CN101999240B - Communication method, device and communication system between base stations - Google Patents

Communication method, device and communication system between base stations Download PDF

Info

Publication number
CN101999240B
CN101999240B CN200980123374XA CN200980123374A CN101999240B CN 101999240 B CN101999240 B CN 101999240B CN 200980123374X A CN200980123374X A CN 200980123374XA CN 200980123374 A CN200980123374 A CN 200980123374A CN 101999240 B CN101999240 B CN 101999240B
Authority
CN
China
Prior art keywords
base station
key
base stations
message
neighbor base
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN200980123374XA
Other languages
Chinese (zh)
Other versions
CN101999240A (en
Inventor
牟梦雅
夏林峰
李铮铮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN101999240A publication Critical patent/CN101999240A/en
Application granted granted Critical
Publication of CN101999240B publication Critical patent/CN101999240B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A communication method, device and communication system between base stations is disclosed. The communication method between base stations includes: after the broadcast message of the neighbor base station is detected, the key of the neighbor base station is obtained based on the broadcast message of the neighbor base station; the messages transmitted by the neighbor base station are authenticated using the key of the neighbor base station. By using the above technical solution, the base station can ensure the legality of identity of the opposite party communication base station, so the security of communication between base stations is improved.

Description

A kind of inter base station communication method, device and communication system
Technical field
The present invention relates to communication technical field, particularly relate to a kind of inter base station communication method, device and communication system.
Background technology
Along with increasing sharply of mobile communication subscriber quantity and improving constantly of user's request, mobile communication system equipment also presents diversified development trend.HNB (Home NodeB, Home eNodeB) or HeNB (Home Evolved NodeB, home evolved node B) be as a kind of base station of miniaturization, for be the application scenarioss such as family, school, enterprise.Based on the network system of HNB or HeNB, can effectively improve indoor covering, improve indoor access rate, reduce time delay, satisfy various user's application demands, can also reduce the load of macro base station simultaneously, make macro base station capacity main services user in outdoor or motion.
In the prior art, if H (e) NB wishes the interactive information with other H (e) NB, H (e) NB will pass to core net with interactive information by public ip network, then core net is transmitted to other H (e) NB with information or is in the eNB (Evolved NodeB, evolution base station) of operator's dedicated network.Communication mode between this H (e) NB, its message transmission time delay is larger, is easy to cause the communication information between H (e) NB untimely; The problems such as the waste of backend resources.In addition, H (e) NB also has the large characteristics of the quantity of deployment, if the communication between all H (e) NB is all transmitted by core net, will cause very large burden to equipment of the core network.
In theory, can directly communicate by eating dishes without rice or wine between H (e) NB, to reduce time delay, to alleviate the core net burden.There is safety problem in the direct communication meeting but passing through between H (e) NB eated dishes without rice or wine: because H (e) NB can't confirm the identity of Correspondent Node, and do not know whether the message that the other side sends is reliable.Therefore, the assailant can communicate by the mode of personation H (e) NB and legal H (e) NB, thereby the operations such as the normal resource configuration of legal H (e) NB, switching are impacted.
Summary of the invention
The embodiment of the invention provides a kind of inter base station communication method, device and communication system, and to improve the communications security between H (e) NB, technical scheme is as follows:
A kind of inter base station communication method comprises: after detecting the broadcast of neighbor base stations,
According to the broadcast of described neighbor base stations, from the broadcast of described neighbor base stations, obtain the sign of described neighbor base stations;
Send secret key request message, the sign of carrying described neighbor base stations in the described secret key request message to core net;
Receive the key response message that core net sends, carry the key of described neighbor base stations in the described key response message;
Use the key of described neighbor base stations, the message that described neighbor base stations sends is carried out authentication.
A kind of base station comprises:
Identifier obtains subelement, is used for being used for the broadcast from described neighbor base stations after detecting the broadcast of neighbor base stations, obtains the sign of described neighbor base stations;
The key request subelement is used for sending secret key request message, the sign of carrying described neighbor base stations in the described secret key request message to core net;
The key reception subelement is used for receiving the key response message that core net sends, and carries the key of described neighbor base stations in the described key response message;
The message authentication unit for the key that uses described neighbor base stations, carries out authentication to the message that described neighbor base stations sends.
A kind of communication system comprises core net and at least two base stations;
The second base station is used for after the broadcast that detects the first adjacent base station, from the broadcast of described the first base station, obtains the sign of neighbor base stations; Send secret key request message to core net, carry the sign of described the first base station in the described secret key request message;
Described core net is used for according to described secret key request message, sends key response message to described the second base station, carries the key of described the first base station in the described key response message;
Described the second base station receives the key response message that core net sends, and uses the key of described the first base station, and the message that described the first base station sends is carried out authentication.
Use the technical scheme that the embodiment of the invention provides, the 2nd H (e) NB at first obtains the key of a H (e) NB with before a H (e) NB communicates by letter according to the broadcast of a H (e) NB.After receiving the message that a H (e) NB sends, use this key that message is carried out authentication, with the identity of acknowledged and the reliability of informed source.Send message if there is the assailant to palm off a H (e) NB to the 2nd H (e) NB, authentication can't be passed through, and the 2nd H (e) NB can reject message.Further, each H (e) NB in the network can use above-mentioned mechanism to confirm the identity of Correspondent Node, thereby improves the communications security between H (e) NB.
Description of drawings
Fig. 1 is the method flow diagram of the embodiment of the invention one;
Fig. 2 is the method flow diagram of the embodiment of the invention two;
Fig. 3 is the method flow diagram of the embodiment of the invention three;
Fig. 4 is a kind of structural representation of embodiment of the invention base station;
Fig. 5 is the another kind of structural representation of embodiment of the invention base station;
Fig. 6 is a kind of structural representation of embodiment of the invention communication system core net;
Fig. 7 is the another kind of structural representation of embodiment of the invention communication system core net.
Embodiment
At first the inter base station communication method of the embodiment of the invention described, comprising:
The base station according to the broadcast of described neighbor base stations, obtains the key of described neighbor base stations after the broadcast that is detecting neighbor base stations; Use the key of described neighbor base stations, the message that described neighbor base stations sends is carried out authentication.
Wherein, above-mentioned base station can be HNB or HeNB, uses technique scheme, and the 2nd H (e) NB at first obtains the key of a H (e) NB with before a H (e) NB communicates by letter according to the broadcast of a H (e) NB.After receiving the message that a H (e) NB sends, use this key that message is carried out authentication, with the identity of acknowledged.Send message if there is the assailant to palm off a H (e) NB to the 2nd H (e) NB, authentication can't be passed through, and the 2nd H (e) NB can reject message.Further, each H (e) NB in the network can use above-mentioned mechanism to confirm the identity of Correspondent Node, thereby improves the communications security between H (e) NB.
In order to make those skilled in the art person understand better technical solution of the present invention, below in conjunction with accompanying drawing, specific embodiments of the invention are described in further detail.
Embodiment one:
Figure 1 shows that the realization flow figure of safety communicating method between a kind of base station that the embodiment of the invention provides, may further comprise the steps:
S101, base station 2 obtains the sign of base station 1.
The broadcast of neighbor base stations is intercepted in certain base station by eating dishes without rice or wine, can obtain the much information of neighbor base stations, for example carrier configuration information, cell load state etc.Wherein, the base station can be to intercept when just starting, and also can be periodically to intercept.
In the present embodiment, suppose that base station 1 is the neighbor base stations of base station 2, base station 2 can obtain the unique identifier of base station 1 by intercepting the broadcast of base station 1, such as base station IDs, Cell ID etc.
S102, base station 2 sends secret key request message to core net.
After base station 2 listens to the broadcast of base station 1, illustrate base station 1 be in can with the distance range of base station 2 direct communications within, for guaranteeing the fail safe of follow-up conversation, base station 2 sends secret key request message to core net, and request obtains to be used for the message that base station 1 sends is carried out the key of authentication.Wherein, in secret key request message, carry the identifier of base station 1.
S103, core net is verified the identity of base station 1.
Each base station before Access Core Network, all need and core network between carry out two-way authentication.Therefore, for a base station that has legal identity, will preserve its relevant authentication information in core net.
Core net is received after the secret key request message, according to the sign of the base station 1 of wherein carrying, the identity of base station 1 is verified, check namely whether self preserves the relevant authentication information of base station 1, if have, think that then the identity of base station 1 is legal, further inquire about the key of base station 1.
Preferably, core net can also be at first verifies the identity of the transmit leg (being base station 2) of message after receiving secret key request message, confirms whether base station 2 has authority to obtain the key of base station 1, with further raising fail safe.
S104, core net is 2 transmission key response message to the base station.
If the checking among the S103 is passed through, core net can be to the base station 2 sends the key response message, and the key of base station 1 is carried in this message.If checking is not passed through, then can in response message, not carry key.
S105, base station 2 uses the key of base station 1 that the message that base station 1 sends is carried out authentication.
Base station 2 receives the key response message of the transmission of core net, if do not carry key in the response message, illustrates that base station 1 does not have legal identity, and the message that send base station 1 will be rejected in base station 2.
If carry the key of base station 1 in the response message, the identity that base station 1 is described is legal, can communicate with it.Base station 2 is the corresponding preservation with the key that obtains of the sign of base station 1, if the follow-up message of receiving that base station 1 sends then uses the key of base station 1 that message is carried out authentication, with the reliability in the source of acknowledge message.The message that each base station outwards sends is the signature information of crossing through the key handling of self, 2 send message if there is the assailant to palm off base station 1 to the base station, because the assailant does not have the key of base station 1, the message that therefore sends can't be by the authentication of base station 2.
It will be appreciated by those skilled in the art that, the said method flow process, all be suitable for respectively for base station 1 and base station 2, namely for base station 1, after the broadcast that listens to base station 2, can make uses the same method obtains the key of base station 2, and uses the key of base station 2 that the message that base station 2 sends is carried out authentication.In actual applications, the network neighbor list of throwing the net can be safeguarded in each base station, the base station can obtain from core net the key of each neighbor base stations this tabulation, and with the key and the corresponding preservation of People Near Me tabulation that obtain, when the intercommunication of base station, use respectively corresponding key that message is carried out authentication, just can guarantee the fail safe of inter base station communication.
Need to prove, in the present embodiment, be initiatively to obtain the key of other base stations to core net by each base station, in actual applications, also can trigger the base station by core net and carry out the flow process of obtaining key, perhaps initiatively provides key to the base station by core net.For example, variation has occured in the key of certain base station, and core net can send message to other base stations, indicates the key after other base stations obtain renewal again; Perhaps, core net also can according to the record that sends before key response message, directly send the key after upgrading to relevant base station.
In the present embodiment, the base station is by sending key request to core net, and with the key of acquisition Correspondent Node, and the message of using this key that the opposite end is sent is carried out authentication.Be equivalent to be guaranteed by core net the legitimacy of communicating pair base station identity, guaranteed the reliability in follow-up receipt message source by base station self.On the other hand, for core net, receive after the secret key request message, only need to check the relevant authentication information of self whether preserving the corresponding base station of sign, do not need to take very large resource.And interacting message follow-up between the base station does not need the participation of core net yet, thereby can reduce the communication delay between the base station, alleviates simultaneously the burden of core net.
Embodiment two:
Figure 2 shows that the realization flow figure of secure communication between the another kind of base station that the embodiment of the invention provides, may further comprise the steps:
S201, base station 2 obtains the broadcasting certificate of base station 1.
In the present embodiment, suppose that still base station 1 is the neighbor base stations of base station 2, base station 2 can obtain the broadcasting certificate of base station 1 by intercepting the broadcast of base station 1.In this broadcasting certificate, carry the key of base station 1, and this broadcasting certificate carried out signature by base station 1 with third party's signature key to be processed.
Wherein, above-mentioned third party's signature key is to be provided by certification authority's (for example core net), and certification authority only provides the third party signature key to the base station that has legal identity.This third party's signature key can be pre-configured in the base station, also can be obtained to certification authority in real time by the base station, is perhaps issued to the base station in real time by certification authority.Furthermore, this third party's signature key can be static, also can be dynamic change.The third party's signature key that is appreciated that dynamic change can further improve fail safe, in this case, need to be obtained to certification authority in real time by the base station, is perhaps issued to the base station in real time by certification authority.
S202, base station 2 uses third party's signature key that the broadcasting certificate of base station 1 is carried out authentication.
Base station 2 obtains after the broadcasting certificate of base station 1, uses third party's signature key that the broadcasting certificate is carried out authentication.Because certification authority only provides the third party signature key to the base station that has legal identity, therefore, the broadcasting certificate of base station 1 carries out authentication, is equivalent to verify whether base station 1 has legal identity.If authentication is passed through, then will broadcast the key of the base station 1 of carrying in the certificate and preserve.
S203, base station 2 uses the key of base station 1 that the message that base station 1 sends is carried out authentication.
This step is described similar with S105, no longer repeat specification here.
Similar with embodiment one, the said method flow process also all is suitable for respectively for base station 1 and base station 2.In actual applications, each legal base station can be with third party's signature key to the broadcasting certificate of self processing of signing, and obtain the broadcasting certificate of each neighbor base stations, if the authentication to the broadcasting certificate is passed through, then obtain corresponding key, and get up with the corresponding preservation of People Near Me tabulation, when the intercommunication of base station, use respectively corresponding key that message is carried out authentication, just can guarantee the fail safe of inter base station communication.
