CN102404732A - Safe processing method for user switching in relay system and base station - Google Patents
Safe processing method for user switching in relay system and base station Download PDFInfo
- Publication number
- CN102404732A CN102404732A CN2010102848892A CN201010284889A CN102404732A CN 102404732 A CN102404732 A CN 102404732A CN 2010102848892 A CN2010102848892 A CN 2010102848892A CN 201010284889 A CN201010284889 A CN 201010284889A CN 102404732 A CN102404732 A CN 102404732A
- Authority
- CN
- China
- Prior art keywords
- district
- target cell
- target
- sub
- denb
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/0005—Control or signalling for completing the hand-off
- H04W36/0055—Transmission or use of information for re-establishing the radio link
- H04W36/0066—Transmission or use of information for re-establishing the radio link of control information between different types of networks in order to establish a new radio link in the target network
Abstract
The embodiment of the invention discloses a safe processing method for user switching in a relay system and a base station. The method includes providing switched-in anchor evaluation base station DeNB to receive switching request news sent by a source relay node RN and aiming at user equipment (UE) for the source relay node RN, wherein the switching request news carries target region identification and rebuilding region identification, the DeNB respectively calculates secret keys for a target region and a rebuilding region, and the DeNB informs the base station occupied by the target region and the rebuilding region commonly of the secret key of the target region and the secret key of the rebuilding region. The system and the base station are suitable for user switching in the relay system.
Description
Technical field
The present invention relates to the mobile communication technology field, security processing and base station when the user is switched in particularly a kind of relay system.
Background technology
Along with popularizing of mobile communication, the safety problem in the mobile communication is just receiving increasing concern, and people also have higher requirement to the information security in the mobile communication.At present; In LTE (Long Term Evolution, Long Term Evolution) system, as UE (User Equipment; Subscriber equipment) by source eNB (Evolved NodeB; When evolution base station) switching to target eNB, can carry out corresponding safe handling between source eNB and target eNB and the UE, to guarantee the communication security between UE and the target eNB.
Along with the develop rapidly of radio communication service, future network need be supported the communication of blind spot area or hot zones with the layout designs of least cost, and better covering or system throughput are provided, and has introduced relaying technique for this reason.Different with the LTE system is in relay system, to have introduced RN (Relay Node; Via node), RN has the dual role of UE and eNB, on the one hand; E is the same with traditional U, through DeNB (Donor Evolved NodeB, the anchor point evolution base station) access network that access is provided for it; On the other hand, serve as the function of eNB, for the UE in its coverage provides access service.
Identical with the LTE system, in relay system, UE also has the mobility demand, between different RN, switches, and perhaps between different eNB, switches, and perhaps between RN and eNB, switches.
In realizing process of the present invention, the inventor finds to exist at least in the prior art following problem:
In relay system, when UE switches, there is not corresponding safe handling between source node and destination node and the UE, can not guarantee the communication security between UE and the destination node.
Summary of the invention
Embodiments of the invention provide security processing and the base station the when user is switched in a kind of relay system, can when UE switches, carry out safe handling, thereby guarantee the communication security between UE and the target network node.
The technical scheme that the embodiment of the invention adopts is:
Security processing when the user is switched in a kind of relay system comprises:
Receive the handoff request message to user equipment (UE) that said source RN sends for source via node RN provides the anchor point evolution base station DeNB of access, said handoff request message is carried Target Cell Identifier and is rebuild cell ID;
Said DeNB is said Target cell and rebuilds sub-district computation key respectively;
Said DeNB is with the key of said Target cell and the said Target cell of the key notification base station affiliated jointly with rebuilding the sub-district of said reconstruction sub-district.
Security processing when the user is switched in a kind of relay system comprises:
Be that source RN provides the DeNB of access to receive the handoff request message to UE that said source RN sends, said handoff request message is carried Target Cell Identifier and is rebuild cell ID, and the key of the Target cell that calculates of said source RN and rebuild the key of sub-district;
The base station that said DeNB is affiliated jointly with rebuilding the sub-district with the said Target cell of said handoff request message informing.
Security processing when the user is switched in a kind of relay system comprises:
Receive the handoff request message to UE that said source RN sends for source RN provides the DeNB of access, said handoff request message is carried Target Cell Identifier and is rebuild cell ID;
NCC value and NH value to said UE that said DeNB stores this locality are carried at the base station of notifying said Target cell affiliated jointly with rebuilding the sub-district in the said handoff request message.
Security processing when the user is switched in a kind of relay system comprises:
Target BS receives said Target cell and rebuilds the security parameter of sub-district, and wherein, said security parameter comprises key;
When said Target cell when rebuilding the sub-district and not belonging to same node, said target BS is notified the node under the said Target cell with the security parameter of said Target cell, notifies the node under the said reconstruction sub-district with the security parameter of said reconstruction sub-district.
A kind of base station comprises:
First receiver module is used for the handoff request message to UE that reception sources RN sends, and said handoff request message is carried Target Cell Identifier and rebuild cell ID;
Computing module is used to said Target cell and rebuilds sub-district computation key respectively;
First notification module is used for the key of said Target cell and the said Target cell of the key notification base station affiliated jointly with rebuilding the sub-district of said reconstruction sub-district.
A kind of base station comprises:
Second receiver module is used for the handoff request message to UE that reception sources RN sends, and said handoff request message is carried Target Cell Identifier and rebuild cell ID, and the key of the Target cell that calculates of said source RN and rebuild the key of sub-district;
Second notification module is used for the base station that the said Target cell of said handoff request message informing is affiliated jointly with rebuilding the sub-district.
A kind of base station comprises:
The 3rd receiver module is used to receive the handoff request message to UE that said source RN sends, and said handoff request message is carried Target Cell Identifier and rebuild cell ID;
The 3rd notice module is used for the NCC value to said UE with this locality storage and is carried at said handoff request message with NH value and notifies said Target cell the base station affiliated jointly with the reconstruction sub-district.
A kind of base station comprises:
The 4th receiver module, the security parameter that is used to receive said Target cell and rebuilds the sub-district, wherein, said security parameter comprises key;
Four-way is known module; Be used for when said Target cell does not belong to same node with the reconstruction sub-district; Notify the node under the said Target cell with the security parameter of said Target cell, notify the node under the said reconstruction sub-district the security parameter of said reconstruction sub-district.
Security processing and base station when the user is switched in the embodiment of the invention relay system; For providing the DeNB of access, source RN receives the handoff request message that said source RN sends to UE; Be Target cell and reconstruction sub-district difference computation key and the notification target sub-district base station affiliated jointly with rebuilding the sub-district; The key of the Target cell that perhaps said RN is calculated and rebuild the key of sub-district; Perhaps local NCC value that is directed against said UE of storing and NH value notification target sub-district and common affiliated base station, reconstruction sub-district, target BS will comprise the security parameter difference notification target sub-district and reconstruction sub-district of key.Compared with prior art, the embodiment of the invention can be carried out key synchronization by DeNB when UE switches, thereby guarantees the communication security between UE and the target network node.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art; To do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below; Obviously, the accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills; Under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
The method flow diagram that Fig. 1 provides for the embodiment of the invention one;
The method flow diagram that Fig. 2 provides for the embodiment of the invention two;
The method flow diagram that Fig. 3 provides for the embodiment of the invention three;
The method flow diagram that Fig. 4 provides for the embodiment of the invention four;
The method flow diagram that Fig. 5 provides for the embodiment of the invention five;
The method flow diagram that Fig. 6 provides for the embodiment of the invention six;
The method flow diagram that Fig. 7 provides for the embodiment of the invention seven;
The method flow diagram that Fig. 8 provides for the embodiment of the invention eight;
The method flow diagram that Fig. 9 provides for the embodiment of the invention nine;
The method flow diagram that Figure 10 provides for the embodiment of the invention ten;
The architecture of base station sketch map that Figure 11, Figure 12, Figure 13 provide for the embodiment of the invention 11;
The architecture of base station sketch map that Figure 14 provides for the embodiment of the invention 12;
The architecture of base station sketch map that Figure 15 provides for the embodiment of the invention 13;
The architecture of base station sketch map that Figure 16, Figure 17 provide for the embodiment of the invention 14.
Embodiment
To combine the accompanying drawing in the embodiment of the invention below, the technical scheme in the embodiment of the invention is carried out clear, intactly description, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills are not making all other embodiment that obtained under the creative work prerequisite, all belong to the scope of the present invention's protection.
For the advantage that makes technical scheme of the present invention is clearer, the present invention is elaborated below in conjunction with accompanying drawing and embodiment.
Embodiment one
Present embodiment provides the security processing the when user is switched in a kind of relay system, and is as shown in Figure 1, and said method comprises:
101, receive the handoff request message to user equipment (UE) that said source RN sends for source via node RN provides the anchor point evolution base station DeNB of access, said handoff request message is carried Target Cell Identifier and is rebuild cell ID.
102, said DeNB is said Target cell and rebuilds sub-district computation key respectively.
103, said DeNB is with the key of said Target cell and the common affiliated base station of said Target cell of key notification and reconstruction sub-district of said reconstruction sub-district.
Security processing when the user is switched in the embodiment of the invention relay system; For providing the DeNB of access, source RN receives the handoff request message that said source RN sends to UE; Be said Target cell and reconstruction sub-district difference computation key, with the key of said Target cell and the said Target cell of the key notification base station affiliated jointly of said reconstruction sub-district with rebuilding the sub-district.Compared with prior art, the embodiment of the invention can be carried out key synchronization by DeNB when UE switches, thereby guarantees the communication security between UE and the target network node.
Embodiment two
Present embodiment provides the security processing the when user is switched in a kind of relay system, and is as shown in Figure 2, and said method comprises:
201, for providing the DeNB of access, source RN receives the handoff request message that said source RN sends to UE; Said handoff request message is carried Target Cell Identifier and is rebuild cell ID, and the key of the Target cell that calculates of said source RN and rebuild the key of sub-district.
202, said DeNB is with the common affiliated base station of said Target cell of said handoff request message informing and reconstruction sub-district.
Security processing when the user is switched in the embodiment of the invention relay system; For providing the DeNB of access, source RN receives the handoff request message that said source RN sends to UE; Said handoff request message is carried the key of the Target cell that said source RN calculates and is rebuild the key of sub-district, with the said Target cell of said handoff request message informing with rebuild the base station of sub-district under common.Compared with prior art, the embodiment of the invention can be carried out key synchronization by DeNB when UE switches, thereby guarantees the communication security between UE and the target network node.
Embodiment three
Present embodiment provides the security processing the when user is switched in a kind of relay system, and is as shown in Figure 3, and said method comprises:
301, receive the handoff request message to UE that said source RN sends for source RN provides the DeNB of access, said handoff request message is carried Target Cell Identifier and is rebuild cell ID.
302, said DeNB notifies being carried to the NCC value of said UE and NH value of this locality storage said Target cell and rebuilds affiliated jointly base station, sub-district in the said handoff request message.
Security processing when the user is switched in the embodiment of the invention relay system; For providing the DeNB of access, source RN receives the handoff request message that said source RN sends to UE; Being carried to the NCC value of said UE and NH value of this locality storage notified said Target cell and rebuild the base station of sub-district under common in the said handoff request message, by said Target cell with rebuild the base station of sub-district under common according to NCC value and the key of the said Target cell of NH value calculating and the key of reconstruction sub-district to said UE.Compared with prior art, the embodiment of the invention can be carried out key synchronization by DeNB when UE switches, thereby guarantees the communication security between UE and the target network node.
Embodiment four
Present embodiment provides the security processing the when user is switched in a kind of relay system, and is as shown in Figure 4, and said method comprises:
401, target BS receives the security parameter of said Target cell and reconstruction sub-district, and wherein, said security parameter comprises key.
402, when said Target cell with when rebuilding the sub-district and not belonging to same node; Said target BS is notified the node under the said Target cell with the security parameter of said Target cell, notifies the node under the said reconstruction sub-district with the security parameter of said reconstruction sub-district.
Wherein, said Target cell with rebuild the sub-district and do not belong to same node and specifically can comprise:
Said Target cell belongs to the RN under the said target BS, and said reconstruction sub-district belongs to said target BS;
Perhaps
Said Target cell belongs to said target BS, and said reconstruction sub-district belongs to the RN under the said target BS;
Perhaps
Said Target cell belongs to the RN under the said target BS, and said reconstruction sub-district belongs to the 2nd RN under the said target BS;
Perhaps
Said Target cell belongs to the RN under the said target BS, and a said reconstruction sub-district part belongs to the 2nd RN under the said target BS, and another part belongs to said target BS;
Perhaps
Said Target cell belongs to said target BS, and a said reconstruction sub-district part belongs to said target BS, and another part belongs to the RN under the said target BS.
Security processing when the user is switched in the embodiment of the invention relay system; Target BS receives said Target cell and rebuilds the security parameter of sub-district; Wherein, said security parameter comprises key, when said Target cell does not belong to same node with the reconstruction sub-district; Said target BS is notified the node under the said Target cell with the security parameter of said Target cell, notifies the node under the said reconstruction sub-district with the security parameter of said reconstruction sub-district.Compared with prior art, the embodiment of the invention can be carried out the synchronous of security parameter when UE switches, thereby guarantees the communication security between UE and the target network node.
Embodiment five
Present embodiment provides the security processing the when user is switched in a kind of relay system; In the present embodiment, UE switches to target DeNB by source RN, wherein; Target DeNB provides the DeNB of access for this RN; The Target cell that switches possibly all be the sub-district under the target DeNB with rebuilding the sub-district, possibly Target cell be the sub-district under the target DeNB also, is the sub-district under the RN of source and rebuild the sub-district.
As shown in Figure 5, the security processing the when user is switched in the said relay system comprises:
501, UE sends measurement report to source RN.
502, source RN carries out switch decision according to this measurement report, and select target sub-district and reconstruction sub-district are respectively Target cell and rebuild sub-district computation key KeNB* with each.
Key K eNB* calculates according to following formula (1):
KeNB*=KDF(KeNB/NH,PCI,DL-AERFCN) (1)
Wherein, KDF is the function of computation key KeNB*, and this KDF function comprises following input:
The key K eNB of the current use of source RN or NH (Next Hop, next jumping) value;
The PCI (Physical Cell Identity, Physical Cell Identifier) of Target cell or reconstruction sub-district;
The DL-AERFCN (Down-Link E-UTRA Absolute Radio Frequency Channel Number, the absolute wireless frequency number of channel of descending E-UTRA) of Target cell or reconstruction sub-district.
503, source RN sends handoff request message to target DeNB; Comprise key and the corresponding NCC (Next-Hop Chain Counter, following jumping chain counting) thereof of security algorithm that source RN uses, Target cell in this message, respectively rebuild key and the corresponding NCC thereof of sub-district and the security algorithm that UE supports.
Wherein, security algorithm that said source RN uses and the key of respectively rebuilding the sub-district are used for when UE is switched to target DeNB failure by source RN after, using when switching to the reconstruction sub-district.
