EP2255559A1 - System und verfahren für übergabe oder schlüsselverwaltung bei der durchführung von übergaben in einem drahtlosen kommunikationssystem - Google Patents

System und verfahren für übergabe oder schlüsselverwaltung bei der durchführung von übergaben in einem drahtlosen kommunikationssystem

Info

Publication number
EP2255559A1
EP2255559A1 EP09711967A EP09711967A EP2255559A1 EP 2255559 A1 EP2255559 A1 EP 2255559A1 EP 09711967 A EP09711967 A EP 09711967A EP 09711967 A EP09711967 A EP 09711967A EP 2255559 A1 EP2255559 A1 EP 2255559A1
Authority
EP
European Patent Office
Prior art keywords
key
handover
random
base station
target base
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP09711967A
Other languages
English (en)
French (fr)
Inventor
Alec Brusilovsky
Tania Godard
Sarvar Patel
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia of America Corp
Original Assignee
Alcatel Lucent USA Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US12/378,653 external-priority patent/US8179860B2/en
Application filed by Alcatel Lucent USA Inc filed Critical Alcatel Lucent USA Inc
Publication of EP2255559A1 publication Critical patent/EP2255559A1/de
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/08Reselecting an access point
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information

Definitions

  • Example embodiments of the present application relate to a system and method for telecommunications. More particularly, example embodiments relate to a method of providing secure wireless communication between a network and user equipment using secure keys.
  • FIG. 1 illustrates an example of an EPS environment for wireless communications.
  • the EPS of FIG. 1 illustrates a user equipment (UE), evolved NodeBs (eNBs) and a mobility management entity (MME).
  • UE user equipment
  • eNBs evolved NodeBs
  • MME mobility management entity
  • FIG. 1 also illustrates that the eNBs and the MMEs are part of the evolved UMTS terrestrial radio access network (eUTRAN) indicated by the solid-line oval, while the UE is outside of the eUTRAN.
  • eUTRAN evolved UMTS terrestrial radio access network
  • an EPS has two layers of protection instead of one layer perimeter security as is used in universal mobile telecommunications system (UMTS).
  • the first security layer is the evolved UMTS Terrestrial Radio Access Network (eUTRAN), and the second security layer is evolved Packet Core (EPC) network security.
  • Evolved Packet Core security involves the use of non-access stratum (NAS) signaling security.
  • NAS non-access stratum
  • the signaling diagram of FIG. 2 illustrates messages communicated between and operations of a user equipment (UE), first evolved NodeB (source eNB), second evolved NodeB (target eNB), and an evolved packet core (EPC).
  • the EPC includes a Mobility Management Entity (MME) and system architecture evolution gateway (SAE GW).
  • MME Mobility Management Entity
  • SAE GW system architecture evolution gateway
  • An intra-MME handover refers to a handover of a UE from a source eNB to a target eNB, in which both the source eNB and target eNB are supported by the same MME.
  • the UE sends a measurement report to the source eNB in message 1.
  • the contents of the measurement report are well-known in the art and thus, are not discussed herein for the sake of brevity.
  • the source eNB determines which target eNB to conduct the handover procedure with. To begin this conventional handover, the source eNB derives a second key KeNB* from a first key KeNB that is known at the source eNB as shown by operation IA.
  • the source eNB sends a handover request to the target eNB along with the second key KeNB* in message 2.
  • the target eNB provides a handover response to the source eNB along with a Cell Radio Temporary Identity (C- RNTI) in message 3.
  • C-RNTI Cell Radio Temporary Identity
  • this C-RNTI is a 16 bit or 32 bit number. Further, this C-RNTI may simply be an identifier related to the target eNB. In the conventional signal diagram of FIG. 2, the second key KeNB* and C-RNTI are being relied on for security.
  • the target eNB also derives a third key KeNB** from the KeNB* and the C-RNTI. Further, Radio Resource Control and User Plane (RRC/UP) keys are derived from the third key keNB** by the target eNB in operation 3B as is well known in the art.
  • RRC/UP Radio Resource Control and User Plane
  • the source eNB in response to receiving the handover response in message 3, transmits a handover command to the UE.
  • the handover command instructs the UE to perform a handover with the target eNB as shown by Message 4.
  • the UE derives a third key KeNB** from the KeNB* and the C-RNTI in operation 4A, which is the same as the key derived in operation 3 A by the target eNB. From the third key KeNB**, the UE derives RRC/UP keys as is well-known in the art as shown by operation 4B. As such, both the UE and target eNB have the RRC/UP keys.
  • the UE then sends a handover confirm message to the target eNB as indicated by message 5.
  • the target eNB In response to receiving the handover confirm message from the UE, the target eNB sends a handover complete message to the source eNB indicating the intra-MME handover is complete in message 6. Lastly, as indicated by message 7, the target eNB, which is now the source eNB sends a UE location update message to the EPC.
  • Example embodiments provide a method of providing secure wireless communication between a network and user equipment using secure keys.
  • example embodiments provide a method for performing handovers and key management while providing increased security.
  • An example embodiment provides a method performed by user equipment.
  • the method includes receiving a random handover seed key protected by a secure protocol from a core component of a network such as a MME.
  • the secure protocol prevents the random handover seed key from being learned by base stations (e.g., eNBs) supported by the core component of the network.
  • the method also includes receiving a handover command from a source base station.
  • the handover command includes a target base station identifier identifying a target base station.
  • the target base station is a base station targeted to provide services to a user equipment that is supported by the source base station.
  • the method also includes deriving encryption keys using the received random handover seed key and the target base station identifier, and communicating with the target base station based on the derived encryption keys and the target base station identifier.
  • the method performed by the user equipment further includes sending a confirmation message to the target base station to confirm handover from the source base station to the target base station is acceptable.
  • the method performed by the user equipment further includes sending a measurement report to the source base station.
  • the receiving step may receive the handover command from the source base station in response to the sent measurement report.
  • the deriving step may input the random handover seed key and the target base station identifier as inputs to a key derivation function to derive the encryption keys.
  • the secure protocol is a non-access stratum (NAS) protocol.
  • NAS non-access stratum
  • Another example embodiment provides a method performed by a core component (e.g., MME) of the network.
  • the method includes sending a random handover seed key from the core component of a network to a user equipment using a secure protocol that prevents the random handover seed key from being learned by base stations supported by the core network component.
  • the method performed by the core component of the network further includes assigning a first random key at the core component of a network to each base station supported by the core component, and providing the first random key to each of the respective base stations.
  • the first random key is different for each base station and is provided prior to sending the random handover seed key to the user equipment.
  • the providing step may provide the first random key to each of the respective base stations prior to a handover procedure involving the respective base stations.
  • the method performed by the core component further includes receiving a list of potential handover target base stations for the user equipment from a source base station currently supporting the user equipment, selecting the random handover seed key, deriving a second random key specific for each target base station listed in the list of potential handover target base stations by using the random handover seed key and respective target base station identifiers as inputs to a key derivation function (e.g., AES). Still further, the method includes encrypting each second random key with the corresponding first random key to obtain an encrypted second random key for each target base station listed in the list of potential handover target base stations, and sending a list of the encrypted second random keys to the source base station.
  • a key derivation function e.g., AES
  • Another example embodiment provides a method performed by base station.
  • the method performed by a base station includes sending a list identifying potential handover target base stations for a user equipment to a core component to request information for each of the potential handover target base stations included in the list, and receiving a list of encrypted first random keys. Each of the encrypted first random keys is specific to one of the potential handover target base stations.
  • a random handover seed key protected by a secure protocol is sent from a core component of a network to the user equipment. The secure protocol prevents the random handover seed key from being learned by a source base station currently supporting the user equipment and the potential handover target base stations supported by the core component of the network.
  • the method performed by a base station further includes receiving a measurement report from the user equipment, selecting one of the potential handover target base stations as a target base station to support the user equipment following a successful handover, and forwarding a handover request to the target base station.
  • the handover request includes the encrypted first random key corresponding to the selected target.
  • the method includes sending a handover command to the user equipment, receiving a handover complete signal from the target base station, and handing over support of the user equipment to the target base station in response to receiving the handover complete signal.
  • Still another example embodiment provides a method performed by a base station.
  • the method includes receiving a first random key from a core component of a network including a plurality of base stations one of which is a source base station supporting a user equipment and another of which is a target base station for supporting the user equipment after handover.
  • the method also includes receiving a handover request including an encrypted first random key at the target base station, decrypting the handover request using the first random key to recover a second random key, deriving encryption keys from the second random key at the target base station, and communicating with the user equipment based on the derived encryption keys.
  • the first random key is received prior to a handover procedure started by receiving the handover request.
  • a random handover seed key protected by a secure protocol is sent from the core component of the network to the user equipment.
  • the secure protocol prevents the random handover seed key from being learned by the source base station currently supporting the user equipment and the target base station supported by the core component of the network.
  • FIG. 1 illustrates a EPS environment for wireless communications; illustrates a signal flow diagram of message and operations performed in a conventional Intra-MME handover procedure;
  • FIG. 2 illustrates a signal flow diagram of message and operations performed in a conventional intra-MME handover procedure
  • FIG. 3 illustrates a signal flow diagram for messages and operations of a
  • Intra-MME handover procedure according to an example embodiment.
  • FIG. 4 illustrates a signal flow diagram for messages and operations of a
  • Intra-MME handover procedure according to an alternative embodiment.
  • FIG. 5 illustrates a signal flow diagram for messages and operations of a
  • Example embodiments are discussed herein as being implemented in a suitable computing environment. Although not required, example embodiments will be described in the general context of computer-executable instructions, such as program modules or functional processes, being executed by one or more computer processors or CPUs. Generally, program modules or functional processes include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The program modules and functional processes discussed herein may be implemented using existing hardware in existing communication networks. For example, program modules and functional processes discussed herein may be implemented using existing hardware at existing radio network control nodes.
  • FIG. 3 An example embodiment of a method for performing handovers as well as key management in a wireless communication system is explained below with respect to the signal flow diagram illustrated in FIG. 3.
  • the NAS security essentially provides a tunnel between the UE and the MME, which is transparent to the eNBs.
  • the NAS security tunnel cannot be read and/or decoded by the eNBs according to example embodiments.
  • FIG. 3 illustrates an example embodiment of an MME-assisted key refresh procedure for intra-MME handovers.
  • the signaling diagram of FIG. 3 shows message exchanges between and operations performed by a UE, a source eNB, a target eNB and the MME of the EPS previously described with respect to FIG. 1.
  • the signaling diagram of FIG. 3 also identifies three different groupings of the messages and operations including the initial security association (SA) establishment messages and operations, messages and operations performed prior to handover, and handover messages and operations.
  • SA initial security association
  • the MME generates an eNB random key MME- eNB_key[eNB_ID] for each of the eNBs of the EPS in operation 1.
  • the number of bits of this random key may vary.
  • each eNB random key MME-eNB_key[eNB_ID] is 128 or 256 bits long, matches the length of the serving system keys (128 or 256 bits), and is specific to a corresponding eNB.
  • the eNB and MME have a security association established, only afterwards do they try to agree on a MME-eNB_Key. This happens to each eNB, perhaps after it has booted up and established a security association. It is noted that there is no waiting for an eNB to become a source or target eNB in a handover.
  • the MME-eNB key is established independent of handovers. Further, the MME-eNB key may be refreshed after some period.
  • the MME sends a different eNB random key MME-eNB_key[eNB_ID] to each of the target eNBs connected to the MME via a Sl interface.
  • the source eNB is the eNB currently providing wireless communication services to the UE.
  • a UE location update message is sent from the source eNB to the MME as indicated by message 3.
  • the UE location update message includes a list of eNBs to which wireless communication services for the UE may be handed over from the source eNB. Stated differently, the location update message includes a list of neighbor eNBs that is transmitted from the source eNB to the MME.
  • the MME selects and/or creates a random handover seed key H_key as indicated by operation 3A.
  • the random handover seed key H_key is unknown to the eNBs of the EPS.
  • the MME uses an identifier eNB ID individually identifying each of the eNBs of the system as an input to a key derivation function along with the random handover seed key H_key to create a first key KeNB e NB_ro for each target eNB in the received neighbor list.
  • the MME then encrypts the calculated first key KeNB e NB_iD with the respective eNB random keys MME-eNB_key[eNB_ID Ta r g et] of the target eNBs in operation 3C to obtain an encrypted first key ⁇ KeNB e NB_iD ⁇ iviME-eNB_key[eNB_iD ⁇ -
  • the notation ⁇ X ⁇ designates the encryption of X using the key Y.
  • the encryption of the key should be semantically secure encryption. For example a 128 bit key could be encrypted by using it as input to a 128 bit AES block cipher and using MME- eNB_key as the AES key. Another option is to use any form of encryption, but supplement with a message integrity tag.
  • An encrypted first key ⁇ KeNB e NB_io ⁇ MME- eNB_key[eNB_iD ⁇ is obtained for each of the potential target eNBs identified in the UE location update message sent from the source eNB to the MME in message 3.
  • the MME obtains the encrypted first keys ⁇ KeNB e NB_iD ⁇ MME- eNB_key[eNB_ro] for each of the potential target eNBs
  • the encrypted first keys ⁇ KeNBeNBjD ⁇ MME-eNB_key[eNB_iD] are provided to the source eNB as indicated by message 4.
  • the MME sends an array or list of obtained encrypted first keys ⁇ KeNB e NB_iD ⁇ MME-eNB_key[eNB_iD] for the potential target eNBs.
  • Each element of that array corresponds to a potential target eNB and is indexed by the identifier eNB_ID.
  • the keys provided to the source eNB in response to receiving the UE location update message are encrypted, specific to the different potential target eNBs, and generated based on the random handover seed key H_key.
  • the MME forwards the random handover seed key H_key selected in operation 3 A to the UE in message 5.
  • the forwarding of the H_key is protected by a NAS security.
  • AKA Authentication Key Agreement
  • the UE and MME create security contexts, including NAS encryption and NAS integrity keys.
  • eNBs cannot see the content of the NAS messages since neither the MME nor the UE share NAS keys with eNBs.
  • the random handover seed key H_key cannot be eavesdropped by either the source eNB or target eNB during the transmission of message 5.
  • the random handover seed key H_key is protected by NAS security to prevent the eNBs supported by the MME from learning the random handover seed key H key. Accordingly, even if an attacker has control over the source eNB, the attacker is inhibited and/or prevented from obtaining the random handover seed key H_key.
  • the UE sends a measurement report to the source eNB as indicated by message 6.
  • the measurement report is well-known in the art and thus, is not described herein for the sake of brevity.
  • the source eNB makes a handover decision for the UE as indicated in operation 6a. As such, the source eNB determines which target eNB will provide communication services to the UE following the handover procedure.
  • the source eNB sends a handover request to the target eNB.
  • the handover request includes the encrypted first key ⁇ KeNB ⁇ ar g eteNB_iD ⁇ MME - eNB_key[Target e NBjD] corresponding to the target eNB as shown by message 7.
  • the MME sends an array or list of obtained encrypted first keys ⁇ KeNB e NB_iD ⁇ MME-eNB_key[eNB_iD] for the potential target eNBs. Each element of that array corresponds to a potential target eNB and is indexed by the identifier eNB ID.
  • the source eNB when the source eNB knows the target eNB identifier Target eNB_ID, the source eNB forwards the encrypted KeNB for the identified target eNB to the target eNB.
  • the encrypted first key ⁇ KeNB T argeteNB_ro ⁇ MME-eNB_key[ ⁇ ar ge teNB_iD] is sent to the target eNB according to example embodiment, as compared with merely sending a handover request including the second key KeNB* derived with a one-way function from the first KeNB as described in the conventional method of FIG. 2.
  • the target eNB recovers first key KeNBe NBjD for the target eNB by decrypting the encrypted first key value ⁇ KeNB T argeteNB_ ⁇ MME-eNB_k e y[TargeteNB_iD] using the key MME-eNB_key [Target eNB IDxarget] previously sent to the target eNB from the MME in message 2.
  • the target eNB sends a handover response to the source eNB in message 8. Further, the target eNB derives RRCAJP keys from the decrypted first key value KeNBjarg e t eN B_ro in operation 8A.
  • the source eNB sends a handover command to the UE.
  • the handover command of message 9 makes the target eNB known to the UE by including an identifier Target eNB ID of the target eNB.
  • the UE has already received the random handover seed key H_Key. Accordingly, the UE derives the first key for the target eNB KeNBjarget eNB i D in operation 9 A.
  • the UE From the obtained first key for the target eNB KeNB Ta rget eNBjD, the UE derives RRC/UP keys in operation 9B. Derivation of the RRC/UP keys are well-known in the art and thus, are not discussed herein for the sake of brevity. [0049] Still referring to FIG. 3, the UE sends a handover confirm message to the target eNB as shown by message 10. The target eNB receives the handover confirm message from the UE and notifies the source eNB that the handover is complete. The target eNB notifies the source eNB by transmitting a handover complete signal in message 10.
  • the target eNB which is now the second source eNB for the UE, sends a UE location update message with a list of potential targets, i.e., neighbor eNBs, to the MME in order to prepare for a possible second handover in message 12.
  • message 12 is similar to message 3, which was sent from the first source eNB to the MME prior to the handover from the first source eNB to the target eNB.
  • Message 13 is similar to previously described message 4 for the same reasons.
  • the MME again obtains encrypted first keys ⁇ KeNBeNB_io ⁇ MME-eNB_key[eNB_iD] for each of the potential target eNBs, and the encrypted first keys ⁇ KeNBeNB_io ⁇ MME-eNB_key[eNB_iD] are provided to the source eNB in message 13
  • FIG. 4 An alternative handover procedure is illustrated in Figure 4.
  • the signaling diagram of FIG. 4 illustrates an alternative embodiment of an MME-assisted key refresh procedure for intra-MME handovers.
  • the signaling diagram of FIG. 4 shows message exchanges between and operations performed by a UE, a source eNB, a target eNB and the MME of the EPS previously described with respect to FIG. 1.
  • the signaling diagram of FIG. 4 also indicates by a horizontal dotted line and marginal notations a division of the messages and operations for this embodiment between messages and operations performed prior to handover, and handover messages and operations. (0052] Referring to FIG.
  • the pre-handover process begins with the MME generating a random authentication value designated as H_nonce (for "Handover Nonce") of a length equal to that of the KeNB key.
  • H_nonce for "Handover Nonce”
  • the MME then sends the H_nonce key to the UE, using known security protocols.
  • the forwarding of the H nonce key from the MME to the UE is protected by a NAS security.
  • AKA Authentication Key Agreement
  • the eNBs When messages from the MME pass through one or more eNBs over the air interface to the UE, the eNBs cannot see the content of the NAS messages since neither the MME nor the UE share NAS keys with eNBs. As such, the random H_nonce key cannot be eavesdropped by eNBs in the transmission path during the transmission of message 3. Stated differently, the random H_nonce key is protected by NAS security to prevent the eNBs supported by the MME from learning the random handover nonce key, H_nonce.
  • the UE sends a measurement report to the source eNB as indicated by message 4.
  • the measurement report is well-known in the art and thus, is not described herein for the sake of brevity.
  • the source eNB makes a handover decision for the UE as indicated in operation 4A.
  • the source eNB determines which target eNB will provide communication services to the UE following the handover procedure.
  • the source eNB then derives the second key KeNB* in operation 4B with a one-way function from the known KeNB, as described in the conventional method of FIG. 2.
  • the source eNB then sends a handover request to the target eNB in message 5.
  • the handover request includes the H nonce key and the KeNB* keys.
  • the target eNB derives a new KeNB from KeNB* and H nonce, received from the source eNB, along with an identifier for the target eNB, Target eNB_ID, in operation 6A.
  • the Target eNB ID value corresponds to, or can be derived from the Physical Cell ID, or PCI, for the particular eNB, the PCI being a globally unique number identifying the eNB within a particular wireless system.
  • the target eNB then derives new RRC/UP keys from the new KeNB key in operation 6B.
  • the target eNB sends a handover response to the source eNB, including its identifier, Target eNB_ID, in message 6.
  • the source eNB then sends a handover command to the UE.
  • the handover command of message 7 makes the target eNB known to the UE by including the identifier, Target eNB ID, of the target eNB.
  • the UE has already received the random handover seed key Hjionce from the MME. Accordingly, the UE derives its own new KeNB key from KeNB*, H nonce and Target eNB_ID in operation 7A.
  • KeNB HASH(KeNB*
  • the UE derives new RRC/UP keys in operation 7B. Derivation of the RRC/UP keys are well- known in the art and thus, are not discussed herein for the sake of brevity.
  • the UE sends a handover confirm message to the target eNB as shown by message 8. This message is already protected by the new RRC keys.
  • the target eNB receives the handover confirm message from the UE and, in message 9, notifies the source eNB that the handover is complete. Once the handover procedure is complete, the target eNB, which is now the new source eNB for the UE, sends a UE location update message to the MME, in message 10, in order to prepare for a possible second handover.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
EP09711967A 2008-02-20 2009-02-20 System und verfahren für übergabe oder schlüsselverwaltung bei der durchführung von übergaben in einem drahtlosen kommunikationssystem Withdrawn EP2255559A1 (de)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US6643708P 2008-02-20 2008-02-20
US12/378,653 US8179860B2 (en) 2008-02-15 2009-02-18 Systems and method for performing handovers, or key management while performing handovers in a wireless communication system
PCT/US2009/001092 WO2009105249A1 (en) 2008-02-20 2009-02-20 System and method for performing handovers, or key management while performing handovers in a wireless communication system

Publications (1)

Publication Number Publication Date
EP2255559A1 true EP2255559A1 (de) 2010-12-01

Family

ID=40677590

Family Applications (1)

Application Number Title Priority Date Filing Date
EP09711967A Withdrawn EP2255559A1 (de) 2008-02-20 2009-02-20 System und verfahren für übergabe oder schlüsselverwaltung bei der durchführung von übergaben in einem drahtlosen kommunikationssystem

Country Status (5)

Country Link
EP (1) EP2255559A1 (de)
JP (1) JP2011515904A (de)
KR (1) KR20100126691A (de)
CN (1) CN101953191A (de)
WO (1) WO2009105249A1 (de)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8179860B2 (en) 2008-02-15 2012-05-15 Alcatel Lucent Systems and method for performing handovers, or key management while performing handovers in a wireless communication system
GB2473882A (en) * 2009-09-29 2011-03-30 Nec Corp Allocation of temporary identifiers to mobile devices connecting to home node base stations
JP5625703B2 (ja) * 2010-10-01 2014-11-19 富士通株式会社 移動通信システム、通信制御方法及び無線基地局
CN102413463B (zh) * 2011-10-12 2013-09-25 厦门大学 填充序列长度可变的无线媒体接入层鉴权和密钥协商方法
WO2018137824A1 (en) 2017-01-30 2018-08-02 Telefonaktiebolaget Lm Ericsson (Publ) Methods, apparatuses, computer programs and carriers for security management before handover from 5g to 4g system
CN112956236B (zh) * 2019-02-02 2022-10-21 Oppo广东移动通信有限公司 切换过程中安全信息的处理方法及装置、网络设备、终端
CN111988118A (zh) * 2019-05-24 2020-11-24 华为技术有限公司 一种无线局域网中的通信方法及设备

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100563186C (zh) * 2005-07-11 2009-11-25 华为技术有限公司 一种在无线接入网中建立安全通道的方法
US7706799B2 (en) * 2006-03-24 2010-04-27 Intel Corporation Reduced wireless context caching apparatus, systems, and methods
WO2007110748A2 (en) * 2006-03-27 2007-10-04 Nokia Corporation Apparatus, method and computer program product providing unified reactive and proactive handovers
US20090209259A1 (en) * 2008-02-15 2009-08-20 Alec Brusilovsky System and method for performing handovers, or key management while performing handovers in a wireless communication system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2009105249A1 *

Also Published As

Publication number Publication date
WO2009105249A1 (en) 2009-08-27
KR20100126691A (ko) 2010-12-02
JP2011515904A (ja) 2011-05-19
CN101953191A (zh) 2011-01-19

Similar Documents

Publication Publication Date Title
US8179860B2 (en) Systems and method for performing handovers, or key management while performing handovers in a wireless communication system
US20090209259A1 (en) System and method for performing handovers, or key management while performing handovers in a wireless communication system
US8855603B2 (en) Local security key update at a wireless communication device
US8094817B2 (en) Cryptographic key management in communication networks
US8707045B2 (en) Method and apparatus for traffic count key management and key count management
US20070224993A1 (en) Apparatus, method and computer program product providing unified reactive and proactive handovers
US20080039096A1 (en) Apparatus, method and computer program product providing secure distributed HO signaling for 3.9G with secure U-plane location update from source eNB
JP4820429B2 (ja) 新しい鍵を生成する方法および装置
JP2011526097A (ja) トラフィック暗号化キー生成方法及び更新方法
JP5398877B2 (ja) セルラー無線システムにおける無線基地局鍵を生成する方法と装置
JP5774096B2 (ja) エアインターフェースキーの更新方法、コアネットワークノード及び無線アクセスシステム
US9350537B2 (en) Enhanced key management for SRNS relocation
Gupta et al. Security vulnerabilities in handover authentication mechanism of 5G network
JP2012532539A (ja) 無線リソース制御接続再確立の際のセキュリティキー処理方法、装置及びシステム
WO2011085682A1 (zh) 一种空中接口密钥的更新方法及系统
WO2009105249A1 (en) System and method for performing handovers, or key management while performing handovers in a wireless communication system
KR20090063274A (ko) 무선 원격통신에서의 암호화
JP5043928B2 (ja) 暗号化および整合性のために使用されるキーを処理する方法および装置
WO2013075417A1 (zh) 切换过程中密钥生成方法及系统
CN113170369A (zh) 用于在系统间改变期间的安全上下文处理的方法和装置
WO2008152611A1 (en) Apparatus, method and computer program product providing transparent container
Sun et al. A secure and effective scheme providing comprehensive forward security to LTE/SAE X2 handover key management
CN102196427A (zh) 空口密钥更新的方法及系统

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20100920

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL BA RS

DAX Request for extension of the european patent (deleted)
18D Application deemed to be withdrawn

Effective date: 20130829

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

R18D Application deemed to be withdrawn (corrected)

Effective date: 20130903