In the present embodiment, each base station is equivalent to be guaranteed by base station self legitimacy of Correspondent Node base station identity by using third party's signature key that the broadcasting certificate of other base stations is carried out authentication.Compare with embodiment one, can further alleviate the burden of core net.
Embodiment three:
Above-mentioned two embodiment have introduced in the base station communication process, how to guarantee the legitimacy of communicating pair identity and the reliability of communication information.On the basis of above scheme, present embodiment further provides a kind of inter base station communication method, to improve communication security.The method flow schematic diagram can be referring to shown in Figure 3, and below hypothesis base station 1 and base station 2 are the base station with legal identity, and have all obtained the other side's key (key of establishing base station 1 is key1, and the key of base station 2 is key2).
S301, base station 1 uses key2 that the message that is about to send to base station 2 is encrypted.
The scheme of Application Example one or embodiment two has been preserved the key key2 of base station 2 in the base station 1, for the follow-up message that is about to send to base station 2, base station 1 can use first key2 to be encrypted processing, obtains cipher-text message.
S302, the message after base station 1 will be encrypted sends to base station 2.
Base station 1 sends to base station 2 with cipher-text message, in conjunction with the embodiments one or embodiment two as can be known, base station 1 is when sending message, the key key1 that uses self is to the processing of again signing of this cipher-text message.
S303, base station 2 receipt messages use key2 that message is decrypted.
Base station 2 at first uses key1 that message is carried out authentication after receiving the cipher-text message of base station 1 transmission, after the reliability in the source of acknowledge message, re-uses key2 (perhaps with the corresponding private cipher key of key2) cipher-text message is decrypted.
The said method flow process all is suitable for respectively for base station 1 and base station 2.And, it will be understood by those skilled in the art that base station 1 or base station 2 also can pre-determine a communication private key, after being encrypted, use the other side's key offers the other side, and subsequent base stations 1 will use this private key of communicating by letter to carry out secure communication with base station 2.
Present embodiment is compared with embodiment one or embodiment two, on the basis of the reliability of the legitimacy that guarantees the communicating pair identity and communication information, further improved the confidentiality of communication, avoid Content of Communication to be obtained by the third party, and this process does not need the participation of core net.
Use the technical scheme that the embodiment of the invention provides, can guarantee the fail safe that directly communicates between H (e) NB.Directly communicate between H (e) NB, except reducing time delay, alleviating the core net burden, also can assist self-configuring and the self-optimizing of H (e) NB, to interference coordination, switching also can bring benefit fast.For example, when H (e) NB starts, can come by obtaining peripheral information the configuration of sensing neighbor, as, by reading neighbours' broadcast, obtain the configuration information of peripheral cell, such as the carrier number that uses, carrier wave operating position, the load condition of current area, the information such as neighbor cell configuration, new H (e) NB that starts finishes the parameter setting of oneself according to the neighboring BS information that listens to; In H (e) NB running, information that also can be by the real-time listening peripheral cell, thus carry out scheduling of resource and running parameter reconfigures, to reach the purposes such as interference of avoiding each other.
More than introduced several specific embodiment mode of the present invention; need to prove; technical solution of the present invention is to propose for the applied environment of HNB or HeNB; but scheme all or part of also can be used in other similar communication environments to improve the communication security performance, and these also should be included within protection scope of the present invention.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be finished by the relevant hardware of program command, aforesaid program can be stored in the computer read/write memory medium, this program is carried out the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: the various media that can be program code stored such as ROM (Read-Only Memory, read-only store-memory body), RAM (Random Access Memory, at random store-memory body), magnetic disc or CD.
Embodiment four:
Corresponding to top embodiment of the method, the embodiment of the invention also provides a kind of base station, referring to shown in Figure 4, comprising:
Key obtains unit 410, is used for according to the broadcast of described neighbor base stations, obtaining the key of described neighbor base stations after detecting the broadcast of neighbor base stations;
Message authentication unit 420 for the key that uses described neighbor base stations, carries out authentication to the message that described neighbor base stations sends.
The base station that the embodiment of the invention provides, the key of use neighbor base stations carries out authentication to the message that neighbor base stations sends, to guarantee the identity legitimacy of message sender.
Further, described key obtains unit 410, can comprise:
Identifier obtains subelement, is used for the broadcast from described neighbor base stations, obtains the sign of described neighbor base stations;
The key request subelement is used for sending secret key request message, the sign of carrying described neighbor base stations in the described secret key request message to core net;
The key reception subelement is used for receiving the key response message that core net sends, and carries the key of described neighbor base stations in the described key response message.
Above-mentioned base station is by sending key request to core net, and with the key of acquisition Correspondent Node, and the message of using this key that the opposite end is sent is carried out authentication.Be equivalent to be guaranteed by core net the legitimacy of communicating pair base station identity, guaranteed the reliability in follow-up receipt message source by base station self.Use above-mentioned base station, for core net, receive after the secret key request message, only need to check the relevant authentication information of self whether preserving the corresponding base station of sign, do not need to take very large resource.And interacting message follow-up between the base station does not need the participation of core net yet, thereby can reduce the communication delay between the base station, alleviates simultaneously the burden of core net.
Described key obtains unit 410, also can comprise:
The broadcasting certificate obtains subelement, is used for the broadcast from described neighbor base stations, obtains the broadcasting certificate of described neighbor base stations, carries the key of described neighbor base stations in the described broadcasting certificate;
Broadcasting certificate authentication subelement is used for using third party's signature key that the broadcasting certificate of described neighbor base stations is carried out authentication, if authentication is passed through, then preserves the key of described neighbor base stations; Wherein, described third party's signature key is provided by certification authority.
Use above-mentioned base station, each base station is equivalent to be guaranteed by base station self legitimacy of Correspondent Node base station identity, thereby further alleviates the burden of core net by using third party's signature key that the broadcasting certificate of other base stations is carried out authentication.
Figure 5 shows that the structural representation of the another kind of base station that the embodiment of the invention provides, compare with Fig. 4, this base station has further increased decrypt messages unit 430, is used for using the key of self that described cipher-text message is decrypted when the message that described neighbor base stations sends is cipher-text message.
Use above-mentioned base station, can on the basis of the reliability of the legitimacy that guarantees the communicating pair identity and communication information, further improve the confidentiality of communication, avoid Content of Communication to be obtained by the third party, and this process does not need the participation of core net.
Embodiment five:
The embodiment of the invention also provides a kind of communication system, comprising: core net and at least two base stations;
The second base station is used for from the broadcast of described the first base station, obtaining the sign of described neighbor base stations after the broadcast that detects the first adjacent base station; Send secret key request message to core net, carry the sign of described the first base station in the described secret key request message;
Described core net is used for according to described secret key request message, sends key response message to described the second base station, carries the key of described the first base station in the described key response message;
Described the second base station receives the key response message that core net sends, and uses the key of described the first base station, and the message that described the first base station sends is carried out authentication.
Referring to shown in Figure 6, described core net can comprise:
The first authentication unit 610 is used for according to the sign of described the first base station, verifying the identity of described the first base station after receiving the secret key request message that described the second base station sends;
Key transmitting element 620 is used for sending key response message to described the second base station after described the first authentication unit checking is passed through, and carries the key of described the first base station in the described key response message.
Referring to shown in Figure 7, described core net can further include the second authentication unit 630, is used for verifying the identity of described the second base station after receiving the secret key request message that described the second base station sends;
Then described the first authentication unit 620 after 630 checkings of described the second authentication unit are passed through, according to the sign of described the first base station, is verified the identity of described the first base station.
The communication system that present embodiment provides is guaranteed the legitimacy of communicating pair base station identity by core net, is guaranteed the reliability in follow-up receipt message source by base station self.For core net, receive after the secret key request message, only need to check the relevant authentication information of self whether preserving the corresponding base station of sign, do not need to take very large resource.And interacting message follow-up between the base station does not need the participation of core net yet, thereby can reduce the communication delay between the base station, alleviates simultaneously the burden of core net.
For equipment and system embodiment, because it is substantially corresponding to embodiment of the method, so describe fairly simplely, relevant part gets final product referring to the part explanation of embodiment of the method.Equipment and system embodiment described above only is schematic, wherein said unit as the separating component explanation can or can not be physically to separate also, the parts that show as the unit can be or can not be physical locations also, namely can be positioned at a place, perhaps also can be distributed on a plurality of network element.Can select according to the actual needs wherein some or all of module to realize the purpose of present embodiment scheme.Those of ordinary skills namely can understand and implement in the situation of not paying creative work.
The above only is the specific embodiment of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.

Claims (11)

1. an inter base station communication method is characterized in that, after detecting the broadcast of neighbor base stations, the method comprises:
According to the broadcast of described neighbor base stations, from the broadcast of described neighbor base stations, obtain the sign of described neighbor base stations;
Send secret key request message, the sign of carrying described neighbor base stations in the described secret key request message to core net;
Receive the key response message that core net sends, carry the key of described neighbor base stations in the described key response message;
Use the key of described neighbor base stations, the message that described neighbor base stations sends is carried out authentication.
2. method according to claim 1 is characterized in that,
After core net is received described secret key request message, verify according to the sign of described neighbor base stations the identity of described neighbor base stations if the verification passes, then to send described key response message.
3. method according to claim 1 is characterized in that, the method also comprises:
From the broadcast of described neighbor base stations, obtain the broadcasting certificate of described neighbor base stations, carry the key of described neighbor base stations in the described broadcasting certificate;
Use third party's signature key that the broadcasting certificate of described neighbor base stations is carried out authentication, if authentication is passed through, then preserve the key of described neighbor base stations; Wherein, described third party's signature key is provided by certification authority.
4. method according to claim 3 is characterized in that, described third party's signature perhaps is to obtain from core net is instant for pre-configured.
5. according to claim 1 to 4 each described methods, it is characterized in that the message that described neighbor base stations sends is cipher-text message, then described method also comprises:
Use the key of self that described cipher-text message is decrypted.
6. a base station is characterized in that, comprising:
Identifier obtains subelement, is used for being used for the broadcast from described neighbor base stations after detecting the broadcast of neighbor base stations, obtains the sign of described neighbor base stations;
The key request subelement is used for sending secret key request message, the sign of carrying described neighbor base stations in the described secret key request message to core net;
The key reception subelement is used for receiving the key response message that core net sends, and carries the key of described neighbor base stations in the described key response message;
The message authentication unit for the key that uses described neighbor base stations, carries out authentication to the message that described neighbor base stations sends.
7. base station according to claim 6 is characterized in that, described key obtains the unit, comprising:
The broadcasting certificate obtains subelement, is used for the broadcast from described neighbor base stations, obtains the broadcasting certificate of described neighbor base stations, carries the key of described neighbor base stations in the described broadcasting certificate;
Broadcasting certificate authentication subelement is used for using third party's signature key that the broadcasting certificate of described neighbor base stations is carried out authentication, if authentication is passed through, then preserves the key of described neighbor base stations; Wherein, described third party's signature key is provided by certification authority.
8. each described base station is characterized in that according to claim 6-7, and described base station also comprises:
The decrypt messages unit is used for using the key of self that described cipher-text message is decrypted when the message that described neighbor base stations sends is cipher-text message.
9. a communication system is characterized in that, comprises core net and at least two base stations;
The second base station is used for after the broadcast that detects the first adjacent base station, from the broadcast of described the first base station, obtains the sign of neighbor base stations; Send secret key request message to core net, carry the sign of described the first base station in the described secret key request message;
Described core net is used for according to described secret key request message, sends key response message to described the second base station, carries the key of described the first base station in the described key response message;
Described the second base station receives the key response message that core net sends, and uses the key of described the first base station, and the message that described the first base station sends is carried out authentication.
10. communication system according to claim 9 is characterized in that, described core net comprises:
The first authentication unit is used for according to the sign of described the first base station, verifying the identity of described the first base station after receiving the secret key request message that described the second base station sends;
The key transmitting element is used for sending key response message to described the second base station after described the first authentication unit checking is passed through, and carries the key of described the first base station in the described key response message.
11. communication system according to claim 10 is characterized in that, described core net also comprises the second authentication unit, is used for verifying the identity of described the second base station after receiving the secret key request message that described the second base station sends; Described the first authentication unit after described the second authentication unit checking is passed through, according to the sign of described the first base station, is verified the identity of described the first base station.
CN200980123374XA 2009-05-22 2009-05-22 Communication method, device and communication system between base stations Active CN101999240B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2009/071926 WO2010133036A1 (en) 2009-05-22 2009-05-22 Communication method, device and communication system between base stations

Publications (2)

Publication Number Publication Date
CN101999240A CN101999240A (en) 2011-03-30
CN101999240B true CN101999240B (en) 2013-03-13

Family

ID=43125727

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200980123374XA Active CN101999240B (en) 2009-05-22 2009-05-22 Communication method, device and communication system between base stations

Country Status (2)

Country Link
CN (1) CN101999240B (en)
WO (1) WO2010133036A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108270560B (en) * 2017-01-03 2023-06-09 中兴通讯股份有限公司 Key transmission method and device
CN112105024B (en) * 2020-11-12 2021-03-23 新华三技术有限公司 Base station identity authentication method, device and equipment
CN114501513B (en) * 2022-02-25 2024-03-26 成都中科微信息技术研究院有限公司 Method and system for improving reliability of NG link between base station and core network

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020083812A (en) * 2001-04-30 2002-11-04 주식회사 시큐어넥서스 Content service security system of broadcasting method and control method thereof
CN101291249B (en) * 2008-06-11 2011-05-25 中兴通讯股份有限公司 Method for configuring and displaying name of household base station, and name of internal customer group
CN100581169C (en) * 2008-08-21 2010-01-13 西安西电捷通无线网络通信有限公司 Multicast cryptographic key distribution method and updating method based on unicast conversation cryptographic key

Also Published As

Publication number Publication date
WO2010133036A1 (en) 2010-11-25
CN101999240A (en) 2011-03-30

Similar Documents

Publication Publication Date Title
US20220377540A1 (en) Key obtaining method and apparatus
Tian et al. A survey on C-RAN security
EP2008485B1 (en) Radio access system
CN110291804A (en) Session management authorization token
CN105682093A (en) Wireless network access method and access device, and client
CN106851632A (en) A kind of smart machine accesses the method and device of WLAN
CN105101158A (en) Profile switching method, signal intensity detection method and equipment
CN101854625A (en) Selective processing method and device of security algorithm, network entity and communication system
CN103179558A (en) Method and system for cluster system implementing group calling encryption
CN113543126B (en) Key obtaining method and device
CN103139768A (en) Authentication method and authentication device in integrated wireless network
Pratas et al. Massive machine-type communication (mMTC) access with integrated authentication
Li et al. Efficient authentication for fast handover in wireless mesh networks
KR20160143333A (en) Method for Double Certification by using Double Channel
CN107454591A (en) Ensure the method, apparatus and system of WIFI LAN communication safeties
Chen et al. Security architecture and scheme of user‐centric ultra‐dense network (UUDN)
CN104185245A (en) Method, device and system for limiting access position of base station
CN101999240B (en) Communication method, device and communication system between base stations
CN104796891A (en) Security certification system by means of service provider's network and corresponding method
TW201521470A (en) Base station and user equipment authentication method thereof
Chaouchi et al. Wireless and Mobile Networks Security
CN106304400A (en) The IP address distribution method of wireless network and system
CN106537962B (en) Wireless network configuration, access and access method, device and equipment
CN101499899B (en) Method, system and related device for preventing user cheating by household base station
Wang et al. An enhanced authentication protocol for WRANs in TV white space

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant