CN102223632B - A kind of Access Layer security algorithm synchronous method and system - Google Patents
A kind of Access Layer security algorithm synchronous method and system Download PDFInfo
- Publication number
- CN102223632B CN102223632B CN201010165494.0A CN201010165494A CN102223632B CN 102223632 B CN102223632 B CN 102223632B CN 201010165494 A CN201010165494 A CN 201010165494A CN 102223632 B CN102223632 B CN 102223632B
- Authority
- CN
- China
- Prior art keywords
- access layer
- layer security
- security algorithm
- rrc connection
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention provides a kind of Access Layer security algorithm synchronous method, comprise: after subscriber equipment receives RRC connection re-establishment message, carry out this locality configuration, send RRC connection re-establishment and complete message to base station, described RRC connection re-establishment completes in message carries the current Access Layer security algorithm enabled of described subscriber equipment; Described base station receives after described RRC connection re-establishment completes message, the Access Layer security algorithm described RRC connection re-establishment being completed Access Layer security algorithm and the described base station of carrying in message verifies, when verifying consistent, Access Layer security algorithm is success synchronously.The present invention also provides a kind of Access Layer security algorithm synchro system.
Description
Technical field
The present invention relates to mobile communication security fields, particularly relate to a kind of LTE (LongTermEvolution, Long Term Evolution) carrying out RRC (RadioResourceControl in system, wireless heterogeneous networks) synchronous method of connection reconstruction Access Layer (AccessStratum, AS) security algorithm immediately.
Background technology
In LTE system, the RRC function of network is placed on eNB (E-UTRANNodeB, the universal land radio access web Node B of evolution), and therefore the corresponding safety protecting mechanism of RRC is also placed among eNB thereupon.Due to the One's name is legion that eNB disposes, distribution area is wide, between Access Layer, each network entity is from geographical position or be all in high degree of dispersion in logic, operator cannot carry out in safe collection it and control, each eNB is in insecure area, so each eNB needs oneself to select the security algorithm for Access Layer security mechanism between each UE (UserEquipment, subscriber equipment) according to UE security capabilities.
In existing method, at MME (MobilityManagementEntity, mobile management entity) in the initial context process of establishing initiated, MME can set up in request message at initial context and the security capabilities of UE is carried to eNB, the security algorithm that eNB configures according to security capabilities and the eNB itself of UE again (comprises a protection algorithm integrallty list and a cryptographic algorithm list, if be configured with polyalgorithm in algorithm list, then according to operator or user's request, polyalgorithm is arranged according to the priority), select the priority of eNB configuration the highest and the security algorithm also supported of UE as final Access Layer security algorithm, comprise Access Layer signaling protection algorithm integrallty, signaling and DEA.If need afterwards to upgrade security algorithm, all carry out the selection of security algorithm by above-mentioned security algorithm selection principle.
Generally, the security algorithm of Access Layer can not change, only have when a switchover occurs, eNB just needs to reselect new Access Layer signaling protection algorithm integrallty according to the security capabilities of UE and current the configured security algorithm of eNB according to algorithm principle, signaling and DEA, then by RRC reallocation message, the Access Layer security algorithm newly selected is informed UE, after UE reshuffles oneself success, just start to reinstate new Access Layer security algorithm (namely just using new security algorithm to carry out integrity protection and encryption from RRC reprovision completes message).
In prior art, the handling process of RRC connection re-establishment as shown in Figure 1.No matter when when UE initiates RRC connection re-establishment request to eNB, do not need after eNB receives to upgrade Access Layer security algorithm, and also algorithm not safe to carry (in RRC connection re-establishment message undefined security algorithm cell) in the RRC connection re-establishment message sent to UE at eNB.
In LTE, each eNB safeguards the Access Layer security parameter between oneself and UE separately, comprises Access Layer security algorithm and safe key.Wherein, the security algorithm that each eNB supports is by being configured separately and safeguarding, so the support situation of each eNB to security algorithm is not necessarily identical, that is, the security algorithm eNB2 that eNB1 supports not necessarily supports, so, when the security algorithm that eNB2 does not support eNB1 to configure, when UE because be switched to eNB2 failure (RRC during switching reshuffles Pending The Entry Into Force) and occur RRC re-establish eNB2 time, if the security algorithm do not supported according to eNB2 re-starts security algorithm and selects, UE still uses former security algorithm to re-establish to RRC the words that message carries out integrity protection and encryption, eNB2 inherently because not supporting former algorithm to this decrypt messages and completeness check failure, finally cause UE access failure, thus badly influence the susceptibility of user.
All do not carry out the renewal of Access Layer security algorithm due to RRC connection reconstruction for above-mentioned immediately, and cause the phenomenon of UE access failure, current solution is: in RRC connection re-establishment message, increase Access Layer security algorithm configuration cell, if RRC connection reconstruction needs to upgrade Access Layer security algorithm immediately, just inform UE by RRC connection re-establishment message.Accessing success rate by making to improve UE in this way, improving user's susceptibility.But introduce a new problem: new security algorithm configuration can only issue UE by RRC connection re-establishment message simultaneously; but this message of RRC connection re-establishment itself is without integrity protection; if so the DEA in message is distorted by malicious attacker; eNB and UE can not Timeliness coverage; will cause eating dishes without rice or wine having in a period of time the invalid packets that a large amount of eNB cannot decipher like this, waste interface-free resources.
Summary of the invention
The technical problem to be solved in the present invention is to provide a kind of Access Layer security algorithm synchronous method, RRC connection reconstruction can be verified in time immediately to the correctness of the Access Layer security algorithm of UE configuration, ensure that the Access Layer security algorithm of eNB and UE is synchronous in time, thus the generation of invalid packets of avoiding eating dishes without rice or wine, improve the correctness of RRC connection re-establishment flow process.
In order to solve the problem, the invention provides a kind of Access Layer security algorithm synchronous method, comprising:
After subscriber equipment receives RRC connection re-establishment message, carry out this locality configuration, send RRC connection re-establishment and complete message to base station, described RRC connection re-establishment completes in message carries the current Access Layer security algorithm enabled of described subscriber equipment;
Described base station receives after described RRC connection re-establishment completes message, the Access Layer security algorithm described RRC connection re-establishment being completed Access Layer security algorithm and the described base station of carrying in message verifies, when verifying consistent, Access Layer security algorithm is success synchronously.
Said method also comprises; described RRC connection re-establishment completes the Access Layer security algorithm carried in message and comprises protection algorithm integrallty and cryptographic algorithm, or, only include DEA; wherein, described cryptographic algorithm comprises signaling cryptographic algorithm and DEA.
Said method also comprises, if carry new Access Layer security algorithm in described RRC connection re-establishment message, it is described new Access Layer security algorithm that described RRC connection re-establishment completes the current Access Layer security algorithm enabled of the described subscriber equipment carried in message.
Said method also comprises, if do not carry new Access Layer security algorithm in described RRC connection re-establishment message, the current Access Layer security algorithm enabled of the described subscriber equipment carried in described RRC connection re-establishment message is the former Access Layer security algorithm of described subscriber equipment.
Said method also comprises:
Described subscriber equipment sends RRC connection re-establishment request message to described base station;
New Access Layer security algorithm is selected after receiving described RRC connection re-establishment request message in described base station, or, judge whether to need to upgrade Access Layer security algorithm, if needed, select new Access Layer security algorithm;
Described base station sends described RRC connection re-establishment message to described subscriber equipment, carries described new Access Layer security algorithm in described RRC connection re-establishment message.
The present invention also provides a kind of Access Layer security algorithm synchro system, comprises subscriber equipment and base station, wherein,
Described subscriber equipment, after receiving RRC connection re-establishment message, carry out this locality configuration, send RRC connection re-establishment and complete message to described base station, described RRC connection re-establishment completes in message carries the current Access Layer security algorithm enabled of described subscriber equipment;
Described base station, for receiving after described RRC connection re-establishment completes message, the Access Layer security algorithm described RRC connection re-establishment being completed Access Layer security algorithm and the described base station of carrying in message verifies, and when verifying consistent, Access Layer security algorithm is success synchronously.
Said system also comprises; described subscriber equipment completes in described RRC connection re-establishment the Access Layer security algorithm carried in message and comprises protection algorithm integrallty and cryptographic algorithm, or, only include DEA; wherein, described cryptographic algorithm comprises signaling cryptographic algorithm and DEA.
Said system also comprises, described subscriber equipment, for when carrying new Access Layer security algorithm in described RRC connection re-establishment message, completing the current Access Layer security algorithm enabled of the described subscriber equipment carried in message in described RRC connection re-establishment is described new Access Layer security algorithm.
Said system also comprises, described subscriber equipment, for when not carrying new Access Layer security algorithm in described RRC connection re-establishment message, the current Access Layer security algorithm enabled of the described subscriber equipment carried in described RRC connection re-establishment message is the former Access Layer security algorithm of described subscriber equipment.
Said system also comprises, described subscriber equipment, also for sending RRC connection re-establishment request message to described base station;
Described base station, also for after receiving described RRC connection re-establishment request message, selects new Access Layer security algorithm, or, judge whether to need to upgrade Access Layer security algorithm, if needed, select new Access Layer security algorithm; Send described RRC connection re-establishment message to described subscriber equipment, in described RRC connection re-establishment message, carry described new Access Layer security algorithm.
The present invention compared with the conventional method, when there is RRC connection re-establishment to switching target eNB, if target eNB does not support original Access Layer security algorithm, target eNB only needs to carry out reselecting and informing UE by RRC connection re-establishment message of an Access Layer security algorithm, UE completes message by RRC connection re-establishment and returns Access Layer security algorithm, eNB completes to RRC connection re-establishment the Access Layer security algorithm that UE in message receives again and verifies, judge synchronously whether successful according to check results, thus avoiding unnecessary RRC connection failure, improve UE access rate and while improving user susceptibility, ensure correctness and the fail safe of algorithm configuration, avoid potential security threat.
Accompanying drawing explanation
Fig. 1 is RRC connection reconstruction Access Layer security algorithm process chart immediately in prior art;
Fig. 2 is the RRC connection reconstruction Access Layer security algorithm configuration immediately checking process figure that the present invention proposes;
Fig. 3 is the particular flow sheet of Access Layer security algorithm synchronous method embodiment 1 of the present invention;
Fig. 4 is the particular flow sheet of Access Layer security algorithm synchronous method embodiment 2 of the present invention;
Fig. 5 is the particular flow sheet of Access Layer security algorithm synchronous method embodiment 3 of the present invention;
Fig. 6 is the particular flow sheet of Access Layer security algorithm synchronous method embodiment 4 of the present invention.
Embodiment
Main thought of the present invention, after UE receives RRC connection re-establishment message, if carry new Access Layer security algorithm in message, then completes message by it by RRC connection re-establishment and takes back to eNB; If do not carry new Access Layer security algorithm in RRC connection re-establishment message, then former Access Layer security algorithm is completed message by RRC connection re-establishment and take back to eNB.
ENB successfully receive RRC connection re-establishment complete message after (namely to this signaling message deciphering, completeness check success), first the Access Layer security algorithm carried in message is verified: if identical with the Access Layer security algorithm that oneself configures, then think the Access Layer security algorithm synchronously success of this RRC connection reconstruction eNB and UE immediately, this RRC connection re-establishment success; Otherwise, think that RRC connection re-establishment message is tampered, this RRC connection re-establishment failure, and do corresponding abnormality processing.
The invention provides a kind of Access Layer security algorithm synchronous method, comprising:
After subscriber equipment receives RRC connection re-establishment message, carry out this locality configuration, send RRC connection re-establishment and complete message to base station, described RRC connection re-establishment completes in message carries the current Access Layer security algorithm enabled of described subscriber equipment;
Described base station receives after described RRC connection re-establishment completes message, the Access Layer security algorithm described RRC connection re-establishment being completed Access Layer security algorithm and the described base station of carrying in message verifies, when verifying consistent, Access Layer security algorithm is success synchronously.
Wherein, described RRC connection re-establishment completes the Access Layer security algorithm carried in message and comprises protection algorithm integrallty and cryptographic algorithm; or; only include DEA; wherein; described cryptographic algorithm is signaling cryptographic algorithm and DEA, signaling cryptographic algorithm and DEA identical or different.
Wherein, if carry new Access Layer security algorithm in described RRC connection re-establishment message, it is described new Access Layer security algorithm that described RRC connection re-establishment completes the current Access Layer security algorithm enabled of the described subscriber equipment carried in message; If do not carry new Access Layer security algorithm in described RRC connection re-establishment message, the current Access Layer security algorithm enabled of the described subscriber equipment carried in described RRC connection re-establishment message is the former Access Layer security algorithm of described subscriber equipment.
Wherein, described method also comprises: described subscriber equipment sends RRC connection re-establishment request message to described base station;
New Access Layer security algorithm is selected after receiving described RRC connection re-establishment request message in described base station, or, judge whether to need to upgrade Access Layer security algorithm, if needed, select new Access Layer security algorithm;
Described base station sends described RRC connection re-establishment message to described subscriber equipment, carries described new Access Layer security algorithm in described RRC connection re-establishment message.
Described base station is the Node B (eNB) of Node B (NodeB) or evolution.
The LTEeNB system RRC connection reconstruction that the present invention proposes immediately Access Layer security algorithm configures checking treatment flow process as shown in Figure 2:
ENB side:
After steps A 1:eNB receives RRC connection re-establishment request message, judge whether it is switch target eNB, if go to step A2 according to oneself current state; Otherwise go to step A6;
Whether the Access Layer security algorithm that the former Access Layer security algorithm configuration determination oneself that steps A 2:eNB comes according to handover request message band configures supports former Access Layer security algorithm (the Access Layer security algorithm of indication comprises protection algorithm integrallty and cryptographic algorithm) herein, if do not support that going to step A3 carries out security algorithm renewal; Otherwise not think and need to upgrade security algorithm, go to step A6;
It is wherein, so-called that to support former Access Layer security algorithm to refer in the protection algorithm integrallty that eNB configures to have at least to have one in the cryptographic algorithm that an and eNB the same with former protection algorithm integrallty configures at least the same with former cryptographic algorithm.
In the Access Layer security algorithm that steps A 3:eNB configures according to oneself and before handover request with UE security capabilities and background technology described in security algorithm selection principle select new Access Layer security algorithm (comprising protection algorithm integrallty and cryptographic algorithm) and be saved in this locality, and carry out this locality with new configuration and configure;
Steps A 4:eNB sends out RRC connection re-establishment message to UE, fills in the new Access Layer security algorithm selected in steps A 3 in the message;
Whether the Access Layer security algorithm configuration cell in RRC connection re-establishment message is existed mark by steps A 5:eNB is set to " existence ", goes to step A8;
Steps A 6:eNB uses the configuration of former Access Layer security algorithm to carry out this locality configuration;
Steps A 7:eNB sends out RRC connection re-establishment message to UE, whether Access Layer security algorithm configuration cell in message is existed mark and is set to " not existing ";
After the RRC connection re-establishment that steps A 8:eNB receives UE side completes message, the Access Layer security algorithm that Access Layer security algorithm entrained in message and eNB side are preserved is compared, if just the same, then Access Layer security algorithm synchronously success, RRC connection re-establishment success, process terminates; Otherwise go to step A9;
Steps A 9: Access Layer security algorithm synchronization failure, RRC connection re-establishment failure, does corresponding abnormality processing.
A kind of abnormality processing mode is: release UE, and namely eNB sends out RRC Connection Release to UE, and discharges the relevant resource of eNB side this UE all.Also can take other abnormality processing modes as required, the present invention is not construed as limiting this.
UE side:
Step B1:UE sends out RRC connection re-establishment request message to eNB;
After step B2:UE receives the RRC connection re-establishment message of eNB, whether there is mark judge whether to need to carry out the renewal of Access Layer security algorithm according to the Access Layer security algorithm configuration cell in message, if needed, enable in message with Access Layer security algorithm; Otherwise, still use former Access Layer security algorithm;
Step B3:UE carries out this locality configuration;
Step B4:UE sends RRC connection re-establishment to eNB and completes message, and carry the current Access Layer security algorithm enabled of UE within the message, process terminates.
Wherein, described Access Layer security algorithm comprises protection algorithm integrallty and cryptographic algorithm, and described cryptographic algorithm comprises signaling cryptographic algorithm and DEA, described signaling cryptographic algorithm and DEA identical or different; Or for saving interface-free resources, described Access Layer security algorithm can only include DEA.
In addition, also the judgement (the rapid A2 of above-mentioned middle eNB side step) the need of upgrading Access Layer security algorithm can not be done when eNB side receives RRC connection re-establishment request message, only carry out simple process, as long as namely eNB receives RRC connection re-establishment request message just renewal Access Layer security algorithm.
Embodiment 1
In the present embodiment, eNB receives RRC connection re-establishment request message, and eNB judges that Access Layer security algorithm is without the need to upgrading, and security algorithm verification succeeds, idiographic flow comprises the following steps as shown in Figure 3:
301, UE sends out RRC connection re-establishment request message to eNB;
302, eNB judges after receiving RRC connection re-establishment request message without the need to upgrading Access Layer security algorithm;
303, eNB configures this locality, wherein gives during the configuration of eNB user face and is not with Access Layer security algorithm parameter, namely still use former Access Layer security algorithm to configure;
304, eNB sets up RRC connection re-establishment message, whether Access Layer security algorithm configuration cell in message is existed mark and is set to " not existing ", then RRC connection re-establishment message is issued UE;
305, UE judge after receiving RRC connection re-establishment message in message with Access Layer security algorithm configuration cell whether there is mark and be set to " not existing ", illustrate that Access Layer security algorithm does not change; UE is local according to the information configuration of carrying in RRC connection re-establishment message, and wherein Access Layer security algorithm is constant;
306, UE is set up RRC connection re-establishment and is completed message, carries the former Access Layer security algorithm of current use in the message, and sends to eNB after carrying out integrity protection and encryption with former Access Layer security algorithm to this message;
The RRC connection re-establishment that 307, eNB receives UE completes message, is decrypted and completeness check this message with former Access Layer security algorithm;
308, the Access Layer security algorithm that Access Layer security algorithm entrained by RRC connection re-establishment completes in message by eNB and oneself this locality are preserved compares, and comparative result is just the same, and Access Layer security algorithm is success synchronously, RRC connection re-establishment success, process terminates.
Embodiment 2
In the present embodiment, eNB receives RRC connection re-establishment request message, and eNB judges that Access Layer security algorithm is without the need to upgrading, but security algorithm verifies unsuccessfully, and idiographic flow comprises the following steps as shown in Figure 4:
401, UE sends out RRC connection re-establishment request message to eNB;
402, eNB judges after receiving RRC connection re-establishment request message without the need to upgrading Access Layer security algorithm;
403, eNB configures this locality, wherein gives during the configuration of eNB user face and is not with Access Layer security algorithm parameter, namely still use former Access Layer security algorithm to configure;
404, set up RRC connection re-establishment message, whether the Access Layer security algorithm configuration cell in this message is existed mark and is set to " not existing ", then this message is issued UE;
405, UE judge after receiving RRC connection re-establishment message in message with Access Layer security algorithm configuration cell whether there is mark and be set to " not existing ", illustrate that Access Layer security algorithm does not change; UE is local according to the information configuration of carrying in RRC connection re-establishment message, and wherein Access Layer security algorithm is constant;
406, UE is set up RRC connection re-establishment and is completed message, carries the former Access Layer security algorithm of current use within the message, and sends to eNB after carrying out integrity protection and encryption with former Access Layer security algorithm to this message;
The RRC connection re-establishment that 407, eNB receives UE completes message, is decrypted and completeness check this message with former Access Layer security algorithm;
The Access Layer security algorithm that Access Layer security algorithm entrained by RRC connection re-establishment completes in message by 408, eNB and oneself this locality are preserved compares, and comparative result is different, Access Layer security algorithm synchronization failure, RRC connection re-establishment failure;
409, eNB sends RRC connection release message to UE;
410, eNB discharges the relevant all resources of eNB side UE, and process terminates.
Embodiment 3
ENB receives RRC connection re-establishment request message, and eNB judges that Access Layer security algorithm needs to upgrade, and security algorithm verification succeeds, idiographic flow comprises the following steps as shown in Figure 5:
501, UE sends out RRC connection re-establishment request message to eNB;
Judge after 502, eNB receives RRC connection re-establishment request message to need to upgrade Access Layer security algorithm;
The Access Layer security algorithm that 503, eNB configures according to oneself and UE security capabilities and the security algorithm selection principle described in background technology select new Access Layer security algorithm (comprising protection algorithm integrallty and cryptographic algorithm);
504, eNB configures this locality, wherein gives during the configuration of eNB user face and is with the new Access Layer security algorithm parameter selected, and namely uses the Access Layer security algorithm configuration of new selection;
505, eNB sets up RRC connection re-establishment message, fills in the new Access Layer security algorithm selected in 503 steps within the message, and whether the Access Layer security algorithm configuration cell in this message is existed mark is set to " existence ", then this message is issued UE;
506, UE judge after receiving RRC connection re-establishment message in message with Access Layer security algorithm configuration cell whether there is mark and be set to " existence ", illustrate that Access Layer security algorithm changes; UE is local according to the information configuration of carrying in RRC connection re-establishment message, and enables new Access Layer security algorithm entrained in message;
507, UE is set up RRC connection re-establishment and is completed message, carries the new Access Layer security algorithm of current use in the message, and sends to eNB after carrying out integrity protection and encryption with new Access Layer security algorithm to this message;
The RRC connection re-establishment that 508, eNB receives UE completes message, is decrypted and completeness check this message with new Access Layer security algorithm;
509, the Access Layer security algorithm that Access Layer security algorithm entrained by RRC connection re-establishment completes in message by eNB and oneself this locality are preserved compares, and when comparative result is the same, Access Layer security algorithm is success synchronously, RRC connection re-establishment success, process terminates.
Embodiment 4
ENB receives RRC connection re-establishment request message, and eNB judges that Access Layer security algorithm needs to upgrade, but security algorithm verifies unsuccessfully, and idiographic flow comprises the following steps as shown in Figure 6:
601, UE sends out RRC connection re-establishment request message to eNB;
Judge after 602, eNB receives RRC connection re-establishment request message to need to upgrade Access Layer security algorithm;
The Access Layer security algorithm that 603, eNB configures according to oneself and UE security capabilities and the security algorithm selection principle described in background technology select new Access Layer security algorithm (comprising protection algorithm integrallty and cryptographic algorithm);
604, eNB configures this locality, wherein gives during the configuration of eNB user face and is with the new Access Layer security algorithm parameter selected;
605, eNB sets up RRC connection re-establishment message, fills in the new Access Layer security algorithm selected in 603 steps in the message, and whether Access Layer security algorithm configuration cell in message is existed mark is set to " existence ", then message is issued UE;
606, UE judge after receiving RRC connection re-establishment message in message with Access Layer security algorithm configuration cell whether there is mark and be set to " existence ", illustrate that Access Layer security algorithm changes; UE is local according to the information configuration of carrying in RRC connection re-establishment message, and enables new Access Layer security algorithm entrained in message;
607, UE is set up RRC connection re-establishment and is completed message, carries the new Access Layer security algorithm of current use in the message, and sends to eNB after carrying out integrity protection and encryption with new Access Layer security algorithm to this message;
The RRC connection re-establishment that 608, eNB receives UE completes message, is decrypted and completeness check this message with new Access Layer security algorithm;
609, the security algorithm that the Access Layer security algorithm entrained by completing in message with RRC connection re-establishment and oneself this locality are preserved compares, and comparative result is different, Access Layer security algorithm synchronization failure, RRC connection re-establishment failure;
610, eNB sends RRC connection release message to UE;
611, eNB discharges the relevant all resources of eNB side UE, and process terminates.
The present invention also provides a kind of Access Layer security algorithm synchro system, comprises subscriber equipment and base station, wherein,
Described subscriber equipment, after receiving RRC connection re-establishment message, carry out this locality configuration, send RRC connection re-establishment and complete message to described base station, described RRC connection re-establishment completes in message carries the current Access Layer security algorithm enabled of described subscriber equipment;
Described base station, for receiving after described RRC connection re-establishment completes message, the Access Layer security algorithm described RRC connection re-establishment being completed Access Layer security algorithm and the described base station of carrying in message verifies, and when verifying consistent, Access Layer security algorithm is success synchronously.
Wherein, described subscriber equipment completes in described RRC connection re-establishment the Access Layer security algorithm carried in message and comprises protection algorithm integrallty and cryptographic algorithm; or; only include DEA; wherein; described cryptographic algorithm comprises signaling cryptographic algorithm and DEA, described signaling cryptographic algorithm and DEA identical or different.
Wherein, described subscriber equipment, for when carrying new Access Layer security algorithm in described RRC connection re-establishment message, completing the current Access Layer security algorithm enabled of the described subscriber equipment carried in message in described RRC connection re-establishment is described new Access Layer security algorithm; Also for when not carrying new Access Layer security algorithm in described RRC connection re-establishment message, the current Access Layer security algorithm enabled of the described subscriber equipment carried in described RRC connection re-establishment message is the former Access Layer security algorithm of described subscriber equipment.
Wherein, described subscriber equipment, also for sending RRC connection re-establishment request message to described base station;
Described base station, also for after receiving described RRC connection re-establishment request message, selects new Access Layer security algorithm, or, judge whether to need to upgrade Access Layer security algorithm, if needed, select new Access Layer security algorithm; Send described RRC connection re-establishment message to described subscriber equipment, in described RRC1 connection re-establishment message, carry described new Access Layer security algorithm.
