CN102404732B - Safe processing method for user switching in relay system and base station - Google Patents

Safe processing method for user switching in relay system and base station Download PDF

Info

Publication number
CN102404732B
CN102404732B CN201010284889.2A CN201010284889A CN102404732B CN 102404732 B CN102404732 B CN 102404732B CN 201010284889 A CN201010284889 A CN 201010284889A CN 102404732 B CN102404732 B CN 102404732B
Authority
CN
China
Prior art keywords
cell
target
base station
denb
target cell
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201010284889.2A
Other languages
Chinese (zh)
Other versions
CN102404732A (en
Inventor
张冬梅
张爱琴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201010284889.2A priority Critical patent/CN102404732B/en
Priority to PCT/CN2011/075354 priority patent/WO2011147367A1/en
Publication of CN102404732A publication Critical patent/CN102404732A/en
Application granted granted Critical
Publication of CN102404732B publication Critical patent/CN102404732B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0055Transmission or use of information for re-establishing the radio link
    • H04W36/0066Transmission or use of information for re-establishing the radio link of control information between different types of networks in order to establish a new radio link in the target network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本发明实施例公开了一种中继系统中用户切换时的安全处理方法及基站,所述方法包括:为源中继节点RN提供接入的锚点演进基站DeNB接收所述源RN发送的针对用户设备UE的切换请求消息,所述切换请求消息携带目标小区标识及重建小区标识;所述DeNB为所述目标小区及重建小区分别计算密钥;所述DeNB将所述目标小区的密钥和所述重建小区的密钥通知所述目标小区和重建小区共同所属的基站。本发明适用于中继系统中的用户切换。

The embodiment of the present invention discloses a security processing method and a base station for user handover in a relay system. The method includes: an anchor evolved base station DeNB that provides access to a source relay node RN receives the target message sent by the source RN. A handover request message of the user equipment UE, where the handover request message carries the identity of the target cell and the identity of the re-established cell; the DeNB calculates keys for the target cell and the re-established cell respectively; the DeNB uses the key of the target cell and The key of the re-established cell notifies the base station to which the target cell and the re-established cell belong together. The invention is suitable for user switching in the relay system.

Description

Security processing when user is switched in relay system and base station
Technical field
The present invention relates to mobile communication technology field, security processing and base station when particularly user is switched in a kind of relay system.
Background technology
Along with popularizing of mobile communication, the safety problem in mobile communication is just receiving increasing concern, and people also have higher requirement to the information security in mobile communication.At present, at LTE (Long Term Evolution, Long Term Evolution) in system, as UE (User Equipment, subscriber equipment) by source eNB (Evolved NodeB, while evolution base station) switching to target eNB, between source eNB and target eNB and UE, can carry out corresponding safe handling, to guarantee the communication security between UE and target eNB.
Along with the develop rapidly of radio communication service, future network need to be supported with the layout designs of least cost the communication of blind spot area or hot zones to provide better covering or system throughput, has introduced relaying technique for this reason.Different from LTE system is, in relay system, introduced RN (Relay Node, via node), RN has the dual role of UE and eNB, on the one hand, the same with traditional UE, by DeNB (Donor Evolved NodeB, the anchor point evolution base station) access network of access is provided for it; On the other hand, serve as the function of eNB, for the UE in its coverage provides access service.
Identical with LTE system, in relay system, UE also has mobility demand, switches, or switches between different eNB, or switch between RN and eNB between different RN.
In realizing process of the present invention, inventor finds that in prior art, at least there are the following problems:
In relay system, when UE switches, between source node and destination node and UE, there is no corresponding safe handling, can not guarantee the communication security between UE and destination node.
Summary of the invention
Embodiments of the invention provide in a kind of relay system security processing and base station when user is switched, and can when UE switches, carry out safe handling, thereby guarantee the communication security between UE and target network node.
The technical scheme that the embodiment of the present invention adopts is:
Security processing when user is switched in relay system, comprising:
For source via node RN provides the anchor point evolution base station DeNB of access, receive the handover request message for user equipment (UE) that described source RN sends, described handover request message is carried Target Cell Identifier and is rebuild cell ID;
Described DeNB is described Target cell and rebuilds community computation key respectively;
Described DeNB is by Target cell described in the key notification of the key of described Target cell and described reconstruction community and rebuild common affiliated base station, community.
Security processing when user is switched in relay system, comprising:
For source RN provides the DeNB of access, receive the handover request message for UE that described source RN sends, described handover request message is carried Target Cell Identifier and is rebuild cell ID, and the key of the Target cell that calculates of described source RN and rebuild the key of community;
Described DeNB is by Target cell described in described handover request message informing and rebuild common affiliated base station, community.
Security processing when user is switched in relay system, comprising:
For source RN provides the DeNB of access, receive the handover request message for UE that described source RN sends, described handover request message is carried Target Cell Identifier and is rebuild cell ID;
The NCC value for described UE that described DeNB stores this locality and NH value are carried in described handover request message notifies described Target cell and reconstruction community common affiliated base station.
Security processing when user is switched in relay system, comprising:
Target BS receives described Target cell and rebuilds the security parameter of community, and wherein, described security parameter comprises key;
When described Target cell with when rebuilding community and not belonging to same node, described target BS is notified the node under described Target cell by the security parameter of described Target cell, by the security parameter of described reconstruction community, notifies the node under described reconstruction community.
A base station, comprising:
The first receiver module, the handover request message for UE sending for reception sources RN, described handover request message is carried Target Cell Identifier and is rebuild cell ID;
Computing module, is used to described Target cell and rebuilds community computation key respectively;
The first notification module, for the base station under Target cell described in the key notification of the key of described Target cell and described reconstruction community and reconstruction community is common.
A base station, comprising:
The second receiver module, the handover request message for UE sending for reception sources RN, described handover request message is carried Target Cell Identifier and is rebuild cell ID, and the key of the Target cell that calculates of described source RN and rebuild the key of community;
The second notification module, for the base station under Target cell described in described handover request message informing and reconstruction community is common.
A base station, comprising:
The 3rd receiver module, the handover request message for UE sending for receiving described source RN, described handover request message is carried Target Cell Identifier and is rebuild cell ID;
Third notice module, notifies described Target cell and reconstruction community affiliated base station jointly for the NCC value for described UE of this locality storage and NH value being carried to described handover request message.
A base station, comprising:
The 4th receiver module, for receiving the security parameter of described Target cell and reconstruction community, wherein, described security parameter comprises key;
The 4th notification module, for when described Target cell does not belong to same node with reconstruction community, by the security parameter of described Target cell, notify the node under described Target cell, by the security parameter of described reconstruction community, notify the node under described reconstruction community.
Security processing and base station when in embodiment of the present invention relay system, user is switched, for providing the DeNB of access, source RN receives the handover request message for UE that described source RN sends, for Target cell and the common affiliated base station of reconstruction community difference computation key notification target community and reconstruction community, or the key of the key of the Target cell that described RN is calculated and reconstruction community, or the base station under the NCC value for described UE of local storage and NH value notification target community and reconstruction community are common, target BS will comprise the security parameter difference notification target community of key and rebuild community.Compared with prior art, the embodiment of the present invention can be carried out key synchronization by DeNB when UE switches, thereby guarantees the communication security between UE and target network node.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, to the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
The method flow diagram that Fig. 1 provides for the embodiment of the present invention one;
The method flow diagram that Fig. 2 provides for the embodiment of the present invention two;
The method flow diagram that Fig. 3 provides for the embodiment of the present invention three;
The method flow diagram that Fig. 4 provides for the embodiment of the present invention four;
The method flow diagram that Fig. 5 provides for the embodiment of the present invention five;
The method flow diagram that Fig. 6 provides for the embodiment of the present invention six;
The method flow diagram that Fig. 7 provides for the embodiment of the present invention seven;
The method flow diagram that Fig. 8 provides for the embodiment of the present invention eight;
The method flow diagram that Fig. 9 provides for the embodiment of the present invention nine;
The method flow diagram that Figure 10 provides for the embodiment of the present invention ten;
The architecture of base station schematic diagram that Figure 11, Figure 12, Figure 13 provide for the embodiment of the present invention 11;
The architecture of base station schematic diagram that Figure 14 provides for the embodiment of the present invention 12;
The architecture of base station schematic diagram that Figure 15 provides for the embodiment of the present invention 13;
The architecture of base station schematic diagram that Figure 16, Figure 17 provide for the embodiment of the present invention 14.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those of ordinary skills, not making all other embodiment that obtain under creative work prerequisite, belong to the scope of protection of the invention.
For making the advantage of technical solution of the present invention clearer, below in conjunction with drawings and Examples, the present invention is elaborated.
Embodiment mono-
The present embodiment provides in a kind of relay system security processing when user is switched, and as shown in Figure 1, described method comprises:
101, for source via node RN provides the anchor point evolution base station DeNB of access, receive the handover request message for user equipment (UE) that described source RN sends, described handover request message is carried Target Cell Identifier and is rebuild cell ID.
102, described DeNB is described Target cell and rebuilds community computation key respectively.
103, described DeNB is by the common affiliated base station in Target cell described in the key notification of the key of described Target cell and described reconstruction community and reconstruction community.
Security processing when user is switched in embodiment of the present invention relay system, for providing the DeNB of access, source RN receives the handover request message for UE that described source RN sends, for described Target cell and reconstruction community difference computation key, by the common affiliated base station in Target cell described in the key notification of the key of described Target cell and described reconstruction community and reconstruction community.Compared with prior art, the embodiment of the present invention can be carried out key synchronization by DeNB when UE switches, thereby guarantees the communication security between UE and target network node.
Embodiment bis-
The present embodiment provides in a kind of relay system security processing when user is switched, and as shown in Figure 2, described method comprises:
201, for providing the DeNB of access, source RN receives the handover request message for UE that described source RN sends, described handover request message is carried Target Cell Identifier and is rebuild cell ID, and the key of the Target cell that calculates of described source RN and rebuild the key of community.
202, described DeNB is by the common affiliated base station in Target cell described in described handover request message informing and reconstruction community.
Security processing when user is switched in embodiment of the present invention relay system, for providing the DeNB of access, source RN receives the handover request message for UE that described source RN sends, described handover request message is carried the key of Target cell and the key of reconstruction community that described source RN calculates, by the common affiliated base station in Target cell described in described handover request message informing and reconstruction community.Compared with prior art, the embodiment of the present invention can be carried out key synchronization by DeNB when UE switches, thereby guarantees the communication security between UE and target network node.
Embodiment tri-
The present embodiment provides in a kind of relay system security processing when user is switched, and as shown in Figure 3, described method comprises:
301, for source RN provides the DeNB of access, receive the handover request message for UE that described source RN sends, described handover request message is carried Target Cell Identifier and is rebuild cell ID.
302, the NCC value for described UE that described DeNB stores this locality and NH value are carried in described handover request message notifies described Target cell and reconstruction community common affiliated base station.
Security processing when user is switched in embodiment of the present invention relay system, for providing the DeNB of access, source RN receives the handover request message for UE that described source RN sends, the NCC value for described UE of this locality storage and NH value are carried at and in described handover request message, notify described Target cell and rebuild the base station of community under common, by described Target cell with rebuild the base station of community under common according to the NCC value for described UE and the key of the described Target cell of NH value calculating and the key of reconstruction community.Compared with prior art, the embodiment of the present invention can be carried out key synchronization by DeNB when UE switches, thereby guarantees the communication security between UE and target network node.
Embodiment tetra-
The present embodiment provides in a kind of relay system security processing when user is switched, and as shown in Figure 4, described method comprises:
401, target BS receives the security parameter of described Target cell and reconstruction community, and wherein, described security parameter comprises key.
402, when described Target cell with when rebuilding community and not belonging to same node, described target BS is notified the node under described Target cell by the security parameter of described Target cell, by the security parameter of described reconstruction community, notifies the node under described reconstruction community.
Wherein, described Target cell and rebuild community and do not belong to same node and specifically can comprise:
Described Target cell belongs to the RN under described target BS, and described reconstruction community belongs to described target BS;
Or
Described Target cell belongs to described target BS, and described reconstruction community belongs to the RN under described target BS;
Or
Described Target cell belongs to the RN under described target BS, and described reconstruction community belongs to the 2nd RN under described target BS;
Or
Described Target cell belongs to the RN under described target BS, and a described reconstruction community part belongs to the 2nd RN under described target BS, and another part belongs to described target BS;
Or
Described Target cell belongs to described target BS, and a described reconstruction community part belongs to described target BS, and another part belongs to the RN under described target BS.
Security processing when user is switched in embodiment of the present invention relay system, target BS receives described Target cell and rebuilds the security parameter of community, wherein, described security parameter comprises key, when described Target cell does not belong to same node with reconstruction community, described target BS is notified the node under described Target cell by the security parameter of described Target cell, by the security parameter of described reconstruction community, notifies the node under described reconstruction community.Compared with prior art, the embodiment of the present invention can be carried out the synchronous of security parameter when UE switches, thereby guarantees the communication security between UE and target network node.
Embodiment five
The present embodiment provides in a kind of relay system security processing when user is switched, in the present embodiment, UE switches to target DeNB by source RN, wherein, target DeNB provides the DeNB of access for this RN, the Target cell of switching and reconstruction community may be all target DeNB Xia communities, may Target cell be also target DeNB Xia communities, and rebuild community, are YuanRNXia communities.
Security processing when as shown in Figure 5, user is switched in described relay system comprises:
501, UE sends measurement report to source RN.
502, source RN carries out switch decision according to this measurement report, and select target community and reconstruction community, be respectively Target cell and each rebuilds community computation key KeNB*.
Key K eNB* calculates according to following formula (1):
KeNB*=KDF(KeNB/NH,PCI,DL-AERFCN) (1)
Wherein, KDF is the function of computation key KeNB*, and this KDF function comprises following input:
The key K eNB of the current use of source RN or NH (Next Hop, down hop) value;
The PCI (Physical Cell Identity, Physical Cell Identifier) of Target cell or reconstruction community;
The DL-AERFCN (Down-Link E-UTRA Absolute Radio Frequency Channel Number, the absolute wireless frequency number of channel of descending E-UTRA) of Target cell or reconstruction community.
503, source RN sends handover request message to target DeNB, the security algorithm that this message comprises security algorithm that source RN is used, the key of Target cell and corresponding NCC (Next-Hop Chain Counter, lower jumping chain counting) thereof, the key of respectively rebuilding community and corresponding NCC thereof and UE support.
Wherein, the security algorithm that described source RN is used and the key of respectively rebuilding community, for being switched to by source RN as UE after target DeNB failure, are used while switching to reconstruction community.
504, target DeNB receives handover request message by source RN, and cell ID and NCC that each key K eNB* is corresponding with it carry out associated preservation, and in the security algorithm of being supported by UE, select a security algorithm.
Particularly, target DeNB in total security algorithm, selects a security algorithm that priority is higher, as the security algorithm of target DeNB selection in the security algorithm that the security algorithm of oneself supporting and UE support.
Optionally, the key K eNB* that target DeNB also can not used source RN to calculate, but computation key KeNB* in the following way:
Mode 1: when the NCC value of preserving when target DeNB is upper is greater than the NCC value of carrying in the handover request message that target DeNB receives, while showing to preserve fresh NCC, NH value on target DeNB, the NH computation key KeNB* of target DeNB use preservation.
Mode 1: while not preserving fresh NCC, NH value on target DeNB, but in the handover request message that target DeNB receives, carry the key K eNB of the current use of source RN, target DeNB is used this key K eNB, utilizes formula (1) computation key KeNB*.
Optionally, if target DeNB determines as Target cell and rebuilds community computation key, and on target DeNB, preserve fresh NCC, NH value, target DeNB utilizes formula (1), using NH value, Target cell or rebuild the PCI of community and DL-AERFCN as input, calculate the key K eNB* of target DeNB; If target DeNB determines as Target cell and rebuilds on community computation key and target DeNB and do not preserve fresh NCC, NH value, target DeNB utilizes formula (1), using the current use of UE key K eNB*, Target cell or rebuild the PCI of community and DL-AERFCN as input, calculate the key K eNB* of target DeNB.
Optionally, if the key that target DeNB determines not calculate Target cell and rebuilds community, and the upper NCC value of preserving of target DeNB is greater than the NCC value of carrying in handover request message, and target DeNB sends to source RN by the NCC of preservation, NH value by switching request acknowledgement message subsequently.
Further, if there is the community of reconstruction to belong to other source RN under target DeNB, described method can also comprise:
The information such as security algorithm that target DeNB is used key corresponding to this reconstruction community and corresponding NCC thereof and source RN send to the RN under this reconstruction community.
505, target DeNB sends switching request acknowledgement message to source RN, and this message comprises the security algorithm that NCC that the key of Target cell is corresponding and target DeNB select.
506, source RN sends switching command message to UE, and this message comprises the security algorithm that NCC that the key of Target cell is corresponding and target DeNB select.
507, UE calculates the key of NH and UE according to described NCC.
Wherein, the key of UE calculates according to formula (1).
After this, UE can select according to the key of described UE and target DeNB security algorithm and target DeNB communicate.
508, UE sends handoff completion message to target DeNB.
Optionally, described method can also comprise:
509, target DeNB is to MME (Mobility Management Entity, Mobility Management Entity) transmit path modify request messages, and this message comprises the security algorithm of the UE support that source RN sends over.
510, MME is at local update NCC and NH.
511, MME revises request acknowledge message to target DeNB reverse-path, and this message comprises NCC and the NH after renewal.
512, target DeNB preserves NCC and the NH after described renewal.
Security processing when user is switched in embodiment of the present invention relay system, when UE switches to target DeNB by source RN, source RN sends handover request message to target DeNB, the switching request acknowledgement message that receiving target DeNB sends, and send switching command message to UE, described switching command message comprises the NCC of Target cell and each reconstruction community and the security algorithm that target DeNB selects, the security algorithm of being selected according to NCC and target DeNB by UE carry out key synchronization and security algorithm synchronous, thereby guarantee the communication security between UE and target DeNB.
Embodiment six
The present embodiment provides in a kind of relay system security processing when user is switched, and in the present embodiment, UE switches to target RN by source RN, and wherein, source RN and target RN are positioned under same DeNB.
Security processing when as shown in Figure 6, user is switched in described relay system comprises:
601, UE sends measurement report to source RN.
602, source RN carries out switch decision according to this measurement report, select target community and reconstruction community.
Optionally, source RN can be respectively Target cell and each rebuilds community computation key KeNB*, specifically can be referring to 502.
603, source RN sends handover request message to DeNB, and this message comprises the security algorithm of source RN use and the security algorithm that UE supports.
Optionally, if key K eNB* has been calculated in RNWei Target cell, source and each reconstruction community, in this message, also comprise key and corresponding NCC and key and the corresponding NCC thereof that respectively rebuilds community of Target cell.
604, DeNB receives the first handover request message by source RN, determines whether Target cell and rebuilds community computation key.
If do not comprise key and corresponding NCC and key and the corresponding NCC thereof that respectively rebuilds community of Target cell in this message, DeNB computation key KeNB* in the following way:
Mode 1: when the NCC value of preserving when DeNB is upper is greater than the NCC value of carrying in the handover request message that DeNB receives, while showing to preserve fresh NCC, NH value on DeNB, the NH computation key KeNB* of DeNB use preservation.
Mode 1: while not preserving fresh NCC, NH value on DeNB, but carry the key K eNB of the current use of source RN in the handover request message that DeNB receives, DeNB is used this key K eNB, utilizes formula (1) computation key KeNB*.
Optionally, if DeNB determines to be Target cell and reconstruction community computation key, and preserves fresh NCC, NH value on DeNB, DeNB utilizes formula (1), using NH value, Target cell or rebuild the PCI of community and DL-AERFCN as input, calculate the key K eNB* of DeNB; If DeNB determines as Target cell and rebuilds on community computation key and DeNB and do not preserve fresh NCC, NH value, DeNB utilizes formula (1), using the current use of UE key K eNB*, Target cell or rebuild the PCI of community and DL-AERFCN as input, calculate the key K eNB* of DeNB.
Optionally, if the key that DeNB determines not calculate Target cell and rebuilds community, and the NCC value of the upper preservation of DeNB is greater than the NCC value of carrying in handover request message, DeNB sends to source RN by the NCC of preservation, NH value by switching request acknowledgement message subsequently.
If this message comprises key and corresponding NCC and key and the corresponding NCC thereof that respectively rebuilds community of Target cell, DeNB does not calculate key K eNB*.
605, the key that DeNB preserves reconstruction community is, the security algorithm that the security algorithm that source RN is used and UE support, to target RN, send handover request message, this message comprises the key of Target cell, the security algorithm that UE supports, or, also comprise the information such as NCC, NH that DeNB adds.
Further, if there is the community of reconstruction to belong to other RN under DeNB, described method can also comprise:
The information such as security algorithm that DeNB is used key corresponding to this reconstruction community and corresponding NCC thereof and source RN send to the RN under this reconstruction community.
606, target RN receives handover request message by DeNB, if this message comprises fresh NCC and NH value:
Target RN calculates the key of Target cell according to fresh NH, and this key NCC corresponding with NH carried out to associated preservation;
Or
Target RN preserves fresh NCC and NH, and by the preservation associated with NCC of the key in this message.
Further, in the security algorithm that target RN is supported by UE, select a security algorithm.
607, target RN sends switching request acknowledgement message to DeNB, and this message comprises the security algorithm that NCC that the key of Target cell is corresponding and target RN select.
608, DeNB is transmitted to source RN by this switching request acknowledgement message.
609, source RN sends switching command message to UE, and this message comprises the security algorithm that NCC that the key of Target cell is corresponding and target RN select.
610, UE calculates the key of NH and UE according to described NCC.
Wherein, the key of UE calculates according to formula (1).
After this, UE can select according to the key of described UE and target RN security algorithm and target RN communicate.
611, UE sends handoff completion message to target RN.
Optionally, described method can also comprise:
612, target RN is to DeNB transmit path modify request messages, and this message comprises the security algorithm of the UE support that source RN sends over.
613, DeNB is transmitted to MME by this path modify request messages.
614, MME revises request acknowledge message to DeNB reverse-path, and this message comprises fresh NCC and NH.
615, DeNB revises request acknowledge message by this path and is transmitted to target RN.
Wherein, DeNB can be kept at this locality by NCC and NH in this message, does not send to target RN; Or DeNB is all transmitted to target RN by this message.
Optionally, can not carry out 612 and 615, only in 607 rear execution 613 and 614.
Security processing when user is switched in embodiment of the present invention relay system, when UE switches to target RN by source RN, source RN sends handover request message to target RN, the switching request acknowledgement message that receiving target RN sends, and send switching command message to UE, described switching command message comprises the NCC of Target cell and each reconstruction community and the security algorithm that target RN selects, the security algorithm of being selected according to NCC and target RN by UE carry out key synchronization and security algorithm synchronous, thereby guarantee the communication security between UE and target RN.
Embodiment seven
The present embodiment provides in a kind of relay system security processing when user is switched, and in the present embodiment, UE switches to target eNB by source RN; For source RN provides the DeNB of access and target eNB, be positioned under same MME, and have X2 interface between DeNB and target eNB, adopt X2 to switch.
Wherein, Target cell is target eNB Xia community, rebuilds community and comprises target eNB Xia community, or also comprise RNXia community under target eNB.
Security processing when as shown in Figure 7, user is switched in described relay system comprises:
701, UE sends measurement report to source RN.
702, source RN carries out switch decision according to this measurement report, select target community and reconstruction community.
Optionally, source RN can be respectively Target cell and each rebuilds community computation key KeNB*, specifically can be referring to 502.
703, source RN sends handover request message to DeNB, and this message comprises the security algorithm of source RN use and the security algorithm that UE supports.
Optionally, if key K eNB* has been calculated in RNWei Target cell, source and each reconstruction community, in this message, also comprise key and corresponding NCC and key and the corresponding NCC thereof that respectively rebuilds community of Target cell.
704, DeNB receives handover request message by source RN, determines whether Target cell and rebuilds community computation key.
Specifically can, with reference to 604, not repeat them here.
705, the key that DeNB preserves reconstruction community is, the security algorithm that the security algorithm that source RN is used and UE support, to target eNB, send handover request message, this message comprises the security algorithm that key corresponding to Target cell, UE support, or, also comprise the information such as NCC, NH that DeNB adds.
Further, if there is the community of reconstruction to belong to the RN under target eNB, described method can also comprise:
The information such as security algorithm that target eNB is used key corresponding to this reconstruction community and corresponding NCC thereof and source RN send to the RN under this reconstruction community.
706, target eNB receives handover request message by DeNB, if this message comprises fresh NCC and NH value:
Target eNB is calculated the key of Target cell according to fresh NH, and this key NCC corresponding with NH carried out to associated preservation;
Or
Target eNB is preserved fresh NCC and NH, and by the preservation associated with NCC of the key in this message.
Further, in the security algorithm that target eNB is supported by UE, select a security algorithm.
707, target eNB sends switching request acknowledgement message to DeNB, and this message comprises the security algorithm that NCC that the key of Target cell is corresponding and target eNB are selected.
708, DeNB is transmitted to source RN by this switching request acknowledgement message.
709, source RN sends switching command message to UE, and this message comprises the security algorithm that NCC that the key of Target cell is corresponding and target eNB are selected.
710, UE calculates the key of NH and UE according to described NCC.
Wherein, the key of UE calculates according to formula (1).
After this, UE can select according to the key of described UE and target eNB security algorithm and target eNB communicate.
711, UE sends handoff completion message to target eNB.
712, target eNB is to MME transmit path modify request messages, and this message comprises the security algorithm that UE supports.
713, MME revises request acknowledge message to target eNB reverse-path, and this message comprises fresh NCC and NH.
Security processing when user is switched in embodiment of the present invention relay system, when UE switches to target eNB by source RN, source RN sends handover request message to target eNB, the switching request acknowledgement message that receiving target eNB sends, and send switching command message to UE, described switching command message comprises the NCC of Target cell and each reconstruction community and the security algorithm that target eNB is selected, the security algorithm of being selected according to NCC and target eNB by UE carry out key synchronization and security algorithm synchronous, thereby guarantee the communication security between UE and target eNB.
Embodiment eight
The present embodiment provides in a kind of relay system security processing when user is switched, and in the present embodiment, UE switches to target eNB by source RN; For source RN provides the DeNB of access, be positioned under different MME from target eNB, between DeNB and target eNB, do not have X2 interface, adopt S1 to switch.
Wherein, Target cell is target eNB Xia community, rebuilds community and comprises target eNB Xia community, or also comprise RNXia community under target eNB.
Security processing when as shown in Figure 8, user is switched in described relay system comprises:
801, UE sends measurement report to source RN.
802, source RN carries out switch decision according to this measurement report, select target community and reconstruction community.
Optionally, source RN can be respectively Target cell and each rebuilds community computation key KeNB*, specifically can be referring to 502.
803, source RN sends handover request message to DeNB, and this message comprises the security algorithm of source RN use and the security algorithm that UE supports.
Optionally, if key K eNB* has been calculated in RNWei Target cell, source and each reconstruction community, in this message, also comprise key and corresponding NCC and key and the corresponding NCC thereof that respectively rebuilds community of Target cell.
804, DeNB receives handover request message by source RN, determines whether Target cell and rebuilds community computation key.
Specifically can, with reference to 604, not repeat them here.
805, DeNB is transmitted to source MME by handover request message.
806, source MME upgrades NCC and NH.
807, source MME sends S10 to target MME and forwards RELOCATION REQUEST message, this message comprises security algorithm that NCC after renewal and NH value, UE support, security algorithm, Kasme, the KSI that source RN is used, or also comprise key and the corresponding NCC thereof of the Target cell that DeNB calculates.
808, target MME sends handover request message to target eNB, and this message comprises security algorithm that NCC after renewal and NH value, UE support, the security algorithm that source RN is used, or also comprise the key of the Target cell that DeNB calculates and the NCC of correspondence thereof.
809, target eNB is by the key of Target cell and corresponding associated preservation of NCC thereof.
Optionally, if do not comprise key and the corresponding NCC thereof of the Target cell that DeNB calculates in this message, target eNB, according to the NH value after upgrading, is calculated the key of Target cell.
810, the security algorithm that target eNB is supported from UE, select a security algorithm, to target MME, send switching response message, this message comprises the security algorithm of target eNB selection and the NCC after renewal.
811, target MME sends S10 to source MME and forwards relocation response message, and this message comprises the security algorithm of target eNB selection and the NCC after renewal.
812, source MME sends switching request acknowledgement message to DeNB, and this message comprises the security algorithm of target eNB selection and the NCC after renewal.
813, DeNB sends switching request acknowledgement message to source RN, and this message comprises the security algorithm of target eNB selection and the NCC after renewal.
814, source RN sends switching command message to UE, and this message comprises the security algorithm of target eNB selection and the NCC after renewal.
815, UE calculates the key of NH and UE according to NCC, and the key of UE is carried out to associated preservation with NCC.
Wherein, the key of UE calculates according to formula (1).
After this, UE can select according to the key of described UE and target eNB security algorithm and target eNB communicate.
816, UE sends handoff completion message to target eNB.
817, target eNB sends handoff notification message to target MME.
Security processing when user is switched in embodiment of the present invention relay system, when UE switches to target eNB by source RN, source RN sends handover request message to target eNB, the switching request acknowledgement message that receiving target eNB sends, and send switching command message to UE, described switching command message comprises the NCC of Target cell and each reconstruction community and the security algorithm that target eNB is selected, the security algorithm of being selected according to NCC and target eNB by UE carry out key synchronization and security algorithm synchronous, thereby guarantee the communication security between UE and target eNB.
Embodiment nine
The present embodiment provides in a kind of relay system security processing when user is switched, and in the present embodiment, UE switches to target RN by source RN, and wherein, source RN and target RN lay respectively under different DeNB; For source RN provides the source DeNB of access and is positioned under same MME for target RN provides the target DeNB of access, between source DeNB and target DeNB, there is X2 interface, adopt X2 to switch.
Security processing when as shown in Figure 9, user is switched in described relay system comprises:
901, UE sends measurement report to source RN.
902, source RN carries out switch decision according to this measurement report, select target community and reconstruction community.
Optionally, source RN can be respectively Target cell and each rebuilds community computation key KeNB*, specifically can be referring to 502.
903, source RNXiang source DeNB sends handover request message, and this message comprises the security algorithm of source RN use and the security algorithm that UE supports.
Optionally, if key K eNB* has been calculated in RNWei Target cell, source and each reconstruction community, in this message, also comprise key and corresponding NCC and key and the corresponding NCC thereof that respectively rebuilds community of Target cell.
904, source DeNB receives handover request message by source RN, determines whether Target cell and rebuilds community computation key.
Specifically can, with reference to 604, not repeat them here.
905, the key that source DeNB preserves reconstruction community is, the security algorithm that the security algorithm that source RN is used and UE support, to target DeNB, send handover request message, this message comprises the key of Target cell, the security algorithm that UE supports, or, also comprise the information such as NCC, NH that source DeNB adds.
906, target DeNB will be transmitted to target RN to switching message.
907, target RN receives this handover request message by target DeNB, if this message comprises fresh NCC and NH value:
Target RN calculates the key of Target cell according to fresh NH, and this key NCC corresponding with NH carried out to associated preservation;
Or
Target RN preserves fresh NCC and NH, and by the preservation associated with NCC of the key in this message.
Further, in the security algorithm that target RN is supported by UE, select a security algorithm.
908, target RN sends switching request acknowledgement message to target DeNB, and this message comprises the security algorithm that NCC that the key of Target cell is corresponding and target RN select.
909, target DeNB is transmitted to source DeNB by this switching request acknowledgement message.
910, source DeNB is transmitted to source RN by this switching request acknowledgement message.
911, source RN sends switching command message to UE, and this message comprises the security algorithm that NCC that the key of Target cell is corresponding and target RN select.
912, UE calculates the key of NH and UE according to described NCC.
Wherein, the key of UE calculates according to formula (1).
After this, UE can select according to the key of described UE and target RN security algorithm and target RN communicate.
913, UE sends handoff completion message to target RN.
Optionally, described method can also comprise:
914, target RN is to target DeNB transmit path modify request messages.
915, target DeNB is transmitted to MME by this path modify request messages.
916, MME revises request acknowledge message to target DeNB reverse-path.
917, target DeNB revises request acknowledge message by this path and is transmitted to target RN.
Security processing when user is switched in embodiment of the present invention relay system, when UE switches to target RN by source RN, source RN sends handover request message to target RN, the switching request acknowledgement message that receiving target RN sends, and send switching command message to UE, described switching command message comprises the NCC of Target cell and each reconstruction community and the security algorithm that target RN selects, the security algorithm of being selected according to NCC and target RN by UE carry out key synchronization and security algorithm synchronous, thereby guarantee the communication security between UE and target RN.
Embodiment ten
The present embodiment provides in a kind of relay system security processing when user is switched, and in the present embodiment, UE switches to target RN by source RN, and wherein, source RN and target RN lay respectively under different DeNB; For source RN provides the source DeNB of access, be positioned under different MME from the target DeNB of access is provided for target RN, between source DeNB and target DeNB, do not have X2 interface, adopt S1 to switch.
Security processing when as shown in figure 10, user is switched in described relay system comprises:
1001, UE sends measurement report to source RN.
1002, source RN carries out switch decision according to this measurement report, select target community and reconstruction community.
Optionally, source RN can be respectively Target cell and each rebuilds community computation key KeNB*, specifically can be referring to 502.
1003, source RNXiang source DeNB sends handover request message, and this message comprises the security algorithm of source RN use and the security algorithm that UE supports.
Optionally, if key K eNB* has been calculated in RNWei Target cell, source and each reconstruction community, in this message, also comprise key and corresponding NCC and key and the corresponding NCC thereof that respectively rebuilds community of Target cell.
1004, source DeNB receives handover request message by source RN, determines whether Target cell and rebuilds community computation key.
Specifically can, with reference to 604, not repeat them here.
1005, source DeNB is transmitted to source MME by handover request message.
1006, source MME upgrades NCC and NH.
1007, source MME sends S10 to target MME and forwards RELOCATION REQUEST message, this message comprises security algorithm that NCC after renewal and NH value, UE support, security algorithm, Kasme, the KSI that source RN is used, or also comprise key and corresponding NCC and key and the corresponding NCC thereof that respectively rebuilds community of the Target cell that source DeNB calculates.
1008, target MME sends handover request message to target DeNB, this message comprises security algorithm that NCC after renewal and NH value, UE support, the security algorithm that source RN is used, or also comprise key and corresponding NCC and key and the corresponding NCC thereof that respectively rebuilds community of the Target cell that source DeNB calculates.
1009, target DeNB sends handover request message to target RN, this message comprises security algorithm that NCC after renewal and NH value, UE support, the security algorithm that source RN is used, or also comprise key and corresponding NCC and key and the corresponding NCC thereof that respectively rebuilds community of the Target cell that source DeNB calculates.
Optionally, target DeNB can also calculate the key K eNB* of Target cell and each reconstruction community.
Further, if there is the community of reconstruction to belong to other RN under target DeNB, described method can also comprise:
The information such as security algorithm that target DeNB is used key corresponding to this reconstruction community and corresponding NCC thereof and source RN send to the RN under this reconstruction community.
1010, target RN is by the key of Target cell and corresponding associated preservation of NCC thereof.
1011, the security algorithm that target RN supports from UE, select a security algorithm, to target DeNB, send switching response message, this message comprises the security algorithm of target RN selection and the NCC after renewal.
1012, target DeNB sends switching response message to target MME, and this message comprises the security algorithm of target RN selection and the NCC after renewal.
1013, target MME sends S10 to source MME and forwards reorientation message, and this message comprises the security algorithm of target RN selection and the NCC after renewal.
1014, source MMEXiang source DeNB sends switching request acknowledgement message, and this message comprises the security algorithm of target RN selection and the NCC after renewal.
1015, source DeNB sends switching request acknowledgement message to source RN, and this message comprises the security algorithm of target RN selection and the NCC after renewal.
1016, source RN sends switching command message to UE, and this message comprises the security algorithm of target RN selection and the NCC after renewal.
1017, UE calculates the key of NH and UE according to NCC, and the key of UE is carried out to associated preservation with NCC.
Wherein, the key of UE calculates according to formula (1).
After this, UE can select according to the key of described UE and target RN security algorithm and target RN communicate.
1018, UE sends handoff completion message to target RN.
Security processing when user is switched in embodiment of the present invention relay system, when UE switches to target RN by source RN, source RN sends handover request message to target RN, the switching request acknowledgement message that receiving target RN sends, and send switching command message to UE, described switching command message comprises the NCC of Target cell and each reconstruction community and the security algorithm that target RN selects, the security algorithm of being selected according to NCC and target RN by UE carry out key synchronization and security algorithm synchronous, thereby guarantee the communication security between UE and target RN.
Embodiment 11
The present embodiment provides a kind of base station, and as shown in figure 11, described base station comprises:
The first receiver module 1101, the handover request message for UE sending for reception sources RN, described handover request message is carried Target Cell Identifier and is rebuild cell ID;
Computing module 1102, is used to described Target cell and rebuilds community computation key respectively;
The first notification module 1103, for the base station under Target cell described in the key notification of the key of described Target cell and described reconstruction community and reconstruction community is common.
The NCC value of also carrying described UE in the handover request message that further, described the first receiver module 1101 receives;
As shown in figure 12, described computing module 1102 can comprise:
The first comparing unit 11021, the NCC value sending over for NCC value and the described RN of more local storage;
The first computing unit 11022, while being greater than for the NCC value when the local storage of described DeNB the NCC value that described RN sends over, NH value corresponding to NCC of using local storage is described Target cell and reconstruction community difference computation key;
Or,
In the handover request message that described the first receiver module 1101 receives, also carry the lower jumping chain counting NCC value of described UE and the key of the current use of described source RN;
As shown in figure 13, described computing module 1102 can comprise:
The second comparing unit 11023, the NCC value sending over for NCC value and the described RN of more local storage;
The second computing unit 11024, while being less than or equal to the NCC value of the Target cell that described RN sends over for the NCC value when the local storage of described DeNB, the key that uses the current use of described source RN is that computation key is distinguished in described Target cell and reconstruction community.
Embodiment of the present invention base station, for providing the DeNB of access, source RN receives the handover request message for UE that described source RN sends, for described Target cell and reconstruction community difference computation key, by the common affiliated base station in Target cell described in the key notification of the key of described Target cell and described reconstruction community and reconstruction community.Compared with prior art, the embodiment of the present invention can be carried out key synchronization by DeNB when UE switches, thereby guarantees the communication security between UE and target network node.
Embodiment 12
The present embodiment provides a kind of base station, and as shown in figure 14, described base station comprises:
The second receiver module 1401, the handover request message for UE sending for reception sources RN, described handover request message is carried Target Cell Identifier and is rebuild cell ID, and the key of the Target cell that calculates of described source RN and rebuild the key of community;
The second notification module 1402, for the base station under Target cell described in described handover request message informing and reconstruction community is common.
Further, described the second notification module 1402, specifically for key and corresponding NCC and key and the corresponding NCC thereof that rebuilds community of described Target cell that the security capabilities information of described UE, described source RN are calculated, and the security algorithm that uses for described UE of described source RN is notified described Target cell and is rebuild the base station of community under common.
Further, described the second notification module 1402, specifically for the key of Target cell that described source RN is calculated and rebuild the key of community, the NCC value for described UE of the security capabilities information of described UE, security algorithm that described source RN is used for described UE and the local storage of described DeNB and NH value are notified described Target cell and rebuild affiliated base station jointly, community.
Embodiment of the present invention base station, for providing the DeNB of access, source RN receives the handover request message for UE that described source RN sends, described handover request message is carried the key of Target cell and the key of reconstruction community that described source RN calculates, by the common affiliated base station in Target cell described in described handover request message informing and reconstruction community.Compared with prior art, the embodiment of the present invention can be carried out key synchronization by DeNB when UE switches, thereby guarantees the communication security between UE and target network node.
Embodiment 13
The present embodiment provides a kind of base station, and as shown in figure 15, described base station comprises:
The 3rd receiver module 1501, the handover request message for UE sending for receiving described source RN, described handover request message is carried Target Cell Identifier and is rebuild cell ID;
Third notice module 1502, notifies described Target cell and reconstruction community affiliated base station jointly for the NCC value for described UE of this locality storage and NH value being carried to described handover request message.
Further, described third notice module 1502, specifically for by the security algorithm of the current use of described source RN, the security capabilities information of described UE, and the NCC value for described UE of the local storage of described DeNB and NH value are notified described Target cell and reconstruction community affiliated base station jointly.
Embodiment of the present invention base station, for providing the DeNB of access, source RN receives the handover request message for UE that described source RN sends, the NCC value for described UE of this locality storage and NH value are carried at and in described handover request message, notify described Target cell and rebuild the base station of community under common, by described Target cell with rebuild the base station of community under common according to the NCC value for described UE and the key of the described Target cell of NH value calculating and the key of reconstruction community.Compared with prior art, the embodiment of the present invention can be carried out key synchronization by DeNB when UE switches, thereby guarantees the communication security between UE and target network node.
Embodiment 14
The present embodiment provides a kind of base station, and as shown in figure 16, described base station comprises:
The 4th receiver module 1601, for receiving the security parameter of described Target cell and reconstruction community, wherein, described security parameter comprises key;
The 4th notification module 1602, for when described Target cell does not belong to same node with reconstruction community, by the security parameter of described Target cell, notify the node under described Target cell, by the security parameter of described reconstruction community, notify the node under described reconstruction community.
Further, when described reconstruction community belongs to described target BS, described the 4th notification module 1602, specifically for preserving the security parameter of described reconstruction community.
Further, as shown in figure 17, described the 4th receiver module 1601, the NCC and the NH value that also for receiving MME, issue;
Described base station can also comprise:
Preserve module 1603, for described NCC and NH value are kept to this locality; And/or
The 5th notification module 1604, for by described NCC and NH value notification target RN.
Embodiment of the present invention base station, target BS receives described Target cell and rebuilds the security parameter of community, wherein, described security parameter comprises key, when described Target cell does not belong to same node with reconstruction community, described target BS is notified the node under described Target cell by the security parameter of described Target cell, by the security parameter of described reconstruction community, notifies the node under described reconstruction community.Compared with prior art, the embodiment of the present invention can be carried out the synchronous of security parameter when UE switches, thereby guarantees the communication security between UE and target network node.
The above-mentioned embodiment of the method providing can be provided in the base station that the embodiment of the present invention provides.The user that security processing when user is switched in the relay system that the embodiment of the present invention provides and base station go in relay system is switched, but is not limited only to this.
One of ordinary skill in the art will appreciate that all or part of flow process realizing in above-described embodiment method, to come the hardware that instruction is relevant to complete by computer program, described program can be stored in a computer read/write memory medium, this program, when carrying out, can comprise as the flow process of the embodiment of above-mentioned each side method.Wherein, described storage medium can be magnetic disc, CD, read-only store-memory body (Read-Only Memory, ROM) or random store-memory body (Random Access Memory, RAM) etc.
The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited to this, is anyly familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement, within all should being encompassed in protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.

Claims (23)

1.一种中继系统中用户切换时的安全处理方法,其特征在于,包括:1. A security processing method during user switching in a relay system, characterized in that, comprising: 为源中继节点RN提供接入的锚点演进基站DeNB接收所述源RN发送的针对用户设备UE的切换请求消息,所述切换请求消息携带目标小区标识及重建小区标识;The anchor evolved base station DeNB that provides access for the source relay node RN receives a handover request message for the user equipment UE sent by the source RN, where the handover request message carries a target cell identifier and a reestablished cell identifier; 所述DeNB为所述目标小区及重建小区分别计算密钥;The DeNB calculates keys for the target cell and the reconstructed cell respectively; 所述DeNB将所述目标小区的密钥和所述重建小区的密钥通知所述目标小区和重建小区共同所属的基站。The DeNB notifies the key of the target cell and the key of the re-established cell to the base station to which the target cell and the re-established cell belong together. 2.根据权利要求1所述的方法,其特征在于,2. The method of claim 1, wherein, 所述切换请求消息中还携带所述UE的下跳链计数NCC值,则所述DeNB为所述目标小区及重建小区分别计算密钥包括:The handover request message also carries the NCC value of the UE's down-hop chain count, and the DeNB calculates keys for the target cell and the reestablished cell respectively, including: 所述DeNB比较本地存储的NCC值与所述RN发送过来的NCC值;The DeNB compares the NCC value stored locally with the NCC value sent by the RN; 若所述DeNB本地存储的NCC值大于所述RN发送过来的NCC值,所述DeNB使用本地存储的NCC对应的NH值为所述目标小区及重建小区分别计算密钥;If the NCC value stored locally by the DeNB is greater than the NCC value sent by the RN, the DeNB uses the NH value corresponding to the locally stored NCC to calculate keys for the target cell and the reconstructed cell respectively; 或者,or, 所述切换请求消息中还携带所述UE的下跳链计数NCC值、以及所述源RN当前使用的密钥,则所述DeNB为所述目标小区及重建小区分别计算密钥包括:The handover request message also carries the NCC value of the UE's down-hop chain count and the key currently used by the source RN, and the DeNB calculates keys for the target cell and the rebuilt cell respectively, including: 所述DeNB比较本地存储的NCC值与所述RN发送过来的NCC值;The DeNB compares the NCC value stored locally with the NCC value sent by the RN; 若所述DeNB本地存储的NCC值小于或等于所述RN发送过来的NCC值,所述DeNB使用所述源RN当前使用的密钥为所述目标小区及重建小区分别计算密钥。If the NCC value stored locally by the DeNB is less than or equal to the NCC value sent by the RN, the DeNB uses the key currently used by the source RN to calculate keys for the target cell and the reconstructed cell respectively. 3.一种中继系统中用户切换时的安全处理方法,其特征在于,包括:3. A security processing method during user switching in a relay system, characterized in that, comprising: 为源RN提供接入的DeNB接收所述源RN发送的针对UE的切换请求消息,所述切换请求消息携带目标小区标识及重建小区标识,以及所述源RN计算出的目标小区的密钥及重建小区的密钥;The DeNB that provides access for the source RN receives the handover request message for the UE sent by the source RN, the handover request message carries the identity of the target cell and the identity of the reestablished cell, and the key of the target cell calculated by the source RN and Reconstruct the key of the cell; 所述DeNB将所述切换请求消息通知所述目标小区和重建小区共同所属的基站。The DeNB notifies the base station to which the target cell and the reestablished cell belong together of the handover request message. 4.根据权利要求3所述的方法,其特征在于,所述DeNB将所述切换请求消息通知所述目标小区和重建小区共同所属的基站包括:4. The method according to claim 3, wherein the DeNB notifying the base station to which the target cell and the reestablished cell belong together of the handover request message comprises: 所述DeNB将所述UE的安全能力信息、所述源RN计算出的所述目标小区的密钥及其对应的NCC以及重建小区的密钥及其对应的NCC,以及所述源RN针对所述UE使用的安全算法通知所述目标小区和重建小区共同所属的基站。The DeNB uses the security capability information of the UE, the key of the target cell and its corresponding NCC calculated by the source RN, the key of the re-established cell and its corresponding NCC, and the The security algorithm used by the UE notifies the base station to which the target cell and the reestablished cell belong together. 5.根据权利要求3所述的方法,其特征在于,所述DeNB将所述切换请求消息通知所述目标小区和重建小区共同所属的基站包括:5. The method according to claim 3, wherein the DeNB notifying the base station to which the target cell and the reestablished cell belong together of the handover request message comprises: 所述DeNB将所述源RN计算出的目标小区的密钥及重建小区的密钥、所述UE的安全能力信息、所述源RN针对所述UE使用的安全算法以及所述DeNB本地存储的针对所述UE的NCC值和NH值通知所述目标小区和重建小区共同所属的基站。The DeNB uses the key of the target cell calculated by the source RN and the key of the re-established cell, the security capability information of the UE, the security algorithm used by the source RN for the UE, and the locally stored For the NCC value and the NH value of the UE, notify the base station to which the target cell and the reestablished cell both belong. 6.根据权利要求5所述的方法,其特征在于,还包括:6. The method according to claim 5, further comprising: 所述目标小区和重建小区共同所属的基站使用所述DeNB本地存储的针对所述UE的NH值计算所述目标小区的密钥和重建小区的密钥;The base station to which the target cell and the reestablished cell both belong uses the NH value stored locally by the DeNB for the UE to calculate the key of the target cell and the key of the reestablished cell; 或者or 所述目标小区和重建小区共同所属的基站将所述DeNB本地存储的针对所述UE的NCC值和NH值进行存储。The base station to which the target cell and the reconstructed cell belong together stores the NCC value and the NH value for the UE locally stored by the DeNB. 7.一种中继系统中用户切换时的安全处理方法,其特征在于,包括:7. A security processing method during user switching in a relay system, characterized in that it comprises: 为源RN提供接入的DeNB接收所述源RN发送的针对UE的切换请求消息,所述切换请求消息携带目标小区标识及重建小区标识;The DeNB providing access for the source RN receives the handover request message for the UE sent by the source RN, where the handover request message carries the identity of the target cell and the identity of the reestablished cell; 所述DeNB将本地存储的针对所述UE的NCC值和NH值携带在所述切换请求消息中通知所述目标小区和重建小区共同所属的基站。The DeNB carries the locally stored NCC value and NH value for the UE in the handover request message to notify the base station to which the target cell and the reestablished cell belong together. 8.根据权利要求7所述的方法,其特征在于,所述DeNB将本地存储的NCC值和NH值携带在所述切换请求消息中通知所述目标小区和重建小区共同所属的基站包括:8. The method according to claim 7, wherein the DeNB carrying the locally stored NCC value and NH value in the handover request message to notify the base station to which the target cell and the reestablished cell belong together includes: 所述DeNB将所述源RN当前使用的安全算法,所述UE的安全能力信息,以及所述DeNB本地存储的针对所述UE的NCC值和NH值通知所述目标小区和重建小区共同所属的基站。The DeNB notifies the security algorithm currently used by the source RN, the security capability information of the UE, and the NCC value and NH value for the UE locally stored by the DeNB to the target cell and the reestablished cell. base station. 9.根据权利要求7或8所述的方法,其特征在于,还包括:9. The method according to claim 7 or 8, further comprising: 所述目标小区和重建小区共同所属的基站使用所述DeNB本地存储的针对所述UE的NH值计算所述目标小区和重建小区的密钥;The base station to which the target cell and the re-establishment cell belong together uses the NH value for the UE stored locally by the DeNB to calculate keys of the target cell and the re-establishment cell; 或者or 所述目标小区和重建小区共同所属的基站将所述DeNB本地存储的针对所述UE的NCC值和NH值进行存储。The base station to which the target cell and the reconstructed cell belong together stores the NCC value and the NH value for the UE locally stored by the DeNB. 10.一种中继系统中用户切换时的安全处理方法,其特征在于,包括:10. A security processing method when a user switches in a relay system, characterized in that it comprises: 目标基站接收所述目标小区及重建小区的安全参数,其中,所述安全参数包括密钥;The target base station receives security parameters of the target cell and the reestablished cell, where the security parameters include keys; 当所述目标小区和重建小区不属于同一节点时,所述目标基站将所述目标小区的安全参数通知所述目标小区所属的节点,将所述重建小区的安全参数通知所述重建小区所属的节点。When the target cell and the reconstructed cell do not belong to the same node, the target base station notifies the node to which the target cell belongs of the security parameters of the target cell, and notifies the security parameter of the reconstructed cell to the node to which the reconstructed cell belongs node. 11.根据权利要求10所述的方法,其特征在于,所述目标小区和重建小区不属于同一节点包括:11. The method according to claim 10, wherein the target cell and the reconstructed cell do not belong to the same node comprises: 所述目标小区属于所述目标基站下的RN,所述重建小区属于所述目标基站;The target cell belongs to the RN under the target base station, and the rebuilt cell belongs to the target base station; 或者or 所述目标小区属于所述目标基站,所述重建小区属于所述目标基站下的RN;The target cell belongs to the target base station, and the rebuilt cell belongs to the RN under the target base station; 或者or 所述目标小区属于所述目标基站下的第一RN,所述重建小区属于所述目标基站下的第二RN;The target cell belongs to a first RN under the target base station, and the rebuilt cell belongs to a second RN under the target base station; 或者or 所述目标小区属于所述目标基站下的第一RN,所述重建小区一部分属于所述目标基站下的第二RN,另一部分属于所述目标基站;The target cell belongs to the first RN under the target base station, part of the rebuilt cell belongs to the second RN under the target base station, and another part belongs to the target base station; 或者or 所述目标小区属于所述目标基站,所述重建小区一部分属于所述目标基站,另一部分属于所述目标基站下的RN。The target cell belongs to the target base station, a part of the reconstructed cell belongs to the target base station, and another part belongs to the RN under the target base station. 12.根据权利要求10所述的方法,其特征在于,当所述重建小区属于所述目标基站时,所述目标基站将所述重建小区的安全参数通知所述重建小区所属的节点具体为:12. The method according to claim 10, wherein when the rebuilt cell belongs to the target base station, the target base station notifies the node to which the rebuilt cell belongs of the security parameters of the rebuilt cell specifically as follows: 所述目标基站保存所述重建小区的安全参数。The target base station saves the security parameters of the re-established cell. 13.根据权利要求10所述的方法,其特征在于,所述方法还包括:13. The method of claim 10, further comprising: 所述目标基站接收移动性管理实体MME下发的NCC和NH值;The target base station receives the NCC and NH values issued by the mobility management entity MME; 所述目标基站将所述NCC和NH值保存在本地;和/或The target base station stores the NCC and NH values locally; and/or 所述目标基站将所述NCC和NH值通知目标RN。The target base station notifies the target RN of the NCC and NH values. 14.一种基站,其特征在于,包括:14. A base station, characterized in that it comprises: 第一接收模块,用于接收源RN发送的针对UE的切换请求消息,所述切换请求消息携带目标小区标识及重建小区标识;The first receiving module is configured to receive a handover request message for the UE sent by the source RN, where the handover request message carries a target cell identifier and a reestablished cell identifier; 计算模块,用于为所述目标小区及重建小区分别计算密钥;A calculation module, configured to calculate keys for the target cell and the rebuilt cell respectively; 第一通知模块,用于将所述目标小区的密钥和所述重建小区的密钥通知所述目标小区和重建小区共同所属的基站。The first notification module is configured to notify the base station to which the target cell and the re-established cell belong together of the key of the target cell and the key of the re-established cell. 15.根据权利要求14所述的基站,其特征在于,所述第一接收模块接收的切换请求消息中还携带所述UE的NCC值;15. The base station according to claim 14, wherein the handover request message received by the first receiving module also carries the NCC value of the UE; 则所述计算模块包括:Then the calculation module includes: 第一比较单元,用于比较本地存储的NCC值与所述RN发送过来的NCC值;A first comparison unit, configured to compare the locally stored NCC value with the NCC value sent by the RN; 第一计算单元,用于当所述DeNB本地存储的NCC值大于所述源RN发送过来的NCC值时,使用本地存储的NCC对应的NH值为所述目标小区及重建小区分别计算密钥;A first calculation unit, configured to use NH values corresponding to NCC stored locally to calculate keys for the target cell and the reconstructed cell when the NCC value stored locally by the DeNB is greater than the NCC value sent by the source RN; 或者,or, 所述第一接收模块接收的切换请求消息中还携带所述UE的下跳链计数NCC值、以及所述源RN当前使用的密钥;The handover request message received by the first receiving module also carries the NCC value of the UE's down-hop chain count and the key currently used by the source RN; 则所述计算模块包括:Then the calculation module includes: 第二比较单元,用于比较本地存储的NCC值与所述RN发送过来的NCC值;The second comparison unit is used to compare the NCC value stored locally with the NCC value sent by the RN; 第二计算单元,用于当所述DeNB本地存储的NCC值小于或等于所述RN发送过来的目标小区的NCC值时,使用所述源RN当前使用的密钥为所述目标小区及重建小区分别计算密钥。The second calculation unit is configured to use the key currently used by the source RN as the target cell and the reconstructed cell when the NCC value locally stored by the DeNB is less than or equal to the NCC value of the target cell sent by the RN Compute the keys separately. 16.一种基站,其特征在于,包括:16. A base station, characterized in that it comprises: 第二接收模块,用于接收源RN发送的针对UE的切换请求消息,所述切换请求消息携带目标小区标识及重建小区标识,以及所述源RN计算出的目标小区的密钥及重建小区的密钥;The second receiving module is configured to receive a handover request message for UE sent by the source RN, where the handover request message carries the identity of the target cell and the identity of the re-established cell, and the key of the target cell and the identity of the re-established cell calculated by the source RN key; 第二通知模块,用于将所述切换请求消息通知所述目标小区和重建小区共同所属的基站。The second notification module is configured to notify the base station to which the target cell and the reestablished cell belong together of the handover request message. 17.根据权利要求16所述的基站,其特征在于,所述第二通知模块,具体用于将所述UE的安全能力信息、所述源RN计算出的所述目标小区的密钥及其对应的NCC以及重建小区的密钥及其对应的NCC,以及所述源RN针对所述UE使用的安全算法通知所述目标小区和重建小区共同所属的基站。17. The base station according to claim 16, wherein the second notification module is specifically configured to send the security capability information of the UE, the key of the target cell calculated by the source RN, and its The corresponding NCC, the key of the re-established cell, its corresponding NCC, and the security algorithm used by the source RN for the UE notify the base station to which the target cell and the re-established cell belong together. 18.根据权利要求16所述的基站,其特征在于,所述第二通知模块,具体用于将所述源RN计算出的目标小区的密钥及重建小区的密钥、所述UE的安全能力信息、所述源RN针对所述UE使用的安全算法以及所述DeNB本地存储的针对所述UE的NCC值和NH值通知所述目标小区和重建小区共同所属的基站。18. The base station according to claim 16, wherein the second notification module is specifically configured to send the key of the target cell calculated by the source RN, the key of the reconstructed cell, the security key of the UE The capability information, the security algorithm used by the source RN for the UE, and the NCC value and NH value for the UE locally stored by the DeNB notify the base station to which the target cell and the reestablished cell belong together. 19.一种基站,其特征在于,包括:19. A base station, comprising: 第三接收模块,用于接收源中继节点RN发送的针对UE的切换请求消息,所述切换请求消息携带目标小区标识及重建小区标识;The third receiving module is configured to receive a handover request message for UE sent by a source relay node RN, where the handover request message carries a target cell identifier and a reestablished cell identifier; 第三通知模块,用于将本地存储的针对所述UE的NCC值和NH值携带在所述切换请求消息中通知所述目标小区和重建小区共同所属的基站。The third notification module is configured to include the locally stored NCC value and NH value for the UE in the handover request message to notify the base station to which the target cell and the reestablished cell belong together. 20.根据权利要求19所述的基站,其特征在于,所述第三通知模块,具体用于将所述源RN当前使用的安全算法,所述UE的安全能力信息,以及所述DeNB本地存储的针对所述UE的NCC值和NH值通知所述目标小区和重建小区共同所属的基站。20. The base station according to claim 19, wherein the third notification module is specifically configured to store the security algorithm currently used by the source RN, the security capability information of the UE, and the DeNB locally Notify the base station to which the target cell and the reestablished cell belong together of the NCC value and NH value for the UE. 21.一种基站,其特征在于,包括:21. A base station, characterized by comprising: 第四接收模块,用于接收所述目标小区及重建小区的安全参数,其中,所述安全参数包括密钥;A fourth receiving module, configured to receive security parameters of the target cell and the rebuilt cell, where the security parameters include keys; 第四通知模块,用于当所述目标小区和重建小区不属于同一节点时,将所述目标小区的安全参数通知所述目标小区所属的节点,将所述重建小区的安全参数通知所述重建小区所属的节点。A fourth notification module, configured to notify the node to which the target cell belongs of the security parameters of the target cell when the target cell and the reconstruction cell do not belong to the same node, and notify the reconstruction node of the security parameters of the reconstruction cell The node to which the cell belongs. 22.根据权利要求21所述的基站,其特征在于,当所述重建小区属于所述目标基站时,所述第四通知模块,具体用于保存所述重建小区的安全参数。22. The base station according to claim 21, wherein when the rebuilt cell belongs to the target base station, the fourth notification module is specifically configured to save security parameters of the rebuilt cell. 23.根据权利要求21所述的基站,其特征在于,所述第四接收模块,还用于接收MME下发的NCC和NH值;23. The base station according to claim 21, wherein the fourth receiving module is further configured to receive the NCC and NH values issued by the MME; 所述基站还包括:The base station also includes: 保存模块,用于将所述NCC和NH值保存在本地;和/或A saving module, configured to save the NCC and NH values locally; and/or 第五通知模块,用于将所述NCC和NH值通知目标RN。A fifth notification module, configured to notify the target RN of the NCC and NH values.
CN201010284889.2A 2010-09-17 2010-09-17 Safe processing method for user switching in relay system and base station Active CN102404732B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201010284889.2A CN102404732B (en) 2010-09-17 2010-09-17 Safe processing method for user switching in relay system and base station
PCT/CN2011/075354 WO2011147367A1 (en) 2010-09-17 2011-06-03 Safety processing method and base station during user handover in relay system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201010284889.2A CN102404732B (en) 2010-09-17 2010-09-17 Safe processing method for user switching in relay system and base station

Publications (2)

Publication Number Publication Date
CN102404732A CN102404732A (en) 2012-04-04
CN102404732B true CN102404732B (en) 2014-04-02

Family

ID=45003346

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201010284889.2A Active CN102404732B (en) 2010-09-17 2010-09-17 Safe processing method for user switching in relay system and base station

Country Status (2)

Country Link
CN (1) CN102404732B (en)
WO (1) WO2011147367A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103327475B (en) * 2012-03-21 2017-05-24 电信科学技术研究院 Addressing method and addressing device for cell switch
CN106658492A (en) * 2015-07-23 2017-05-10 中兴通讯股份有限公司 Cipher key updating method and cipher key updating device
CN107027118A (en) * 2016-02-02 2017-08-08 中国移动通信集团公司 Inter-cell switch method and device, base station
CN115604770A (en) * 2021-06-28 2023-01-13 大唐移动通信设备有限公司(Cn) Switching method, device, network equipment and relay terminal
CN119497078A (en) * 2023-08-18 2025-02-21 维沃移动通信有限公司 Transmission processing method, device, terminal and network side equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101107806A (en) * 2005-01-21 2008-01-16 三菱电机株式会社 Key storage device, key storage method, and program
CN101299888A (en) * 2008-06-16 2008-11-05 中兴通讯股份有限公司 Cryptographic key generation method, switching method, mobile management entity and customer equipment
WO2009133865A1 (en) * 2008-04-28 2009-11-05 株式会社エヌ・ティ・ティ・ドコモ Handover method, radio base station, and mobile station
CN101779391A (en) * 2007-08-12 2010-07-14 Lg电子株式会社 Handover method with link failure recovery, wireless device and base station for implementing such method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101107806A (en) * 2005-01-21 2008-01-16 三菱电机株式会社 Key storage device, key storage method, and program
CN101779391A (en) * 2007-08-12 2010-07-14 Lg电子株式会社 Handover method with link failure recovery, wireless device and base station for implementing such method
WO2009133865A1 (en) * 2008-04-28 2009-11-05 株式会社エヌ・ティ・ティ・ドコモ Handover method, radio base station, and mobile station
CN101299888A (en) * 2008-06-16 2008-11-05 中兴通讯股份有限公司 Cryptographic key generation method, switching method, mobile management entity and customer equipment

Also Published As

Publication number Publication date
WO2011147367A1 (en) 2011-12-01
CN102404732A (en) 2012-04-04

Similar Documents

Publication Publication Date Title
US10601791B2 (en) Security key generation and management method of PDCP distributed structure for supporting dual connectivity
CN102340772B (en) Security processing method, device and system in conversion process
CN102215485B (en) Method for guaranteeing safety of multi-carrier switching or reconstructing in multi-carrier communication system
CN102238666B (en) Multi-carrier switch processing method and system
CN102026313B (en) Switch processing method and equipment
US9801098B2 (en) Handover method, communication device and communication system
EP2569894B1 (en) Method and system for positioning mobile station in handover procedure
CN101810034B (en) Method and system for notifying cell type based on lte
CN102404732B (en) Safe processing method for user switching in relay system and base station
US20170134996A1 (en) Communication system adapted for key derivation during handover
CN104427566B (en) A kind of switching method and carrier aggregation system
CN102215537A (en) Switching method, evolved Node B (eNodeB) and home gateway
US10582431B2 (en) Cellular network relocation method and base station
US20130143532A1 (en) Key separation method and device
CN101998388A (en) Interaction method and device for security information
CN103686708A (en) Key isolation method and device
CN104604271A (en) Communication method, network side device, and user equipment
US11057807B2 (en) First base station, second base station, and method
CN102076037B (en) Method and device for transmitting switching information
CN101686513A (en) Cell switching method, system and device
WO2025015470A1 (en) Communication method, terminal device and network device
WO2025039905A1 (en) Transmission processing method and apparatus, terminal, and network side device
CN103139853B (en) Switching method and communication device
CN102595536A (en) Switch processing method and apparatus thereof

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant