CN113068183A - Updating method and device of security key - Google Patents
Updating method and device of security key Download PDFInfo
- Publication number
- CN113068183A CN113068183A CN201911364704.6A CN201911364704A CN113068183A CN 113068183 A CN113068183 A CN 113068183A CN 201911364704 A CN201911364704 A CN 201911364704A CN 113068183 A CN113068183 A CN 113068183A
- Authority
- CN
- China
- Prior art keywords
- security key
- base station
- update
- updating
- request message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Abstract
The invention provides a method and a device for updating a security key, which are used for solving the problem of communication abnormity caused by inconsistent security keys in the prior art. The method is applied to the secondary base station and comprises the following steps: receiving an updating request message sent by a main base station when determining that a security key communicated with terminal equipment is updated; the updating request message carries an updating indication and a security key communicated with the terminal equipment, and the updating indication is used for indicating the auxiliary base station to update the security key; and updating the stored security key communicated with the terminal equipment into the security key carried in the updating request message according to the updating indication.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method and an apparatus for updating a security key.
Background
In a Multi-Radio Dual Connectivity (MR-DC) mode, one terminal device may be simultaneously connected to two base stations, such as a primary base station and a secondary base station; the main base station provides control plane connection with the terminal equipment, and the auxiliary base station is responsible for sharing the load of user plane data.
At present, the secondary base station is usually required to passively request the primary base station to send the security key for communicating with the terminal device to the secondary base station, but if the security key used by the primary base station and the terminal device side is updated before the secondary base station initiates a request for obtaining the security key, and the secondary base station still uses the security key before updating to communicate with the UE, communication abnormality may occur due to inconsistency of the security keys.
Disclosure of Invention
The invention provides a method and a device for updating a security key, which are used for solving the problem of communication abnormity caused by inconsistent security keys in the prior art.
In a first aspect, an updating method for a security key provided in an embodiment of the present invention is applied to a secondary base station, and includes:
receiving an updating request message sent by a main base station when determining that a security key communicated with terminal equipment is updated; the update request message carries an update instruction and a security key communicated with the terminal equipment, wherein the update instruction is used for instructing the auxiliary base station to update the security key;
and updating the stored security key communicated with the terminal equipment into the security key carried in the updating request message according to the updating indication.
In an optional implementation manner, the update indication is a packet data convergence protocol PDCP change indication.
In a second aspect, an embodiment of the present invention provides a method for updating a security key, which is applied to a primary base station, and includes:
determining a security key update for communication with the terminal device;
sending an update request message to the secondary base station; the update request message carries an update instruction and a security key communicated with the terminal device, wherein the update instruction is used for instructing the auxiliary base station to update the security key.
In an optional implementation manner, the update indication is a packet data convergence protocol PDCP change indication.
In an optional implementation manner, the security key for communicating with the terminal device is generated based on a security algorithm and a basic key;
the determining of the security key update in communication with the terminal includes:
when the security algorithm and/or the reference key is changed, determining the update of the security key communicated with the terminal equipment.
In a third aspect, an embodiment of the present invention provides an apparatus for updating a security key, which is applied to a secondary base station, and includes:
the receiving module is used for receiving an updating request message sent by the main base station when the safety key communicated with the terminal equipment is determined to be updated; the update request message carries an update instruction and a security key communicated with the terminal equipment, wherein the update instruction is used for instructing the auxiliary base station to update the security key;
and the updating module is used for updating the stored security key communicated with the terminal equipment into the security key carried in the request message according to the updating indication.
In an optional implementation manner, the update indication is a packet data convergence protocol PDCP change indication.
In a fourth aspect, an embodiment of the present invention provides an apparatus for updating a security key, which is applied to a master base station, and includes:
a determination module for determining a security key update for communication with the terminal device;
a sending module, configured to send an update request message to the secondary base station; the update request message carries an update instruction and a security key communicated with the terminal device, wherein the update instruction is used for instructing the auxiliary base station to update the security key.
In an optional implementation manner, the update indication is a packet data convergence protocol PDCP change indication.
In an optional implementation manner, the security key for communicating with the terminal device is generated based on a security algorithm and a basic key; the determining module is specifically configured to determine a security key update communicated with the terminal device when the security algorithm and/or the reference key is changed.
In a third aspect, an embodiment of the present invention provides an access network device, including:
a memory and a processor;
a memory for storing program instructions;
a processor, configured to call the program instructions stored in the memory, and execute the method according to any implementation manner of the first aspect or the method according to any implementation manner of the second aspect according to an obtained program.
In a fourth aspect, the present invention provides a computer-readable storage medium storing computer instructions that, when executed on a computer, cause the computer to perform the method according to any implementation manner of the first aspect or the method according to any implementation manner of the second aspect.
In the embodiment of the invention, the auxiliary base station receives an updating request message sent by the main base station when the safety key communicated with the terminal equipment is determined to be updated; the updating request message carries an updating instruction for instructing the auxiliary base station to update the security key and the security key communicated with the terminal equipment; and updating the stored security key communicated with the terminal equipment into the security key carried in the updating request message according to the updating indication. That is, the main base station actively informs the auxiliary base station to synchronously update the security key communicated with the terminal equipment when determining the security key communicated with the terminal equipment to be updated, so that the situation that the communication is abnormal due to the inconsistency of the security keys caused by the untimely update of the security key at the auxiliary base station side can be avoided.
Drawings
Fig. 1 is a schematic structural diagram of a communication system architecture according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a method for updating a security key according to an embodiment of the present invention;
fig. 3 is a schematic flowchart of another security key updating method according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of an interaction flow according to an embodiment of the present invention;
fig. 5 is a block diagram of a device for updating a security key according to an embodiment of the present invention;
fig. 6 is a block diagram of another security key updating apparatus according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an apparatus for updating a security key according to an embodiment of the present invention.
Detailed Description
The embodiment of the invention can be applied to a 4G system, a 5G system or a new system generated in the future. The 4G system may be a Long Term Evolution (LTE) system, and the 5G system may be a New Radio (NR) system.
Fig. 1 illustrates an architecture of a communication system including a base station and a terminal device, and specifically illustrates two base stations, i.e., a primary base station and a secondary base station, communicating with the terminal device as shown in fig. 1.
A Terminal device, also called a Terminal, a User Equipment (UE), a Mobile Station (MS), a Mobile Terminal (MT), etc., is a device that provides voice and/or data connectivity to a User, for example, a handheld device, a vehicle-mounted device, etc. with a wireless connection function. Currently, some examples of terminals are: a Mobile phone (Mobile phone), a tablet computer, a notebook computer, a palm computer, a Mobile Internet Device (MID), a wearable Device, a Virtual Reality (VR) Device, an Augmented Reality (AR) Device, a wireless terminal in Industrial Control (Industrial Control), a wireless terminal in unmanned driving (self driving), a wireless terminal in remote surgery (remote medical supply), a wireless terminal in smart grid (smart grid), a wireless terminal in transportation safety, a wireless terminal in city (smart city), a wireless terminal in smart home (smart home), and the like.
The base station related in the embodiment of the present invention may also be referred to as AN Access Node (Access Node, or AN for short) to provide a wireless Access service for the terminal device. The access Node may be specifically an evolved Node B (eNB or eNodeB) in the LTE system, or a base station device (gNB) in a 5G network, a small base station device, and the like, which is not limited in the present invention.
The plurality of the present invention means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. In addition, it should be understood that although the terms first, second, etc. may be used to describe various data in embodiments of the present invention, these data should not be limited by these terms. These terms are only used to distinguish the data from each other.
In the fifth generation mobile communication system, there are two networking modes, i.e., a Stand Alone mode (SA) and a Non-Stand Alone mode (NSA); both networking modes support that one terminal device is connected to two base stations at the same time and receive services provided by the two base stations at the same time. This kind of connection is called Multi-Radio Dual Connectivity (MR-DC), and in the case that one mode included in the MR-DC mode is NR Dual Connectivity (NR-DC), one NR base station is called a Master base station or may also be called a Master Node (MN/M-Node), and the other NR base station is called a slave base station or may also be called a slave Node (SN/S-Node). The main base station provides control plane connection with the terminal equipment, and the auxiliary base station is responsible for sharing the load of user plane data.
At present, the secondary base station is usually required to passively request the primary base station to send the security key for communicating with the terminal device to the secondary base station, but if the security key used by the primary base station and the terminal device side is updated before the secondary base station initiates a request for obtaining the security key, and the secondary base station still uses the security key before updating to communicate with the UE, communication abnormality may occur due to inconsistency of the security keys.
Based on this, embodiments of the present invention provide a method and an apparatus for updating a security key, so as to solve the problem in the prior art that communication is abnormal due to inconsistency of security keys. The method and the device are based on the same inventive concept, and because the principles of solving the problems of the method and the device are similar, the implementation of the device and the method can be mutually referred, and repeated parts are not repeated.
For understanding, first, a detailed description will be given of a security key updating method disclosed in the embodiment of the present invention.
Referring to fig. 2, an embodiment of the present invention provides a method for updating a security key, which is applied to a secondary base station, and includes:
step S201, receiving an update request message sent by a main base station when determining the update of a security key communicated with a terminal device; the updating request message carries an updating indication and a security key communicated with the terminal equipment, and the updating indication is used for indicating the auxiliary base station to update the security key;
and step S202, updating the stored security key communicated with the terminal equipment into the security key carried in the updating request message according to the updating instruction.
In this embodiment, the secondary base station receives an update request message that is actively sent by the primary base station when determining that the security key communicated with the terminal device is updated, and updates the security key according to an update instruction in the update request message. The auxiliary base station does not need to require the main base station to passively acquire the security key, so that the situation that the security key at the auxiliary base station side is not updated timely and communication abnormity is caused due to inconsistency of the security keys can be avoided.
In an alternative embodiment, both the primary base station and the secondary base station can support multiple cells, and the security key for the secondary base station to communicate with the terminal device can be configured in the target cell under the secondary base station where the terminal device is currently located. The update request message also carries an identifier of the terminal device, and the secondary base station updates the security key, which can be implemented as follows: and determining a target cell under the auxiliary base station where the terminal equipment is currently located according to the identifier of the terminal equipment carried in the updating request message, and updating the security key configured in the target cell into the security key carried in the updating request.
In another optional embodiment, a unified security key may also be configured for multiple cells supported by the Secondary base station, taking a certain Cell of the multiple cells as a Primary Cell and other cells as Secondary cells as examples, the Secondary base station updates the security key, which may be specifically implemented by a Change process of the Primary Cell supported by the Secondary base station, that is, the Primary Cell of a Secondary Cell Group (PSCell), and specifically, based on the security key carried in the update request message and a PSCell Change process (PSCell Change), the security key Change of the PSCell is implemented, thereby completing the process of updating the stored security key communicated with the terminal device into the security key carried in the update request message.
Further, in an optional implementation manner, the update REQUEST message is an S-NODE MODIFICATION REQUEST message (S-NODE MODIFICATION REQUEST) sent by the primary base station to the secondary base station; the update instruction carried in the update request message is a Packet Data Convergence Protocol (PDCP) Change instruction (Change Indication).
In this embodiment, the PDCP change instruction is an instruction initiated by the primary base station, and is used to instruct the primary base station to initiate a request for updating the security key in the secondary base station. Specifically, the indication type of the PDCP change indication is: from the M-NG-RAN node (From M-NG-RAN node); including an S-NG-RAN node security key update request (S-NG-RAN node update request) in an Indication (Indication from M-NG-RAN node to S-NG-RAN node) from the M-NG-RAN node to the S-NG-RAN node; wherein the M-NG-RAN node represents the primary base station, and the S-NG-RAN node represents the secondary base station.
Based on this, when the auxiliary base station receives the S-NODE modification request message, the PDCP change instruction carried in the S-NODE modification request message is acquired, and when it is determined that the instruction content of the PDCP change instruction includes the auxiliary base station security key update request, the security key carried in the S-NODE modification request message is configured to the PDCP module at the bottom layer, so that the PDCP module encrypts subsequent control plane and data plane data using the security key carried in the S-NODE modification request message, that is, the stored security key communicated with the terminal device is updated to the security key carried in the update request message according to the update instruction.
Further, in an alternative embodiment, after successfully updating the security key, the secondary base station may further send an update response message indicating that the security key update is successful to the primary base station in response to the update REQUEST message, for example, send an S-NODE MODIFICATION REQUEST response message (S-NODE MODIFICATION REQUEST acknowledgement) to the primary base station.
Correspondingly, referring to fig. 3, an embodiment of the present invention further provides a method for updating a security key, which is applied to a primary base station, and includes:
step S301, determining the updating of a security key communicated with the terminal equipment;
step S302, sending an update request message to a secondary base station; the update request message carries an update instruction and a security key communicated with the terminal device, and the update instruction is used for instructing the auxiliary base station to update the security key.
In this embodiment, the primary base station actively sends an update request message to the secondary base station when determining that the security key communicated with the terminal device is updated, so as to instruct the secondary base station to update the security key. The updated security key is sent instead of under the requirement of the auxiliary base station, so that the situation that the communication is abnormal due to inconsistent security keys caused by untimely updating of the security key at the auxiliary base station side can be avoided.
In an alternative embodiment, the security key for communication with the terminal device is generated based on a security algorithm and a base key; the basic Key may be a reference Key (K) allocated by a core network associated with the primary base station for the primary base stationAMF) The safety algorithm can be dynamically configured in the main base station and can be replaced according to actual conditions. Based on this, determining a security key update for communication with the terminal includes: and when the change of the security algorithm and/or the reference key is monitored, determining the update of the security key communicated with the terminal equipment.
In an alternative embodiment, the update indication is a packet data convergence protocol PDCP change indication. In this embodiment, the PDCP change instruction is an instruction initiated by the primary base station, and is used to instruct the primary base station to initiate a request for updating the security key in the secondary base station. Specifically, the indication type of the PDCP change indication is: from the M-NG-RAN node (From M-NG-RAN node); including an S-NG-RAN node security key update request (S-NG-RAN node update request) in an Indication (Indication from M-NG-RAN node to S-NG-RAN node) from the M-NG-RAN node to the S-NG-RAN node; wherein the M-NG-RAN node represents the primary base station, and the S-NG-RAN node represents the secondary base station.
Further, to facilitate understanding of the process of updating the security key in the secondary base station, referring to fig. 4, an interaction flow diagram is provided in the embodiment of the present invention, specifically illustrating an interaction flow between the primary base station and the secondary base station, including:
in step S401, the master base station (MN) determines a security key update for communication with the terminal device.
Step S402, the main base station (MN) sends an S-NODE modification request message to the auxiliary base Station (SN), wherein the S-NODE modification request message carries a PDCP change instruction and a security key.
Step S403, the auxiliary base Station (SN) obtains the PDCP change instruction, determines the type of the PDCP change instruction as coming from the M-NG-RAN node, and the instruction from the M-NG-RAN node to the S-NG-RAN node comprises the security key updating request of the S-NG-RAN node.
And step S404, the auxiliary base Station (SN) acquires the security key from the S-NODE modification request message and carries out security key updating processing.
Specifically, the security key carried in the S-NODE modification request message is configured to the PDCP module at the bottom layer, so that the PDCP module encrypts subsequent control plane and data plane data by using the security key carried in the S-NODE modification request message.
In step S405, the secondary base Station (SN) transmits an S-NODE modification request response message to the primary base station (MN) to notify the primary base station (MN) that the security key update is successful.
In the embodiment of the invention, the main base station actively requests the auxiliary base station to update the security key communicated with the terminal equipment, so that the communication abnormity caused by the inconsistency of the security key can be prevented, and the signaling interaction between the main base station and the auxiliary base station can be reduced in the process; the PDCP change indication is carried in the signaling message (S-NODE modification request message), so that the processing logic is clearer, the complexity of the processing logic in the auxiliary base station is reduced, and the multiplexing of the process and the expansion of the subsequent application scene are facilitated.
Corresponding to the above method for updating a security key shown in fig. 2, referring to fig. 5, an embodiment of the present invention provides an apparatus 500 for updating a security key, which is applied to a secondary base station, and includes:
a receiving module 501, configured to receive an update request message sent by a master base station when determining that a security key communicated with a terminal device is updated; the update request message carries an update instruction and a security key communicated with the terminal equipment, wherein the update instruction is used for instructing the auxiliary base station to update the security key;
an updating module 502, configured to update the stored security key that communicates with the terminal device to the security key carried in the request message according to the update instruction.
In this embodiment, the secondary base station receives an update request message that is actively sent by the primary base station when determining that the security key communicated with the terminal device is updated, and updates the security key according to an update instruction in the update request message. The auxiliary base station does not need to require the main base station to passively acquire the security key, so that the situation that the security key at the auxiliary base station side is not updated timely and communication abnormity is caused due to inconsistency of the security keys can be avoided.
In an alternative embodiment, the update indication is a packet data convergence protocol PDCP change indication. In this embodiment, the PDCP change instruction is an instruction initiated by the primary base station, and is used to instruct the primary base station to initiate a request for updating the security key in the secondary base station. Specifically, the indication type of the PDCP change indication is: from the M-NG-RAN node (From M-NG-RAN node); including an S-NG-RAN node security key update request (S-NG-RAN node update request) in an Indication (Indication from M-NG-RAN node to S-NG-RAN node) from the M-NG-RAN node to the S-NG-RAN node; wherein the M-NG-RAN node represents the primary base station, and the S-NG-RAN node represents the secondary base station.
In response to another method for updating a security key shown in fig. 3, referring to fig. 6, an embodiment of the present invention provides an apparatus 600 for updating a security key, which is applied to a primary base station, and includes:
a determining module 601, configured to determine a security key update for communicating with a terminal device;
a sending module 602, configured to send an update request message to a secondary base station; the update request message carries an update instruction and a security key communicated with the terminal device, wherein the update instruction is used for instructing the auxiliary base station to update the security key.
In this embodiment, the primary base station actively sends an update request message to the secondary base station when determining that the security key communicated with the terminal device is updated, so as to instruct the secondary base station to update the security key. The updated security key is sent instead of under the requirement of the auxiliary base station, so that the situation that the communication is abnormal due to inconsistent security keys caused by untimely updating of the security key at the auxiliary base station side can be avoided.
In an alternative embodiment, the update indication is a packet data convergence protocol PDCP change indication. In this embodiment, the PDCP change instruction is an instruction initiated by the primary base station, and is used to instruct the primary base station to initiate a request for updating the security key in the secondary base station. Specifically, the indication type of the PDCP change indication is: from the M-NG-RAN node (From M-NG-RAN node); including an S-NG-RAN node security key update request (S-NG-RAN node update request) in an Indication (Indication from M-NG-RAN node to S-NG-RAN node) from the M-NG-RAN node to the S-NG-RAN node; wherein the M-NG-RAN node represents the primary base station, and the S-NG-RAN node represents the secondary base station.
In an alternative embodiment, the security key for communication with the terminal device is generated based on a security algorithm and a base key; the determining module 601 is specifically configured to determine a security key update for communicating with the terminal device when the security algorithm and/or the reference key is changed.
In correspondence to the above method, referring to fig. 7, an embodiment of the present invention further provides a schematic structural diagram of an apparatus 700 for updating a security key, where the apparatus is applicable to a primary base station or a secondary base station, and includes:
a communication interface 701, a memory 702, and a processor 703;
the processor 703 communicates with other devices through the communication interface 701.
In this embodiment, the specific connection medium among the communication interface 701, the memory 702, and the processor 703 is not limited, for example, a bus, and the bus may be divided into an address bus, a data bus, a control bus, and the like.
In the embodiments of the present application, the processor may be a general-purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a discrete gate or transistor logic device, or a discrete hardware component, and may implement or execute the methods, steps, and logic blocks disclosed in the embodiments of the present application. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware processor, or may be implemented by a combination of hardware and software modules in a processor.
In this embodiment, the memory is used for storing program instructions, and the memory may be a nonvolatile memory, such as a Hard Disk Drive (HDD) or a solid-state drive (SSD), and may also be a volatile memory, such as a random-access memory (RAM). The memory can also be, but is not limited to, any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. The memory in the embodiments of the present application may also be circuitry or any other device capable of performing a storage function for storing program instructions and/or data.
When applied to a primary base station, the processor 703 may communicate with another device, which may be a secondary base station, through the communication interface 701, for example, the processor 703 may send an update request message to the secondary base station through the communication interface 701, and the processor 703 is configured to call the program instructions stored in the memory 702, and execute the method executed by the primary base station side in any of the embodiments according to the obtained program.
