CN103139771A - Key generation method and system in switching process - Google Patents

Key generation method and system in switching process Download PDF

Info

Publication number
CN103139771A
CN103139771A CN2011103826467A CN201110382646A CN103139771A CN 103139771 A CN103139771 A CN 103139771A CN 2011103826467 A CN2011103826467 A CN 2011103826467A CN 201110382646 A CN201110382646 A CN 201110382646A CN 103139771 A CN103139771 A CN 103139771A
Authority
CN
China
Prior art keywords
key
enb
mme
target
base station
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2011103826467A
Other languages
Chinese (zh)
Other versions
CN103139771B (en
Inventor
曹岚健
余万涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201110382646.7A priority Critical patent/CN103139771B/en
Priority to PCT/CN2012/071474 priority patent/WO2013075417A1/en
Publication of CN103139771A publication Critical patent/CN103139771A/en
Application granted granted Critical
Publication of CN103139771B publication Critical patent/CN103139771B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
    • H04W36/0038Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information

Abstract

The invention discloses a key generation method and system in a switching process. The method includes that a network side uses next hop parameter NH to generate next hop secret key evolved node B (KeNB) in user equipment (UE) switching process; a base station is not informed of the NH generated by the network side; the network side and the UE side respectively use next hop chaining counter (NCC) values informed by a target base station to synchronize with next hop KeNB; and the target base station is informed of the next hop KeNB generated by the network side. The base station can not acquire NH, so that the next hop KeNB can not be generated, the possibility of illegally acquiring next hop KeNB is reduced, and the forward security is guaranteed. By means of the method and the system, the safety of a communication system is greatly improved.

Description

Key generation method and system in handoff procedure
Technical field
The present invention relates to the key generation technique, relate in particular to key generation method and system in a kind of handoff procedure.
Background technology
Third generation partner program (3GPP, 3rd Generation Partnership Project) grouping system (EPS of evolution, Evolved Packet System) be to be formed by the Universal Terrestrial Radio Access Network network (E-UTRAN, Evolved Universal Terrestrial Radio Access Network) of evolution and EPS core net (Evolved Packet Core).E-UTRAN is comprised of base station equipment-enode b (eNB, Evolved Node B) and equipment of the core network-Mobility Management Entity (MME, Mobility Management Entity).Subscriber equipment (UE, User Equipment) communicates by wireless air interface and eNB, and communicates by eNB and MME.
In the communication protocol framework of Long Term Evolution (LTE, Long Term Evolution) system, protocol layer has been divided into Access Layer (AS, Access Stratum) and Non-Access Stratum (NAS, Non Access Stratum).The EPS system double-deck safety protecting mechanism, namely EPS system requirements AS and NAS use respectively different safe keys.
By after authentication and key agreement (AKA, Authentication and Key Agreement) process, negotiate root key Kasme between UE and MME.UE and MME preserve respectively root key Kasme, and by Kasme respectively evolution go out AS safe key and NAS safe key.
The switching of (Inter-RAT) between (Inter-eNB) and wireless access between the handoff procedure support eNB of E-UTRAN.The Inter-RAT switching is supported by S1 interface hand off signaling process; Inter-eNB switches by S1 or the support of X2 interface hand off signaling process.Usually system uses the switching between X2 interface execution eNB.
In existing up-to-date handoff procedure, key generation and distribution procedure are specific as follows:
During initial procedure, UE sends an initial NAS message to MME, initiates the ECM-IDLE attitude to the conversion of ECM-CONNECTED attitude, comprises the NAS COUNT of renewal and the key K eNB that generates according to self Kasme in the initial NAS message of MME.
Next saltus step counter of MME initialization (NCC, Next hop Chaining Counter) value is 0.
The initial KeNB that produces of MME utilization and the Kasme that self preserves produce down hop variable element (NH, Next Hop Parameter), and renewal NCC value is 1.MME binds together the NH of generation and the NCC value of renewal, for NH, NCC=1} pair, and preserve { NH, NCC=1}.
MME sends to eNB with KeNB, and eNB uses the KeNB that receives from MME to be initial key.ENB sends the AS safe mode command to UE, and UE is with the Kasme of NAS uplink COUNT value and self preservation KeNB that derives.
When X2 switched for the first time, source eNB calculated KeNB* according to KeNB, and with { KeNB*, NCC=0} sends to target eNB.Target eNB sends to UE with NCC=0, and UE compares with the NCC value of self and the NCC value of target eNB, guarantees that KeNB and the target eNB self upgraded are consistent.MME upgrades the NCC value, and utilizes old NH and Kasme to calculate new NH, with { NH, NCC=1} is to being updated to { NH, NCC=2} pair.MME will { NH, NCC=2} be to sending to target eNB, { NH, NCC} pair that the target eNB preservation receives.
When X2 switched for the second time, source eNB calculated KeNB* according to the NH that self preserves, and with { KeNB*, NCC=2} sends to target eNB.Target eNB sends to UE with NCC=2, and UE compares the NCC value of self and the NCC value of target eNB, guarantees that KeNB and the target eNB self upgraded are consistent.MME upgrades the NCC value, and utilizes old NH and Kasme to calculate new NH, with { NH, NCC=2} is to being updated to { NH, NCC=3} pair.MME will { NH, NCC=3} be to sending to target eNB, { NH, NCC} pair that the target eNB preservation receives.
Key generation and distribution procedure when the key generation when in such scheme, X2 switches for the first time and distribution procedure and non-X2 for the first time switch are inconsistent, have caused extra resource loss.
In such scheme, source eNB derives the key K eNB of target eNB, and sends it to target eNB.Key K eNB when source eNB can derive next saltus step of UE, this may be utilized, thereby causes the potential safety hazard of communication system.
Summary of the invention
In view of this, main purpose of the present invention is to provide key generation method and system in a kind of handoff procedure, can avoid being determined by the base station key K eNB of next saltus step in the UE handoff procedure, has guaranteed the fail safe of communication system.
For achieving the above object, technical scheme of the present invention is achieved in that
Key generation method in a kind of handoff procedure comprises:
In the UE handoff procedure, network side uses NH to generate the key K eNB of next saltus step; Wherein, the NH that generates of described network side informing base station not.
Preferably, described method also comprises:
Described network side and described UE side are used the key K eNB of synchronous next saltus step of next saltus step counter NCC value that target BS notifies separately; Described network side is with the key K eNB notification target base station of next saltus step of generating.
Preferably, described use NH generates the key K eNB of next saltus step, for:
Use the cell ID of NH, target BS and the key K eNB that the descending carrier frequency number of target universal terrestrial radio access UTRA generates next saltus step.
Preferably, described method also comprises:
The key K eNB of initial next saltus step is generated according to root key Kasme and Non-Access Stratum uplink counter NAS UL COUNT value by described network side; Described network side is according to root key Kasme and KeNB initialization NH.
Preferably, described method also comprises:
Target BS will be received from next saltus step counter NCC value of source base station and encryption and the protection algorithm integrallty of described target BS selection notified described UE by source base station;
Described UE determines the NH corresponding with the NCC value of current reception, and generates the key K eNB of next new saltus step according to determined NH, then generates respectively encryption and decryption key and the Integrity Key of user's face and signaling plane according to the key K eNB of described next saltus step newly.
Preferably, described method also comprises:
After receiving the switching confirmation of described UE, target BS will be received from the NCC value of source base station and notify described network side;
Described network side is determined the NH corresponding with the NCC value of current reception, and generates the key K eNB of next new saltus step according to determined NH, and key K eNB notification target base station that will described next saltus step newly;
Target BS generates respectively encryption and decryption key and the Integrity Key of user's face and signaling plane according to the key K eNB of next received saltus step.
Preferably, described network side is mobility management unit MME.
Preferably, described method also comprises:
Source MME determines to be received from the NH corresponding to NCC value of source base station, and sends to target MME NCC value and the corresponding NH thereof that receives;
Target MME generates the key K eNB of next saltus step according to the NH that receives, and makes the NCC value add one, with key K eNB and the NCC value notification target base station that adds after of described next saltus step;
Target BS select to be encrypted and integral algorithm, and notifies described UE with encryption and integral algorithm and the NCC value that receives by target MME, source MME and source base station;
Described UE determines the NH corresponding with the NCC value of current reception, and generates the key K eNB of next new saltus step according to determined NH.
Key generation system in a kind of handoff procedure comprises MME, base station and UE, wherein:
In the UE handoff procedure, MME uses NH to generate the key K eNB of next saltus step; Wherein, the NH that generates of MME informing base station not.
Preferably, described MME and described UE side are used the key K eNB of synchronous next saltus step of NCC value that target BS notifies separately; And described MME is with the key K eNB notification target base station of next saltus step of generating.
Preferably, described UE and MME use NH, the cell ID of target BS and the key K eNB that the descending carrier frequency number of target UTRA generates next saltus step.
Preferably, described MME is further used for, and generates the initially key K eNB of next saltus step according to root key Kasme and NAS UL COUNT value; And root key Kasme and KeNB initialization NH.
Preferably, target BS is used for, and notifies described UE with being received from the NCC value of source base station and encryption and the protection algorithm integrallty of described target BS selection by source base station;
Described UE is used for, and determines the NH corresponding with the NCC value of current reception, and generates new KeNB according to determined NH, then generates encryption and decryption key and Integrity Key according to described new KeNB.
Preferably, target BS is used for, and after receiving the switching confirmation of described UE, notifies described MME with the NCC value that is received from source base station; And, generate encryption and decryption key and Integrity Key according to the KeNB that is received from described MME;
Described MME is used for, and determines the NH corresponding with the NCC value of current reception, and generates new KeNB according to determined NH, and with described new KeNB notification target base station.
Preferably, source MME is used for, and determines to be received from the NH corresponding to NCC value of source base station, and sends to target MME NCC value and the corresponding NH thereof that receives;
Target MME is used for, and generates KeNB according to the NH that receives, and makes the NCC value add one, with described KeNB and the NCC value notification target base station that adds after;
Target BS is used for, and select to encrypt and integral algorithm, and notifies described UE with encryption and integral algorithm and the NCC value that receives by target MME, source MME and source base station;
Described UE is used for, and determines the NH corresponding with the NCC value of current reception, and generates new KeNB according to determined NH.
In the present invention, in the UE handoff procedure, UE and MME use NH to generate the key K eNB of next saltus step; And the NH that MME generates does not reinform to the base station.Like this, because the base station can not obtain NH, therefore can not generate the key K eNB of next saltus step, avoid illegally obtaining the possibility of the key K eNB of next saltus step, guarantee forward security.The present invention has promoted the fail safe of communication system greatly.
Description of drawings
Fig. 1 is key product process figure in the X2 handoff procedure between eNB in the long evolving system of the embodiment of the present invention;
Fig. 2 is the key product process figure that switches to for the first time the X2 handoff procedure of the embodiment of the present invention;
Fig. 3 is that UE, the eNB of the embodiment of the present invention and MME have existed key product process figure in X2 handoff procedure in the safe context situation;
Fig. 4 is key product process figure during the S1 of the embodiment of the present invention switches.
Embodiment
Basic thought of the present invention is: in the X2 handoff procedure, source eNB no longer derives the key of next saltus step for target eNB, and source eNB only provides next saltus step counter NCC value for target eNB.Target eNB uses the NCC value to make the NH in UE and MME two entities keep synchronously, preserves identical KeNB in UE and MME thereby make.Target eNB uses the NCC value to the MME application KeNB identical with UE, thereby keeps the KeNB of self and the KeNB of UE to be consistent.In handoff procedure, NH no longer leaves MME, and eNB can't obtain NH, and eNB yet ability does not derive NH (calculate NH and must have Kasme), so source eNB can't obtain the KeNB of target eNB in next saltus step, has solved the forward secrecy problem.
For making purpose of the present invention, technical scheme and advantage are clearer, and by the following examples and with reference to accompanying drawing, the present invention is described in more detail.
Fig. 1 is key product process figure in the X2 handoff procedure between eNB in the long evolving system of the embodiment of the present invention, and as shown in Figure 1, in the embodiment of the present invention, in the X2 handoff procedure between the LTE base station eNB, key generates with distribution flow and specifically comprises the following steps:
Step 101, in initial procedure, MME does not send NH to source eNB, and MME only sends the NCC value to source eNB.
Here, initial procedure refers to set up the process of AS safe context in the eNB of source before X2 switches generation.Before the X2 switching occurs in source eNB, had the AS safe context in the eNB of source, the process of setting up this safe context can be initial connection request (as adhering to request, tracing section updating (TAU) request etc.), Intra-eNB switching, X2 switching, S1 switching or Inter-RAT switching etc.In these processes, MME sends in the AS safe context of eNB and does not comprise that { NH, NCC} pair, MME only sends the NCC value to source eNB.
Step 102, source eNB initiates the X2 handover request to target eNB, and namely source eNB sends X2 handover request message to target eNB, wherein, comprises the NCC value in this X2 handover request message.Herein, the NCC value is the NCC value that MME sends to source eNB in step 101.
Step 103, target eNB sends to UE and MME with the NCC value, and UE and MME pass through the synchronous NH of this NCC value, and use this NH to generate same KeNB.
Target eNB is notified the NCC value to UE in switching command by source eNB, the NCC value that UE will obtain from target eNB and the NCC value of self preserving compare, utilize difference between the NCC value of the NCC value that obtains from target eNB and self preservation carry out NH synchronously.Here, so-calledly synchronously refer to, the NCC value of storing in general UE is less than the NCC value of network side notice, needs the NCC value generation KeNB that uses network side to notify.
Target eNB is notified the NCC value to MME in the conversion request of path, the NCC value that MME will obtain from target eNB and the NCC value of self preserving compare, utilize difference between the NCC value of the NCC value that obtains from target eNB and self preservation carry out NH synchronously.The NCC value of in general, preserving in MME in the present invention and should equating from the NCC value that target eNB obtains.
This step can guarantee that there are identical { NH, NCC} pair in UE place and MME place.UE utilizes this KeNB RRC/UP encryption and decryption key and Integrity Key of using of generated data and signaling respectively after generating KeNB.
Step 104, MME will utilize synchronous NH to generate KeNB, and the KeNB that preserves in this KeNB and UE is consistent.
MME is carried on this KeNB in path conversion request-reply message, sends to target eNB.Target eNB is utilized this KeNB RRC/UP encryption and decryption key and Integrity Key of using of generated data and signaling respectively.RRC/UP encryption and decryption key and the Integrity Key of deriving in RRC/UP encryption and decryption key and Integrity Key and UE are consistent.
Fig. 2 is the key product process figure that switches to for the first time the X2 handoff procedure of the embodiment of the present invention, and Fig. 2 is after setting up initial connection, sets up with UE the switching for the first time that the eNB that is connected determines initiation, and here, handoff procedure is exactly the X2 handoff procedure for the first time.As shown in Figure 2, the present embodiment is that in this X2 handoff procedure, key generates entire flow with key distribution, specifically comprises the following steps:
Step 200 is set up initialization AS safe context in UE and MME, its objective is initialization NH.MME sets up request message by S1AP initialization context the NCC value is sent to source eNB; The UE initialization NH, NCC} pair, and initialization KeNB.
In step 200, set up initial AS safety in MME, be specially, MME derives KeNB according to Kasme and NAS uplink counter, KeNB=KDF (Kasme, NAS UL COUNT).NAS UL COUNT is the NAS uplink counter in initial connection request; If authenticated key agreement (AKA) process was arranged before AS SMC process, NAS UL COUNT is the NAS uplink counter in the AKA process so.KDF represents key algorithm, and is concrete, is that Kasme and the corresponding information of NAS UL COUNT is arranged sequentially, as key.
In step 200, initialization NH is specially, and MME calculates NH according to Kasme and KeNB, and makes NCC that value adds 1 after obtaining KeNB, at this moment NCC=1.MME preserves up-to-date { NH, NCC} pair.
In step 200, MME sends to eNB with the NCC value, is specially, and MME sends the S1AP initial context to eNB and sets up request message, and wherein, the NCC value is carried on S1 AP initial context and sets up in request message, sends to eNB by MME.ENB is the source eNB in the X2 handoff procedure.MME does not send NH to eNB.
In step 200, MME sends to eNB with the NCC value, is specially, and eNB preserves the NCC value after receiving the NCC value that is sent by MME.
In step 200, the UE initialization NH, NCC} pair, and initialization KeNB, be specially, set up radio bearer between eNB and UE, UE initialization NCC=0; Next saltus step key of initialization is NH=void; And derive KeNB according to Kasme and NAS uplink counter, KeNB=KDF (Kasme, NAS UL COUNT).
Step 201, UE sends measurement report to source eNB.Source eNB determines that by measurement report initiating an X2 to target eNB switches.
Step 202, source eNB sends handover request to target eNB, and source eNB sends to target eNB with next saltus step counter NCC value that self preserves in handover request.The NCC=1 that in this embodiment, source eNB preserves.In this step, source eNB also is transmitted to target eNB with the current AS safe context of source eNB, the security capabilities of UE.
Step 203, target eNB are preserved the NCC value that receives after receiving the handover request message of source eNB.NCC=1。Target eNB also selects RRC/UP to encrypt and protection algorithm integrallty according to the UE security capabilities that receives.
Step 204; target eNB is to source eNB mode handoff request acknowledgment message; handoff request acknowledgment message comprises a transmission container, and transmission container comprises the selected encryption of NCC value, target eNB that target eNB is preserved and protection algorithm integrallty sign (EIA, EEA) etc.
Step 205, source eNB sends switching command to UE, and switching command has comprised the transmission container that receives of step 204 from target eNB.Source eNB uses current AS safe context that message is encrypted and integrity protection.
Step 206, UE uses current AS safe context that message is decrypted and integrity verification after the switching command that receives source eNB transmission.
UE extracts NCC value wherein.UE will compare from source eNB the NCC value that receives and the NCC value of self preserving.UE is according to the difference between the NCC value that receives from source eNB and the NCC value of self preserving, with self { NH, NCC} is to being synchronized to the NCC value that receives corresponding { NH, NCC} pair.UE preserves this subsynchronous generation { NH, NCC} pair.
Step 207, UE after NH, utilizes this NH to calculate KeNB synchronous.Computational methods are KeNB*=KDF (NH, PCI, EARFCN_DL), and PCI is the cell ID of target eNB, the descending carrier frequency number of EARFCN_DL target E-UTRA, and UE can measure target P CI and target EARFCN_DL; Then utilize KeNB* to upgrade KeNB, KeNB=KeNB*.
UE calculates according to the EEA, the EIA that receive and the KeNB that self upgrades RRC/UP encryption and decryption key and the Integrity Key that data and signaling are used, and replaces current AS safe context.
Step 208, UE sends switch acknowledgment message to target eNB.This message is protected by the current AS safe context of UE, and the current AS safe context of UE is updated in step 207.
Step 209, target eNB transmit path conversion request message is to MME.Wherein target eNB NCC value notice that self is preserved is to MME.The NCC value is identical with the NCC value that UE receives in step 206; Target eNB also sends to MME with its PCI and EARFCN_DL, is used for derivation KeNB*.
Step 210, MME extracts NCC value wherein after receiving the path transforming message that comes from target eNB.MME compares the NCC value that receives and the NCC value of self preserving, if identical, MME will take out related { NH, the NH of NCC} centering of NCC value therewith; If different, MME will calculate the NH that is associated with the NCC value that receives.
In the present invention, the NCC value that can guarantee to preserve in MME is more than or equal to the NCC value that receives from target eNB, and MME preserves the NH associated with this NCC value.
Step 211, MME after NH, utilizes this NH to calculate KeNB synchronous.Computational methods are KeNB*=KDF (NH, PCI, EARFCN_DL), and here, PCI and EARFCN_DL are PCI and the EARFCN_DL of target eNB; Then utilize KeNB* to upgrade KeNB, KeNB=KeNB*.
Step 212, MME will calculate { NH, NCC} pair of next saltus step after calculating KeNB.At first the NCC value is added 1; Next calculates NH, NH=KDF (NH_old, Kasme), and wherein, NH_old is the last time NH that preserves in MME.This newly calculate { NH, NCC} is to will be for the key updating of saltus step next time.
Step 213, MME carries to target eNB transmit path conversion request-reply message the KeNB that new NCC value and step 211 are calculated in this path conversion request-reply message.The NCC value will be synchronous for UE and the NH between MME of next saltus step; The KeNB that preserves in KeNB and UE is consistent.RRC/UP encryption and decryption key and Integrity Key that KeNB will be used for generation of data and signaling by target eNB.
Step 214, target eNB will be preserved new NCC value, and use KeNB and self selected EEA, EIA to calculate RRC/UP encryption and decryption key and Integrity Key.Target eNB will use newly-generated AS safe context that switch acknowledgment message received in step 208 is decrypted and integrity verification.
Step 215, target eNB send releasing resource message to source eNB.Source eNB will delete all AS safe contexts relevant with UE after receiving the releasing resource message that comes from target eNB.
Fig. 3 is that UE, the eNB of the embodiment of the present invention and MME have existed key product process figure in X2 handoff procedure in the safe context situation, and Fig. 3 is carrying out before X2 switches, and UE and source eNB have had the AS safe context, and MME has also had part AS safe context.These safe contexts are to be produced by Signalling exchange between before UE, eNB, MME, the initial connection procedure of these Signalling exchanges before may being, handoff procedure etc.The present embodiment is all to have existed key in X2 handoff procedure in the safe context situation to generate entire flow with key distribution at UE, eNB and MME, specifically comprises the following steps:
Before UE initiated measurement report, UE preserved that { NH, is designated as NCC_UE by NCC} pair; There is the NCC value in eNB place, source, is designated as NCC_eNB; MME preserve { NH, is designated as NCC_MME by NCC} pair.Signalling interactive process before can guarantee that NCC_UE is less than or equal to NCC_eNB; And NCC_eNB is less than or equal to NCC_MME.
Step 301, UE sends measurement report to source eNB.Source eNB determines that by measurement report initiating an X2 to target eNB switches.
Step 302, source eNB sends handover request message to target eNB, carries the NCC_eNB that active eNB preserves in this handover request message.In this step, source eNB also is transmitted to target eNB with the current AS safe context of source eNB, the security capabilities of UE.
Step 303, target eNB are preserved the NCC_eNB that receives after receiving the handover request message of source eNB.Target eNB also selects RRC/UP to encrypt and protection algorithm integrallty according to the UE security capabilities that receives.
Step 304; target eNB sends handoff request acknowledgment message to source eNB; handoff request acknowledgment message comprises a transmission container, and transmission container comprises target NCC_eNB, the selected encryption of target eNB and protection algorithm integrallty sign (EIA, EEA) etc.
Step 305, source eNB sends switching command to UE, and switching command has comprised the transmission container that receives in step 204 from target eNB.
Step 306, UE uses current AS safe context that message is decrypted and integrity verification after the switching command that receives source eNB transmission.
UE extracts NCC value wherein.UE will compare from source eNB the NCC value that receives and the NCC value of self preserving.UE is according to the difference between the NCC value that receives from source eNB and the NCC value of self preserving, with self { NH, NCC} is to being synchronized to the NCC value that receives corresponding { NH, NCC} pair.UE preserves this subsynchronous generation { NH, NCC} pair.
Step 307, UE after NH, utilizes this NH to calculate KeNB synchronous.Computational methods are KeNB*=KDF (NH, PCI, EARFCN_DL); Then utilize KeNB* to upgrade KeNB, KeNB=KeNB*.
Step 308, UE sends switch acknowledgment message to target eNB.
Step 309, target eNB transmit path conversion request message is to MME.Wherein target eNB NCC_eNB that self is preserved notifies to MME; Target eNB notifies its PCI and EARFCN_DL to MME.
Step 310, MME extracts the NCC_eNB that carries in this path transforming message after receiving the path transforming message that comes from target eNB.MME compares NCC_eNB and the NCC_MME that self preserves, if identical, MME takes out { NH, the NH of NCC} centering of NCC_MME association therewith; If different, MME will calculate the NH that is associated with the NCC_eNB that receives.
Step 311, MME after NH, utilizes this NH to calculate KeNB synchronous.Computational methods are KeNB*=KDF (NH, PCI, EARFCN_DL), and wherein, PCI and EARFCN_DL are PCI and the EARFCN_DL of target eNB; Then utilize KeNB* to upgrade KeNB, KeNB=KeNB*.
Step 312, MME will calculate { NH, NCC} pair of next saltus step after calculating KeNB.At first the NCC value is added 1; Next calculates NH, NH=KDF (NH_old, Kasme).This newly calculate { NH, NCC} is to will be for the key updating of saltus step next time.
Step 313, MME is to target eNB transmit path conversion request-reply message, wherein the KeNB that calculates of attach new NCC value and step 311.The NCC value will be synchronous for UE and the NH between MME of next saltus step; The KeNB that preserves in KeNB and UE is consistent.RRC/UP encryption and decryption key and Integrity Key that KeNB will be used for generation of data and signaling by target eNB.
Step 314, target eNB will be preserved new NCC value, and use KeNB and self selected EEA, EIA to calculate RRC/UP encryption and decryption key and Integrity Key that data and signaling are used.Target eNB will use newly-generated AS safe context that switch acknowledgment message received in step 308 is decrypted and integrity verification.
Step 315, target eNB send releasing resource message to source eNB.Source eNB will delete all AS safe contexts relevant with UE after receiving the releasing resource message that comes from target eNB.
As can be seen from above, key generative process shown in Figure 2 is a special case of process shown in accompanying drawing 3, no matter be that the switching of carrying out for the first time is exactly the process that X2 switches, or the X2 switching occurs in the situation that has had the AS safe context in UE and eNB, the present invention can both make the flow process of X2 handoff procedure be consistent, and has guaranteed forward secrecy.
Fig. 4 is key product process figure during the S1 of the embodiment of the present invention switches, Fig. 4 is that during a S1 switches, key generates and the key distribution flow process, wherein, in order to guarantee the forward secrecy in the X2 handoff procedure, also be necessary to make eNB can't obtain NH in the S1 handoff procedure, the source eNB of making does not possess the ability of the KeNB of derived object eNB, specifically comprises the following steps:
Step 401, UE sends out measurement report to source eNB.Maintain at this moment the AS safe context of UE in UE, source eNB, source MME.
Step 402, source eNB initiates the switching demand to source MME, switches the demand related news and comprises the NCC value that source eNB preserves.
Step 403, source MME { NH, NCC} pair synchronous according to the NCC value that receives from source eNB.Source MME send to forward RELOCATION REQUEST message to target MME, with after will be synchronous { NH, NCC} is to sending to target MME with Kasme, eKSI.
Step 404, target MME at first according to receive { NH, then NCC} adds 1 with NCC value to calculating KeNB, calculating { NH, NCC} pair that make new advances.It is new that { NH, NCC} is to being used for the generation of next saltus step key.
Step 405, target MME sends handover request message to target eNB.This handover request message comprises the KeNB that calculates in step 404 and new NCC value.Target MME does not send NH to target eNB.
Step 406, target eNB will be selected to encrypt and protection algorithm integrallty, the encryption that chooses and protection algorithm integrallty sign and NCC value are carried in handoff request acknowledgment message, and send to target MME.
Step 407, target MME forwards relocation response message to source MME, and this relocation response message comprises NCC value, encryption and the protection algorithm integrallty sign of preserving in target eNB.
Step 408, source MME sends out switching command to source eNB, comprising the NCC value of preserving in target eNB, encryption and protection algorithm integrallty sign.
Step 409, source eNB sends out switching command to UE, comprising the NCC value of preserving in target eNB, encryption and protection algorithm integrallty sign.
Step 410, UE synchronous according to the NCC value that receives from source eNB NH, NCC} pair, and utilization synchronously good NH calculate KeNB.UE calculates according to the encryption that receives and protection algorithm integrallty sign and KeNB encryption and decryption key and the Integrity Key that data and signaling are used.
Step 411, UE sends switch acknowledgment message to target eNB.Set up AS safety between UE and target eNB.
The present invention has also put down in writing key generation system in a kind of handoff procedure, comprises MME, base station and UE, wherein:
In the UE handoff procedure, MME uses NH to generate the key K eNB of next saltus step; Wherein, the NH that generates of MME informing base station not.
Wherein, above-mentioned MME and above-mentioned UE side are used the key K eNB of synchronous next saltus step of NCC value that target BS notifies separately; And described MME is with the key K eNB notification target base station of next saltus step of generating.
Above-mentioned UE and MME use the cell ID of NH, target BS and the key K eNB that the descending carrier frequency number of target universal terrestrial radio access UTRA generates next saltus step.
Above-mentioned MME is further used for, and generates the initially key K eNB of next saltus step according to root key Kasme and NAS UL COUNT value; And root key Kasme and KeNB initialization NH.
Preferably, target BS is used for, and notifies described UE with being received from the NCC value of source base station and encryption and the protection algorithm integrallty of described target BS selection by source base station;
Described UE is used for, and determines the NH corresponding with the NCC value of current reception, and generates new KeNB according to determined NH, then generates encryption and decryption key and Integrity Key according to described new KeNB.
Preferably, target BS is used for, and after receiving the switching confirmation of described UE, notifies described MME with the NCC value that is received from source base station; And, generate encryption and decryption key and Integrity Key according to the KeNB that is received from described MME;
Described MME is used for, and determines the NH corresponding with the NCC value of current reception, and generates new KeNB according to determined NH, and with described new KeNB notification target base station.
Perhaps, preferably, source MME is used for, and determines to be received from the NH corresponding to NCC value of source base station, and sends to target MME NCC value and the corresponding NH thereof that receives;
Target MME is used for, and generates KeNB according to the NH that receives, and makes the NCC value add one, with described KeNB and the NCC value notification target base station that adds after;
Target BS is used for, and select to encrypt and integral algorithm, and notifies described UE with encryption and integral algorithm and the NCC value that receives by target MME, source MME and source base station;
Described UE is used for, and determines the NH corresponding with the NCC value of current reception, and generates new KeNB according to determined NH.
The function that it will be appreciated by those skilled in the art that each network element in the key generation system in this example handoff procedure can be understood referring to the associated description of earlier figures 1 to Fig. 4.In handoff procedure of the present invention, the key generation system is on existing network configuration basis, just corresponding Network Element Function has been carried out improvement, and network configuration still can be understood referring to existing network infrastructure.
The above is only preferred embodiment of the present invention, is not for limiting protection scope of the present invention.

Claims (15)

1. key generation method in a handoff procedure, is characterized in that, described method comprises:
In the user equipment (UE) handoff procedure, network side uses down hop variable element NH to generate the key K eNB of next saltus step; Wherein, the NH that generates of described network side informing base station not.
2. method according to claim 1, is characterized in that, described method also comprises:
Described network side and described UE side are used the key K eNB of synchronous next saltus step of next saltus step counter NCC value that target BS notifies separately; Described network side is with the key K eNB notification target base station of next saltus step of generating.
3. method according to claim 1, is characterized in that, described use NH generates the key K eNB of next saltus step, for:
Use the cell ID of NH, target BS and the key K eNB that the descending carrier frequency number of target universal terrestrial radio access UTRA generates next saltus step.
4. the described method of any one according to claim 1 to 3, is characterized in that, described method also comprises:
The key K eNB of initial next saltus step is generated according to root key Kasme and Non-Access Stratum uplink counter NAS UL COUNT value by described network side; Described network side is according to root key Kasme and KeNB initialization NH.
5. the described method of any one according to claim 1 to 3, is characterized in that, described method also comprises:
Target BS will be received from next saltus step counter NCC value of source base station and encryption and the protection algorithm integrallty of described target BS selection notified described UE by source base station;
Described UE determines the NH corresponding with the NCC value of current reception, and generates the key K eNB of next new saltus step according to determined NH, then generates respectively encryption and decryption key and the Integrity Key of user's face and signaling plane according to the key K eNB of described next saltus step newly.
6. method according to claim 5, is characterized in that, described method also comprises:
After receiving the switching confirmation of described UE, target BS will be received from the NCC value of source base station and notify described network side;
Described network side is determined the NH corresponding with the NCC value of current reception, and generates the key K eNB of next new saltus step according to determined NH, and key K eNB notification target base station that will described next saltus step newly;
Target BS generates respectively encryption and decryption key and the Integrity Key of user's face and signaling plane according to the key K eNB of next received saltus step.
7. the described method of according to claim 1 to 6 any one, is characterized in that, described network side is mobility management unit MME.
8. the described method of any one according to claim 1 to 3, is characterized in that, described method also comprises:
Source MME determines to be received from the NH corresponding to NCC value of source base station, and sends to target MME NCC value and the corresponding NH thereof that receives;
Target MME generates the key K eNB of next saltus step according to the NH that receives, and makes the NCC value add one, with key K eNB and the NCC value notification target base station that adds after of described next saltus step;
Target BS select to be encrypted and integral algorithm, and notifies described UE with encryption and integral algorithm and the NCC value that receives by target MME, source MME and source base station;
Described UE determines the NH corresponding with the NCC value of current reception, and generates the key K eNB of next new saltus step according to determined NH.
9. key generation system in a handoff procedure, comprise MME, base station and UE, it is characterized in that:
In the UE handoff procedure, MME uses NH to generate the key K eNB of next saltus step; Wherein, the NH that generates of MME informing base station not.
10. system according to claim 9 is characterized in that:
Described MME and described UE side are used the key K eNB of synchronous next saltus step of NCC value that target BS notifies separately; And described MME is with the key K eNB notification target base station of next saltus step of generating.
11. system according to claim 10 is characterized in that, described UE and MME use NH, the cell ID of target BS and the key K eNB that the descending carrier frequency number of target UTRA generates next saltus step.
12. any one described system according to claim 9 to 11 is characterized in that:
Described MME is further used for, and generates the initially key K eNB of next saltus step according to root key Kasme and NAS UL COUNT value; And root key Kasme and KeNB initialization NH.
13. any one described system according to claim 9 to 11 is characterized in that:
Target BS is used for, and notifies described UE with being received from the NCC value of source base station and encryption and the protection algorithm integrallty of described target BS selection by source base station;
Described UE is used for, and determines the NH corresponding with the NCC value of current reception, and generates new KeNB according to determined NH, then generates encryption and decryption key and Integrity Key according to described new KeNB.
14. system according to claim 13 is characterized in that:
Target BS is used for, and after receiving the switching confirmation of described UE, notifies described MME with the NCC value that is received from source base station; And, generate encryption and decryption key and Integrity Key according to the KeNB that is received from described MME;
Described MME is used for, and determines the NH corresponding with the NCC value of current reception, and generates new KeNB according to determined NH, and with described new KeNB notification target base station.
15. any one described system according to claim 9 to 11 is characterized in that:
Source MME is used for, and determines to be received from the NH corresponding to NCC value of source base station, and sends to target MME NCC value and the corresponding NH thereof that receives;
Target MME is used for, and generates KeNB according to the NH that receives, and makes the NCC value add one, with described KeNB and the NCC value notification target base station that adds after;
Target BS is used for, and select to encrypt and integral algorithm, and notifies described UE with encryption and integral algorithm and the NCC value that receives by target MME, source MME and source base station;
Described UE is used for, and determines the NH corresponding with the NCC value of current reception, and generates new KeNB according to determined NH.
CN201110382646.7A 2011-11-25 2011-11-25 Key generation method and system in handoff procedure Expired - Fee Related CN103139771B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201110382646.7A CN103139771B (en) 2011-11-25 2011-11-25 Key generation method and system in handoff procedure
PCT/CN2012/071474 WO2013075417A1 (en) 2011-11-25 2012-02-22 Method and system for generating key during handover

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110382646.7A CN103139771B (en) 2011-11-25 2011-11-25 Key generation method and system in handoff procedure

Publications (2)

Publication Number Publication Date
CN103139771A true CN103139771A (en) 2013-06-05
CN103139771B CN103139771B (en) 2018-03-30

Family

ID=48469050

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110382646.7A Expired - Fee Related CN103139771B (en) 2011-11-25 2011-11-25 Key generation method and system in handoff procedure

Country Status (2)

Country Link
CN (1) CN103139771B (en)
WO (1) WO2013075417A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015113197A1 (en) * 2014-01-28 2015-08-06 华为技术有限公司 Apparatus and method for encrypting data
CN108337661A (en) * 2018-01-04 2018-07-27 西南交通大学 The car-ground communication access layer switching authentication methods of LTE-R based on bill
WO2018227431A1 (en) * 2017-06-14 2018-12-20 Zte Corporation Methods and computing device for obtaining a security key for access to a wireless network
CN110830988A (en) * 2018-08-08 2020-02-21 维沃移动通信有限公司 Security updating method, network device and terminal
RU2741509C1 (en) * 2017-09-15 2021-01-26 Телефонактиеболагет Лм Эрикссон (Пабл) Security context in wireless communication system
CN113873509A (en) * 2013-08-09 2021-12-31 三星电子株式会社 Apparatus in communication system and method for communication by the same

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080268840A1 (en) * 2005-03-31 2008-10-30 Motorola, Inc. Apparatus and Method for Controlling a Radio Bearer Reconfiguration
CN101772100A (en) * 2008-12-29 2010-07-07 中国移动通信集团公司 Key updating method, equipment and system for switching base station eNB in LTE (Long Term Evolution) system
CN102027769A (en) * 2008-09-22 2011-04-20 株式会社Ntt都科摩 Mobile communication method
US20110274276A1 (en) * 2010-05-10 2011-11-10 Samsung Electronics Co. Ltd. Method and system for positioning mobile station in handover procedure

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080268840A1 (en) * 2005-03-31 2008-10-30 Motorola, Inc. Apparatus and Method for Controlling a Radio Bearer Reconfiguration
CN102027769A (en) * 2008-09-22 2011-04-20 株式会社Ntt都科摩 Mobile communication method
CN101772100A (en) * 2008-12-29 2010-07-07 中国移动通信集团公司 Key updating method, equipment and system for switching base station eNB in LTE (Long Term Evolution) system
US20110274276A1 (en) * 2010-05-10 2011-11-10 Samsung Electronics Co. Ltd. Method and system for positioning mobile station in handover procedure

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113873509A (en) * 2013-08-09 2021-12-31 三星电子株式会社 Apparatus in communication system and method for communication by the same
WO2015113197A1 (en) * 2014-01-28 2015-08-06 华为技术有限公司 Apparatus and method for encrypting data
WO2018227431A1 (en) * 2017-06-14 2018-12-20 Zte Corporation Methods and computing device for obtaining a security key for access to a wireless network
RU2741509C1 (en) * 2017-09-15 2021-01-26 Телефонактиеболагет Лм Эрикссон (Пабл) Security context in wireless communication system
US10939334B2 (en) 2017-09-15 2021-03-02 Telefonaktiebolaget Lm Ericsson (Publ) Security context in a wireless communication system
US11184812B2 (en) 2017-09-15 2021-11-23 Telefonaktiebolaget Lm Ericsson (Publ) Security context in a wireless communication system
CN108337661A (en) * 2018-01-04 2018-07-27 西南交通大学 The car-ground communication access layer switching authentication methods of LTE-R based on bill
CN108337661B (en) * 2018-01-04 2020-05-19 西南交通大学 LTE-R vehicle-ground communication access layer switching authentication method based on bill
CN110830988A (en) * 2018-08-08 2020-02-21 维沃移动通信有限公司 Security updating method, network device and terminal
CN110830988B (en) * 2018-08-08 2023-08-15 维沃移动通信有限公司 Security updating method, network equipment and terminal

Also Published As

Publication number Publication date
WO2013075417A1 (en) 2013-05-30
CN103139771B (en) 2018-03-30

Similar Documents

Publication Publication Date Title
EP3576446B1 (en) Key derivation method
US20220150062A1 (en) Method, device, and system for deriving keys
CN107371155B (en) Communication security processing method, device and system
CN109362108B (en) A kind of methods, devices and systems of safeguard protection
EP2663107B1 (en) Key generating method and apparatus
US20170359719A1 (en) Key generation method, device, and system
JP5774096B2 (en) Air interface key update method, core network node, and radio access system
JP2017520203A (en) A method and system for providing security from a wireless access network.
CN110035054A (en) For enabling the method and system of the secure communication for the transmission between ENB
US8666078B2 (en) Method and system for generating cipher key during switching
WO2010018865A1 (en) Mobile communication method, radio base station, and mobile station
CN102244862A (en) Method for acquiring security key
CN103139771A (en) Key generation method and system in switching process
CN102056157A (en) Method, system and device for determining keys and ciphertexts
EP2648437B1 (en) Method, apparatus and system for key generation
CN109246696B (en) Key processing method and related device
CN101552983A (en) Key generating method, key generating device, mobile management entity and user equipment
WO2013020420A1 (en) Security key activation method, access network node, user equipment and system
JP2010045815A (en) Mobile communication method, radio base station, and mobile station
CN102065420B (en) Method, system and device for determining secret key
CN101902736A (en) Update method of air interface secret key, core net node and radio access system
CN116782211A (en) Determination method of switching key, switching method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20180330

Termination date: 20201125

CF01 Termination of patent right due to non-payment of annual fee