core net node of described enhancing and described terminal are derived the step of traditional secrete key the IK '/CK ' of mapping respectively according to identical algorithm, are based on traditional secrete key CK/IK, and/or intermediate key K RNC, and/or strengthen key IK U/ CK UDerive traditional secrete key the IK '/CK ' of mapping.
Wherein, the core net node of described enhancing and described terminal are derived the step of traditional secrete key the IK '/CK ' of mapping respectively according to identical algorithm, be when terminal is moved to the universal mobile telecommunications system of enhancing by the universal mobile telecommunications system that does not strengthen, or terminal initial is when being attached to network, or terminal is carried out when Idle state enters into activated state.
Further, in the time need moving to target radio network controller as the source radio network controller of the enhancing of SRNC, the source radio network controller of described enhancing sends traditional secrete key the IK '/CK ' of described mapping to described target radio network controller.
Further, when core net node need change, the source core net node of described enhancing sent traditional secrete key the IK '/CK ' of mapping to the target core network node.
Further, the core net node of described enhancing is also derived the enhancing key respectively according to identical algorithm with terminal, and the core net node of described enhancing sends to radio network controller as the enhancing of SRNC with its described enhancing key of deriving.
In the time need moving to target radio network controller as the source radio network controller of the enhancing of SRNC, the source radio network controller of described enhancing sends traditional secrete key the IK '/CK ' and the described enhancing key of described mapping to described target radio network controller.
Described target radio network controller is selected the safe key that self adopts from traditional secrete key the IK '/CK ' of described enhancing key and described mapping according to the inherently safe ability:
If the safety that described target radio network controller support strengthens then adopts described enhancing key as safe key, and preserves traditional secrete key the IK '/CK ' of described mapping;
If described target radio network controller is not supported the safety that strengthens, traditional secrete key the IK '/CK ' that then adopts described mapping is as safe key.
Described target radio network controller further transmits objective network security capabilities indication information to terminal, and described objective network security capabilities indication information is used to indicate the security capabilities of described target radio network controller and/or selected safe key.
When core net node need change, the source core net node of described enhancing sent traditional secrete key the IK '/CK ' and the described enhancing key of mapping to the target core network node.
Described target core network node is selected the safe key that self adopts from traditional secrete key the IK '/CK ' of described enhancing key and described mapping according to inherently safe ability and terminal security ability:
If described target core network node and terminal are all supported then to adopt the safety that strengthens described enhancing key as safe key, and preserve traditional secrete key the IK '/CK ' of described mapping;
If described target core network node and/or terminal are not supported the safety that strengthens, traditional secrete key the IK '/CK ' that then adopts described mapping is as safe key.
The source radio network controller of described enhancing sends traditional secrete key the IK '/CK ' of described mapping to described target radio network controller to the transparent RNC container of target by the source.The traditional secrete key IK ' of described mapping/CK ' is positioned over described source in the information word IK field and CK field of the transparent RNC container of target.
When terminal is carried out static SRNC migration, the source radio network controller of described enhancing sends to the core net node that strengthens and carries the traditional secrete key IK ' of described mapping and the migration of CK ' needs message, the migration request message that the core net node of described enhancing carries the traditional secrete key IK ' and the CK ' of described mapping to the target radio network controller transmission sends to described target radio network controller with traditional secrete key IK ' and the CK ' that shines upon.Described migration request message also carries the enhancing key.
When terminal is carried out static SRNC migration, if be attended by the change of core net node, then the source radio network controller of described enhancing sends to the source core net node that strengthens and carries the traditional secrete key IK ' of described mapping and the migration of CK ' needs message, and the source core net node of described enhancing sends the migration request message of transmitting the traditional secrete key IK ' and the CK ' that carry described mapping to the target core network node; Described target core network node sends the migration request message of the traditional secrete key IK ' and the CK ' that carry described mapping to target radio network controller.Described migration request message also carries the enhancing key.
It is described when core net node need change, be meant the routing area updating RAU request, or adhere to request, or core net node changes in the service request process, target core network node after changing is to source core net node request contexts, and described source core net node returns the context of traditional secrete key the IK '/CK ' that carries mapping to the target core network node.The described context that carries traditional secrete key the IK '/CK ' of mapping is the MM context.
The present invention also provides a kind of system that guarantees service wireless network controller SRNC and core net node cipher consistency, comprise: terminal, the core net node of the enhancing in the universal mobile telecommunications system that strengthens and as the radio network controller of the enhancing of SRNC, wherein:
The core net node of described enhancing and terminal are used for deriving respectively according to identical algorithm traditional secrete key the IK '/CK ' of mapping;
The core net node of described enhancing sends to radio network controller as the enhancing of SRNC with traditional secrete key the IK '/CK ' of its described mapping of deriving.
Wherein, the traditional secrete key IK ' of described mapping/CK ' is based on traditional secrete key CK/IK, perhaps based on intermediate key K RNC, and/or IK U/ CK UThe key of deriving.
Described system further comprises: target radio network controller, be used for when needs SRNC moves, and move to target radio network controller by source radio network controller as the enhancing of SRNC; The source radio network controller of described enhancing sends traditional secrete key the IK '/CK ' of described mapping to described target radio network controller.
Described system further comprises: the target core network node, when core net node need change, the source core net node of described enhancing sent traditional secrete key the IK '/CK ' of mapping to the target core network node.
Further, the core net node of described enhancing and terminal also are used for deriving the enhancing key respectively according to identical algorithm, and the core net node of described enhancing sends to radio network controller as the enhancing of SRNC with its described enhancing key of deriving;
In the time need moving to target radio network controller as the source radio network controller of the enhancing of SRNC, the source radio network controller of described enhancing sends traditional secrete key the IK '/CK ' and the described enhancing key of described mapping to described target radio network controller;
When core net node need change, the source core net node of described enhancing sent traditional secrete key the IK '/CK ' and the described enhancing key of mapping to the target core network node.
Described target radio network controller is selected the safe key that self adopts from traditional secrete key the IK '/CK ' of described enhancing key and described mapping according to the inherently safe ability: if the safety that described target radio network controller support strengthens, then adopt described enhancing key as safe key, and preserve traditional secrete key the IK '/CK ' of described mapping; If described target radio network controller is not supported the safety that strengthens, traditional secrete key the IK '/CK ' that then adopts described mapping is as safe key;
Described target core network node is selected the safe key that self adopts from traditional secrete key the IK '/CK ' of described enhancing key and described mapping according to the security capabilities of inherently safe ability and terminal: if described target core network node and terminal are all supported the safety that strengthens, then adopt described enhancing key as safe key, and preserve traditional secrete key the IK '/CK ' of described mapping; If described target core network node and/or terminal are not supported the safety that strengthens, traditional secrete key the IK '/CK ' that then adopts described mapping is as safe key.
Described target radio network controller further transmits objective network security capabilities indication information to terminal, and described objective network security capabilities indication information is used to indicate the security capabilities of described target radio network controller and/or selected safe key.
The system and method for assurance service wireless network controller SRNC of the present invention and core net node cipher consistency, in the UMTS that strengthens, core net node by terminal and enhancing generates the consistent enhancing key and traditional secrete key the IK '/CK ' of mapping earlier, to strengthen traditional secrete key the IK '/CK ' of key and mapping synchronously to the radio network controller that strengthens by the core net node that strengthens again, during the SRNC migration, traditional secrete key the IK '/CK ' that will be strengthened key and/or mapping by the source radio network controller that strengthens sends to target radio network controller, when the core net node change takes place, traditional secrete key the IK '/CK ' that will be strengthened key and/or mapping by the source core net node that strengthens sends to the target core network node, this just make SRNC and core net node before migration with move after the key that can both be consistent.Adopt system and method for the present invention, when UE moves to the objective network of not supporting the safety that strengthens, still can utilize traditional secrete key the IK '/CK ' of consistent mapping to communicate by letter safely.The consistency that also can keep simultaneously, traditional secrete key between target core network node and the Target RNC.
Description of drawings
Fig. 1 is the configuration diagram of the Radio Access Network of available technology adopting HSPA+ technology;
Fig. 2 is one of HSPA+ safe key hierarchical structure schematic diagram in the prior art;
Fig. 3 is two schematic diagrames of HSPA+ safe key hierarchical structure in the prior art;
Fig. 4 is the schematic diagram that terminal is attached to the attaching process of network among the embodiment 1;
Fig. 5 be among the embodiment 2 the target core network node to source core net node request contexts schematic diagram;
Fig. 6 is the schematic diagram that direct-cut operation moves (CN does not change) process among the embodiment 3 in conjunction with SRNC;
Fig. 7 is the schematic diagram that direct-cut operation strengthens migration (CN does not change) process among the embodiment 4 in conjunction with SRNC;
Fig. 8 be among the embodiment 5 direct-cut operation in conjunction with the schematic diagram of CN transition process;
Fig. 9 be among the embodiment 6 RAU/CELLUPDATE in conjunction with the schematic diagram of CN transition process;
Figure 10 is the schematic diagram of static migrating process among the embodiment 7.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with accompanying drawing.
The security capabilities that the present invention is directed to radio network controller (RNC) or core net node may exist inconsistent, the different network elements that may cause adopts the different situation of key possibility, for guaranteeing service wireless network controller SRNC and core net node cipher consistency, the core network element that adopt to strengthen generates traditional secrete key the IK '/CK ' that strengthens key and mapping with terminal by identical algorithms, and is sent to as the radio network controller of the enhancing of SRNC and by its reservation by traditional secrete key IK '/CK ' that the core net node of enhancing will strengthen key and mapping.When SRNC moves, to strengthen traditional secrete key the IK '/CK ' of key and/or mapping by radio network controller as the enhancing of SRNC, sending to target radio network controller preserves, when the core net node change takes place, traditional secrete key the IK '/CK ' of described mapping is sent to the target core network node and by its preservation by the core net node that strengthens.So just realized the consistency of each network element safe key.
Further, described target radio network controller and target core network node also can determine it is to adopt traditional secrete key the IK '/CK ' that strengthens key or adopt mapping according to the inherently safe ability, after selecting security information are notified to terminal.
A kind of method that guarantees service wireless network controller SRNC and core net node cipher consistency of the present invention comprises:
In the universal mobile telecommunications system that strengthens, the core net node that strengthens and terminal are derived traditional secrete key the IK '/CK ' of mapping respectively according to identical algorithm, and the core net node of described enhancing sends to radio network controller as the enhancing of SRNC with traditional secrete key the IK '/CK ' of its described mapping of deriving.
Wherein, the core net node of described enhancing and described terminal are derived the step of traditional secrete key the IK '/CK ' of mapping respectively according to identical algorithm, are based on traditional secrete key CK/IK, and/or intermediate key K RNC, and/or strengthen key IK U/ CK UDerive traditional secrete key the IK '/CK ' of mapping
Wherein, the core net node of described enhancing and described terminal are derived the step of traditional secrete key the IK '/CK ' of mapping respectively according to identical algorithm, be when terminal is moved to the universal mobile telecommunications system of enhancing by the universal mobile telecommunications system that does not strengthen, or terminal initial is when being attached to network, or terminal is carried out when Idle state enters into activated state.
The system of assurance service wireless network controller SRNC of the present invention and core net node cipher consistency comprises: terminal, and the core net node of the enhancing in the universal mobile telecommunications system of enhancing and as the radio network controller of the enhancing of SRNC, wherein:
The core net node of described enhancing and terminal are used for deriving respectively according to identical algorithm traditional secrete key the IK '/CK ' of mapping;
The core net node of described enhancing sends to radio network controller as the enhancing of SRNC with traditional secrete key the IK '/CK ' of its described mapping of deriving.
Wherein, the traditional secrete key IK ' of described mapping/CK ' is based on traditional secrete key CK/IK, perhaps based on intermediate key K RNC, and/or IK U/ CK UThe key of deriving.
Described system further comprises: target radio network controller, be used for when needs SRNC moves, and move to target radio network controller by source radio network controller as the enhancing of SRNC; The source radio network controller of described enhancing sends traditional secrete key the IK '/CK ' of described mapping to described target radio network controller.
Described system further comprises: the target core network node, when core net node need change, the source core net node of described enhancing sent traditional secrete key the IK '/CK ' of mapping to the target core network node.
Further, the core net node of described enhancing and terminal also are used for deriving the enhancing key respectively according to identical algorithm, and the core net node of described enhancing sends to radio network controller as the enhancing of SRNC with its described enhancing key of deriving;
In the time need moving to target radio network controller as the source radio network controller of the enhancing of SRNC, the source radio network controller of described enhancing sends traditional secrete key the IK '/CK ' and the described enhancing key of described mapping to described target radio network controller;
When core net node need change, the source core net node of described enhancing sent traditional secrete key the IK '/CK ' and the described enhancing key of mapping to the target core network node.
Described target radio network controller is selected the safe key that self adopts from traditional secrete key the IK '/CK ' of described enhancing key and described mapping according to the inherently safe ability: if the safety that described target radio network controller support strengthens, then adopt described enhancing key as safe key, and preserve traditional secrete key the IK '/CK ' of described mapping; If described target radio network controller is not supported the safety that strengthens, traditional secrete key the IK '/CK ' that then adopts described mapping is as safe key;
Described target core network node is selected the safe key that self adopts from traditional secrete key the IK '/CK ' of described enhancing key and described mapping according to the security capabilities of inherently safe ability and terminal: if described target core network node and terminal are all supported the safety that strengthens, then adopt described enhancing key as safe key, and preserve traditional secrete key the IK '/CK ' of described mapping; If described target core network node and/or terminal are not supported the safety that strengthens, traditional secrete key the IK '/CK ' that then adopts described mapping is as safe key.
Described target radio network controller further transmits objective network security capabilities indication information to terminal, and described objective network security capabilities indication information is used to indicate the security capabilities of described target radio network controller and/or selected safe key.
Because attachment stage, the core net node of enhancing is consistent with key between the radio network controller of enhancing and the terminal.When migration, at various scenes, the source radio network controller of enhancing sends key to target radio network controller, especially target radio network controller do not support to strengthen safe the time, all adopt traditional secrete key the IK '/CK ' of mapping, this has just guaranteed the key agreement between each network element; When change took place core net node, the source core net node of enhancing also can send to the target core network node with traditional secrete key the IK '/CK ' of mapping, like this, has also guaranteed the consistency of its key between target radio network controller and the target core network node.Therefore, use the present invention and can guarantee service wireless network controller SRNC and core net node cipher consistency, solved when the SGSN+ that strengthens is moved to the SGSN that does not strengthen Target RNC and the inconsistent problem of target SGSN place stored traditional secrete key.
Below, various scenes and flow process when moving at SRNC, the method and system to assurance cipher consistency of the present invention are elaborated in conjunction with the accompanying drawings.
A kind of example when embodiment 1:UE adheres to illustrates mapping key IK '/CK ' generative process and ways of distribution.
As shown in Figure 4, the core net node that strengthens is in this embodiment generating enhancing key (K according to traditional secrete key IK/CK RNCAnd/or IK U, CK U) after, generate traditional secrete key the IK '/CK ' that shines upon based on IK/CK or enhancing key again.When the traditional secrete key IK ' of this mapping/CK ' is used for UE and moves to the legacy network of not supporting the safety that strengthens, as the safe key of communicating by letter between UE and the objective network.When initially adhering to, or UE is when Idle state is converted to connected state, and core net node is issued to traditional secrete key the IK '/CK ' of mapping in the Serving RNC (being SRNC).When migration took place, the source RNC of enhancing or the source core net node of enhancing can send to Target RNC or target core network node to the traditional secrete key IK ' of this mapping/CK '.Concrete migration handoff procedure is with reference to the several embodiment in back.
Concrete steps are described as follows:
S401:ME+ sends to the core net node (SGSN+ or MSC/VLR+) that strengthens and adheres to (attach) request message, carries UE security capabilities information in this Attach Request message.
The HSS of S402:ME+ and network carries out EAP A KA process, finishes mutual authentication.This step is optional.
S403: the core net node of enhancing is derived according to traditional secrete key IK/CK and is strengthened key.The enhancing key of Tui Daoing is herein: intermediate key K RNC, and/or IK U/ CK U
S404: traditional secrete key IK '/CK ' that the core net node of enhancing is derived and shone upon.Wherein, the derivation of the traditional secrete key IK ' of this mapping/CK ' can be derived based on traditional secrete key CK/IK, perhaps based on intermediate key K RNC, and/or IK U/ CK UDerive.
S405: the core net node of enhancing is selected protection algorithm integrallty collection and/or cryptographic algorithm collection (this step and step S403, S404 sequencing regardless of time).The core net node that strengthens sends Security Mode Command message to the radio network controller as the enhancing of SRNC+.Carry in the message: strengthen key, the traditional secrete key CK ' of mapping/IK ', protection algorithm integrallty collection and/or cryptographic algorithm collection.
The enhancing key that the S406:SRNC+ preservation receives and traditional secrete key the CK '/IK ' of mapping select high cryptographic algorithm and the protection algorithm integrallty of priority.
Alternatively, in this step S406, if do not comprise IK in the enhancing key that SRNC+ receives U/ CK U, then SRNC+ is based on the intermediate key (K that receives RNC) the enhancing key IK that can derive and eat dishes without rice or wine to use U/ CK U
S407:SRNC+ sends Security Mode Command message to ME+.Carry in this Security Mode Command message and use IK UThe Message Authentication Code that calculates.
S408:ME+ is according to traditional secrete key IK/CK, strengthens key according to deriving with the same operation of core net node of the enhancing of network side.The enhancing key of herein deriving is: intermediate key K RNC, and/or IK U/ CK UThis step also can betide before the step 407.Described same operation is meant adopts identical key parameter and key algorithm to derive.
S409:ME+ according to network side same operation derive traditional secrete key the IK '/CK ' of mapping.Wherein, the derivation of the traditional secrete key IK ' of this mapping/CK ' can be derived based on traditional secrete key CK/IK, perhaps based on intermediate key K RNC, and/or IK U/ CK UDerive.Described same operation is meant adopts identical key parameter and key algorithm to derive.
The integrality of S410:ME+ checking message starts integrity protection by the back to subsequent message.ME+ sends safe mode to SRNC+ and finishes message.Carry in this message and use IK UThe Message Authentication Code that calculates.
The integrality of message is received in the S411:SRNC+ checking.If be proved to be successful, SRNC+ sends safe mode to core net node and finishes message.
After this, ME+ and network promptly can begin the encryption and decryption operation.
Embodiment 1A:
Present embodiment has illustrated as SRNC moves to when strengthening RNC the process that the traditional secrete key IK ' of mapping/CK ' generates from legacy RNC.
After the core net node that strengthens was received the migration requirement message, the key that former RNC (legacy RNC) band is come was IK/CK (actual capabilities is original I K/CK, may be mapping key the IK '/CK ' during at first from the RNC migration that strengthens);
The core net node that strengthens is at first derived according to traditional secrete key IK/CK and is strengthened key, and the enhancing key of Tui Daoing is herein: intermediate key K RNC, and/or IK U/ CK UTraditional secrete key IK '/CK ' that the core net node that strengthens is derived and shone upon, wherein, the derivation of the traditional secrete key IK ' of this mapping/CK ' can be derived based on traditional secrete key CK/IK, perhaps based on intermediate key K RNC, and/or IK U/ CK UDerive, account form is identical with mode among the embodiment 1.
Carrying parameter when then, the RNC that strengthens to the target of migration of the core net node of enhancing sends migration request message comprises: intermediate key K RNCWith mapping key IK '/CK ', after this normally finish transition process.Wherein after ME+ receives the physical channel reallocation message, carry out and the same calculating of core net node that strengthens, derive intermediate key K RNCWith mapping key IK '/CK '.
Embodiment 2:
Present embodiment has illustrated when carrying out core net node (is example with SGSN) migration, source core net node SGSN+ with the enhancing that strengthens security capabilities sends to the traditional secrete key of mapping the process of target core network node SGSN (target SGSN herein may be supported the safety that strengthens, also may not support the safety that strengthens).
As shown in Figure 5, concrete steps are described as follows:
S501: target SGSN sends the SGSN context request message to source SGSN+, the related context of request UE.The trigger event of this step comprises: target SGSN receives Routing Area Update request message or Attach Request message or the business request information etc. that the user sends.
S502: possess the source SGSN+ that strengthens security capabilities and send the SGSN context response information to target SGSN, this message is carried parameter: the traditional secrete key IK ' of mapping/CK ', and/or strengthen key (intermediate key K RNC, and/or IK U/ CK U).
S503: the related context that the target SGSN storage receives, and to source SGSN+ transmission SGSN context acknowledgement message.
Embodiment 3:
Present embodiment has illustrated that the source RNC of enhancing sent to traditional secrete key the IK '/CK ' of mapping a kind of example of the process of Target RNC when UE carried out direct-cut operation and follows the SRNC migration.Wherein the source RNC of Zeng Qianging is the enhancing RNC as Serving RNC, and UE is the terminal ME+ that strengthens, and Target RNC may support the safety that strengthens also may not support the safety that strengthens.As shown in Figure 6, concrete steps are described as follows:
S601: the SRNC transition process is initiated in the source RNC decision-making of enhancing.The triggering of this decision-making can be: the source RNC of enhancing receives the measurement report of UE, receives that perhaps the up signaling transmission indication that Target RNC sends requires to carry out cell update or URA (user range accuracy, User Range Accuracy) renewal etc.
S602-S603: the source RNC of enhancing sends migration to the core net node (SGSN+ or MSC+) that strengthens needs message, and the core net node of enhancing sends migration request message to Target RNC.
Above-mentioned migration needs message and migration request message to carry parameter to comprise: described enhancing key (intermediate key K RNC, and/or IK U/ CK U), the traditional secrete key IK ' of described mapping/CK '.Preferably, this parameter is arranged in the transparent RNC container of source to target.Wherein, the traditional secrete key IK ' of this mapping/CK ' is positioned in the information word IK field and CK field of described message, and described enhancing key can be placed in other field.
S604: the enhancing key that the Target RNC storage is received and traditional secrete key the IK '/CK ' of described mapping, select the inherently safe key according to the inherently safe ability, as if the safety of not supporting to strengthen, then directly with the value of IK field in the migration request message that receives as traditional secrete key IK, the value of CK field is stored as traditional secrete key CK, and this moment is promptly at Target RNC, IK=IK ', CK=CK '; If support the safety of enhancing, then select to strengthen key as senior safe key.Target RNC sends the migration request acknowledge message to the core net node that strengthens.Carry parameter in this message: the security capabilities indication information of objective network is used to indicate the security capabilities of Target RNC and/or selected safe key.
S605: the core net node of enhancing sends the migration command messages to the source RNC that strengthens.Carry parameter in this message: the security capabilities indication information of objective network.
S606: the source RNC of enhancing sends the physical channel reallocation message to UE.Carry parameter in this message: the security capabilities indication information of objective network.
S607:UE is if know that from the objective network security capabilities indication information that receives Target RNC do not support the safety that strengthens, and then decision-making uses traditional secrete key the IK '/CK ' of mapping to be used for the protection of communicating by letter with Target RNC.UE sends the physical channel reprovision to Target RNC and finishes message.
S608: Target RNC sends migration to the core net node that strengthens and finishes message.
S609:Iu connects release: the Iu interface between the core net node of enhancing (SGSN+ or MSC/VLR+) release and the source RNC.
Embodiment 4:
Present embodiment has illustrated that UE carries out direct-cut operation and follows SRNC when migration, and the source RNC of enhancing sends to the another kind of example of Target RNC with traditional secrete key the IK '/CK ' of described enhancing key and mapping, as shown in Figure 7.The SRNC migration of describing in this embodiment is to realize by the transition process that strengthens, promptly, directly communicates between the source RNC of enhancing and the Target RNC in the migration preparatory stage, and need not be by the transfer of the core net node that strengthens.
Concrete steps are described as follows:
S701: the SRNC transition process is initiated in the source RNC decision-making of enhancing.
S702: the source RNC of enhancing sends the migration request message that strengthens to Target RNC, and this message is carried parameter and comprised: the traditional secrete key IK ' of mapping/CK ' and/or enhancing key.Preferably, the traditional secrete key IK ' of this mapping/CK ' parameter is arranged in the transparent RNC container of source to target.The traditional secrete key IK ' of described mapping/CK ' is positioned in the information word IK field and CK field of described message, and described enhancing key can place other field.
S703: the value of IK field is as traditional secrete key IK in the migration request message of the enhancing that Target RNC directly will receive, and the value of CK field is stored as traditional secrete key CK.Target RNC sends the migration response message that strengthens to the source RNC that strengthens.Carrying parameter in this message comprises: the security capabilities indication information of objective network.
S704: the source RNC of enhancing sends the physical channel reallocation message to UE.Carry parameter in this message: the security capabilities indication information of objective network.
S705:UE knows that from the objective network security capabilities indication information that receives Target RNC do not support the safety that strengthens, and then decision-making uses the traditional secrete key of mapping to be used for the protection of communicating by letter with Target RNC.UE sends the physical channel reprovision to Target RNC and finishes message.
S706: Target RNC sends the migration that strengthens to the core net that strengthens and finishes request message.
S707: the core net node of enhancing sends the migration that strengthens to Target RNC and finishes response message.
S708:Iu connects release.
Embodiment 5:
Present embodiment has illustrated when UE carries out direct-cut operation and follows core net node (CN+) migration, the source RNC that strengthens sends to Target RNC with the traditional secrete key of mapping, and/or the source core net node that strengthens sends to a kind of example of target core network node with the traditional secrete key of mapping, as shown in Figure 8.Traditional secrete key the IK '/CK ' that has described mapping in this embodiment is in the core net node transition process, from the source RNC that strengthens through the source core net node that strengthens to the target core network node again to the transmission and the processing procedure of Target RNC, comprise between the source core net node of enhancing and the target core network node processing about the traditional secrete key of mapping.
Concrete steps are described as follows:
S801: the SRNC transition process is initiated in the source RNC decision-making of enhancing.
S802: the source RNC of enhancing sends migration to the core net node (SGSN+ or MSC+) that strengthens needs message.This message is carried parameter: traditional secrete key the IK '/CK ' that strengthens key and mapping.Preferably, the traditional secrete key IK ' of this parameter maps/CK ' is arranged in the transparent RNC container of source to target.The traditional secrete key IK ' of this mapping/CK ' is positioned in the information word IK field and CK field of described message.
S803: the source core net node of enhancing is judged the not one's own join domain of Target RNC, prepares to forward to the service core net node of Target RNC, i.e. the target core network node.The source core net node that strengthens sends the forward pass migration request message to the target core network node.Preferably, carry transparent RNC container and the MM context IE of source in this message to target.In the transparent RNC container and MME context IE of target, all comprise traditional secrete key the IK '/CK ' of mapping in this source.IK '/CK ' parameter is positioned over the position of conventional I K/CK field.
S804: after the target core network node was received the forward pass migration request, as traditional Integrity Key IK, the value of CK field was stored as conventional cryptography ciphering key K with the value of IK field among the MM context IE.
S805: the target core network node sends migration request message to Target RNC.This message is carried parameter: the traditional secrete key IK ' of mapping/CK '.Preferably, this parameter is arranged in the transparent RNC container of source to target.The traditional secrete key IK ' of this mapping/CK ' is positioned in the information word IK field and CK field of described message.
S806a: Target RNC directly with the value of IK field in the migration request message that receives as traditional secrete key IK, the value of CK field is stored as traditional secrete key CK.
S806: Target RNC sends the migration request acknowledge message to the target core network node.Carry parameter in this message: the security capabilities indication information of objective network.
S807: the target core network node sends forward pass migration response message to the source core net node that strengthens.Carry parameter in this message: the security capabilities indication information of objective network.
S808: the source core net node of enhancing sends the migration command messages to source RNC.Carry parameter in this message: the security capabilities indication information of objective network.
S809: the source RNC of enhancing sends the physical channel reallocation message to UE.Carry parameter in this message: the security capabilities indication information of objective network.
S810:UE knows that from the objective network security capabilities indication information that receives Target RNC do not support the safety that strengthens, and then decision-making uses traditional secrete key the IK '/CK ' of mapping to be used for the protection of communicating by letter with Target RNC.UE sends the physical channel reprovision to Target RNC and finishes message.
S811: Target RNC sends the migration that strengthens to the target core network node and finishes request message.
S812: the target core network node sends the forward pass migration to the source core net node that strengthens and finishes message.
S813: the source core net node of enhancing sends the forward pass migration to the target core network node and finishes acknowledge message.
S814:Iu connects release.
S815: the target core network node sends the migration that strengthens to Target RNC and finishes response message.
Embodiment 6:
Present embodiment has illustrated that UE carries out a kind of example of RAU (Routing Area Update, Routing Area Update) renewal process, as shown in Figure 9.Described in this embodiment at UE and carried out in the RAU renewal process change of core net node having taken place, after the change, by the process of target core network node to source core net node request the IK '/CK ' that strengthens.Present embodiment is also applicable to the scene that core net node changes takes place in attach request procedure or the service request process.
Concrete steps are described as follows:
S901: subscriber equipment ME+ sends the RAU updating message by Target RNC to the target core network node.
S902: it is not in this registration that the target core network node is judged this user, sends the SGSN context request message to the source core net node that strengthens, to obtain user's MM context and PDP Context.
S903-S904: the source core net node of enhancing is to the source RNC request SRNS context that strengthens, and the source RNC of enhancing responds the SRNS context.
S905: the source core net node of enhancing returns back the SGSN context response information to the target core network node, has carried enhancing key and/or IK '/CK ' parameter in the message.
S906: after the target core network node is received the SGSN context response information, preserve enhancing key and/or IK '/CK ' parameter, return the SGSN context acknowledgement message.The context of the described IK of carrying '/CK ' is the MM context.
S907: two core net nodes and HLR upgrade user position information.
S908-S909: finish the RAU renewal process.
Embodiment 7:
Present embodiment has illustrated that UE carries out a kind of example of static migrating, as shown in figure 10.Traditional secrete key the IK '/CK ' that has described mapping in this embodiment comprises two kinds of dispositions in the process of the core net node CN+ that strengthens from the source RNC process that strengthens to Target RNC transmission and processing: a kind of is a traditional secrete key IK '/CK ' who only transmits mapping; Another kind is not only to transmit IK '/CK ', also transmits the enhancing key IK of source RNC and the current use of UE UAnd/or CK U
Concrete steps are described as follows:
S1001: user equipment (UE) sends the URA updating message to UTRAN, or cell update message, or measurement report message.
S1002: Target RNC is by receiving the URA updating message of this UE, or cell update message, or measurement report message, sends up signaling transmission indicating information to the source RNC of the enhancing of this UE.
S1003: the SRNC transition process is initiated in the source RNC decision-making of enhancing.
S1004-S1005: what the source RNC of enhancing determined triggering is static SRNC migration, and the source RNC of enhancing carries out the SRNC migration flow process identical with traditional UMTS.Promptly the source RNC of Zeng Qianging sends migration to the core net node (SGSN+ or MSC+) that strengthens needs message, and the core net node of enhancing sends migration request message to Target RNC.Above-mentioned migration needs message and migration request message to carry parameter: the traditional secrete key IK ' of mapping and CK '.Preferably, the traditional secrete key IK ' of described mapping/CK ' is positioned over the source in the transparent vessel of Target RNC.
Alternatively, the traditional secrete key IK ' of mapping and CK ' are positioned over migration respectively needs the IK of message and migration request message and CK field to transmit.
Alternatively, above-mentioned migration needs message and migration request message also to carry parameter: the enhancing key IK of the current use of source RNC of enhancing UAnd/or CK U
If the source RNC that strengthens is positioned under the different core net nodes with Target RNC, then above-mentioned migration needs message and the migration request message need be through the transfer of two core net nodes: promptly the source core net node of Zeng Qianging sends to the target core network node and transmits migration request message, carries parameter in this message and comprises: the traditional secrete key IK ' of mapping and CK '.In addition, the source core net node of enhancing can also carry at the MM of this message context field: the traditional secrete key IK ' of mapping/CK '.The target core network node sends migration request message to Target RNC, carries parameter in this message: the traditional secrete key IK ' of mapping and CK '.
Need message and migration request message by migration, realized moving effective transmission of required key and other parameter.
S1006: the key that the source RNC of the enhancing that the Target RNC storage receives sends.
If traditional secrete key the IK '/CK ' of the mapping that receives of Target RNC is arranged in the IK and/or the CK field of the migration request message that the core net node of enhancing sends, then Target RNC is considered as traditional secrete key IK and/or CK with it.
S1007-S1008: Target RNC sends the migration request acknowledge message to the core net node that strengthens, and the core net node of enhancing sends the migration command messages to the source RNC that strengthens.
If the source RNC that strengthens is positioned under the different core net nodes with Target RNC, then this message need be through the transfer of 2 core net nodes: promptly the target core network node sends to the source core net node that strengthens and transmits the migration response message; The source core net node that strengthens sends the migration command messages to source RNC.
S1009: the source RNC of enhancing sends migration to Target RNC and submits message to.
S1010: Target RNC sends the migration detect-message to the core net node that strengthens.Carry parameter in this message: the security capabilities indication information of objective network.
S1011: Target RNC sends URA to UE and upgrades acknowledge message, or the cell update acknowledge message, or RAN mobility information message.This acknowledge message is carried the indication information of the security capabilities of Target RNC.This message is carried out safeguard protection with the traditional secrete key IK ' and/or the CK ' of mapping; Perhaps if the key material that source RNC sends to Target RNC comprises the key of enhancing, this message also can be with strengthening key IK UAnd/or CK UCarry out safeguard protection.
S1012:UE sends UTRAN mobility information acknowledge message, perhaps RAN mobility information acknowledge message to Target RNC.This message is carried the indication information of UE security capabilities.
This message is carried out safeguard protection with the traditional secrete key IK ' and/or the CK ' of mapping; Perhaps, if the key material that source RNC sends to Target RNC comprises the key of enhancing, this message also can be with strengthening key IK UAnd/or CK UCarry out safeguard protection.
S1013: the core net node of Target RNC and enhancing carries out alternately, confirms to move and finishes.
Alternatively, in this process, the core net node of enhancing carries out the renewal of key material, and the key material that upgrades is sent to the Target RNC preservation, uses during in order to SRNC migration next time.
If the source RNC of Target RNC and enhancing is positioned under the different core net nodes, then the source core net node of target core network node and enhancing carries out interacting message, confirms to move and finishes.
S1014: the source RNC release of enhancing and the Iur interface between the core net node.
S1015: Target RNC decision-making carrying out SRNC internal migration.Promptly source RNC of Zeng Qianging and Target RNC all are same RNC.In this internal migration process, Target RNC is finished the key IK of enhancing UAnd/or CK URenewal.
The above is embodiments of the invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within the claim scope of the present invention.

Claims (25)

1. method that guarantees service wireless network controller SRNC and core net node cipher consistency comprises:
In the universal mobile telecommunications system that strengthens, the core net node that strengthens and terminal are derived traditional secrete key the IK '/CK ' of mapping respectively according to identical algorithm, and the core net node of described enhancing sends to radio network controller as the enhancing of SRNC with traditional secrete key the IK '/CK ' of its described mapping of deriving.
2. the method for claim 1 is characterized in that,
The core net node of described enhancing and described terminal are derived the step of traditional secrete key the IK '/CK ' of mapping respectively according to identical algorithm, are based on traditional secrete key CK/IK, and/or intermediate key K RNC, and/or strengthen key IK U/ CK UDerive traditional secrete key the IK '/CK ' of mapping.
3. method as claimed in claim 2 is characterized in that,
The core net node of described enhancing and described terminal are derived the step of traditional secrete key the IK '/CK ' of mapping respectively according to identical algorithm, be when terminal is moved to the universal mobile telecommunications system of enhancing by the universal mobile telecommunications system that does not strengthen, or terminal initial is when being attached to network, or terminal is carried out when Idle state enters into activated state.
4. the method for claim 1 is characterized in that,
In the time need moving to target radio network controller as the source radio network controller of the enhancing of SRNC, the source radio network controller of described enhancing sends traditional secrete key the IK '/CK ' of described mapping to described target radio network controller.
5. as claim 1 or 4 described methods, it is characterized in that,
When core net node need change, the source core net node of described enhancing sent traditional secrete key the IK '/CK ' of mapping to the target core network node.
6. the method for claim 1 is characterized in that,
The core net node of described enhancing is also derived the enhancing key respectively according to identical algorithm with terminal, and the core net node of described enhancing sends to radio network controller as the enhancing of SRNC with its described enhancing key of deriving.
7. method as claimed in claim 6 is characterized in that,
In the time need moving to target radio network controller as the source radio network controller of the enhancing of SRNC, the source radio network controller of described enhancing sends traditional secrete key the IK '/CK ' and the described enhancing key of described mapping to described target radio network controller.
8. method as claimed in claim 7 is characterized in that,
Described target radio network controller is selected the safe key that self adopts from traditional secrete key the IK '/CK ' of described enhancing key and described mapping according to the inherently safe ability:
If the safety that described target radio network controller support strengthens then adopts described enhancing key as safe key, and preserves traditional secrete key the IK '/CK ' of described mapping;
If described target radio network controller is not supported the safety that strengthens, traditional secrete key the IK '/CK ' that then adopts described mapping is as safe key.
9. method as claimed in claim 8 is characterized in that,
Described target radio network controller further transmits objective network security capabilities indication information to terminal, and described objective network security capabilities indication information is used to indicate the security capabilities of described target radio network controller and/or selected safe key.
10. as claim 6 or 7 described methods, it is characterized in that,
When core net node need change, the source core net node of described enhancing sent traditional secrete key the IK '/CK ' and the described enhancing key of mapping to the target core network node.
11. method as claimed in claim 10 is characterized in that,
Described target core network node is selected the safe key that self adopts from traditional secrete key the IK '/CK ' of described enhancing key and described mapping according to inherently safe ability and terminal security ability:
If described target core network node and terminal are all supported then to adopt the safety that strengthens described enhancing key as safe key, and preserve traditional secrete key the IK '/CK ' of described mapping;
If described target core network node and/or terminal are not supported the safety that strengthens, traditional secrete key the IK '/CK ' that then adopts described mapping is as safe key.
12., it is characterized in that the source radio network controller of described enhancing sends traditional secrete key the IK '/CK ' of described mapping to described target radio network controller to the transparent RNC container of target by the source as claim 4 or 7 described methods.
13. method as claimed in claim 12 is characterized in that, the traditional secrete key IK ' of described mapping/CK ' is positioned over described source in the information word IK field and CK field of the transparent RNC container of target.
14. method as claimed in claim 4 is characterized in that,
When terminal is carried out static SRNC migration, the source radio network controller of described enhancing sends to the core net node that strengthens and carries the traditional secrete key IK ' of described mapping and the migration of CK ' needs message, the migration request message that the core net node of described enhancing carries the traditional secrete key IK ' and the CK ' of described mapping to the target radio network controller transmission sends to described target radio network controller with traditional secrete key IK ' and the CK ' that shines upon.
15. method as claimed in claim 4 is characterized in that,
When terminal is carried out static SRNC migration, if be attended by the change of core net node, then the source radio network controller of described enhancing sends to the source core net node that strengthens and carries the traditional secrete key IK ' of described mapping and the migration of CK ' needs message, and the source core net node of described enhancing sends the migration request message of transmitting the traditional secrete key IK ' and the CK ' that carry described mapping to the target core network node; Described target core network node sends the migration request message of the traditional secrete key IK ' and the CK ' that carry described mapping to target radio network controller.
16., it is characterized in that described migration request message also carries the enhancing key as claim 14 or 15 described methods.
17. method as claimed in claim 5 is characterized in that,
It is described when core net node need change, be meant the routing area updating RAU request, or adhere to request, or core net node changes in the service request process, target core network node after changing is to source core net node request contexts, and described source core net node returns the context of traditional secrete key the IK '/CK ' that carries mapping to the target core network node.
18. method as claimed in claim 17 is characterized in that, the described context that carries traditional secrete key the IK '/CK ' of mapping is the MM context.
19. a system that guarantees service wireless network controller SRNC and core net node cipher consistency comprises: terminal, the core net node of the enhancing in the universal mobile telecommunications system of enhancing and as the radio network controller of the enhancing of SRNC, wherein:
The core net node of described enhancing and terminal are used for deriving respectively according to identical algorithm traditional secrete key the IK '/CK ' of mapping;
The core net node of described enhancing sends to radio network controller as the enhancing of SRNC with traditional secrete key the IK '/CK ' of its described mapping of deriving.
20. system as claimed in claim 19 is characterized in that,
The traditional secrete key IK ' of described mapping/CK ' is based on traditional secrete key CK/IK, perhaps based on intermediate key K RNC, and/or IK U/ CK UThe key of deriving.
21. system as claimed in claim 19 is characterized in that, described system further comprises:
Target radio network controller is used for when needs SRNC moves, and moves to target radio network controller by the source radio network controller as the enhancing of SRNC;
The source radio network controller of described enhancing sends traditional secrete key the IK '/CK ' of described mapping to described target radio network controller.
22., it is characterized in that described system further comprises as claim 19 or 21 described systems: the target core network node,
When core net node need change, the source core net node of described enhancing sent traditional secrete key the IK '/CK ' of mapping to the target core network node.
23. system as claimed in claim 19 is characterized in that,
The core net node of described enhancing and terminal also are used for deriving the enhancing key respectively according to identical algorithm, and the core net node of described enhancing sends to radio network controller as the enhancing of SRNC with its described enhancing key of deriving;
Described system further comprises target radio network controller and target core network node,
In the time need moving to target radio network controller as the source radio network controller of the enhancing of SRNC, the source radio network controller of described enhancing sends traditional secrete key the IK '/CK ' and the described enhancing key of described mapping to described target radio network controller;
When core net node need change, the source core net node of described enhancing sent traditional secrete key the IK '/CK ' and the described enhancing key of mapping to the target core network node.
24. system as claimed in claim 23 is characterized in that,
Described target radio network controller is selected the safe key that self adopts from traditional secrete key the IK '/CK ' of described enhancing key and described mapping according to the inherently safe ability: if the safety that described target radio network controller support strengthens, then adopt described enhancing key as safe key, and preserve traditional secrete key the IK '/CK ' of described mapping; If described target radio network controller is not supported the safety that strengthens, traditional secrete key the IK '/CK ' that then adopts described mapping is as safe key;
Described target core network node is selected the safe key that self adopts from traditional secrete key the IK '/CK ' of described enhancing key and described mapping according to the security capabilities of inherently safe ability and terminal: if described target core network node and terminal are all supported the safety that strengthens, then adopt described enhancing key as safe key, and preserve traditional secrete key the IK '/CK ' of described mapping; If described target core network node and/or terminal are not supported the safety that strengthens, traditional secrete key the IK '/CK ' that then adopts described mapping is as safe key.
25. system as claimed in claim 24 is characterized in that,
Described target radio network controller further transmits objective network security capabilities indication information to terminal, and described objective network security capabilities indication information is used to indicate the security capabilities of described target radio network controller and/or selected safe key.
CN201010221442.0A 2010-07-01 2010-07-01 A kind of method and system ensureing SRNC and core net node cipher consistency Active CN101938744B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201010221442.0A CN101938744B (en) 2010-07-01 2010-07-01 A kind of method and system ensureing SRNC and core net node cipher consistency

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201010221442.0A CN101938744B (en) 2010-07-01 2010-07-01 A kind of method and system ensureing SRNC and core net node cipher consistency

Publications (2)

Publication Number Publication Date
CN101938744A true CN101938744A (en) 2011-01-05
CN101938744B CN101938744B (en) 2016-06-15

Family

ID=43391827

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201010221442.0A Active CN101938744B (en) 2010-07-01 2010-07-01 A kind of method and system ensureing SRNC and core net node cipher consistency

Country Status (1)

Country Link
CN (1) CN101938744B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102137398A (en) * 2011-03-10 2011-07-27 中兴通讯股份有限公司 Updating method, device and user facility of improved secret key

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101072092A (en) * 2006-05-11 2007-11-14 华为技术有限公司 Method for realizing control plane and user plane key synchronization
CN101257723A (en) * 2008-04-08 2008-09-03 中兴通讯股份有限公司 Method, apparatus and system for generating cipher key

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101072092A (en) * 2006-05-11 2007-11-14 华为技术有限公司 Method for realizing control plane and user plane key synchronization
CN101257723A (en) * 2008-04-08 2008-09-03 中兴通讯股份有限公司 Method, apparatus and system for generating cipher key

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ZTE CORPORATION: ""Key Change during SRNS Relocation"", 《3GPP TSG-SA3 S3-100515》, 30 April 2010 (2010-04-30) *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102137398A (en) * 2011-03-10 2011-07-27 中兴通讯股份有限公司 Updating method, device and user facility of improved secret key
CN102137398B (en) * 2011-03-10 2017-04-12 中兴通讯股份有限公司 Updating method, device and user facility of improved secret key

Also Published As

Publication number Publication date
CN101938744B (en) 2016-06-15

Similar Documents

Publication Publication Date Title
US10873889B2 (en) Handover apparatus and method
US20230141084A1 (en) Delaying Sending of User Plane Connection Activation for a Downlink Data Packet
EP3167657B1 (en) Inter-menb handover method and device in a small cell system
KR101737425B1 (en) Mehthod and apparatus for managing security in a mobiel communication system supporting emergency call
EP2296389B1 (en) Method and system for generating an identity identifier of a key
TWI392382B (en) Method of handling security configuration in wireless communications system and related communication device
CN110730454B (en) Method for solving safety problem by NH, NCC pair in mobile communication system
US10320754B2 (en) Data transmission method and apparatus
CN105874766B (en) The method and apparatus of controlled certificate is provided between the subscriber devices
JP7287534B2 (en) Method performed in MME device and MME device
EP3675544A1 (en) Key derivation algorithm negotiation method and apparatus
CN103428787B (en) A kind of base station switch method and device
US20130077785A1 (en) Method for Updating Air Interface Key, Core Network Node and Radio Access System
CN101909292B (en) The update method of air interface key, core net node and subscriber equipment
CN101835154B (en) A kind of method and system setting up the air interface key of enhancing
CN101820622B (en) The method and system of managing empty mapping keys in wireless communication system
CN101938744B (en) A kind of method and system ensureing SRNC and core net node cipher consistency
CN101902738B (en) The update method of air interface key, device and wireless access system
Song et al. Reduction of authentication cost based on key caching for inter-MME handover support
CN101917717B (en) The method and system of key are set up when interconnecting between a kind of GERAN and enhancing UTRAN
CN101902736B (en) Update method, core net node and the wireless access system of air interface key
WO2019023632A1 (en) A security key model to support dual connectivity

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20201127

Address after: 215500 No.13, Caotang Road, Changshu, Suzhou, Jiangsu Province

Patentee after: Changshu intellectual property operation center Co.,Ltd.

Address before: 518057 Nanshan District Guangdong high tech Industrial Park, South Road, science and technology, ZTE building, Ministry of Justice

Patentee before: ZTE Corp.

TR01 Transfer of patent right
CP02 Change in the address of a patent holder

Address after: 215500 5th floor, building 4, 68 Lianfeng Road, Changfu street, Changshu City, Suzhou City, Jiangsu Province

Patentee after: Changshu intellectual property operation center Co.,Ltd.

Address before: No.13 caodang Road, Changshu City, Suzhou City, Jiangsu Province

Patentee before: Changshu intellectual property operation center Co.,Ltd.

CP02 Change in the address of a patent holder