504, target DeNB receives handoff request message by source RN, each key K eNB* is carried out related preservation with its corresponding district sign and NCC, and in the security algorithm by the UE support, select a security algorithm.
Particularly, in the security algorithm that target DeNB has, select the security algorithm that priority is higher, in the security algorithm of security algorithm of oneself supporting and UE support as the security algorithm of target DeNB selection.
Optional, the key K eNB* that target DeNB also can not use source RN to calculate, but adopt following mode computation key KeNB*:
Mode 1: when the NCC value of carrying in the handoff request message that NCC value that target DeNB go up to preserve receives greater than target DeNB, show when preserving fresh NCC, NH value on the target DeNB, then the NH computation key KeNB* of target DeNB use preservation.
Mode 1: when not preserving fresh NCC, NH value on the target DeNB, but carry the key K eNB of the current use of source RN in the handoff request message that target DeNB receives, then target DeNB uses this key K eNB, utilizes formula (1) computation key KeNB*.
Optional; If target DeNB decision is Target cell and reconstruction sub-district computation key; And preserve fresh NCC, NH value on the target DeNB; Then target DeNB utilizes formula (1), as input, calculates the key K eNB* of target DeNB with NH value, Target cell or the PCI and the DL-AERFCN that rebuild the sub-district; If target DeNB decision is not preserved fresh NCC, NH value for Target cell with rebuilding on sub-district computation key and the target DeNB; Then target DeNB utilizes formula (1); As input, calculate the key K eNB* of target DeNB with the key K eNB* of the current use of UE, Target cell or the PCI and the DL-AERFCN that rebuild the sub-district.
Optional; If Target cell and the key of rebuilding the sub-district are not calculated in target DeNB decision; And target DeNB goes up the NCC value of preservation greater than the NCC value of carrying in the handoff request message, and then target DeNB sends to source RN with NCC, the NH value of preserving through switching request acknowledgement message subsequently.
Further, if there is the sub-district of reconstruction to belong to other source RN under the target DeNB, then said method can also comprise:
Target DeNB will rebuild the NCC of corresponding key in sub-district and correspondence thereof and the information such as security algorithm of source RN use send to the affiliated RN in this reconstruction sub-district.
505, target DeNB sends switching request acknowledgement message to source RN, comprises the security algorithm that NCC that the key of Target cell is corresponding and target DeNB select in this message.
506, source RN sends switching command message to UE, comprises the security algorithm that NCC that the key of Target cell is corresponding and target DeNB select in this message.
507, UE calculates the key of NH and UE according to said NCC.
Wherein, the key of UE calculates according to formula (1).
After this, UE can communicate according to the key of said UE and the security algorithm and the target DeNB of target DeNB selection.
508, UE sends handoff completion message to target DeNB.
Optional, said method can also comprise:
509, target DeNB comprises the security algorithm of the UE support that source RN sends over to MME (Mobility Management Entity, Mobility Management Entity) transmit path modify request messages in this message.
510, MME is at local update NCC and NH.
511, MME revises the request acknowledge message to target DeNB reverse-path, comprises NCC and NH after the renewal in this message.
512, target DeNB preserves NCC and the NH after the said renewal.
Security processing when the user is switched in the embodiment of the invention relay system; When UE switches to target DeNB by source RN; Source RN sends handoff request message to target DeNB; The switching request acknowledgement message that receiving target DeNB sends, and, comprise the NCC of Target cell and each reconstruction sub-district and the security algorithm of target DeNB selection in the said switching command message to UE transmission switching command message; It is synchronous with security algorithm that the security algorithm of being selected according to NCC and target DeNB by UE carries out key synchronization, thus the communication security between assurance UE and the target DeNB.
Embodiment six
Present embodiment provides the security processing the when user is switched in a kind of relay system, and in the present embodiment, UE switches to target RN by source RN, and wherein, source RN and target RN are positioned under the same DeNB.
As shown in Figure 6, the security processing the when user is switched in the said relay system comprises:
601, UE sends measurement report to source RN.
602, source RN carries out switch decision according to this measurement report, select target sub-district and reconstruction sub-district.
Optional, source RN can be respectively Target cell and rebuild sub-district computation key KeNB* with each, specifically can be referring to 502.
603, source RN sends handoff request message to DeNB, comprises the security algorithm of source RN use and the security algorithm that UE supports in this message.
Optional, if being Target cell, source RN calculated key K eNB* with each reconstruction sub-district, then also comprise key and the corresponding NCC and the key and the corresponding NCC thereof that respectively rebuilds the sub-district of Target cell in this message.
604, DeNB receives the first handoff request message by source RN, judges whether to be Target cell and reconstruction sub-district computation key.
If do not comprise key and the corresponding NCC and the key and the corresponding NCC thereof that respectively rebuilds the sub-district of Target cell in this message, then DeNB adopts following mode computation key KeNB*:
Mode 1: when the NCC value of carrying in the handoff request message that NCC value that DeNB go up to preserve receives greater than DeNB, show when preserving fresh NCC, NH value on the DeNB, then the NH computation key KeNB* of DeNB use preservation.
Mode 1: when not preserving fresh NCC, NH value on the DeNB, but carry the key K eNB of the current use of source RN in the handoff request message that DeNB receives, then DeNB uses this key K eNB, utilizes formula (1) computation key KeNB*.
Optional; If the DeNB decision is Target cell and reconstruction sub-district computation key, and preserves fresh NCC, NH value on the DeNB, then DeNB utilizes formula (1); As input, calculate the key K eNB* of DeNB with NH value, Target cell or the PCI and the DL-AERFCN that rebuild the sub-district; If the DeNB decision is not preserved fresh NCC, NH value for Target cell with rebuilding on sub-district computation key and the DeNB; Then DeNB utilizes formula (1); As input, calculate the key K eNB* of DeNB with the key K eNB* of the current use of UE, Target cell or the PCI and the DL-AERFCN that rebuild the sub-district.
Optional; If Target cell and the key of rebuilding the sub-district are not calculated in the DeNB decision; And the NCC value of the last preservation of DeNB is greater than the NCC value of carrying in the handoff request message, and then DeNB sends to source RN with NCC, the NH value of preserving through switching request acknowledgement message subsequently.
If comprise key and the corresponding NCC and the key and the corresponding NCC thereof that respectively rebuilds the sub-district of Target cell in this message, then DeNB does not calculate key K eNB*.
605, DeNB preserves the key of rebuilding the sub-district, the security algorithm of source RN use and the security algorithm that UE supports; Send handoff request message to target RN; Comprise the security algorithm that the key, UE of Target cell are supported in this message, perhaps, also comprise information such as NCC that DeNB adds, NH.
Further, if there is the sub-district of reconstruction to belong to other RN under the DeNB, then said method can also comprise:
DeNB will rebuild the NCC of corresponding key in sub-district and correspondence thereof and the information such as security algorithm of source RN use send to the affiliated RN in this reconstruction sub-district.
606, target RN receives handoff request message by DeNB, if comprise fresh NCC and NH value in this message, then:
Target RN calculates the key of Target cell according to fresh NH, and this key is carried out related preservation with the corresponding NCC of NH;
Perhaps
Target RN preserves fresh NCC and NH, and with the related preservation with NCC of the key in this message.
Further, in the security algorithm of target RN by the UE support, select a security algorithm.
607, target RN sends switching request acknowledgement message to DeNB, comprises the security algorithm that NCC that the key of Target cell is corresponding and target RN select in this message.
608, DeNB is transmitted to source RN with this switching request acknowledgement message.
609, source RN sends switching command message to UE, comprises the security algorithm that NCC that the key of Target cell is corresponding and target RN select in this message.
610, UE calculates the key of NH and UE according to said NCC.
Wherein, the key of UE calculates according to formula (1).
After this, UE can communicate according to the key of said UE and the security algorithm and the target RN of target RN selection.
611, UE sends handoff completion message to target RN.
Optional, said method can also comprise:
612, target RN comprises the security algorithm of the UE support that source RN sends over to DeNB transmit path modify request messages in this message.
613, DeNB is transmitted to MME with this path modify request messages.
614, MME revises the request acknowledge message to the DeNB reverse-path, comprises fresh NCC and NH in this message.
615, DeNB revises the request acknowledge message with this path and is transmitted to target RN.
Wherein, DeNB can be kept at this locality with NCC and NH in this message, does not send to target RN; Perhaps, DeNB all is transmitted to target RN with this message.
Optional, can not carry out 612 and 615, only carry out 613 and 614 in 607 backs.
Security processing when the user is switched in the embodiment of the invention relay system; When UE switches to target RN by source RN; Source RN sends handoff request message to target RN; The switching request acknowledgement message that receiving target RN sends, and, comprise the NCC of Target cell and each reconstruction sub-district and the security algorithm of target RN selection in the said switching command message to UE transmission switching command message; It is synchronous with security algorithm that the security algorithm of being selected according to NCC and target RN by UE carries out key synchronization, thus the communication security between assurance UE and the target RN.
Embodiment seven
Present embodiment provides the security processing the when user is switched in a kind of relay system, and in the present embodiment, UE switches to target eNB by source RN; Be positioned under the same MME for source RN provides the DeNB of access and target eNB, and have X2 interface between DeNB and the target eNB, adopt X2 to switch.
Wherein, Target cell is the sub-district under the target eNB, rebuilds the sub-district and comprises the sub-district under the target eNB, perhaps also comprises the sub-district under the RN under the target eNB.
As shown in Figure 7, the security processing the when user is switched in the said relay system comprises:
701, UE sends measurement report to source RN.
702, source RN carries out switch decision according to this measurement report, select target sub-district and reconstruction sub-district.
Optional, source RN can be respectively Target cell and rebuild sub-district computation key KeNB* with each, specifically can be referring to 502.
703, source RN sends handoff request message to DeNB, comprises the security algorithm of source RN use and the security algorithm that UE supports in this message.
Optional, if being Target cell, source RN calculated key K eNB* with each reconstruction sub-district, then also comprise key and the corresponding NCC and the key and the corresponding NCC thereof that respectively rebuilds the sub-district of Target cell in this message.
704, DeNB receives handoff request message by source RN, judges whether to be Target cell and reconstruction sub-district computation key.
Specifically can repeat no more at this with reference to 604.
705, DeNB preserves the key of rebuilding the sub-district, the security algorithm of source RN use and the security algorithm that UE supports; Send handoff request message to target eNB; Comprise the security algorithm that the corresponding key of Target cell, UE support in this message; Perhaps, also comprise information such as NCC that DeNB adds, NH.
Further, if there is the sub-district of reconstruction to belong to the RN under the target eNB, then said method can also comprise:
Target eNB will be rebuild the NCC of corresponding key in sub-district and correspondence thereof and the information such as security algorithm of source RN use send to the affiliated RN in this reconstruction sub-district.
706, target eNB receives handoff request message by DeNB, if comprise fresh NCC and NH value in this message, then:
Target eNB is calculated the key of Target cell according to fresh NH, and this key is carried out related preservation with the corresponding NCC of NH;
Perhaps
Target eNB is preserved fresh NCC and NH, and with the related preservation with NCC of the key in this message.
Further, in the security algorithm of target eNB by the UE support, select a security algorithm.
707, target eNB is sent switching request acknowledgement message to DeNB, comprises the security algorithm that NCC that the key of Target cell is corresponding and target eNB are selected in this message.
708, DeNB is transmitted to source RN with this switching request acknowledgement message.
709, source RN sends switching command message to UE, comprises the security algorithm that NCC that the key of Target cell is corresponding and target eNB are selected in this message.
710, UE calculates the key of NH and UE according to said NCC.
Wherein, the key of UE calculates according to formula (1).
After this, UE can communicate according to security algorithm and the target eNB that key and the target eNB of said UE are selected.
711, UE sends handoff completion message to target eNB.
712, target eNB comprises the security algorithm that UE supports to MME transmit path modify request messages in this message.
713, MME revises the request acknowledge message to the target eNB reverse-path, comprises fresh NCC and NH in this message.
Security processing when the user is switched in the embodiment of the invention relay system; When UE switches to target eNB by source RN; Source RN sends handoff request message to target eNB; The switching request acknowledgement message that receiving target eNB sends, and, comprise the NCC of Target cell and each reconstruction sub-district and the security algorithm of target eNB selection in the said switching command message to UE transmission switching command message; It is synchronous with security algorithm that the security algorithm of being selected according to NCC and target eNB by UE carries out key synchronization, thus the communication security between assurance UE and the target eNB.
Embodiment eight
Present embodiment provides the security processing the when user is switched in a kind of relay system, and in the present embodiment, UE switches to target eNB by source RN; Provide the DeNB of access to be positioned under the different MME for source RN, do not have X2 interface between DeNB and the target eNB, adopt S1 to switch with target eNB.
Wherein, Target cell is the sub-district under the target eNB, rebuilds the sub-district and comprises the sub-district under the target eNB, perhaps also comprises the sub-district under the RN under the target eNB.
As shown in Figure 8, the security processing the when user is switched in the said relay system comprises:
801, UE sends measurement report to source RN.
802, source RN carries out switch decision according to this measurement report, select target sub-district and reconstruction sub-district.
Optional, source RN can be respectively Target cell and rebuild sub-district computation key KeNB* with each, specifically can be referring to 502.
803, source RN sends handoff request message to DeNB, comprises the security algorithm of source RN use and the security algorithm that UE supports in this message.
Optional, if being Target cell, source RN calculated key K eNB* with each reconstruction sub-district, then also comprise key and the corresponding NCC and the key and the corresponding NCC thereof that respectively rebuilds the sub-district of Target cell in this message.
804, DeNB receives handoff request message by source RN, judges whether to be Target cell and reconstruction sub-district computation key.
Specifically can repeat no more at this with reference to 604.
805, DeNB gives source MME with the handoff request forwards.
806, source MME upgrades NCC and NH.
807, source MME sends S10 to target MME and transmits RELOCATION REQUEST message; Comprise the security algorithm that NCC and NH value, UE after the renewal support, security algorithm, Kasme, the KSI that source RN uses in this message, perhaps also comprise the key and the corresponding NCC thereof of the Target cell that DeNB calculates.
808, target MME sends handoff request message to target eNB, comprises the security algorithm that NCC and NH value, UE after the renewal support, the security algorithm that source RN uses in this message, perhaps also comprises key and the NCC of correspondence thereof of the Target cell of DeNB calculating.
809, target eNB is with the key of Target cell and corresponding related preservation of NCC thereof.
Optional, if do not comprise the key and the corresponding NCC thereof of the Target cell that DeNB calculates in this message, then target eNB is calculated the key of Target cell according to the NH value after upgrading.
810, target eNB is selected a security algorithm from the security algorithm that UE supports, sends switching response message to target MME, comprises the security algorithm of target eNB selection and the NCC after the renewal in this message.
811, target MME sends S10 to source MME and transmits relocation response message, comprises the security algorithm of target eNB selection and the NCC after the renewal in this message.
812, source MME sends switching request acknowledgement message to DeNB, comprises the security algorithm of target eNB selection and the NCC after the renewal in this message.
813, DeNB sends switching request acknowledgement message to source RN, comprises the security algorithm of target eNB selection and the NCC after the renewal in this message.
814, source RN sends switching command message to UE, comprises the security algorithm of target eNB selection and the NCC after the renewal in this message.
815, UE calculates the key of NH and UE according to NCC, and the key of UE is carried out related preservation with NCC.
Wherein, the key of UE calculates according to formula (1).
After this, UE can communicate according to security algorithm and the target eNB that key and the target eNB of said UE are selected.
816, UE sends handoff completion message to target eNB.
817, target eNB is sent handoff notification message to target MME.
Security processing when the user is switched in the embodiment of the invention relay system; When UE switches to target eNB by source RN; Source RN sends handoff request message to target eNB; The switching request acknowledgement message that receiving target eNB sends, and, comprise the NCC of Target cell and each reconstruction sub-district and the security algorithm of target eNB selection in the said switching command message to UE transmission switching command message; It is synchronous with security algorithm that the security algorithm of being selected according to NCC and target eNB by UE carries out key synchronization, thus the communication security between assurance UE and the target eNB.
Embodiment nine
Present embodiment provides the security processing the when user is switched in a kind of relay system, and in the present embodiment, UE switches to target RN by source RN, and wherein, source RN lays respectively under the different DeNB with target RN; The source DeNB that access is provided for source RN be positioned under the same MME for target RN provides the target DeNB of access, have X2 interface between source DeNB and the target DeNB, employing X2 switching.
As shown in Figure 9, the security processing the when user is switched in the said relay system comprises:
901, UE sends measurement report to source RN.
902, source RN carries out switch decision according to this measurement report, select target sub-district and reconstruction sub-district.
Optional, source RN can be respectively Target cell and rebuild sub-district computation key KeNB* with each, specifically can be referring to 502.
903, source RN sends handoff request message to source DeNB, comprises the security algorithm of source RN use and the security algorithm that UE supports in this message.
Optional, if being Target cell, source RN calculated key K eNB* with each reconstruction sub-district, then also comprise key and the corresponding NCC and the key and the corresponding NCC thereof that respectively rebuilds the sub-district of Target cell in this message.
904, source DeNB receives handoff request message by source RN, judges whether to be Target cell and reconstruction sub-district computation key.
Specifically can repeat no more at this with reference to 604.
905, source DeNB preserves the key of rebuilding the sub-district, the security algorithm of source RN use and the security algorithm that UE supports; Send handoff request message to target DeNB; Comprise the key of Target cell, the security algorithm that UE supports in this message; Perhaps, also comprise information such as NCC that source DeNB adds, NH.
906, target DeNB will give target RN to switching forwards.
907, target RN receives this handoff request message by target DeNB, if comprise fresh NCC and NH value in this message, then:
Target RN calculates the key of Target cell according to fresh NH, and this key is carried out related preservation with the corresponding NCC of NH;
Perhaps
Target RN preserves fresh NCC and NH, and with the related preservation with NCC of the key in this message.
Further, in the security algorithm of target RN by the UE support, select a security algorithm.
908, target RN sends switching request acknowledgement message to target DeNB, comprises the security algorithm that NCC that the key of Target cell is corresponding and target RN select in this message.
909, target DeNB is transmitted to source DeNB with this switching request acknowledgement message.
910, source DeNB is transmitted to source RN with this switching request acknowledgement message.
911, source RN sends switching command message to UE, comprises the security algorithm that NCC that the key of Target cell is corresponding and target RN select in this message.
912, UE calculates the key of NH and UE according to said NCC.
Wherein, the key of UE calculates according to formula (1).
After this, UE can communicate according to the key of said UE and the security algorithm and the target RN of target RN selection.
913, UE sends handoff completion message to target RN.
Optional, said method can also comprise:
914, target RN is to target DeNB transmit path modify request messages.
915, target DeNB is transmitted to MME with this path modify request messages.
916, MME revises the request acknowledge message to target DeNB reverse-path.
917, target DeNB revises the request acknowledge message with this path and is transmitted to target RN.
Security processing when the user is switched in the embodiment of the invention relay system; When UE switches to target RN by source RN; Source RN sends handoff request message to target RN; The switching request acknowledgement message that receiving target RN sends, and, comprise the NCC of Target cell and each reconstruction sub-district and the security algorithm of target RN selection in the said switching command message to UE transmission switching command message; It is synchronous with security algorithm that the security algorithm of being selected according to NCC and target RN by UE carries out key synchronization, thus the communication security between assurance UE and the target RN.
Embodiment ten
Present embodiment provides the security processing the when user is switched in a kind of relay system, and in the present embodiment, UE switches to target RN by source RN, and wherein, source RN lays respectively under the different DeNB with target RN; Provide the source DeNB of access to be positioned under the different MME for source RN, do not have X2 interface between source DeNB and the target DeNB, adopt S1 to switch with the target DeNB of access is provided for target RN.
Shown in figure 10, the security processing the when user is switched in the said relay system comprises:
1001, UE sends measurement report to source RN.
1002, source RN carries out switch decision according to this measurement report, select target sub-district and reconstruction sub-district.
Optional, source RN can be respectively Target cell and rebuild sub-district computation key KeNB* with each, specifically can be referring to 502.
1003, source RN sends handoff request message to source DeNB, comprises the security algorithm of source RN use and the security algorithm that UE supports in this message.
Optional, if being Target cell, source RN calculated key K eNB* with each reconstruction sub-district, then also comprise key and the corresponding NCC and the key and the corresponding NCC thereof that respectively rebuilds the sub-district of Target cell in this message.
1004, source DeNB receives handoff request message by source RN, judges whether to be Target cell and reconstruction sub-district computation key.
Specifically can repeat no more at this with reference to 604.
1005, source DeNB gives source MME with the handoff request forwards.
1006, source MME upgrades NCC and NH.
1007, source MME sends S10 to target MME and transmits RELOCATION REQUEST message; Comprise the security algorithm that NCC and NH value, UE after the renewal support, security algorithm, Kasme, the KSI that source RN uses in this message, perhaps also comprise key and the corresponding NCC and the key and the corresponding NCC thereof that respectively rebuilds the sub-district of the Target cell that source DeNB calculates.
1008, target MME sends handoff request message to target DeNB; Comprise the security algorithm that NCC and NH value, UE after the renewal support, the security algorithm that source RN uses in this message, perhaps also comprise key and the corresponding NCC and the key and the corresponding NCC thereof that respectively rebuilds the sub-district of the Target cell that source DeNB calculates.
1009, target DeNB sends handoff request message to target RN; Comprise the security algorithm that NCC and NH value, UE after the renewal support, the security algorithm that source RN uses in this message, perhaps also comprise key and the corresponding NCC and the key and the corresponding NCC thereof that respectively rebuilds the sub-district of the Target cell that source DeNB calculates.
Optional, target DeNB can also calculate Target cell and rebuild the key K eNB* of sub-district with each.
Further, if there is the sub-district of reconstruction to belong to other RN under the target DeNB, then said method can also comprise:
Target DeNB will rebuild the NCC of corresponding key in sub-district and correspondence thereof and the information such as security algorithm of source RN use send to the affiliated RN in this reconstruction sub-district.
1010, target RN is with the key of Target cell and corresponding related preservation of NCC thereof.
1011, target RN selects a security algorithm from the security algorithm that UE supports, sends switching response message to target DeNB, comprises the security algorithm of target RN selection and the NCC after the renewal in this message.
1012, target DeNB sends switching response message to target MME, comprises the security algorithm of target RN selection and the NCC after the renewal in this message.
1013, target MME sends S10 to source MME and transmits reorientation message, comprises the security algorithm of target RN selection and the NCC after the renewal in this message.
1014, source MME sends switching request acknowledgement message to source DeNB, comprises the security algorithm of target RN selection and the NCC after the renewal in this message.
1015, source DeNB sends switching request acknowledgement message to source RN, comprises the security algorithm of target RN selection and the NCC after the renewal in this message.
1016, source RN sends switching command message to UE, comprises the security algorithm of target RN selection and the NCC after the renewal in this message.
1017, UE calculates the key of NH and UE according to NCC, and the key of UE is carried out related preservation with NCC.
Wherein, the key of UE calculates according to formula (1).
After this, UE can communicate according to the key of said UE and the security algorithm and the target RN of target RN selection.
1018, UE sends handoff completion message to target RN.
Security processing when the user is switched in the embodiment of the invention relay system; When UE switches to target RN by source RN; Source RN sends handoff request message to target RN; The switching request acknowledgement message that receiving target RN sends, and, comprise the NCC of Target cell and each reconstruction sub-district and the security algorithm of target RN selection in the said switching command message to UE transmission switching command message; It is synchronous with security algorithm that the security algorithm of being selected according to NCC and target RN by UE carries out key synchronization, thus the communication security between assurance UE and the target RN.
Embodiment 11
Present embodiment provides a kind of base station, and is shown in figure 11, and said base station comprises:
The NCC value of also carrying said UE in the handoff request message that further, said first receiver module 1101 receives;
Then shown in figure 12, said computing module 1102 can comprise:
First comparing unit 11021 is used for the NCC value of the local storage of comparison and the NCC value that said RN sends over;
Perhaps,
Also carry the following jumping chain counting NCC value of said UE and the key of the current use of said source RN in the handoff request message that said first receiver module 1101 receives;
Then shown in figure 13, said computing module 1102 can comprise:
Second comparing unit 11023 is used for the NCC value of the local storage of comparison and the NCC value that said RN sends over;
Embodiment of the invention base station; For providing the DeNB of access, source RN receives the handoff request message that said source RN sends to UE; Be said Target cell and reconstruction sub-district difference computation key, with the key of said Target cell and the said Target cell of the key notification base station affiliated jointly of said reconstruction sub-district with rebuilding the sub-district.Compared with prior art, the embodiment of the invention can be carried out key synchronization by DeNB when UE switches, thereby guarantees the communication security between UE and the target network node.
Embodiment 12
Present embodiment provides a kind of base station, and is shown in figure 14, and said base station comprises:
Further; Said second notification module 1402; The key of the said Target cell that specifically is used for the security capabilities information of said UE, said source RN are calculated and corresponding NCC and key and the corresponding NCC thereof that rebuilds the sub-district, and the security algorithm that uses to said UE of said source RN is notified said Target cell and is rebuild the base station of sub-district under common.
Further; Said second notification module 1402, the key of the Target cell that specifically is used for said source RN is calculated and rebuild security algorithm that the key of sub-district, the security capabilities information of said UE, said source RN use to said UE and the NCC value and the NH value to said UE of the local storage of said DeNB notified said Target cell and rebuild affiliated jointly base station, sub-district.
Embodiment of the invention base station; For providing the DeNB of access, source RN receives the handoff request message that said source RN sends to UE; Said handoff request message is carried the key of the Target cell that said source RN calculates and is rebuild the key of sub-district, with the said Target cell of said handoff request message informing with rebuild the base station of sub-district under common.Compared with prior art, the embodiment of the invention can be carried out key synchronization by DeNB when UE switches, thereby guarantees the communication security between UE and the target network node.
Embodiment 13
Present embodiment provides a kind of base station, and is shown in figure 15, and said base station comprises:
The 3rd receiver module 1501 is used to receive the handoff request message to UE that said source RN sends, and said handoff request message is carried Target Cell Identifier and rebuild cell ID;
The 3rd notice module 1502 is used for the NCC value to said UE with this locality storage and is carried at said handoff request message with NH value and notifies said Target cell the base station affiliated jointly with the reconstruction sub-district.
Further; Said the 3rd notice module 1502; Specifically be used for security algorithm with the current use of said source RN, the security capabilities information of said UE, and local NCC value and the NH value to said UE of storing of said DeNB notified said Target cell and rebuild common affiliated base station, sub-district.
Embodiment of the invention base station; For providing the DeNB of access, source RN receives the handoff request message that said source RN sends to UE; Being carried to the NCC value of said UE and NH value of this locality storage notified said Target cell and rebuild the base station of sub-district under common in the said handoff request message, by said Target cell with rebuild the base station of sub-district under common according to NCC value and the key of the said Target cell of NH value calculating and the key of reconstruction sub-district to said UE.Compared with prior art, the embodiment of the invention can be carried out key synchronization by DeNB when UE switches, thereby guarantees the communication security between UE and the target network node.
Embodiment 14
Present embodiment provides a kind of base station, and is shown in figure 16, and said base station comprises:
The 4th receiver module 1601, the security parameter that is used to receive said Target cell and rebuilds the sub-district, wherein, said security parameter comprises key;
Four-way is known module 1602; Be used for when said Target cell does not belong to same node with the reconstruction sub-district; Notify the node under the said Target cell with the security parameter of said Target cell, notify the node under the said reconstruction sub-district the security parameter of said reconstruction sub-district.
Further, when said reconstruction sub-district belonged to said target BS, said four-way was known module 1602, specifically is used to preserve the security parameter of said reconstruction sub-district.
Further, shown in figure 17, said the 4th receiver module 1601 also is used to receive NCC and the NH value that MME issues;
Said base station can also comprise:
Five-way is known module 1604, is used for said NCC and NH value notification target RN.
Embodiment of the invention base station; Target BS receives said Target cell and rebuilds the security parameter of sub-district; Wherein, said security parameter comprises key, when said Target cell does not belong to same node with the reconstruction sub-district; Said target BS is notified the node under the said Target cell with the security parameter of said Target cell, notifies the node under the said reconstruction sub-district with the security parameter of said reconstruction sub-district.Compared with prior art, the embodiment of the invention can be carried out the synchronous of security parameter when UE switches, thereby guarantees the communication security between UE and the target network node.
The above-mentioned method embodiment that provides can be realized in the base station that the embodiment of the invention provides.The user that security processing when the user is switched in the relay system that the embodiment of the invention provides and base station go in the relay system is switched, but is not limited only to this.
One of ordinary skill in the art will appreciate that all or part of flow process that realizes in the foregoing description method; Be to instruct relevant hardware to accomplish through computer program; Described program can be stored in the computer read/write memory medium; This program can comprise the flow process like the embodiment of above-mentioned each side method when carrying out.Wherein, described storage medium can be magnetic disc, CD, read-only storage memory body (Read-Only Memory, ROM) or at random store memory body (Random Access Memory, RAM) etc.
The above; Be merely embodiment of the present invention, but protection scope of the present invention is not limited thereto, any technical staff who is familiar with the present technique field is in the technical scope that the present invention discloses; The variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (23)
1. the security processing the when user is switched in the relay system is characterized in that, comprising:
Receive the handoff request message to user equipment (UE) that said source RN sends for source via node RN provides the anchor point evolution base station DeNB of access, said handoff request message is carried Target Cell Identifier and is rebuild cell ID;
Said DeNB is said Target cell and rebuilds sub-district computation key respectively;
Said DeNB is with the key of said Target cell and the said Target cell of the key notification base station affiliated jointly with rebuilding the sub-district of said reconstruction sub-district.
2. method according to claim 1 is characterized in that,
Also carry the following jumping chain counting NCC value of said UE in the said handoff request message, then said DeNB be said Target cell and reconstruction sub-district respectively computation key comprise:
The NCC value of the relatively more local storage of said DeNB and the NCC value that said RN sends over;
If the NCC value that the NCC value of the local storage of said DeNB sends over greater than said RN, the corresponding NH value of NCC of the local storage of said DeNB use are said Target cell and rebuild sub-district difference computation key;
Perhaps,
Also carry the following jumping chain counting NCC value of said UE and the key of the current use of said source RN in the said handoff request message, then said DeNB be said Target cell and reconstruction sub-district respectively computation key comprise:
The NCC value of the relatively more local storage of said DeNB and the NCC value that said RN sends over;
If the NCC value of the local storage of said DeNB is less than or equal to the NCC value that said RN sends over, it is said Target cell and reconstruction sub-district difference computation key that said DeNB uses the key of the current use of said source RN.
3. the security processing the when user is switched in the relay system is characterized in that, comprising:
Be that source RN provides the DeNB of access to receive the handoff request message to UE that said source RN sends, said handoff request message is carried Target Cell Identifier and is rebuild cell ID, and the key of the Target cell that calculates of said source RN and rebuild the key of sub-district;
The base station that said DeNB is affiliated jointly with rebuilding the sub-district with the said Target cell of said handoff request message informing.
4. method according to claim 3 is characterized in that, the said DeNB base station that the said Target cell of said handoff request message informing is affiliated jointly with rebuilding the sub-district comprises:
The key of the said Target cell that said DeNB calculates the security capabilities information of said UE, said source RN and corresponding NCC and key and the corresponding NCC thereof that rebuilds the sub-district, and the security algorithm that uses to said UE of said source RN is notified said Target cell and is rebuild the base station of sub-district under common.
5. method according to claim 3 is characterized in that, the said DeNB base station that the said Target cell of said handoff request message informing is affiliated jointly with rebuilding the sub-district comprises:
The key of the Target cell that said DeNB calculates said source RN and rebuild security algorithm that the key of sub-district, the security capabilities information of said UE, said source RN use to said UE and the NCC value and the NH value to said UE of the local storage of said DeNB notified said Target cell and rebuild affiliated jointly base station, sub-district.
6. method according to claim 5 is characterized in that, also comprises:
Said Target cell uses the NH value that is directed against said UE of said DeNB this locality storage to calculate the key of said Target cell and the key of reconstruction sub-district with common affiliated base station, reconstruction sub-district;
Perhaps
The NCC value and the NH value to said UE of the local storage of said DeNB are stored in the said Target cell base station affiliated jointly with rebuilding the sub-district.
7. the security processing the when user is switched in the relay system is characterized in that, comprising:
Receive the handoff request message to UE that said source RN sends for source RN provides the DeNB of access, said handoff request message is carried Target Cell Identifier and is rebuild cell ID;
NCC value and NH value to said UE that said DeNB stores this locality are carried at the base station of notifying said Target cell affiliated jointly with rebuilding the sub-district in the said handoff request message.
8. method according to claim 7 is characterized in that, said DeNB is carried at the NCC value of this locality storage and notifies said Target cell and affiliated jointly base station, reconstruction sub-district to comprise in the said handoff request message with NH value:
Said DeNB is the security algorithm of the current use of said source RN, the security capabilities information of said UE, and the NCC value to said UE of the local storage of said DeNB notifies said Target cell the base station affiliated jointly with the reconstruction sub-district with NH value.
9. according to claim 7 or 8 described methods, it is characterized in that, also comprise:
Said Target cell uses the NH value that is directed against said UE of said DeNB this locality storage to calculate the key of said Target cell and reconstruction sub-district with common affiliated base station, reconstruction sub-district;
Perhaps
The NCC value and the NH value to said UE of the local storage of said DeNB are stored in the said Target cell base station affiliated jointly with rebuilding the sub-district.
10. the security processing the when user is switched in the relay system is characterized in that, comprising:
Target BS receives said Target cell and rebuilds the security parameter of sub-district, and wherein, said security parameter comprises key;
When said Target cell when rebuilding the sub-district and not belonging to same node, said target BS is notified the node under the said Target cell with the security parameter of said Target cell, notifies the node under the said reconstruction sub-district with the security parameter of said reconstruction sub-district.
11. method according to claim 10 is characterized in that, said Target cell does not belong to same node with the reconstruction sub-district and comprises:
Said Target cell belongs to the RN under the said target BS, and said reconstruction sub-district belongs to said target BS;
Perhaps
Said Target cell belongs to said target BS, and said reconstruction sub-district belongs to the RN under the said target BS;
Perhaps
Said Target cell belongs to the RN under the said target BS, and said reconstruction sub-district belongs to the 2nd RN under the said target BS;
Perhaps
Said Target cell belongs to the RN under the said target BS, and a said reconstruction sub-district part belongs to the 2nd RN under the said target BS, and another part belongs to said target BS;
Perhaps
Said Target cell belongs to said target BS, and a said reconstruction sub-district part belongs to said target BS, and another part belongs to the RN under the said target BS.
12. method according to claim 10 is characterized in that, when said reconstruction sub-district belonged to said target BS, said target BS notified the node under the said reconstruction sub-district to be specially the security parameter of said reconstruction sub-district:
Said target BS is preserved the security parameter of said reconstruction sub-district.
13. method according to claim 10 is characterized in that, said method also comprises:
NCC and NH value that said target BS receiving mobility management entity MME issues;
Said target BS is kept at this locality with said NCC and NH value; And/or
Said target BS is with said NCC and NH value notification target RN.
14. a base station is characterized in that, comprising:
First receiver module is used for the handoff request message to UE that reception sources RN sends, and said handoff request message is carried Target Cell Identifier and rebuild cell ID;
Computing module is used to said Target cell and rebuilds sub-district computation key respectively;
First notification module is used for the key of said Target cell and the said Target cell of the key notification base station affiliated jointly with rebuilding the sub-district of said reconstruction sub-district.
15. base station according to claim 14 is characterized in that, the NCC value of also carrying said UE in the handoff request message that said first receiver module receives;
Then said computing module comprises:
First comparing unit is used for the NCC value of the local storage of comparison and the NCC value that said RN sends over;
First computing unit, during the NCC value that is used for sending over greater than said RN when the NCC value of the local storage of said DeNB, the corresponding NH value of NCC of using local storage is said Target cell and reconstruction sub-district difference computation key;
Perhaps,
Also carry the following jumping chain counting NCC value of said UE and the key of the current use of said source RN in the handoff request message that said first receiver module receives;
Then said computing module comprises:
Second comparing unit is used for the NCC value of the local storage of comparison and the NCC value that said RN sends over;
Second computing unit, when being used for NCC value when the local storage of said DeNB and being less than or equal to the NCC value of the Target cell that said RN sends over, the key that uses the current use of said source RN is that computation key is distinguished in said Target cell and reconstruction sub-district.
16. a base station is characterized in that, comprising:
Second receiver module is used for the handoff request message to UE that reception sources RN sends, and said handoff request message is carried Target Cell Identifier and rebuild cell ID, and the key of the Target cell that calculates of said source RN and rebuild the key of sub-district;
Second notification module is used for the base station that the said Target cell of said handoff request message informing is affiliated jointly with rebuilding the sub-district.
17. base station according to claim 16; It is characterized in that; Said second notification module; The key of the said Target cell that specifically is used for the security capabilities information of said UE, said source RN are calculated and corresponding NCC and key and the corresponding NCC thereof that rebuilds the sub-district, and the security algorithm that uses to said UE of said source RN is notified said Target cell and is rebuild the base station of sub-district under common.
18. base station according to claim 16; It is characterized in that; Said second notification module, the key of the Target cell that specifically is used for said source RN is calculated and rebuild security algorithm that the key of sub-district, the security capabilities information of said UE, said source RN use to said UE and the NCC value and the NH value to said UE of the local storage of said DeNB notified said Target cell and rebuild affiliated jointly base station, sub-district.
19. a base station is characterized in that, comprising:
The 3rd receiver module is used to receive the handoff request message to UE that said source RN sends, and said handoff request message is carried Target Cell Identifier and rebuild cell ID;
The 3rd notice module is used for the NCC value to said UE with this locality storage and is carried at said handoff request message with NH value and notifies said Target cell the base station affiliated jointly with the reconstruction sub-district.
20. base station according to claim 19; It is characterized in that; Said the 3rd notice module; Specifically be used for security algorithm with the current use of said source RN, the security capabilities information of said UE, and local NCC value and the NH value to said UE of storing of said DeNB notified said Target cell and rebuild common affiliated base station, sub-district.
21. a base station is characterized in that, comprising:
The 4th receiver module, the security parameter that is used to receive said Target cell and rebuilds the sub-district, wherein, said security parameter comprises key;
Four-way is known module; Be used for when said Target cell does not belong to same node with the reconstruction sub-district; Notify the node under the said Target cell with the security parameter of said Target cell, notify the node under the said reconstruction sub-district the security parameter of said reconstruction sub-district.
22. base station according to claim 21 is characterized in that, when said reconstruction sub-district belonged to said target BS, said four-way was known module, specifically is used to preserve the security parameter of said reconstruction sub-district.
23. base station according to claim 21 is characterized in that, said the 4th receiver module also is used to receive NCC and the NH value that MME issues;
Said base station also comprises:
Preserve module, be used for said NCC and NH value are kept at this locality; And/or
Five-way is known module, is used for said NCC and NH value notification target RN.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010284889.2A CN102404732B (en) | 2010-09-17 | 2010-09-17 | Safe processing method for user switching in relay system and base station |
| PCT/CN2011/075354 WO2011147367A1 (en) | 2010-09-17 | 2011-06-03 | Safety processing method and base station during user handover in relay system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010284889.2A CN102404732B (en) | 2010-09-17 | 2010-09-17 | Safe processing method for user switching in relay system and base station |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102404732A true CN102404732A (en) | 2012-04-04 |
| CN102404732B CN102404732B (en) | 2014-04-02 |
Family
ID=45003346
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010284889.2A Active CN102404732B (en) | 2010-09-17 | 2010-09-17 | Safe processing method for user switching in relay system and base station |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN102404732B (en) |
| WO (1) | WO2011147367A1 (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016177100A1 (en) * | 2015-07-23 | 2016-11-10 | 中兴通讯股份有限公司 | Method and device for key updating |
| CN107027118A (en) * | 2016-02-02 | 2017-08-08 | 中国移动通信集团公司 | Inter-cell switch method and device, base station |
| WO2023273824A1 (en) * | 2021-06-28 | 2023-01-05 | 大唐移动通信设备有限公司 | Handover method and apparatus, network device and relay terminal |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103327475B (en) * | 2012-03-21 | 2017-05-24 | 电信科学技术研究院 | Addressing method and addressing device for cell switch |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101107806A (en) * | 2005-01-21 | 2008-01-16 | 三菱电机株式会社 | Key storage device, key storage method, and program |
| CN101299888A (en) * | 2008-06-16 | 2008-11-05 | 中兴通讯股份有限公司 | Cryptographic key generation method, switching method, mobile management entity and customer equipment |
| WO2009133865A1 (en) * | 2008-04-28 | 2009-11-05 | 株式会社エヌ・ティ・ティ・ドコモ | Handover method, radio base station, and mobile station |
| CN101779391A (en) * | 2007-08-12 | 2010-07-14 | Lg电子株式会社 | Handover method with link failure recovery, wireless device and base station for implementing such method |
-
2010
- 2010-09-17 CN CN201010284889.2A patent/CN102404732B/en active Active
-
2011
- 2011-06-03 WO PCT/CN2011/075354 patent/WO2011147367A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101107806A (en) * | 2005-01-21 | 2008-01-16 | 三菱电机株式会社 | Key storage device, key storage method, and program |
| CN101779391A (en) * | 2007-08-12 | 2010-07-14 | Lg电子株式会社 | Handover method with link failure recovery, wireless device and base station for implementing such method |
| WO2009133865A1 (en) * | 2008-04-28 | 2009-11-05 | 株式会社エヌ・ティ・ティ・ドコモ | Handover method, radio base station, and mobile station |
| CN101299888A (en) * | 2008-06-16 | 2008-11-05 | 中兴通讯股份有限公司 | Cryptographic key generation method, switching method, mobile management entity and customer equipment |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016177100A1 (en) * | 2015-07-23 | 2016-11-10 | 中兴通讯股份有限公司 | Method and device for key updating |
| CN107027118A (en) * | 2016-02-02 | 2017-08-08 | 中国移动通信集团公司 | Inter-cell switch method and device, base station |
| WO2023273824A1 (en) * | 2021-06-28 | 2023-01-05 | 大唐移动通信设备有限公司 | Handover method and apparatus, network device and relay terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2011147367A1 (en) | 2011-12-01 |
| CN102404732B (en) | 2014-04-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102340772B (en) | Security processing method, device and system in conversion process | |
| CN102238666B (en) | Multi-carrier switch processing method and system | |
| CN101810034B (en) | Method and system for notifying cell type based on lte | |
| TW502544B (en) | System network and method for the transference of cell handover information | |
| CN103139854B (en) | Changing method, communicator and communication system | |
| CN102017674B (en) | Mobile communication method, radio base station, and mobile station | |
| CN103188663A (en) | Secure communication method for carrier aggregation between base stations and equipment | |
| CN102804826B (en) | For the enhancing key management of SRNS reorientation | |
| ES2807792T3 (en) | Mobile network and base station relocation method | |
| CN103477698A (en) | Mobile communication system, relay station, base station, and control method thereof | |
| CN105230076A (en) | Mobile communication system | |
| CN102348206B (en) | Secret key insulating method and device | |
| EP2843994A1 (en) | Eplmn list configuring method, handover target plmn selecting method, mme and enb | |
| CN103748922A (en) | A gateway device for handling ue context and a method thereof | |
| CN102404732B (en) | Safe processing method for user switching in relay system and base station | |
| CN102448060A (en) | Secret key management method, authorization checking method and device | |
| US20170164244A1 (en) | Path switching method, mobility anchor, and base station | |
| CN101998388A (en) | Interaction method and device for security information | |
| CN104604271A (en) | Communication method, network side device, and user equipment | |
| US20140128068A1 (en) | Mobility concept | |
| CN102469439A (en) | Methods and systems for X2 interface information indication and acquisition | |
| CN102857982A (en) | Method and device for processing access | |
| CN101867924A (en) | Method for updating and generating air interface key and wireless access system | |
| JP2014220766A (en) | Handover method | |
| CN102104867B (en) | Method and device thereof for addressing core network node in switching process |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |