CN108810888B - Key updating method and device - Google Patents
Key updating method and device Download PDFInfo
- Publication number
- CN108810888B CN108810888B CN201710313965.XA CN201710313965A CN108810888B CN 108810888 B CN108810888 B CN 108810888B CN 201710313965 A CN201710313965 A CN 201710313965A CN 108810888 B CN108810888 B CN 108810888B
- Authority
- CN
- China
- Prior art keywords
- base station
- key
- information
- indication information
- indication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0433—Key management protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/0005—Control or signalling for completing the hand-off
- H04W36/0055—Transmission or use of information for re-establishing the radio link
Abstract
The application provides a secret key updating method and equipment, wherein the method comprises the following steps: user Equipment (UE) acquires first indication information; the first indication information includes information about the key update; the secret key is used for communication between the UE and the secondary base station; the UE completes the key updating or keeps the key unchanged according to the first indication information, the UE can be flexibly controlled to complete the key updating or keep the key unchanged by adopting the mode of the first indication information, and particularly, when the key does not need to be updated, the UE does not need to establish a PDCP layer, so that service interruption is avoided, and the service quality of the service is ensured.
Description
Technical Field
The present application relates to communications technologies, and in particular, to a method and an apparatus for updating a key.
Background
In order to enable a User Equipment (UE) to simultaneously obtain Radio resources from a Long Term Evolution (LTE) access air interface and a New Radio (NR) access air interface for data transmission, so as to obtain a large transmission rate gain, a Dual Connectivity (DC) transmission system is generally formed between LTE and NR, which may be referred to as an LTE NR DC transmission system.
When the UE accesses the network, an access network root key is needed. In the LTE NR DC transmission system, an access network root key based on a primary base station is referred to as KeNB, and an access network root key based on a Secondary base station is referred to as S-KeNB, where S-KeNB is a key derived based on the KeNB and a Secondary Cell Group (SCG) Counter (Counter). For example, when the S-KeNB needs to be derived, the master base station generates a random number of 32bits as the SCG Counter value, transmits the SCG Counter value to the UE, and the UE derives the S-KeNB by using the KeNB and the SCG Counter value.
In an LTE NR DC transmission system, when a UE performs handover between master base stations, handover within a master base station, handover within a master cell, handover between secondary base stations, and handover within a secondary base station, an S-KeNB needs to be updated, and a Packet Data Convergence Protocol (PDCP) layer needs to be re-established every time the S-KeNB is updated, which may cause service interruption delay and may not ensure service quality of a service.
Disclosure of Invention
The application provides a secret key updating method and equipment, which are used for solving the problems that service interruption time delay is caused when a secret key is updated in the prior art, and the service quality of a service cannot be guaranteed.
A first aspect of the present application provides a key updating method, including:
user Equipment (UE) acquires first indication information; the first indication information includes information about key update; the secret key is used for communication between the UE and the secondary base station;
and the UE completes key updating or keeps the key unchanged according to the first indication information.
In the above scheme, the UE obtains the first indication information including information about key update, and completes the key update or keeps the key unchanged according to the first indication information, and the UE can be flexibly controlled to complete the key update or keep the key unchanged by using the first indication information, and especially, when the key does not need to be updated, the UE does not need to establish a PDCP layer, so that service interruption is not caused, and service quality of a service is ensured.
In a possible implementation manner, the obtaining, by the UE, the first indication information includes:
the UE receives first indication information sent by a main base station or a secondary base station; the first indication information includes an indication that the key does not need to be updated;
the UE completes key updating or keeps the key unchanged according to the first indication information, and the method comprises the following steps:
the UE keeps the key unchanged according to the first indication information.
In a possible implementation manner, the first indication information further includes handover indication information, and the handover indication information is used for indicating the UE to perform base station handover or cell handover.
In the above scheme, when the first indication information indicates that the key does not need to be updated, the UE continues to use the original key to communicate with the secondary base station, and the UE does not need to establish a PDCP layer.
In a possible implementation manner, the obtaining, by the UE, the first indication information includes:
the UE receives first indication information sent by a main base station; the first indication information comprises an indication that the key needs to be updated;
the UE completes key updating or keeps the key unchanged according to the first indication information, and the method comprises the following steps:
and the UE completes key updating according to the first indication information.
In a possible implementation manner, the first indication information further includes configuration information, counter information, and handover indication information;
the configuration information comprises configuration information and algorithm information of a packet data convergence protocol PDCP layer;
the counter information is used for finishing key updating;
the switching indication information is used for indicating the UE to carry out base station switching or cell switching.
In a possible implementation manner, the counter information is information determined by the secondary base station according to an access network root key of the secondary base station and a key update list, where the key update list includes a mapping relationship between the access network root key of the secondary base station and the counter information. The secondary base station can quickly and directly obtain the new secret key and the counter information from the secret key updating list, and the secret key updating speed can be improved.
In one possible implementation, the counter information is information generated by the master base station based on an indication that the key needs to be updated. The master base station sends the counter information to the UE, so that the UE generates a new secret key according to the counter information, the risk that the secret key is leaked possibly caused by the fact that the master base station directly transmits the new secret key is avoided, and the reliability and the safety of the secret key are improved.
In one possible implementation manner, the UE includes a first communication module and a second communication module, where the first communication module is a module that performs a communication function with the primary base station, and the second communication module is a module that performs a communication function with the secondary base station;
the UE completes key updating according to the first indication information, and the key updating comprises the following steps:
the first communication module generates a second secret key according to at least the counter information and the first secret key, and sends the second secret key to the second communication module; the first secret key is an access network root secret key of the main base station;
the second communication module establishes a PDCP layer according to the configuration information of the PDCP layer;
the second communication module generates a third key according to at least the second key and the algorithm information, and the third key is applied to data transmission between the UE and the secondary base station.
In one possible implementation manner, the UE includes a first communication module and a second communication module, where the first communication module is a module that performs a communication function with the primary base station, and the second communication module is a module that performs a communication function with the secondary base station;
the UE completes key updating according to the first indication information, and the key updating comprises the following steps:
the first communication module sends the configuration information, the counter information and the first secret key to the second communication module; the first secret key is an access network root secret key of the main base station;
the second communication module generates a second secret key according to at least the counter information and the first secret key;
the second communication module establishes a PDCP layer according to the configuration information of the PDCP layer;
the second communication module generates a third key according to at least the second key and the algorithm information, and the third key is applied to data transmission between the UE and the secondary base station.
In the above scheme, when the key needs to be updated, the UE updates the key in time according to the first indication information, so as to ensure the security and reliability of data transmission between the UE and the secondary base station.
A second aspect of the present application provides a key updating method, including:
the main base station acquires first indication information; the first indication information includes information about key update; the secret key is used for communication between the UE and the secondary base station;
and the main base station sends the first indication information to the user equipment UE so that the UE completes key updating or keeps the key unchanged according to the first indication information.
In one possible implementation, the first indication information includes an indication that the key does not need to be updated, and the indication that the key does not need to be updated is used to indicate that the UE keeps the key unchanged.
In a possible implementation manner, the first indication information further includes handover indication information, and the handover indication information is used for indicating the UE to perform base station handover or cell handover.
In one possible implementation manner, the first indication information includes an indication that the key needs to be updated, and the indication that the key needs to be updated is used to indicate that the UE completes the key update.
In a possible implementation manner, the first indication information further includes configuration information, counter information, and handover indication information;
the configuration information comprises configuration information and algorithm information of a packet data convergence protocol PDCP layer;
the counter information is used for finishing key updating;
the switching indication information is used for indicating the UE to carry out base station switching or cell switching.
In a possible implementation manner, the counter information is information determined by the secondary base station according to an access network root key of the secondary base station and a key update list, where the key update list includes a mapping relationship between the access network root key of the secondary base station and the counter information.
In one possible implementation, the counter information is information generated by the master base station based on an indication that the key needs to be updated.
In one possible implementation manner, the acquiring, by the master base station, the first indication information includes:
the main base station receives second indication information sent by the auxiliary base station; the second indication information comprises an indication that the secret key needs to be updated, configuration information and switching indication information;
the master base station generates counter information according to the indication that the secret key needs to be updated;
the main base station generates first indication information according to the counter information, the configuration information and the switching indication information.
In one possible implementation manner, the generating, by the master base station, the first indication information according to the counter information, the configuration information, and the switching indication information includes:
the main base station sends the counter information to the auxiliary base station so that the auxiliary base station can package the counter information;
and the main base station generates first indication information according to the packaged counter information, the configuration information and the switching indication information.
The beneficial effects of the key updating method provided by the second aspect of the present application are similar to those of the method provided by the first aspect, and are not described herein again.
A third aspect of the present application provides a key updating method, including:
the auxiliary base station acquires first indication information; the first indication information includes information about key update; the secret key is used for communication between the UE and the secondary base station;
and the auxiliary base station sends the first indication information to the User Equipment (UE) so that the UE completes key updating or keeps the key unchanged according to the first indication information.
In one possible implementation, the first indication information includes an indication that the key does not need to be updated, and the indication that the key does not need to be updated is used to indicate that the UE keeps the key unchanged.
In a possible implementation manner, the first indication information further includes handover indication information, and the handover indication information is used for indicating the UE to perform base station handover or cell handover.
In one possible implementation manner, the first indication information includes an indication that the key needs to be updated, and the indication that the key needs to be updated is used to indicate that the UE completes the key update.
In a possible implementation manner, the first indication information further includes configuration information and handover indication information;
the configuration information comprises configuration information and algorithm information of a packet data convergence protocol PDCP layer;
the switching indication information is used for indicating the UE to carry out base station switching or cell switching.
In a possible implementation manner, the first indication information further includes counter information, the counter information is determined by the secondary base station according to an access network root key of the secondary base station and a key update list, and the key update list includes a mapping relationship between the access network root key of the secondary base station and the counter information.
In a possible implementation manner, the sending, by the secondary base station, the first indication information to the user equipment UE includes:
and the auxiliary base station sends the first indication information to the UE through the main base station.
The beneficial effects of the key updating method provided by the third aspect of the present application are similar to those of the method provided by the first aspect, and are not described herein again.
A fourth aspect of the present application provides a key updating apparatus, including:
the acquisition module is used for acquiring first indication information; the first indication information includes information about key update; the secret key is used for communication between the UE and the secondary base station;
and the processing module is used for finishing key updating or keeping the key unchanged according to the first indication information.
In a possible implementation manner, the obtaining module is specifically configured to receive first indication information sent by a primary base station or a secondary base station; the first indication information includes an indication that the key does not need to be updated;
the processing module is specifically configured to keep the key unchanged according to the first indication information.
In a possible implementation manner, the first indication information further includes handover indication information, and the handover indication information is used for indicating the UE to perform base station handover or cell handover.
In a possible implementation manner, the obtaining module is specifically configured to receive first indication information sent by a master base station; the first indication information comprises an indication that the key needs to be updated;
the processing module is specifically configured to complete key updating according to the first indication information.
In a possible implementation manner, the first indication information further includes configuration information, counter information, and handover indication information;
the configuration information comprises configuration information and algorithm information of a packet data convergence protocol PDCP layer;
the counter information is used for finishing key updating;
the switching indication information is used for indicating the UE to carry out base station switching or cell switching.
In a possible implementation manner, the counter information is information determined by the secondary base station according to an access network root key of the secondary base station and a key update list, where the key update list includes a mapping relationship between the access network root key of the secondary base station and the counter information.
In one possible implementation, the counter information is information generated by the master base station based on an indication that the key needs to be updated.
In one possible implementation manner, the processing module includes a first communication module and a second communication module, the first communication module is a module for performing a communication function with the primary base station, and the second communication module is a module for performing a communication function with the secondary base station;
the first communication module is used for generating a second secret key according to at least the counter information and the first secret key and sending the second secret key to the second communication module; the first secret key is an access network root secret key of the main base station;
the second communication module is used for establishing a PDCP layer according to the configuration information of the PDCP layer;
the second communication module is configured to generate a third key according to at least the second key and the algorithm information, and the third key is applied to data transmission between the UE and the secondary base station.
In one possible implementation manner, the processing module includes a first communication module and a second communication module, the first communication module is a module for performing a communication function with the primary base station, and the second communication module is a module for performing a communication function with the secondary base station;
the first communication module is used for sending the configuration information, the counter information and the first secret key to the second communication module; the first secret key is an access network root secret key of the main base station;
the second communication module is used for generating a second secret key according to at least the counter information and the first secret key;
the second communication module is used for establishing a PDCP layer according to the configuration information of the PDCP layer;
the second communication module is configured to generate a third key according to at least the second key and the algorithm information, and the third key is applied to data transmission between the UE and the secondary base station.
The beneficial effects of the key updating apparatus provided in the fourth aspect of the present application are similar to the beneficial effects of the method provided in the first aspect, and are not described herein again.
A fifth aspect of the present application provides a key updating apparatus, including:
the acquisition module is used for acquiring first indication information; the first indication information includes information about key update; the secret key is used for communication between the UE and the secondary base station;
and the sending module is used for sending the first indication information to the User Equipment (UE) so that the UE completes key updating or keeps the key unchanged according to the first indication information.
In one possible implementation, the first indication information includes an indication that the key does not need to be updated, and the indication that the key does not need to be updated is used to indicate that the UE keeps the key unchanged.
In a possible implementation manner, the first indication information further includes handover indication information, and the handover indication information is used for indicating the UE to perform base station handover or cell handover.
In one possible implementation manner, the first indication information includes an indication that the key needs to be updated, and the indication that the key needs to be updated is used to indicate that the UE completes the key update.
In a possible implementation manner, the first indication information further includes configuration information, counter information, and handover indication information;
the configuration information comprises configuration information and algorithm information of a packet data convergence protocol PDCP layer;
the counter information is used for finishing key updating;
the switching indication information is used for indicating the UE to carry out base station switching or cell switching.
In a possible implementation manner, the counter information is information determined by the secondary base station according to an access network root key of the secondary base station and a key update list, where the key update list includes a mapping relationship between the access network root key of the secondary base station and the counter information.
In one possible implementation, the counter information is information generated by the master base station based on an indication that the key needs to be updated.
In a possible implementation manner, the obtaining module is specifically configured to receive second indication information sent by the secondary base station; generating counter information according to the indication that the secret key needs to be updated; generating first indication information according to the counter information, the configuration information and the switching indication information; the second indication information includes an indication that the key needs to be updated, configuration information, and handover indication information.
In a possible implementation manner, the generating, by the obtaining module, the first indication information according to the counter information, the configuration information, and the handover indication information includes:
the acquisition module sends the counter information to the auxiliary base station so that the auxiliary base station can package the counter information; and generating first indication information according to the packaged counter information, the configuration information and the switching indication information.
The key updating apparatus provided by the fifth aspect of the present application has similar advantageous effects to the method provided by the second aspect, and is not described herein again.
A sixth aspect of the present application provides a key updating apparatus, including:
the acquisition module is used for acquiring first indication information; the first indication information includes information about key update; the secret key is used for communication between the UE and the secondary base station;
and the sending module is used for sending the first indication information to the User Equipment (UE) so that the UE completes key updating or keeps the key unchanged according to the first indication information.
In one possible implementation, the first indication information includes an indication that the key does not need to be updated, and the indication that the key does not need to be updated is used to indicate that the UE keeps the key unchanged.
In a possible implementation manner, the first indication information further includes handover indication information, and the handover indication information is used for indicating the UE to perform base station handover or cell handover.
In one possible implementation manner, the first indication information includes an indication that the key needs to be updated, and the indication that the key needs to be updated is used to indicate that the UE completes the key update.
In a possible implementation manner, the first indication information further includes configuration information and handover indication information;
the configuration information comprises configuration information and algorithm information of a packet data convergence protocol PDCP layer;
the switching indication information is used for indicating the UE to carry out base station switching or cell switching.
In a possible implementation manner, the first indication information further includes counter information, the counter information is determined by the secondary base station according to an access network root key of the secondary base station and a key update list, and the key update list includes a mapping relationship between the access network root key of the secondary base station and the counter information.
In a possible implementation manner, the sending module is specifically configured to send the first indication information to the UE through the primary base station.
The key updating apparatus according to the sixth aspect of the present application has similar advantageous effects to the method according to the second aspect, and is not described herein again.
The sixth aspect of the present application also provides an apparatus comprising a processor and a memory;
the memory is used for storing instructions, the processor is used for executing the instructions stored by the memory, and when the processor executes the instructions stored by the memory, the device is used for executing the method provided by any one of the embodiments of the first aspect to the third aspect.
A seventh aspect of the present application provides a key updating apparatus comprising at least one processing element (or chip) configured to perform the methods of the first to third aspects above.
An eighth aspect of the present application provides a program for performing the method of the above first to third aspects when executed by a processor.
A ninth aspect of the present application provides a program product, such as a computer readable storage medium, comprising the program of the eighth aspect.
A tenth aspect of the present application provides a computer-readable storage medium having stored therein instructions, which, when run on a computer, cause the computer to perform the method of the first to third aspects described above.
The eleventh aspect of the present application also provides a communication system including: a primary base station and a secondary base station;
the master base station is used for executing the key updating method provided by the second aspect;
the secondary base station is configured to perform the key updating method provided in the third aspect.
Drawings
Fig. 1 is a schematic view of an application scenario of a key updating method according to an embodiment of the present application;
fig. 2 is a flowchart of a key updating method according to an embodiment of the present application;
fig. 3 is a flowchart of a key updating method according to another embodiment of the present application;
fig. 4 is a flowchart of a key updating method according to another embodiment of the present application;
fig. 5 is a flowchart of a key updating method according to another embodiment of the present application;
fig. 6 is a flowchart of a key updating method according to yet another embodiment of the present application;
fig. 7 is a flowchart of a key updating method according to another embodiment of the present application;
fig. 8 is a flowchart of a key updating method according to another embodiment of the present application;
fig. 9 is a flowchart of a key updating method according to another embodiment of the present application;
fig. 10 is a flowchart of a key updating method according to another embodiment of the present application;
fig. 11 is a flowchart of a key updating method according to another embodiment of the present application;
fig. 12 is a key updating apparatus according to an embodiment of the present application;
fig. 13 is a key updating apparatus according to another embodiment of the present application;
fig. 14 is a key updating apparatus according to still another embodiment of the present application;
fig. 15 is a device according to an embodiment of the present application.
Detailed Description
The key updating method provided by The present application is applied to a wireless communication system, and particularly, can be applied to The 5th Generation mobile communication technology (5G) system. Fig. 1 is a schematic view of an application scenario of a key updating method provided in an embodiment of the present application, and as shown in fig. 1, the application scenario of the key updating method includes a UE1, a main base station 2, a secondary base station 3, and a core network 4, where a control plane and a user plane connection may be established between the main base station 2 and the core network 4 for the UE1, and a user plane connection may be established between the secondary base station 3 and the core network 4 for the UE.
Fig. 2 is a flowchart of a key updating method according to an embodiment of the present application. The embodiment relates to a specific implementation process in which the UE completes the key update or keeps the key unchanged according to the first indication information, and as shown in fig. 2, the key update method includes the following steps:
In this embodiment, the key is used for communication between the UE and the secondary base station, for example, the UE and the secondary base station encrypt, decrypt, integrity protect, integrity check, and the like transmission data by using the key or a key derived based on the key, and the UE may obtain first indication information containing information about key update from the primary base station or the secondary base station. The information about the key update is used to indicate whether the UE key needs to be updated, and the secondary base station may determine whether the key needs to be updated based on whether there is a security risk, for example, if the existing key has been used for a long time and exceeds the validity period, the key needs to be updated; or, when parameters such as bearer Identity (ID) for security protection cannot continuously ensure the security of the transmission data, the security of the transmission data may be ensured by updating the key; or, when the UE switches between the primary cell and the secondary cell, the original key is still in the validity period, and the key does not need to be updated.
The information about the key update may be implicit or displayed, for example, the information about the key update is implicit, the first indication information carries the information about the key update and indicates that the key needs to be updated, and the first indication information does not carry the information about the key update and indicates that the key does not need to be updated; the information about updating the key is explicit, and whether the key needs to be updated may be indicated in a certain field of the first indication information, for example, whether the key needs to be updated when the field of updating the key is 1, and whether the field of updating the key is 0, which indicates that the key does not need to be updated.
And step 102, the UE completes key updating or keeps the key unchanged according to the first indication information.
In this embodiment, the UE obtains information about key update from the first indication information, and determines whether the key needs to be updated according to the information about key update, thereby completing key update or keeping the key unchanged.
According to the secret key updating method provided by the embodiment of the application, the UE acquires the first indication information including the information about secret key updating, the secret key updating or the secret key keeping unchanged is completed according to the first indication information, the UE can be flexibly controlled to complete the secret key updating or the secret key keeping unchanged by adopting the first indication information, and especially, when the secret key does not need to be updated, the UE does not need to establish a Packet Data Convergence Protocol (PDCP) layer, so that service interruption is avoided, and the service quality of a service is ensured.
Alternatively, in the embodiment shown in fig. 2, one method for which the key does not need to be updated is as follows:
the step 101 "the UE acquires the first indication information" includes: the UE receives first indication information sent by a main base station or a secondary base station; the first indication information includes an indication that the key does not need to be updated.
In this embodiment, the first indication information may be sent by the main base station to the UE, or the secondary base station may send the first indication information to the main base station and then to the UE, or the secondary base station sends an indication that the key does not need to be updated to the main base station, and the main base station generates the first indication information according to the indication that the key does not need to be updated and then sends the first indication information to the UE.
Further, the first indication information further includes handover indication information, where the handover indication information is used to indicate the UE to perform base station handover or cell handover. The base station switching comprises main inter-base station switching, main intra-base station switching, auxiliary inter-base station switching and auxiliary intra-base station switching, and the cell switching comprises main intra-cell switching and main inter-cell switching. For example, the handover indication information is information determined by the secondary base station according to a measurement report and other factors, for example, when the primary cell in the secondary base station needs handover, the secondary base station may send the handover indication information to the UE, and instruct the UE to perform the primary cell handover in the secondary base station. For example, when the cell in the main base station needs to be switched, the main base station may send the switching indication information to the UE to instruct the UE to perform cell switching of the main base station.
In this embodiment, if the first indication information includes an indication that the key does not need to be updated, the UE continues to use the original key to communicate with the secondary base station. Or;
in this embodiment, if the first indication information does not carry information about key update, the UE continues to use the original key to communicate with the secondary base station. Or;
in this embodiment, if the information carrying the key update in the first indication information is the same as the original information, the UE continues to communicate with the secondary base station using the original key.
Fig. 3 is a flowchart of a key updating method according to another embodiment of the present application, where the embodiment relates to an interaction manner between a UE, a primary base station, and a secondary base station when a key does not need to be updated, and as shown in fig. 3, the method includes the following steps:
step 201, the secondary base station sends first indication information to the main base station.
The first indication information comprises an indication that the secret key does not need to be updated and switching indication information, and the switching indication information is used for indicating the UE to perform primary cell switching in the secondary base station.
Step 202, the main base station determines to switch the main cell in the auxiliary base station according to the switching indication information, and keeps the counter information unchanged.
And step 203, the main base station sends the first indication information to the UE.
And step 204, the main base station sends a switching indication response message to the auxiliary base station.
Alternatively, step 203 and step 204 may be performed simultaneously or sequentially.
And step 205, the UE performs the main cell switching in the auxiliary base station according to the switching indication information.
Step 206, the UE communicates with the secondary base station using the old key.
According to the secret key updating method provided by the embodiment of the application, when the secret key does not need to be updated, the UE continues to use the original secret key to communicate with the secondary base station, and the UE does not need to establish a PDCP layer, so that service interruption is avoided, and the service quality of the service is ensured.
Alternatively, in the embodiment shown in fig. 2, one method for updating the key is as follows:
In this embodiment, the first indication information is obtained by the primary base station from the secondary base station, and the first indication information may be sent by the secondary base station to the primary base station and forwarded by the primary base station to the UE, or may be sent by the secondary base station to the primary base station, where the primary base station generates the first indication information according to the indication that the key needs to be updated, and sends the first indication information to the UE. The indication information that the key needs to be updated may be a display indication or an implicit indication, for example, an embodiment of the implicit indication is that the secondary base station sends the cell handover indication information to the UE, and then the default key needs to be updated.
Further, the first indication information further includes configuration information, counter information and switching indication information; the configuration information comprises Packet Data Convergence Protocol (PDCP) layer configuration information and algorithm information; the counter information is used for finishing key updating; the switching indication information is used for indicating the UE to carry out base station switching or cell switching. The PDCP layer configuration information is used for the UE to establish the PDCP layer or reestablish the PDCP layer, and the algorithm information is selected by the auxiliary base station according to the security capability of the UE and the self strategy, such as encryption, decryption, integrity protection, integrity check and the like. The switching indication information is information determined by the secondary base station according to factors such as measurement reports and the like.
Optionally, the counter information is determined by the secondary base station according to an access network root key of the secondary base station and a key update list, where the key update list includes a mapping relationship between the access network root key of the secondary base station and the counter information.
In this embodiment, the key update list may be generated in advance for the primary base station and sent to the secondary base station for storage, or may be generated by the secondary base station for storage, and when the secondary base station decides to perform the primary cell handover in the secondary base station, the secondary base station selects an appropriate key and corresponding counter information from the list, and sends the counter information to the UE. The secondary base station can quickly and directly obtain the new secret key and the counter information from the secret key updating list, and the secret key updating speed can be improved.
Optionally, the counter information is information generated by the master base station according to an indication that the key needs to be updated.
In this embodiment, when the secondary base station determines to perform the primary cell handover in the secondary base station, information including an instruction that the key needs to be updated is transmitted to the primary base station, and when the primary base station determines that the key needs to be updated, counter information is generated. The master base station sends the counter information to the UE, so that the UE generates a new secret key according to the counter information, the risk that the secret key is leaked possibly caused by the fact that the master base station directly transmits the new secret key is avoided, and the reliability and the safety of the secret key are improved.
In this embodiment, the UE determines that the key needs to be updated according to the first indication information, and then generates a new key, and communicates with the secondary base station using the new key.
According to the key updating method provided by the embodiment of the application, when the key needs to be updated, the UE updates the key in time according to the first indication information, and the safety and reliability of data transmission between the UE and the secondary base station are guaranteed.
Further, when the key needs to be updated, the implementation manner of updating the key on the UE side may be implemented by different functional modules, as specifically shown in fig. 4 and fig. 5.
A method for updating a key is shown in fig. 4, and may include the following steps:
and step 301, the secondary base station sends second indication information to the main base station.
Wherein the second indication information may include configuration information, handover indication information, and an indication that the key needs to be updated.
Step 302, the master base station generates counter information according to the indication that the key needs to be updated.
And step 303, the main base station generates first indication information according to the counter information, the configuration information and the switching indication information.
And step 304, the main base station sends the first indication information to the UE.
The implementation manner of the secondary base station and the primary base station in this embodiment is only an exemplary illustration, and other manners may also be used to implement the implementation manner.
In this embodiment, the UE includes a first communication module and a second communication module, where the first communication module is a module for performing a communication function with the primary base station, and the second communication module is a module for performing a communication function with the secondary base station; the UE completes the key update according to the first indication information, including:
step 305, the first communication module generates a second secret key according to at least the counter information and the first secret key.
The first key is an access network root key of the master base station.
Step 306, the first communication module sends the second secret key to the second communication module.
Step 307, the second communication module establishes the PDCP layer according to the PDCP layer configuration information.
And 308, the second communication module generates a third key according to at least the second key and the algorithm information.
Wherein the third secret key is applied to data transmission between the UE and the secondary base station.
And 309, the second communication module communicates with the secondary base station by using the third key.
In this embodiment, if the primary base station is a base station of a Long Term Evolution (LTE) network and the secondary base station is a base station of a New Radio (NR) network, the corresponding first communication module uses an LTE protocol stack to complete the steps 305 and 306, and the second communication module uses an NR protocol stack to complete the steps 307, 308, and 309.
Another method for updating a key is shown in fig. 5, and may include the following steps:
step 401, the secondary base station sends third indication information to the primary base station.
Wherein the third indication information may include handover indication information and an indication that the key needs to be updated.
Step 402, the master base station generates counter information according to the indication that the key needs to be updated.
In step 403, the master base station transmits the counter information to the secondary base station.
And step 404, the secondary base station generates first indication information according to the counter information, the indication that the secret key needs to be updated and the configuration information.
And step 405, the secondary base station sends the first indication information to the main base station.
And step 406, the main base station sends the first indication information to the UE.
The implementation manner of the secondary base station and the primary base station in this embodiment is only an exemplary illustration, and other manners may also be used to implement the implementation manner.
In this embodiment, the UE includes a first communication module and a second communication module, where the first communication module is a module for performing a communication function with the primary base station, and the second communication module is a module for performing a communication function with the secondary base station; the UE completes the key update according to the first indication information, including:
step 407, the first communication module sends the configuration information, the counter information and the first secret key to the second communication module.
The first key is an access network root key of the master base station.
Step 408, the second communication module generates a second secret key according to at least the counter information and the first secret key.
Step 409, the second communication module establishes the PDCP layer according to the PDCP layer configuration information.
Step 4010, the second communication module generates a third key according to at least the second key and the algorithm information.
Wherein the third secret key is applied to data transmission between the UE and the secondary base station.
And step 4011, the second communication module communicates with the secondary base station by using the third key.
In this embodiment, if the primary base station is a base station of an LTE network and the secondary base station is a base station of an NR network, the corresponding first communication module uses an LTE protocol stack to complete step 407, and the second communication module uses an NR protocol stack to complete steps 408 to 4011.
Fig. 6 is a flowchart of a key updating method according to still another embodiment of the present application. The embodiment relates to a method for updating a key, in which a primary base station acquires first indication information and sends the first indication information to a UE, so that the UE completes a process of updating the key or keeping the key unchanged according to the first indication information, as shown in fig. 6, the method for updating the key includes the following steps:
Optionally, in the embodiment shown in fig. 6, the first indication information includes an indication that the key does not need to be updated, and the indication that the key does not need to be updated is used to indicate that the UE keeps the key unchanged.
Further, the first indication information further includes handover indication information, where the handover indication information is used to indicate the UE to perform base station handover or cell handover.
Optionally, in the embodiment shown in fig. 6, the first indication information includes an indication that the key needs to be updated, and the indication that the key needs to be updated is used to indicate that the UE completes the key update. The indication information that the key needs to be updated may also be a display indication or an implicit indication, for example, an embodiment of the implicit indication is that the secondary base station sends the cell handover indication information to the UE, and then the default key needs to be updated.
Further, the first indication information further includes configuration information, counter information and switching indication information; the configuration information comprises configuration information and algorithm information of a packet data convergence protocol PDCP layer; the counter information is used for finishing key updating; the switching indication information is used for indicating the UE to carry out base station switching or cell switching.
Optionally, the counter information is determined by the secondary base station according to an access network root key of the secondary base station and a key update list, where the key update list includes a mapping relationship between the access network root key of the secondary base station and the counter information.
Optionally, the counter information is information generated by the master base station according to an indication that the key needs to be updated.
Optionally, if the counter information is information generated by the master base station according to an indication that the key needs to be updated, the key updating method may further include: and the master base station sends the counter information to the secondary base station, so that the secondary base station generates a second secret key according to at least the counter information and the first secret key, and then generates a third secret key according to at least the second secret key and the algorithm information. Alternatively, the first and second electrodes may be,
the key updating method may further include: and the master base station generates a second secret key according to at least the counter information and the first secret key, and sends the second secret key to the secondary base station, so that the secondary base station generates a third secret key according to at least the second secret key and the algorithm information.
The first secret key is an access network root secret key of the main base station, and the third secret key is applied to data transmission between the UE and the secondary base station.
In this embodiment, the primary base station sends the counter information to the secondary base station, or sends the second secret key to the secondary base station, so that the secondary base station generates a third secret key, and then the UE and the secondary base station both use the third secret key to perform communication, thereby ensuring the accuracy of data transmission.
Further, when the key needs to be updated, as shown in fig. 7, the step "the master base station acquires the first indication information" includes:
601, the main base station receives second indication information sent by the auxiliary base station; the second indication information may include an indication that the key needs to be updated, configuration information, and handover indication information.
And 603, generating first indication information by the main base station according to the counter information, the configuration information and the switching indication information.
Still further, as shown in fig. 8, the step "the main base station generates the first indication information based on the counter information, the configuration information, and the switching indication information", includes:
The secret key updating method provided in the embodiment of the present application is an implementation method of a master base station side corresponding to the embodiment shown in fig. 2 to 5, and the implementation principle and the beneficial effects thereof may refer to the implementation principle and the beneficial effects of the embodiment shown in fig. 2 to 5, and are not described herein again.
Fig. 9 is a flowchart of a key updating method according to another embodiment of the present application. The embodiment relates to a method for a secondary base station to obtain first indication information and send the first indication information to a UE, so that the UE completes a process of updating a key or keeping the key unchanged according to the first indication information, as shown in fig. 9, the embodiment includes the following steps:
Optionally, the sending, by the secondary base station, the first indication information to the user equipment UE includes: and the auxiliary base station sends the first indication information to the UE through the main base station.
In this embodiment, the secondary base station may send the first indication information to the UE through the primary base station, or may directly send the first indication information to the UE. For example, when the first indication information indicates that the key does not need to be updated, the secondary base station may directly send the first indication information to the UE, and when the first indication information indicates that the key needs to be updated, the secondary base station sends the first indication information to the primary base station, and the primary base station processes the first indication information and then sends the first indication information to the UE.
Optionally, in the embodiment shown in fig. 9, the first indication information includes an indication that the key does not need to be updated, and the indication that the key does not need to be updated is used to indicate that the UE keeps the key unchanged.
Further, the first indication information further includes handover indication information, where the handover indication information is used to indicate the UE to perform base station handover or cell handover.
Optionally, in the embodiment shown in fig. 9, the first indication information includes an indication that the key needs to be updated, and the indication that the key needs to be updated is used to indicate that the UE completes the key update.
Further, the first indication information further includes configuration information and handover indication information; the configuration information comprises configuration information and algorithm information of a packet data convergence protocol PDCP layer; the switching indication information is used for indicating the UE to carry out base station switching or cell switching.
Still further, the first indication information further includes counter information, the counter information is determined by the secondary base station according to an access network root key of the secondary base station and a key update list, and the key update list includes a mapping relationship between the access network root key of the secondary base station and the counter information.
The secret key updating method provided in the embodiment of the present application is an implementation method of a secondary base station side corresponding to the embodiment shown in fig. 2 to 5, and the implementation principle and the beneficial effect thereof may refer to the implementation principle and the beneficial effect of the embodiment shown in fig. 2 to 5, and are not described herein again.
Fig. 10 is a flowchart of a key updating method according to another embodiment of the present application. This embodiment relates to a procedure in which a main base station encrypts first NR radio resource control to transmit to a UE, as shown in fig. 10, the method includes the steps of:
step 801, the secondary base station transmits first NR Radio Resource Control (RRC) information to the primary base station.
Optionally, the first NR RRC message includes first indication information, and the first indication information includes information about key update.
Step 802, the primary base station encrypts and integrity-protects the first NR RRC message with the primary base station key to generate a second NR RRC message.
Step 803, the master base station transmits the second NR RRC message to the UE.
In this embodiment, the UE includes a first communication module and a second communication module, where the first communication module is a module for performing a communication function with the primary base station, and the second communication module is a module for performing a communication function with the secondary base station.
Step 804, the first communication module decrypts and integrity-checks the second NR RRC message using the master base station key, and obtains the first indication message.
Step 805, the first communication module sends the first indication information to the second communication module.
Step 806, the second communication module completes key updating or keeps the key unchanged according to the first indication information, and generates a first NR RRC response message.
Step 807, the second communication module sends the first NR RRC response message to the first communication module.
Step 808, the first communication module encrypts the first NR RRC response message by using the master base station key to generate a second NR RRC response message.
Step 809, the first communication module sends the second NR RRC response message to the master base station.
Step 8010, the master base station decrypts and integrity-checks the second NR RRC response message with the master base station key, and obtains the first NR RRC response message.
Step 8011, the primary base station transmits the first NR RRC response message to the secondary base station.
Fig. 11 is a flowchart of a key updating method according to another embodiment of the present application. This embodiment relates to a procedure in which a secondary base station encrypts and transmits a first NR radio resource control to a UE, and as shown in fig. 11, the method includes the following steps:
in step 901, the secondary base station encrypts and integrity-protects the first NR RRC message with the secondary base station key to generate a second NR RRC message.
Optionally, the first NR RRC information includes first indication information, and the first indication information includes information about key update.
And step 902, the auxiliary base station sends the second NR RRC information to the main base station.
Step 903, the master base station transmits the second NR RRC message to the UE.
In this embodiment, the UE includes a first communication module and a second communication module, where the first communication module is a module for performing a communication function with the primary base station, and the second communication module is a module for performing a communication function with the secondary base station.
Step 904, the first communication module sends the second NR RRC message to the second communication module.
Step 905, the second communication module decrypts and integrity-checks the second NR RRC message using the secondary base station key, and obtains the first indication message.
Step 906, the second communication module completes key updating or keeps the key unchanged according to the first indication information, and generates a first NR RRC response message.
Step 907, the second communication module encrypts the first NR RRC response message with the secondary base station key to generate a second NR RRC response message.
Step 908, the second communication module sends the second NR RRC response message to the first communication module.
Step 909, the first communication module sends the second NR RRC response message to the master base station.
And step 9010, the main base station sends the second NR RRC response message to the auxiliary base station.
Step 9011, the secondary base station decrypts and integrity-checks the second NR RRC response message by using the secondary base station key, and obtains the first NR RRC response message.
In the key updating method provided in fig. 10 and 11, the master base station or the secondary base station performs encryption and integrity protection processing on the first NR radio resource control including the first indication information, so that reliability and security of key updating are ensured.
Fig. 12 is a key updating apparatus according to an embodiment of the present application, and as shown in fig. 12, the apparatus includes an obtaining module 11 and a processing module 12. The obtaining module 11 is configured to obtain first indication information; the first indication information includes information about key update; the secret key is used for communication between the UE and the secondary base station; the processing module 12 is configured to complete key update or keep the key unchanged according to the first indication information.
Optionally, the obtaining module 11 is specifically configured to receive first indication information sent by the primary base station or the secondary base station; the first indication information includes an indication that the key does not need to be updated; the processing module 12 is specifically configured to keep the key unchanged according to the first indication information.
Further, the first indication information further includes handover indication information, where the handover indication information is used to indicate the UE to perform base station handover or cell handover.
Optionally, the obtaining module 11 is specifically configured to receive first indication information sent by the master base station; the first indication information comprises an indication that the key needs to be updated; the processing module 12 is specifically configured to complete key updating according to the first indication information.
Further, the first indication information further includes configuration information, counter information and switching indication information;
the configuration information comprises configuration information and algorithm information of a packet data convergence protocol PDCP layer;
the counter information is used for finishing key updating;
the switching indication information is used for indicating the UE to carry out base station switching or cell switching.
Optionally, the counter information is determined by the secondary base station according to an access network root key of the secondary base station and a key update list, where the key update list includes a mapping relationship between the access network root key of the secondary base station and the counter information.
Optionally, the counter information is information generated by the master base station according to an indication that the key needs to be updated.
Alternatively, as shown in fig. 13, the processing module 12 includes a first communication module 121 and a second communication module 122, where the first communication module 121 is a module that performs a communication function with the primary base station, and the second communication module 122 is a module that performs a communication function with the secondary base station;
the first communication module 121 is configured to generate a second secret key according to at least the counter information and the first secret key, and send the second secret key to the second communication module 122; the first secret key is an access network root secret key of the main base station;
the second communication module 122 is configured to establish the PDCP layer according to the PDCP layer configuration information;
the second communication module 122 is configured to generate a third key according to at least the second key and the algorithm information, where the third key is applied to data transmission between the UE and the secondary base station.
Optionally, another implementation of fig. 13 is as follows:
the first communication module 121 sends the configuration information, the counter information and the first secret key to the second communication module 122; the first secret key is an access network root secret key of the main base station;
the second communication module 122 generates a second secret key from at least the counter information and the first secret key;
the second communication module 122 establishes the PDCP layer according to the PDCP layer configuration information;
the second communication module 122 generates a third key according to at least the second key and the algorithm information, and the third key is applied to data transmission between the UE and the secondary base station.
The implementation principle and the advantageous effect of the key updating apparatus provided in the embodiment of the present application are similar to those of the key updating method shown in fig. 2 to fig. 5, and are not described herein again.
Fig. 14 is a key updating apparatus according to still another embodiment of the present application, and as shown in fig. 14, the apparatus includes an obtaining module 21 and a sending module 22. The obtaining module 21 is configured to obtain first indication information; the first indication information includes information about key update; the secret key is used for communication between the UE and the secondary base station; the sending module 22 is configured to send the first indication information to the UE, so that the UE completes key update according to the first indication information or keeps the key unchanged.
Optionally, the first indication information includes an indication that the key does not need to be updated, and the indication that the key does not need to be updated is used to indicate that the UE keeps the key unchanged.
Further, the first indication information further includes handover indication information, where the handover indication information is used to indicate the UE to perform base station handover or cell handover.
Optionally, the first indication information includes an indication that the key needs to be updated, and the indication that the key needs to be updated is used to indicate that the UE completes the key update.
Further, the first indication information further includes configuration information, counter information and switching indication information;
the configuration information comprises configuration information and algorithm information of a packet data convergence protocol PDCP layer;
the counter information is used for finishing key updating;
the switching indication information is used for indicating the UE to carry out base station switching or cell switching.
Optionally, the counter information is determined by the secondary base station according to an access network root key of the secondary base station and a key update list, where the key update list includes a mapping relationship between the access network root key of the secondary base station and the counter information.
Optionally, the counter information is information generated by the master base station according to an indication that the key needs to be updated.
Optionally, the obtaining module 21 is specifically configured to receive second indication information sent by the secondary base station; generating counter information according to the indication that the secret key needs to be updated; generating first indication information according to the counter information, the configuration information and the switching indication information; the second indication information includes an indication that the key needs to be updated, configuration information, and handover indication information.
Further, the obtaining module 21 generates the first indication information according to the counter information, the configuration information and the switching indication information, and includes: the obtaining module 21 sends the counter information to the secondary base station, so that the secondary base station encapsulates the counter information; and generating first indication information according to the packaged counter information, the configuration information and the switching indication information.
The implementation principle and the advantageous effect of the key updating apparatus provided in the embodiment of the present application are similar to those of the key updating method shown in fig. 6 to 8, and are not described herein again.
Still another embodiment of the present application provides a key updating apparatus, and a block diagram of the apparatus is the same as that in fig. 14. As shown in fig. 14, the apparatus includes an acquisition module 21 and a transmission module 22. The obtaining module 21 obtains the first indication information; the first indication information includes information about key update; the secret key is used for communication between the UE and the secondary base station; the sending module 22 is configured to send the first indication information to the UE, so that the UE completes key update according to the first indication information or keeps the key unchanged.
Optionally, the first indication information includes an indication that the key does not need to be updated, and the indication that the key does not need to be updated is used to indicate that the UE keeps the key unchanged.
Further, the first indication information further includes handover indication information, where the handover indication information is used to indicate the UE to perform base station handover or cell handover.
Optionally, the first indication information includes an indication that the key needs to be updated, and the indication that the key needs to be updated is used to indicate that the UE completes the key update.
Further, the first indication information further includes configuration information and handover indication information;
the configuration information comprises configuration information and algorithm information of a packet data convergence protocol PDCP layer;
the switching indication information is used for indicating the UE to carry out base station switching or cell switching.
Still further, the first indication information further includes counter information, the counter information is determined by the secondary base station according to an access network root key of the secondary base station and a key update list, and the key update list includes a mapping relationship between the access network root key of the secondary base station and the counter information.
Optionally, the sending module 22 is specifically configured to send the first indication information to the UE through the master base station.
The implementation principle and the beneficial effect of the key updating apparatus provided in the embodiment of the present application are similar to those of the key updating method shown in fig. 9, and are not described herein again.
Fig. 15 is a device provided in an embodiment of the present application, and as shown in fig. 15, the device includes a processor 31 and a memory 32; the memory 32 is configured to store instructions, the processor 31 is configured to execute the instructions stored in the memory 32, and when the processor 31 executes the instructions stored in the memory 32, the apparatus is configured to perform the method according to any one of the embodiments of fig. 2 to 11.
In the Specific implementation of the above device, it should be understood that the processor may be a Central Processing Unit (CPU), other general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present application may be embodied directly in a hardware processor, or in a combination of the hardware and software modules in the processor.
All or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The aforementioned program may be stored in a readable memory. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned memory (storage medium) includes: read-only memory (ROM), RAM, flash memory, hard disk, solid state disk, magnetic tape (magnetic tape), floppy disk (floppy disk), optical disk (optical disk), and any combination thereof.
An embodiment of the present application further provides a communication system, including: a primary base station and a secondary base station; the primary base station is configured to execute the key updating method according to any one of the embodiments of fig. 6 to 8, and the secondary base station is configured to execute the key updating method according to the embodiment of fig. 9.
Embodiments of the present application further provide a key updating apparatus, which includes at least one processing element (or chip) configured to perform the method described in any one of fig. 2 to fig. 11 above.
Embodiments of the present application also provide a program, which when executed by a processor is configured to perform the method described in any one of fig. 2 to 11 above.
An embodiment of the present application further provides a program product, such as a computer readable storage medium, including the program of the previous embodiment.
Embodiments of the present application further provide a computer-readable storage medium, which stores instructions that, when executed on a computer, cause the computer to perform the method described in any one of fig. 2 to 11.
Claims (9)
1. A method for updating a key, the method comprising:
user Equipment (UE) acquires first indication information; the first indication information includes information about the key update; the secret key is used for communication between the UE and the secondary base station;
the UE completes the key updating or keeps the key unchanged according to the first indication information;
the UE acquires first indication information, including:
the UE receives the first indication information sent by a main base station; the first indication information comprises an indication that the secret key needs to be updated;
the UE completes the key update or keeps the key unchanged according to the first indication information, including:
the UE completes the key updating according to the first indication information;
the first indication information further comprises configuration information, counter information and switching indication information;
the configuration information comprises configuration information and algorithm information of a packet data convergence protocol PDCP layer;
the counter information is used for finishing the key updating;
the switching indication information is used for indicating the UE to carry out base station switching or cell switching;
the counter information is determined by the auxiliary base station according to an access network root key of the auxiliary base station and a key update list, and the key update list comprises a mapping relation between the access network root key of the auxiliary base station and the counter information.
2. The method of claim 1, wherein the UE comprises a first communication module and a second communication module, wherein the first communication module is a module for performing communication functions with the primary base station, and the second communication module is a module for performing communication functions with the secondary base station;
the UE completes the key updating according to the first indication information, and the key updating comprises the following steps:
the first communication module generates a second secret key according to at least the counter information and the first secret key, and sends the second secret key to the second communication module; the first secret key is an access network root secret key of the main base station;
the second communication module establishes a PDCP layer according to the PDCP layer configuration information;
the second communication module generates a third secret key according to at least the second secret key and the algorithm information, and the third secret key is applied to data transmission between the UE and the secondary base station.
3. The method of claim 1, wherein the UE comprises a first communication module and a second communication module, wherein the first communication module is a module for performing communication functions with the primary base station, and the second communication module is a module for performing communication functions with the secondary base station;
the UE completes the key updating according to the first indication information, and the key updating comprises the following steps:
the first communication module sends the configuration information, the counter information and a first secret key to the second communication module; the first secret key is an access network root secret key of the main base station;
the second communication module generates a second secret key according to at least the counter information and the first secret key;
the second communication module establishes a PDCP layer according to the PDCP layer configuration information;
the second communication module generates a third secret key according to at least the second secret key and the algorithm information, and the third secret key is applied to data transmission between the UE and the secondary base station.
4. A method for updating a key, the method comprising:
the main base station acquires first indication information; the first indication information includes information about the key update; the secret key is used for communication between User Equipment (UE) and a secondary base station;
the master base station sends the first indication information to User Equipment (UE) so that the UE completes the key updating or keeps the key unchanged according to the first indication information;
the first indication information comprises an indication that the secret key needs to be updated, and the indication that the secret key needs to be updated is used for indicating the UE to complete the secret key update;
the first indication information further comprises configuration information, counter information and switching indication information;
the configuration information comprises configuration information and algorithm information of a packet data convergence protocol PDCP layer;
the counter information is used for finishing the key updating;
the switching indication information is used for indicating the UE to carry out base station switching or cell switching;
the counter information is determined by the secondary base station according to the access network root key of the secondary base station and a key update list, and the key update list comprises a mapping relation between the access network root key of the secondary base station and the counter information.
5. The method of claim 4, wherein the master base station obtains the first indication information, and wherein the obtaining the first indication information comprises:
the main base station receives second indication information sent by the auxiliary base station; the second indication information comprises an indication that the secret key needs to be updated, the configuration information and the switching indication information;
the master base station generates the counter information according to the indication that the secret key needs to be updated;
and the main base station generates the first indication information according to the counter information, the configuration information and the switching indication information.
6. The method of claim 5, wherein the master base station generating the first indication information according to the counter information, the configuration information, and the handover indication information comprises:
the main base station sends the counter information to the auxiliary base station so that the auxiliary base station can package the counter information;
and the main base station generates the first indication information according to the packaged counter information, the configuration information and the switching indication information.
7. A method for updating a key, the method comprising:
the auxiliary base station acquires first indication information; the first indication information includes information about the key update; the secret key is used for communication between User Equipment (UE) and a secondary base station;
the auxiliary base station sends the first indication information to User Equipment (UE) so that the UE completes the key updating or keeps the key unchanged according to the first indication information;
the first indication information comprises an indication that the secret key needs to be updated, and the indication that the secret key needs to be updated is used for indicating the UE to complete the secret key update;
the first indication information further comprises configuration information and switching indication information;
the configuration information comprises configuration information and algorithm information of a packet data convergence protocol PDCP layer;
the switching indication information is used for indicating the UE to carry out base station switching or cell switching;
the first indication information further includes counter information, the counter information is determined by the secondary base station according to an access network root key of the secondary base station and a key update list, and the key update list includes a mapping relationship between the access network root key of the secondary base station and the counter information.
8. The method of claim 7, wherein the secondary base station sends the first indication information to a User Equipment (UE), and comprises:
and the auxiliary base station sends the first indication information to the UE through a main base station.
9. An apparatus comprising a processor and a memory;
the memory is configured to store instructions and the processor is configured to execute the memory-stored instructions, and when the processor executes the memory-stored instructions, the apparatus is configured to perform the method of any of claims 1 to 8.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710313965.XA CN108810888B (en) | 2017-05-05 | 2017-05-05 | Key updating method and device |
| PCT/CN2018/085568 WO2018202117A1 (en) | 2017-05-05 | 2018-05-04 | Key updating method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710313965.XA CN108810888B (en) | 2017-05-05 | 2017-05-05 | Key updating method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108810888A CN108810888A (en) | 2018-11-13 |
| CN108810888B true CN108810888B (en) | 2020-09-18 |
Family
ID=64016423
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710313965.XA Active CN108810888B (en) | 2017-05-05 | 2017-05-05 | Key updating method and device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN108810888B (en) |
| WO (1) | WO2018202117A1 (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112690010B (en) * | 2019-01-29 | 2023-05-05 | Oppo广东移动通信有限公司 | Key information processing method, access network node and terminal equipment |
| CN111866870B (en) * | 2019-04-26 | 2022-02-01 | 华为技术有限公司 | Key management method and device |
| US20230199487A1 (en) * | 2020-05-15 | 2023-06-22 | Huawei Technologies Co., Ltd. | Key update method, network device, system, and storage medium |
| CN116367153A (en) * | 2021-12-27 | 2023-06-30 | 华为技术有限公司 | Communication method, device and system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015113207A1 (en) * | 2014-01-28 | 2015-08-06 | 华为技术有限公司 | Security password changing method, base station, and user equipment |
| CN104918242A (en) * | 2014-03-14 | 2015-09-16 | 中兴通讯股份有限公司 | Slave base station secret key updating method, slave base station, terminal and communication system |
| WO2016195735A1 (en) * | 2015-05-29 | 2016-12-08 | Yujian Zhang | Seamless mobility for 5g and lte systems and devices |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| ES2860687T3 (en) * | 2014-01-17 | 2021-10-05 | Samsung Electronics Co Ltd | Dual connectivity mode of operation of a user equipment in a wireless communication network |
-
2017
- 2017-05-05 CN CN201710313965.XA patent/CN108810888B/en active Active
-
2018
- 2018-05-04 WO PCT/CN2018/085568 patent/WO2018202117A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015113207A1 (en) * | 2014-01-28 | 2015-08-06 | 华为技术有限公司 | Security password changing method, base station, and user equipment |
| CN104918242A (en) * | 2014-03-14 | 2015-09-16 | 中兴通讯股份有限公司 | Slave base station secret key updating method, slave base station, terminal and communication system |
| WO2016195735A1 (en) * | 2015-05-29 | 2016-12-08 | Yujian Zhang | Seamless mobility for 5g and lte systems and devices |
Non-Patent Citations (2)
| Title |
|---|
| Security Algorithm Negotiation for dual connectivity;Ericsson;《3GPP TSG-RAN WG3 Meeting R3-142585》;20141010;全文 * |
| Security Overview for the Stage 2;NSN, Nokia Corporation;《3GPP TSG-RAN WG2 Meeting R2-142864》;20140523;第4页第1-2段 * |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2018202117A1 (en) | 2018-11-08 |
| CN108810888A (en) | 2018-11-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107852601B (en) | Method and apparatus for contextual network architecture and security | |
| CN108029015B (en) | Wireless access point and terminal device in communication network | |
| CN108810888B (en) | Key updating method and device | |
| USRE48034E1 (en) | Security key generation for simultaneous multiple cell connections for mobile device | |
| JP6309543B2 (en) | Protected radio access by radio base station (inter-eNB) carrier aggregation | |
| US10320754B2 (en) | Data transmission method and apparatus | |
| CN106102105B (en) | A kind of method and device of switching within cell | |
| CN107113895B (en) | Communication method, network side equipment and user equipment | |
| EP3255914A1 (en) | Key generation method, device and system | |
| EP3883335A1 (en) | Radio resource control rrc message processing method, apparatus, and system | |
| CN102595399A (en) | Key derivation method, device and system | |
| KR20160113282A (en) | Security password changing method, base station, and user equipment | |
| US11039309B2 (en) | User plane security for disaggregated RAN nodes | |
| JP2010045692A (en) | Mobile communication method, radio base station, and mobile station | |
| US11283770B2 (en) | Deriving a security key for relayed communication | |
| CN109246696B (en) | Key processing method and related device | |
| JP2018536333A (en) | Node for use in a communication network and method for operating the same | |
| JP2013531939A (en) | Air interface key update method, core network node, and radio access system | |
| CN108353276B (en) | Method and device for updating SeNB (SeNB) key | |
| US11039346B2 (en) | Handover of a device which uses another device as relay | |
| CN103139771A (en) | Key generation method and system in switching process | |
| JP6376790B2 (en) | Base station and transmission / reception start determination method | |
| TW201542009A (en) | User equipment and base station | |
| CN114556991A (en) | Secure key update in dual connectivity | |
| CN109309919B (en) | Communication method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |