CN108810888A - Secret key update method and equipment - Google Patents

Secret key update method and equipment Download PDF

Info

Publication number
CN108810888A
CN108810888A CN201710313965.XA CN201710313965A CN108810888A CN 108810888 A CN108810888 A CN 108810888A CN 201710313965 A CN201710313965 A CN 201710313965A CN 108810888 A CN108810888 A CN 108810888A
Authority
CN
China
Prior art keywords
secret key
information
instruction
base station
prothetic group
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710313965.XA
Other languages
Chinese (zh)
Other versions
CN108810888B (en
Inventor
戴明增
彭文杰
刘菁
郭轶
曾清海
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201710313965.XA priority Critical patent/CN108810888B/en
Priority to PCT/CN2018/085568 priority patent/WO2018202117A1/en
Publication of CN108810888A publication Critical patent/CN108810888A/en
Application granted granted Critical
Publication of CN108810888B publication Critical patent/CN108810888B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0433Key management protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0055Transmission or use of information for re-establishing the radio link

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A kind of secret key update method of the application offer and equipment, this method include:User equipment (UE) obtains the first instruction information;The first instruction information includes about the newer information of the secret key;The secret key between the UE and prothetic group station for being communicated;The UE indicates the information completion secret key update according to described first or keeps the secret key constant, UE can be flexibly controlled by the way of the first instruction information to complete secret key update or keep secret key constant, especially, when secret key need not be updated, UE need not establish PDCP layers, therefore, service disconnection will not be caused, ensure that the service quality of business.

Description

Secret key update method and equipment
Technical field
This application involves the communication technology more particularly to a kind of secret key update methods and equipment.
Background technology
In order to realize user equipment (User Equipment, UE) while from long term evolution (Long Term Evolution, LTE) and new generation of wireless (New Radio, NR) NR access eat dishes without rice or wine obtain radio resource carry out data transmission, with Larger transmission rate gain is obtained, dual link (Dual Connectivity, DC) is formed usually between LTE and NR and transmits System can be referred to as LTE NR DC Transmission systems.
When UE access network, need to use access net root secret key.In LTE NR DC Transmission systems, it is based on master base station Access net root secret key be known as KeNB, the access net root secret key based on prothetic group station is known as S-KeNB, wherein S-KeNB is to be based on The secret key that KeNB and secondary cell group (Secondary Cell Group, SCG) counter (Counter) derive.For example, when needing When deriving S-KeNB, master base station produces value of the random number of a 32bits as SCG Counter, by the SCG The value of Counter is sent to UE, and UE derives S-KeNB using the value of KeNB He the SCG Counter.
In LTE NR DC Transmission systems, switch between UE carries out master base station, switch in master base station, switching in main plot, When switching in switching and prothetic group station between prothetic group station, it is required for update S-KeNB, S-KeNB is updated each time and is required for building again Vertical Packet Data Convergence Protocol (Packet Data Convergence Protocol, PDCP) layer, when can cause service disconnection Prolong, can not ensure the service quality of business.
Invention content
A kind of secret key update method of the application offer and equipment can cause industry for solving when secret key updates in the prior art Time delay is interrupted in business, can not ensure that the service quality of business obtains problem.
The application first aspect provides a kind of secret key update method, and this method includes:
User equipment (UE) obtains the first instruction information;First instruction information includes about the newer information of secret key;Secret key is used It is communicated between UE and prothetic group station;
UE completes secret key update according to the first instruction information or keeps secret key constant.
In the above scheme, it includes indicating information about the first of the newer information of secret key that UE, which is obtained, according to the first instruction Information is constant to complete secret key update or holding secret key, and it is secret flexibly to control UE completions by the way of the first instruction information Key updates or keeps secret key constant, and especially, when that need not update secret key, UE need not establish PDCP layers, therefore, Bu Huizao At service disconnection, the service quality of business ensure that.
In one possible implementation, UE obtains the first instruction information, including:
The first instruction information that UE receives master base station or prothetic group station is sent;First instruction information, which includes secret key, to be updated Instruction;
UE completes secret key update according to the first instruction information or keeps secret key constant, including:
UE keeps secret key constant according to the first instruction information.
In one possible implementation, the first instruction information further includes indication message, and indication message is used Base station switching or cell switching are carried out in instruction UE.
In the above scheme, when the first instruction information instruction secret key need not update, UE is continuing with original Secret key is communicated with prothetic group station, and UE need not establish PDCP layers, therefore, will not be caused service disconnection, be ensure that the clothes of business Business quality.
In one possible implementation, UE obtains the first instruction information, including:
UE receives the first instruction information that master base station is sent;First instruction information includes that secret key needs newer instruction;
UE completes secret key update according to the first instruction information or keeps secret key constant, including:
UE completes secret key update according to the first instruction information.
In one possible implementation, the first instruction information further includes that configuration information, counter information and switching refer to Show information;
Configuration information includes PDCP layers of configuration information of Packet Data Convergence Protocol and algorithm information;
Counter information is for completing secret key update;
Indication message is used to indicate UE and carries out base station switching or cell switching.
In one possible implementation, supplemented by counter information base station according to the access net root secret key at prothetic group station with it is secret Key updates the information that list determines, secret key update list includes reflecting between access net root secret key and the counter information at prothetic group station Penetrate relationship.Prothetic group station, which can quickly be updated from secret key in list, is directly obtained new secret key and counter information, Neng Gouti The high newer speed of secret key.
In one possible implementation, counter information is that master base station needs newer instruction to generate according to secret key Information.Counter information is sent to UE by master base station so that UE generates new secret key according to counter information, avoids master base station The risk that new secret key may cause secret key to reveal directly is transmitted, reliability and the safety of secret key are improved.
In one possible implementation, UE includes first communication module and second communication module, first communication module To execute the module for carrying out communication function with master base station, second communication module is to execute the mould that communication function is carried out with prothetic group station Block;
UE completes secret key update according to the first instruction information, including:
First communication module generates the second secret key according at least counter information and the first secret key, and the second secret key is sent To second communication module;First secret key is the access net root secret key of master base station;
Second communication module establishes PDCP layers according to PDCP layers of configuration information;
Second communication module generates third secret key according at least the second secret key and algorithm information, third secret key be applied to UE and Data transmission between prothetic group station.
In one possible implementation, UE includes first communication module and second communication module, first communication module To execute the module for carrying out communication function with master base station, second communication module is to execute the mould that communication function is carried out with prothetic group station Block;
UE completes secret key update according to the first instruction information, including:
Configuration information, counter information and the first secret key are sent to second communication module by first communication module;First is secret Key is the access net root secret key of master base station;
Second communication module generates the second secret key according at least counter information and the first secret key;
Second communication module establishes PDCP layers according to PDCP layers of configuration information;
Second communication module generates third secret key according at least the second secret key and algorithm information, third secret key be applied to UE and Data transmission between prothetic group station.
In the above scheme, when secret key needs update, UE timely updates secret key according to the first instruction information, protects Demonstrate,prove the safety and reliability of the transmission data between UE and prothetic group station.
The application second aspect provides a kind of secret key update method, and this method includes:
Master base station obtains the first instruction information;First instruction information includes about the newer information of secret key;Secret key is used for UE It is communicated between prothetic group station;
First instruction information is sent to user equipment (UE) by master base station, so that UE completes secret key more according to the first instruction information New or holding secret key is constant.
In one possible implementation, the first instruction information includes that secret key does not need newer instruction, and secret key is not required to Wanting newer instruction to be used to indicate UE keeps secret key constant.
In one possible implementation, the first instruction information further includes indication message, and indication message is used Base station switching or cell switching are carried out in instruction UE.
In one possible implementation, the first instruction information includes that secret key needs newer instruction, secret key to need more New instruction is used to indicate UE and completes secret key update.
In one possible implementation, the first instruction information further includes that configuration information, counter information and switching refer to Show information;
Configuration information includes PDCP layers of configuration information of Packet Data Convergence Protocol and algorithm information;
Counter information is for completing secret key update;
Indication message is used to indicate UE and carries out base station switching or cell switching.
In one possible implementation, supplemented by counter information base station according to the access net root secret key at prothetic group station with it is secret Key updates the information that list determines, secret key update list includes reflecting between access net root secret key and the counter information at prothetic group station Penetrate relationship.
In one possible implementation, counter information is that master base station needs newer instruction to generate according to secret key Information.
In one possible implementation, master base station obtains the first instruction information, including:
Master base station receives the second instruction information that prothetic group station is sent;Second instruction information includes that secret key needs newer finger Show, configuration information and indication message;
Master base station needs newer instruction to generate counter information according to secret key;
Master base station generates the first instruction information according to counter information, configuration information and indication message.
In one possible implementation, master base station is given birth to according to counter information, configuration information and indication message At the first instruction information, including:
Counter information is sent to prothetic group station by master base station, so that institute's prothetic group station is packaged counter information;
Master base station generates the first instruction information according to counter information, configuration information and the indication message after encapsulation.
The method that advantageous effect and the first aspect for the secret key update method that the application second aspect provides provide it is beneficial Effect is similar, and details are not described herein again.
The application third aspect provides a kind of secret key update method, and this method includes:
Prothetic group station obtains the first instruction information;First instruction information includes about the newer information of secret key;Secret key is used for UE It is communicated between prothetic group station;
First instruction information is sent to user equipment (UE) by prothetic group station, so that UE completes secret key more according to the first instruction information New or holding secret key is constant.
In one possible implementation, the first instruction information includes that secret key does not need newer instruction, and secret key is not required to Wanting newer instruction to be used to indicate UE keeps secret key constant.
In one possible implementation, the first instruction information further includes indication message, and indication message is used Base station switching or cell switching are carried out in instruction UE.
In one possible implementation, the first instruction information includes that secret key needs newer instruction, secret key to need more New instruction is used to indicate UE and completes secret key update.
In one possible implementation, the first instruction information further includes configuration information and indication message;
Configuration information includes PDCP layers of configuration information of Packet Data Convergence Protocol and algorithm information;
Indication message is used to indicate UE and carries out base station switching or cell switching.
In one possible implementation, the first instruction information further includes counter information, and counter information is prothetic group The information stood according to the access net root secret key and secret key update list determination at prothetic group station, it includes connecing for prothetic group station that secret key, which updates list, Mapping relations between networking root secret key and counter information.
In one possible implementation, the first instruction information is sent to user equipment (UE) by prothetic group station, including:
First instruction information is sent to UE by prothetic group station by master base station.
The method that advantageous effect and the first aspect for the secret key update method that the application third aspect provides provide it is beneficial Effect is similar, and details are not described herein again.
The application fourth aspect provides a kind of secret key updating device, which includes:
Acquisition module, for obtaining the first instruction information;First instruction information includes about the newer information of secret key;Secret key For being communicated between UE and prothetic group station;
Processing module, for completing secret key update according to the first instruction information or keeping secret key constant.
In one possible implementation, acquisition module is specifically used for the first finger for receiving master base station or prothetic group station is sent Show information;First instruction information includes that secret key does not need newer instruction;
Processing module is specifically used for keeping secret key constant according to the first instruction information.
In one possible implementation, the first instruction information further includes indication message, and indication message is used Base station switching or cell switching are carried out in instruction UE.
In one possible implementation, acquisition module is specifically used for receiving the first instruction information that master base station is sent; First instruction information includes that secret key needs newer instruction;
Processing module is specifically used for completing secret key update according to the first instruction information.
In one possible implementation, the first instruction information further includes that configuration information, counter information and switching refer to Show information;
Configuration information includes PDCP layers of configuration information of Packet Data Convergence Protocol and algorithm information;
Counter information is for completing secret key update;
Indication message is used to indicate UE and carries out base station switching or cell switching.
In one possible implementation, supplemented by counter information base station according to the access net root secret key at prothetic group station with it is secret Key updates the information that list determines, secret key update list includes reflecting between access net root secret key and the counter information at prothetic group station Penetrate relationship.
In one possible implementation, counter information is that master base station needs newer instruction to generate according to secret key Information.
In one possible implementation, processing module includes first communication module and second communication module, and first is logical Letter module is to execute the module that communication function is carried out with master base station, and second communication module is to execute to carry out communication function with prothetic group station Module;
First communication module is used to generate the second secret key according at least counter information and the first secret key, and by the second secret key It is sent to second communication module;First secret key is the access net root secret key of master base station;
Second communication module is used to establish PDCP layers according to PDCP layers of configuration information;
Second communication module is used to generate third secret key according at least the second secret key and algorithm information, and third secret key is applied to Data transmission between UE and prothetic group station.
In one possible implementation, processing module includes first communication module and second communication module, and first is logical Letter module is to execute the module that communication function is carried out with master base station, and second communication module is to execute to carry out communication function with prothetic group station Module;
First communication module is used to configuration information, counter information and the first secret key being sent to second communication module;The One secret key is the access net root secret key of main base station;
Second communication module is used to generate the second secret key according at least counter information and the first secret key;
Second communication module is used to establish PDCP layers according to PDCP layers of configuration information;
Second communication module is used to generate third secret key according at least the second secret key and algorithm information, and third secret key is applied to Data transmission between UE and prothetic group station.
The method that advantageous effect and the first aspect for the secret key updating device that the application fourth aspect provides provide it is beneficial Effect is similar, and details are not described herein again.
The 5th aspect of the application provides a kind of secret key updating device, including:
Acquisition module, for obtaining the first instruction information;First instruction information includes about the newer information of secret key;Secret key For being communicated between UE and prothetic group station;
Sending module, for the first instruction information to be sent to user equipment (UE), so that UE is complete according to the first instruction information It is updated at secret key or keeps secret key constant.
In one possible implementation, the first instruction information includes that secret key does not need newer instruction, and secret key is not required to Wanting newer instruction to be used to indicate UE keeps secret key constant.
In one possible implementation, the first instruction information further includes indication message, and indication message is used Base station switching or cell switching are carried out in instruction UE.
In one possible implementation, the first instruction information includes that secret key needs newer instruction, secret key to need more New instruction is used to indicate UE and completes secret key update.
In one possible implementation, the first instruction information further includes that configuration information, counter information and switching refer to Show information;
Configuration information includes PDCP layers of configuration information of Packet Data Convergence Protocol and algorithm information;
Counter information is for completing secret key update;
Indication message is used to indicate UE and carries out base station switching or cell switching.
In one possible implementation, supplemented by counter information base station according to the access net root secret key at prothetic group station with it is secret Key updates the information that list determines, secret key update list includes reflecting between access net root secret key and the counter information at prothetic group station Penetrate relationship.
In one possible implementation, counter information is that master base station needs newer instruction to generate according to secret key Information.
In one possible implementation, acquisition module is specifically used for receiving the second instruction information that prothetic group station is sent; Newer instruction is needed to generate counter information according to secret key;It is given birth to according to counter information, configuration information and indication message At the first instruction information;Second instruction information includes that secret key needs newer instruction, configuration information and indication message.
In one possible implementation, acquisition module is according to counter information, configuration information and indication message The first instruction information is generated, including:
Counter information is sent to prothetic group station by acquisition module, so that institute's prothetic group station is packaged counter information;And The first instruction information is generated according to counter information, configuration information and the indication message after encapsulation.
The method that the advantageous effect for the secret key updating device that the aspect of the application the 5th provides is provided with second aspect it is beneficial Effect is similar, and details are not described herein again.
The 6th aspect of the application provides a kind of secret key updating device, including:
Acquisition module, for obtaining the first instruction information;First instruction information includes about the newer information of secret key;Secret key For being communicated between UE and prothetic group station;
Sending module, for the first instruction information to be sent to user equipment (UE), so that UE is complete according to the first instruction information It is updated at secret key or keeps secret key constant.
In one possible implementation, the first instruction information includes that secret key does not need newer instruction, and secret key is not required to Wanting newer instruction to be used to indicate UE keeps secret key constant.
In one possible implementation, the first instruction information further includes indication message, and indication message is used Base station switching or cell switching are carried out in instruction UE.
In one possible implementation, the first instruction information includes that secret key needs newer instruction, secret key to need more New instruction is used to indicate UE and completes secret key update.
In one possible implementation, the first instruction information further includes configuration information and indication message;
Configuration information includes PDCP layers of configuration information of Packet Data Convergence Protocol and algorithm information;
Indication message is used to indicate UE and carries out base station switching or cell switching.
In one possible implementation, the first instruction information further includes counter information, and counter information is prothetic group The information stood according to the access net root secret key and secret key update list determination at prothetic group station, it includes connecing for prothetic group station that secret key, which updates list, Mapping relations between networking root secret key and counter information.
In one possible implementation, sending module is specifically used for being sent to the first instruction information by master base station UE。
The method that the advantageous effect for the secret key updating device that the aspect of the application the 6th provides is provided with second aspect it is beneficial Effect is similar, and details are not described herein again.
The 6th aspect of the application also provides a kind of equipment, including processor and memory;
For storing instruction, processor is used to execute the instruction of memory storage to memory, when processor executes memory When the instruction of storage, equipment is used to execute the method provided to third aspect any embodiment such as first aspect.
The 7th aspect of the application provides a kind of secret key updating device, including is used to execute the above first aspect to the third aspect Method at least one processing element (or chip).
The application eighth aspect provides a kind of program, and the program is when being executed by processor for executing the above first aspect To the method for the third aspect.
A kind of the 9th program product of aspect offer of the application, such as computer readable storage medium, including eighth aspect Program.
The tenth aspect of the application provides a kind of computer readable storage medium, is stored in the computer readable storage medium There is instruction, when run on a computer so that computer executes above-mentioned first aspect to the method for the third aspect.
On the one hand the application the tenth also provides a kind of communication system, which includes:Master base station and prothetic group station;
Master base station is used to execute the secret key update method of second aspect offer;
Prothetic group station is used to execute the secret key update method of third aspect offer.
Description of the drawings
Fig. 1 is the application scenarios schematic diagram of secret key update method provided by the embodiments of the present application;
Fig. 2 is the secret key update method flow chart that one embodiment of the application provides;
Fig. 3 is the secret key update method flow chart that another embodiment of the application provides;
Fig. 4 is the secret key update method flow chart that another embodiment of the application provides;
Fig. 5 is the secret key update method flow chart that another embodiment of the application provides;
Fig. 6 is the secret key update method flow chart that the application another embodiment provides;
Fig. 7 is the secret key update method flow chart that the application another embodiment provides;
Fig. 8 is the secret key update method flow chart that the application another embodiment provides;
Fig. 9 is the secret key update method flow chart that the another embodiment of the application provides;
Figure 10 is the secret key update method flow chart that the another embodiment of the application provides;
Figure 11 is the secret key update method flow chart that the another embodiment of the application provides;
Figure 12 is a kind of secret key updating device that one embodiment of the application provides;
Figure 13 is a kind of secret key updating device that another embodiment of the application provides;
Figure 14 is a kind of secret key updating device that the application another embodiment provides;
Figure 15 is a kind of equipment that one embodiment of the application provides.
Specific implementation mode
Secret key update method provided by the present application is applied to wireless communication system, and it is logical especially to can be applied to the movement of the 5th generation In letter technology (The 5th Generation mobile communication technology, 5G) system.Fig. 1 is this Shen Please embodiment provide secret key update method application scenarios schematic diagram, as shown in Figure 1, the application scenarios of the secret key update method Including UE1, master base station 2, prothetic group station 3 and core net 4, wherein can be that UE1 establishes control plane between master base station 2 and core net 4 It is connected with user plane, can be that UE establishes user plane connection between prothetic group station 3 and core net 4.
Fig. 2 is the secret key update method flow chart that one embodiment of the application provides.The embodiment refers to UE according to The specific implementation process that one instruction information completes secret key update or keeps secret key constant, as shown in Fig. 2, the secret key update method packet Include following steps:
Step 101, UE obtain the first instruction information;First instruction information includes about the newer information of secret key;Secret key is used It is communicated between UE and prothetic group station.
In the present embodiment, secret key between UE and prothetic group station for being communicated, for example, UE uses the secret key with prothetic group station Or it uses and is encrypted, is decrypted based on the secret key pair transmission data that the secret key derives, integrity protection, completeness check It can be obtained from master base station or prothetic group station Deng, UE and indicate information comprising first about the newer information of secret key.About secret key Newer information is used to indicate whether UE secret keys need to update, and prothetic group station may be based on whether security risk to judge that secret key is It is no to need to update, for example, existing secret key has used the long period and has been more than the term of validity, then need to update secret key;Alternatively, being used for The parameters such as the carrying identity (IDentification, ID) of safeguard protection cannot continue to ensure the safety of transmission data When, it can ensure the safety of transmission data by updating secret key;Alternatively, when UE switches main plot/major-minor cell, originally Secret key also in the term of validity, then secret key need not update.
Wherein, can be implicit or display about the newer information of secret key, for example, being hidden about the newer information of secret key Formula carries in the first instruction information and then indicates that secret key needs to update about the newer information of secret key, in the first instruction information It does not carry and then indicates that secret key need not update about the newer information of secret key;Be about the newer information of secret key it is explicit, can be Whether instruction secret key needs to update in the certain field of one instruction information, for example, more whether newer field is that 1 expression secret key need to secret key It updates, more whether newer field need not update secret key for 0 expression secret key, and those skilled in the art can also use others side Formula indicates whether secret key needs to update, and is not limited in the application.
Step 102, UE complete secret key update according to the first instruction information or keep secret key constant.
In the present embodiment, UE is obtained from the first instruction information about the newer information of secret key, according to about secret key more New information determines whether secret key needs to update, to complete secret key update or keep secret key constant.
Secret key update method provided by the embodiments of the present application, it includes being indicated about the first of the newer information of secret key that UE, which is obtained, Information completes secret key update according to the first instruction information or keeps secret key constant, uses the mode of the first instruction information can be with Flexible control UE completes secret key update or keeps secret key constant, and especially, when that need not update secret key, UE need not be established Therefore Packet Data Convergence Protocol (Packet Data Convergence Protocol, PDCP) layer will not cause in business It is disconnected, it ensure that the service quality of business.
Optionally, in the embodiment depicted in figure 2, it is as follows not need newer method for a kind of secret key:
Step 101 " UE obtain first instruction information " includes:The first instruction letter that UE receives master base station or prothetic group station is sent Breath;First instruction information includes that secret key does not need newer instruction.
In the present embodiment, the first instruction information can be that master base station is sent to UE, can also be prothetic group station by first Instruction information is sent to master base station, then is sent to UE by master base station, alternatively, prothetic group station is by need not be with new instruction comprising secret key It is sent to master base station, master base station need not generate the first instruction information according to secret key with new instruction, then indicate information by first It is sent to UE.
Further, the first instruction information further includes indication message, and indication message is used to indicate UE and carries out base Stand switching or cell switching.Wherein, base station switching include switching between master base station, switching and auxiliary between switching, prothetic group station in master base station Switch in base station, cell switching includes switching between switching and main plot in main plot.For example, base station root supplemented by indication message According to the information that the factors such as measurement report determine, for example, when the main plot in prothetic group station needs switching, prothetic group station can be sent out to UE The indication message, instruction UE is given to carry out the main plot switching in prothetic group station.For another example indication message be master base station according to The information that the factors such as measurement report determine, for example, when cell needs switching in master base station, master base station can send this to UE and cut Instruction information is changed, instruction UE carries out the cell switching of master base station.
Step 102 " UE completes secret key update according to the first instruction information or keeps secret key constant ", including:UE is according to first Indicate that information keeps secret key constant.
In the present embodiment, if the first instruction information includes that secret key does not need newer instruction, UE is continuing with original The secret key come is communicated with prothetic group station.Or;
In the present embodiment, if not carried about the newer information of secret key in the first instruction information, UE is continuing with original The secret key come is communicated with prothetic group station.Or;
In the present embodiment, it is the same as the original if carrying the newer information of secret key in the first instruction information, UE continues It is communicated with prothetic group station using original secret key.
Fig. 3 is the secret key update method flow chart that another embodiment of the application provides, which refers to work as secret key When need not update, a kind of interactive mode between UE, master base station and prothetic group station, as shown in figure 3, this method includes following step Suddenly:
Step 201, prothetic group station send the first instruction information to master base station.
Wherein, the first instruction information includes that secret key does not need newer instruction and indication message, indication message The main plot that UE is carried out in prothetic group station is used to indicate to switch.
Step 202, master base station determine that the main plot carried out in prothetic group station switches according to indication message, and keep counting Device Information invariability.
First instruction information is sent to UE by step 203, master base station.
Step 204, master base station send switching instruction response message to prothetic group station.
Optionally, step 203 can be performed simultaneously with step 204, can also sequentially be executed.
Step 205, UE carry out the main plot in prothetic group station according to indication message and switch.
Step 206, UE are communicated using old secret key with prothetic group station.
Secret key update method provided by the embodiments of the present application, when secret key need not update, UE is continuing with originally Secret key communicated with prothetic group station, UE need not establish PDCP layers, therefore, will not cause service disconnection, ensure that business Service quality.
Optionally, in the embodiment depicted in figure 2, a kind of secret key needs newer method as follows:
Step 101 " UE obtains the first instruction information ", including:UE receives the first instruction information that master base station is sent;First Instruction information includes that secret key needs newer instruction.
In the present embodiment, the first instruction information is that master base station is got from prothetic group station, and the first instruction information can be Prothetic group station is sent to master base station, and is transmitted to UE by master base station, and can also be prothetic group station will need newer instruction comprising secret key Information be sent to master base station, master base station needs newer instruction to generate the first instruction information according to secret key, by the first instruction letter Breath is sent to UE.It can be display instruction or implicit instruction, e.g., implicit instruction that the secret key, which needs newer instruction information, Base station, which to UE has sent cell indication message and then gives tacit consent to secret key, supplemented by a kind of embodiment mode needs to update.
Further, the first instruction information further includes configuration information, counter information and indication message;Configuration information Believe including Packet Data Convergence Protocol (Packet Data Convergence Protocol, PDCP) layer configuration information and algorithm Breath;Counter information is for completing secret key update;Indication message is used to indicate UE and carries out base station switching or cell switching.Its In, PDCP layers of configuration information for UE establish PDCP layers or re-establish PDCP layers, and base station is according to UE's supplemented by algorithm information The encryption of security capabilities and itself policy selection, decryption, integrity protection, completeness check scheduling algorithm.Indication message is The information that prothetic group station is determined according to factors such as measurement reports.
Optionally, access net root secret key and secret key update list determination of the base station according to prothetic group station supplemented by counter information Information, secret key update list include the mapping relations between the access net root secret key at prothetic group station and counter information.
In the present embodiment, secret key update list can be that master base station is generated in advance and is sent to the storage of prothetic group station, also may be used It is stored with being generated by prothetic group station, is that selection is closed from list when prothetic group station determines to carry out the main plot switching in prothetic group station Suitable secret key and corresponding counter information, and the counter information is sent to UE.Prothetic group station can quickly from secret key more It is directly obtained new secret key and counter information in new list, the newer speed of secret key can be improved.
Optionally, counter information is the information that master base station needs that newer instruction is generated according to secret key.
In the present embodiment, when prothetic group station determines the main plot switching carried out in prothetic group station, include to master base station transmission Secret key needs the information of newer instruction, when master base station determines that secret key needs update, generates counter information.Master base station will count Device information is sent to UE so that UE generates new secret key according to counter information, avoids master base station and directly transmits new secret key The risk that secret key may be caused to reveal, improves reliability and the safety of secret key.
Step 102 " UE completes secret key update according to the first instruction information or keeps secret key constant ", including:UE is according to first Indicate that information completes secret key update.
In the present embodiment, UE determines that secret key needs to update according to the first instruction information, then UE generates new secret key, uses New secret key is communicated with prothetic group station.
Secret key update method provided by the embodiments of the present application, when secret key needs update, UE believes according to the first instruction Breath timely updates secret key, ensures the safety and reliability of the transmission data between UE and prothetic group station.
Further, when secret key needs update, the sides UE carry out the newer realization method of secret key can be by different functions Module realizes, it is specific as shown in Figure 4 and Figure 5.
A kind of update method of secret key is as shown in figure 4, may comprise steps of:
Step 301, prothetic group station send the second instruction information to master base station.
Wherein, the second instruction information may include that configuration information, indication message and secret key need newer instruction.
Step 302, master base station need newer instruction to generate counter information according to secret key.
Step 303, master base station generate the first instruction information according to counter information, configuration information and indication message.
First instruction information is sent to UE by step 304, master base station.
The realization method of prothetic group station and master base station is only a kind of exemplary illustration in the present embodiment, can also use others Mode is realized.
In the present embodiment, UE includes first communication module and second communication module, and first communication module is to execute and master Base station carries out the module of communication function, and second communication module is to execute the module that communication function is carried out with prothetic group station;Then UE according to First instruction information completes secret key update, including:
Step 305, first communication module generate the second secret key according at least counter information and the first secret key.
Wherein, the first secret key is the access net root secret key of master base station.
Second secret key is sent to second communication module by step 306, first communication module.
Step 307, second communication module establish PDCP layers according to PDCP layers of configuration information.
Step 308, second communication module generate third secret key according at least the second secret key and algorithm information.
Wherein, third secret key is applied to the data transmission between UE and prothetic group station.
Step 309, second communication module are communicated using third secret key with prothetic group station.
In the present embodiment, auxiliary if master base station is the base station of long term evolution (Long Term Evolution, LTE) network Base station is the base station of new generation of wireless (New Radio, NR) network, then corresponding first communication module is complete using LTE protocol stack At above-mentioned steps 305 and 306, second communication module completes step 307,308,309 using NR protocol stacks.
The update method of another secret key is as shown in figure 5, may comprise steps of:
Step 401, prothetic group station send third to master base station and indicate information.
Wherein, third instruction information may include that indication message and secret key need newer instruction.
Step 402, master base station need newer instruction to generate counter information according to secret key.
Counter information is sent to prothetic group station by step 403, master base station.
Step 404, prothetic group station need newer instruction and configuration information to generate the first instruction according to counter information, secret key Information.
First instruction information is sent to master base station by step 405, prothetic group station.
First instruction information is sent to UE by step 406, master base station.
The realization method of prothetic group station and master base station is only a kind of exemplary illustration in the present embodiment, can also use others Mode is realized.
In the present embodiment, UE includes first communication module and second communication module, and first communication module is to execute and master Base station carries out the module of communication function, and second communication module is to execute the module that communication function is carried out with prothetic group station;Then UE according to First instruction information completes secret key update, including:
Configuration information, counter information and the first secret key are sent to the second communication mould by step 407, first communication module Block.
Wherein, the first secret key is the access net root secret key of master base station.
Step 408, second communication module generate the second secret key according at least counter information and the first secret key.
Step 409, second communication module establish PDCP layers according to PDCP layers of configuration information.
Step 4010, second communication module generate third secret key according at least the second secret key and algorithm information.
Wherein, third secret key is applied to the data transmission between UE and prothetic group station.
Step 4011, second communication module are communicated using third secret key with prothetic group station.
In the present embodiment, if master base station is the base station of LTE network, prothetic group station is the base station of NR networks, then corresponding the One communication module using LTE protocol stack complete above-mentioned steps 407, second communication module using NR protocol stacks complete step 408~ 4011。
Fig. 6 is the secret key update method flow chart that the application another embodiment provides.The embodiment refers to master base station The first instruction information is obtained, and the first instruction information is sent to UE so that UE completes secret key according to the first instruction information and updates Or the process for keeping secret key constant, as shown in fig. 6, the secret key update method includes the following steps:
Step 501, master base station obtain the first instruction information;First instruction information includes about the newer information of secret key;It is secret Key between UE and prothetic group station for being communicated.
First instruction information is sent to user equipment (UE) by step 502, master base station, so that UE is complete according to the first instruction information It is updated at secret key or keeps secret key constant.
Optionally, in the embodiment shown in fig. 6, the first instruction information includes that secret key does not need newer instruction, and secret key is not Needing newer instruction to be used to indicate UE keeps secret key constant.
Further, the first instruction information further includes indication message, and indication message is used to indicate UE and carries out base Stand switching or cell switching.
Optionally, in the embodiment shown in fig. 6, the first instruction information includes that secret key needs newer instruction, secret key to need Newer instruction is used to indicate UE and completes secret key update.The secret key need newer instruction information may be display indicate or Person's implicit instruction, e.g., base station has sent cell indication message to UE and then gives tacit consent to supplemented by a kind of embodiment mode of implicit instruction Secret key needs to update.
Further, the first instruction information further includes configuration information, counter information and indication message;Configuration information Including PDCP layers of configuration information of Packet Data Convergence Protocol and algorithm information;Counter information is for completing secret key update;Switching Instruction information is used to indicate UE and carries out base station switching or cell switching.
Optionally, access net root secret key and secret key update list determination of the base station according to prothetic group station supplemented by counter information Information, secret key update list include the mapping relations between the access net root secret key at prothetic group station and counter information.
Optionally, counter information is the information that master base station needs that newer instruction is generated according to secret key.
Optionally, if counter information is the information that master base station needs that newer instruction is generated according to secret key, the secret key Update method can also include:Counter information is sent to prothetic group station by master base station so that is believed according at least counter at prothetic group station Breath and the first secret key generate the second secret key, and third secret key is generated further according at least the second secret key and algorithm information.Alternatively,
The secret key update method can also include:Master base station is secret according at least counter information and the generation second of the first secret key Second secret key is sent to prothetic group station by key, so that prothetic group station generates third secret key according at least the second secret key and algorithm information.
Wherein, the first secret key is the access net root secret key of master base station, and third secret key is applied to the number between UE and prothetic group station According to transmission.
In the present embodiment, counter information is sent to prothetic group station by master base station, or the second secret key is sent to prothetic group It stands so that prothetic group station generates third secret key, then is communicated using third secret key between UE and prothetic group station, ensure that data pass Defeated accuracy.
Further, when secret key needs update, as shown in fig. 7, step " master base station obtains the first instruction information ", packet It includes:
Step 601, master base station receive the second instruction information that prothetic group station is sent;Second instruction information may include secret key needs Newer instruction, configuration information and indication message.
Step 602, master base station need newer instruction to generate counter information according to secret key.
Step 603, master base station generate the first instruction information according to counter information, configuration information and indication message.
Still further, as shown in figure 8, step " master base station is according to counter information, configuration information and indication message Generate the first instruction information ", including:
Counter information is sent to prothetic group station by step 6031, master base station, so that institute's prothetic group station carries out counter information Encapsulation.
Step 6032, master base station generate first according to counter information, configuration information and the indication message after encapsulation Indicate information.
Secret key update method provided by the embodiments of the present application is the realization of the corresponding master base station side of Fig. 2-embodiment illustrated in fig. 5 Method, realization principle and advantageous effect can refer to the realization principle and advantageous effect of Fig. 2-embodiment illustrated in fig. 5, herein no longer It repeats.
Fig. 9 is the secret key update method flow chart that the another embodiment of the application provides.The embodiment refers to prothetic group station Obtain first instruction information, by first instruction information be sent to UE so that UE according to first instruction information complete secret key update or The process for keeping secret key constant, as shown in figure 9, the embodiment includes the following steps:
Step 701, prothetic group station obtain the first instruction information;First instruction information includes about the newer information of secret key;It is secret Key between UE and prothetic group station for being communicated.
First instruction information is sent to user equipment (UE) by step 702, prothetic group station, so that UE is complete according to the first instruction information It is updated at secret key or keeps secret key constant.
Optionally, the first instruction information is sent to user equipment (UE) by prothetic group station, including:Prothetic group station is by master base station by One instruction information is sent to UE.
In the present embodiment, prothetic group station can by master base station by first instruction information be sent to UE, can also directly by First instruction information is sent to UE.For example, when first instruction information instruction secret key need not update when, prothetic group station can directly by First instruction information is sent to UE, and when the first instruction information instruction secret key needs update, the first instruction information is sent out at prothetic group station Master base station is given, is indicated to be then forwarded to UE after information is handled by master base station pair first.
Optionally, in the embodiment shown in fig. 9, the first instruction information includes that secret key does not need newer instruction, and secret key is not Needing newer instruction to be used to indicate UE keeps secret key constant.
Further, the first instruction information further includes indication message, and indication message is used to indicate UE and carries out base Stand switching or cell switching.
Optionally, in the embodiment shown in fig. 9, the first instruction information includes that secret key needs newer instruction, secret key to need Newer instruction is used to indicate UE and completes secret key update.
Further, the first instruction information further includes configuration information and indication message;Configuration information includes packet count According to PDCP layers of configuration information of convergence protocol and algorithm information;Indication message is used to indicate UE progress base station switchings or cell is cut It changes.
Still further, the first instruction information further includes counter information, base station is according to prothetic group station supplemented by counter information The information that determines of access net root secret key and secret key update list, secret key update list include prothetic group station access net root secret key with Mapping relations between counter information.
Secret key update method provided by the embodiments of the present application is the realization of the corresponding auxiliary base station side of Fig. 2-embodiment illustrated in fig. 5 Method, realization principle and advantageous effect can refer to the realization principle and advantageous effect of Fig. 2-embodiment illustrated in fig. 5, herein no longer It repeats.
Figure 10 is the secret key update method flow chart that the another embodiment of the application provides.The embodiment refers to master base station First NR wireless heterogeneous networks are encrypted with the process for being sent to UE, as shown in Figure 10, this approach includes the following steps:
Step 801, prothetic group station to master base station send the first NR wireless heterogeneous networks (Radio Resource Control, RRC) information.
Wherein, optionally, the first NR rrc messages include first instruction information, first refer to information include about secret key more New information.
Step 802, master base station are encrypted using the first NR rrc messages of master base station secret key pair and are handled with integrity protection, Generate the 2nd NR rrc messages.
2nd NR rrc messages are sent to UE by step 803, master base station.
In the present embodiment, UE includes first communication module and second communication module, and first communication module is to execute and master Base station carries out the module of communication function, and second communication module is to execute the module that communication function is carried out with prothetic group station.
Step 804, first communication module are decrypted and integrality school using the 2nd NR rrc messages of master base station secret key pair It tests, obtains the first instruction information.
First instruction information is sent to second communication module by step 805, first communication module.
Step 806, second communication module complete secret key update according to the first instruction information or keep secret key constant, and generate First NR RRC response messages.
Step 807, second communication module send the first NR RRC response messages to first communication module.
Step 808, first communication module are encrypted using the first NR RRC response messages of master base station secret key pair, generate the Two NR RRC response messages.
2nd NR RRC response messages are sent to master base station by step 809, first communication module.
Step 8010, master base station are decrypted and integrality school using the 2nd NR RRC response messages of master base station secret key pair It tests, obtains the first NR RRC response messages.
First NR RRC response messages are sent to prothetic group station by step 8011, master base station.
Figure 11 is the secret key update method flow chart that the another embodiment of the application provides.The embodiment refers to prothetic group station First NR wireless heterogeneous networks are encrypted with the process for being sent to UE, as shown in figure 11, this approach includes the following steps:
Step 901, prothetic group station are encrypted using the first NR rrc messages of prothetic group station secret key pair and are handled with integrity protection, Generate the 2nd NR rrc messages.
Wherein, optionally, the first NR rrc messages include first instruction information, first refer to information include about secret key more New information.
2nd NR rrc messages are sent to master base station by step 902, prothetic group station.
2nd NR rrc messages are sent to UE by step 903, master base station.
In the present embodiment, UE includes first communication module and second communication module, and first communication module is to execute and master Base station carries out the module of communication function, and second communication module is to execute the module that communication function is carried out with prothetic group station.
2nd NR rrc messages are sent to second communication module by step 904, first communication module.
Step 905, second communication module are decrypted and integrality school using the 2nd NR rrc messages of prothetic group station secret key pair It tests, obtains the first instruction information.
Step 906, second communication module complete secret key update according to the first instruction information or keep secret key constant, and generate First NR RRC response messages.
Step 907, second communication module are encrypted using the first NR RRC response messages of prothetic group station secret key pair, generate the Two NR RRC response messages.
2nd NR RRC response messages are sent to first communication module by step 908, second communication module.
2nd NR RRC response messages are sent to master base station by step 909, first communication module.
2nd NR RRC response messages are sent to prothetic group station by step 9010, master base station.
Step 9011, prothetic group station are decrypted and integrality school using the 2nd NR RRC response messages of prothetic group station secret key pair It tests, obtains the first NR RRC response messages.
The secret key update method that Figure 10 and Figure 11 are provided, by master base station or prothetic group station to the comprising the first instruction information One NR wireless heterogeneous networks are encrypted to be handled with integrity protection, ensure that the newer reliability of secret key and safety.
Figure 12 is a kind of secret key updating device that one embodiment of the application provides, and as shown in figure 12, which includes obtaining Module 11 and processing module 12.Acquisition module 11 is for obtaining the first instruction information;First instruction information include about secret key more New information;Secret key between UE and prothetic group station for being communicated;Processing module 12 is used to be completed according to the first instruction information secret Key updates or keeps secret key constant.
Optionally, acquisition module 11 is specifically used for the first instruction information for receiving master base station or prothetic group station is sent;First refers to Show that information includes that secret key does not need newer instruction;Processing module 12 is specifically used for keeping secret key not according to the first instruction information Become.
Further, the first instruction information further includes indication message, and indication message is used to indicate UE and carries out base Stand switching or cell switching.
Optionally, acquisition module 11 is specifically used for receiving the first instruction information that master base station is sent;First instruction packet It includes secret key and needs newer instruction;Processing module 12 is specifically used for completing secret key update according to the first instruction information.
Further, the first instruction information further includes configuration information, counter information and indication message;
Configuration information includes PDCP layers of configuration information of Packet Data Convergence Protocol and algorithm information;
Counter information is for completing secret key update;
Indication message is used to indicate UE and carries out base station switching or cell switching.
Optionally, access net root secret key and secret key update list determination of the base station according to prothetic group station supplemented by counter information Information, secret key update list include the mapping relations between the access net root secret key at prothetic group station and counter information.
Optionally, counter information is the information that master base station needs that newer instruction is generated according to secret key.
Optionally, as shown in figure 13, processing module 12 include first communication module 121 and second communication module 122, first Communication module 121 is to execute the module that communication function is carried out with master base station, and second communication module 122 is to execute to carry out with prothetic group station The module of communication function;
First communication module 121 is used to generate the second secret key according at least counter information and the first secret key, and by second Secret key is sent to second communication module 122;First secret key is the access net root secret key of master base station;
Second communication module 122 is used to establish PDCP layers according to PDCP layers of configuration information;
Second communication module 122 is used to generate third secret key according at least the second secret key and algorithm information, and third secret key is answered For the data transmission between UE and prothetic group station.
Optionally, another realization method of Figure 13 is as follows:
Configuration information, counter information and the first secret key are sent to second communication module 122 by first communication module 121; First secret key is the access net root secret key of master base station;
Second communication module 122 generates the second secret key according at least counter information and the first secret key;
Second communication module 122 establishes PDCP layers according to PDCP layers of configuration information;
Second communication module 122 generates third secret key according at least the second secret key and algorithm information, and third secret key is applied to Data transmission between UE and prothetic group station.
Secret key shown in the realization principle and advantageous effect and Fig. 2-Fig. 5 of secret key updating device provided by the embodiments of the present application is more The realization principle of new method is similar with advantageous effect, and details are not described herein again.
Figure 14 is a kind of secret key updating device that the application another embodiment provides, and as shown in figure 14, which includes obtaining Modulus block 21 and sending module 22.Acquisition module 21 is for obtaining the first instruction information;First instruction information includes about secret key Newer information;Secret key between UE and prothetic group station for being communicated;Sending module 22 is used to the first instruction information being sent to User equipment (UE), so that UE completes secret key update according to the first instruction information or keeps secret key constant.
Optionally, the first instruction information includes that secret key does not need newer instruction, and secret key does not need newer instruction and is used for Indicate that UE keeps secret key constant.
Further, the first instruction information further includes indication message, and indication message is used to indicate UE and carries out base Stand switching or cell switching.
Optionally, the first instruction information includes that secret key needs newer instruction, secret key that newer instruction is needed to be used to indicate UE completes secret key update.
Further, the first instruction information further includes configuration information, counter information and indication message;
Configuration information includes PDCP layers of configuration information of Packet Data Convergence Protocol and algorithm information;
Counter information is for completing secret key update;
Indication message is used to indicate UE and carries out base station switching or cell switching.
Optionally, access net root secret key and secret key update list determination of the base station according to prothetic group station supplemented by counter information Information, secret key update list include the mapping relations between the access net root secret key at prothetic group station and counter information.
Optionally, counter information is the information that master base station needs that newer instruction is generated according to secret key.
Optionally, acquisition module 21 is specifically used for receiving the second instruction information that prothetic group station is sent;It is needed more according to secret key New instruction generates counter information;And the first instruction is generated according to counter information, configuration information and indication message and is believed Breath;Second instruction information includes that secret key needs newer instruction, configuration information and indication message.
Further, acquisition module 21 generates the first instruction according to counter information, configuration information and indication message Information, including:Counter information is sent to prothetic group station by acquisition module 21, so that counter information is sealed at institute's prothetic group station Dress;The first instruction information is generated according to counter information, configuration information and the indication message after encapsulation.
Secret key shown in the realization principle and advantageous effect and Fig. 6-Fig. 8 of secret key updating device provided by the embodiments of the present application is more The realization principle of new method is similar with advantageous effect, and details are not described herein again.
A kind of secret key updating device that the application another embodiment also provides, the structure diagram of the device are identical as Figure 14. As shown in figure 14, which includes acquisition module 21 and sending module 22.Acquisition module 21 obtains the first instruction information;First refers to Show that information includes about the newer information of secret key;Secret key between UE and prothetic group station for being communicated;Sending module 22 is used for will First instruction information is sent to UE, so that UE completes secret key update according to the first instruction information or keeps secret key constant.
Optionally, the first instruction information includes that secret key does not need newer instruction, and secret key does not need newer instruction and is used for Indicate that UE keeps secret key constant.
Further, the first instruction information further includes indication message, and indication message is used to indicate UE and carries out base Stand switching or cell switching.
Optionally, the first instruction information includes that secret key needs newer instruction, secret key that newer instruction is needed to be used to indicate UE completes secret key update.
Further, the first instruction information further includes configuration information and indication message;
Configuration information includes PDCP layers of configuration information of Packet Data Convergence Protocol and algorithm information;
Indication message is used to indicate UE and carries out base station switching or cell switching.
Still further, the first instruction information further includes counter information, base station is according to prothetic group station supplemented by counter information The information that determines of access net root secret key and secret key update list, secret key update list include prothetic group station access net root secret key with Mapping relations between counter information.
Optionally, sending module 22 is specifically used for that the first instruction information is sent to UE by master base station.
The realization principle and advantageous effect of secret key updating device provided by the embodiments of the present application and secret key update side shown in Fig. 9 The realization principle of method is similar with advantageous effect, and details are not described herein again.
Figure 15 is a kind of equipment that one embodiment of the application provides, and as shown in figure 15, which includes processor 31 and deposit Reservoir 32;For storing instruction, the processor 31 is used to execute the instruction of the storage of the memory 32 to the memory 32, when When processor 31 executes the instruction of the storage of the memory 32, the equipment is for executing such as any one embodiment institutes of Fig. 2-Figure 11 The method stated.
In above equipment in the specific implementation, it should be understood that processor can be central processing unit (Central Processing Unit, CPU), it can also be other general processors, digital signal processor (Digital Signal Processor, DSP), application-specific integrated circuit (Application Specific Integrated Circuit, ASIC) etc.. General processor can be microprocessor or the processor can also be any conventional processor etc..It is public in conjunction with the application institute The step of method opened, can be embodied directly in hardware processor and execute completion, or with the hardware and software module in processor Combination executes completion.
Realize that all or part of step of above-mentioned each method embodiment can be completed by the relevant hardware of program instruction. Program above-mentioned can be stored in a readable access to memory.When being executed, execution includes above-mentioned each method embodiment to the program The step of;And memory (storage medium) above-mentioned includes:Read-only memory (English:Read-only memory, abbreviation: ROM), RAM, flash memory, hard disk, solid state disk, tape (English:Magnetic tape), floppy disk (English:floppy Disk), CD (English:Optical disc) and its arbitrary combination.
The embodiment of the present application also provides a kind of communication system, which includes:Master base station and prothetic group station;Master base station is used In executing the secret key update method described in Fig. 6~Fig. 8 any embodiments, prothetic group station is used to execute the secret key described in Fig. 9 embodiments Update method.
The embodiment of the present application also provides a kind of secret key updating device, includes any described for executing figure 2 above-Figure 11 At least one processing element (or chip) of method.
The embodiment of the present application also provides a kind of program, and the program is when being executed by processor for executing figure 2 above-Figure 11 Any method.
The embodiment of the present application also provides a kind of program product, such as computer readable storage medium, including a upper embodiment Program.
The embodiment of the present application also provides a kind of computer readable storage medium, is stored in the computer readable storage medium There is instruction, when run on a computer so that computer executes any methods of above-mentioned Fig. 2-Figure 11.

Claims (26)

1. a kind of secret key update method, which is characterized in that the method includes:
User equipment (UE) obtains the first instruction information;The first instruction information includes about the newer information of the secret key;Institute Secret key is stated for being communicated between the UE and prothetic group station;
The UE indicates the information completion secret key update according to described first or keeps the secret key constant.
2. according to the method described in claim 1, it is characterized in that, the UE obtain first instruction information, including:
The first instruction information that the UE receives master base station or the prothetic group station is sent;The first instruction information includes institute It states secret key and does not need newer instruction;
The UE completes the secret key update according to the first instruction information or keeps the secret key constant, including:
The UE indicates that information keeps the secret key constant according to described first.
3. according to the method described in claim 2, it is characterized in that, it is described first instruction information further include indication message, The indication message is used to indicate the UE and carries out base station switching or cell switching.
4. according to the method described in claim 1, it is characterized in that, the UE obtain first instruction information, including:
The UE receives the first instruction information that master base station is sent;The first instruction information includes that the secret key needs more New instruction;
The UE is constant according to secret key is held described in the first instruction information completion secret key update or guarantor, including:
The UE indicates that information is completed the secret key and updated according to described first.
5. according to the method described in claim 4, it is characterized in that, the first instruction information further includes configuration information, counts Device information and indication message;
The configuration information includes PDCP layers of configuration information of Packet Data Convergence Protocol and algorithm information;
The counter information is for completing the secret key update;
The indication message is used to indicate the UE and carries out base station switching or cell switching.
6. according to the method described in claim 5, it is characterized in that, the counter information be the prothetic group station according to described auxiliary The information that the access net root secret key of base station is determined with secret key update list, the secret key update list includes connecing for the prothetic group station Mapping relations between networking root secret key and the counter information.
7. according to the method described in claim 5, it is characterized in that, the counter information be the master base station according to described secret Key needs the information that newer instruction generates.
8. according to claim 5-7 any one of them methods, which is characterized in that the UE includes first communication module and second Communication module, the first communication module are to execute the module that communication function is carried out with the master base station, the second communication mould Block is to execute the module that communication function is carried out with the prothetic group station;
The UE indicates that information is completed the secret key and updated according to described first, including:
The first communication module generates the second secret key according at least described counter information and the first secret key, and by described second Secret key is sent to the second communication module;First secret key is the access net root secret key of master base station;
The second communication module establishes PDCP layers according to the PDCP layers of configuration information;
The second communication module generates third secret key according at least described second secret key and the algorithm information, and the third is secret Key is applied to the data transmission between the UE and the prothetic group station.
9. according to claim 5-7 any one of them methods, which is characterized in that the UE includes first communication module and second Communication module, the first communication module are to execute the module that communication function is carried out with the master base station, the second communication mould Block is to execute the module that communication function is carried out with the prothetic group station;
The UE indicates that information is completed the secret key and updated according to described first, including:
The configuration information, the counter information and the first secret key are sent to second communication by the first communication module Module;First secret key is the access net root secret key of master base station;
The second communication module generates the second secret key according at least described counter information and first secret key;
The second communication module establishes PDCP layers according to the PDCP layers of configuration information;
The second communication module generates third secret key according at least described second secret key and the algorithm information, and the third is secret Key is applied to the data transmission between the UE and the prothetic group station.
10. a kind of secret key update method, which is characterized in that the method includes:
Master base station obtains the first instruction information;The first instruction information includes about the newer information of the secret key;It is described secret Key between the UE and prothetic group station for being communicated;
The master base station indicates that information is sent to user equipment (UE) by described first, so that the UE believes according to first instruction Breath completes the secret key update or keeps the secret key constant.
11. according to the method described in claim 10, it is characterized in that, the first instruction information includes that the secret key does not need Newer instruction, the secret key, which does not need newer instruction and is used to indicate the UE, keeps the secret key constant.
12. according to the method for claim 11, which is characterized in that the first instruction information further includes switching instruction letter Breath, the indication message are used to indicate the UE and carry out base station switching or cell switching.
13. according to the method described in claim 10, it is characterized in that, the first instruction information includes that the secret key needs more New instruction, the secret key need newer instruction to be used to indicate the UE completions secret key update.
14. according to the method for claim 13, which is characterized in that the first instruction information further includes configuration information, meter Number device information and indication message;
The configuration information includes PDCP layers of configuration information of Packet Data Convergence Protocol and algorithm information;
The counter information is for completing the secret key update;
The indication message is used to indicate the UE and carries out base station switching or cell switching.
15. according to the method for claim 14, which is characterized in that base station is according to the prothetic group supplemented by the counter information The information that the access net root secret key stood is determined with secret key update list, the secret key update list include the access at the prothetic group station Mapping relations between net root secret key and the counter information.
16. according to the method for claim 14, which is characterized in that the counter information is the master base station according to Secret key needs the information that newer instruction generates.
17. according to the method for claim 16, which is characterized in that the master base station obtains the first instruction information, including:
The master base station receives the second instruction information that prothetic group station is sent;The second instruction information includes that the secret key needs more It is new indicate, the configuration information and the indication message;
The master base station needs newer instruction to generate the counter information according to the secret key;
The master base station generates described first according to the counter information, the configuration information and the indication message and refers to Show information.
18. according to the method for claim 17, which is characterized in that the master base station is according to the counter information, described Configuration information and the indication message generate the first instruction information, including:
The counter information is sent to the prothetic group station by the master base station so that institute's prothetic group station to the counter information into Row encapsulation;
The master base station generates described the according to the counter information after encapsulation, the configuration information and the indication message One instruction information.
19. a kind of secret key update method, which is characterized in that the method includes:
Prothetic group station obtains the first instruction information;The first instruction information includes about the newer information of the secret key;It is described secret Key between the UE and prothetic group station for being communicated;
The prothetic group station indicates that information is sent to user equipment (UE) by described first, so that the UE believes according to first instruction Breath completes the secret key update or keeps the secret key constant.
20. according to the method for claim 19, which is characterized in that the first instruction information includes that the secret key does not need Newer instruction, the secret key, which does not need newer instruction and is used to indicate the UE, keeps the secret key constant.
21. according to the method for claim 20, which is characterized in that the first instruction information further includes switching instruction letter Breath, the indication message are used to indicate the UE and carry out base station switching or cell switching.
22. according to the method for claim 19, which is characterized in that the first instruction information includes that the secret key needs more New instruction, the secret key need newer instruction to be used to indicate the UE completions secret key update.
23. according to the method for claim 22, which is characterized in that the first instruction information further includes configuration information and cuts Change instruction information;
The configuration information includes PDCP layers of configuration information of Packet Data Convergence Protocol and algorithm information;
The indication message is used to indicate the UE and carries out base station switching or cell switching.
24. according to the method for claim 23, which is characterized in that the first instruction information further includes counter information, The information that base station is determined according to the access net root secret key at the prothetic group station with secret key update list supplemented by the counter information, institute It includes the mapping relations between the access net root secret key at the prothetic group station and the counter information to state secret key update list.
25. according to claim 19-24 any one of them methods, which is characterized in that the prothetic group station is indicated described first Information is sent to user equipment (UE), including:
The prothetic group station indicates that information is sent to the UE by master base station by described first.
26. a kind of equipment, which is characterized in that including processor and memory;
For storing instruction, the processor is used to execute the instruction of the memory storage to the memory, when the processing When device executes the instruction of the memory storage, the equipment is used to execute the side as described in claim 1 to 25 any one Method.
CN201710313965.XA 2017-05-05 2017-05-05 Key updating method and device Active CN108810888B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201710313965.XA CN108810888B (en) 2017-05-05 2017-05-05 Key updating method and device
PCT/CN2018/085568 WO2018202117A1 (en) 2017-05-05 2018-05-04 Key updating method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710313965.XA CN108810888B (en) 2017-05-05 2017-05-05 Key updating method and device

Publications (2)

Publication Number Publication Date
CN108810888A true CN108810888A (en) 2018-11-13
CN108810888B CN108810888B (en) 2020-09-18

Family

ID=64016423

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710313965.XA Active CN108810888B (en) 2017-05-05 2017-05-05 Key updating method and device

Country Status (2)

Country Link
CN (1) CN108810888B (en)
WO (1) WO2018202117A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020154929A1 (en) * 2019-01-29 2020-08-06 Oppo广东移动通信有限公司 Key information processing method, access network nodes and terminal device
CN111866870A (en) * 2019-04-26 2020-10-30 华为技术有限公司 Key management method and device
WO2021227835A1 (en) * 2020-05-15 2021-11-18 华为技术有限公司 Key updating method, network device, system and storage medium
WO2023125342A1 (en) * 2021-12-27 2023-07-06 华为技术有限公司 Communication method, apparatus, and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150208235A1 (en) * 2014-01-17 2015-07-23 Samsung Electronics Co., Ltd. Dual connectivity mode of operation of a user equipment in a wireless communication network
WO2015113207A1 (en) * 2014-01-28 2015-08-06 华为技术有限公司 Security password changing method, base station, and user equipment
CN104918242A (en) * 2014-03-14 2015-09-16 中兴通讯股份有限公司 Slave base station secret key updating method, slave base station, terminal and communication system
WO2016195735A1 (en) * 2015-05-29 2016-12-08 Yujian Zhang Seamless mobility for 5g and lte systems and devices

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150208235A1 (en) * 2014-01-17 2015-07-23 Samsung Electronics Co., Ltd. Dual connectivity mode of operation of a user equipment in a wireless communication network
WO2015113207A1 (en) * 2014-01-28 2015-08-06 华为技术有限公司 Security password changing method, base station, and user equipment
CN104918242A (en) * 2014-03-14 2015-09-16 中兴通讯股份有限公司 Slave base station secret key updating method, slave base station, terminal and communication system
WO2016195735A1 (en) * 2015-05-29 2016-12-08 Yujian Zhang Seamless mobility for 5g and lte systems and devices

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
ERICSSON: "Security Algorithm Negotiation for dual connectivity", 《3GPP TSG-RAN WG3 MEETING R3-142585》 *
NSN, NOKIA CORPORATION: "Security Overview for the Stage 2", 《3GPP TSG-RAN WG2 MEETING R2-142864》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020154929A1 (en) * 2019-01-29 2020-08-06 Oppo广东移动通信有限公司 Key information processing method, access network nodes and terminal device
CN111866870A (en) * 2019-04-26 2020-10-30 华为技术有限公司 Key management method and device
WO2021227835A1 (en) * 2020-05-15 2021-11-18 华为技术有限公司 Key updating method, network device, system and storage medium
WO2023125342A1 (en) * 2021-12-27 2023-07-06 华为技术有限公司 Communication method, apparatus, and system

Also Published As

Publication number Publication date
CN108810888B (en) 2020-09-18
WO2018202117A1 (en) 2018-11-08

Similar Documents

Publication Publication Date Title
CN108810888A (en) Secret key update method and equipment
JP2022524134A (en) Clock drift processing methods, network functions Network elements, network devices and computer programs
CN108271227B (en) A kind of SOT state of termination across RAT determines method and terminal
CN108029015A (en) Wireless access point and terminal device in communication network
CN108347420A (en) A kind of method, relevant device and the system of netkey processing
US11451961B2 (en) Security enhancements for early data transmissions
WO2021179911A1 (en) Communication method and apparatus
JP7410930B2 (en) Securing non-access layer communications in wireless communication networks
EP3493594B1 (en) Reconfiguration method and related product
RU2748314C1 (en) Radio resource configuration
CN107801187A (en) Encipher-decipher method, apparatus and system
US11916925B2 (en) Method for improving data transmission security
CN109819439A (en) The method and related entities of key updating
CN109392197A (en) The device and method of change is carried in processing dual link
CN105103577B (en) A kind of device and method of encryption data
CN108377518A (en) A kind of connection re-establishment method and device, electronic equipment
WO2018098687A1 (en) Method and device for security processing
CN109417539A (en) Key acquisition method and device
US8412159B2 (en) Method, apparatus and computer program product for security configuration coordination during a cell update procedure
CN110035430A (en) Cipher key processing method, control plane node, user plane node and user equipment
CN104780577B (en) A kind of method and apparatus that data resource switches over transmission in minizone
WO2020164510A1 (en) Communication method, communication apparatus, and computer-readable storage medium
WO2020220937A1 (en) Security policy management method and device
US9485670B2 (en) Method, apparatus and computer program product for security configuration coordination during a cell update procedure
US20140024344A1 (en) Mobile communication method, radio base station, mobile management node, and mobile station

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant