CN102595397B - Method and device for avoiding out-of-step of network security - Google Patents

Method and device for avoiding out-of-step of network security Download PDF

Info

Publication number
CN102595397B
CN102595397B CN201210031885.2A CN201210031885A CN102595397B CN 102595397 B CN102595397 B CN 102595397B CN 201210031885 A CN201210031885 A CN 201210031885A CN 102595397 B CN102595397 B CN 102595397B
Authority
CN
China
Prior art keywords
network
key
user terminal
ksi
usim
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201210031885.2A
Other languages
Chinese (zh)
Other versions
CN102595397A (en
Inventor
陈璟
杨艳梅
许怡娴
马库斯
张爱琴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Shanghai Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Huawei Technologies Co Ltd filed Critical Shanghai Huawei Technologies Co Ltd
Priority to CN201210031885.2A priority Critical patent/CN102595397B/en
Publication of CN102595397A publication Critical patent/CN102595397A/en
Application granted granted Critical
Publication of CN102595397B publication Critical patent/CN102595397B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

An embodiment of the invention discloses a method and device for avoiding out-of-step of network security. The method comprises independently performing security parameter processing to a subscriber terminal (universal subscriber identity module card part) at the appropriate time or performing security parameter processing to the subscriber terminal (mobile equipment part) and the network side when the subscriber terminal performs network switching. According to the embodiment of the invention, by duly changing security parameters, network access failure of the terminal caused by out-of-step of the security parameters can be effectively avoided, and network availability and security of switching related scenes can be improved.

Description

Prevent the method and apparatus of network security step-out
Technical field
The present invention relates to communication technical field, relate in particular to network security technology.
Background technology
Current, it is very universal that mobile communication has developed, and in mobile communication process, relates to the problem that terminal is switched between different connecting systems.
The Radio Access Network of base station comprises Generation Mobile Telecommunication System (2G; Second Generation), Generation Mobile Telecommunication System (3G; Third Generation) and following Long Term Evolution (LTE; Long Term Evolve) system etc., class of security protection and safeguard measure between terminal and various Radio Access Network are different.These isomerization access networks have different access technologies, and security parameter structure is also incomplete same.When terminal is switched between these different access networks, in some situation, also consider to reuse the safe context parameter in original system.
Fig. 1 is the network configuration of Universal Terrestrial Radio Access Network network (UTRAN, Universal Terrestrial Radio Access Network).UTRAN comprises one or several RNS (RNS).A RNS is comprised of a radio network controller (RNC) and one or more base station (Node B).Interface between RNC and CN (core net Core network) is Iu interface, and Node B is connected by Iub interface with RNC.Inner at UTRAN, interconnected by Iur between radio network controller (RNC), Iur can be connected or be connected by transmission network by the direct physical between RNC.RNC is used for distributing and controls and is attached thereto or the Radio Resource of relevant Node B.Node B completes the conversion of the data flow between Iub interface and Uu interface, also participates in a part of RRM simultaneously.RNS (RNS) is connected with core net by the Iu interface of RNC and service support node (SGSN, GPRS Serving GPRS Support Node).
Subscriber equipment (UE; User Equipment) access UTRAN network; through authentication and key agreement (AKA; Authentication and Key Agreement) after; UE and network side produce encryption key (CK jointly; Ciphering Key) and the key of integrity protection (IK, Integrity Key).
Key identification KSI (Key Set Identifier) is the value of 3 bits, is used for tagged keys CK, IK.The value scope of KSI is [0,111], but, when the value of KSI is 111, indicate CK, IK key is unavailable, when UE adheres to (Attach) next time, network side, for example KSI can be detected be 111 situation to SGSN, thereby trigger new verification process (AKA, Authentication and Key Agreement).
CK, IK key is divided into again two covers for the type of same area (packet domain or circuit domain) not: the key of packet domain, CK ps, IK pswith the key of circuit domain, CK cs, IK cs.
CK, IK key has the lifetime, by START value, is identified, and START scope is [0, threshold value], works as CK, and when IK is newly-generated in former AKA, START value is 0. along with CK, the use of IK key, START value constantly increases, until thresholding.When START value arrives thresholding, can trigger new AKA.
In the time of mobile terminal (ME, Mobile Equipment) power down, the root key Kasme storing on ME and START value and KSIasme are all eliminated.When ME powers on again, the security parameter that preserve USIM (USIM, Universal SubscriberIdentity Module) card the inside (CK for example ps, IK ps, KSI, START value) and can send to ME, like this, CK ps, IK pskey also can normally be reused, and does not need new AKA.
Fig. 2 is the network configuration of the UTRAN (EUTRAN, Evolved UTRAN) of evolution, comprises eNB (EUTRAN NodeB), has X2 interface to realize the mutual of data and signaling between eNB.ENB is connected to the Mobility Management Entity (MME that develops block core (EPC Evolved Packet Core) network by S1 interface, Mobility Management Entity), eNB links gateway (S-GW, the Serving Gateway) by S1 interface.In EUTRAN network, only has packet domain, so only have CK ps, IK ps, below, if no special instructions, described CK, IK all represent packet domain key.
UE access EUTRAN network, after authentication, UE and network side produce CK jointly ps, IK ps, be kept in the usim card in UE.By CK ps, IK psfurther deduce and obtain connection security management entity (ASME, Access Security Management Entity) root key Kasme, be kept at mobile device (ME, the Mobile Equipment) part in UE.In EUTRAN, connection security management entity is exactly MM.
When UE moves (comprising switching handover active state and the mobile mobility under idle state) in UTRAN from EUTRAN, can be by root key K asmededuction obtains new ciphering key K ps' and IK ps' (the CK here ps', IK ps' and aforesaid CK ps, IK psnon-equivalence).Equally, when UE moves to EUTRAN from UTRAN, also can be by CK, IK deduces and obtains root key K asme.
The scene of terminal and network side safety parameter step-out is described with two typical examples below.
First scene, UE completes initial authentication AKA at EUTRAN network at first, and when UE moves to UTRAN from EUTRAN, the Kasme using in EUTRAN deduces CK, the IK using in UTEAN.
Initial UE, at EUTRAN network, through former AKA, has produced and has comprised CK ps, IK psand the key identification KSIasme of Kasme, in ME, also preserve KSIasme and Kasme, as shown in Figure 3.
When UE moves to the packet network of UTEAN from the packet network of an EUTRAN, need to utilize the Kasme preserving in ME to produce new CK ps' and IK ps', in ME, also preserved cipher key flag KSI, wherein, KSI=KSIasme, as shown in Figure 4.
When UE from EUTRAN Network Mobility to UTRAN network, if the unexpected power down of ME (be similar to mobile phone and pull out battery), in this time, network side GPRS Support Node (SGSN) also can temporarily be preserved the safe key parameter of original ME, i.e. KSI, CK ps', IK ps'.Storage security key in ME is completely because power down deletion.In USIM, also there is original KSIasme, and CK ps, IK ps, as shown in Figure 5.
When user starts shooting again, UE powers on, and now, ME reads the security parameter of preserving in USIM, comprises CK ps, IK ps, and KSI.In this time, network side SGSN also preserves the security parameter in original ME, i.e. CK ps', IK ps', KSI, as shown in Figure 6.
In the prior art; when UE starts shooting when adhering to UTRAN network again; in the process of setting up at safe context; ME sends to SGSN by safe key sign; the KSI that SGSN relatively receives is identical with the KSI self preserving, and thinks that ME and SGSN have identical encryption key and integrity protection key.Do not need new AKA process.The inventor finds under study for action, in situation in fact as shown in Figure 6, ME is upper preserve that be that terminal used in EUTRAN system is CK ps, IK ps, SGSN is upper, and what preserve is when EUTRAN switches to UTRAN, the upper CK being obtained by Kasme deduction of MME ps', IK ps', upper integrity protection key and the encryption key of preserving of ME and SGSN is not identical, so network security parameter step-out can cause whole UE access network failure.
Second scenario, UE moves to EUTRAN network from initial network, again from EUTRAN Network Mobility to UTRAN network, wherein said initial network can be GMS network or UTRAN network, when UE has carried out initial authentication AKA at UTRAN network at first, usim card has been stored the safe context CK of UE in UTRAN networking ps, IK ps, and key identification KSI.
When UE moves to EUTRAN network from UTRAN networking, need to be according to the Ck of usim card storage ps, IK psdeduction obtains the safe context Kasme of UE in EUTRAN.In store CK in usim card now ps, IK psand key identification KSI, in ME, preserving KSI and Kasme, the UE of the similar and above-mentioned scene one of its situation is the result of AKA in EUTRAN directly, as shown in Figure 3.
When UE from EUTRAN Network Mobility to UTRAN network, further from Kasme, carry out secret key deduction CK ps', IK ps', KSI does not change.If the unexpected power down of ME (be similar to and pull out battery), at this moment, the SGSN of network side also can temporarily preserve the safe key parameter of original ME, i.e. KSI, CK ps', IK ps'.Storage security key in ME is completely because power down deletion.In USIM, also there is original KSIasme, and CK ps, IK ps, this process and scene one are similar, and result is as shown in Figure 5.
When user starts shooting again, UE powers on, and now, ME reads the security parameter of preserving in USIM, comprises CK ps, IK ps, and KSI.In this time, network side SGSN also preserves the security parameter in original ME, i.e. CK ps', IK ps', KSI, as shown in Figure 6.
With the same situation of above-mentioned scene one; when UE starts shooting when adhering to UTRAN network again; in the process of setting up at safe context; ME sends to SGSN by safe key sign; the KSI that SGSN relatively receives is identical with the KSI self preserving, and thinks that ME and SGSN have identical encryption key and integrity protection key.Do not need new AKA process.In fact as shown in Figure 6, in situation, ME is upper, and that preserve is CK ps, IK ps, SGSN is upper, and what preserve is when EUTRAN switches to UTRAN, the upper CK being obtained by Kasme deduction of MME ps', IK ps', upper integrity protection key and the encryption key of preserving of ME and SGSN is not identical, so network security parameter step-out can cause whole UE access network failure.
Similarly, when UE has carried out after initial AKA at GSM network at first, in usim card, preserved the security parameter of the initial AKA of GSM, then UE moves to EUTRAN network, carries out the deduction of key, as UE again from EUTRAN Network Mobility to UTRAN network or GSM network, ME power down, then start.Its network security parameter step-out causes the principle of whole UE access network failure to be equal to scene two.
Summary of the invention
In view of this, the object of the embodiment of the present invention is to provide the method and apparatus that prevents network security step-out, thereby avoids causing because of network security parameter step-out the situation of user access network failure.
For realizing the object of the embodiment of the present invention, the embodiment of the present invention provides following technical scheme:
A method that prevents network security step-out, comprising:
User terminal and network carry out authentication and key agreement AKA;
Revise the security parameter producing in AKA process.
A method that prevents network security step-out, comprising:
When carrying out network switching, according to the key identification of former network, obtain new key sign;
Key identification using described new key sign as objective network.
Prevent a device for network security step-out, this device is positioned at subscriber terminal side, comprising:
Access unit, for accessing former network, carries out AKA at former network;
Changing unit, is set to down state for the security parameter of USIM.
For preventing a terminal for network security step-out, described terminal comprises the above-mentioned device that prevents network security step-out.
Prevent a device for network security step-out, described device is positioned at network side, comprising:
Receiving element, for when network switches, receives key identification;
Revise unit, for revising key identification;
Notification unit, notifies new network identity for sending announcement information.
Prevent a network equipment for network security step-out, comprise the above-mentioned network side apparatus that prevents network security step-out.
A method that solves network security step-out, comprising:
Network carries out security parameter coupling;
Network sends to terminal the safe mode command information that starts;
Network is not received the reply message of terminal in pre-specified time;
Network side is initiated re-authentication process.
Solve a device for network security step-out, described device comprises:
Receiving element, the security parameter sending for receiving user terminal;
Matching unit, for mating the security parameter receiving with the security parameter of self;
Transmitting element, for sending security information to user terminal;
Initiate unit, again initiate AKA when not receiving the reply message of terminal in pre-specified time.
Solve a network equipment for network security step-out, described equipment comprises the network side apparatus of above-mentioned solution network security step-out.
Visible, by the processing to the security parameter of user terminal (usim card part) separately that is in due course, or when user terminal generation network switches, user terminal (ME part) and network side are carried out to the processing of security parameter.According to the embodiment of the present invention, by time changing security parameter, effectively avoided making because of security parameter step-out the situation of accessing terminal to network failure, improved network availability and the fail safe of switching associated scenario.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, to the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is existing UTRAN schematic network structure;
Fig. 2 is existing EUTRAN schematic network structure;
Fig. 3 is that existing network switches pilot process schematic diagram;
Fig. 4 is that existing network switches pilot process schematic diagram;
Fig. 5 is that existing network switches pilot process schematic diagram;
Fig. 6 is that existing network switches pilot process schematic diagram;
The flow chart of the method that Fig. 7 provides for the embodiment of the present invention one;
The flow chart of the method that Fig. 8 provides for the embodiment of the present invention two;
The flow chart of the method that Fig. 9 provides for the embodiment of the present invention three;
The signaling diagram of the method that Figure 10 provides for the embodiment of the present invention three;
The flow chart of the method that Figure 11 provides for the embodiment of the present invention four;
The signaling diagram of the method that Figure 12 provides for the embodiment of the present invention four;
The flow chart of the method that Figure 13 provides for the embodiment of the present invention five;
The flow chart of the method that Figure 14 provides for the embodiment of the present invention six;
The signaling diagram of the method that Figure 15 provides for the embodiment of the present invention six;
The flow chart of the method that Figure 16 provides for the embodiment of the present invention seven;
The signaling diagram of the method that Figure 17 provides for the embodiment of the present invention seven;
The flow chart of the method that Figure 18 provides for the embodiment of the present invention eight;
The signaling diagram of the method that Figure 19 provides for the embodiment of the present invention eight;
The structural representation of the device that Figure 20 provides for one embodiment of the invention;
The structural representation of the device that Figure 21 provides for another embodiment of the present invention;
The structural representation of the device that Figure 22 provides for another embodiment of the present invention;
The signaling diagram of the method that Figure 23 provides for inventive embodiments nine;
The signaling diagram of the method that Figure 24 provides for inventive embodiments ten;
The signaling diagram of the method that Figure 25 provides for inventive embodiments 11.
Embodiment
For making object, technical scheme and the advantage of the embodiment of the present invention clearer, below the embodiment of the present invention is described in further detail.
The switching of mentioning in the embodiment of the present invention comprises movement (idle mobility) and the terminal switching (active handover) under state of activation of terminal under idle condition.
Fig. 7 is embodiments of the invention one, and in this embodiment, the method that prevents network security step-out that realizing the embodiment of the present invention provides comprises the following steps:
Step 701: user terminal for example, carries out authentication and key agreement (AKA) at former network (EUTRAN network).
Wherein said former network is EUTRAN network, through AKA process, has produced and has comprised CK ps, IK psand the key identification KSIasme of Kasme and Kasme, CK ps, IK ps, KSIasme is kept in USIM, in ME, preserved with USIM in same KSIasme.Same as the prior art, repeat no more.
Step 702: revise security parameter.
Preferably, after step 702, also comprise:
Again trigger AKA, generate new security parameter information.
In different embodiment, to revise security parameter and can realize in different ways, the mode below in conjunction with different, is described in detail the embodiment of the present invention.
Embodiment bis-, and in this embodiment, the security parameter by USIM is set to down state and realizes modification security parameter.Described down state refers to: by revising the security parameter in USIM, make them unavailable.Referring to Fig. 8, this embodiment specifically comprises the following steps:
Step 801: user terminal carries out AKA at former network.
Wherein said former network is EUTRAN network, UTRAN network or GSM network.
When UE is in EUTRAN network, the AKA process through initial network, has produced and has comprised CK ps, IK psand the key identification KSIasme of Kasme or KSI and Kasme, CK ps, IK psand Kasme and KSIasme be kept in USIM, KSIasme and Kasme same in USIM in ME, have also been preserved.
When UE is in UTRAN network, through UTRAN AKA process, produced and comprised CK ps, IK psand key identification KSI, be stored in ME.When ME sends command request usim card to usim card, preserve security parameter, in usim card, also can preserve CK ps, IK psand KSI.
The security parameter of step 802: USIM is set to down state.
Wherein, the security parameter of USIM is set to down state again multiple implementation, comprises the START value in USIM is set to thresholding, and key identification KSI is set to 111, and by ciphering key K, IK deletes to wait and by embodiment, describes in detail respectively below.
Embodiment tri-, and in this embodiment, by the value of START in change USIM, making USIM is down state, and referring to Fig. 9, this embodiment specifically comprises the following steps:
Step 901: user terminal carries out AKA at former network.
Step 902: the START value of USIM is set to threshold value;
Or delete CK, IK;
Or KSI is set to 111.
The corresponding signaling process figure of the example that Figure 10 provides for the present embodiment, in the figure, UE is in EUTRAN network, and concrete steps are:
Step 1~step 2:UE is in E-UTRAN network, and UE sends business request information by eNB to MME.
The security parameter that there is no UE in step 3:MME, triggers AKA process, and UE and MME produce root key Kasme.
Step 4: in UE side, ME is set to thresholding by the START value in USIM.
When the START of USIM value is set to threshold value, CK, IK just can not be again used (or CK, IK is deleted), and when user terminal (ME part) power down powers on once more, ME will read security parameter from USIM.When network side receives the adhering to request (carrying key identification KSI) of terminal and finds the corresponding former CK of KSI, IK is unavailable (or because CK, IK is deleted, terminal cannot be carried key identification KSI in adhering to request), network side judges the verification process that triggering is new, there will not be the situation of aforesaid network security step-out.
Embodiment tetra-, in this embodiment, at user terminal, in network, switch, and (for example terminal is switched to UTRAN from EUTRAN to user terminal generation secret key deduction, and the ME part of terminal and the key of network side are deduced and obtained Ck by Kasme ps', IK ps' afterwards, by the key in USIM is set to, invalidly (comprises KSI is set to 111, and/or the START value in USIM is set to thresholding, with or by the CK in USIM, IK key is deleted) make the security parameter in USIM unavailable, referring to Figure 11, this embodiment specifically comprises the following steps:
Step 1101: user terminal carries out AKA at former network.
Basic identical in process and previous embodiment, repeat no more.
Step 1102: user terminal carries out network switching, generates and deduces key, is synchronized to network side.
After user network handover success, the SGSN of network side is synchronizeed with the information on ME, and SGSN preserves the security parameter of ME, i.e. CK ps', IK ps', KSI.
Step 1103: the KSI in USIM is set to 111.
KSI can be a numeral, accounts for 3bit, by 7 values, carrys out tagged keys collection.Value 111 is used for representing K by terminal aSMEor CK, IK is unavailable, if by KSI aSMEor KSI is set to 111.
By the KSI in USIM just, be set to 111, show the current available CK that do not have ps, IK psthereby, trigger in follow-up flow process (for example start or terminal are carried out network switching again) and trigger new AKA process, set up new security parameter.
The signaling process figure of the example that Figure 12 provides for this embodiment, in the figure, UE is switched to the packet network of UTRAN from the packet network of an EUTRAN, and wherein step 1~11 are identical with network switch step in prior art, repeat no more herein.
Step 12: after network has switched, the KSI in USIM is set to 111.
When user starts shooting again, it is 111 that network detects the KSI value that UE reports, and/or UE cannot report KSI value, time will trigger AKA process, generate new key, avoided the appearance of network security step-out phenomenon.
Embodiment five, referring to Figure 13, in this embodiment, the KSI in USIM changed, and this embodiment specifically comprises:
Step 1301: user terminal carries out AKA at former network.
Process is all identical with previous embodiment, repeats no more.
Step 1302: user terminal carries out network switching, generates and deduces key, and be synchronized to network side.
After user network handover success, the SGSN of network side is synchronizeed with the information on ME, and SGSN preserves the security parameter of UE, i.e. CK ps', IK ps', KSI.
Step 1303: change the KSI value in USIM.
The KSI value wherein changing in USIM can adopt several different methods, for example, makes KSI=KSI+1.
When user is from EUTRAN is switched to UTRAN, if power-off, when user starts shooting again, ME sends user ID to network side and comprises KSI sign, network side inspection contrast KSI.
The SGSN of network side is upper, and that preserve is network switch KSI on ME while completing.After network switch completes, change the value of KSI in UTRAN, for example KSI can be set to KSI '=KSI+1, user is when power-off, and the safe key of storing in ME is lost because of power-off, during start, ME reads the information in USIM, and what read is exactly to change KSI ' value afterwards.Like this user to send KSI ' different from the KSI of network side, think and there is no available ciphering key K, IK, USIM is in down state.So just again trigger AKA process.Avoided causing because of security parameter step-out the situation of accessing terminal to network failure.
In practical application, can also by change network key identification KSI realize modification security parameter, comprising:
User terminal is at former network A KA;
When carrying out network switching, according to the key identification of former network, obtain new key sign;
Key identification using described new key sign as objective network.
Wherein, according to the key identification of former network, obtain new key sign and comprise again the close of the former network delivery of reception
Key identifies, changes or accepts to be identified by the new key after the change of former netkey sign,
Embodiment six, referring to Figure 14, in this embodiment, by changing the key identification of former network, prevent network security step-out, and this embodiment specifically comprises the following steps:
Step 1401: user terminal is at former network A KA;
Step 1402: when carrying out network switching, change the key identification of former network.
Step 1403: the key identification newly producing is sent to objective network.
Change by the following method the key identification of described network side:
Based on original key identification value, calculate new key ident value; And/or
To key identification value, give the title of a new key sign; Or
From network entity request, obtain new key sign; Or
According to preset algorithm, calculate new key sign.
The signaling flow graph of the example that Figure 15 provides for the present embodiment, former network is EUTRAN network, and objective network is UTRAN network, and concrete steps comprise:
Step 1:UE sends RAU request to target SGSN, carries the key identification KSI that UE preserves, temporary identity sign etc.
Step 2: target SGSN, to former MME request security parameter, is carried the TMSI sign obtaining from UE.
Step 2a: former MME carries out secret key deduction, deduces and obtains CK from Kasme ps', IK ps'.
Step 2b: former MME obtains a new KSI key identification.
Wherein, described new KSI is produced by described former MME, and for example in message 1, change is showed newly in the basis of original KSI, for example new KSI=old KSI+1; Or the default algorithm based on certain is calculated and is obtained; Or the generation of the step based on normal AKA process.
In other embodiments, the KSI of described property for example, is obtained to network entity (HSS) request by described former MME.
Described former MME also can give new title, for example KSI by this new key sign newor KSI uTRAN, be different from the KSI using in EUTRAN, that in objective network, use is KSI uTRA, and the value KSI of this new key identification newcan equal the value KSI of original system key identification old, or KSI newbe not equal to KSI old.
In other embodiments, can also show it is the key identification that belongs to which kind of network type security parameter for KSI increases field.For example increase dibit and identify the corresponding network type of KSI, 01: sign GSM network; 10: sign UTRAN network; 11: sign EUTRAN network.Like this, for the identical key identification KSI of initial value (3 bit), for example 110, after increasing network type, at GSM network, UTRAN, the actual KSI sign in EPS network is exactly: 01110,10110,11110.In the handoff procedure of actual different type network, the KSI initial value that UE and network side are 3bit according to network type information to length is not changed, but in initial value, increases the sign of different network types.
For example, when UE initiating layer 3 message (attach message, (the scene of having told about in corresponding background technology while Service request business request information) carrying the KSI with network type sign, Figure 19), network side just can judge that two ends KSI (has added network class offset, 5 bits) inconsistent, and trigger new AKA process, prevent network security context step-out.
Step 3.SGSN obtains the security parameter that MME sends over, and comprises and deduces the CK obtaining ps', IK ps', and new KSI key identification.
Step 4: alternatively, if in step 1, the KSI sending over from UE is 111 or other needs, triggers new AKA process.Also can generate new KSI.
Step 5:SGSN sends safe mode command (Security Mode Command), comprises the deduction ciphering key K obtaining from former MME ps', IK ps' and SGSN the cryptographic algorithm UEAs and the protection algorithm integrallty UIAs that allow.
Step 6:RNC selects final cryptographic algorithm UEA and protection algorithm integrallty UIA, and safe mode command (Security Mode Command) is sent to UE.
Step 7:UE deduces CK from Kasme ps', IK ps';
Step 8:UE sends safe mode command and completes (Security Mode Comelepte) message.
Step 9:RNC completes safe mode command (Security Mode Comelepte) message and passes to SGSN.
Step 10:SGSN sends RAU Accept message (integrity protection) to UE, carries the new KSI obtaining in above-mentioned steps 2b.
Step 11:UE receives RAU Accept message, returns to SGSN RAU Compelete message.
No matter solution based on above, for the key using in UTRAN system after switching, deduced and obtained by original system key K asme, or obtained by new AKA process, all can generate a new key sign new KSI.
Like this, after switching, the Kasme preserving in the USIM of new KSI and UE is just unequal.If, now UE power down in UTRAN, the key in ME is eliminated.
While again starting shooting, ME reads CK from USIM, IK, and Kasme.In SGSN, also there is the CK generating after deducing ps', IK ps', KSI.And KSI and Kasme are not etc., just there will not be the problem of safe step-out.But trigger new AKA process.
Embodiment seven, in this embodiment, by change network key identification KSI realize modification security parameter.Referring to Figure 16, this embodiment specifically comprises the following steps:
Step 1601: user terminal is at former network A KA;
Step 1602: when carrying out network switching, change the key identification of objective network.
The entity of carrying out generation new key sign can be the network element (for example MME) of former network, or the network element of objective network (for example SGSN).
Change by the following method the key identification of described network side:
Based on original key identification value, calculate new key ident value; And/or
To key identification value, give the title of a new key sign; Or
From network entity request, obtain new key sign; Or
According to preset algorithm, calculate new key sign.
Step 1603: user terminal obtains identical new key sign.
Comprise that network side is by the key identification informing user terminal newly producing, or the key identification of the calculative strategy (for example same algorithm) of user terminal based on same with network side based on old obtains new key sign at user terminal local computing.
The signaling flow graph of the example that Figure 17 provides for the embodiment of the present invention, comprising:
Step 1:UE sends RAU request to target SGSN, carries the KSI that UE preserves, temporary identity sign etc.
Step 2: target SGSN, to former MME request security parameter, is carried the TMSI sign obtaining from UE.
Step 2a: former MME carries out secret key deduction, deduces and obtains CK from Kasme ps', IK ps'.
Step 3.SGSN obtains the security parameter that MME sends over, and comprises and deduces the CK ' obtaining, IK ', and KSI key identification.
Step 3a: generate a new KSI based on old KSI and default algorithm.Target SGSN also can be given new title, for example KSI by this new key sign new, KSI uTRAN(be different from former KSI and use in EUTRAN, KSI uTRANto use in objective network) etc.
Step 4: alternatively, if in step 1, the KSI sending over from UE is 111 or other needs, triggers new AKA process.Also can generate new KSI.
Step 5:SGSN sends safe mode command (Security Mode Command), comprises the deduction ciphering key K obtaining from former MME ps', IK ps' and SGSN the cryptographic algorithm UEAs and the protection algorithm integrallty UIAs that allow.
Step 6:RNC selects final cryptographic algorithm UEA and protection algorithm integrallty UIA, and safe mode command (Security Mode Command) is sent to UE.
Step 7:UE deduces CK from Kasme ps', IK ps'.
Step 7a: generate new KSI based on old KSI and default algorithm.
Step 8:UE sends safe mode command and completes (Security Mode Comelepte) message.
Step 9:RNC completes safe mode command (Security Mode Comelepte) message and passes to SGSN.
Step 10:SGSN sends RAU Accept message (integrity protection) to UE, carries the new KSI obtaining in above-mentioned steps 2b.
Step 11:UE receives RAU Accept message, returns to SGSN RAU Compelete message.
The effect of this method embodiment is identical with the effect of Figure 15, repeats no more herein.
What embodiment six and embodiment seven introduced is that user terminal is in " switching " (idle mobility) of idle condition scene, switching for user terminal under state of activation (active handover) scene, its implementation can analogy, repeats no more here.
Embodiment eight, in the present embodiment, for the situation that network security step-out occurs, provide a kind of means to save the situation, and as shown in figure 18, the method comprises:
1801: the security parameter in terminal does not mate with the security parameter of network, network security step-out.
1802: terminal abandons the information of receiving.
1803: network is not received the reply message of terminal in pre-specified time.
1804: network side is initiated re-authentication process.
Figure 19 is the signaling flow graph that the embodiment of the present invention provides, and comprising:
Step 1: user's mobile terminal MS (Mobile station) initiates to adhere to request, sets up RRC (Radio Resource is controlled Radio Resource Control) and connects between MS and SRNC (service wireless network controller Serving Radio Network Controller).
Step 2:MS sends Attach Request message to SGSN, in request message the inside, carries the key identification KSI that MS the inside has had.
Step 3: network side is by the CK of this locality storage, and the key identification KSI ' that IK is corresponding and the KSI receiving contrast, and find that both are worth equal, think that network side and end side have identical ciphering key K, IK.Can use original security parameter, not need new AKA verification process.
Step 4:SGSN issues safe mode command, and which kind of security algorithm notification terminal enables, and indication is encrypted and the start-up time of integrity protection, and has added the MAC calculated value of integrity protection.This message is carried out integrity protection with IK (network side storing,, network side thinks that terminal also has same IK) here.
Step 5~6: when UE receives safe mode command, first by the IK ' value in terminal, this message is carried out to completeness check, but because in fact, IK and IK ' are also unequal, so, the MAC value of carrying in the MAC ' that terminal IK ' calculates and message is also unequal, and terminal thinks that the message receiving is wrong, thereby abandons.
Step 7~8: network side reply can not repeat to send safe mode command, until overtime within a certain period of time because receive.
Step 9: the process of initiating re-authentication AKA.
The method providing by the present embodiment, has solved the situation of aforesaid network security step-out.
The embodiment of the present invention also provides a kind of method that solves network security step-out, comprising:
Network carries out security parameter coupling.
Network sends to terminal the safe mode command information that starts.
Network is not received the reply message of terminal in pre-specified time.
Network side is initiated re-authentication process.
The method providing by the embodiment of the present invention, just can solve the problem of network security step-out.
Embodiment nine, and in idle condition, UE is first resident in UTRAN network, completes AKA process.After UTRAN network carries out AKA, usim card has been stored the context-sensitive ciphering key K of UTRAN network security ps, IK ps, and key identification KSI.When UE is from UTRAN Network Mobility to EUTRAN network, the method for realization is as follows:
Step 1:UE sends TAU request to target MME, carries the KSI that UE preserves, temporary identity sign etc.
Step 2: target MME, to former SGSN request security parameter, carries the temporary identity sign obtaining from UE.
Step 2a.MME obtains the security parameter that SGSN sends over, and comprises CK, IK, and KSI key identification.
Step 3: target MME carries out secret key deduction, from CK ps, IK psdeduction obtains Kasme, and sublayer key K nASenc, K nASint, Kenb.
Step 4: trigger possible AKA process.
Step 5:MME sends safe mode command (Security Mode Command), comprises NAS infill layer algorithm and protection algorithm integrallty that the deduction key K enb that obtains from MME and MME select.
Step 6:eNB selects cryptographic algorithm and the protection algorithm integrallty of AS layer, and safe mode command (Security Mode Command) is sent to UE.
Step 7:UE is from CK ps, IK psdeduce Kasme, and sublayer key.
Step 8:UE sends safe mode command and completes (Security Mode Comelepte) message.
Step 9:eNB completes safe mode command (Security Mode Comelepte) message and passes to MME.
Step 10:MME sends TAU Accept message (integrity protection) to UE.
Step 11:UE receives TAU Accept message, returns to MME TAU Compelete message.
Step 12:UE is set to invalid value " 111 " by the KSI in USIM.
Above-mentioned steps 1~11 all belongs to prior art, and step 12 is the newly-increased steps of embodiment nine.By the KSI in USIM just, be set to 111, show the current available CK that do not have ps, IK psthereby, trigger in follow-up flow process (for example start or terminal carry out switching between network again) and trigger new AKA process, set up new security parameter.For example when UE from EUTRAN Network Mobility after UTRAN, in ME, deduce to produce new ciphering key K ps', IK ps'. when UE is in UTRAN network, ME power down.After ME powers on again, owing to there is no security parameter in usim card, in layer 3 message (as shown in figure 19) that UE reports, just can not carry key identification KSI, when network side detects UE, there is no Context identifier safe to carry, can the new AKA process of triggering for generating.Thereby avoided the situation of the safe context step-out described in background technology.
Embodiment ten, referring to the signaling process figure of Figure 24.On the basis of embodiment 9, increase step 7b: when UE receives safe mode command, after having carried out secret key deduction, ME sends instruction to usim card, deleted the security parameter (CK, IK, KSI etc.) in usim card.
The step of preferably, security parameter in USIM being deleted also can be carried out before step 7.
Like this, when UE moves to UTRAN network, ME power down, while again starting shooting, because the security parameter in usim card is deleted, so the KSI value that UE reports is " 111 ", after network side reads, can trigger the process of a new AKA.Avoided the situation of safe context step-out.
What embodiment ten and embodiment nine introduced is that user terminal is in " switching " (idle mobility) of idle condition scene, switching for user terminal under state of activation (active handover) scene, its implementation can analogy, referring to Figure 25, embodiment 11 is switching (active handover) process of UE under state of activation, comprising:
Step 1: former RNC sends (for example reporting by analysis to measure) and switches decision;
Step 2:RNC sends handover request to SGSN;
Step 3:SGSN forwards handover request to target MME, takes the security parameter of original system simultaneously.
Step 4: target MME is according to the security parameter Ck of original system, and IK deduces and obtains Kasme, and further calculates sublayer key;
Step 5: target MME issues handover request to target eNB;
Step 6:eNB replys MME;
Step 7: target MME replys handover request to be transmitted to former SGSN;
Step 8: former SGSN sends switching command to RNC;
Step 9:RNC sends switching command to UE;
Step 10:UE receives switching command, and by CK, IK deduces Kasme;
Step 10b: revise USIM parameter, comprise that ME sends instruction to usim card, require to delete the security parameter CK of usim card the inside, IK.Or the key identification KSI in usim card is set to invalid value " 111 ";
Step 11:UE sends handoff completion message to eNB;
Step 12:eNB sends handover request to MME and completes message;
Step 13:MME forwards handover request to SGSN and completes message;
Step 14:SGSN replys handover request to MME and completes message.
In above-mentioned steps, step 10b has increased the processing procedure of security parameter in usim card.Described step 10b also can occur between step 9 and step 10, repeats no more here.Its beneficial effect and embodiment nine, similar described in embodiment ten, also no longer repeat.
Corresponding with embodiment of the method, the embodiment of the present invention is also provided for preventing the device of network security step-out, and referring to Figure 20, described device is positioned at subscriber terminal side, comprising:
Access unit 201, for accessing former network, carries out AKA at former network.
Changing unit 202, is set to down state for the security parameter of USIM USIM.
Preferably, changing unit comprises the first changing unit, the second changing unit, the 3rd changing unit or the 4th changing unit, wherein:
The first changing unit, for being set to threshold value by the START value of USIM.
The second changing unit, for being set to 111 by the key identification KSI of USIM.
The 3rd changing unit, for changing the key identification KSI of USIM.
The 4th changing unit, for deleting the ciphering key K of USIM, IK.
By the security parameter of USIM in this transformer terminals, the security parameter that makes USIM is all no longer used (CK for example, IK is deleted), when user terminal (ME part) power down powers on once more, ME will read security parameter from USIM, at this moment do not had security parameter to use, again triggered new verification process, there will not be the situation of aforesaid network security step-out.
Preferably, this device also comprises transmitting element, for sending to network side to carry out security parameter contrast the KSI after changing unit change.
During user's logging in network, will send to network side to carry out security parameter contrast the key identification after change, inconsistent if contrast is found, just trigger new verification process, there will not be equally the situation of safe step-out.
The embodiment of the present invention also provides a kind of terminal that prevents network security step-out, and this terminal comprises that above-mentioned any one prevents the end side device of network security step-out.
Referring to Figure 21, the embodiment of the present invention provides a kind of device that prevents network security step-out, and described device is positioned at network side, comprising:
Receiving element 211, for when network switches, receives key identification.
Revise unit 212, for revising key identification.
Notification unit 213, notifies new network identity for sending announcement information.
The device providing by the present embodiment, network, when receiving key identification, is made an amendment the key identification of receiving.
When described network is former network, when carrying out network switching, amended key identification is sent to objective network by notification unit, objective network identifies the key identification of receiving as new key.
When described network is objective network, can modify to the key identification of the former network receiving, amended key identification is identified as new key, and by notification unit informing user terminal.
Preferably, described modification unit also comprises:
Algoritic module, for calculating new key ident value based on original key identification value; And/or
For give the title of a new key sign to key identification value; Or
For obtain new key sign from network entity request; Or
For calculate new key sign according to preset algorithm.
By different algoritic modules, adopt different algorithms to modify to the key identification of former network.Described modification can be carried out at objective network, also can carry out at former network.
The embodiment of the present invention also provides a kind of network equipment that prevents network security step-out, and this equipment comprises the above-mentioned network side apparatus that prevents network security step-out.
The embodiment of the present invention provides a kind of device of remedying network security step-out, and referring to Figure 22, this device is positioned at network side, and this device comprises:
Receiving element 221, the security parameter sending for receiving user terminal.
Matching unit 222, for mating the security parameter receiving with the security parameter of self.
Transmitting element 223, for sending security information to user terminal.
Initiate unit 224, again initiate AKA when not receiving the reply message of terminal in pre-specified time.
The device providing by the embodiment of the present invention, can when there is network security step-out, make accordingly and remedying, when network is not received the response message that user sends within the default time limit, just initiatively initiate AKA, thereby avoided, because network security step-out causes user access network failure, having improved the network availability that switches associated scenario.
The above is only the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, under the premise without departing from the principles of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.

Claims (6)

1. a method that prevents network security step-out, is characterized in that, comprising:
User terminal carries out network switching, and described user terminal carries out network switching and comprises that described user terminal is switched to Universal Terrestrial Radio Access Network network UTRAN from evolved universal grounding wireless access network network EUTAN;
Described user terminal is generated and is deduced key by secret key deduction, and packet domain encryption key CKps' and integrity protection key IKps' are deduced and obtained by root key Kasme;
At described user terminal, occur to switch to described UTRAN network from described EUTRAN, after described CKps' and IKps' deduce and obtain, by deleting the security parameter in USIM described in the CK in USIM USIM and the described user terminal of IK in described user terminal, be set to down state.
2. method according to claim 1, is characterized in that, described user terminal carries out network switching and comprises the movement of described user terminal under idle condition, or comprises the switching of described user terminal under state of activation.
3. according to the arbitrary described method of claim 1-2, it is characterized in that, described method also comprises:
Described user terminal triggers authentication and key agreement AKA again.
4. a device that prevents network security step-out, is characterized in that, comprising:
For the unit that carries out network switching from described former network, described in carry out network and switch and comprise that described user terminal is switched to Universal Terrestrial Radio Access Network network UTRAN from evolved universal grounding wireless access network network EUTAN;
For generate the unit of deducing key by secret key deduction, packet domain encryption key CKps' and integrity protection key IKps' are deduced and are obtained by root key Kasme; And
For switching to described UTRAN network from described EUTRAN in generation, after described CKps' and IKps' deduce and obtain, by deleting the security parameter in USIM described in the CK in USIM USIM and the described user terminal of IK in described user terminal, be set to the unit of down state.
5. device according to claim 4, is characterized in that, described in carry out network and switch and to be included in the movement under idle condition, or be included in the switching under state of activation.
6. according to the arbitrary described device of claim 4-5, it is characterized in that, described device comprises:
For again triggering the unit of authentication and key agreement AKA.
CN201210031885.2A 2008-06-16 2008-08-25 Method and device for avoiding out-of-step of network security Active CN102595397B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210031885.2A CN102595397B (en) 2008-06-16 2008-08-25 Method and device for avoiding out-of-step of network security

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN200810039233.7 2008-06-16
CN200810039233 2008-06-16
CN201210031885.2A CN102595397B (en) 2008-06-16 2008-08-25 Method and device for avoiding out-of-step of network security

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN2008101468314A Division CN101610506B (en) 2008-06-16 2008-08-25 Method and device for preventing network safety from desynchronizing

Publications (2)

Publication Number Publication Date
CN102595397A CN102595397A (en) 2012-07-18
CN102595397B true CN102595397B (en) 2014-11-05

Family

ID=46483509

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210031885.2A Active CN102595397B (en) 2008-06-16 2008-08-25 Method and device for avoiding out-of-step of network security

Country Status (1)

Country Link
CN (1) CN102595397B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1521981A (en) * 2003-02-13 2004-08-18 华硕电脑股份有限公司 Method for storing a security start value in a wireless communications system
CN1905734A (en) * 2005-07-25 2007-01-31 华为技术有限公司 Method and system for object base station to obtain KI

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1521981A (en) * 2003-02-13 2004-08-18 华硕电脑股份有限公司 Method for storing a security start value in a wireless communications system
CN1905734A (en) * 2005-07-25 2007-01-31 华为技术有限公司 Method and system for object base station to obtain KI

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
3GPP TS 25.331 V8.1.0;3GPP work term;《3GPP TS 25.331》;20071231;8.3.6.3节 *
3GPP work term.3GPP TS 25.331 V8.1.0.《3GPP TS 25.331》.2007,8.3.6.3节. *

Also Published As

Publication number Publication date
CN102595397A (en) 2012-07-18

Similar Documents

Publication Publication Date Title
CN101610506B (en) Method and device for preventing network safety from desynchronizing
EP2663107B1 (en) Key generating method and apparatus
RU2517410C2 (en) Key derivation method, apparatus and system
CN101232731B (en) Method and system for UE to generate cryptographic key switching from UTRAN to EUTRAN
JP5142417B2 (en) Handover method for link failure recovery, radio equipment and base station for implementing this method
CN101600205B (en) Method and related device for accessing SIM card user equipment to evolution network
CN101083839B (en) Cipher key processing method for switching among different mobile access systems
CN101267668B (en) Key generation method, Apparatus and system
CN101931953B (en) Generate the method and system with the safe key of apparatus bound
CN112154624A (en) User identity privacy protection for pseudo base stations
US20110123029A1 (en) Method and system for generating an identity identifier of a key
US20100172500A1 (en) Method of handling inter-system handover security in wireless communications system and related communication device
EP2290875B1 (en) Generating method and system for key identity identifier at the time when user device transfers
CN101257723A (en) Method, apparatus and system for generating cipher key
JP2017520203A (en) A method and system for providing security from a wireless access network.
CN103781069B (en) Bidirectional-authentication method, device and system
KR102278296B1 (en) Recover radio links to user equipment
CN101102600A (en) Secret key processing method for switching between different mobile access systems
EP2648437B1 (en) Method, apparatus and system for key generation
CN102833741A (en) Safety parameter modification method and base station
CN101299888A (en) Cryptographic key generation method, switching method, mobile management entity and customer equipment
CN103139771A (en) Key generation method and system in switching process
CN113170369A (en) Method and apparatus for security context handling during an intersystem change
CN109842484B (en) Method, device and equipment for updating next-hop chain counter
CN102595397B (en) Method and device for avoiding out-of-step of network security

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20120718

Assignee: APPLE Inc.

Assignor: HUAWEI TECHNOLOGIES Co.,Ltd.

Contract record no.: 2015990000755

Denomination of invention: Method and device for preventing network safety from desynchronizing

Granted publication date: 20141105

License type: Common License

Record date: 20150827

LICC Enforcement, change and cancellation of record of contracts on the licence for exploitation of a patent or utility model
TR01 Transfer of patent right

Effective date of registration: 20220922

Address after: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen

Patentee after: HUAWEI TECHNOLOGIES Co.,Ltd.

Address before: 200121 No. 1800, Jinsui Road, Pudong New Area, Shanghai

Patentee before: SHANGHAI HUAWEI TECHNOLOGIES CO.,LTD.

TR01 Transfer of patent right