CN103139771B - Key generation method and system in handoff procedure - Google Patents

Key generation method and system in handoff procedure Download PDF

Info

Publication number
CN103139771B
CN103139771B CN201110382646.7A CN201110382646A CN103139771B CN 103139771 B CN103139771 B CN 103139771B CN 201110382646 A CN201110382646 A CN 201110382646A CN 103139771 B CN103139771 B CN 103139771B
Authority
CN
China
Prior art keywords
target
kenb
mme
key
ncc
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201110382646.7A
Other languages
Chinese (zh)
Other versions
CN103139771A (en
Inventor
曹岚健
余万涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201110382646.7A priority Critical patent/CN103139771B/en
Priority to PCT/CN2012/071474 priority patent/WO2013075417A1/en
Publication of CN103139771A publication Critical patent/CN103139771A/en
Application granted granted Critical
Publication of CN103139771B publication Critical patent/CN103139771B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
    • H04W36/0038Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information

Abstract

The invention discloses key generation method and system in a kind of handoff procedure, methods described includes:In UE handoff procedures, network side generates the key KeNB of next saltus step using next-hop variable element NH;Wherein, the NH of network side generation does not notify base station;The key KeNB for the synchronous next saltus step of next saltus step counter NCC values that the network side and the UE sides are each notified using target BS;The key KeNB of the next saltus step generated is notified target BS by the network side.Because base station can not obtain NH, therefore the key KeNB of next saltus step can not be generated, avoid the possibility for the key KeNB for illegally obtaining next saltus step, ensure that forward security.The present invention greatly improves the security of communication system.

Description

Key generation method and system in handoff procedure
Technical field
The present invention relates to key generation method and system in key generation techniques, more particularly to a kind of handoff procedure.
Background technology
The packet of third generation partner program (3GPP, 3rd Generation Partnership Project) evolution System (EPS, Evolved Packet System) is Universal Terrestrial Radio Access Network network (E-UTRAN, the Evolved by evolution Universal Terrestrial Radio Access Network) and EPS core nets (Evolved Packet Core) group Into.E-UTRAN is by base station equipment-enode b (eNB, Evolved Node B) and equipment of the core network-mobility management entity (MME, Mobility Management Entity) is formed.User equipment (UE, User Equipment) passes through wireless air Interface is communicated with eNB, and is communicated by eNB with MME.
In the communication protocol architecture of Long Term Evolution (LTE, Long Term Evolution) system, protocol layer is divided into Access Layer (AS, Access Stratum) and Non-Access Stratum (NAS, Non Access Stratum).EPS devises bilayer Safety protecting mechanism, i.e. EPS require that AS and NAS uses different safe keys respectively.
Pass through authentication and key agreement (AKA, Authentication and Key Agreement) mistake between UE and MME Cheng Hou, negotiate root key Kasme.UE and MME preserves root key Kasme respectively, and evolution goes out AS peaces respectively by Kasme Full key and NAS safe keys.
E-UTRAN handoff procedure supports (Inter-eNB) between eNB between wireless access (Inter-RAT) to cut Change.Inter-RAT switchings are supported by S1 interface hand off signaling process;Inter-eNB switches by S1 or X2 interface hand off signaling mistake Journey is supported.Usual system performs the switching between eNB using X2 interface.
Key generation and distribution procedure are specific as follows in existing newest handoff procedure:
During initial procedure, UE sends an Initial NAS message to MME, initiates ECM-IDLE states to ECM-CONNECTED states Conversion, NAS COUNT comprising renewal in MME Initial NAS messages and the key KeNB generated according to the Kasme of itself.
It is 0 that MME, which initializes next saltus step counter (NCC, Next hop Chaining Counter) value,.
MME produces next-hop variable element (NH, Next Hop using initial caused KeNB and the Kasme itself preserved Parameter), and NCC values are updated for 1.MME binds together caused NH and renewal NCC values, is { NH, NCC= 1 } it is right, and preserve { NH, NCC=1 }.
KeNB is sent to eNB by MME, and it is initial key that eNB, which uses the KeNB received at MME,.ENB sends AS safety Mode command derives KeNB to UE, UE using NAS uplink COUNT values and the Kasme itself preserved.
When first time X2 switches, source eNB calculates KeNB* according to KeNB, and { KeNB*, NCC=0 } is sent into target eNB.NCC=0 is sent to UE by target eNB, and UE is compared with the NCC values of itself and target eNB NCC values, ensures that itself updates KeNB and target eNB be consistent.MME updates NCC values, and new NH is calculated using old NH and Kasme, by { NH, NCC =1 } it is right to being updated to { NH, NCC=2 }.{ NH, NCC=2 } is preserved what is received by MME to being sent to target eNB, target eNB { NH, NCC } is right.
During second of X2 switching, the NH that source eNB preserves according to itself calculates KeNB*, and { KeNB*, NCC=2 } is sent out Give target eNB.NCC=2 is sent to UE by target eNB, UE by the NCC values of itself compared with target eNB NCC values, Ensure that the KeNB and target eNB of itself renewal is consistent.MME updates NCC values, and is calculated newly using old NH and Kasme NH is right to being updated to { NH, NCC=3 } by { NH, NCC=2 }.MME is by { NH, NCC=3 } to being sent to target eNB, target eNB It is right to preserve { NH, the NCC } received.
Key when key generation and distribution procedure when first time X2 switches in such scheme switch with non-first time X2 Generation and distribution procedure are inconsistent, cause extra resource loss.
Source eNB derives target eNB key KeNB in such scheme, and sends it to target eNB.Source eNB can be with Key KeNB during the next saltus steps of UE is derived, this may be utilized, so as to cause the potential safety hazard of communication system.
The content of the invention
In view of this, it is a primary object of the present invention to provide key generation method and system, energy in a kind of handoff procedure Avoid being determined the key KeNB of next saltus step in UE handoff procedures by base station, ensure that the security of communication system.
To reach above-mentioned purpose, the technical proposal of the invention is realized in this way:
Key generation method in a kind of handoff procedure, including:
In UE handoff procedures, network side generates the key KeNB of next saltus step using NH;Wherein, the network side generation NH do not notify base station.
Preferably, methods described also includes:
The network side and the UE sides are each used under next saltus step counter NCC value synchronizations that target BS is notified The key KeNB of one saltus step;The key KeNB of the next saltus step generated is notified target BS by the network side.
Preferably, the key KeNB that next saltus step is generated using NH, it is:
It is next using the descending carrier frequency number generations of NH, the cell ID of target BS and target universal terrestrial radio access UTRA The key KeNB of saltus step.
Preferably, methods described also includes:
The key KeNB of initial next saltus step is by the network side according to root key Kasme and Non-Access Stratum up-link meter Number device NAS UL COUNT value generations;The network side initializes NH according to root key Kasme and KeNB.
Preferably, methods described also includes:
The encryption that target BS selects next saltus step counter NCC values received from source base station and the target BS The UE is notified by source base station with protection algorithm integrallty;
The UE determines NH corresponding with currently received NCC values, and new next saltus step is generated according to identified NH Key KeNB, generate the encryption and decryption key of user plane and signaling plane respectively further according to the key KeNB of new next saltus step And Integrity Key.
Preferably, methods described also includes:
After the switching confirmation for receiving the UE, the NCC values received from source base station are notified the network side by target BS;
The network side determines NH corresponding with currently received NCC values, and generates newly next according to identified NH The key KeNB of saltus step, and the key KeNB of new next saltus step is notified into target BS;
Target BS generates user plane respectively according to the key KeNB of received next saltus step and adding for signaling plane solves Key and Integrity Key.
Preferably, the network side is mobility management unit MME.
Preferably, methods described also includes:
Source MME determines NH corresponding to the NCC values received from source base station, and to target MME the received NCC values of transmission and its Corresponding NH;
Target MME generates the key KeNB of next saltus step according to the NH received, and makes NCC values plus one, will be described next The key KeNB of saltus step and plus one after NCC values notify target BS;
Target BS selection encryption and integral algorithm, and will encrypt logical with integral algorithm and the NCC values received Cross target MME, source MME and source base station and notify the UE;
The UE determines NH corresponding with currently received NCC values, and new next saltus step is generated according to identified NH Key KeNB.
Key generation system in a kind of handoff procedure, including MME, base station and UE, wherein:
In UE handoff procedures, MME generates the key KeNB of next saltus step using NH;Wherein, the NH of MME generations is not notified Base station.
Preferably, the next saltus step of NCC values synchronization that the MME and the UE sides are each notified using target BS it is close Key KeNB;And the key KeNB of the next saltus step generated is notified target BS by the MME.
Preferably, the UE and MME, given birth to using NH, the cell ID of target BS and the descending carrier frequency numbers of target UTRA Into the key KeNB of next saltus step.
Preferably, the MME is further used for, and is generated according to root key Kasme and NAS UL COUNT values initial next The key KeNB of saltus step;And root key Kasme and KeNB initialization NH.
Preferably, target BS is used for, encryption that the NCC values received from source base station and the target BS are selected and Protection algorithm integrallty notifies the UE by source base station;
The UE is used for, it is determined that NH corresponding with currently received NCC values, and generated newly according to identified NH KeNB, encryption and decryption key and Integrity Key are generated further according to the new KeNB.
Preferably, target BS is used for, after the switching confirmation for receiving the UE, the NCC values received from source base station is logical Know the MME;And encryption and decryption key and Integrity Key are generated according to the KeNB received from the MME;
The MME is used for, it is determined that NH corresponding with currently received NCC values, and generated newly according to identified NH KeNB, and the new KeNB is notified into target BS.
Preferably, source MME is used for, it is determined that NH corresponding to the NCC values received from source base station, and send and connect to target MME The NCC values of receipts and its corresponding NH;
Target MME is used for, and KeNB is generated according to the NH that is received, and makes NCC values plus one, by the KeNB and after adding one NCC values notify target BS;
Target BS is used for, selection encryption and integral algorithm, and will encrypt and integral algorithm and the NCC received Value notifies the UE by target MME, source MME and source base station;
The UE is used for, it is determined that NH corresponding with currently received NCC values, and generated newly according to identified NH KeNB。
In the present invention, in UE handoff procedures, UE and MME generate the key KeNB of next saltus step using NH;Also, MME institutes The NH of generation is not longer notified about to base station.So, because base station can not obtain NH, therefore the key of next saltus step can not be generated KeNB, the possibility for the key KeNB for illegally obtaining next saltus step is avoided, ensure that forward security.The present invention greatly promotes The security of communication system.
Brief description of the drawings
Key product process figure in X2 handoff procedures of the Fig. 1 between eNB in the long evolving system of the embodiment of the present invention;
Fig. 2 is to switch to the key product process figure of X2 handoff procedures the first time of the embodiment of the present invention;
Fig. 3 is close in the X2 handoff procedures in the case of the existing safe context of UE, eNB and MME of the embodiment of the present invention Key product process figure;
Fig. 4 is key product process figure during the S1 of the embodiment of the present invention switches.
Embodiment
The present invention basic thought be:In X2 handoff procedures, source eNB no longer derives next saltus step for target eNB Key, source eNB only provide next saltus step counter NCC values for target eNB.Target eNB makes UE and the entities of MME two using NCC values Interior NH keeps synchronous, so that preserving identical KeNB in UE and MME.Target eNB is applied and UE phases using NCC values to MME Same KeNB, so as to keep the KeNB of itself and UE KeNB to be consistent.In handoff procedure, NH not further out MME, eNB without Method obtains NH, and eNB also has no ability to derive NH (Kasme must be possessed by calculating NH), so source eNB can not obtain next saltus step Middle target eNB KeNB, solves the problems, such as forward secrecy.
To make the purpose of the present invention, technical scheme and advantage are more clearly understood, by the following examples and referring to the drawings, right The present invention is further described.
Key product process figure in X2 handoff procedures of the Fig. 1 between eNB in the long evolving system of the embodiment of the present invention, As shown in figure 1, in the embodiment of the present invention, key is generated and specifically wrapped with distribution flow in the X2 handoff procedures between LTE base station eNB Include following steps:
Step 101, in initial procedure, MME does not send NH and gives source eNB, MME only to send NCC values and give source eNB.
Here, initial procedure refers to before X2 switchings occur, and the process of AS safe contexts is established in the eNB of source. Before X2 switchings occur for source eNB, AS safe contexts are had existed in the eNB of source, the process for establishing this safe context can be with It is initial connection request (such as attach request, tracing section updating (TAU) are asked), Intra-eNB switchings, X2 switches, S1 is cut Change or Inter-RAT switching etc..During these, MME, which is sent in eNB AS safe contexts, does not include { NH, NCC } Right, MME only sends NCC values and gives source eNB.
Step 102, source eNB initiates X2 handover requests to target eNB, i.e. source eNB sends X2 handover requests to target eNB and disappeared Breath, wherein, NCC values are included in the X2 handover request message.Herein, NCC values are that MME is sent to source eNB in a step 101 NCC values.
Step 103, NCC values are sent to UE and MME by target eNB, and UE and MME are used and are somebody's turn to do by the synchronous NH of this NCC value NH generates same KeNB.
Target eNB in switching command notifies NCC values the NCC that will be obtained to UE, UE at target eNB by source eNB Value and the NCC values itself preserved are compared, using between the NCC values obtained at target eNB and the NCC values itself preserved Difference carries out NH synchronization.Here, so-called synchronously to refer to, the NCC values stored in general UE are less than the NCC of network side notice Value is, it is necessary to which the NCC values notified using network side generate KeNB.
Target eNB notifies NCC values to MME in path integration request, MME by the NCC values obtained at target eNB with The NCC values itself preserved are compared, and utilize the difference between the NCC values obtained at target eNB and the NCC values itself preserved Carry out NH synchronization.In general, the NCC values preserved in MME and the NCC values obtained at target eNB should in the present invention It is equal.
This step can ensure at UE and have identical { NH, NCC } right at MME.UE utilizes this after KeNB is generated KeNB generates the RRC/UP encryption and decryption key and Integrity Key of data and signaling respectively.
Step 104, MME will generate KeNB using synchronous NH, and the KeNB is consistent with the KeNB preserved in UE.
The KeNB is carried in path integration request-reply message by MME, is sent to target eNB.Target eNB is utilized should KeNB generates the RRC/UP encryption and decryption key and Integrity Key of data and signaling respectively.RRC/UP encryption and decryption key and complete The RRC/UP encryption and decryption key and Integrity Key derived in property key and UE is consistent.
Fig. 2 is to switch to the key product process figure of X2 handoff procedures the first time of the embodiment of the present invention, and Fig. 2 is to establish After playing initial connection, the first time switching that the eNB being connected determines to initiate is set up with UE, here, first time handoff procedure is exactly X2 handoff procedures.As shown in Fig. 2 the present embodiment is the entire flow of key generation and key distribution in the X2 handoff procedures, tool Body comprises the following steps:
Step 200, initialization AS safe contexts are set up in UE and MME, the purpose is to initialize NH.MME passes through S1AP initialization contexts establish request message and NCC values are sent into source eNB;UE initialization { NH, NCC } is right, and initializes KeNB。
In step 200, initial AS safety is set up in MME, specifically, MME is according to Kasme and NAS up-link meters Number device derives KeNB, KeNB=KDF (Kasme, NAS UL COUNT).NAS UL COUNT are in initial connection request NAS uplink counters;If there is authenticated key agreement (AKA) process before AS SMC processes, then NAS UL COUNT is the NAS uplink counters during AKA.KDF represents key algorithm, specifically, being by Kasme and NAS UL Information order corresponding to COUNT arranges, as key.
In step 200, NH is initialized, specifically, MME calculates NH after KeNB is obtained according to Kasme and KeNB, And NCC values plus 1 are made, now NCC=1.It is right that MME preserves newest { NH, NCC }.
In step 200, NCC values are sent to eNB by MME, are asked specifically, MME sends the foundation of S1AP initial contexts to eNB Message is sought, wherein, NCC values are carried on S1 AP initial contexts and established in request message, and eNB is sent to by MME.ENB cuts for X2 Source eNB during changing.MME does not send NH to eNB.
In step 200, NCC values are sent to eNB by MME, specifically, eNB after the NCC values sent by MME are received, is incited somebody to action NCC values preserve.
In step 200, UE initialization { NH, NCC } is right, and initializes KeNB, specifically, setting up nothing between eNB and UE Line carries, UE initialization NCC=0;It is NH=void to initialize next saltus step key;And according to Kasme and NAS up-links Counter derives KeNB, KeNB=KDF (Kasme, NAS UL COUNT).
Step 201, UE sends measurement report to source eNB.Source eNB determines directional aim eNB initiations once by measurement report X2 switches.
Step 202, source eNB sends handover request to target eNB, and source eNB preserves itself in handover request next Saltus step counter NCC values are sent to target eNB.The NCC=1 that source eNB is preserved in this embodiment.Source eNB will also in this step Source eNB current AS safe contexts, UE security capabilities is transmitted to target eNB.
Step 203, target eNB preserves the NCC values received after source eNB handover request message is received.NCC= 1.Target eNB is always according to the UE security capabilities selection RRC/UP encryptions received and protection algorithm integrallty.
Step 204, target eNB includes one to source eNB mode handoff request acknowledgment messages, handoff request acknowledgment message Container is transmitted, transmission container includes the encryption and integrity protection calculation selected by NCC values, target eNB that target eNB preserved Method mark (EIA, EEA) etc..
Step 205, source eNB sends switching command to UE, includes being connect from target eNB for step 204 in switching command The transmission container received.Message is encrypted using current AS safe contexts by source eNB and integrity protection.
Step 206, UE is after the switching command of source eNB transmissions is received, using current AS safe contexts to message It is decrypted and integrity verification.
UE extracts NCC values therein.UE is compared the NCC values received from source eNB and the NCC values itself preserved Compared with.UE is right by itself { NH, NCC } according to the difference between the NCC values received from source eNB and the NCC values itself preserved It is right to be synchronized to the NCC values received corresponding { NH, NCC }.It is right that UE preserves this subsynchronous caused { NH, NCC }.
Step 207, KeNB is calculated using the NH after NH is synchronized in UE.Computational methods be KeNB*=KDF (NH, PCI, EARFCN_DL), PCI is target eNB cell ID, and the descending carrier frequency numbers of EARFCN_DL targets E-UTRA, UE can survey Measure target PCI and target EARFCN_DL;Then KeNB* renewals KeNB, KeNB=KeNB* are utilized.
The RRC/UP that UE calculates data and signaling according to EEA, EIA for receiving and the KeNB itself updated adds solution Key and Integrity Key, and replace current AS safe contexts.
Step 208, UE sends switch acknowledgment message and gives target eNB.This message is protected by UE current AS safe contexts Shield, AS safe contexts current UE are updated in step 207.
Step 209, target eNB transmitting pathes transition request message is to MME.The NCC that wherein target eNB is preserved itself Value notice is to MME.NCC values are identical with the NCC values that UE is received in step 206;Target eNB is also by its PCI and EARFCN_DL MME is sent to, for deriving KeNB*.
Step 210, MME extracts NCC values therein after the path integration message for coming from target eNB is received. MME is by the NCC values received compared with the NCC values itself preserved, if identical, MME will take out what is associated with this NCC value The NH of { NH, NCC } centering;If it is different, MME is by the associated NH of the NCC values for calculating with receiving.
In the present invention, it can guarantee that the NCC values preserved in MME are more than or equal to the NCC values received at target eNB, MME is protected There is the NH associated with the NCC values.
Step 211, KeNB is calculated using the NH after NH is synchronized in MME.Computational methods be KeNB*=KDF (NH, PCI, EARFCN_DL), here, PCI and EARFCN_DL are target eNB PCI and EARFCN_DL;Then updated using KeNB* KeNB, KeNB=KeNB*.
Step 212, MME is right by { NH, the NCC } that calculates next saltus step after KeNB is calculated.First by NCC values plus 1; Secondly NH, NH=KDF (NH_old, Kasme) are calculated, wherein, NH_old is the previous NH preserved in MME.What this was newly calculated { NH, NCC } is to by the key updating for saltus step next time.
Step 213, MME is to target eNB transmitting path convert requests response messages, in the path integration request-reply message Carry the KeNB that new NCC values and step 211 are calculated.NCC values are same by the NH between the UE and MME for next saltus step Step;KeNB is consistent with the KeNB preserved in UE.KeNB adds the RRC/UP for being used to produce data and signaling by target eNB Decruption key and Integrity Key.
Step 214, target eNB will preserve new NCC values, and be calculated using EEA, EIA selected by KeNB and itself RRC/UP encryption and decryption key and Integrity Key.Target eNB by using newly-generated AS safe contexts to being connect in step 208 The switch acknowledgment message received is decrypted and integrity verification.
Step 215, target eNB sends release message related to resources and gives source eNB.Source eNB comes from releasing for target eNB receiving After putting message related to resources, all AS safe contexts relevant with UE will be deleted.
Fig. 3 is close in the X2 handoff procedures in the case of the existing safe context of UE, eNB and MME of the embodiment of the present invention Key product process figure, Fig. 3 are that UE and source eNB there has been AS safe contexts, and MME there has also been part before X2 switchings are carried out AS safe contexts.These safe contexts are as caused by Signalling exchange between UE, eNB, MME before, and these signalings are handed over Initial connection procedure, handoff procedure before being probably mutually etc..The present embodiment is above and below the existing safety of UE, eNB and MME The entire flow of key generation and key distribution, specifically includes following steps in X2 handoff procedures in the case of text:
UE initiate measurement report before, UE preserve { NH, NCC } it is right, be designated as NCC_UE;NCC values at the eNB of source be present, It is designated as NCC_eNB;{ NH, the NCC } that MME is preserved is right, is designated as NCC_MME.Signalling interactive process before can ensure NCC_UE Less than or equal to NCC_eNB;And NCC_eNB is less than or equal to NCC_MME.
Step 301, UE sends measurement report to source eNB.Source eNB determines directional aim eNB initiations once by measurement report X2 switches.
Step 302, source eNB sends handover request message to target eNB, and active eNB is carried in the handover request message and is protected The NCC_eNB deposited.Source eNB current AS safe contexts, UE security capabilities are also transmitted to target by source eNB in this step eNB。
Step 303, target eNB preserves the NCC_eNB received after source eNB handover request message is received.Target ENB is always according to the UE security capabilities selection RRC/UP encryptions received and protection algorithm integrallty.
Step 304, target eNB sends handoff request acknowledgment message to source eNB, and handoff request acknowledgment message includes one Container is transmitted, transmission container includes the encryption and protection algorithm integrallty mark selected by target NCC_eNB, target eNB (EIA, EEA) etc..
Step 305, source eNB sends switching command to UE, include in switching command in step 204 from target eNB The transmission container received.
Step 306, UE is after the switching command of source eNB transmissions is received, using current AS safe contexts to message It is decrypted and integrity verification.
UE extracts NCC values therein.UE is compared the NCC values received from source eNB and the NCC values itself preserved Compared with.UE is right by itself { NH, NCC } according to the difference between the NCC values received from source eNB and the NCC values itself preserved It is right to be synchronized to the NCC values received corresponding { NH, NCC }.It is right that UE preserves this subsynchronous caused { NH, NCC }.
Step 307, KeNB is calculated using the NH after NH is synchronized in UE.Computational methods be KeNB*=KDF (NH, PCI, EARFCN_DL);Then KeNB* renewals KeNB, KeNB=KeNB* are utilized.
Step 308, UE sends switch acknowledgment message and gives target eNB.
Step 309, target eNB transmitting pathes transition request message is to MME.Wherein target eNB is preserved itself NCC_eNB is notified to MME;Target eNB notifies its PCI and EARFCN_DL to MME.
Step 310, MME is extracted in the path integration message after the path integration message for coming from target eNB is received The NCC_eNB of carrying.MME is by NCC_eNB compared with the NCC_MME itself preserved, if identical, MME takes out and this The NH of { NH, NCC } centering of NCC_MME associations;If it is different, MME is by the associated NH of the NCC_eNB for calculating with receiving.
Step 311, KeNB is calculated using the NH after NH is synchronized in MME.Computational methods be KeNB*=KDF (NH, PCI, EARFCN_DL), wherein, PCI and PCI and EARFCN_DL that EARFCN_DL is target eNB;Then updated using KeNB* KeNB, KeNB=KeNB*.
Step 312, MME is right by { NH, the NCC } that calculates next saltus step after KeNB is calculated.First by NCC values plus 1; Secondly NH, NH=KDF (NH_old, Kasme) are calculated.This { NH, NCC } for newly calculating is to by the key for saltus step next time Renewal.
Step 313, MME is to target eNB transmitting path convert requests response messages, wherein subsidiary new NCC values and step 311 KeNB calculated.NCC values are synchronous by the NH between the UE and MME for next saltus step;Preserved in KeNB and UE KeNB is consistent.KeNB is close by the RRC/UP encryption and decryption key and integrality for being used to produce data and signaling by target eNB Key.
Step 314, target eNB will preserve new NCC values, and be calculated using EEA, EIA selected by KeNB and itself The RRC/UP encryption and decryption key and Integrity Key of data and signaling.Target eNB will use newly-generated AS safe contexts Switch acknowledgment message received in step 308 is decrypted and integrity verification.
Step 315, target eNB sends release message related to resources and gives source eNB.Source eNB comes from releasing for target eNB receiving After putting message related to resources, all AS safe contexts relevant with UE will be deleted.
From the aforegoing it can be seen that key generation process shown in Fig. 2 is a special case of process shown in accompanying drawing 3, either The switching once carried out be exactly X2 switching process, or X2 switching occur in UE and eNB existing AS safe contexts In the case of, the present invention can be consistent the flow of X2 handoff procedures, and ensure that forward secrecy.
Fig. 4 be the embodiment of the present invention S1 switchings in key product process figure, Fig. 4 be in S1 switching key generation and Key distribution flow, wherein, in order to ensure the forward secrecy in X2 handoff procedures, be also necessary in S1 handoff procedures so that ENB can not obtain NH, the ability for making source eNB not possess derived object eNB KeNB, specifically include following steps:
Step 401, UE sends out measurement report to source eNB.UE AS safety is now maintained in UE, source eNB, source MME up and down Text.
Step 402, source eNB initiates switching demand to source MME, and switching demand related news include what source eNB was preserved NCC values.
Step 403, source MME is right according to the NCC values synchronous { NH, NCC } received from source eNB.Source MME is sent out to target MME Forwarding RELOCATION REQUEST message is sent, { NH, the NCC } couple after synchronization and Kasme, eKSI are sent to target MME.
Step 404, target MME, then by NCC values plus 1, is counted first according to { NH, the NCC } received to calculating KeNB It is right to calculate new { NH, NCC }.New { NH, NCC } is to the generation for next saltus step key.
Step 405, target MME sends handover request message to target eNB.The handover request message includes step 404 Middle calculated KeNB and new NCC values.Target MME does not send NH and gives target eNB.
Step 406, target eNB will select encryption and protection algorithm integrallty, by the encryption chosen and integrity protection Algorithm is identified and NCC values are carried in handoff request acknowledgment message, and is sent to target MME.
Step 407, target MME forwards relocation response message to give source MME, and the relocation response message includes target NCC values, encryption and the protection algorithm integrallty mark preserved in eNB.
Step 408, source MME to source eNB send out switching command, including preserved in target eNB NCC values, encrypt and Protection algorithm integrallty identifies.
Step 409, source eNB to UE send out switching command, including preserved in target eNB NCC values, encryption and completely Property protection algorism mark.
Step 410, UE is right according to the NCC values synchronous { NH, NCC } received at the eNB of source, and utilizes synchronous good NH meters Calculate KeNB.UE according to the encryption received and protection algorithm integrallty mark and KeNB calculate data and signaling plus Decruption key and Integrity Key.
Step 411, UE sends switch acknowledgment message to target eNB.AS safety is set up between UE and target eNB.
The present invention also describes key generation system in a kind of handoff procedure, including MME, base station and UE, wherein:
In UE handoff procedures, MME generates the key KeNB of next saltus step using NH;Wherein, the NH of MME generations is not notified Base station.
Wherein, the key for the synchronous next saltus step of NCC values that above-mentioned MME and above-mentioned UE sides are each notified using target BS KeNB;And the key KeNB of the next saltus step generated is notified target BS by the MME.
Above-mentioned UE and MME, it is descending to access UTRA using NH, the cell ID of target BS and target universal terrestrial radio Carrier frequency number generates the key KeNB of next saltus step.
Above-mentioned MME is further used for, and the close of initial next saltus step is generated according to root key Kasme and NAS UL COUNT values Key KeNB;And root key Kasme and KeNB initialization NH.
Preferably, target BS is used for, encryption that the NCC values received from source base station and the target BS are selected and Protection algorithm integrallty notifies the UE by source base station;
The UE is used for, it is determined that NH corresponding with currently received NCC values, and generated newly according to identified NH KeNB, encryption and decryption key and Integrity Key are generated further according to the new KeNB.
Preferably, target BS is used for, after the switching confirmation for receiving the UE, the NCC values received from source base station is logical Know the MME;And encryption and decryption key and Integrity Key are generated according to the KeNB received from the MME;
The MME is used for, it is determined that NH corresponding with currently received NCC values, and generated newly according to identified NH KeNB, and the new KeNB is notified into target BS.
Or, it is preferable that source MME is used for, it is determined that NH corresponding to the NCC values received from source base station, and sent to target MME The NCC values received and its corresponding NH;
Target MME is used for, and KeNB is generated according to the NH that is received, and makes NCC values plus one, by the KeNB and after adding one NCC values notify target BS;
Target BS is used for, selection encryption and integral algorithm, and will encrypt and integral algorithm and the NCC received Value notifies the UE by target MME, source MME and source base station;
The UE is used for, it is determined that NH corresponding with currently received NCC values, and generated newly according to identified NH KeNB。
It will be appreciated by those skilled in the art that the function of each network element in this example handoff procedure in key generation system can Understand referring to earlier figures 1 to Fig. 4 associated description.Key generation system is in existing network knot in handoff procedure of the present invention On the basis of structure, improvement simply is carried out to corresponding Network Element Function, network structure still can be found in existing network infrastructure and manage Solution.
The foregoing is only a preferred embodiment of the present invention, is not intended to limit the scope of the present invention.

Claims (17)

1. key generation method in a kind of handoff procedure, it is characterised in that methods described includes:
In user equipment (UE) handoff procedure, source base station only provides next saltus step counter NCC values for target BS;
Target BS makes the NH of UE and network side keep synchronous using NCC values;
Network side generates the key KeNB of next saltus step using next-hop variable element NH;
Wherein, the NH of the network side generation does not notify base station.
2. according to the method for claim 1, it is characterised in that methods described also includes:
The synchronous next-hop of next saltus step counter NCC values that the network side and the UE sides are each notified using target BS The key KeNB of change;The key KeNB of the next saltus step generated is notified target BS by the network side.
3. according to the method for claim 1, it is characterised in that the key KeNB that next saltus step is generated using NH, be:
Next saltus step is generated using the descending carrier frequency numbers of NH, the cell ID of target BS and target universal terrestrial radio access UTRA Key KeNB.
4. according to the method in any one of claims 1 to 3, it is characterised in that methods described also includes:
The key KeNB of initial next saltus step is by the network side according to root key Kasme and Non-Access Stratum uplink counter NAS UL COUNT values generate;The network side initializes NH according to root key Kasme and KeNB.
5. according to the method in any one of claims 1 to 3, it is characterised in that methods described also includes:
Encryption that target BS selects next saltus step counter NCC values received from source base station and the target BS and complete Whole property protection algorism notifies the UE by source base station;
The UE determines NH corresponding with currently received NCC values, and the close of new next saltus step is generated according to identified NH Key KeNB, the encryption and decryption key of user plane and signaling plane and complete is generated respectively further according to the key KeNB of new next saltus step Whole property key.
6. according to the method for claim 5, it is characterised in that methods described also includes:
After the switching confirmation for receiving the UE, the NCC values received from source base station are notified the network side by target BS;
The network side determines NH corresponding with currently received NCC values, and new next saltus step is generated according to identified NH Key KeNB, and the key KeNB of new next saltus step is notified into target BS;
The encryption and decryption that target BS generates user plane and signaling plane according to the key KeNB of received next saltus step respectively is close Key and Integrity Key.
7. according to the method any one of claims 1 to 3,6, it is characterised in that the network side is mobile management Unit MME.
8. according to the method for claim 4, it is characterised in that the network side is mobility management unit MME.
9. according to the method for claim 5, it is characterised in that the network side is mobility management unit MME.
10. according to the method in any one of claims 1 to 3, it is characterised in that methods described also includes:
Source MME determines NH corresponding to the NCC values received from source base station, and to the received NCC values of target MME transmissions and its correspondingly NH;
Target MME generates the key KeNB of next saltus step according to the NH received, and makes NCC values plus one, by next saltus step Key KeNB and plus one after NCC values notify target BS;
Target BS selection encryption and integral algorithm, and pass through mesh with integral algorithm and the NCC values received by encrypting Mark MME, source MME and source base station notify the UE;
The UE determines NH corresponding with currently received NCC values, and the close of new next saltus step is generated according to identified NH Key KeNB.
11. key generation system in a kind of handoff procedure, including MME, base station and UE, it is characterised in that:
In UE handoff procedures, source base station only provides next saltus step counter NCC values for target BS;
Target BS makes the NH in UE and the entities of MME two keep synchronous using NCC values;
MME generates the key KeNB of next saltus step using NH;
Wherein, the NH of MME generations does not notify base station.
12. system according to claim 11, it is characterised in that:
The key KeNB for the synchronous next saltus step of NCC values that the MME and the UE sides are each notified using target BS;With And the key KeNB of the next saltus step generated is notified target BS by the MME.
13. system according to claim 12, it is characterised in that the UE and MME, using NH, target BS it is small Area identifies and the key KeNB of the next saltus step of the descending carrier frequency number generations of target UTRA.
14. the system according to any one of claim 11 to 13, it is characterised in that:
The MME is further used for, and the key of initial next saltus step is generated according to root key Kasme and NAS UL COUNT values KeNB;The MME initializes NH according to root key Kasme and KeNB.
15. the system according to any one of claim 11 to 13, it is characterised in that:
Target BS is used for, the encryption that the NCC values received from source base station and the target BS are selected and integrity protection Algorithm notifies the UE by source base station;
The UE is used for, it is determined that NH corresponding with currently received NCC values, and new KeNB is generated according to identified NH, then According to new the KeNB generation encryption and decryption keys and Integrity Key.
16. system according to claim 15, it is characterised in that:
Target BS is used for, and after the switching confirmation for receiving the UE, the NCC values received from source base station are notified into the MME;With And encryption and decryption key and Integrity Key are generated according to the KeNB received from the MME;
The MME is used for, it is determined that NH corresponding with currently received NCC values, and new KeNB is generated according to identified NH, and The new KeNB is notified into target BS.
17. the system according to any one of claim 11 to 13, it is characterised in that:
Source MME is used for, it is determined that NH corresponding to the NCC values received from source base station, and to target MME send received NCC values and Its corresponding NH;
Target MME is used for, and KeNB is generated according to the NH received, and makes NCC values plus one, by the KeNB and adds the NCC after one Value notice target BS;
Target BS is used for, selection encryption and integral algorithm, and will encrypt logical with integral algorithm and the NCC values received Cross target MME, source MME and source base station and notify the UE;
The UE is used for, it is determined that NH corresponding with currently received NCC values, and new KeNB is generated according to identified NH.
CN201110382646.7A 2011-11-25 2011-11-25 Key generation method and system in handoff procedure Expired - Fee Related CN103139771B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201110382646.7A CN103139771B (en) 2011-11-25 2011-11-25 Key generation method and system in handoff procedure
PCT/CN2012/071474 WO2013075417A1 (en) 2011-11-25 2012-02-22 Method and system for generating key during handover

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110382646.7A CN103139771B (en) 2011-11-25 2011-11-25 Key generation method and system in handoff procedure

Publications (2)

Publication Number Publication Date
CN103139771A CN103139771A (en) 2013-06-05
CN103139771B true CN103139771B (en) 2018-03-30

Family

ID=48469050

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110382646.7A Expired - Fee Related CN103139771B (en) 2011-11-25 2011-11-25 Key generation method and system in handoff procedure

Country Status (2)

Country Link
CN (1) CN103139771B (en)
WO (1) WO2013075417A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102078866B1 (en) * 2013-08-09 2020-02-19 삼성전자주식회사 SCHEME FOR Security key management for PDCP distribution in dual connectivity
WO2015113197A1 (en) * 2014-01-28 2015-08-06 华为技术有限公司 Apparatus and method for encrypting data
WO2018227431A1 (en) * 2017-06-14 2018-12-20 Zte Corporation Methods and computing device for obtaining a security key for access to a wireless network
MX2020002595A (en) 2017-09-15 2020-10-22 Ericsson Telefon Ab L M Security context in a wireless communication system.
CN108337661B (en) * 2018-01-04 2020-05-19 西南交通大学 LTE-R vehicle-ground communication access layer switching authentication method based on bill
CN110830988B (en) * 2018-08-08 2023-08-15 维沃移动通信有限公司 Security updating method, network equipment and terminal

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101772100A (en) * 2008-12-29 2010-07-07 中国移动通信集团公司 Key updating method, equipment and system for switching base station eNB in LTE (Long Term Evolution) system
CN102027769A (en) * 2008-09-22 2011-04-20 株式会社Ntt都科摩 Mobile communication method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2424795B (en) * 2005-03-31 2007-04-18 Motorola Inc Apparatus and method for controlling a radio bearer reconfiguration
CN102244862A (en) * 2010-05-10 2011-11-16 北京三星通信技术研究有限公司 Method for acquiring security key

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102027769A (en) * 2008-09-22 2011-04-20 株式会社Ntt都科摩 Mobile communication method
CN101772100A (en) * 2008-12-29 2010-07-07 中国移动通信集团公司 Key updating method, equipment and system for switching base station eNB in LTE (Long Term Evolution) system

Also Published As

Publication number Publication date
CN103139771A (en) 2013-06-05
WO2013075417A1 (en) 2013-05-30

Similar Documents

Publication Publication Date Title
CN109362108B (en) A kind of methods, devices and systems of safeguard protection
EP3576446B1 (en) Key derivation method
EP2663107B1 (en) Key generating method and apparatus
EP2109278B1 (en) Method and apparatus for generating a new key
JP6309543B2 (en) Protected radio access by radio base station (inter-eNB) carrier aggregation
CN103139771B (en) Key generation method and system in handoff procedure
US20170359719A1 (en) Key generation method, device, and system
JP5774096B2 (en) Air interface key update method, core network node, and radio access system
JP4390842B1 (en) Mobile communication method, radio base station, and mobile station
Forsberg LTE key management analysis with session keys context
CN104349309B (en) Using NH, NCC to the method for solving safety problem in a kind of mobile communication system
US8666078B2 (en) Method and system for generating cipher key during switching
CN107371155A (en) The processing method of communication security, apparatus and system
CN109922051A (en) For enabling the method and system of the secure communication for the transmission between ENB
JP2011526097A (en) Traffic encryption key generation method and update method
KR20100114927A (en) System and method for performing key management while performing handover in a wireless communication system
WO2011127791A1 (en) Method and system for establishing enhanced key when terminal moves to enhanced universal terrestrial radio access network(utran)
CN101309503A (en) Wireless switching method, base station and terminal
EP2648437B1 (en) Method, apparatus and system for key generation
CN106998537B (en) The information transferring method and device of group-calling service
CN101478752A (en) Cipher key replacing method, system and device
JP2013541864A (en) Air interface key update method, core network node, and user equipment
JP6376790B2 (en) Base station and transmission / reception start determination method
WO2008152611A1 (en) Apparatus, method and computer program product providing transparent container
WO2011127775A1 (en) Update method for air interface key and radio access system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20180330

Termination date: 20201125