Claims (10)
1. an Access Layer security algorithm synchronous method, is characterized in that, comprising:
After subscriber equipment receives RRC connection re-establishment message, carry out this locality configuration, send RRC connection re-establishment and complete message to base station, described RRC connection re-establishment completes in message carries the current Access Layer security algorithm enabled of described subscriber equipment;
Described base station receives after described RRC connection re-establishment completes message, the Access Layer security algorithm described RRC connection re-establishment being completed Access Layer security algorithm and the described base station of carrying in message verifies, when verifying consistent, Access Layer security algorithm is success synchronously.
2. the method for claim 1; it is characterized in that; described RRC connection re-establishment completes the Access Layer security algorithm carried in message and comprises protection algorithm integrallty and cryptographic algorithm; or; only include DEA; wherein, described cryptographic algorithm comprises signaling cryptographic algorithm and DEA.
3. method as claimed in claim 1 or 2, it is characterized in that, if carry new Access Layer security algorithm in described RRC connection re-establishment message, it is described new Access Layer security algorithm that described RRC connection re-establishment completes the current Access Layer security algorithm enabled of the described subscriber equipment carried in message.
4. method as claimed in claim 1 or 2, it is characterized in that, if do not carry new Access Layer security algorithm in described RRC connection re-establishment message, the current Access Layer security algorithm enabled of the described subscriber equipment carried in described RRC connection re-establishment message is the former Access Layer security algorithm of described subscriber equipment.
5. method as claimed in claim 1 or 2, it is characterized in that, described method also comprises:
Described subscriber equipment sends RRC connection re-establishment request message to described base station;
New Access Layer security algorithm is selected after receiving described RRC connection re-establishment request message in described base station, or, judge whether to need to upgrade Access Layer security algorithm, if needed, select new Access Layer security algorithm;
Described base station sends described RRC connection re-establishment message to described subscriber equipment, carries described new Access Layer security algorithm in described RRC connection re-establishment message.
6. an Access Layer security algorithm synchro system, is characterized in that, comprises subscriber equipment and base station, wherein,
Described subscriber equipment, after receiving RRC connection re-establishment message, carry out this locality configuration, send RRC connection re-establishment and complete message to described base station, described RRC connection re-establishment completes in message carries the current Access Layer security algorithm enabled of described subscriber equipment;
Described base station, for receiving after described RRC connection re-establishment completes message, the Access Layer security algorithm described RRC connection re-establishment being completed Access Layer security algorithm and the described base station of carrying in message verifies, and when verifying consistent, Access Layer security algorithm is success synchronously.
7. system as claimed in claim 6; it is characterized in that; described subscriber equipment completes in described RRC connection re-establishment the Access Layer security algorithm carried in message and comprises protection algorithm integrallty and cryptographic algorithm; or; only include DEA; wherein, described cryptographic algorithm comprises signaling cryptographic algorithm and DEA.
8. system as claimed in claims 6 or 7, it is characterized in that, described subscriber equipment, for when carrying new Access Layer security algorithm in described RRC connection re-establishment message, completing the current Access Layer security algorithm enabled of the described subscriber equipment carried in message in described RRC connection re-establishment is described new Access Layer security algorithm.
9. system as claimed in claims 6 or 7, it is characterized in that, described subscriber equipment, for when not carrying new Access Layer security algorithm in described RRC connection re-establishment message, the current Access Layer security algorithm enabled of the described subscriber equipment carried in described RRC connection re-establishment message is the former Access Layer security algorithm of described subscriber equipment.
10. system as claimed in claims 6 or 7, is characterized in that,
Described subscriber equipment, also for sending RRC connection re-establishment request message to described base station;
Described base station, also for after receiving described RRC connection re-establishment request message, selects new Access Layer security algorithm, or, judge whether to need to upgrade Access Layer security algorithm, if needed, select new Access Layer security algorithm; Send described RRC connection re-establishment message to described subscriber equipment, in described RRC connection re-establishment message, carry described new Access Layer security algorithm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010165494.0A CN102223632B (en) | 2010-04-15 | 2010-04-15 | A kind of Access Layer security algorithm synchronous method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010165494.0A CN102223632B (en) | 2010-04-15 | 2010-04-15 | A kind of Access Layer security algorithm synchronous method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102223632A CN102223632A (en) | 2011-10-19 |
| CN102223632B true CN102223632B (en) | 2015-12-16 |
Family
ID=44780031
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010165494.0A Active CN102223632B (en) | 2010-04-15 | 2010-04-15 | A kind of Access Layer security algorithm synchronous method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102223632B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109246692A (en) * | 2017-06-16 | 2019-01-18 | 华为技术有限公司 | Connection management method, terminal and wireless access network equipment |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102625471A (en) | 2012-04-12 | 2012-08-01 | 中兴通讯股份有限公司南京分公司 | Reconstruction method and device of wireless link |
| CN102821384A (en) | 2012-04-13 | 2012-12-12 | 中兴通讯股份有限公司 | Method and device for reestablishing wireless links |
| CN103379663B (en) * | 2012-04-24 | 2017-02-08 | 中兴通讯股份有限公司 | Method and system for rebuilding connection |
| WO2017026114A1 (en) * | 2015-08-13 | 2017-02-16 | 日本電気株式会社 | Communication terminal, base station, network device, data communication method, and security setting method |
| AU2018409908B2 (en) * | 2018-02-23 | 2021-10-28 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Method and device for determining security algorithm, and computer storage medium |
| WO2022087995A1 (en) * | 2020-10-29 | 2022-05-05 | 华为技术有限公司 | Man-in-the middle detection method and device |
| CN116233848A (en) * | 2021-12-03 | 2023-06-06 | 荣耀终端有限公司 | Data transmission protection method, device and system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1185903C (en) * | 2000-11-28 | 2005-01-19 | 诺基亚有限公司 | A system for ensuring encrypted communication after handover |
| WO2005079093A1 (en) * | 2004-02-11 | 2005-08-25 | Telefonaktiebolaget L M Ericsson (Publ) | Method for handling key sets during handover |
| CN101606407A (en) * | 2007-02-02 | 2009-12-16 | 诺基亚公司 | Between transfer period, change radio access network security algorithm |
-
2010
- 2010-04-15 CN CN201010165494.0A patent/CN102223632B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1185903C (en) * | 2000-11-28 | 2005-01-19 | 诺基亚有限公司 | A system for ensuring encrypted communication after handover |
| WO2005079093A1 (en) * | 2004-02-11 | 2005-08-25 | Telefonaktiebolaget L M Ericsson (Publ) | Method for handling key sets during handover |
| CN101606407A (en) * | 2007-02-02 | 2009-12-16 | 诺基亚公司 | Between transfer period, change radio access network security algorithm |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109246692A (en) * | 2017-06-16 | 2019-01-18 | 华为技术有限公司 | Connection management method, terminal and wireless access network equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102223632A (en) | 2011-10-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102223632B (en) | A kind of Access Layer security algorithm synchronous method and system | |
| CN102137400B (en) | Safety treatment method and system when re-establishing RRC (radio resource control) connection | |
| US20210243597A1 (en) | Multi-RAT Access Stratum Security | |
| CN109600803B (en) | Security protection method, device and system | |
| CN101945384B (en) | Method, device and system for processing safe key in reconnection of RRC (Radio Resource Control) | |
| CN101779391B (en) | Handover method with link failure recovery, wireless device and base station for implementing such method | |
| CN101715188B (en) | A kind of update method of air interface key and system | |
| AU2010265281B2 (en) | Key derivation method, device, and system | |
| CN102487507B (en) | A kind of method and system realizing integrity protection | |
| CN102215485B (en) | Method for guaranteeing safety of multi-carrier switching or reconstructing in multi-carrier communication system | |
| CN101610506B (en) | Method and device for preventing network safety from desynchronizing | |
| US20100002883A1 (en) | Security procedure and apparatus for handover in a 3gpp long term evolution system | |
| CN109479230A (en) | The method and device thereof that mobility for executing NB-IoT terminal is handled | |
| CN104581843A (en) | Method of Handling Handover for Network of Wireless Communication System and Communication Device Thereof | |
| US20100172500A1 (en) | Method of handling inter-system handover security in wireless communications system and related communication device | |
| CN102833741B (en) | A kind of safety parameter modification method and base station | |
| US20110135095A1 (en) | Method and system for generating key identity identifier when user equipment transfers | |
| CN103781069A (en) | Bidirectional-authentication method, device and system | |
| US8995664B2 (en) | Security in wireless communication system and device | |
| CA3060420A1 (en) | Radio link recovery for user equipment | |
| CN102958052A (en) | Secure data transmission method and related device | |
| CN100438372C (en) | Handoff in a hybrid communication network | |
| CN102264064A (en) | Method and system for synchronizing access stratum (AS) security algorithms | |
| CN101540981A (en) | Method and system for performing safety ability negotiation during emergent call | |
| CN102572816B (en) | Method and device for mobile switching |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |