CN101999240A - Communication method, device and communication system between base stations - Google Patents

Communication method, device and communication system between base stations Download PDF

Info

Publication number
CN101999240A
CN101999240A CN200980123374XA CN200980123374A CN101999240A CN 101999240 A CN101999240 A CN 101999240A CN 200980123374X A CN200980123374X A CN 200980123374XA CN 200980123374 A CN200980123374 A CN 200980123374A CN 101999240 A CN101999240 A CN 101999240A
Authority
CN
China
Prior art keywords
key
base station
base stations
message
neighbor base
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN200980123374XA
Other languages
Chinese (zh)
Other versions
CN101999240B (en
Inventor
牟梦雅
夏林峰
李铮铮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN101999240A publication Critical patent/CN101999240A/en
Application granted granted Critical
Publication of CN101999240B publication Critical patent/CN101999240B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A communication method, device and communication system between base stations is disclosed. The communication method between base stations includes: after the broadcast message of the neighbor base station is detected, the key of the neighbor base station is obtained based on the broadcast message of the neighbor base station; the messages transmitted by the neighbor base station are authenticated using the key of the neighbor base station. By using the above technical solution, the base station can ensure the legality of identity of the opposite party communication base station, so the security of communication between base stations is improved.

Description

Communication method, device and communication system between base stations
A kind of inter base station communication method, device and art communication systems field
The present invention relates to communication technical field, more particularly to a kind of inter base station communication method, device and communication system.Background technology
With mobile communication subscriber quantity increase sharply and user's request continuous improvement, mobile communication system equipment also shows diversified development trend.HNB (Home NodeB, Home eNodeB)Or HeNB (Home Evolved NodeB, home evolved node B)As a kind of base station of miniaturization, the application scenarios such as family, school, enterprise are directed to.Based on Η Ν Β or HeNB network system, in-door covering can be effectively improved, indoor access rate is improved, reduce time delay, various user's application demands are met, while the load of macro base station can also be reduced, macro base station capacity is served primarily in user in outdoor or motion.
In the prior art, if H (e) B wish and other H (e) NB interactive information, interactive information will be transmitted to core net by H (e) B by public ip network, then core net forwards the information to other H (e) NB or eNB (Evolved NodeB, evolution base station in operator's dedicated network).Communication mode between this H (e) NB, its message transmission time delay is larger, it is easy to cause communication information between H (e) B not in time;The problems such as waste of backend resources.In addition, H (e) NB also have the characteristics of deployment quantity is big, if the communication between all H (e) B is all forwarded by core net, it will cause very big burden to equipment of the core network.
In theory, directly it can be communicated between H (e) NB by eating dishes without rice or wine, to reduce time delay, mitigate core net burden.But can have safety problem by direct communication of eating dishes without rice or wine between H (e) NB:Because H (e) NB can not confirm the identity of Correspondent Node, and it is unaware that whether the message that other side sends is reliable.Therefore, attacker can be communicated with legal H (e) NB by way of palming off H (e) NB, so that the operation such as normal resource configuration, switching to legal H (e) B is impacted.The content of the invention
The embodiments of the invention provide a kind of inter base station communication method, device and communication system, to improve the communications security between H (e) B, technical scheme is as follows:
A kind of inter base station communication method, including:After the broadcast message of neighbor base stations is detected, according to the broadcast message of the neighbor base stations, the key of the neighbor base stations is obtained; Using the key of the neighbor base stations, the message that the neighbor base stations are sent is authenticated.A kind of base station, including:
Key obtainment unit, for after the broadcast message of neighbor base stations is detected, according to the broadcast message of the neighbor base stations, obtaining the key of the neighbor base stations;
Message authentication unit, for the key using the neighbor base stations, is authenticated to the message that the neighbor base stations are sent.A kind of communication system, including core net and at least two base stations;
Second base station, for after the broadcast message of adjacent first base station is detected, from the broadcast message of the first base station, obtains the mark of the neighbor base stations;The mark that the first base station is carried in secret key request message, the secret key request message is sent to core net;
The core net, for according to the secret key request message, the key that the first base station is carried in key response message, the key response message to be sent to second base station;
Second base station receives the key response message that core net is sent, and using the key of the first base station, the message that the first base station is sent is authenticated.The technical scheme provided using the embodiment of the present invention, the 2nd H (e) NB obtain the first H (e) NB key according to the first H (e) NB broadcast message first before being communicated with the first H (e) NB.After the message that the first H (e) NB are sent is received, message is authenticated using the key, with the identity of acknowledged and the reliability of informed source.If attacker palms off the first H (e) NB to the 2nd H (e) NB transmission message, authentication will be unable to pass through, and the 2nd H (e) NB can reject message.Further, each H (e) NB in network can use the identity of above-mentioned mechanism confirmation Correspondent Node, so as to improve the communications security between H (e) B.Brief description of the drawings
Fig. 1 is the method flow diagram of the embodiment of the present invention one;
Fig. 2 is the method flow diagram of the embodiment of the present invention two;
Fig. 3 is the method flow diagram of the embodiment of the present invention three;
Fig. 4 is a kind of structural representation of base station of the embodiment of the present invention;
Fig. 5 is another structural representation of base station of the embodiment of the present invention;
Fig. 6 is a kind of structural representation of communications system core network of the embodiment of the present invention; Fig. 7 is another structural representation of communications system core network of the embodiment of the present invention.Embodiment
Inter base station communication method first to the embodiment of the present invention is illustrated, including:
Base station, according to the broadcast message of the neighbor base stations, obtains the key of the neighbor base stations after the broadcast message of neighbor base stations is detected;Using the key of the neighbor base stations, the message that the neighbor base stations are sent is authenticated.
Wherein, above-mentioned base station can be HNB or HeNB, using above-mentioned technical proposal, the 2nd H (e) NB obtain the first H (e) NB key according to the first H (e) NB broadcast message first before being communicated with the first H (e) NB.After the message that the first H (e) NB are sent is received, message is authenticated using the key, with the identity of acknowledged.If attacker palms off the first H (e) NB to the 2nd H (e) NB transmission message, authentication will be unable to pass through, and the 2nd H (e) NB can reject message.Further, each H (e) NB in network can use the identity of above-mentioned mechanism confirmation Correspondent Node, so as to improve the communications security between H (e) B.In order to provide a better understanding of the technical solution of the present invention by those skilled in the art, below in conjunction with accompanying drawing, the specific embodiment mode to the present invention is described in further detail.
Embodiment one:
Fig. 1 show the implementation process figure of safety communicating method between a kind of base station provided in an embodiment of the present invention, comprises the following steps:
S101, base station 2 obtains the mark of base station 1.
Some base station intercepts the broadcast message of neighbor base stations by eating dishes without rice or wine, and can obtain the much information of neighbor base stations, such as carrier configuration information, cell load status etc..Wherein, base station can be intercepted or periodically intercepted when just starting.
In the present embodiment, it is assumed that base station 1 is the neighbor base stations of base station 2, base station 2 can obtain the unique identifier of base station 1, such as base station IDs, Cell ID by intercepting the broadcast message of base station 1.
S102, base station 2 sends secret key request message to core net.
After base station 2 listens to the broadcast message of base station 1, illustrate base station 1 in can with the distance range of the direct communication of base station 2, to ensure the security subsequently conversed, base station 2 sends secret key request message to core net, and request obtains the key for being used for being authenticated to the message that base station 1 is sent.Wherein, exist In secret key request message, the identifier of base station 1 is carried.
5103, core net is verified to the identity of base station 1.
Each base station is required between core network carrying out two-way authentication before access He Xin Wang Network.Therefore, for one possesses the base station of legal identity, its relevant authentication information will be preserved in core net.
Core net is received after secret key request message, according to the mark of the base station 1 wherein carried, identity to base station 1 is verified, check whether itself preserves the relevant authentication information of base station 1, if, the identity for then thinking base station 1 is legal, further inquires about the key of base station 1.
Preferably, core net is after secret key request message is received, sender that can also first to message(That is base station 2) identity verified, confirm whether base station 2 has permission the key for obtaining base station 1, further to improve security.
5104, core net sends key response message to base station 2.
If being verified in S103, core net can send key response message to base station 2, and the key of base station 1 is carried in the message.If checking does not pass through, key will not be carried in the response message.
S105, the message that base station 2 is sent using the key of base station 1 to base station 1 is authenticated.
Base station 2 receives the key response message of the transmission of core net, if without key is carried in response message, illustrating that base station 1 does not have legal identity, base station 2 will reject the message that base station 1 is sent.
If carrying the key of base station 1 in response message, the identity for illustrating base station 1 is legal, can be in communication with.Base station 2 by base station 1 mark it is corresponding with the key obtained save, if subsequently receive base station 1 send message, message is authenticated using the key of base station 1, with the reliability in the source of confirmation message.The message that each base station is sent out is the signature information crossed by the key handling of itself, if attacker palms off base station 1 to the transmission of base station 2 message, due to attacker and the key without base station 1, therefore the message sent will be unable to authentication by base station 2.
It will be appreciated by those skilled in the art that, above method flow, all it is applicable respectively for base station 1 and base station 2, i.e. for base station 1, after the broadcast message of base station 2 is listened to, same method can be used to obtain the key of base station 2, and authenticated using the message that is sent to base station 2 of key of base station 2.In actual applications, each base station can safeguard a network neighbor list, the key of base station each neighbor base stations in the list being obtained from core net, and save acquired key is corresponding with network neighbor list, when base station intercommunication, message is authenticated using corresponding key respectively, it is possible to ensure The security of inter base station communication.
It should be noted that, in the present embodiment, it is that the keys of other base stations is actively obtained to core net from each base station, in actual applications, base station can also be triggered by core net and performs the flow for obtaining key, or actively key is provided to base station from core net.For example, the key of some base station is changed, core net can send message to other base stations, indicate that other base stations reacquire the key after updating;Or, core net directly can also send the key after updating according to the record for sending key response message before to related base station.
In the present embodiment, base station to obtain the key of Correspondent Node, and is authenticated by sending key request to core net using the key to the message that opposite end is sent.Equivalent to the legitimacy of communicating pair base station identity is ensured by core net, the reliability of receipt of subsequent informed source is ensured by base station itself.On the other hand, for core net, receive after secret key request message, need to only check the relevant authentication information for itself whether preserving the base station corresponding to mark, and very big resource need not be taken.Also, between base station follow-up interacting message also without core net participation, so as to reduce the communication delay between base station, at the same mitigate core net burden.Embodiment two:
Fig. 2 show the implementation process figure of secure communication between another base station provided in an embodiment of the present invention, comprises the following steps:
S201, base station 2 obtains the broadcast certificate of base station 1.
In the present embodiment, it is still assumed that base station 1 is the neighbor base stations of base station 2, base station 2 is by intercepting base station
1 broadcast message, can obtain the broadcast certificate of base station 1.In the broadcast certificate, the key of base station 1 is carried, also, the broadcast certificate is to carry out signature by base station 1 with third party's signature key to handle.
Wherein, above-mentioned third party's signature key, is by certification authority(Such as core net)There is provided, certification authority only provides third party's signature key to the base station for possessing legal identity.Third party's signature key can be pre-configured with a base station, can also be obtained in real time to certification authority from base station, or issued in real time to base station from certification authority.Furthermore, third party's signature key can be static or dynamic change.It is appreciated that third party's signature key of dynamic change can further improve security, in this case, it is necessary to be obtained in real time to certification authority from base station, or issued in real time to base station from certification authority.
S202, base station 2 is authenticated using third party's signature key to the broadcast certificate of base station 1. Base station 2 is obtained after the broadcast certificate of base station 1, and broadcast certificate is authenticated using third party's signature key.Because certification authority only provides third party's signature key to the base station for possessing legal identity, therefore, the broadcast certificate of base station 1 is authenticated, and whether has legal identity equivalent to checking base station 1.If authentication passes through, the key for broadcasting the base station 1 carried in certificate is saved.
S203, the message that base station 2 is sent using the key of base station 1 to base station 1 is authenticated.
This step is similar with described in S105, and explanation is not repeated herein.
Similar with embodiment one, above method flow is also all applicable respectively for base station 1 and base station 2.In actual applications, each legal base station can carry out signature processing with third party's signature key to the broadcast certificate of itself, and obtain the broadcast certificate of each neighbor base stations, if passed through to the authentication for broadcasting certificate, then obtain corresponding key, and it is corresponding with network neighbor list save, when base station intercommunication, message is authenticated using corresponding key respectively, it is possible to ensure the security of inter base station communication.
In the present embodiment, each base station is authenticated by using third party's signature key to the broadcast certificate of other base stations, equivalent to ensuring the legitimacy of Correspondent Node base station identity by base station itself.Compared with embodiment one, it can further mitigate the burden of core net.Embodiment three:
Above-mentioned two embodiment, is described during base station communication, how to ensure the legitimacy of communicating pair identity and the reliability of communication information.On the basis of above scheme, the present embodiment further provides for a kind of inter base station communication method, to improve communication security.Method flow schematic diagram can be found in shown in Fig. 3, it is assumed hereinafter that base station 1 and base station 2 are the base station with legal identity, and have obtained the key of other side(If the key of base station 1 is keyl, the key of base station 2 is key2).
5301, the message that will be sent to base station 2 is encrypted using key2 for base station 1.
The key key2 of base station 2 is preserved in the scheme of Application Example one or embodiment two, base station 1, for will subsequently be sent to the message of base station 2, base station 1 first can be encrypted using key2, obtain cipher-text message.
5302, the message after encryption is sent to base station 2 by base station 1.
Cipher-text message is sent to base station 2 by base station 1, in conjunction with the embodiments one or embodiment two understand, base station 1 send message when, with the key keyl of itself signature processing can be carried out to the cipher-text message again.
S303, base station 2 receives message, and message is decrypted using key2. Base station 2 is received after the cipher-text message of the transmission of base station 1, message is authenticated first by keyl, after the reliability in the source of confirmation message, reuse key2 (or with the private cipher key corresponding to key2) and cipher-text message is decrypted.
Above method flow, is all applicable respectively for base station 1 and base station 2.And, it will be appreciated by those skilled in the art that, base station 1 or base station 2 can also predefine a communication private key, and other side is supplied to after being encrypted using the key of other side, and subsequent base stations 1 and base station 2 will use the communication private key to carry out secret communication.
The present embodiment is compared with embodiment one or embodiment two, on the basis of the legitimacy and the reliability of communication information for ensureing communicating pair identity, the confidentiality of communication is further increased, it is to avoid Content of Communication is obtained by third party, also, the process does not need the participation of core net.
The technical scheme provided using the embodiment of the present invention, ensure that the security directly communicated between H (e) NB.Directly communicated between H (e) NB, in addition to it can reduce time delay, mitigate core net burden, can also aid in H (e) NB self-configuring and self-optimizing, to interference coordination, be switched fast and also bring along benefit.For example, when H (e) B start, can be by obtaining peripheral information come the configuration of sensing neighbor, e.g., by the broadcast message for reading neighbours, obtain the configuration information of peripheral cell, the carrier number such as used, carrier wave service condition, the load condition of current area, the information such as neighbor cell configuration, H (e) NB newly started complete the parameter setting of oneself according to the neighboring BS information listened to;In H (e) NB runnings, can also by monitoring the information of peripheral cell in real time, so as to carry out scheduling of resource and running parameter is reconfigured, with reach avoid each other thousand the purpose such as disturb.It is described above several specific embodiment modes of the present invention; it should be noted that; the technical scheme is that being proposed for HNB or He B application environment; but all or part of scheme can also be applied in other similar communication environments to improve communication security performance, these should be also included within protection scope of the present invention.
One of ordinary skill in the art will appreciate that:Realizing all or part of step of above method embodiment can be completed by the related hardware of programmed instruction, and foregoing program can be stored in a computer read/write memory medium, and the program upon execution, performs the step of including above method embodiment;And foregoing storage medium includes:ROM (Read-Only Memory, read-only memory), RAM (Random Access Memory, random access memory), magnetic disc or CD etc. are various can be with the medium of store program codes. Example IV:
Corresponding to above method embodiment, the embodiment of the present invention also provides a kind of base station, shown in Figure 4, including:
Key obtainment unit 410, for after the broadcast message of neighbor base stations is detected, according to the broadcast message of the neighbor base stations, obtaining the key of the neighbor base stations;
Message authentication unit 420, for the key using the neighbor base stations, is authenticated to the message that the neighbor base stations are sent.
The base station that the embodiment of the present invention is provided, using the key of neighbor base stations, is authenticated, to ensure the identity legitimacy of message sender to the message that neighbor base stations are sent.
Further, the key obtainment unit 410, can include:
Identifier obtains subelement, for from the broadcast message of the neighbor base stations, obtaining the mark of the neighbor base stations;
Key request subelement, the mark of the neighbor base stations is carried for being sent to core net in secret key request message, the secret key request message;
The key of the neighbor base stations is carried in key reception subelement, the key response message for receiving core net transmission, the key response message.
Above-mentioned base station to obtain the key of Correspondent Node, and is authenticated by sending key request to core net using the key to the message that opposite end is sent.Equivalent to the legitimacy of communicating pair base station identity is ensured by core net, the reliability of receipt of subsequent informed source is ensured by base station itself.Using above-mentioned base station, for core net, receive after secret key request message, need to only check the relevant authentication information for itself whether preserving the base station corresponding to mark, it is not necessary to take very big resource.Also, between base station follow-up interacting message also without core net participation, so as to reduce the communication delay between base station, at the same mitigate core net burden.
The key obtainment unit 410, can also include:
Broadcast certificate and obtain subelement, for occupy base station from the portion broadcast message in, obtain the key that the neighbor base stations are carried in the broadcast certificate of the neighbor base stations, the broadcast certificate;
Certification authority subelement is broadcasted, for being authenticated using third party's signature key to the broadcast certificate of the neighbor base stations, if authentication passes through, the key of the neighbor base stations is preserved;Wherein, third party's signature key is provided by certification authority. Using above-mentioned base station, each base station is authenticated by using third party's signature key to the broadcast certificate of other base stations, equivalent to the legitimacy of Correspondent Node base station identity is ensured by base station itself, so as to further mitigate the burden of core net.
Fig. 5 show the structural representation for another base station that the embodiment of the present invention is provided, compared with Fig. 4, the base station further increases message decryption unit 430, when message for being sent in the neighbor base stations is cipher-text message, the cipher-text message is decrypted using the key of itself.
Using above-mentioned base station, the confidentiality of communication can be further improved, it is to avoid Content of Communication is obtained by third party on the basis of the legitimacy and the reliability of communication information for ensureing communicating pair identity, also, the process does not need the participation of core net.Embodiment five:
The embodiment of the present invention also provides a kind of communication system, including:Core net and at least two base stations;Second base station, for after the broadcast message of adjacent first base station is detected, from the broadcast message of the first base station, obtains the mark of the neighbor base stations;The mark that the first base station is carried in secret key request message, the secret key request message is sent to core net;
The core net, for according to the secret key request message, the key that the first base station is carried in key response message, the key response message to be sent to second base station;
Second base station receives the key response message that core net is sent, and using the key of the first base station, the message that the first base station is sent is authenticated.
Shown in Figure 6, the core net can include:
First authentication unit 610, for after the secret key request message that second base station is sent is received, according to the mark of the first base station, verifying the identity of the first base station;
Key transmitting element 620, for after first authentication unit is verified, the key that the first base station is carried in key response message, the key response message to be sent to second base station.
Shown in Figure 7, the core net can further include the second authentication unit 630, for after the secret key request message that second base station is sent is received, verifying the identity of second base station;Then first authentication unit 620, after second authentication unit 630 is verified, according to the mark of the first base station, verifies the identity of the first base station.
The communication system that the present embodiment is provided, the legal of communicating pair base station identity is ensured by core net Property, the reliability of receipt of subsequent informed source is ensured by base station itself.For core net, receive after secret key request message, need to only check the relevant authentication information for itself whether preserving the base station corresponding to mark, it is not necessary to take very big resource.Also, between base station follow-up interacting message also without core net participation, so as to reduce the communication delay between base station, at the same mitigate core net burden.For device and system embodiment, because it essentially corresponds to embodiment of the method, so describing fairly simple, the relevent part can refer to the partial explaination of embodiments of method.Device described above is only schematical with system embodiment, the wherein described unit illustrated as separating component can be or may not be physically separate, the part shown as unit can be or may not be physical location, a place can be located at, or can also be distributed on multiple NEs.Some or all of module therein can be selected to realize the purpose of this embodiment scheme according to the actual needs.Those of ordinary skill in the art are without creative efforts, you can to understand and implement.Described above is only the embodiment of the present invention; it should be pointed out that for those skilled in the art, under the premise without departing from the principles of the invention; some improvements and modifications can also be made, these improvements and modifications also should be regarded as protection scope of the present invention.

Claims (13)

  1. Claim
    1st, a kind of inter base station communication method, it is characterised in that after the broadcast message of neighbor base stations is detected, this method includes:
    According to the broadcast message of the neighbor base stations, the key of the neighbor base stations is obtained;
    Using the key of the neighbor base stations, the message that the neighbor base stations are sent is authenticated.
    2nd, according to the method described in claim 1, it is characterised in that the key for obtaining the neighbor base stations, including:
    The key of the neighbor base stations is obtained from core net.
    3rd, method according to claim 2, it is characterised in that the key that the neighbor base stations are obtained from core net, including:
    From the broadcast message of the neighbor base stations, the mark of the neighbor base stations is obtained;
    The mark that the neighbor base stations are carried in secret key request message, the secret key request message is sent to core net;
    Receive the key that the neighbor base stations are carried in the key response message that core net is sent, the key response message.
    4th, method according to claim 3, it is characterised in that
    Core net is received after the secret key request message, the identity of neighbor base stations according to the identity verification of the neighbor base stations, if the verification passes, then sends the key response message.
    5th, according to the method described in claim 1, it is characterised in that the key for obtaining the neighbor base stations, including:
    From the broadcast message of the neighbor base stations, the key that the neighbor base stations are carried in the broadcast certificate of the neighbor base stations, the broadcast certificate is obtained;
    The broadcast certificate of the neighbor base stations is authenticated using third party's signature key, if authentication passes through, the key of the neighbor base stations is preserved;Wherein, third party's signature key is provided by certification authority.
    6th, method according to claim 5, it is characterised in that third party's signature is pre-configured with, or is obtained immediately from core net.
    7th, the method according to any one of claim 1 to 6, it is characterised in that the message that the neighbor base stations are sent is cipher-text message, then methods described also includes:
    The cipher-text message is decrypted using the key of itself. 8th, a kind of base station, it is characterised in that including:
    Key obtainment unit, for after the broadcast message of neighbor base stations is detected, according to the broadcast message of the neighbor base stations, obtaining the key of the neighbor base stations;
    Message authentication unit, for the key using the neighbor base stations, is authenticated to the message that the neighbor base stations are sent.
    9th, base station according to claim 8, it is characterised in that the key obtainment unit, including:Identifier obtains subelement, for from the broadcast message of the neighbor base stations, obtaining the mark of the neighbor base stations;
    Key request subelement, the mark of the neighbor base stations is carried for being sent to core net in secret key request message, the secret key request message;
    The key of the neighbor base stations is carried in key reception subelement, the key response message for receiving core net transmission, the key response message.
    10th, base station according to claim 8, it is characterised in that the key obtainment unit, including:Broadcast certificate and obtain subelement, for from the broadcast message of the neighbor base stations, obtaining the key that the neighbor base stations are carried in the broadcast certificate of the neighbor base stations, the broadcast certificate;
    Certification authority subelement is broadcasted, for being authenticated using third party's signature key to the broadcast certificate of the neighbor base stations, if authentication passes through, the key of the neighbor base stations is preserved;Wherein, third party's signature key is provided by certification authority.
    11st, the base station according to any one of claim 8 to 10, it is characterised in that the base station also includes:
    Message decryption unit, when the message for being sent in the neighbor base stations is cipher-text message, the cipher-text message is decrypted using the key of itself.
    12nd, a kind of communication system, it is characterised in that including core net and at least two base stations;Second base station, for after the broadcast message of adjacent first base station is detected, from the broadcast message of the first base station, obtains the mark of the neighbor base stations;The mark that the first base station is carried in secret key request message, the secret key request message is sent to core net;
    The core net, for according to the secret key request message, the key that the first base station is carried in key response message, the key response message to be sent to second base station;
    Second base station receives the key response message that core net is sent, and uses the close of the first base station Key, is authenticated to the message that the first base station is sent.
    13rd, communication system according to claim 12, it is characterised in that the core net, including:First authentication unit, for after the secret key request message that second base station is sent is received, according to the mark of the first base station, verifying the identity of the first base station;
    Key transmitting element, for after first authentication unit is verified, the key that the first base station is carried in key response message, the key response message to be sent to second base station.
    14th, communication system according to claim 13, it is characterised in that the core net, in addition to the second authentication unit, for after the secret key request message that second base station is sent is received, verifying the identity of second base station;First authentication unit, after second authentication unit is verified, according to the mark of the first base station, verifies the identity of the first base station.
CN200980123374XA 2009-05-22 2009-05-22 Communication method, device and communication system between base stations Active CN101999240B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2009/071926 WO2010133036A1 (en) 2009-05-22 2009-05-22 Communication method, device and communication system between base stations

Publications (2)

Publication Number Publication Date
CN101999240A true CN101999240A (en) 2011-03-30
CN101999240B CN101999240B (en) 2013-03-13

Family

ID=43125727

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200980123374XA Active CN101999240B (en) 2009-05-22 2009-05-22 Communication method, device and communication system between base stations

Country Status (2)

Country Link
CN (1) CN101999240B (en)
WO (1) WO2010133036A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114501513A (en) * 2022-02-25 2022-05-13 成都中科微信息技术研究院有限公司 Method and system for improving reliability of NG link between base station and core network

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108270560B (en) * 2017-01-03 2023-06-09 中兴通讯股份有限公司 Key transmission method and device
CN112105024B (en) * 2020-11-12 2021-03-23 新华三技术有限公司 Base station identity authentication method, device and equipment

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020083812A (en) * 2001-04-30 2002-11-04 주식회사 시큐어넥서스 Content service security system of broadcasting method and control method thereof
CN101291249B (en) * 2008-06-11 2011-05-25 中兴通讯股份有限公司 Method for configuring and displaying name of household base station, and name of internal customer group
CN100581169C (en) * 2008-08-21 2010-01-13 西安西电捷通无线网络通信有限公司 Multicast cryptographic key distribution method and updating method based on unicast conversation cryptographic key

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114501513A (en) * 2022-02-25 2022-05-13 成都中科微信息技术研究院有限公司 Method and system for improving reliability of NG link between base station and core network
CN114501513B (en) * 2022-02-25 2024-03-26 成都中科微信息技术研究院有限公司 Method and system for improving reliability of NG link between base station and core network

Also Published As

Publication number Publication date
WO2010133036A1 (en) 2010-11-25
CN101999240B (en) 2013-03-13

Similar Documents

Publication Publication Date Title
EP4089977B1 (en) Key acquisition method and device
CN101854625B (en) Selective processing method and device of security algorithm, network entity and communication system
US11463425B2 (en) Restricting broadcast and multicast traffic in a wireless network to a VLAN
CN102934508B (en) For the method and apparatus of wireless distributed calculating
US20080170699A1 (en) Method and device for managing a wireless resource
JP2015518699A (en) Authentication using DHCP service in mesh networks
US11528137B2 (en) Identity-based encryption of a message associated with a connection procedure
CN112119651A (en) Access technology agnostic serving network authentication
WO2022174827A1 (en) Multicast or broadcast service data security protection method and apparatus
CN104185245A (en) Method, device and system for limiting access position of base station
CN101999240A (en) Communication method, device and communication system between base stations
CN212343809U (en) Edge type cellular Internet of things private network system
CN108449758A (en) A kind of binding method and system of Intelligent hardware
AU2017439697B2 (en) Network configuration method, apparatus, network element, and system
WO2022253298A1 (en) Method and apparatus for transmitting system information
CN103200191B (en) Communicator and wireless communications method
CN107925874B (en) Ultra-dense network security architecture and method
Fadlullah et al. Authentication methodology for securing machine-to-machine communication in smart grid
Thomas et al. Going beyond the user—the challenges of universal connectivity in IoT
CN113765946B (en) Special network system of edge type honeycomb internet of things
WO2024086995A1 (en) Broadcast message protection method and related apparatus
US20230308864A1 (en) Wireless communication method, apparatus, and system
US20240137757A1 (en) Systems and methods for authorization of proximity based services
US20240214902A1 (en) Method and apparatus for reassignment of access and mobility management function in communication system
Javed et al. Roadmap for Security-as-a-Service CRAN in 5G Networks

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant