WO2007098690A1 - A method and system for implementing packet broadcasting service key synchronization between multiple base stations - Google Patents

A method and system for implementing packet broadcasting service key synchronization between multiple base stations Download PDF

Info

Publication number
WO2007098690A1
WO2007098690A1 PCT/CN2007/000631 CN2007000631W WO2007098690A1 WO 2007098690 A1 WO2007098690 A1 WO 2007098690A1 CN 2007000631 W CN2007000631 W CN 2007000631W WO 2007098690 A1 WO2007098690 A1 WO 2007098690A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
base station
new
synchronization
management center
Prior art date
Application number
PCT/CN2007/000631
Other languages
French (fr)
Chinese (zh)
Inventor
Haining Wang
Haitao Du
Zhibin Lin
Changhong Shan
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2007098690A1 publication Critical patent/WO2007098690A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/12Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys

Definitions

  • the present invention relates to the field of wireless communications technologies, and in particular, to a method and system for implementing multicast key synchronization between base stations in a wireless communication network.
  • BACKGROUND OF THE INVENTION At present, most wireless communication networks adopt a cell structure in a network design, and a base station is provided for each cell, and a user of the cell can complete communication with the network side through the base station. Meanwhile, in the wireless communication network, in order to ensure the continuity of user communication, the coverage areas of adjacent cells are usually set to overlap each other.
  • the mobile station Due to the mobility of mobile terminals, they often switch between different cells. When the user crosses different cells, if the quality of the communication is to be maintained, the user needs to request a channel from the neighboring cell to implement the handover process. In the process of handover, the mobile station will simultaneously receive the same information transmitted from two or more base stations, and needs to perform diversity combining and decision on the received information, thereby improving the received signal when the mobile station is in handover. Quality, to ensure that data is not lost during handover, this diversity implementation technique is called macro-diversity.
  • MBS Multicast Broadcast Service
  • SA security association
  • the multicast data transmitted by the air interface is encrypted by using the multicast key.
  • a wireless communication system based on the 802.16e protocol is a sub-example.
  • the encryption of multicast data requires four multicast keys, specifically: MAK (Multicast Broadcast Service Authentication Key), MGKEK (Multicast) Broadcast service group key encryption key), MGTEK (multicast broadcast service group service encryption key), MTK (multicast broadcast service service encryption key).
  • the MAK is transmitted to the terminal by some method defined by the upper layer.
  • MGTEK is encrypted by MGKEK and then transmitted to the terminal.
  • MAK and MGTEK calculate MTK through an algorithm (such as Dotl6KDF algorithm), and MTK is directly used to encrypt and decrypt the multicast data.
  • the multicast key In order to prevent the key leakage from threatening the security of multicast communication, the multicast key needs to be periodically replaced. At the same time, in order to ensure the continuity of the session, the base station needs to have the ability to maintain two sets of keys, that is, it is required to obtain a new key from the superior distribution entity before the end of the old key lifetime, so as to ensure that when the old key expires, Replace the new key immediately. Still taking the WiMAX network as an example, a plurality of base stations in an MBS zone during the key update period, the base station that has completed the update will encrypt the multicast data using the new key, and the base station that has not completed the key update will still use the old key. The multicast data is encrypted. Therefore, if the synchronization of the key update is not implemented between the base stations, the keys used in different base stations in the same MBS area at the same time may be different, so that the multicast communication cannot be performed normally.
  • Embodiments of the present invention provide a method and system for implementing multicast key synchronization between multiple base stations, so that a group of base stations in a wireless communication network can ensure a multicast key used for service transmission. Synchronization, thereby ensuring the reliability of communication in a wireless communication system.
  • the embodiment of the invention provides a method for implementing multicast key synchronization between multiple base stations, including:
  • the key management center sends to each base station synchronization time information that can be used to determine the activation time of the new key; at each base station, the activation time of the new key distributed by the key management center is determined according to the received synchronization time information, and The new key is enabled at a determined time.
  • the embodiment of the present invention provides a system for implementing multicast key synchronization between multiple base stations, including a synchronization reference time processing module, a key distribution processing module, and a key enabling processing module, where
  • the synchronization reference time processing module is respectively disposed on each base station and the key management center, and is used for establishing a reference time for synchronizing each base station with the key management center;
  • the key distribution processing module is disposed in the key management center, and is configured to generate a new key and corresponding synchronization time information for each base station, and send the information to each base station separately;
  • the key activation processing module is configured to be configured in the base station, configured to determine an activation time according to the corresponding synchronization time information of the received new key, and enable the new key when the activation time is reached.
  • An embodiment of the present invention provides a key management center, including a synchronization reference time processing module and a key distribution processing module, where
  • Synchronous reference time processing module a reference time for establishing synchronization with each base station
  • Key distribution processing module used to generate a new key and corresponding synchronization time information for each base station, and respectively Send to each base station.
  • An embodiment of the present invention provides a base station, including a synchronization reference time processing module and a key enable processing module, where
  • a synchronization reference time processing module a reference time for establishing synchronization with the key management center; a key enable processing module: configured to determine a new one based on synchronization time information corresponding to the new key received from the key management center The time the key was enabled, and the new key is enabled when the activation time is reached.
  • FIG. 1 is a flow chart 1 of a specific embodiment of a method according to an embodiment of the present invention.
  • FIG. 3 is a flowchart of a specific implementation manner of a method according to an embodiment of the present invention.
  • FIG. 4 is a flowchart of a specific implementation manner of a method according to an embodiment of the present invention.
  • FIG. 5 is a flowchart of a specific implementation manner of a method according to an embodiment of the present invention.
  • FIG. 6 is a schematic structural diagram of a specific implementation of a system according to an embodiment of the present invention.
  • An object of the embodiments of the present invention is to provide a scheme for synchronizing multicast keys between base stations in an MBS area, so that multicast information received from different base stations at any time is encrypted by using the same multicast key. .
  • FIG. 1 The technical solution adopted by the embodiment of the present invention is as shown in FIG. 1 , and specifically includes:
  • Step 11 Establish a synchronization reference time for all base stations in the MBS area to synchronize with the MBS key management center.
  • the purpose of the synchronization reference time is to enable each base station to accurately synchronize and enable the new multicast key according to the instruction of the key management center.
  • the reference time may be a system time synchronized by each base station and a key management center, or an MBS reference time set for the MBS service synchronization.
  • strict synchronization is not required between the base station and the key management center, and only a synchronized time reference is needed to ensure synchronization of the new multicast key; for example, the key management center It is possible to achieve strict synchronization without receiving a GPS signal, and it is only necessary to set a reference time corresponding to the absolute GPS time as the synchronization reference time between the base station and the key management center. That is to say, there is no need to implement strict synchronization between the base station and the key management center as between different base stations, but only a relatively synchronous reference time is needed.
  • Step 12 The MBS key management center sets the synchronization time SyncTime attribute information, that is, the synchronization time information, for the multicast key, and the synchronization time is used as the time for the base station to determine to enable the new multicast key. Synchronization time for different meanings:
  • the synchronization time may be synchronization time information indicating that the new multicast key is enabled, that is, the value of the synchronization time identifies a reference time for enabling the new multicast key.
  • the synchronization time may also be synchronization time information indicating a lifetime end time of the current multicast key, that is, the synchronization time identifies the lifetime end time of the corresponding multicast key, in the currently used group.
  • the lifetime end time of the broadcast key arrives, it is determined as the time when the base station enables the new multicast key;
  • Step 13 When the MBS Key Management Center needs to distribute the key, the MBS Key Management Center will include the synchronization time attribute information of the key in the message of the distribution key, thereby sending the key and its synchronization time information together.
  • Step 14 Each base station in the MBS area determines the activation time of the new key according to the synchronization time attribute information received by the base station, and specifically includes the following two processing situations:
  • each base station in the MBS zone enables the reference time according to the reference time recorded in the synchronization time attribute corresponding to the received new multicast key.
  • Multicast key At this time, each base station in the MBS area can compare the reference time and the value of the synchronization time attribute of the key to determine the exact time when the new key is enabled, that is, when the reference time reaches the synchronization time value, Enable the new key;
  • each base station in the MBS zone will determine a new one according to the synchronization time corresponding to the currently used multicast key received by the base station.
  • the activation time of the key at this time, each base station in the MBS area can determine, according to the synchronization time, that the new multicast key is enabled at the end of the life cycle of the currently used multicast key; that is, the new group
  • the lifetime end time of the broadcast key is used to determine the activation time of the next updated multicast key.
  • the embodiment of the present invention can ensure that each base station can synchronously enable a new multicast key, so that the multicast keys used between the base stations are synchronized.
  • the specific implementation manners of the embodiments of the present invention are described in detail below with reference to the accompanying drawings. The following is a description of a specific implementation manner of the technical solution provided by the embodiment of the present invention.
  • the premise of the embodiment of the present invention is that all base stations in the MBS area are densely connected with the MBS by using the GPS method.
  • the key management center implements reference time ReferenceTime synchronization. After the base station is synchronized with the MBS key management center, the MBS key management center can perform the initial distribution processing of the multicast key. As shown in FIG. 2, the processing process specifically includes:
  • Step 21 The MBS Key Management Center acquires the MAK from the upper MAK distribution entity, and manages the MAK according to the MAK lifetime;
  • Step 22 The MBS Key Management Center generates two sets of new and old keys: MGKEK0, MGKEKK MGTEKO, MGTEKK MTK0, MTK1, and Corresponding parameters; and establish MBSGSA (MBS group security association identifier, used to uniquely identify a MBSGSA);
  • Step 23 The MBS Key Management Center generates respective synchronization time SyncTimes for MGGEK1 and MGTEK1;
  • Step 24 The MBS Key Management Center generates a key distribution message MBS_KEY_DELIVER according to the format specified in Table 1, that is, the message includes synchronization Time information and two sets of old and new keys, and send the message to all base stations in the corresponding MBS area;
  • 0x00 indicates that this message type is multicast secret.
  • the MTK can also be generated on the BS, and the MAK and MGTEK can be transmitted to the BS.
  • the BS generates the MTK.
  • the MTK parameters will no longer be included in Table 1.
  • Step 25 After receiving the MBS-KEY-DELIVER message, the base station stores each key and related parameters, and activates the old key with the small serial number: MGKEK0, MGTEK0, MTK0.
  • Step 26 Since the synchronization time of the new keys MGKEK1 and MGTEK1 is later than the current reference time, the base station starts a reference time timer for each of the two keys, namely: MGKEK_Timer, MGTEKj:imer.
  • the process of performing the update process of the multicast key for the communication process is performed by taking an update of the MGTEK as an example. As shown in FIG.
  • the corresponding update process specifically includes: Step 31: Currently used Before the end of the old key MGTEKn-1, the MBS key management center generates new keys MGTEKn, MTKn and its parameters, and generates the synchronization time of MGTEKn;
  • Step 32 The MBS key management center generates a key distribution message MBS_KEY_DELIVER according to the format as specified in Table 1, and sends the message to all base stations in the corresponding MBS area;
  • the format of the MBS-KEY-DELIVER message is as follows:
  • Step 33 After receiving the MBS_KEY_DELIVER message, the base station stores MGTEKn, MTKn and related parameters, and starts the reference time timer for MGTEKn: MGTEKJTimer.
  • Ming as shown in Figure 4, specifically includes:
  • Step 41 The base station generates a multicast key request message MBS_KEY_REQUEST according to the format as specified in Table 2, and sends the message to the MBS key management center;
  • the format of the MBS-KEY-REQUEST message is as follows:
  • Step 42 After receiving the multicast key request message of the base station, the MBS key management center generates the following MBS_KEY_DELIVER message according to the format specified in Table 1, and returns the message to the base station requesting the multicast key;
  • the format of the MBS-KEY-DELIVER message is as follows:
  • Step 43 After receiving the MBS_KEY_DELIVER message, the base station stores the MGWEKm and related parameters, and starts the reference time timer for the MGWEKm: MGKEKJTimer.
  • the specific processing procedure includes the following steps:
  • Step 51 The base station that needs to obtain the multicast key newly generates a multicast key request message MBS_KEY_REQUEST according to the format as specified in Table 2, and sends the message to the MBS key management center to request to acquire the corresponding multicast.
  • Key information MBS_KEY_REQUEST according to the format as specified in Table 2, and sends the message to the MBS key management center to request to acquire the corresponding multicast.
  • the format of the MBS-KEY-REQUEST message is as follows:
  • Step 52 Referring to step 24 described in FIG. 2, the generated MBS_KEY_DELIVER message is replied to the base station requesting the multicast key;
  • Steps 53-55 The processing of these steps is the same as the processing of steps 25-27 in Fig. 2, and therefore will not be described in detail here.
  • the embodiment of the present invention further provides a system for implementing multicast key synchronization between multiple base stations, where the system includes a key management center and a plurality of base stations.
  • the specific implementation manner is as shown in FIG. 6 , and specifically includes the following components:
  • each base station and the key management center are respectively disposed on each base station and the key management center, and are used to establish a reference time for synchronizing each base station with the key management center;
  • the key management center is configured to generate a new key and corresponding synchronization time information for each base station, and send the information to each base station separately;
  • the key distribution processing module specifically includes the following three component modules:
  • Key generation module used to generate a new key for the key period of the currently used key of each base station before the end of its life cycle;
  • the synchronization time determination module determines a corresponding synchronization time for the key generated by the key generation module; the key transmission processing module: the new key generated by the key generation module and the synchronization time determination module determines the corresponding synchronization of the key
  • the time information is transmitted to each base station by generating a key distribution message.
  • the base station is configured to determine an activation time according to the corresponding synchronization time information of the received new key, and enable the new key when the activation time is reached.
  • the key activation processing module specifically includes the following three components:
  • Key receiving module configured to receive a new key sent by the key management center and its corresponding peer time information; a timer: start a timer according to the synchronization time information;
  • Key enablement module Enables the key received by the key receiving module triggered by the timer.
  • the implementation of the implementation of the present invention enables the multicast information received from different base stations at any time to be encrypted with the same multicast key, so that the combined signals can be directly determined and effectively supported.
  • Macro-set signal reception mode which guarantees the realization of macro-diversity technology in wireless communication systems, and can improve the reliability of wireless system communication. That is, the embodiment of the present invention solves the problem of multicast key synchronization between base stations on the basis of the reference time synchronization between the base stations in the MBS area, so as to ensure that the multicast signals received from the base stations in the MBS area at any time are all
  • the same multicast key encryption is used to support macro diversity.
  • the embodiments of the present invention are specifically applicable to a wireless communication network such as WiMAX. Moreover, the implementation scheme for synchronizing the inter-base station multicast keys in the MBS area provided by the embodiment of the present invention has the advantages of being simple and easy to implement.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method and system for implementing packet broadcasting service key synchronization between multiple base stations, first, it establishes a synchronous reference time between multiple base stations and a key management center (11), then, synchronizing time information, which used for confirming the time that when start to use a new key, is sent from the key management center to each base station (13), so that, each base station could confirm the start-used time of the new key distributed by the key management center according to the received synchronizing time information (14), and start to use the new key at the confirmed time, so as to make each base station start to use the new key synchronously. This method and its system make the packet broadcasting information received from different base station at a random time is all encrypted by the same packet broadcasting key, thus ensure it implementing macro-diversity technology in a wireless communication system.

Description

多基站间实现组播密钥同步的方法及系统 技术领域 本发明涉及无线通信技术领域,尤其涉及一种无线通信网络中基站间实现组播密钥 同步的方法及系统。 发明背景 目前, 大多无线通信网络在组网设计中均采用小区的结构, 针对每个小区设置有 一个基站, 小区的用户可以通过所述基站完成与网络侧的通信。 同时, 在无线通信网络 中, 为了保证用户通信的连续性, 相邻小区的覆盖区域通常设置为相互重叠。  TECHNICAL FIELD The present invention relates to the field of wireless communications technologies, and in particular, to a method and system for implementing multicast key synchronization between base stations in a wireless communication network. BACKGROUND OF THE INVENTION At present, most wireless communication networks adopt a cell structure in a network design, and a base station is provided for each cell, and a user of the cell can complete communication with the network side through the base station. Meanwhile, in the wireless communication network, in order to ensure the continuity of user communication, the coverage areas of adjacent cells are usually set to overlap each other.
由于移动终端的移动性使得其经常会在不同的小区之间切换。 当用户跨越不同小 区时, 如果要保持继续通信的质量, 则用户需要向相邻的小区请求信道, 以实现越区切 换处理。在越区切换的过程中,移动台将同时接收来自两个或多个基站发射的相同信息, 并需要对收到的信息进行分集合并和判决,从而改善移动台处于越区切换时的接收信号 质量, 以保证越区切换时的数据不丢失, 这种分集实现技术称为宏分集技术。  Due to the mobility of mobile terminals, they often switch between different cells. When the user crosses different cells, if the quality of the communication is to be maintained, the user needs to request a channel from the neighboring cell to implement the handover process. In the process of handover, the mobile station will simultaneously receive the same information transmitted from two or more base stations, and needs to perform diversity combining and decision on the received information, thereby improving the received signal when the mobile station is in handover. Quality, to ensure that data is not lost during handover, this diversity implementation technique is called macro-diversity.
目前, 在 WiMAX (微波接入全球互通)等无线通信网络中均支持所述的宏分集技术 的实现。 即基于 WiMAX网络的 MBS (组播广播服务)支持多基站接入模式。 在多基站接入 模式下, 一个 MBS区内的基站将采用相同的 CID (连接标识)和 SA (安全联盟)发送同一 MBS业务流的内容, 这样, 注册了 MBS服务的终端可以在 MBS区内通过多个基站接收 MBS内 容, 即终端也支持所述的宏分集技术。  Currently, the implementation of the macro diversity technique is supported in wireless communication networks such as WiMAX (Worldwide Interoperability for Microwave Access). That is, MBS (Multicast Broadcast Service) based on WiMAX network supports multi-base station access mode. In the multi-base station access mode, the base station in one MBS area will use the same CID (connection identifier) and SA (security association) to send the content of the same MBS service flow, so that the terminal that has registered the MBS service can be in the MBS area. The MBS content is received by a plurality of base stations, that is, the terminal also supports the macro diversity technique.
同时, 在无线通信网络中, 为了保证无线组播通信安全, 空口传输的组播数据都 釆用组播密钥进行加密。 以基于 802. 16e协议实现的无线通信系统为分例, 其进行组播 数据的加密需要采用四个组播密钥,具体为: MAK (组播广播服务鉴权密钥)、 MGKEK (组 播广播服务组密钥加密密钥) 、 MGTEK (组播广播服务组业务加密密钥) 、 MTK (组播广 播服务业务加密密钥)。其中, MAK由上层定义的某种方法保护传递给终端, MGTEK用 MGKEK 加密之后传递给终端, MAK和 MGTEK经过某个算法(如 Dotl6KDF算法)计算得到 MTK, MTK 直接用于加解密组播数据。  At the same time, in the wireless communication network, in order to ensure the security of the wireless multicast communication, the multicast data transmitted by the air interface is encrypted by using the multicast key. A wireless communication system based on the 802.16e protocol is a sub-example. The encryption of multicast data requires four multicast keys, specifically: MAK (Multicast Broadcast Service Authentication Key), MGKEK (Multicast) Broadcast service group key encryption key), MGTEK (multicast broadcast service group service encryption key), MTK (multicast broadcast service service encryption key). The MAK is transmitted to the terminal by some method defined by the upper layer. MGTEK is encrypted by MGKEK and then transmitted to the terminal. MAK and MGTEK calculate MTK through an algorithm (such as Dotl6KDF algorithm), and MTK is directly used to encrypt and decrypt the multicast data.
为了防止密钥泄露威胁组播通信的安全, 所述组播密钥需要定期更换。 同时, 为 了保证会话的连续性, 基站需要具有保持两套密钥的能力, 即要求在旧密钥生命期结束 之前就要从上级分发实体获取新密钥, 以保证在旧密钥过期时可以立即更换新密钥。 仍以 WiMAX网络为例, 一个 MBS区内的多个基站在密钥更新期间, 已经完成更新的 基站将使用新密钥加密组播数据,而尚未完成密钥更新的基站将仍旧使用旧密钥加密组 播数据, 因此, 如果各基站之间未实现密钥更新的同步, 则将可能导致同一 MBS区内, 同一时刻不同基站上正在使用的密钥不同, 从而使得组播通信无法正常进行。 In order to prevent the key leakage from threatening the security of multicast communication, the multicast key needs to be periodically replaced. At the same time, in order to ensure the continuity of the session, the base station needs to have the ability to maintain two sets of keys, that is, it is required to obtain a new key from the superior distribution entity before the end of the old key lifetime, so as to ensure that when the old key expires, Replace the new key immediately. Still taking the WiMAX network as an example, a plurality of base stations in an MBS zone during the key update period, the base station that has completed the update will encrypt the multicast data using the new key, and the base station that has not completed the key update will still use the old key. The multicast data is encrypted. Therefore, if the synchronization of the key update is not implemented between the base stations, the keys used in different base stations in the same MBS area at the same time may be different, so that the multicast communication cannot be performed normally.
也就是说, 在 MBS区内, 为保证可靠通信, 多个同步传输 MBS业务流的基站之间要 求其用于加密 MBS业务流的组播密钥应实现同步。 然而, 目前还无法保证不同基站之间 组播密钥的同步, 这样, 也就无法保证宏分集技术在无线通信网络中的实现, 从而降低 了无线通信系统的通信性能及可靠性。 发明内容 本发明的实施例提供了一种多基站间实现组播密钥同步的方法及系统, 从而可以 使得无线通信网络中的一组基站之间可以保证进行业务传输采用的组播密钥的同步,进 而保证无线通信系统通信的可靠性。  That is to say, in the MBS area, in order to ensure reliable communication, the multicast keys used by the multiple base stations for synchronously transmitting MBS service flows for encrypting the MBS service flow should be synchronized. However, the synchronization of multicast keys between different base stations cannot be guaranteed at present, and thus the implementation of macro diversity technology in a wireless communication network cannot be guaranteed, thereby reducing the communication performance and reliability of the wireless communication system. SUMMARY OF THE INVENTION Embodiments of the present invention provide a method and system for implementing multicast key synchronization between multiple base stations, so that a group of base stations in a wireless communication network can ensure a multicast key used for service transmission. Synchronization, thereby ensuring the reliability of communication in a wireless communication system.
本发明实施例提供了一种多基站间实现组播密钥同步的方法, 包括:  The embodiment of the invention provides a method for implementing multicast key synchronization between multiple base stations, including:
多个基站与密钥管理中心之间建立同步的参考时间;  Establishing a synchronization reference time between the plurality of base stations and the key management center;
密钥管理中心向各个基站发送可用于确定新的密钥的启用时间的同步时间信息; 在各个基站上,根据接收的同步时间信息确定密钥管理中心分发的新的密钥的启用 时间, 并在确定的时间启用所述新的密钥。  The key management center sends to each base station synchronization time information that can be used to determine the activation time of the new key; at each base station, the activation time of the new key distributed by the key management center is determined according to the received synchronization time information, and The new key is enabled at a determined time.
本发明实施例提供了一种多基站间实现组播密钥同步的系统,包括同步参考时间处 理模块、 密钥分发处理模块和密钥启用处理模块, 其中,  The embodiment of the present invention provides a system for implementing multicast key synchronization between multiple base stations, including a synchronization reference time processing module, a key distribution processing module, and a key enabling processing module, where
同步参考时间处理模块: 分别设置于各个基站及密钥管理中心上, 用于建立各基站 与密钥管理中心的同步的参考时间;  The synchronization reference time processing module is respectively disposed on each base station and the key management center, and is used for establishing a reference time for synchronizing each base station with the key management center;
密钥分发处理模块: 设置于密钥管理中心, 用于将为各基站生成新的密钥及对应的 同步时间信息, 并分别下发给各个基站;  The key distribution processing module is disposed in the key management center, and is configured to generate a new key and corresponding synchronization time information for each base station, and send the information to each base station separately;
密钥启用处理模块: 设置于基站中, 用于对接收到的新的密钥根据其对应的同步时 间信息确定启用时间, 并在到达启用时间时启用新的密钥。  The key activation processing module is configured to be configured in the base station, configured to determine an activation time according to the corresponding synchronization time information of the received new key, and enable the new key when the activation time is reached.
本发明实施例提供了一种密钥管理中心,包括同步参考时间处理模块和密钥分发处 理模块, 其中,  An embodiment of the present invention provides a key management center, including a synchronization reference time processing module and a key distribution processing module, where
同步参考时间处理模块: 用于建立与各基站之间的同步的参考时间;  Synchronous reference time processing module: a reference time for establishing synchronization with each base station;
密钥分发处理模块: 用于为各基站生成新的密钥及对应的同步时间信息, 并分别下 发给各个基站。 Key distribution processing module: used to generate a new key and corresponding synchronization time information for each base station, and respectively Send to each base station.
本发明实施例提供了一种基站, 包括同步参考时间处理模块和密钥启用处理模块, 其中,  An embodiment of the present invention provides a base station, including a synchronization reference time processing module and a key enable processing module, where
同步参考时间处理模块: 用于建立与密钥管理中心间的同步的参考时间; 密钥启用处理模块: 用于根据从密钥管理中心接收到的新的密钥对应的同步时间 信息确定新的密钥的启用时间, 并在到达启用时间时启用新的密钥。  a synchronization reference time processing module: a reference time for establishing synchronization with the key management center; a key enable processing module: configured to determine a new one based on synchronization time information corresponding to the new key received from the key management center The time the key was enabled, and the new key is enabled when the activation time is reached.
由上述本发明实施例提供的技术方案可以看出, 本发明实施列的实现能够使得在 任意时刻从不同基站接收到的组播信息均为采用相同的组播密钥加密,从而可以直接判 决合并这几路信号, 有效支持了宏分集信号接收方式, 即保证了宏分集技术在无线通信 系统中的实现, 并可以提高无线系统通信的可靠性。 本发明的实施例可以应用于 WiMAX 等无线通信网络中, 而且, 本发明实施例提供的 MBS区内基站间组播密钥的同步的实现 方案具体实现简便、 易于实施的优点。 附图简要说明 图 1为本发明实施例所述的方法的具体实施方式流程图一  It can be seen from the technical solutions provided by the foregoing embodiments of the present invention that the implementation of the implementation of the present invention enables the multicast information received from different base stations at any time to be encrypted by using the same multicast key, so that the merge can be directly determined. These signals effectively support the macro diversity signal receiving mode, that is, the macro diversity technology is guaranteed to be implemented in the wireless communication system, and the reliability of the wireless system communication can be improved. The embodiments of the present invention can be applied to a wireless communication network such as WiMAX, and the implementation scheme of the synchronization of the inter-base station multicast keys in the MBS area provided by the embodiment of the present invention is simple and easy to implement. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a flow chart 1 of a specific embodiment of a method according to an embodiment of the present invention;
图 2为本发明实施例所述的方法的具体实施方式流程图二  2 is a flowchart of a specific implementation manner of a method according to an embodiment of the present invention
图 3为本发明实施例所述的方法的具体实施方式流程图三  3 is a flowchart of a specific implementation manner of a method according to an embodiment of the present invention.
图 4为本发明实施例所述的方法的具体实施方式流程图四  4 is a flowchart of a specific implementation manner of a method according to an embodiment of the present invention.
图 5为本发明实施例所述的方法的具体实施方式流程图五  FIG. 5 is a flowchart of a specific implementation manner of a method according to an embodiment of the present invention
图 6为本发明实施例所述的系统的具体实现结构示意图。  FIG. 6 is a schematic structural diagram of a specific implementation of a system according to an embodiment of the present invention.
实施本发明的方式 本发明实施例的目的是提供一种 MBS 区内基站间组播密钥同步的方案, 使得任意 时刻从不同基站接收到的组播信息均为釆用相同组播密钥加密。 Mode for Carrying Out the Invention An object of the embodiments of the present invention is to provide a scheme for synchronizing multicast keys between base stations in an MBS area, so that multicast information received from different base stations at any time is encrypted by using the same multicast key. .
本发明实施例采用的技术方案如图 1所示, 具体包括:  The technical solution adopted by the embodiment of the present invention is as shown in FIG. 1 , and specifically includes:
步骤 11 : 在 MBS区内所有基站与 MBS密钥管理中心建立同步的参考时间, 同步参考 时间的目的是为了各基站可以根据密钥管理中心的指示准确地同步启用新的组播密钥; 本发明实施例中, 所述的参考时间可以釆用各基站与密钥管理中心同步的系统时 间, 也可以采用专门为 MBS业务同步设置的 MBS参考时间; 而且, 在本发明的实施例中, 基站和密钥管理中心之间则无需严格同步, 仅需要 具备同步的时间参考即可, 以保证同步启用新的组播密钥; 例如, 密钥管理中心可以不 接收 GPS信号来实现严格的同步, 而只要设置一个与绝对 GPS时间对应的参考时间作为 基站和密钥管理中心之间的同步参考时间即可。 也就是说, 基站与密钥管理中心之间无 需如不同基站之间一样实现严格同步, 而仅需要有一个相对同步的参考时间即可。 Step 11: Establish a synchronization reference time for all base stations in the MBS area to synchronize with the MBS key management center. The purpose of the synchronization reference time is to enable each base station to accurately synchronize and enable the new multicast key according to the instruction of the key management center. In the embodiment of the present invention, the reference time may be a system time synchronized by each base station and a key management center, or an MBS reference time set for the MBS service synchronization. Moreover, in the embodiment of the present invention, strict synchronization is not required between the base station and the key management center, and only a synchronized time reference is needed to ensure synchronization of the new multicast key; for example, the key management center It is possible to achieve strict synchronization without receiving a GPS signal, and it is only necessary to set a reference time corresponding to the absolute GPS time as the synchronization reference time between the base station and the key management center. That is to say, there is no need to implement strict synchronization between the base station and the key management center as between different base stations, but only a relatively synchronous reference time is needed.
步骤 12: MBS密钥管理中心为组播密钥设置同步时间 SyncTime属性信息, 即同步时 间信息, 所述的同步时间用于作为基站确定启用新的组播密钥的时间, 具体可以采用以 下两种不同的含义的同步时间:  Step 12: The MBS key management center sets the synchronization time SyncTime attribute information, that is, the synchronization time information, for the multicast key, and the synchronization time is used as the time for the base station to determine to enable the new multicast key. Synchronization time for different meanings:
( 1 ) 所述的同步时间可以为表示启用该新的组播密钥的同步时间信息, 即该同步 时间的值标识了新组播密钥启用的参考时间,  (1) The synchronization time may be synchronization time information indicating that the new multicast key is enabled, that is, the value of the synchronization time identifies a reference time for enabling the new multicast key.
或者,  Or,
( 2)所述的同步时间还可以为表示当前组播密钥的生命周期结束时间的同步时间 信息, 即该同步时间标识了相应的组播密钥的生命周期结束时间, 在当前使用的组播密 钥的生命周期结束时间到达时, 则确定为基站启用新的组播密钥的时间;  (2) The synchronization time may also be synchronization time information indicating a lifetime end time of the current multicast key, that is, the synchronization time identifies the lifetime end time of the corresponding multicast key, in the currently used group. When the lifetime end time of the broadcast key arrives, it is determined as the time when the base station enables the new multicast key;
步骤 13 : 当 MBS密钥管理中心需要分发密钥时, 则 MBS密钥管理中心会在分发密钥 的消息中包含密钥的同步时间属性信息, 从而将密钥及其同步时间信息一起发给 MBS区 内各基站;  Step 13: When the MBS Key Management Center needs to distribute the key, the MBS Key Management Center will include the synchronization time attribute information of the key in the message of the distribution key, thereby sending the key and its synchronization time information together. Base stations in the MBS area;
步骤 14: MBS区内的各基站根据其收到的同步时间属性信息确定新的密钥的启用时 间, 具体包括以下两种处理情况:  Step 14: Each base station in the MBS area determines the activation time of the new key according to the synchronization time attribute information received by the base station, and specifically includes the following two processing situations:
( 1 ) 当所述的同步时间标识新的组播密钥启用的参考时间时, 则 MBS区内的各基 站根据收到的新的组播密钥对应的同步时间属性记载的参考时间启用该组播密钥; 此 时, MBS区内各基站只要比较参考时间与密钥的同步时间属性的值, 便可以确定启用新 密钥的准确时间, 即当参考时间到达同步时间值时, 便可以启用新密钥;  (1) When the synchronization time identifies a reference time when the new multicast key is enabled, each base station in the MBS zone enables the reference time according to the reference time recorded in the synchronization time attribute corresponding to the received new multicast key. Multicast key; At this time, each base station in the MBS area can compare the reference time and the value of the synchronization time attribute of the key to determine the exact time when the new key is enabled, that is, when the reference time reaches the synchronization time value, Enable the new key;
( 2 ) 当所述的同步时间标识了新组播密钥的生命周期结束时间时, 则 MBS区内的 各基站将根据其收到的当前使用的组播密钥对应的同步时间确定新的密钥的启用时间; 此时, MBS区内的各基站可以依据所述的同步时间确定在当前使用的组播密钥的生命周 期结束时便启用新的组播密钥; 即本次新组播密钥的生命周期结束时间是用于确定下一 次更新后的组播密钥的启用时间。  (2) When the synchronization time identifies the lifetime end time of the new multicast key, each base station in the MBS zone will determine a new one according to the synchronization time corresponding to the currently used multicast key received by the base station. The activation time of the key; at this time, each base station in the MBS area can determine, according to the synchronization time, that the new multicast key is enabled at the end of the life cycle of the currently used multicast key; that is, the new group The lifetime end time of the broadcast key is used to determine the activation time of the next updated multicast key.
经过上述处理后, 本发明实施例便可以保证各基站可以同步启用新的组播密钥, 使得各基站之间釆用的组播密钥的同步。 为便于对本发明实施例的理解, 下面将结合附图对本发明实施例的具体实现方式 进行详细的说明。 下面以一个 MBS服务的密钥初始分发和更新过程为例, 对本发明实施例提供的技术 方案的具体实施方式进行说明, 本发明实施例实现的前提是 MBS区内所有基站通过 GPS方 式与 MBS密钥管理中心实现参考时间 ReferenceTime同步。 各基站与 MBS密钥管理中心实现同步后, MBS密钥管理中心便可以进行组播密钥的 初始分发处理, 如图 2所示, 该处理过程具体包括: After the foregoing processing, the embodiment of the present invention can ensure that each base station can synchronously enable a new multicast key, so that the multicast keys used between the base stations are synchronized. The specific implementation manners of the embodiments of the present invention are described in detail below with reference to the accompanying drawings. The following is a description of a specific implementation manner of the technical solution provided by the embodiment of the present invention. The premise of the embodiment of the present invention is that all base stations in the MBS area are densely connected with the MBS by using the GPS method. The key management center implements reference time ReferenceTime synchronization. After the base station is synchronized with the MBS key management center, the MBS key management center can perform the initial distribution processing of the multicast key. As shown in FIG. 2, the processing process specifically includes:
步骤 21 : MBS密钥管理中心向上级 MAK分发实体获取 MAK, 根据 MAK生存期管理 MAK; 步骤 22: MBS密钥管理中心生成新旧两套密钥: MGKEK0、 MGKEKK MGTEKO, MGTEKK MTK0、 MTK1, 及其相应的参数; 并建立 MBSGSA (MBS组安全联盟标识, 用于唯一标识一 个 MBSGSA) ;  Step 21: The MBS Key Management Center acquires the MAK from the upper MAK distribution entity, and manages the MAK according to the MAK lifetime; Step 22: The MBS Key Management Center generates two sets of new and old keys: MGKEK0, MGKEKK MGTEKO, MGTEKK MTK0, MTK1, and Corresponding parameters; and establish MBSGSA (MBS group security association identifier, used to uniquely identify a MBSGSA);
步骤 23: MBS密钥管理中心为 MGKEK1、 MGTEK1生成各自的同步时间 SyncTime; 步骤 24 : MBS密钥管理中心按照如表 1所规定的格式生成密钥分发消息 MBS_KEY_DELIVER, 即所述的消息中包含同步时间信息及新旧两套密钥, 并将该消息发 送给相应 MBS区内的所有基站;  Step 23: The MBS Key Management Center generates respective synchronization time SyncTimes for MGGEK1 and MGTEK1; Step 24: The MBS Key Management Center generates a key distribution message MBS_KEY_DELIVER according to the format specified in Table 1, that is, the message includes synchronization Time information and two sets of old and new keys, and send the message to all base stations in the corresponding MBS area;
MBS_KEY_DELIVER消息的具体格式如下: '  The specific format of the MBS_KEY_DELIVER message is as follows: '
{ Message Type = 0x00,  { Message Type = 0x00,
Code=00,  Code=00,
MBSGSA ID,  MBSGSA ID,
MBS Zone ID,  MBS Zone ID,
MGKEKO - Parameters ,  MGKEKO - Parameters ,
MG EK 1 -Parameters ,  MG EK 1 -Parameters,
MGTEKO - Parameters,  MGTEKO - Parameters,
MGKEK1— Parameters,  MGKEK1— Parameters,
MTKO- Parameters ,  MTKO- Parameters,
MTK 1 -Parameters,  MTK 1 -Parameters,
MGKEK1 SyncTime,  MGKEK1 SyncTime,
MGTEK1 SyncTime } 语法 长度 注释 MGTEK1 SyncTime } Grammar length comment
MBS—KEY_DELIVER_Message— Format ( ) {  MBS—KEY_DELIVER_Message—Format ( ) {
0x00指示此消息类型为组播密 0x00 indicates that this message type is multicast secret.
Message Type~0x00 8 bit 钥分发消息。 0x02至 OxFF为保 留值,用于定义其他消息类型。Message Type~0x00 8 bit key distribution message. 0x02 to OxFF are reserved values that define other message types.
Code 2 bit Code 2 bit
MBSGSA ID 16 bit  MBSGSA ID 16 bit
00: GKE , MGTEK、 MTK初始分 00: GKE, MGTEK, MTK initial points
If (Code =00) { If (Code =00) {
发 (各 2套)  Hair (2 sets each)
MBS Zone ID  MBS Zone ID
MGKEK-Parameters 旧 MGKEK参数  MGKEK-Parameters old MGKEK parameters
MGKEK- Parameters 新 MGKEK参数  MGKEK- Parameters New MGKEK parameters
MGTEK- Parameters 旧 MGTEK参数  MGTEK- Parameters Old MGTEK Parameters
MGTEK - P arameters 新 MGTEK参数  MGTEK - P arameters new MGTEK parameters
MTK-Parameters 旧 MTK参数  MTK-Parameters old MTK parameters
MTK- Parameters 新 MTK参数  MTK- Parameters New MTK parameters
SyncTime 新 MGKEK同步时间  SyncTime new MGKEK synchronization time
SyncTime } 新 MGTEK同步时间  SyncTime } New MGTEK synchronization time
Else if (Code=01) { 01: MGKEK更新  Else if (Code=01) { 01: MGKEK update
MGKEK- Parameters 新 MGKEK参数  MGKEK- Parameters New MGKEK parameters
SyncTime } 新 MGKEK同步时间  SyncTime } New MGKEK synchronization time
Else if (Code= 10) { 10: MGTEK和 MTK更新  Else if (Code= 10) { 10: MGTEK and MTK updates
MGTEK- Parameters 新 MGTEK参数  MGTEK- Parameters New MGTEK parameters
MTK- Parameters 新 MTK参数  MTK- Parameters New MTK parameters
SyncTime } 新 MGTEK同步时间  SyncTime } New MGTEK synchronization time
Code=ll : MGKEK、 MGTEK、 MTK Code=ll : MGKEK, MGTEK, MTK
Else { Else {
同时更新  Also update
MGKEK-Parameters 新 MGKEK参数  MGKEK-Parameters new MGKEK parameters
MGTEK- Parameters 新 MGTEK参数  MGTEK- Parameters New MGTEK parameters
MTK— Parameters 新 MTK参数  MTK— Parameters New MTK parameters
SyncTime 新 MGKEK同步时间  SyncTime new MGKEK synchronization time
SyncTime } 新 MGTEK同步时间 需要说明的是, 所述的 MTK还可以在 BS上生成, 具体可以将 MAK和 MGTEK传给 BS, 由 BS来生成 MTK, 此时, 表 1中将不再包含 MTK参数; SyncTime } New MGTEK synchronization time It should be noted that the MTK can also be generated on the BS, and the MAK and MGTEK can be transmitted to the BS. The BS generates the MTK. At this time, the MTK parameters will no longer be included in Table 1.
步骤 25: 基站收到 MBS一 KEY— DELIVER消息后, 存储其中各密钥及相关参数, 并激活 其中序号小的旧的密钥: MGKEK0、 MGTEK0、 MTK0。  Step 25: After receiving the MBS-KEY-DELIVER message, the base station stores each key and related parameters, and activates the old key with the small serial number: MGKEK0, MGTEK0, MTK0.
步骤 26: 由于新的密钥 MGKEK1、 MGTEK1的同步时间晚于当前参考时间, 因此基站 为这两个密钥各启动一个参考时间定时器, 分别为: MGKEK— Timer, MGTEKj:imer。  Step 26: Since the synchronization time of the new keys MGKEK1 and MGTEK1 is later than the current reference time, the base station starts a reference time timer for each of the two keys, namely: MGKEK_Timer, MGTEKj:imer.
步骤 27: 当相应的定时器超时时, 便去激活旧的密钥, 启用新的密钥; 具体为: 当 MGKEK_Timer=MGKEKl SyncTime时, 基站立即去激活旧密钥 MGKEK0, 幵始使用新密钥 MGKEK1 ; 当 MGTEK—Timer=MGTEKl SyncTime时, 基站立即去激活旧密钥 MGTEK0和 MTK0, 幵始使用新密钥 MGTEK1和 MTK1。 本发明实施例中, 包括为通信过程进行组播密钥的更新处理的过程, 以 MGTEK的一 次更新为例, 如图 3所示, 相应的更新处理过程具体包括- 步骤 31 : 在当前使用的旧的密钥 MGTEKn- 1生命期结束之前, MBS密钥管理中心产生 新的密钥 MGTEKn、 MTKn及其参数, 并生成 MGTEKn的同步时间;  Step 27: When the corresponding timer expires, the old key is deactivated, and the new key is enabled; specifically: When MGGEK_Timer=MGKEKl SyncTime, the base station immediately deactivates the old key MGGEK0, and starts to use the new key. MGKEK1 ; When MGTEK_Timer=MGTEKl SyncTime, the base station immediately deactivates the old keys MGTEK0 and MTK0 and starts to use the new keys MGTEK1 and MTK1. In the embodiment of the present invention, the process of performing the update process of the multicast key for the communication process is performed by taking an update of the MGTEK as an example. As shown in FIG. 3, the corresponding update process specifically includes: Step 31: Currently used Before the end of the old key MGTEKn-1, the MBS key management center generates new keys MGTEKn, MTKn and its parameters, and generates the synchronization time of MGTEKn;
步骤 32 : MBS密钥管理中心按照如表 1所规定的格式生成密钥分发消息 MBS一 KEY— DELIVER, 并把该消息发送给相应 MBS区内的所有基站;  Step 32: The MBS key management center generates a key distribution message MBS_KEY_DELIVER according to the format as specified in Table 1, and sends the message to all base stations in the corresponding MBS area;
MBS— KEY— DELIVER消息的格式具体如下:  The format of the MBS-KEY-DELIVER message is as follows:
{ Message Type = 0x00,  { Message Type = 0x00,
Code= 10,  Code= 10,
MBSGSA ID,  MBSGSA ID,
MGTEKn- Parameters,  MGTEKn- Parameters,
MTKn-Parame ters  MTKn-Parame ters
MGTEKn SyncTime, }  MGTEKn SyncTime, }
步骤 33: 基站收到 MBS— KEY— DELIVER消息后, 存储 MGTEKn、 MTKn及相关参数, 并为 MGTEKn启动参考时间定时器: MGTEKJTimer。  Step 33: After receiving the MBS_KEY_DELIVER message, the base station stores MGTEKn, MTKn and related parameters, and starts the reference time timer for MGTEKn: MGTEKJTimer.
步骤 34 : 当 MGTEKJTimer = MGTEKn SyncTime时, 基站立即去激活 MGTEKn- 1和 MTKn-1, 开始使用 MGTEKn和 MTKn。 本发明实施例中, 若在当前使用某个密钥的生命期结束之前的预定时间内, 基站 未能接收到新的密钥, 则可以主动向密钥管理中心申请密钥。  Step 34: When MGTEKJTimer = MGTEKn SyncTime, the base station immediately deactivates MGTEKn-1 and MTKn-1 and starts using MGTEKn and MTKn. In the embodiment of the present invention, if the base station fails to receive a new key within a predetermined time before the end of the lifetime of a certain key, the key may be actively applied to the key management center.
下面将以一个基站申请 MGKEK的过程为例, 对相应的处理过程的具体实现进行说 明, 如图 4所示, 具体包括: The following takes a process in which a base station applies for MGGEK as an example, and describes the specific implementation of the corresponding processing. Ming, as shown in Figure 4, specifically includes:
步骤 41 : 基站按照如表 2所规定的格式生成组播密钥请求消息 MBS_KEY_REQUEST, 并把该消息发送到 MBS密钥管理中心;  Step 41: The base station generates a multicast key request message MBS_KEY_REQUEST according to the format as specified in Table 2, and sends the message to the MBS key management center;
MBS一 KEY— REQUEST消息的格式具体如下:  The format of the MBS-KEY-REQUEST message is as follows:
{ Message Type = 0x01 ,  { Message Type = 0x01 ,
Code=01,  Code=01,
MBSGSA ID }  MBSGSA ID }
表 2  Table 2
Figure imgf000010_0001
步骤 42: MBS密钥管理中心收到基站的组播密钥请求消息后, 按表 1规定格式生成 如下 MBS— KEY— DELIVER消息, 回复给请求组播密钥的基站;
Figure imgf000010_0001
Step 42: After receiving the multicast key request message of the base station, the MBS key management center generates the following MBS_KEY_DELIVER message according to the format specified in Table 1, and returns the message to the base station requesting the multicast key;
MBS— KEY— DELIVER消息的格式如下:  The format of the MBS-KEY-DELIVER message is as follows:
{ Message Type =0x00,  { Message Type =0x00,
Code = 01 ,  Code = 01,
MBSGSA ID,  MBSGSA ID,
MGKE m-Parameter s ,  MGKE m-Parameter s ,
MGKEKm SyncTime, }  MGKEKm SyncTime, }
步骤 43: 基站收到 MBS— KEY—DELIVER消息后, 存储 MGKEKm及相关参数, 并为 MGKEKm 启动参考时间定时器: MGKEKJTimer。  Step 43: After receiving the MBS_KEY_DELIVER message, the base station stores the MGWEKm and related parameters, and starts the reference time timer for the MGWEKm: MGKEKJTimer.
步骤 44: 当 MGKEK_Timer=MGKEKm SyncTime时, 基站立即去激活旧密钥 MGKEKm- 1, 幵始使用新密钥 MGKEKm。 本发明实施例中, 如果有新加入的基站, 或者某基站由于某些原因需要从新获取 组播密钥, 则如图 5所示, 具体的处理过程包括如下步骤: Step 44: When MGGEK_Timer=MGKEKm SyncTime, the base station immediately deactivates the old key MGWEKm-1 and starts to use the new key MGGEKm. In the embodiment of the present invention, if there is a newly added base station, or a certain base station needs to acquire a multicast key for some reason, as shown in FIG. 5, the specific processing procedure includes the following steps:
步骤 51 : 需要从新获取组播密钥的基站按照如表 2所规定的格式生成组播密钥请求 消息 MBS一 KEY_REQUEST, 并将该消息发送到 MBS密钥管理中心, 以请求获取相应的组播密 钥信息;  Step 51: The base station that needs to obtain the multicast key newly generates a multicast key request message MBS_KEY_REQUEST according to the format as specified in Table 2, and sends the message to the MBS key management center to request to acquire the corresponding multicast. Key information
MBS一 KEY— REQUEST消息的格式如下:  The format of the MBS-KEY-REQUEST message is as follows:
{ Message Type =0x01 ,  { Message Type =0x01 ,
Code = 00,  Code = 00,
MBSGSA ID }  MBSGSA ID }
步骤 52 : 参见图 2中所述的步骤 24, 将生成的 MBS_KEY— DELIVER消息回复给请 求组播密钥的基站;  Step 52: Referring to step 24 described in FIG. 2, the generated MBS_KEY_DELIVER message is replied to the base station requesting the multicast key;
步骤 53— 55: 这几步骤的处理与图 2中的步骤 25— 27的处理过程相同, 故此处不再 详述。 本发明实施例还提供了一种多基站间实现组播密钥同步的系统,该系统包括密钥管 理中心和多个基站, 其具体实现方式如图 6所示, 具体包括以下组成模块:  Steps 53-55: The processing of these steps is the same as the processing of steps 25-27 in Fig. 2, and therefore will not be described in detail here. The embodiment of the present invention further provides a system for implementing multicast key synchronization between multiple base stations, where the system includes a key management center and a plurality of base stations. The specific implementation manner is as shown in FIG. 6 , and specifically includes the following components:
( 1 ) 同步参考时间处理模块  (1) Synchronous reference time processing module
分别设置于各个基站及密钥管理中心上,用于建立各基站与密钥管理中心的同步的 参考时间;  They are respectively disposed on each base station and the key management center, and are used to establish a reference time for synchronizing each base station with the key management center;
(2 ) 密钥分发处理模块  (2) Key distribution processing module
设置于密钥管理中心, 用于为各基站生成新的密钥及对应的同步时间信息, 并分别 下发给各个基站;  The key management center is configured to generate a new key and corresponding synchronization time information for each base station, and send the information to each base station separately;
所述的密钥分发处理模块具体包括以下三个组成模块:  The key distribution processing module specifically includes the following three component modules:
密钥生成模块: 用于在各基站当前使用的密钥的生命周期结束之前, 为其生成新的 密钥;  Key generation module: used to generate a new key for the key period of the currently used key of each base station before the end of its life cycle;
同步时间确定模块: 为密钥生成模块生成的密钥确定对应的同步时间; 密钥发送处理模块:将密钥生成模块生成的新的密钥及同步时间确定模块为密钥确 定的对应的同步时间信息通过生成密钥分发消息发送给各基站。  The synchronization time determination module: determines a corresponding synchronization time for the key generated by the key generation module; the key transmission processing module: the new key generated by the key generation module and the synchronization time determination module determines the corresponding synchronization of the key The time information is transmitted to each base station by generating a key distribution message.
( 3 )密钥启用处理模块  (3) Key enablement processing module
设置于基站中, 用于对接收到的新的密钥根据其对应的同步时间信息确定启用时 间, 并在到达启用时间时启用新的密钥。 所述的密钥启用处理模块具体包括以下三个组成部分: The base station is configured to determine an activation time according to the corresponding synchronization time information of the received new key, and enable the new key when the activation time is reached. The key activation processing module specifically includes the following three components:
密钥接收模块: 用于接收密钥管理中心发来的新的密钥及其对应的同歩时间信息; 定时器: 根据所述的同步时间信息启动定时器;  Key receiving module: configured to receive a new key sent by the key management center and its corresponding peer time information; a timer: start a timer according to the synchronization time information;
密钥启用模块: 在定时器的触发下启用密钥接收模块接收到的密钥。 综上所述, 本发明实施列的实现能够使得在任意时刻从不同基站接收到的组播信 息均为釆用相同的组播密钥加密, 从而可以直接判决合并这几路信号, 有效支持了宏分- 集信号接收方式, 即保证了宏分集技术在无线通信系统中的实现, 并可以提高无线系统 通信的可靠性。 即本发明实施例是在 MBS区内基站间参考时间同步的基础上, 解决了基 站间组播密钥同步的问题, 以保证在任意时刻从 MBS区内各基站接收到的组播信号均为 采用相同的组播密钥加密, 从而很好的支持了宏分集。 本发明的实施例具体可以应用于 WiMAX等无线通信网络中, 而且, 本发明实施例提供的 MBS区内基站间组播密钥的同步的 实现方案还具有实现简便、 易于实施的优点。  Key enablement module: Enables the key received by the key receiving module triggered by the timer. In summary, the implementation of the implementation of the present invention enables the multicast information received from different base stations at any time to be encrypted with the same multicast key, so that the combined signals can be directly determined and effectively supported. Macro-set signal reception mode, which guarantees the realization of macro-diversity technology in wireless communication systems, and can improve the reliability of wireless system communication. That is, the embodiment of the present invention solves the problem of multicast key synchronization between base stations on the basis of the reference time synchronization between the base stations in the MBS area, so as to ensure that the multicast signals received from the base stations in the MBS area at any time are all The same multicast key encryption is used to support macro diversity. The embodiments of the present invention are specifically applicable to a wireless communication network such as WiMAX. Moreover, the implementation scheme for synchronizing the inter-base station multicast keys in the MBS area provided by the embodiment of the present invention has the advantages of being simple and easy to implement.
以上所述, 仅为本发明较佳的具体实施方式, 但本发明的保护范围并不局限于此, 任何熟悉本技术领域的技术人员在本发明揭露的技术范围内, 可轻易想到的变化或替 换, 都应涵盖在本发明的保护范围之内。 因此, 本发明的保护范围应该以权利要求的保 护范围为准。  The above is only a preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or within the technical scope disclosed by the present invention. Alternatives are intended to be covered by the scope of the present invention. Therefore, the scope of protection of the present invention should be determined by the scope of the claims.

Claims

权利 求 Right
1、 一种多基站间实现组播密钥同步的方法, 其特征在于, 包括:  A method for implementing multicast key synchronization between multiple base stations, comprising:
多个基站与密钥管理中心之间建立同步的参考时间;  Establishing a synchronization reference time between the plurality of base stations and the key management center;
密钥管理中心向各个基站发送可用于确定新的密钥的启用时间的同步时间信息; 在各个基站上,根据接收的同步时间信息确定密钥管理中心分发的新的密钥的启用 时间, 并在确定的时间启用所述新的密钥。  The key management center sends to each base station synchronization time information that can be used to determine the activation time of the new key; at each base station, the activation time of the new key distributed by the key management center is determined according to the received synchronization time information, and The new key is enabled at a determined time.
2、 根据权利要求 1所述的方法, 其特征在于, 所述的基站与密钥管理中心之间建立 同步的参考时间的步骤具体包括:  The method according to claim 1, wherein the step of establishing a synchronized reference time between the base station and the key management center comprises:
多个基站与密钥管理中心之间通过同步各自的系统时间以建立同步的参考时间; 或者,  Synchronizing the respective system time between the plurality of base stations and the key management center to establish a synchronized reference time; or
多个基站与密钥管理中心之间专门建立相应的同步的参考时间。  A corresponding synchronization reference time is specifically established between the plurality of base stations and the key management center.
3、 根据权利要求 1所述的方法, 其特征在于, 所述的步骤 B包括:  3. The method according to claim 1, wherein the step B comprises:
密钥管理中心将待分发给各个基站的密钥及所述的同步时间信息承载于同一消息 中发送给各个基站, 且在为基站初始为分密钥时, 需要在所述的消息中同时承载旧的密 钥和新的密钥。  The key management center carries the key to be distributed to each base station and the synchronization time information in the same message and sends it to each base station, and when the base station is initially a sub-key, it needs to be simultaneously carried in the message. Old key and new key.
4、 根据权利要求 3所述的方法, 其特征在于, 所述的发送可用于确定新的密钥的启 用时间的同步时间信息的步骤包括:  4. The method according to claim 3, wherein the step of transmitting synchronization time information usable for determining the activation time of the new key comprises:
密钥管理中心分别为待分发给各个基站的密钥加密密钥和业务加密密钥确定对应 的同步时间信息, 并与所述的密钥加密密钥和业务加密密钥一起通过密钥分发消息发送 给各个基站。  The key management center determines corresponding synchronization time information for the key encryption key and the service encryption key to be distributed to each base station, and distributes the message through the key together with the key encryption key and the service encryption key. Send to each base station.
5、 根据权利要求 1所述的方法, 其特征在于, 所述的发送可用于确定新的密钥的启 用时间的同步时间信息的步骤具体包括:  The method according to claim 1, wherein the step of transmitting the synchronization time information that can be used to determine the activation time of the new key comprises:
在密钥管理中心向各个基站分发密钥时,还向各个基站发送相应的启用该分发的新 的密钥的同 时间信息;  When the key management center distributes the key to each base station, the corresponding time information of the corresponding new key for enabling the distribution is also sent to each base station;
或者,  Or,
在密钥管理中心向各个基站分发密钥时,还向各个基站发送该密钥的生命周期结束 时间, 且各个基站将所述的结束时间作为基站启用新的密钥的时间。  When the key management center distributes the key to each base station, the life cycle end time of the key is also sent to each base station, and each base station uses the end time as the time when the base station activates the new key.
6、 根据权利要求 1、 2、 3、 4或 5所述的方法, 其特征在于, 所述的启用所述新的密 钥的步骤包括- 各个基站收到新有密钥后, 在新的密钥对应的表示启用该密钥的同步时间到达时, 则启用所述新的密钥; 6. The method according to claim 1, 2, 3, 4 or 5, wherein the step of enabling the new key comprises - after each base station receives a new key, in a new The corresponding to the key indicates that the synchronization time when the key is enabled is reached. Then enable the new key;
或者,  Or,
各个基站收到新的密钥后,在当前使用的密钥对应的表示其生命周期结束时间的同 步时间到达时, 则启用所述新的密钥。  After each base station receives the new key, the new key is enabled when the synchronization time corresponding to the currently used key indicates the end of its life cycle.
7、 根据权利要求 6所述的方法, 其特征在于, 所述的启用所述新的密钥的步骤具体 包括:  The method according to claim 6, wherein the step of enabling the new key comprises:
各个基站在收到新的密钥后, 根据收到的表示启用该新的密钥的同步时间信息及当 前的参考时间信息启动相应的定时器, 并在定时器超时时启用所述新的密钥, 去激活原 有的密钥;  After receiving the new key, each base station starts a corresponding timer according to the received synchronization time information indicating that the new key is enabled and the current reference time information, and enables the new secret when the timer expires. Key, to activate the original key;
或者,  Or,
各个基站收到当前使用的密钥时,根据收到的表示当前密钥生命周期结束的同步时 间信息及当时的参考时间信息启动相应的定时器, 并在定时器超时时, 启用各个基站收 到的新的密钥, 去激活当前使用原有的密钥。  When receiving the currently used key, each base station starts a corresponding timer according to the received synchronization time information indicating the end of the current key life cycle and the reference time information at the time, and enables each base station to receive when the timer expires. The new key, to deactivate the current key used.
8、 根据权利要求 6所述的方法, 其特征在于, 所述的方法还包括:  The method according to claim 6, wherein the method further comprises:
在原有的密钥对应的生命周期结束之前,密钥管理中心生成相应的新的密钥及对应 的同步时间信息, 并向各个基站发送所述新的密钥及对应同步时间信息。  Before the end of the life cycle corresponding to the original key, the key management center generates a corresponding new key and corresponding synchronization time information, and sends the new key and the corresponding synchronization time information to each base station.
9、 根据权利要求 8所述的方法, 其特征在于, 所述方法还包括:  The method according to claim 8, wherein the method further comprises:
在当前使用的密钥的生命周期结束之前, 且基站未收到新的密钥, 则主动向密钥管 理中心申请密钥。  Before the end of the life cycle of the currently used key, and the base station does not receive a new key, it actively requests the key management center for the key.
10、 根据权利要求 9所述的方法, 其特征在于, 所述的主动向密钥管理中心申请密 钥的歩骤包括:  The method according to claim 9, wherein the step of actively applying for a key to the key management center comprises:
基站向密钥管理中心发送组播密钥请求消息,消息中携带着组播广播服务组安全联 盟标识信息;  The base station sends a multicast key request message to the key management center, where the message carries the multicast broadcast service group security association identifier information;
密钥管理中心收到所述的请求消息后,根据所述的组播广播服务组安全联盟标识信 息生成相应的新的密钥及对应的同步时间信息,并向各个基站发送所述的新的密钥及对 应同步时间信息。  After receiving the request message, the key management center generates a corresponding new key and corresponding synchronization time information according to the multicast broadcast service group security association identifier information, and sends the new information to each base station. Key and corresponding synchronization time information.
11、 一种多基站间实现组播密钥同步的系统, 其特征在于, 包括同步参考时间处理 模块、 密钥分发处理模块和密钥启用处理模块, 其中,  A system for implementing multicast key synchronization between multiple base stations, comprising: a synchronization reference time processing module, a key distribution processing module, and a key enable processing module, wherein
同步参考时间处理模块: 分别设置于各个基站及密钥管理中心上, 用于建立各基站 与密钥管理中心的同步的参考时间; 密钥分发处理模块: 设置于密钥管理中心, 用于将为各基站生成新的密钥及对应的 同步时间信息, 并分别下发给各个基站; The synchronization reference time processing module is respectively disposed on each base station and the key management center, and is used for establishing a reference time for synchronizing each base station with the key management center; The key distribution processing module is disposed in the key management center, and is configured to generate a new key and corresponding synchronization time information for each base station, and send the information to each base station separately;
密钥启用处理模块: 设置于基站中, 用于对接收到的新的密钥根据其对应的同步时 间信息确定启用时间, 并在到达启用时间时启用新的密钥。  The key activation processing module is configured to be configured in the base station, configured to determine an activation time according to the corresponding synchronization time information of the received new key, and enable the new key when the activation time is reached.
12、 根据权利要求 11所述的系统, 其特征在于, 所述的密钥分发处理模块包括密钥 生成模块、 同步时间确定模块和密钥发送处理模块, 其中,  The system according to claim 11, wherein the key distribution processing module includes a key generation module, a synchronization time determination module, and a key transmission processing module, where
密钥生成模块: 用于在各基站当前使用的密钥的生命周期结束之前, 为其生成新的 密钥;  Key generation module: used to generate a new key for the key period of the currently used key of each base station before the end of its life cycle;
同歩时间确定模块: 为密钥生成模块生成的密钥确定对应的同步时间;  The peer time determination module: determines a corresponding synchronization time for the key generated by the key generation module;
密钥发送处理模块: 将密钥生成模块生成的新的密钥及同步时间确定模块为密钥确 定的对应的同步时间信息通过密钥分发消息发送给各基站。  The key transmission processing module sends the new key generated by the key generation module and the corresponding synchronization time information determined by the synchronization time determination module to the base station through the key distribution message.
13、 根据权利要求 11或 12所述的系统, 其特征在于, 所述的密钥启用处理模块包括 密钥接收模块、 定时器和密钥启用模块, 其中,  The system according to claim 11 or 12, wherein the key activation processing module comprises a key receiving module, a timer, and a key enabling module, wherein
密钥接收模块: 用于接收密钥管理中心发来的新的密钥及其对应的同步时间信息; 定时器: 根据所述的同步时间信息启动定时器;  a key receiving module: configured to receive a new key sent by the key management center and corresponding synchronization time information thereof; a timer: start a timer according to the synchronization time information;
密钥启用模块: 在定时器的触发下启用密钥接收模块接收到的密钥。  Key enablement module: Enables the key received by the key receiving module triggered by the timer.
14、 一种密钥管理中心, 其特征在于, 包括同步参考时间处理模块和密钥分发处理 模块, 其中,  A key management center, comprising: a synchronization reference time processing module and a key distribution processing module, wherein
同步参考时间处理模块: 用于建立与各基站之间的同步的参考时间;  Synchronous reference time processing module: a reference time for establishing synchronization with each base station;
密钥分发处理模块: 用于为各基站生成新的密钥及对应的同步时间信息, 并分别下 发给各个基站。  The key distribution processing module is configured to generate a new key and corresponding synchronization time information for each base station, and send the information to each base station.
15、 根据权利要求 14所述的密钥管理中心, 其特征在于, 所述的密钥分发处理模块 包括密钥生成模块、 同步时间确定模块和密钥发送处理模块, 其中,  The key management system according to claim 14, wherein the key distribution processing module includes a key generation module, a synchronization time determination module, and a key transmission processing module, where
密钥生成模块: 用于在各基站当前使用的密钥的生命周期结束之前, 为其生成新的 密钥;  Key generation module: used to generate a new key for the key period of the currently used key of each base station before the end of its life cycle;
同步时间确定模块: 为密钥生成模块生成的密钥确定对应的同步时间;  a synchronization time determining module: determining a corresponding synchronization time for a key generated by the key generation module;
密钥发送处理模块: 将密钥生成模块生成的新的密钥及同步时间确定模块为密钥确 定的对应的同步时间信息通过密钥分发消息发送给各基站。  The key transmission processing module sends the new key generated by the key generation module and the corresponding synchronization time information determined by the synchronization time determination module to the base station through the key distribution message.
16、 一种基站, 其特征在于, 包括同步参考时间处理模块和密钥启用处理模块, 其 中, ' 同步参考时间处理模块: 用于建立与密钥管理中心间的同步的参考时间; 密钥启用处理模块:用于根据从密钥管理中心接收到的新的密钥对应的同步时间信 息确定新的密钥的启用时间, 并在到达启用时间时启用新的密钥。 A base station, comprising: a synchronization reference time processing module and a key enable processing module, wherein a synchronization reference time processing module: a reference time for establishing synchronization with the key management center; a key activation processing module: configured to determine a new one based on synchronization time information corresponding to the new key received from the key management center The time the key was enabled, and the new key is enabled when the activation time is reached.
17、 根据权利要求 6所述的基站, 其特征在于, 所述的密钥启用处理模块包括密钥 接收模块、 定时器和密钥启用模块, 其中,  The base station according to claim 6, wherein the key activation processing module includes a key receiving module, a timer, and a key enabling module, where
密钥接收模块: 用于接收密钥管理中心发来的新的密钥及其对应的同步时间信息; 定时器: 根据所述的同步时间信息启动定时器;  a key receiving module: configured to receive a new key sent by the key management center and corresponding synchronization time information thereof; a timer: start a timer according to the synchronization time information;
密钥启用模块: 在定时器的触发下启用密钥接收模块接收到的密钥。  Key enablement module: Enables the key received by the key receiving module triggered by the timer.
PCT/CN2007/000631 2006-03-01 2007-02-28 A method and system for implementing packet broadcasting service key synchronization between multiple base stations WO2007098690A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200610058317.6 2006-03-01
CN2006100583176A CN101030849B (en) 2006-03-01 2006-03-01 Method and system for realizing packet key synchronization between multiple base stations

Publications (1)

Publication Number Publication Date
WO2007098690A1 true WO2007098690A1 (en) 2007-09-07

Family

ID=38458663

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/000631 WO2007098690A1 (en) 2006-03-01 2007-02-28 A method and system for implementing packet broadcasting service key synchronization between multiple base stations

Country Status (2)

Country Link
CN (1) CN101030849B (en)
WO (1) WO2007098690A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2450680A (en) * 2007-06-22 2009-01-07 Ubiquisys Ltd Controlling timing of synchronization updates
RU2507711C2 (en) * 2009-09-16 2014-02-20 ЗетТиИ Корпорейшн Method and network for synchronising mobile multimedia broadcast service key and regional mobile conditional access system

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8656167B2 (en) * 2008-02-22 2014-02-18 Security First Corp. Systems and methods for secure workgroup management and communication
CN101399627B (en) * 2008-09-27 2012-08-29 北京数字太和科技有限责任公司 Method and system for synchronization recovery
US20110312299A1 (en) * 2010-06-18 2011-12-22 Qualcomm Incorporated Methods and apparatuses facilitating synchronization of security configurations
EP2619939A2 (en) 2010-09-20 2013-07-31 Rick L. Orsini Systems and methods for secure data sharing
CN105916140B (en) 2011-12-27 2019-10-22 华为技术有限公司 The safe communication method and equipment that carrier wave polymerize between base station
CN103595527B (en) * 2012-08-13 2016-12-21 西安西电捷通无线网络通信股份有限公司 The changing method of a kind of two-way key and realize device
CN103781065B (en) 2012-10-25 2018-09-07 华为终端有限公司 A kind of group key management method and relevant apparatus and system
CN106332073B (en) * 2015-06-16 2019-06-21 北京信威通信技术股份有限公司 A kind of cluster group root key update method
CN107086907B (en) * 2016-02-15 2020-07-07 阿里巴巴集团控股有限公司 Key synchronization and packaging transfer method and device for quantum key distribution process

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1655497A (en) * 2004-02-09 2005-08-17 华为技术有限公司 Method for realizing multimedia broadcasting / multicasting service key dispensing
EP1615402A2 (en) * 2004-06-16 2006-01-11 Validian Corporation Identification and authentication system and method for a secure data exchange
CN1731720A (en) * 2005-08-31 2006-02-08 北京电子科技学院 Transparent omnidirectional safety network method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3993508B2 (en) * 2002-12-02 2007-10-17 株式会社エヌ・ティ・ティ・ドコモ Wireless access network system, wireless communication method, synchronization server, and node device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1655497A (en) * 2004-02-09 2005-08-17 华为技术有限公司 Method for realizing multimedia broadcasting / multicasting service key dispensing
EP1615402A2 (en) * 2004-06-16 2006-01-11 Validian Corporation Identification and authentication system and method for a secure data exchange
CN1731720A (en) * 2005-08-31 2006-02-08 北京电子科技学院 Transparent omnidirectional safety network method

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2450680A (en) * 2007-06-22 2009-01-07 Ubiquisys Ltd Controlling timing of synchronization updates
GB2450680B (en) * 2007-06-22 2012-05-30 Ubiquisys Ltd Controlling timing of synchronization updates
US8638774B2 (en) 2007-06-22 2014-01-28 Ubiquisys Limited Controlling timing of synchronization updates
RU2507711C2 (en) * 2009-09-16 2014-02-20 ЗетТиИ Корпорейшн Method and network for synchronising mobile multimedia broadcast service key and regional mobile conditional access system

Also Published As

Publication number Publication date
CN101030849A (en) 2007-09-05
CN101030849B (en) 2010-10-27

Similar Documents

Publication Publication Date Title
WO2007098690A1 (en) A method and system for implementing packet broadcasting service key synchronization between multiple base stations
US20190028889A1 (en) Method and apparatus for new key derivation upon handoff in wireless networks
JP5288210B2 (en) Unicast key management method and multicast key management method in network
CN102625302B (en) Cipher key derivative method, equipment and system
US20080253322A1 (en) WiMAX Multicast Broadcast Network System Architecture
EP2260631B1 (en) Method and apparatus for group key distribution and management for wireless communications systems
US9942727B2 (en) Mobile communication system, core network node, control station, base station, communication method and program
WO2008025239A1 (en) Evolved-mbms base station, user equipment and method
US10812973B2 (en) System and method for communicating with provisioned security protection
WO2006102831A1 (en) Implementing method of broadcast/multicast region management in wireless communication system
WO2006123974A1 (en) Means and method for ciphering and transmitting data in integrated networks
WO2008046337A1 (en) A wimax system and a terminal handover method and base station thereof
WO2009132565A1 (en) Synchronization method of common control message among network elements
WO2011120249A1 (en) Multicast key negotiation method suitable for group calling system and a system thereof
WO2009092318A1 (en) A secure transmission method for broadband wireless multimedia network broadcasting communication
US8094621B2 (en) Fast handover protocols for WiMAX networks
CN115396887A (en) Rapid and safe switching authentication method, device and system for high-speed mobile terminal
US20240015008A1 (en) Method and device for distributing a multicast encryption key
WO2021212413A1 (en) Key transmission method and apparatus
WO2013127136A1 (en) Voice service switching method and device
WO2016112678A1 (en) Data processing method and device
WO2013091198A1 (en) Method and device supporting encrypted communication
WO2015064475A1 (en) Communication control method, authentication server, and user equipment
WO2009105981A1 (en) A group traffic encryption key updating method and a system thereof
WO2010012148A1 (en) Method and apparatus for safely communicating based on broadcast or multicast

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07711024

Country of ref document: EP

Kind code of ref document: A1