WO2009127114A1 - 密钥生成方法、装置及系统 - Google Patents
密钥生成方法、装置及系统 Download PDFInfo
- Publication number
- WO2009127114A1 WO2009127114A1 PCT/CN2008/073868 CN2008073868W WO2009127114A1 WO 2009127114 A1 WO2009127114 A1 WO 2009127114A1 CN 2008073868 W CN2008073868 W CN 2008073868W WO 2009127114 A1 WO2009127114 A1 WO 2009127114A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- network
- asme
- parameters
- eutran
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/0005—Control or signalling for completing the hand-off
- H04W36/0011—Control or signalling for completing the hand-off for data sessions of end-to-end connection
- H04W36/0033—Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
- H04W36/0038—Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Definitions
- the present invention relates to a key generation technique in the field of communications, and in particular, to a key generation method, apparatus, and system when switching between different systems.
- 3GPP 3rd Generation Partnership Project
- EPS Evolved Packet System
- EUTRAN Evolved Packet Core
- EPC Evolved Packet Core
- GERAN Global System for Mobile Communication Enhanced Data Rate for GSM Evolution Radio Access Network
- UTRAN Universal Terrestrial Radio Access Network
- the EPC packet core network includes a Mobility Management Entity (MME), and the MME is responsible for control plane-related tasks such as mobility management, non-access stratum signaling processing, and user security mode management.
- MME stores the Key Access Security Management Entity (KASME) of the EUTRAN.
- the base station device is an evolved Node-B (abbreviated as eNB), which is mainly responsible for Wireless communication, wireless communication management, and management of mobility contexts.
- eNB evolved Node-B
- the root key of the access layer used by the eNB is an evolved base station key (Key eNB, abbreviated as K eNB ).
- the device responsible for the management of the mobility context and/or the management of the user security mode in the GPP Universal Mobile Telecommunication System (UMTS) system is the Serving General Packet Radio Service (Serving General Packet Radio Service). Support Node, referred to as SGSN). In addition, the SGSN is also responsible for authenticating User Equipment (UE).
- UE User Equipment
- FIG. 1 shows a flow of a key generation method for a UE switching from UTRAN to EUTRAN according to the related art, as shown in FIG.
- step S101 When the UE is switched from the UTRAN to the EUTRAN (ie, step S101 is performed), if the EPS security related parameters, such as KASME, are not saved in the UE and the MME, the RNC needs to send a redirect request (ie, perform steps S102 to S104).
- the EPS security related parameters such as KASME
- the MME generates a key K ASME in the EUTRAN; after the eNB confirms the handover request, the MME forwards the redirected reply to the RNC (ie, performs steps S106 to S112), and the RNC performs a UTRAN handover command (ie, performs step S114), the UE side
- the key K ASME in the EUTRAN is generated, and the handover to the EUTRAN is completed (ie, step S116 is performed).
- the EUTRAN key KASME can be generated but the key used by the access layer cannot be generated.
- the access key of the access layer used by the eNB is K ⁇ B.
- the main object of the present invention is to provide an improvement in view of the problem that an intermediate key used by an access layer cannot be generated when switching between different access systems exists in the related art, thereby failing to achieve access layer security protection.
- the key generation scheme addresses at least one of the above problems in the related art. To achieve the above object, according to an aspect of the present invention, a key generation method is provided.
- the key generation method is configured to generate a key in a process in which a user equipment switches from another network to an EUTRAN network, including: the MME determines the key K ASME according to the EUTRAN network, a specific value, and/or Or other parameters, generating a key, and sending a handover request message carrying the key to the target evolved base station, that is, the target e NB; and the user equipment generates the specific key and/or other parameters according to the EUTRAN network key KASME ⁇
- the key used by the target eNB is configured to generate a key in a process in which a user equipment switches from another network to an EUTRAN network, including: the MME determines the key K ASME according to the EUTRAN network, a specific value, and/or Or other parameters, generating a key, and sending a handover request message carrying the key to the target evolved base station, that is, the target e NB; and the user equipment generates the specific key and/or other parameters according to the EUTRAN network key KAS
- the above specific value is a value 0 shared by the mobility management entity and the user equipment.
- the operation of generating a key according to the key K ASME , the specific value and/or other parameters of the EUTRAN network may specifically include: inputting a specific value and/or other parameters and a key K ASME into the pre-pre A one-way key generation function; the output of the one-way key generation function is used as a key.
- the MME may generate the UI key K ASME of the EUTRAN network according to the received redirect request message.
- the method may further include: the MME receiving the handover request acknowledgement message corresponding to the handover request message, and sending a redirect response message corresponding to the redirect request message to the SGSN of the current network;
- the SGSN of the network receives the redirect reply message and sends a redirect command message;
- the radio network controller of the current network sends a handover command message to the user equipment;
- the user equipment generates the root key KASMEO of the EUTRAN network according to the received handover command message.
- the key generation apparatus includes: a first unit, configured to generate a key according to a key K ASME of the EUTRAN network, a specific value 0, and/or other parameters.
- the first unit may be set in the MME, and the first unit includes: a first key generation module, configured to generate a root key K ASME according to the received redirect request message, and according to the root key K ASME , the specific value And/or other parameters, generating a key; the first sending module, configured to send a handover request message carrying the key to the target eNB.
- the first unit can also be disposed on the user equipment.
- the key generation system includes: a mobility management entity, configured to generate a key according to a key K ASME of the EUTRAN network, a specific value 0 and/or other parameters, and send the bearer Key switching request message; user equipment, for receiving a handover command message, and generating a key according to a key K ASME , a specific value and/or other parameters of the EUTRAN network.
- a mobility management entity configured to generate a key according to a key K ASME of the EUTRAN network, a specific value 0 and/or other parameters, and send the bearer Key switching request message
- user equipment for receiving a handover command message, and generating a key according to a key K ASME , a specific value and/or other parameters of the EUTRAN network.
- the intermediate key used by the access layer cannot be generated, so that the access layer security protection cannot be implemented, so that the signaling and/or data of the access layer can be effectively protected, and the access layer security protection can be realized.
- the key generation method, apparatus and system of the embodiments of the present invention generate a key using a specific value of 0, so that it is not required to be forwarded to the mobility management entity, and thus no additional signaling burden is required.
- FIG. 1 is a diagram showing a key generation method for a UE switching from UTRAN to EUTRAN according to the related art
- FIG. 2 is a flowchart of a key generation method according to an embodiment of the method of the present invention
- 3 is a flow chart of a specific implementation of the key generation method according to the first embodiment of the method of the present invention
- FIG. 1 is a diagram showing a key generation method for a UE switching from UTRAN to EUTRAN according to the related art
- FIG. 2 is a flowchart of a key generation method according to an embodiment of the method of the present invention
- 3 is a flow chart of a specific implementation of the key generation method according to the first embodiment of the method of the present invention
- FIG. 1 is a diagram showing a key generation method for a UE switching from UTRAN to EUTRAN according to the related art
- FIG. 2 is a flowchart of a key generation method according to an embodiment of the method of the present invention
- 3 is a flow chart of
- FIG. 4 is a signaling flow chart of the key generation method according to the second embodiment of the method of the present invention.
- BRIEF DESCRIPTION OF THE DRAWINGS FIG. 6 is a schematic diagram showing the detailed structure of a key generation apparatus according to an embodiment of the apparatus of the present invention;
- FIG. 7 is a diagram showing a key according to an embodiment of the system of the present invention; Generate a system diagram.
- DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS The present invention provides an embodiment in which the intermediate key used by the access layer cannot be generated when switching between different access systems in the related art, thereby failing to implement access layer security protection.
- An improved key generation scheme in an embodiment of the present invention, generating an intermediate key used by an access layer with a specific value, K ASME and/or other parameters, and outputting the key to enable the access layer Signaling and/or data can be effectively protected, enabling access layer security protection.
- the key generation method according to the embodiment of the present invention includes the following processing procedure (step S202 to step S204): Preferably, before performing step S202, the MME receives the redirection request message to generate an EUTRAN network.
- the key K ASME in step S202, the MME generates a key according to the key K ASME , the specific value 0 , and/or other parameters of the EUTRAN network, and sends a handover request message carrying the key to the target
- the eNB is a specific value that is shared by the MME and the user equipment.
- the MME and the user equipment default to the specific value of 0.
- the operation of generating the key may specifically include: setting a specific value and/or other parameters.
- the key KASME inputs a preset one-way key generation function; the output of the one-way key generation function is used as a key; preferably, after the target eNB receives the key, the MME receives and switches the request The handover request acknowledgement message corresponding to the message, and sending a redirect reply message corresponding to the redirect request message to the SGSN of the current network; the SGSN of the current network receives the redirect reply message, and sends the message Orienting the command message; the RNC of the current network sends a handover command message to the user equipment; the user equipment generates the authentication key KASME of the EUTRAN network according to the received handover command message; Step S204, the user equipment refers to the authentication key of the EUTRAN network.
- FIG. 3 is a flowchart of a specific implementation of a key generation method according to Embodiment 1 of the present invention, as shown in FIG.
- this embodiment shows a key generation method in which a UE switches from UTRAN to EUTRAN.
- Step S310 after receiving the redirect request message from the RNC forwarded by the SGSN, generating a K ASME according to the redirect request message; preferably, the MME may Use the parameters in the redirect request message to generate K ASME .
- the parameters include Integrity Key (IK), Ciphering Key (CK), jt ⁇ , and further use of redirection.
- the public land mobile network identity (PLMN-ID) information in the request message generates K ASME ; in step S320, the MME generates a key using the specific value 0 and K ASME ; step S330, the MME generates After the key, the handover request message carries the key and is sent to the target eNB.
- step S350 the UE generates the key of the target eNB by using the specific value 0 and the K ASME .
- the method may further include the following steps: the eNB and the UE may further generate the power P secret key and the integrity protection key of the EUTRAN network according to the generated key. , and/or user side encryption keys to initiate appropriate security protection.
- the key generation method of the present embodiment overcomes the problem that the I NB cannot be generated when the UE switches from the UTRAN to the EUTRAN in the prior art because the specific value 0 and the K ASME are used for output, thereby enhancing security protection.
- FIG. 4 is a signaling flowchart of a key generation method according to Embodiment 2 of the present invention, where the source RNC and the source SGSN in FIG.
- the signaling procedure of the key generation method according to the second embodiment of the present invention includes the following processing procedure (step S401 to step S415): Step S401: The source RNC in the UTRAN decides to initiate the handover, which may be specifically According to the measurement report sent by the UE to the RNC, the RNC may initiate the handover decision according to other reasons; Step S402: The source RNC sends a redirect request message to the source SGSN.
- Step S403 The source SGSN forwards the redirect request message to the target MME, and simultaneously sends IK, CK to the target MME. Step S404, after receiving the redirect request message, the target MME uses the integrity key IK and the secret key.
- the target MME uses the specific value 0 and K ASME to generate the key K eNB ; step S406, the target MME sends the key K eNB in the handover request message And the target eNB may further generate other keys of the EUTRAN network by using the key I NB, such as: a radio resource control encryption key, an integrity protection key, and a user plane encryption key; the target eNB succeeds.
- step S408 the target eNB returns a handover request acknowledgement message to the target MME, indicating that the handover request is accepted;
- step S409 the target MME sends a handover redirection reply message to the source SGSN after receiving the handover request acknowledgement message of the target eNB;
- Step S410 The source SGSN sends a redirect command to the source RNC.
- Step S411 the source RNC sends a UTRAN handover command to the UE.
- step S412 the UE generates the UTRAN handover command according to the current UTRAN handover command.
- step S413 UE specific values used to generate the key K ASME 0 and the UE side is K eNB; step S414, using the key I NB UE further generate additional keys of the EUTRAN network: p radio resource control encryption key, The integrity protection key, and the user's power p key; the UE successfully initiates the security protection; step S415, the UE sends a handover complete command message to the target eNB, and the handover complete command message may use the radio resource control encryption key of the EUTRAN network The encryption is performed and the integrity key is used for integrity protection.
- the handover complete command message sent by the user side UE can be successfully decrypted.
- 0 and K ASME and/or other parameters may be used.
- FIG. 5 is a schematic diagram of a key generation apparatus according to an embodiment of the apparatus of the present invention.
- the key generation apparatus according to the apparatus embodiment of the present invention includes: a first unit 62, configured to use EUTRAN
- the key K is generated by the network key K ASME , a specific value of 0 and/or other parameters.
- the first unit 62 may be disposed on the UI or may be configured on the user equipment to implement the generation of the EUTRAN network access layer key on the user equipment side.
- the related functions of the first unit 62 may be specifically implemented in the method.
- the key generation apparatus of this embodiment is similar to the key generation process of the method embodiment, and needs to generate an EUTRAN network access layer key according to KASME and a specific value of 0.
- FIG. 6 further shows a detailed structural diagram of a key generation apparatus according to an embodiment of the present invention. As shown in FIG.
- the first unit 72 is configured in the MME, where the first unit 72 includes: a first key generation module 722, configured to generate a root key according to the received redirect request message. K ASME , and generates a key K according to the root key K ASME and the specific value 0; the first sending module 724 is configured to send a handover request message carrying the key K to the target eNB.
- a first key generation module 722 configured to generate a root key according to the received redirect request message.
- K ASME and generates a key K according to the root key K ASME and the specific value 0
- the first sending module 724 is configured to send a handover request message carrying the key K to the target eNB.
- This embodiment is an embodiment of the embodiment of FIG. 5.
- the first unit 72 can be disposed on
- FIG. 7 is a schematic diagram of a key generation system according to an embodiment of the present invention.
- a key generation system according to an embodiment of the present invention includes: a mobility management entity 82 and a user equipment 84. description. a mobility management entity 82, configured to use a root key K ASME of the EUTRAN network, a specific value letter
- FIG. 8 P23513 And/or other parameters generate a key K, and send a handover request message carrying the key K;
- the user equipment 84 is configured to receive the handover command message, and then according to the authentication key K ASME of the EUTRAN network, the specific value Information and / or other parameters, generate a key K.
- FIG. 2 to FIG. 4 are also understood as an analytical diagram of an embodiment of the key generation system according to the embodiment of the present invention, to implement the target eNB and The user equipment generates a key used by the EUTRAN network access layer.
- the specific value takes a value of 0, and other values may be taken.
- the key generation method, apparatus, and system provided by the embodiment of the present invention use a specific value and K ASME to generate a key used by the access layer, and output the key, so that the access layer signaling And / or data can be effectively protected to enhance the security of the access layer.
- the parameters used do not need to be forwarded to the mobility management entity, so no additional signaling burden is required.
- the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices.
- the invention is not limited to any specific combination of hardware and software.
- the above is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Description
密钥生成方法、 装置及系统
技术领域 本发明涉及通信领域中密钥生成技术, 具体地, 涉及在不同系统间切换 时的密钥生成方法、 装置及系统。 背景技术 第三^ ^合作伙伴计划( 3rd Generation Partnership Project, 简称为 3GPP ) 演进的分组系统( Evolved Packet System , 简称为 EPS )由演进的陆地无线接 入网 ( Evolved UMTS Terrestrial Radio Access Network, 简称为 EUTRAN ) 和 EPS演进的分组核心网 ( Evolved Packet Core, 简称为 EPC )组成。 其中, EPC能够支持用户从全球移动通讯系统增强型数据速率 GSM演进实体无线 接入网 ( Global System for Mobile Communication Enhanced Data Rate for GSM Evolution radio access network, 简称为 GERAN ) 和通用陆地无线接入 网 ( Universal Terrestrial Radio Access Network, 简称为 UTRAN ) 的接入。
EPC分组核心网包含移动管理实体 ( Mobility Management Entity, 简称 为 MME ), MME 负责移动性的管理、 非接入层信令的处理、 以及用户安全 模式的管理等控制面相关的工作。 其中, MME保存 EUTRAN的根密钥 接入安全管理实体密钥 (Key Access Security Management Entity, 简称为 KASME ) 在 EUTRAN中, 基站设备为演进的基站( evolved Node-B , 简称为 eNB ), 主要负责无线通信、 无线通信管理、 和移动性上下文的管理。 供 eNB 使用的接入层的根密钥是演进的基站密钥 ( Key eNB , 简称为 KeNB )。
3 GPP通用移动通信系统 ( Universal Mobile Telecommunication System, 简称为 UMTS )系统中负责移动性上下文的管理、 和 /或用户安全模式的管理 的设备是月 务通用分组无线业务支持节点 (Serving General Packet Radio Service Support Node,简称为 SGSN )。此外, SGSN还负责认证用户设备( User Equipment, 简称为 UE )。
3GPP UMTS系统中, 负责无线通信管理的设备是 UTRAN中的无线网 络控制器( Radio Network Controller, 简称为 RNC )。 图 1示出了才艮据相关技 术的 UE从 UTRAN切换到 EUTRAN的密钥生成方法流程, 如图 1所示,
1 P23513
UE从 UTRAN切换到 EUTRAN时(即, 执行步骤 S101 ), 如果 UE和 MME 中没有保存 EPS安全相关参数, 如 KASME, 则 RNC需要通过发送重定向请 求(即,执行步骤 S102至步骤 S104 ),使 MME生成 EUTRAN中的密钥 KASME; MME在 eNB确认切换请求之后, 向 RNC转发重定向回复 (即, 执行步骤 S106至步骤 S112 ), RNC执行 UTRAN切换命令 (即, 执行步骤 S114 ), UE 侧生成 EUTRAN中的密钥 KASME,完成切换到 EUTRAN(即,执行步骤 S116 )。 目前, 在相关技术中, 在不同接入系统之间进行切换时, 例如, 从其他 网络切换到 EUTRAN时, 虽然可以生成 EUTRAN的才艮密钥 KASME > 但无法 生成由接入层使用的密钥, 例如, 供 eNB使用的接入层的才艮密钥 K^B, 因 此, 接入层的信令和 /或数据无法得到有效保护, 存在安全隐患。 发明内容 考虑到相关技术中存在的不同接入系统间切换时无法生成由接入层使 用的中间密钥、 从而无法实现接入层安全性保护的问题, 本发明的主要目的 在于提供一种改进的密钥生成方案,以解决相关技术中的上述问题至少之一。 为实现上述目的, 根据本发明的一个方面, 提供了一种密钥生成方法。 才艮据本发明的密钥生成方法, 用于在用户设备从其他网络切换到 EUTRAN 网络的过程中生成密钥, 包括: MME才艮据 EUTRAN 网络的才艮密 钥 KASME、 特定值和 /或其他参数, 生成密钥, 并发送携带密钥的切换请求消 息给目标演进的基站即目标 eNB; 用户设备才艮据 EUTRAN 网络的才艮密钥 KASME ^ 特定值和 /或其他参数, 生成目标 eNB使用的密钥。 优选地, 上述特定值为移动管理实体和用户设备共同拥有, 从而不需要 转发给移动管理实体, 这样就不会产生额外的信令负担。 优选地, 上述特定值为移动管理实体和用户设备共同拥有的值 0。 优选地, 才艮据 EUTRAN网络的才艮密钥 KASME、 特定值和 /或其他参数, 生成密钥的操作具体可以包括:将特定值和 /或其他参数和才艮密钥 KASME输入 预设的单向密钥生成函数; 将单向密钥生成函数的输出作为密钥。 优选地, MME可以才艮据接收到的重定向请求消息生成 EUTRAN 网络 的才艮密钥 KASME。
2 P23513
