CN112543450A

CN112543450A - Key derivation method and device

Info

Publication number: CN112543450A
Application number: CN201910899444.6A
Authority: CN
Inventors: 毕晓宇; 刘爱娟
Original assignee: Datang Mobile Communications Equipment Co Ltd
Current assignee: Datang Mobile Communications Equipment Co Ltd
Priority date: 2019-09-23
Filing date: 2019-09-23
Publication date: 2021-03-23

Abstract

The application discloses a key derivation method and a key derivation device, which are used for ensuring that security keys used by a terminal for connecting different gNB-CU-UP are different, preventing potential safety hazards caused by key reuse when the terminal is changed from one gNB-CU-UP to another gNB-CU-UP, and improving network security. On the network side, the present application provides a key derivation method, which includes: when determining that a central node gNB-CU-UP of a base station user plane serving a terminal needs to be changed, deriving a key used by a target gNB-CU-UP; and sending information for indicating the terminal to deduce the key used by the target gNB-CU-UP to the terminal, wherein the information comprises derivation parameters used by the network side to deduce the key used by the target gNB-CU-UP and/or a key updating indication of the network side.

Description

Key derivation method and device

Technical Field

The present application relates to the field of communications technologies, and in particular, to a key derivation method and apparatus.

Background

In the new air interface (NR) system, a logical radio access network node (RAN node) may be further divided into a Control Plane center node (Central Unit-Control Plane, CU-CP), one or more User Plane center nodes (Central Unit-User Plane, gNB-CU-UP), and one or more Distributed nodes (Distributed units, DU), which may be located in different physical entities. One CU-CP may connect a plurality of gNB-CU-UPs.

In the prior art, the switching of users is divided intoKey derivation under scenarios of base station center node (gNB-Central Unit, gNB-CU) internal switching, Xn switching, and N2 switching only considering K_gNBWhether the keys of the level are updated and the derivation method when the keys are updated. With the introduction of the CU-CP/gNB-CU-UP separation, the security mechanism when replacing gNB-CU-UP does not consider the problems due to key isolation and key derivation method when the gNB-CU-UP separation is changed when the CU-CP is not changed.

This can lead to problems: in the scenario of CU-CP/UP separation, User Equipment (UE) is supported to change between two gNB-CU-UP. If the CU-CP is not changed, only the gNB-CU-UP of the UE is changed, and no new key is derived according to the prior art, which may cause the UE to still use the previous key when changing the gNB-CU-UP, i.e. it appears that the UE uses the same key on different gNB-CU-UPs, which may cause a security risk.

Disclosure of Invention

The embodiment of the application provides a key derivation method and device, which are used for ensuring that security keys used by a terminal for connecting different gNB-CU-UP are different, preventing potential safety hazards caused by key reuse when the terminal is replaced from one gNB-CU-UP to another gNB-CU-UP, and improving network security.

On the network side, a key derivation method provided in the embodiments of the present application includes:

when determining that a user plane gNB-CU-UP of a base station center node serving a terminal needs to be changed, deriving a key used by a target gNB-CU-UP;

and sending information for indicating the terminal to deduce the key used by the target gNB-CU-UP to the terminal, wherein the information comprises derivation parameters used by the network side to deduce the key used by the target gNB-CU-UP and/or a key updating indication of the network side.

By the method, when the situation that the gNB-CU-UP of the user plane of the central node of the base station serving the terminal needs to be changed is determined, a key used by the target gNB-CU-UP is derived; and sending information for indicating the terminal to derive the key used by the target gNB-CU-UP to the terminal, wherein the information comprises derivation parameters used by the network side to derive the key used by the target gNB-CU-UP and/or a key updating indication of the network side, so that the terminal can derive the key (new key) used by the target gNB-CU-UP, and further the security keys used by the terminal between different connected gNB-CU-UP are different, thereby preventing the potential safety hazard caused by key reuse when the terminal is changed from one gNB-CU-UP to another gNB-CU-UP and improving the network security.

Optionally, deriving the key used by the target gNB-CU-UP specifically includes:

slave base station master key K_gNBDeriving updated base station key K_gNB；

Based on said K_gNBDeriving a secondary key K for a base station_gNB-CPAnd K_gNB-UPWherein, K is_gNB-CPIs the central node key of the base station, K_gNB-UPA user plane basic key for the base station;

based on the base station secondary key K_gNB-UPDeriving ciphering and integrity keys K for use by a target gNB-CU-UP_gNB-CU-UPencAnd K_gNB-CU-UPint。

slave base station master key K_gNBDeriving a secondary key K for a base station_gNB-CPAnd K_gNB-UPWherein, K is_gNB-CPIs the central node key of the base station, K_gNB-UPA user plane basic key for the base station;

when the base station user plane central node gNB-CU-UP is changed, the base station control plane central node CU-CP is used for controlling the base station user plane central node gNB-CU-UP based on the base station master key K_gNBOr updated K_gNBDeriving the encryption key and integrity key K of the target base station user plane central node from the derived parameters_gNB-CU-UPencAnd K_gNB-CU-UPint(ii) a It is composed ofWherein the derivation parameters include one or a combination of the following parameters: identification of target user plane central node gNB-CU-UP, random number, user plane UP replacement times and PDCP counter value.

Optionally, deriving a key used for calculating the target gNB-CU-UP specifically includes:

when the base station user plane central node gNB-CU-UP is changed, the base station control plane central node CU-CP is used for controlling the central node CU-CP according to the base station main key K_gNBAnd a first derivation parameter, determining a control plane key K used by the gNB-CU-CP_gNB-CU-CPAnd user plane key K used by target gNB-CU-UP_gNB-CU-UP(ii) a The first derivation parameter comprises a PDCP counter value, a central node control plane identification CU-CP ID and a central node user plane identification gNB-CU-UP ID;

according to the user plane key K used by the gNB-CU-UP_gNB-CU-UPCalculating a secret key K used by the base station user plane central node gNB-CU-UP for encryption and integrity protection_gNB-CU-UPencAnd K_gNB-CU-UPint；

According to a secret key K used by the base station user plane central node gNB-CU-UP for encryption and integrity protection_gNB-CU-UPencAnd K_gNB-CU-UPintAnd a second derivation parameter determining a new key K used by the CU for ciphering and integrity protection_gNB-CU-UPencAnd K_gNB-CU-UPint(ii) a Wherein the second derivation parameter comprises one or a combination of the following parameters: UP replacement times, central node user plane identification gNB-CU-UP ID, PDCP counter value, radio resource control RRC counter value, random number, character strings "enc" and "int".

when the base station user plane central node gNB-CU-UP is changed, the base station user plane central node is used for controlling a user plane key K according to the gNB-CU-UP through a control plane central node CU-CP_gNB-CU-UPCalculating new user surface key K_gNB-CU-UP；

According to said K_gNB-CU-UPDetermining a target center of the base stationNew key K used by node CU user plane for encryption and integrity protection_gNB-CU-UPintAnd K_gNB-CU-UPenc。

On a terminal side, a key derivation method provided in an embodiment of the present application includes:

receiving information which is sent by a network side and used for indicating a terminal to deduce a key used by a target gNB-CU-UP;

and deriving a key synchronously used by the terminal and the target gNB-CU-UP according to the information, wherein the information comprises derivation parameters used by the network side for deriving the key used by the target gNB-CU-UP and/or a key updating instruction of the network side.