When applied to a secondary base station, the processor 703 may communicate with another device, which may be a primary base station, through the communication interface 701, for example, the processor 703 may send an update response message to the primary base station through the communication interface 701, and the processor 703 is configured to call the program instructions stored in the memory 702, and execute the method executed by the secondary base station side in any of the embodiments described above according to the obtained program.
Further, an embodiment of the present invention provides a computer-readable storage medium storing computer instructions, which, when executed on a computer, cause the computer to perform the above-mentioned method.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (12)
1. A method for updating a security key, applied to a secondary base station, includes:
receiving an updating request message sent by a main base station when determining that a security key communicated with terminal equipment is updated; the update request message carries an update instruction and a security key communicated with the terminal equipment, wherein the update instruction is used for instructing the auxiliary base station to update the security key;
and updating the stored security key communicated with the terminal equipment into the security key carried in the updating request message according to the updating indication.
2. The method of claim 1, wherein the update indication is a Packet Data Convergence Protocol (PDCP) change indication.
3. A method for updating a security key, applied to a main base station, includes:
determining a security key update for communication with the terminal device;
sending an update request message to the secondary base station; the update request message carries an update instruction and a security key communicated with the terminal device, wherein the update instruction is used for instructing the auxiliary base station to update the security key.
4. The method of claim 3, wherein the update indication is a Packet Data Convergence Protocol (PDCP) change indication.
5. The method according to claim 3 or 4, characterized in that the security key for communication with the terminal device is generated based on a security algorithm and a base key;
the determining of the security key update in communication with the terminal includes:
when the security algorithm and/or the reference key is changed, determining the update of the security key communicated with the terminal equipment.
6. An apparatus for updating a security key, applied to a secondary base station, includes:
the receiving module is used for receiving an updating request message sent by the main base station when the safety key communicated with the terminal equipment is determined to be updated; the update request message carries an update instruction and a security key communicated with the terminal equipment, wherein the update instruction is used for instructing the auxiliary base station to update the security key;
and the updating module is used for updating the stored security key communicated with the terminal equipment into the security key carried in the request message according to the updating indication.
7. The apparatus of claim 6, wherein the update indication is a Packet Data Convergence Protocol (PDCP) change indication.
8. An apparatus for updating a security key, applied to a master base station, comprising:
a determination module for determining a security key update for communication with the terminal device;
a sending module, configured to send an update request message to the secondary base station; the update request message carries an update instruction and a security key communicated with the terminal device, wherein the update instruction is used for instructing the auxiliary base station to update the security key.
9. The apparatus of claim 8, wherein the update indication is a Packet Data Convergence Protocol (PDCP) change indication.
10. The apparatus of claim 8 or 9, wherein the security key for communication with the terminal device is generated based on a security algorithm and a base key; the determining module is specifically configured to determine a security key update communicated with the terminal device when the security algorithm and/or the reference key is changed.
11. An apparatus for updating a security key, comprising:
a memory and a processor;
a memory for storing program instructions;
a processor for calling the program instructions stored in the memory and executing the method of any one of claims 1 to 2 or the method of any one of claims 3 to 5 according to the obtained program.
12. A computer readable storage medium having stored thereon computer instructions which, when run on a computer, cause the computer to perform the method of any of claims 1-2 or the method of any of claims 3-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911364704.6A CN113068183A (en) | 2019-12-26 | 2019-12-26 | Updating method and device of security key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911364704.6A CN113068183A (en) | 2019-12-26 | 2019-12-26 | Updating method and device of security key |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113068183A true CN113068183A (en) | 2021-07-02 |
Family
ID=76557832
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911364704.6A Pending CN113068183A (en) | 2019-12-26 | 2019-12-26 | Updating method and device of security key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113068183A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023197992A1 (en) * | 2022-04-12 | 2023-10-19 | 维沃移动通信有限公司 | Key determination method and apparatus, terminal, network side device, and storage medium |
| WO2024065548A1 (en) * | 2022-09-29 | 2024-04-04 | 北京小米移动软件有限公司 | Security key update method and apparatus |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102740289A (en) * | 2012-06-15 | 2012-10-17 | 电信科学技术研究院 | Method, device and system for key updating |
| CN103747442A (en) * | 2013-12-27 | 2014-04-23 | 上海华为技术有限公司 | Security key context distribution method, mobility management entity and base station |
| CN104936175A (en) * | 2014-03-21 | 2015-09-23 | 上海贝尔股份有限公司 | Method for updating key in dual connection communication environment and device thereof |
| CN109560923A (en) * | 2013-11-01 | 2019-04-02 | 华为技术有限公司 | Cipher key processing method and equipment under a kind of dual link mode |
| WO2019216802A1 (en) * | 2018-05-10 | 2019-11-14 | Telefonaktiebolaget Lm Ericsson (Publ) | Protocols and architectures for nr-nr dual connectivity (nr-dc) |
| CN110536411A (en) * | 2019-02-26 | 2019-12-03 | 中兴通讯股份有限公司 | Terminal location acquisition methods, device, the network equipment and storage medium |
-
2019
- 2019-12-26 CN CN201911364704.6A patent/CN113068183A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102740289A (en) * | 2012-06-15 | 2012-10-17 | 电信科学技术研究院 | Method, device and system for key updating |
| CN109560923A (en) * | 2013-11-01 | 2019-04-02 | 华为技术有限公司 | Cipher key processing method and equipment under a kind of dual link mode |
| CN103747442A (en) * | 2013-12-27 | 2014-04-23 | 上海华为技术有限公司 | Security key context distribution method, mobility management entity and base station |
| CN104936175A (en) * | 2014-03-21 | 2015-09-23 | 上海贝尔股份有限公司 | Method for updating key in dual connection communication environment and device thereof |
| WO2019216802A1 (en) * | 2018-05-10 | 2019-11-14 | Telefonaktiebolaget Lm Ericsson (Publ) | Protocols and architectures for nr-nr dual connectivity (nr-dc) |
| CN110536411A (en) * | 2019-02-26 | 2019-12-03 | 中兴通讯股份有限公司 | Terminal location acquisition methods, device, the network equipment and storage medium |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023197992A1 (en) * | 2022-04-12 | 2023-10-19 | 维沃移动通信有限公司 | Key determination method and apparatus, terminal, network side device, and storage medium |
| WO2024065548A1 (en) * | 2022-09-29 | 2024-04-04 | 北京小米移动软件有限公司 | Security key update method and apparatus |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102076038B (en) | Method and device for implementing oop initialization prearranged assignment (LIPA) connection switching preparation process | |
| CN109246770B (en) | Switching method, terminal equipment and network equipment | |
| EP3282755A1 (en) | Relay node switching method and system | |
| EP4093073A1 (en) | Ims emergency service state indication method and device | |
| EP3386252A1 (en) | Resource requesting method, device, network side node and system | |
| US10516977B2 (en) | Data packet transmission method and device | |
| KR102328510B1 (en) | The reason for the establishment and how the terminal was decided | |
| CN113068183A (en) | Updating method and device of security key | |
| JP2019534636A (en) | Session management method and session management network element | |
| CN105451278A (en) | Method and device for changing secondary eNB in double connection system | |
| US20240073768A1 (en) | Information transmission method and device thereof | |
| US20220217618A1 (en) | Access control method and apparatus, and readable storage medium | |
| EP2490479B1 (en) | Method and mobile switching center (msc) for implementing load re-distribution | |
| WO2014101469A1 (en) | Group resource release method, device and system | |
| CN108632921B (en) | Core network switching method and device | |
| WO2018115041A1 (en) | Control of remote ue to access network via a relay ue based on access level and access restriction configuration | |
| EP3648508B1 (en) | Communication method and device | |
| EP2571321A1 (en) | Method and device for controlling channel transmission | |
| CN114071801B (en) | State indication method of terminal equipment and communication device | |
| CN112087816B (en) | Security activation state determining method and related product | |
| CN108307457B (en) | Message routing method and device | |
| US9998608B2 (en) | Method, user equipment and charging system for charging proximity based services | |
| CN114071658B (en) | Registration method and device of terminal equipment | |
| CN107005962B (en) | Wireless communication network registration method, communication device and system | |
| EP4231705A1 (en) | Communication method, apparatus and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210702 |