优选地, 目标 eNB收到密钥之后, 该方法还可以包括: MME接收与切 换请求消息对应的切换请求确认消息, 并向当前网络的 SGSN发送与重定向 请求消息对应的重定向回复消息; 当前网络的 SGSN接收重定向回复消息, 并发送重定向命令消息; 当前网络的无线网络控制器向用户设备发送切换命 令消息; 用户设备根据接收到的切换命令消息生成 EUTRAN 网络的根密钥 KASMEO 为实现上述目的,才艮据本发明的另一个方面,提供了一种密钥生成装置。 才艮据本发明实施例的密钥生成装置, 包括: 第一单元, 用于才艮据 EUTRAN网络的才艮密钥 KASME、 特定值 0和 /或其他参数, 生成密钥。 优选地, 第一单元可以设置于 MME, 第一单元包括: 第一密钥产生模 块, 用于根据接收到的重定向请求消息生成根密钥 KASME, 并根据根密钥 KASME、 特定值和 /或其他参数, 生成密钥; 第一发送模块, 用于发送携带密 钥的切换请求消息给目标 eNB。 优选地, 第一单元还可以设置于用户设备上。 为实现上述目的,根据本发明的另一个方面,提供了一种密钥生成系统。 艮据本发明实施例的密钥生成系统, 包括: 移动管理实体, 用于才艮据 EUTRAN网络的才艮密钥 KASME、 特定值 0和 /或其他参数, 生成密钥, 并发送 携带密钥的切换请求消息; 用户设备, 用于接收切换命令消息, 并根据 EUTRAN网络的才艮密钥 KASME、 特定值和 /或其他参数, 生成密钥。 借助于上述技术方案, 通过采用特定值、 KASME和 /或其他参数, 来生成 接入层使用的中间密钥, 并输出该密钥, 能够解决相关技术中存在的不同接 入系统间切换时无法生成由接入层使用的中间密钥、 从而无法实现接入层安 全性保护的问题, 从而使接入层的信令和 /或数据能得到有效保护, 能够实现 接入层的安全性保护。 进一步地, 本发明各实施例的密钥生成方法、 装置和系统, 因为使用特 定值 0生成密钥, 从而不需要转发给移动管理实体, 因此不需要额外的信令 负担。 本发明的其它特征和优点将在随后的说明书中阐述, 并且, 部分地从说 明书中变得显而易见, 或者通过实施本发明而了解。 本发明的目的和其他优
3 P23513
点可通过在所写的说明书、 权利要求书、 以及附图中所特别指出的结构来实 现和获得。 附图说明 附图用来提供对本发明的进一步理解, 并且构成说明书的一部分, 与本 发明的实施例一起用于解释本发明, 并不构成对本发明的限制。 在附图中: 图 1为才艮据相关技术的 UE从 UTRAN切换到 EUTRAN的密钥生成方 法 ¾ϊ程图; 图 2为才艮据本发明方法实施例的密钥生成方法的流程图; 图 3为才艮据本发明方法实施例一的密钥生成方法的具体实施的流程图; 图 4为才艮据本发明方法实施例二的密钥生成方法的信令流程图; 图 5为才艮据本发明装置实施例的密钥生成装置示意图; 图 6为才艮据本发明装置实施例的密钥生成装置的详细结构的示意图; 图 7为才艮据本发明系统实施例的密钥生成系统示意图。 具体实施方式 功能相克述 考虑到相关技术中存在的不同接入系统间切换时无法生成由接入层使 用的中间密钥、 从而无法实现接入层安全性保护的问题, 本发明的实施例提 供了一种改进的密钥生成方案, 在本发明的实施例中, 用特定值、 KASME和 / 或其他参数生成接入层使用的中间密钥, 并输出该密钥, 使接入层的信令和 / 或数据能得到有效保护, 能够实现接入层的安全性保护。 以下结合附图对本发明的优选实施例进行说明, 应当理解, 此处所描述 的优选实施例仅用于说明和解释本发明, 并不用于限定本发明。如果不沖突, 本发明实施例以及实施例中的特征可以相互组合。 方法实施例 根据本发明实施例, 首先提供了一种密钥生成方法。
4 P23513
图 2为根据本发明实施例的密钥生成方法的流程图。 需要说明的是, 在 附图的流程图示出的步骤可以在诸如一组计算机可执行指令的计算机系统中 执行, 并且, 虽然在流程图中示出了逻辑顺序, 但是在某些情况下, 可以以 不同于此处的顺序执行所示出或描述的步骤。 如图 2所示, 艮据本发明实施例的密钥生成方法包括以下处理过程(步 骤 S202至步骤 S204 ): 优选地, 在执行步骤 S202之前, MME 居接收到的重定向请求消息 生成 EUTRAN网络的才艮密钥 KASME; 步骤 S202, MME才艮据 EUTRAN网络的才艮密钥 KASME、 特定值 0, 和 / 或其他参数, 生成密钥, 并发送携带密钥的切换请求消息给目标 eNB; 该特 定值为 MME和用户设备共同拥有的特定值, 例如, MME和用户设备默认 该特定值为 0; 具体地, 生成密钥的操作具体可以包括: 将特定值和 /或其他参数和才艮 密钥 KASME输入预设的单向密钥生成函数; 将该单向密钥生成函数的输出 作为密钥; 优选地, 在目标 eNB收到所述的密钥之后, MME接收与切换请求消息 对应的切换请求确认消息, 并向当前网络的 SGSN发送与重定向请求消息对 应的重定向回复消息; 当前网络的 SGSN接收重定向回复消息, 并发送重定 向命令消息; 当前网络的 RNC 向用户设备发送切换命令消息; 用户设备根 据接收到的切换命令消息生成 EUTRAN网络的才艮密钥 KASME; 步骤 S204, 用户设备才艮据 EUTRAN网络的才艮密钥 KASME、 特定值 0, 和 /或其他参数, 生成目标 eNB使用的所述密钥。 本发明实施例的密钥生成方法, 可以生成 EUTRAN网络接入层使用的 密钥, 使得接入层的信令和 /或数据能得到有效保护, 加强接入层的安全性。 此外, 由于本实施例使用 EUTRAN 网络的特定值 0生成密钥, 从而不需要 转发给移动管理实体, 因此不需要额外的信令负担。 实施例一 图 3为才艮据本发明实施例一的密钥生成方法的具体实施的流程图,如图
3所示, 本实施例示出了 UE从 UTRAN切换到 EUTRAN的密钥生成方法的
5 P23513
流程图, 该处理过程包括以下步骤 (步骤 S310至步骤 S350 ): 步骤 S310 , ΜΜΕ收到由 SGSN转发的来自 RNC的重定向请求消息后, 根据重定向请求消息生成 KASME; 优选地, MME可以使用重定向请求消息中 的参数来生成 KASME, 参数包括完整性密钥 (Integrity Key, 简称为 IK ), 加 密密钥 (Ciphering Key, 简称为 CK ), jt匕外, 还可以进一步使用重定向请求 消息中的公共陆地移动通信网标 i只 ( Public Land Mobile Network Identity, 简 称为 PLMN-ID ) 信息生成 KASME; 步骤 S320 , MME使用特定值 0和 KASME生成密钥; 步骤 S330, MME生成密钥后, 在切换请求消息携带该密钥并发送给目 标 eNB; 步骤 S340, UE收到切换命令后生成 KASME; 步骤 S350 , UE使用特定值 0和 KASME生成该目标 eNB的密钥。 优选地, 生成 eNB使用的接入层的密钥之后, 还可以包括以下步骤: eNB和 UE还可以进一步才艮据生成的密钥, 生成 EUTRAN网络的力 P密密钥、 完整性保护密钥、 和 /或用户面加密密钥以启动相应的安全保护。 本实施例的密钥生成方法因为采用特定值 0和 KASME来输出,所以克服 了现有技术中在 UE从 UTRAN切换到 EUTRAN时无法生成 I NB的问题, 从而能加强安全保护。 实施例二 图 4为根据本发明实施例二的密钥生成方法的信令流程图, 其中, 图 4 中源 RNC以及源 SGSN表示 UE当前连接到的 UMTS中的设备; 目标 eNB 以及目标 MME标识 UE将要切换到的 EPS中的设备。 如图 4所示, 才艮据本 发明实施例二的密钥生成方法的信令流程包括以下处理过程 (步骤 S401 至 步骤 S415 ): 步骤 S401 , UTRAN中的源 RNC决定发起切换, 具体可以是才艮据 UE 发给该 RNC的测量报告触发,也可以是才艮据其他原因由 RNC发起切换决定; 步骤 S402 , 源 RNC向源 SGSN发送重定向请求消息;
6 P23513
步骤 S403 , 源 SGSN向目标 MME转发该重定向请求消息, 并且同时 发送 IK, CK给目标 MME; 步骤 S404 , 目标 MME收到重定向请求消息后, 使用完整性密钥 IK、 力口密密钥 CK及其他的参数, 如 PLMN-ID , 生成 KASME; 步骤 S405 , 目标 MME使用特定值 0和 KASME , 生成密钥 KeNB; 步骤 S406,目标 MME在切换请求消息中将密钥 KeNB发送给目标 eNB; 步骤 S407 , 目标 eNB还可以进一步使用密钥 I NB生成 EUTRAN网络 的其他密钥, 如: 无线资源控制加密密钥、 完整性保护密钥, 以及用户面加 密密钥; 目标 eNB成功启动安全保护; 步骤 S408 , 目标 eNB向目标 MME回复切换请求确认消息, 表示接受 切换请求; 步骤 S409,目标 MME收到目标 eNB的切换请求确认消息后向源 SGSN 发送转发重定向回复消息; 步骤 S410, 源 SGSN向源 RNC发送重定向命令; 步骤 S411 , 源 RNC向 UE发送 UTRAN切换命令; 步骤 S412, UE才艮据当前 UTRAN的切换命令, 生成 KASME; 步骤 S413 , UE使用特定值 0和 KASME生成 UE侧的密钥 KeNB; 步骤 S414, UE进一步使用密钥 I NB生成 EUTRAN网络的其他密钥: 无线资源控制力 p密密钥、 完整性保护密钥, 以及用户面力 p密密钥; UE 成功 启动安全保护; 步骤 S415 , UE向目标 eNB发送切换完成命令消息, 该切换完成命令 消息可以使用 EUTRAN 网络的无线资源控制加密密钥进行加密以及使用完 整性密钥进行完整性保护, 由于目标 eNB生成的无线资源控制加密密钥及完 整性密钥与 UE侧一致, 这样, 可以成功解密用户侧 UE发送的切换完成命 令消息。 在本实施例的密钥生成过程中, 可以使用 0和 KASME和 /或其他参数,
P23513
作为输入参数, 采用单向密钥生成函数生成, 其他参数可以根据实际情况选 取, 本实施例为简单起见, 不选用其他参数, 本领域技术人员应当了解, 其 他参数, 不限定为无, 这不影响本发明实施例的实质。 装置实施例 根据本发明的实施例, 还提供了一种密钥生成装置。 图 5为才艮据本发明装置实施例的密钥生成装置示意图, 如图 5所示,才艮 据本发明装置实施例的密钥生成装置包括: 第一单元 62, 用于才艮据 EUTRAN 网络的才艮密钥 KASME、 特定值 0和 / 或其他参数, 生成密钥 K。 优选地, 第一单元 62可以设置于 ΜΜΕ上, 也可 以设置于用户设备上, 以实现用户设备侧 EUTRAN网络接入层密钥的生成; 此外, 第一单元 62 的相关功能具体可参见方法实施例的相关说明, 不再进 行重复说明。 本实施例密钥生成装置与方法实施例的密钥生成过程类似, 需要根据 KASME和特定值 0 , 生成 EUTRAN网络接入层密钥。 基于以上的描述,图 6进一步示出了才艮据本发明实施例的密钥生成装置 的详细结构示意图。 如图 6所示, 本实施例中第一单元 72设置于 MME , 其 中, 第一单元 72包括: 第一密钥产生模块 722 , 用于才艮据接收到的重定向请 求消息生成根密钥 KASME , 并根据根密钥 KASME及特定值 0 , 生成密钥 K; 第一发送模块 724 , 用于发送携带密钥 K的切换请求消息给目标 eNB。 本实施例为图 5实施例的具体化, 如上所述, 第一单元 72可以设置于
MME上, 也可以设置于用户设备上, 此处不再进行重复说明。 系统实施例 根据本发明实施例, 还提供了一种密钥生成系统。 图 7为根据本发明系统实施例的密钥生成系统示意图, 如图 7所示,根 据本发明系统实施例的密钥生成系统包括: 移动管理实体 82和用户设备 84, 下面对上述结构进行描述。 移动管理实体 82, 用于根据 EUTRAN网络的根密钥 KASME、 特定值信
8 P23513
息和 /或其他参数, 生成密钥 K , 并发送携带密钥 K的切换请求消息; 用户设备 84 , 用于接收切换命令消息, 并才艮据 EUTRAN网络的才艮密钥 KASME、 特定值信息和 /或其他参数, 生成密钥 K。 本实施例具体可参见图 2至图 4方法实施例的具体处理流程说明, 图 2 至图 4 也可以理解为 艮据本发明实施例的密钥生成系统的实施例解析示意 图, 实现目标 eNB及用户设备生成 EUTRAN网络接入层使用的密钥。 需要说明的是,在上述多个实施例中特定值取值为 0 ,也可以取其他值。 综上所述, 采用本发明实施例提供的密钥生成方法、 装置和系统, 采用 特定值和 KASME来生成接入层使用的密钥, 并输出该密钥, 使得接入层的信 令和 /或数据能得到有效保护, 加强接入层的安全性。 同时, 使用的参数某特 定值不需要转发给移动管理实体, 因此不需要额外的信令负担。 显然, 本领域的技术人员应该明白, 上述的本发明的各模块或各步骤可 以用通用的计算装置来实现, 它们可以集中在单个的计算装置上, 或者分布 在多个计算装置所组成的网络上, 可选地, 它们可以用计算装置可执行的程 序代码来实现, 从而, 可以将它们存储在存储装置中由计算装置来执行, 或 者将它们分别制作成各个集成电路模块, 或者将它们中的多个模块或步骤制 作成单个集成电路模块来实现。 这样, 本发明不限制于任何特定的硬件和软 件结合。 以上所述仅为本发明的优选实施例而已, 并不用于限制本发明, 对于本 领域的技术人员来说, 本发明可以有各种更改和变化。 凡在本发明的精神和 原则之内, 所作的任何修改、 等同替换、 改进等, 均应包含在本发明的保护 范围之内。
9 P23513
Claims
1. 一种密钥生成方法,用于在用户设备从其他网络切换到 EUTRAN网络的 过程中生成密钥, 其特征在于, 包括:
移动管理实体才艮据 EUTRAN网络的才艮密钥 KASME、 及特定值和 /或 其他参数, 生成密钥, 并发送携带所述密钥的切换请求消息给目标 eNB; 用户设备才艮据 EUTRAN网络的才艮密钥 KASME、 及特定值和 /或其他 参数, 生成所述目标 eNB使用的所述密钥。
2. 根据权利要求 1所述的密钥生成方法, 其特征在于, 特定值为移动管理 实体和用户设备共同拥有。
3. 根据权利要求 1所述的密钥生成方法, 其特征在于, 所述特定值为 0。
4. 才艮据权利要求 1 所述的密钥生成方法, 其特征在于, 所述才艮据所述 EUTRAN网络的根密钥 KASME、 及特定值和 /或其他参数, 生成密钥的操 作具体包括:
将特定值和 /或其他参数和所述才艮密钥 KASME输入预设的单向密钥 生成函数;
将所述单向密钥生成函数的输出作为所述密钥。
5. 根据权利要求 1所述的密钥生成方法, 其特征在于, 所述移动管理实体 根据接收到的重定向请求消息生成所述 EUTRAN网络的根密钥 KASME。
6. 根据权利要求 5所述的密钥生成方法, 其特征在于, 所述目标 eNB收到 所述的密钥之后, 所述方法还包括:
所述移动管理实体接收与所述切换请求消息对应的切换请求确认 消息, 并向当前网络的 SGSN发送与所述重定向请求消息对应的重定向 回复消息;
所述当前网络的 SGSN接收所述重定向回复消息,并发送重定向命 令消息;
当前网络的无线网络控制器向所述用户设备发送切换命令消息;
10 P23513
所述用户设备根据接收到的切换命令消息生成所述 EUTRAN网络 的才艮密钥 KASME。
7. 一种密钥生成装置, 其特征在于, 包括:
第一单元, 用于根据 EUTRAN网络的才艮密钥 KASME、 特定值 0和 / 或其他参数, 生成密钥。
8. 根据权利要求 7所述的密钥生成装置, 其特征在于, 所述第一单元设置 于移动管理实体, 所述第一单元包括:
第一密钥产生模块,用于根据接收到的重定向请求消息生成根密钥 KASME, 并根据所述根密钥 KASME及某特定值和 /或其他参数, 生成密钥; 第一发送模块, 用于发送携带所述密钥的切换请求消息给目标 eNB。
9. 根据权利要求 7所述的密钥生成装置, 其特征在于, 所述第一单元设置 于用户设备上。
10. 一种密钥生成系统, 其特征在于, 包括:
移动管理实体, 用于根据 EUTRAN 网络的根密钥 KASME、 及特定 值 0和 /或其他参数, 生成密钥, 并发送携带所述密钥的切换请求消息; 用户设备, 用于接收切换命令消息, 并 居 EUTRAN网络的才艮密 钥 KASME、 某特定值和 /或其他参数, 生成密钥。
11 P23513
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP08873910.7A EP2282443A4 (en) | 2008-04-16 | 2008-12-30 | METHOD, DEVICE AND GENERATION SYSTEM FOR CRYPTOGRAPHIC KEYS |
US12/988,051 US8452007B2 (en) | 2008-04-16 | 2008-12-30 | Security key generating method, device and system |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200810066591.7 | 2008-04-16 | ||
CN200810066591.7A CN101267668B (zh) | 2008-04-16 | 2008-04-16 | 密钥生成方法、装置及系统 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2009127114A1 true WO2009127114A1 (zh) | 2009-10-22 |
Family
ID=39989722
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2008/073868 WO2009127114A1 (zh) | 2008-04-16 | 2008-12-30 | 密钥生成方法、装置及系统 |
Country Status (4)
Country | Link |
---|---|
US (1) | US8452007B2 (zh) |
EP (1) | EP2282443A4 (zh) |
CN (1) | CN101267668B (zh) |
WO (1) | WO2009127114A1 (zh) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130114813A1 (en) * | 2010-06-10 | 2013-05-09 | Huawei Technologies Co., Ltd. | Method and apparatus for refreshing key |
CN103124415A (zh) * | 2011-11-18 | 2013-05-29 | 联芯科技有限公司 | 重定位过程和其他业务相关ranap过程冲突的解决方法 |
KR101813602B1 (ko) | 2010-05-10 | 2017-12-29 | 삼성전자주식회사 | 핸드오버 절차에서 단말을 배치하기 위한 방법 및 시스템 |
Families Citing this family (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101267668B (zh) * | 2008-04-16 | 2015-11-25 | 中兴通讯股份有限公司 | 密钥生成方法、装置及系统 |
CN101304311A (zh) * | 2008-06-12 | 2008-11-12 | 中兴通讯股份有限公司 | 密钥生成方法和系统 |
CN101355507B (zh) * | 2008-09-12 | 2012-09-05 | 中兴通讯股份有限公司 | 更新跟踪区时的密钥生成方法及系统 |
WO2010105442A1 (zh) * | 2009-03-20 | 2010-09-23 | 深圳华为通信技术有限公司 | 密钥推演参数的生成方法、装置和系统 |
CN101925059B (zh) * | 2009-06-12 | 2014-06-11 | 中兴通讯股份有限公司 | 一种切换的过程中密钥的生成方法及系统 |
WO2011006390A1 (zh) * | 2009-07-15 | 2011-01-20 | 中兴通讯股份有限公司 | 一种安全密钥的生成方法和装置 |
EP2739086B1 (en) * | 2009-10-05 | 2018-03-28 | Telefonaktiebolaget LM Ericsson (publ) | Method and apparatus in a telecommunication system |
WO2011160059A1 (en) * | 2010-06-18 | 2011-12-22 | Interdigital Patent Holdings, Inc. | Distributed architecture for security keys derivation in support of non-involved core network handover |
US20120057704A1 (en) * | 2010-09-07 | 2012-03-08 | Futurewei Technologies, Inc. | System and Method for Providing Security in a Wireless Communications System |
CN102752662B (zh) * | 2012-02-23 | 2016-01-20 | 中央电视台 | 一种条件接收系统接收端的根密钥生成方法、模块、芯片及接收终端 |
CN104753666B (zh) * | 2013-12-30 | 2018-08-14 | 华为技术有限公司 | 密钥处理方法和装置 |
US9918225B2 (en) | 2014-11-03 | 2018-03-13 | Qualcomm Incorporated | Apparatuses and methods for wireless communication |
US9736686B2 (en) * | 2015-01-19 | 2017-08-15 | Telefonaktiebolaget Lm Ericsson (Publ) | Methods and apparatus for direct communication key establishment |
US10004014B2 (en) * | 2015-11-30 | 2018-06-19 | Telefonaktiebolaget Lm Ericsson (Publ) | Wireless communication device as context forwarding entity |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1905734A (zh) * | 2005-07-25 | 2007-01-31 | 华为技术有限公司 | 一种目标基站获取鉴权密钥的方法及系统 |
WO2007125486A2 (en) * | 2006-05-02 | 2007-11-08 | Koninklijke Philips Electronics N.V. | Improved access to authorized domains |
CN101102600A (zh) * | 2007-06-29 | 2008-01-09 | 中兴通讯股份有限公司 | 在不同移动接入系统中切换时的密钥处理方法 |
CN101257723A (zh) * | 2008-04-08 | 2008-09-03 | 中兴通讯股份有限公司 | 密钥生成方法、装置及系统 |
CN101267668A (zh) * | 2008-04-16 | 2008-09-17 | 中兴通讯股份有限公司 | 密钥生成方法、装置及系统 |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8462742B2 (en) * | 2006-03-31 | 2013-06-11 | Samsung Electronics Co., Ltd | System and method for optimizing authentication procedure during inter access system handovers |
CN101075865B (zh) * | 2006-05-16 | 2011-02-02 | 华为技术有限公司 | 一种用户面加密的启动方法 |
US8094817B2 (en) * | 2006-10-18 | 2012-01-10 | Telefonaktiebolaget Lm Ericsson (Publ) | Cryptographic key management in communication networks |
US8990925B2 (en) * | 2008-04-02 | 2015-03-24 | Nokia Solutions And Networks Oy | Security for a non-3GPP access to an evolved packet system |
-
2008
- 2008-04-16 CN CN200810066591.7A patent/CN101267668B/zh active Active
- 2008-12-30 WO PCT/CN2008/073868 patent/WO2009127114A1/zh active Application Filing
- 2008-12-30 US US12/988,051 patent/US8452007B2/en active Active
- 2008-12-30 EP EP08873910.7A patent/EP2282443A4/en not_active Ceased
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1905734A (zh) * | 2005-07-25 | 2007-01-31 | 华为技术有限公司 | 一种目标基站获取鉴权密钥的方法及系统 |
WO2007125486A2 (en) * | 2006-05-02 | 2007-11-08 | Koninklijke Philips Electronics N.V. | Improved access to authorized domains |
CN101102600A (zh) * | 2007-06-29 | 2008-01-09 | 中兴通讯股份有限公司 | 在不同移动接入系统中切换时的密钥处理方法 |
CN101257723A (zh) * | 2008-04-08 | 2008-09-03 | 中兴通讯股份有限公司 | 密钥生成方法、装置及系统 |
CN101267668A (zh) * | 2008-04-16 | 2008-09-17 | 中兴通讯股份有限公司 | 密钥生成方法、装置及系统 |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101813602B1 (ko) | 2010-05-10 | 2017-12-29 | 삼성전자주식회사 | 핸드오버 절차에서 단말을 배치하기 위한 방법 및 시스템 |
US20130114813A1 (en) * | 2010-06-10 | 2013-05-09 | Huawei Technologies Co., Ltd. | Method and apparatus for refreshing key |
CN103124415A (zh) * | 2011-11-18 | 2013-05-29 | 联芯科技有限公司 | 重定位过程和其他业务相关ranap过程冲突的解决方法 |
Also Published As
Publication number | Publication date |
---|---|
EP2282443A1 (en) | 2011-02-09 |
US20110033053A1 (en) | 2011-02-10 |
US8452007B2 (en) | 2013-05-28 |
CN101267668B (zh) | 2015-11-25 |
EP2282443A4 (en) | 2013-12-25 |
CN101267668A (zh) | 2008-09-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2009127114A1 (zh) | 密钥生成方法、装置及系统 | |
US10911948B2 (en) | Method and system for performing network access authentication based on non-3GPP network, and related device | |
CN112566112B (zh) | 用于无线通信的装置、方法和存储介质 | |
CN106134231B (zh) | 密钥生成方法、设备及系统 | |
TWI717383B (zh) | 用於網路切分的金鑰層級 | |
WO2019019736A1 (zh) | 安全实现方法、相关装置以及系统 | |
US10320754B2 (en) | Data transmission method and apparatus | |
KR20100114927A (ko) | 무선 통신 시스템에서 핸드오버를 실행하는 동안 키 관리를 실행하기 위한 시스템 및 방법 | |
JP2017520203A (ja) | 無線アクセス・ネットワークからセキュリティを提供する方法およびシステム。 | |
WO2019096075A1 (zh) | 一种消息保护的方法及装置 | |
WO2019096002A1 (zh) | 一种安全保护的方法及装置 | |
WO2009149594A1 (zh) | 密钥生成方法和系统 | |
KR20160083071A (ko) | 모바일 디바이스에 대한 동시적 다수의 셀 접속을 위한 보안 키 생성 | |
WO2012171281A1 (zh) | 一种安全参数修改方法及基站 | |
US11751160B2 (en) | Method and apparatus for mobility registration | |
CN101552983A (zh) | 密钥生成方法、密钥生成装置、移动管理实体与用户设备 | |
EP2648437B1 (en) | Method, apparatus and system for key generation | |
CN113170369B (zh) | 用于在系统间改变期间的安全上下文处理的方法和装置 | |
WO2010028603A1 (zh) | 更新跟踪区时的密钥生成方法及系统 | |
KR20100126691A (ko) | 무선 통신 시스템에서 핸드오버들을 수행, 또는 핸드오버들을 수행하면서 키 관리를 수행하는 시스템 및 방법 | |
WO2011131063A1 (zh) | 一种建立增强的空口密钥的方法及系统 | |
WO2011143977A1 (zh) | 终端移动到增强通用陆地无线接入网络(utran)时建立增强密钥的方法及系统 | |
CN106797560B (zh) | 用于配置安全参数的方法、服务器、基站和通信系统 | |
CN102726082B (zh) | X2安全通道建立方法与系统、以及基站 | |
WO2018126791A1 (zh) | 一种认证方法及装置、计算机存储介质 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 08873910 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 12988051 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2008873910 Country of ref document: EP |