Optionally, deriving, according to the information, a key used by the terminal and the target gNB-CU-UP synchronously includes:

slave base station master key K_gNBDeriving updated base station key K_gNB；

based on the base station secondary key K_gNB-UPDeriving an encryption key and an integrity key K synchronously used by the terminal and the target gNB-CU-UP_gNB-CU-UPencAnd K_gNB-CU-UPint。

based on base station master key K_gNBOr updated K_gNBDeriving encryption key and integrity key K synchronously used by the terminal and the target base station user plane central node by deriving parameters_gNB-CU-UPencAnd K_gNB-CU-UPint(ii) a Wherein the derivation parameters include one or a combination of the following parameters: identification of a target central node user plane gNB-CU-UP, random number, user plane UP replacement times and PDCP counter value.

according to the base station master key K_gNBAnd a first derivation parameter, determining a control plane key K used by the gNB-CU-CP_gNB-CU-CPAnd user plane key K used by target gNB-CU-UP_gNB-CU-UP(ii) a The first derivation parameter comprises a PDCP counter value, a central node control plane identification CU-CP ID and a central node user plane identification gNB-CU-UP ID;

According to a secret key K used by the base station user plane central node gNB-CU-UP for encryption and integrity protection_gNB-CU-UPencAnd K_gNB-CU-UPintAnd a second derivation parameter for determining a new key K used by the terminal in synchronization with the CU for encryption and integrity protection_gNB-CU-UPencAnd K_gNB-CU-UPint(ii) a Wherein the second derivation parameter comprises one or a combination of the following parameters: UP replacement times, central node user plane identification gNB-CU-UP ID, PDCP counter value, radio resource control RRC counter value, random number, character strings "enc" and "int".

according to the user plane key K used by the user plane gNB-CU-UP of the central node_gNB-CU-UPCalculating new user surface key K_gNB-CU-UP；

According to said K_gNB-CU-UPDetermining a new key K for encryption and integrity protection used by the terminal and a target central node user plane gNB-CU-UP of a base station synchronously_gNB-CU-UPintAnd K_gNB-CU-UPenc。

On the network side, a key derivation apparatus provided in an embodiment of the present application includes:

a memory for storing program instructions;

a processor for calling the program instructions stored in the memory and executing according to the obtained program:

Optionally, the deriving, by the processor, a key used by the target gNB-CU-UP specifically includes:

slave base station master key K_gNBDeriving updated base station key K_gNB；

slave base station master key K_gNBDeducing the base stationLevel key K_gNB-CPAnd K_gNB-UPWherein, K is_gNB-CPIs the central node key of the base station, K_gNB-UPA user plane basic key for the base station;

when the central node gNB-CU-UP of the base station user plane is changed, a base station master key K is used_gNBOr updated K_gNBDeriving the encryption key and integrity key K of the target base station user plane central node from the derived parameters_gNB-CU-UPencAnd K_gNB-CU-UPint(ii) a Wherein the derivation parameters include one or a combination of the following parameters: identification of a target central node user plane gNB-CU-UP, random number, user plane UP replacement times and PDCP counter value.

Optionally, the deriving, by the processor, a key used for calculating the target gNB-CU-UP specifically includes:

when the central node gNB-CU-UP of the base station user plane is changed, the central node gNB-CU-UP is changed according to the master key K of the base station_gNBAnd a first derivation parameter, determining a control plane key K used by the gNB-CU-CP_gNB-CU-CPAnd user plane key K used by target gNB-CU-UP_gNB-CU-UP(ii) a The first derivation parameter comprises a PDCP counter value, a central node control plane identification CU-CP ID and a central node user plane identification gNB-CU-UPID;

According to a secret key K used by the base station user plane central node gNB-CU-UP for encryption and integrity protection_gNB-CU-UPencAnd K_gNB-CU-UPintAnd a second derivative parameter determining the encryption and integrity used by the CUNew key K for sexual protection_gNB-CU-UPencAnd K_gNB-CU-UPint(ii) a Wherein the second derivation parameter comprises one or a combination of the following parameters: UP replacement times, central node user plane identification gNB-CU-UP ID, PDCP counter value, radio resource control RRC counter value, random number, character strings "enc" and "int".

when the base station user plane central node gNB-CU-UP is changed, the user plane key K used according to the control plane gNB-CU-UP of the central node_gNB-CU-UPCalculating new user surface key K_gNB-CU-UP；

According to said K_gNB-CU-UPDetermining a new key K for ciphering and integrity protection used by a target central node CU user plane of the base station_gNB-CU-UPintAnd K_gNB-CU-UPenc。

At a terminal side, a key derivation apparatus provided in an embodiment of the present application includes:

a memory for storing program instructions;

Optionally, the deriving, by the processor, a key used by the terminal and the target gNB-CU-UP synchronously according to the information specifically includes:

slave base station master key K_gNBDeriving updated base station key K_gNB；

according to the base station master key K_gNBAnd a first derivation parameter, determining a control plane key K used by the gNB-CU-CP_gNB-CU-CPAnd user plane key K used by target gNB-CU-UP_gNB-CU-UP(ii) a Wherein the first derivation parameter comprises the value of the PDCP counter, the central node control plane identification CU-CP ID, and the central nodeA user plane identity, gNB-CU-UP ID;

user plane key K used according to control plane gNB-CU-UP of central node_gNB-CU-UPCalculating new user surface key K_gNB-CU-UP；

According to said K_gNB-CU-UPDetermining a new key K for ciphering and integrity protection used by the terminal in synchronization with the target central node CU user plane of the base station_gNB-CU-UPintAnd K_gNB-CU-UPenc。

On the network side, another key derivation apparatus provided in the embodiments of the present application includes:

the device comprises a determining unit, a sending unit and a receiving unit, wherein the determining unit is used for deriving a key used by a target gNB-CU-UP when determining that a gNB-CU-UP serving a terminal needs to be changed;

and the sending unit is used for sending information for indicating the terminal to derive the key used by the target gNB-CU-UP to the terminal, wherein the information comprises a derivation parameter used by the network side to derive the key used by the target gNB-CU-UP and/or a key updating indication of the network side.

At a terminal side, another key derivation apparatus provided in this application embodiment includes:

the receiving unit is used for receiving information which is sent by a network side and used for indicating the terminal to deduce a key used by a target gNB-CU-UP;

and the determining unit is used for deriving the key synchronously used by the terminal and the target gNB-CU-UP according to the information, wherein the information comprises a derivation parameter used by the network side for deriving the key used by the target gNB-CU-UP and/or a key updating instruction of the network side.

Another embodiment of the present application provides a computer storage medium having stored thereon computer-executable instructions for causing a computer to perform any one of the methods described above.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.

FIG. 1 is a schematic diagram of CU-CP/UP separation provided by an embodiment of the present application;

FIG. 2 is a schematic diagram of an example CU-CP/UP separation deployment provided by an embodiment of the present application;

fig. 3 is a schematic diagram of a key derivation hierarchy of a 5G system according to an embodiment of the present application;

fig. 4 is a schematic diagram of derivation of an AS layer key according to an embodiment of the present application;

fig. 5 is a schematic diagram of an Xn handover procedure provided in the embodiment of the present application;

FIG. 6 is a schematic diagram of a gNB-CU-UP modification provided in an embodiment of the present application;

fig. 7 is a schematic diagram of an RRC connection reconfiguration procedure according to an embodiment of the present application;

FIG. 8 is a schematic diagram of key derivation according to an embodiment of the present application;

fig. 9 is a schematic diagram of a key derivation scenario provided in an embodiment of the present application;

fig. 10 is a schematic diagram of a key derivation scenario ii according to an embodiment of the present application;

fig. 11 is a schematic diagram of a key derivation scenario provided in the embodiment of the present application;

fig. 12 is a schematic diagram of a key derivation scenario four provided in the embodiment of the present application;

fig. 13 is a flowchart illustrating a key derivation method according to an embodiment of the present application;

fig. 14 is a schematic flowchart of another specific key derivation method according to an embodiment of the present application;

fig. 15 is a schematic flowchart of a key derivation method at a network side according to an embodiment of the present application;

fig. 16 is a flowchart illustrating a key derivation method at a terminal according to an embodiment of the present application;

fig. 17 is a schematic structural diagram of a key derivation apparatus on a network side according to an embodiment of the present application;

fig. 18 is a schematic structural diagram of a key derivation apparatus at a terminal side according to an embodiment of the present application;

fig. 19 is a schematic structural diagram of another key derivation apparatus on the network side according to an embodiment of the present application;

fig. 20 is a schematic structural diagram of another key derivation apparatus at a terminal side according to an embodiment of the present application.

Detailed Description

The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

The method and the device are based on the same application concept, and because the principles of solving the problems of the method and the device are similar, the implementation of the device and the method can be mutually referred, and repeated parts are not repeated.

The technical scheme provided by the embodiment of the application can be suitable for various systems, particularly 5G systems. For example, the applicable system may be a global system for mobile communication (GSM) system, a Code Division Multiple Access (CDMA) system, a Wideband Code Division Multiple Access (WCDMA) General Packet Radio Service (GPRS) system, a Long Term Evolution (LTE) system, an LTE Frequency Division Duplex (FDD) system, an LTE Time Division Duplex (TDD), a Universal Mobile Telecommunications System (UMTS), a universal microwave Access (WiMAX) system, a 5G NR system, and the like. These various systems include terminal devices and network devices.

The terminal device referred to in the embodiments of the present application may refer to a device providing voice and/or data connectivity to a user, a handheld device having a wireless connection function, or other processing device connected to a wireless modem. The names of the terminal devices may also be different in different systems, for example, in a 5G system, the terminal devices may be referred to as User Equipments (UEs). Wireless terminal devices, which may be mobile terminal devices such as mobile telephones (or "cellular" telephones) and computers with mobile terminal devices, e.g., mobile devices that may be portable, pocket, hand-held, computer-included, or vehicle-mounted, communicate with one or more core networks via the RAN. Examples of such devices include Personal Communication Service (PCS) phones, cordless phones, Session Initiated Protocol (SIP) phones, Wireless Local Loop (WLL) stations, Personal Digital Assistants (PDAs), and the like. The wireless terminal device may also be referred to as a system, a subscriber unit (subscriber unit), a subscriber station (subscriber station), a mobile station (mobile), a remote station (remote station), an access point (access point), a remote terminal device (remote terminal), an access terminal device (access terminal), a user terminal device (user terminal), a user agent (user agent), and a user device (user device), which are not limited in this embodiment of the present application.

The network device according to the embodiment of the present application may be a base station, and the base station may include a plurality of cells. A base station may also be referred to as an access point, or a device in an access network that communicates over the air-interface, through one or more sectors, with wireless terminal devices, or by other names, depending on the particular application. The network device may be configured to exchange received air frames with Internet Protocol (IP) packets as a router between the wireless terminal device and the rest of the access network, which may include an Internet Protocol (IP) communication network. The network device may also coordinate attribute management for the air interface. For example, the network device according to the embodiment of the present application may be a Base Transceiver Station (BTS) in a global system for mobile communications (GSM) or a Code Division Multiple Access (CDMA), may also be a network device (NodeB) in a Wideband Code Division Multiple Access (WCDMA), may also be an evolved network device (eNB or e-NodeB) in a Long Term Evolution (LTE) system, a 5G base station in a 5G network architecture (next generation system), and may also be a home evolved node B (HeNB), a relay node (relay node), a home base station (femto), a pico base station (pico), and the like, which are not limited in the embodiments of the present application.

Various embodiments of the present application will be described in detail below with reference to the accompanying drawings. It should be noted that the display sequence of the embodiment of the present application only represents the sequence of the embodiment, and does not represent the merits of the technical solutions provided by the embodiments.

The embodiment of the application provides a derivation scheme of how a network side and a terminal determine a key (which may be referred to as a target key for short) used by a changed target gNB-CU-UP when the gNB-CU-UP serving the terminal changes, that is, the network side and the terminal can determine a new target key in the same way, so that different security keys used by UE in connection with different gNB-CU-UP can be ensured, and when the UE is connected to the new gNB-CU-UP, the new key is used, so that potential safety hazards caused by key reuse when the UE is changed from one gNB-CU-UP to another gNB-CU-UP are prevented.

First, the CU-CP/UP split structure of the radio access network node is introduced.

Referring to fig. 1, in NR and similar systems, a logical radio access network node (RAN node) may be further divided into a Control Plane center node (CU-CP), one or more User Plane center nodes (gNB-CU-UP), and one or more Distributed nodes (DU), which is called "CU-CP/UP split (CU-CP/UP split)". The CU-CP and DU are connected with F1-C or similar interface, and the CU-CP and gNB-CU-UP are connected with E1 or similar interface. The radio access network node (RAN node) control plane connection to the core network is terminated in CU-CP, the user plane connection is terminated in gNB-CU-UP, and the RAN node air interface connection to the mobile terminal is terminated in DU.

Referring to FIG. 2, one common scenario for separating CU-CP from gNB-CU-UP is as follows: the CU-CP is implemented as a central control node, while the gNB-CU-UP is implemented as a data service node, with different gNB-CU-UP supporting different types of data streams. For example: the gNB-CU-UP1 supports low-latency data streams, and is deployed outdoors near the base station together with the DUs; and the gNB-CU-UP2 supports high bandwidth data streams, deployed within the central office.

Next, a generation method of the secondary key of the radio access network is introduced.

Taking NR/5G system as an example, when a user terminal is in RRC connection state, the radio access networkThe same access layer root key K is stored in both the node and the user terminal_gNB(i.e., base station master key). According to K_gNBThe radio access network node and the user terminal further generate an algorithm key, e.g. an RRC signalling integrity protection key K_RRCintRRC signalling encryption Key K_RRCencUser data integrity protection key K_UPintAnd a user data encryption key K_UPenc. The sending party of air interface RRC signaling or user data uses the algorithm keys to perform security protection on the sent data, and the receiving party uses the same algorithm keys to perform security protection on the received data. Which signalling or data is specifically secured using which keys is configured by the radio access network node. Referring to fig. 3, the key derivation hierarchy of the 5G system is as follows:

all keys are derived through a Key Derivation Function (KDF), and the specific Derivation manner is shown in fig. 4, where "Enc Alg ID" in fig. 4 refers to an encryption algorithm Identification (ID), and "Int Alg ID" refers to an integrity protection algorithm ID. The encryption algorithm and the integrity protection algorithm are collectively called a security algorithm.

The derivation method of the key during switching in the base station central node (gNB-CU) is as follows:

the gNB should have an associated policy for deciding which intra gNB-CU handover can reserve K_gNBWhich intra-gNB-CU handover requires derivation of a new K_gNB. During intra-gNB-CU handover, the gNB will indicate to the UE that it is an update K in RRC connection reconfiguration_gNBOr whether to keep the current K_gNB. Keeping current K_gNBLimited to intra-gbb-CU handovers.

If the current K is to be updated_gNBThen the gNB and the UE should use the target Physical Cell Identity (PCI), their Frequency downlink Absolute Radio Frequency Channel Number-Down Link (ARFCN-DL), and the Next Hop parameter (Next Hop, NH) or the current K_gNBDerived K_gNB*: if there is an unused { NH, NCC } pair in gNB, then gNB uses NH to derive K_gNBElse, if there are no unused { NH, NCC } pairs in gNB, then gNB should be from current K_gNBDerived K_gNB*. gNB should be used to derive K_gNBNext hop Chaining Counter (NCC) of the UE is sent to the UE through an RRC connection reconfiguration message. After handover, the gNB and the UE will use K_gNBAs K_gNB. If the current K is to be preserved_gNBThen the gNB and the UE should continue to use the current K after the handover_gNB。

The key derivation method for Xn handover is as follows:

referring to fig. 5, in Xn switching, if source gNB has unused { NH, NCC } pairs, source gNB should perform key derivation in the vertical direction. The source gNB should first be based on the target PCI, its frequency ARFCN-DL, and the currently active K_gNBOr NH, calculating to obtain derived access layer root key K_gNB*。

Source gNB will { K }_gNBThe NCC pair is forwarded to the target gNB. The target gNB should use the received K_gNBDirectly as K_gNBFor use with a UE. The target gNB should associate the NCC value received from the source gNB with KgNB. The target gNB shall include the received NCC in a prepared forward Command (HO) message that is sent back to the source gNB in a transparent container and forwarded by the source gNB to the UE.

When the target gNB and the UE have completed handover signaling, the target gNB will send a Next Generation Application Protocol (NGAP) path switch REQUEST (PATH SWITCH REQUEST) message to an Access and Mobility Management Function (AMF) entity. Upon receipt of NGAP PATH SWITCH REQUEST message, the AMF should increase its locally stored NCC value by 1 and calculate a new NH. AMF shall use root Key K in currently active 5G NAS Security context_AMFTo derive new NH. The AMF should then send the newly computed { NH, NCC } pair to the target gNB in an NGAP PATH SWITCH REQUEST ACKNOWLEDGE message. The target gNB should store the received { NH, NCC } pair for further handover and delete other existing unused { NH, NCC } pairs that were stored originally.

Because the NGAP PATH SWITCH REQUEST message is sent after a radio link handoff, it can only be used to provide keying material for the next handoff procedure. Thus, for Xn handover, key separation occurs only after two hops, since the source gNB knows the target gNB key. Once the new NH reaches the target gNB via the PATH SWITCH REQUEST ACKNOWLEDGE message, the target gNB may immediately initiate an intra-gNB-CU handover to use the new NH.

As shown in fig. 6, the flow of the change of the gNB-CU-UP occurring within one gNB specifically includes the following steps:

1. the change of the gNB-CU-UP is triggered in the gNB-CU-CP based on, for example, a measurement report from the UE.

Deriving the key used by the new gNB-CU-UP.

And 2-3, carrying context setting process.

4. An F1UE context modification procedure is performed to change the UL TNL address information of F1-U for one or more bearers in the gNB-DU.

And 5-6, carrying out a bearer context modification process (initiated by the gNB-CU-CP) so that the gNB-CU-CP can retrieve the Uplink and Downlink (PDCP UL/DL) state of the Packet Data Convergence Protocol and exchange the Data forwarding information of the bearer.

Deriving the key used by the new gNB-CU-UP.

7-8. bearer context modification procedure.

9. Data forwarding may be performed from the source gNB-CU-UP to the target gNB-CU-UP.

10-12. a path switching procedure is performed to update DL Transport Network Layer (TNL) address information of (NG-U) of the user plane to the core Network.

13-14 bearer context release procedure (gNB-CU-CP initiated).

However, the above procedure does not consider the scenario where the UE changes from one gNB-CU-UP to another, and the lack of a key derivation procedure in this scenario would result in the UE still using the previous key when changing the gNB-CU-UP, i.e. the same key appears to be used on a different gNB-CU-UP, leading to a security risk.

Referring to fig. 7, when the gNB-CU-CP determines that the gNB-CU-UP needs to be changed, the key used by the target gNB-CU-UP is derived and calculated according to different scenarios, and then the derived parameter and the key update indication are notified to the UE through the RRC connection reconfiguration process, and the UE derives the new key used by the target gNB-CU-UP according to the same derivation method.

Referring to fig. 8, the hierarchy of the current 5G key is further refined. Slave base station master key K_gNBFurther deriving a secondary secret key K of the base station_gNB-CP、K_gNB-UPBased on the secondary key K of the base station_gNB-UPDeriving ciphering and integrity keys K for use by a target gNB-CU-UP_gNB-CU-UPencAnd K_gNB-CU-UPint. Wherein, K_gNB-CPControl of central node key, K, for a base station_gNB-UPThe user plane base key for the base station.

Or, the slave base station master key K_gNBDeriving updated base station key K_gNB(ii) a Based on said K_gNBDeriving a secondary key K for a base station_gNB-CPAnd K_gNB-UPWherein, K is_gNB-CPIs the central node key of the base station, K_gNB-UPA user plane basic key for the base station; based on the base station secondary key K_gNB-UPDeriving ciphering and integrity keys K for use by a target gNB-CU-UP_gNB-CU-UPencAnd K_gNB-CU-UPint。

The change described in the embodiment of the application occurs between the user plane of the central node of the source base station gNB-CU-UP and the user plane of the central node of the target base station gNB-CU-UP, and the finally derived target key is the key used by the user plane of the central node of the target base station gNB-CU-UP.

The AS layer key between the base station and the UE is K_gNB. A new key K may be generated at the time of handover_gNBIn the technical solution provided in the embodiment of the present application, a new key K is generated_gNBI.e. when changing gNB-CU-UP, there will be a new K_gNBIs generated, possibly from the key K_gNBThe ciphering and integrity keys for the control plane RRC are generated, as well as the ciphering and integrity keys for the user plane. The derivation parameters to be used are mainly the identity of the gNB-CU-UP, and there may be a freshness parameter for ensuring the freshness of the generated key, for example: randomThe method comprises the steps of counting the number of times of UP replacement, wherein the PDCP COUNTER is a counting value for calculating a PDCP packet of a user plane, data sent by a network side to the user plane is sent in the form of the PDCP packet, and the PDCP COUNTER is a sequence number of the PDCP packet and can be obtained at the same time of a UE and a base station side. If the random number and the UP replacement times are adopted, the network side can send the random number and the UP replacement times to the UE through an RRC reconfiguration message.

The UP change times described in the embodiment of the present application specifically refer to the UP change times corresponding to the terminal on the same CU, for example, one hop is used for changing once, and the second hop is used for changing again, that is, UP1 — > UP2 — > UP 3.

K in the examples of this application_gNB-CU-CPAnd K_gNB-CU-UPIs to be the K of the base station_gNBThe keys are divided into keys for a control plane and keys for a user plane. The control plane key (for ciphering and integrity protection) and the user plane key (for ciphering and integrity protection, i.e. K) of a base station are calculated by the CU of the CU_gNB-CU-UPencAnd K_gNB-CU-UPint)。

Referring to fig. 9, key derivation scenario one:

this scenario describes a key derivation process due to the separation of CU-CP and gNB-CU-UP. When the central node user plane (gNB-CU-UP) of the base station gNB changes, the function listed below can first be employed to select from K_gNBDeriving a target base station user plane central node key K_gNB-CU-UP. In view of the separation of the CU-CP and the gNB-CU-UP, the key derivation required should ensure that the keys between the CU-CP and the CU-Ups are both isolated as much as possible. Therefore, the base station and the UE need to be based on K first_gNBCalculating the secondary key of CU-CP and CU-Ups, and based on K_gNB-CU-UPAnd the encryption key and the integrity key K of the gNB-CU-UP are calculated by the sum algorithm_gNB-CU-UP. This step ensures the isolation of keys between the CU-CP and the gNB-CU-UP, for which the keys are all computed by the CU-CP.

K*_gNB-CU-UP＝【K_gNB，gNB-CU-UP ID，PDCP COUNTER】；

K*_gNB-CU-UP＝【K_gNBgNB-CU-UP ID, random number);

K*_gNB-CU-UP＝【K_gNBgNB-CU-UP ID, UP replacement times);

namely, in the first scenario, K is utilized_gNBOr updated K_gNBAnd deriving one or a combination of parameters from the parameters central node user plane identification gNB-CU-UP ID, random number, PDCP COUNTER and UP replacement times to determine K x_gNB-CU-UPThen based on K_gNB-CU-UPCalculating the key used by the target base station user plane central node gNB-CU-UP, namely the encryption key and the integrity key K of the target base station user plane central node_gNB-CU-UPencAnd K_gNB-CU-UPint。

In the embodiment of the present application, information such as corresponding function and algorithm may be calculated for the key for encryption and integrity protection, and the existing technology may be reused, and the algorithm used for calculating the derivative key may include FC (0x69), P0(algorithm type distinguisher, algorithm type specifier), L0(length of algorithm type distinguisher, algorithm type specifier length), P1(algorithm identity), and L1(length of algorithm identity) as input parameters.

Referring to fig. 10, a second scenario of key derivation:

the scenario describes that when the gNB-CU-UP changes, the CU-CP changes according to K_gNB-CU-UPencAnd K_gNB-CU-UPintAnd calculating updated central unit user plane encryption keys and integrity protection keys K × gNB-CU-UPenc and K × gNB-CU-UPint. Assuming that the UP replacement frequency is N, the N is a counter value; in addition, the CU-CP can generate a random number Fresh, and the random number Fresh is used as one of the parameters for deriving the new key; or a PDCP COUNTER (PDCP COUNTER) value may be employed as a parameter for key derivation; or the identity of the gNB-CU-UP may be used as one of the parameters for key derivation, and the character strings of "enc" and "int" may also be used as derivation parameters. Specific derivation methods include, for example:

K_gNB-CU-CP＝KDF【K_gNB，PDCP Counter，“CU-CP ID”】

K_gNB-CU-UP＝KDF【K_gNB，PDCP Counter，“gNB-CU-UP ID”】

K*_gNB-CU-UPenc＝KDF【K_CU-upenc，RRC Counter，“enc”】

K*_gNB-CU-UPenc＝KDF【K_CU-upenc，Fresh，“enc”】

K*_gNB-CU-UPenc＝KDF【K_CU-upenc，PDCP Counter，“enc”】

K*_gNB-CU-UPenc＝KDF【K_CU-upenc，gNB-CU-UP ID，“enc”】

K*_gNB-CU-UPint＝KDF【K_CU-upenc，RRC Counter，“int”】

K*_gNB-CU-UPint＝KDF【K_CU-upenc，Fresh，“int”】

K*_gNB-CU-UPint＝KDF【K_CU-upenc，PDCP Counter，“int”】

K*_gNB-CU-UPint＝KDF【K_CU-upenc，gNB-CU-UP ID，“int”】

wherein, the CU-CP ID is the control plane identification of the central node, and the gNB-CU-UP ID is the user plane identification of the central node.

That is, in the second scenario, when the central node gNB-CU-UP of the user plane of the base station is changed, the control plane CU-CP of the central node of the base station is passed through, and the master key K of the base station is used_gNBAnd a first derivation parameter, determining a control plane key K used by the gNB-CU-CP_gNB-CU-CPAnd user plane key K used by target gNB-CU-UP_gNB-CU-UP(ii) a Wherein the first derivation parameter comprises a PDCP counter value, a central node control plane identification CU-CP ID (calculating K)_gNB-CU-CPTime of use), central node user plane identity gNB-CU-UP ID (calculate K)_gNB-CU-UPWhen used);

According to the base station user plane central node gNB-CU-UPUsed secret key K for encryption and integrity protection_gNB-CU-UPencAnd K_gNB-CU-UPintAnd a second derivation parameter determining a new key K used by the CU for ciphering and integrity protection_gNB-CU-UPencAnd K_gNB-CU-UPint(ii) a Wherein the second derivation parameter comprises one or a combination of the following parameters: UP replacement times, central node user plane identification gNB-CU-UP ID, PDCP counter value, radio resource control RRC counter value, random number, character strings "enc" and "int".

Referring to fig. 11, a key derivation scenario three:

when the CU described in the scene is changed, the CU-CP is according to K_gNB-CU-UPCalculating K_gNB-CU-UP. Then according to K_gNB-CU-UPDerived K_gNB-CU-UPintAnd K_gNB-CU-UPenc。

K*_gNB-CU-UP＝KDF【K_gNB-CU-UP，RRC Counter】

K*_gNB-CU-UP＝KDF【K_gNB-CU-UP，Fresh】

K*_gNB-CU-UP＝KDF【K_gNB-CU-UP，PDCP Counter】

K*_gNB-CU-UP＝KDF【K_gNB-CU-UP，gNB-CU-UP ID】

That is, in the third scenario, a KDF algorithm is adopted according to the user plane key K used by the original CU-CP_gNB-CU-UPCalculating new user surface key K_gNB-CU-UP(ii) a Then according to K_gNB-CU-UPDetermining a new key K for ciphering and integrity protection used by a target central node CU user plane of a base station_gNB-CU-UPintAnd K_gNB-CU-UPenc. The derivation parameters used include one or a combination of the following: RRC Counter, central node user plane identification gNB-CU-UP ID, PDCP Counter, random number.

And a fourth key derivation scene:

referring to FIG. 12, the scenario illustrates that when the gNB-CU-UP is changed, the gNB-CU-CP is directly dependent on K_gNBOr K^* _gNBCalculating K_gNB-CU-UPintAnd K_gNB-CU-UPencThe following listA derivation method of the key during calculation according to different parameters is provided.

K_gNB-CU-UPenc＝KDF【K_gNB/K^* _gNB，RRC Counter，“enc”】

K_gNB-CU-UPenc＝KDF【K_gNB/K^* _gNB，FRESH，“enc”】

K_gNB-CU-UPenc＝KDF【K_gNB/K^* _gNB，PDCP Counter，“enc”】

K_gNB-CU-UPenc＝KDF【K_gNB/K^* _gNB，gNB-CU-UP ID，“enc”】

K_gNB-CU-UPint＝KDF【K_gNB/K^* _gNB，RRC Counter，“int”】

K_gNB-CU-UPint＝KDF【K_gNB/K^* _gNB，FRESH，“int”】

K_gNB-CU-UPint＝KDF【K_gNB/K^* _gNB，PDCP Counter，“int”】

K_gNB-CU-UPint＝KDF【K_gNB/K^* _gNB，gNB-CU-UP ID，“int”】

The first embodiment is as follows: the key is calculated before the bearer establishment request, and the key can be derived according to three scenes derived by the key. After the gNB-CU-CP derives the key, the parameter of the derived key is sent to the UE through the RRC connection reestablishment message. Referring to fig. 13, the method specifically includes the following steps:

And 1a, calculating the key used by the target gNB-CU-UP according to the three key derivation scenes by the gNB-CU-CP.

And 2-3, carrying context setting process.

5-6, a bearer context modification procedure (gNB-CU-CP initiated) is performed to enable the gNB-CU-CP to retrieve PDCP UL/DL status and exchange data forwarding information for the bearer.

7-8. bearer context modification procedure.

Rrc message sends the key derived parameters to the UE, so that the UE calculates the new key.

The ue calculates a new gNB-CU-UP key, i.e. the key to be used by the destination gNB-CU-UP to be changed.

10-12, executing a path switching process to update DL TNL address information of the NG-U to the core network.

13-14 bearer context release procedure (gNB-CU-CP initiated).

Example two: and calculating a new key before the request for modifying the bearer context, sending the new key to the UE through an RRC connection reestablishment message, and deriving the key by the UE according to three key derivation methods. Referring to fig. 14, the method specifically includes the following steps:

And 2-3, carrying context setting process.

And 6a. gNB-CU-CP calculates the key according to the scenario derived by the three keys.

7-8. bearer context modification procedure.

Ue calculates new gNB-CU-UP key.

13-14 bearer context release procedure (gNB-CU-CP initiated).

Optionally, with respect to the intermediate key K_*gNB-UP/K_{*gNB-CU-UP-RRC/INT}There are several derivation methods, generally random numbers or calculator values can be used, in order to ensure forward security, an increment method can be used, and for handover between multiple gNB-CU-UPs, a non-access stratum counter (NAS COUNT) value increment method can be used.

In summary, the embodiments of the present application provide:

1. and the gNB-CU judges that the gNB-CU-UP is required to replace a new key used on the derivation target gNB-CU-UP, the key derivation parameters are sent to the UE through an RRC reconfiguration message, and the UE calculates the new key after receiving the key derivation parameters for the safety protection of the UP layer.

2. Further refining the 5G key hierarchy, namely realizing the key separation of the gNB-CU-CP and the gNB-CU-UP;

3. according to new K_*gNBDeriving a key used by the target gNB-CU-UP;

4. according to K_gNB-CU-UPCalculating the derived secret key K_*gNB-CU-UP；

5. According to K_{gNB-CU-UPint/RRC}Calculating the derived secret key K_{*gNB-CU-UPINT/RRC}。

Namely, the embodiment of the application provides a key derivation method when the user changes the gNB-CU-UP, so that different gNB-CU-UP entities can use different algorithm keys in a CU-CP/UP separation scene, key isolation among different access stratum entities is realized, and the security risk is reduced.

On a network side, for example, a base station side, referring to fig. 15, an embodiment of the present application provides a key derivation method, including:

s101, when determining that a user plane gNB-CU-UP of a central node of a base station serving a terminal needs to be changed, deriving a key used by a target gNB-CU-UP;

and S102, sending information for indicating the terminal to derive the key used by the target gNB-CU-UP to the terminal, wherein the information comprises derivation parameters used by the network side to derive the key used by the target gNB-CU-UP and/or a key updating indication of the network side.

slave base station master key K_gNBDeriving updated base station key K_gNB；

Or, optionally, deriving the key used by the target gNB-CU-UP specifically includes:

Optionally, corresponding to the scenario one, deriving the key used by the target gNB-CU-UP specifically includes:

when the central node gNB-CU-UP of the base station user plane is changed, the central node of the base station user plane is controlled by the control plane CU-CP based on the main key K of the base station_gNBOr updated K_gNBDeriving the encryption key and integrity key K of the target base station user plane central node from the derived parameters_gNB-CU-UPencAnd K_gNB-CU-UPint(ii) a Wherein the derivation parameters include one or a combination of the following parameters: identification of a target central node user plane gNB-CU-UP, random number, user plane UP replacement times and PDCP counter value.

Optionally, corresponding to the second scenario, deriving a key used for calculating the target gNB-CU-UP specifically includes:

when the central node gNB-CU-UP of the base station user plane is changed, the central node gNB-CU-UP of the base station user plane is changed through the control plane CU-CP of the central node of the base station, and according to the main key K of the base station_gNBAnd a first derivation parameter, determining a control plane key K used by the gNB-CU-CP_gNB-CU-CPAnd user plane key K used by target gNB-CU-UP_gNB-CU-UP(ii) a The first derivation parameter comprises a PDCP counter value, a central node control plane identification CU-CP ID and a central node user plane identification gNB-CU-UP ID;

Optionally, corresponding to the third scenario, deriving a key used for calculating the target gNB-CU-UP specifically includes:

when the central node gNB-CU-UP of the base station user plane is changed, the central node is used for controlling a control plane CU-CP according to a user plane key K used by the gNB-CU-UP_gNB-CU-UPCalculating new user surface key K_gNB-CU-UP；

On the terminal side, referring to fig. 16, a key derivation method provided in an embodiment of the present application includes:

s201, receiving information which is sent by a network side and used for indicating a terminal to deduce a key used by a target gNB-CU-UP;

s202, deriving a key synchronously used by the terminal and the target gNB-CU-UP according to the information, wherein the information comprises derivation parameters used by the network side for deriving the key used by the target gNB-CU-UP and/or a key updating instruction of the network side.

slave base station master key K_gNBDeriving updated base station key K_gNB；

According to a secret key K used by the base station user plane central node gNB-CU-UP for encryption and integrity protection_gNB-CU-UPencAnd K_gNB-CU-UPintAnd a second derivation parameter for determining the use of the terminal in synchronization with the CUNew key K for encryption and integrity protection_gNB-CU-UPencAnd K_gNB-CU-UPint(ii) a Wherein the second derivation parameter comprises one or a combination of the following parameters: UP replacement times, central node user plane identification gNB-CU-UP ID, PDCP counter value, radio resource control RRC counter value, random number, character strings "enc" and "int".

On the network side, for example, the base station side, referring to fig. 17, an embodiment of the present application provides a key derivation apparatus, including:

a memory 520 for storing program instructions;

a processor 500 for calling the program instructions stored in the memory, and executing, according to the obtained program:

Optionally, the processor 500 derives a key used by the target gNB-CU-UP, which specifically includes:

slave base station master key K_gNBDeriving updated base station key K_gNB；

Optionally, the processor 500 derives a key used for calculating the target gNB-CU-UP, which specifically includes:

when the central node gNB-CU-UP of the base station user plane is changed, the central node gNB-CU-UP is changed according to the master key K of the base station_gNBAnd a first derivation parameter, determining a control plane key K used by the gNB-CU-CP_gNB-CU-CPAnd user plane key K used by target gNB-CU-UP_gNB-CU-UP(ii) a Wherein the first derivation parameter comprises a PDCP counter value, a central node control plane identification CU-CP ID, and a centerA node user plane identifier gNB-CU-UPID;

A transceiver 510 for receiving and transmitting data under the control of the processor 500.

In fig. 17, among other things, the bus architecture may include any number of interconnected buses and bridges, with one or more processors represented by processor 500 and various circuits of memory represented by memory 520 being linked together. The bus architecture may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. The bus interface provides an interface. The transceiver 510 may be a number of elements including a transmitter and a receiver that provide a means for communicating with various other apparatus over a transmission medium. The processor 500 is responsible for managing the bus architecture and general processing, and the memory 520 may store data used by the processor 500 in performing operations.

The processor 500 may be a Central Processing Unit (CPU), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), or a Complex Programmable Logic Device (CPLD).

On the terminal side, referring to fig. 18, an embodiment of the present application provides a key derivation apparatus, including:

a memory 620 for storing program instructions;

a processor 600, configured to call the program instructions stored in the memory, and execute, according to the obtained program:

Optionally, the deriving, by the processor 600, a key used by the terminal and the target gNB-CU-UP synchronously according to the information specifically includes:

slave base station master key K_gNBDeriving updated base station key K_gNB；

A transceiver 610 for receiving and transmitting data under the control of the processor 600.

In fig. 18, among other things, the bus architecture may include any number of interconnected buses and bridges with various circuits being linked together, particularly one or more processors represented by processor 600 and memory represented by memory 620. The bus architecture may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. The bus interface provides an interface. The transceiver 610 may be a number of elements including a transmitter and a receiver that provide a means for communicating with various other apparatus over a transmission medium. For different user devices, the user interface 630 may also be an interface capable of interfacing with a desired device externally, including but not limited to a keypad, display, speaker, microphone, joystick, etc.

The processor 600 is responsible for managing the bus architecture and general processing, and the memory 620 may store data used by the processor 600 in performing operations.

Alternatively, the processor 600 may be a CPU (central processing unit), an ASIC (Application Specific Integrated Circuit), an FPGA (Field Programmable Gate Array), or a CPLD (Complex Programmable Logic Device).

On the network side, for example, the base station side, referring to fig. 19, another key derivation apparatus provided in the embodiment of the present application includes:

a determining unit 11, configured to derive a key used by a target gNB-CU-UP when it is determined that a base station central node user plane gNB-CU-UP serving a terminal needs to be changed;

a sending unit 12, configured to send information to the terminal, where the information is used to instruct the terminal to derive the key used by the target gNB-CU-UP, and the information includes a derivation parameter used by the network side to derive the key used by the target gNB-CU-UP, and/or a key update instruction of the network side.

It should be noted that the determining unit 11 further has a method flow for executing various key determinations mentioned in the network-side method, and details are not described herein again.

On the terminal side, referring to fig. 20, another key derivation apparatus provided in the embodiment of the present application includes:

a receiving unit 21, configured to receive information sent by a network side and used for instructing a terminal to derive a key used by a target gNB-CU-UP;

and the determining unit 22 is configured to derive a key used by the terminal in synchronization with the target gNB-CU-UP according to the information, where the information includes a derivation parameter used by the network side to derive the key used by the target gNB-CU-UP, and/or a key update indication of the network side.

The determining unit 22 further has a method flow for executing various key determinations mentioned in the network-side method, which is not described herein again.

It should be noted that the division of the unit in the embodiment of the present application is schematic, and is only a logic function division, and there may be another division manner in actual implementation. In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.

The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, a network device, or the like) or a processor (processor) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.

The embodiment of the present application provides a computing device, which may specifically be a desktop computer, a portable computer, a smart phone, a tablet computer, a Personal Digital Assistant (PDA), and the like. The computing device may include a Central Processing Unit (CPU), memory, input/output devices, etc., the input devices may include a keyboard, mouse, touch screen, etc., and the output devices may include a Display device, such as a Liquid Crystal Display (LCD), a Cathode Ray Tube (CRT), etc.

The memory may include Read Only Memory (ROM) and Random Access Memory (RAM), and provides the processor with program instructions and data stored in the memory. In the embodiments of the present application, the memory may be used for storing a program of any one of the methods provided by the embodiments of the present application.

The processor is used for executing any one of the methods provided by the embodiment of the application according to the obtained program instructions by calling the program instructions stored in the memory.

Embodiments of the present application provide a computer storage medium for storing computer program instructions for an apparatus provided in the embodiments of the present application, which includes a program for executing any one of the methods provided in the embodiments of the present application.

The computer storage media may be any available media or data storage device that can be accessed by a computer, including, but not limited to, magnetic memory (e.g., floppy disks, hard disks, magnetic tape, magneto-optical disks (MOs), etc.), optical memory (e.g., CDs, DVDs, BDs, HVDs, etc.), and semiconductor memory (e.g., ROMs, EPROMs, EEPROMs, non-volatile memory (NAND FLASH), Solid State Disks (SSDs)), etc.

The method provided by the embodiment of the application can be applied to terminal equipment and also can be applied to network equipment.

The Terminal device may also be referred to as a User Equipment (User Equipment, abbreviated as "UE"), a Mobile Station (Mobile Station, abbreviated as "MS"), a Mobile Terminal (Mobile Terminal), or the like, and optionally, the Terminal may have a capability of communicating with one or more core networks through a Radio Access Network (RAN), for example, the Terminal may be a Mobile phone (or referred to as a "cellular" phone), a computer with Mobile property, or the like, and for example, the Terminal may also be a portable, pocket, hand-held, computer-built-in, or vehicle-mounted Mobile device.

A network device may be a base station (e.g., access point) that refers to a device in an access network that communicates over the air-interface, through one or more sectors, with wireless terminals. The base station may be configured to exchange received air frames and IP packets with one another as a router between the wireless terminal and the rest of the access network, which may include an Internet Protocol (IP) network. The base station may also coordinate management of attributes for the air interface. For example, the Base Station may be a Base Transceiver Station (BTS) in GSM or CDMA, a Base Station (NodeB) in WCDMA, an evolved Node B (NodeB or eNB or e-NodeB) in LTE, or a gNB in 5G system. The embodiments of the present application are not limited.

The above method process flow may be implemented by a software program, which may be stored in a storage medium, and when the stored software program is called, the above method steps are performed.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims

1. A method of key derivation, the method comprising:

when determining that a central node gNB-CU-UP of a base station user plane serving a terminal needs to be changed, deriving a key used by a target gNB-CU-UP;

2. The method of claim 1, wherein deriving the key used by the target gNB-CU-UP comprises:

slave base station master key K_gNBDeriving updated base station key K_gNB；

Based on said K_gNBDeriving a secondary key K for a base station_gNB-CPAnd K_gNB-UPWherein, K is_gNB-CPSecret key, K, for the base station control plane central node_gNB-UPA basic key of a central node of the user plane of the base station;

based on the number of base stationsLevel key K_gNB-UPDeriving ciphering and integrity keys K for use by a target gNB-CU-UP_gNB-CU-UPencAnd K_gNB-CU-UPint。

3. The method of claim 1, wherein deriving the key used by the target gNB-CU-UP comprises:

slave base station master key K_gNBDeriving a secondary key K for a base station_gNB-CPAnd K_gNB-UPWherein, K is_gNB-CPControl a plane central node key, K, for the base station_gNB-UPA base key for a central node of the user plane of the base station;

4. The method of claim 1, wherein deriving the key used by the target gNB-CU-UP comprises:

when the base station user plane central node gNB-CU-UP is changed, the base station control plane central node CU-CP is used for controlling the base station user plane central node gNB-CU-UP based on the base station master key K_gNBOr updated K_gNBDeriving the encryption key and integrity key K of the target base station user plane central node from the derived parameters_gNB-CU-UPencAnd K_gNB-CU-UPint(ii) a Wherein the derivation parameters include one or a combination of the following parameters: identification of a target central node user plane gNB-CU-UP, random number, user plane UP replacement times and PDCP counter value.

5. The method of claim 1, wherein deriving the key used to calculate the target gNB-CU-UP comprises:

when the base station user plane central node gNB-CU-UP is changed, the base station control plane central node CU-CP is used for controlling the central node CU-CP according to the base station main key K_gNBAnd a first derivation parameter, determining a control plane key K used by the gNB-CU-CP_gNB-CU-CPAnd target gNB-CU-UPUser plane key K of_gNB-CU-UP(ii) a The first derivation parameter comprises a PDCP counter value, a central node control plane identification CU-CP ID and a central node user plane identification gNB-CU-UP ID;

6. The method of claim 1, wherein deriving the key used to calculate the target gNB-CU-UP comprises:

7. A method of key derivation, the method comprising:

8. The method of claim 7, wherein deriving the key used by the terminal in synchronization with the target gNB-CU-UP according to the information comprises:

slave base station master key K_gNBDeriving updated base station key K_gNB；

9. The method of claim 7, wherein deriving the key used by the terminal in synchronization with the target gNB-CU-UP according to the information comprises:

10. The method of claim 7, wherein deriving the key used by the terminal in synchronization with the target gNB-CU-UP according to the information comprises:

11. The method of claim 7, wherein deriving the key used by the terminal in synchronization with the target gNB-CU-UP according to the information comprises:

12. The method of claim 7, wherein deriving the key used by the terminal in synchronization with the target gNB-CU-UP according to the information comprises:

13. A key derivation apparatus, comprising:

a memory for storing program instructions;

14. The apparatus of claim 13, wherein the processor derives a key for use by the target gNB-CU-UP, comprising:

slave base station master key K_gNBDeriving updated base station key K_gNB；

15. The apparatus of claim 13, wherein the processor derives a key for use by the target gNB-CU-UP, comprising:

16. The apparatus of claim 13, wherein the processor derives a key for use by the target gNB-CU-UP, comprising:

17. The apparatus of claim 13, wherein the processor derives a key used to compute the target gNB-CU-UP by:

when the central node gNB-CU-UP of the base station user plane is changed, the central node gNB-CU-UP is changed according to the master key K of the base station_gNBAnd a first derivation parameter, determining a control plane key K used by the gNB-CU-CP_gNB-CU-CPAnd user plane key K used by target gNB-CU-UP_gNB-CU-UP(ii) a The first derivation parameter comprises a PDCP counter value, a central node control plane identification CU-CP ID and a central node user plane identification gNB-CU-UP ID;

18. The apparatus of claim 13, wherein the processor derives a key used to compute the target gNB-CU-UP by:

19. A key derivation apparatus, comprising:

a memory for storing program instructions;

20. The apparatus as claimed in claim 19, wherein the processor derives the key used by the terminal in synchronization with the target gNB-CU-UP according to the information, specifically comprising:

slave base station master key K_gNBDeriving updated base station key K_gNB；

21. The apparatus as claimed in claim 19, wherein the processor derives the key used by the terminal in synchronization with the target gNB-CU-UP according to the information, specifically comprising:

22. The apparatus as claimed in claim 19, wherein the processor derives the key used by the terminal in synchronization with the target gNB-CU-UP according to the information, specifically comprising:

based on base station master key K_gNBOr updated K_gNBAnd derivative parameter derivationDeriving an encryption key and an integrity key K synchronously used by the terminal and a user plane central node of a target base station_gNB-CU-UPencAnd K_gNB-CU-UPint(ii) a Wherein the derivation parameters include one or a combination of the following parameters: identification of a target central node user plane gNB-CU-UP, random number, user plane UP replacement times and PDCP counter value.

23. The apparatus as claimed in claim 19, wherein the processor derives the key used by the terminal in synchronization with the target gNB-CU-UP according to the information, specifically comprising:

24. The apparatus as claimed in claim 19, wherein the processor derives the key used by the terminal in synchronization with the target gNB-CU-UP according to the information, specifically comprising:

25. A key derivation apparatus, comprising:

26. A key derivation apparatus, comprising:

27. A computer storage medium having stored thereon computer-executable instructions for causing a computer to perform the method of any one of claims 1 to 12.