WO2011029388A1 - 加密算法协商方法、网元及移动台 - Google Patents
加密算法协商方法、网元及移动台 Download PDFInfo
- Publication number
- WO2011029388A1 WO2011029388A1 PCT/CN2010/076715 CN2010076715W WO2011029388A1 WO 2011029388 A1 WO2011029388 A1 WO 2011029388A1 CN 2010076715 W CN2010076715 W CN 2010076715W WO 2011029388 A1 WO2011029388 A1 WO 2011029388A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- encryption algorithm
- mobile station
- network element
- encryption
- list
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0457—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/12—Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/033—Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2103—Challenge-response
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2111—Location-sensitive, e.g. geographical location, GPS
Definitions
- an encryption algorithm that is not supported by a mobile card may cause an error in the encryption process if supported by the network side.
- a typical GSM/GPRS system uses a 64-bit encryption key. Although the 64-bit encryption key provides some security, it can provide a relatively low level of security due to the short key length. To this end, a 128-bit encryption key has been introduced in the prior art.
- the GSM system defines the A5/4 encryption algorithm.
- the Universe l Subscr iber Ident Module (USIM) card can support the A5/4 algorithm.
- the Subscr iber Ident Module (SIM) card does not support the A5/4 encryption algorithm.
- SIM SIM card
- the mobile station interacts with the network side, and if the A5/4 encryption algorithm is used, the encryption process will occur. error. Summary of the invention
- the embodiments of the present invention provide an encryption algorithm negotiation method, a network element, and a mobile station, which can avoid errors in the encryption process caused by the insertion card of the mobile station not supporting an encryption algorithm.
- An embodiment of the present invention provides a method for negotiating an encryption algorithm, including:
- the encryption algorithm list allowed by the network element itself and the terminal capability information transmitted by the mobile station select an encryption algorithm and send the selected encryption algorithm to the mobile station.
- An embodiment of the present invention further provides an encryption algorithm negotiation method, including:
- the mobile station sends terminal capability information indicating that the A5/4 encryption algorithm is not supported to the access network element; Selecting an encryption algorithm from the encryption algorithm other than the A5/4 encryption algorithm according to the encryption algorithm list sent by the core network element and the terminal capability information sent by the mobile station, and sending the selected encryption algorithm to the Mobile station
- the mobile station deletes the A5/4 encryption algorithm in the encryption algorithm list supported by the mobile station, and sends a list of encryption algorithms after deleting the A5/4 encryption algorithm.
- the network element is configured to enable the access network element to use the encryption algorithm list sent by the core network element and the encryption algorithm list sent by the mobile station from other encryption algorithms except the A5/4 encryption algorithm. An encryption algorithm is selected and the selected encryption algorithm is sent to the mobile station.
- the embodiment of the invention further provides a core network element, including:
- An acquiring unit configured to acquire information that the inserted card of the mobile station does not support the first encryption algorithm
- an algorithm deleting unit configured to: according to the information that the inserted card of the mobile station acquired by the acquiring unit does not support the first encryption algorithm, Deleting the first encryption algorithm in the list of encryption algorithms allowed by the core network element itself;
- a sending unit configured to: after the algorithm deleting the unit, except the first encryption algorithm
- the list of encryption algorithms allowed by the core network element itself is sent to the access network element, so that the access network element sends the core network according to the core network element except the first encryption algorithm.
- the encryption algorithm list allowed by the network element itself and the terminal capability information transmitted by the mobile station select an encryption algorithm and send the selected encryption algorithm to the mobile station.
- An embodiment of the present invention further provides a mobile station, including:
- a second determining unit configured to determine whether the inserted card of the mobile station is a user identity module SIM card; and a processing unit, configured to: when the determination result of the second determining unit is that the inserted card of the mobile station is a SIM card, Sending a terminal capability information indicating that the A5/4 encryption algorithm is not supported to the access network element, so that the access network element transmits the encrypted algorithm list according to the core network element and the terminal capability sent by the mobile station Selecting an encryption algorithm from the encryption algorithms other than the A5/4 encryption algorithm and transmitting the selected encryption algorithm to the mobile station; or, when the determination result of the second determination unit is When the inserted card of the mobile station is a SIM card, the A5/4 encryption algorithm in the encryption algorithm list supported by the mobile station is deleted, and the encryption algorithm list supported by the mobile station is sent to the access network element.
- the encryption algorithm list sent by the access network element according to the core network element and the encryption algorithm list supported by the mobile station itself are calculated from other encryptions except the A5/4 encryption algorithm. Selecting the encryption
- the mobile station sends the terminal capability information indicating that the mobile station does not support the first encryption algorithm, or deletes the first encryption algorithm in the encryption algorithm list allowed by the core network element itself, thereby avoiding the occurrence of The insertion card of the mobile station does not support the encryption error caused by the first encryption algorithm.
- FIG. 1 is a flow chart of a core network element side of a first embodiment of an encryption algorithm negotiation method according to the present invention
- FIG. 2 is a flowchart of an authentication process involved in an embodiment of the present invention
- FIG. 3 is a signaling interaction diagram of Embodiment 2 of a method for negotiating an encryption algorithm according to the present invention
- 4 is a flowchart of Embodiment 3 of an encryption algorithm negotiation method according to the present invention
- FIG. 5 is a signaling interaction diagram of Embodiment 4 of an encryption algorithm negotiation method according to the present invention
- Embodiment 6 is a signaling interaction diagram of Embodiment 6 of an encryption algorithm negotiation method according to the present invention.
- FIG. 7 is a schematic structural diagram of an embodiment of a core network element according to the present invention.
- FIG. 8 is a schematic structural diagram of an embodiment of an access network element according to the present invention.
- FIG. 9 is a schematic structural diagram of an embodiment of a mobile station according to the present invention.
- 1 is a flow chart of a core network side of a core network according to Embodiment 1 of an encryption algorithm negotiation method according to the present invention, which includes:
- Step 101 Obtain information that the inserted card of the mobile station does not support the first encryption algorithm.
- the first encryption algorithm described above represents an encryption algorithm supported by the mobile station's plug-in card but supported by the core network element.
- Step 102 The first encryption algorithm is deleted from the list of encryption algorithms allowed by the core network element itself according to the information that the inserted card of the mobile station does not support the first encryption algorithm.
- Step 103 Send a list of encryption algorithms allowed by the core network element to the access network element, so that the access network element selects encryption according to the encryption algorithm list allowed by the core network element and the terminal capability information sent by the mobile station.
- the algorithm transmits the selected encryption algorithm to the mobile station.
- obtaining the information that the inserted card of the mobile station does not support the first encryption algorithm may specifically include: acquiring the inserted card of the mobile station according to the security context information of the mobile station does not support the first encryption algorithm.
- Information For example, if the first encryption algorithm is an A5/4 encryption algorithm, the inserted card type of the mobile station is obtained according to the authentication vector in the security context information of the mobile station, and if the authentication vector is an authentication triplet, the mobile station is learned.
- the inserted card type is a SIM card, and the A5/4 encryption algorithm is not supported, thereby obtaining information that the inserted card of the mobile station does not support the A5/4 encryption algorithm.
- the mobile station's inserted card does not support the A5/4 encryption algorithm, thereby acquiring the mobile station's The inserted card does not support the information of the A5/4 encryption algorithm.
- the encryption algorithm negotiation method provided by the embodiment of the present invention, after obtaining the information that the inserted card of the mobile station does not support the information of the first encryption algorithm, for example, deleting the first encryption algorithm in the encryption algorithm list allowed by the core network element itself, such that The first encryption algorithm is not included in the encryption algorithm list sent to the network element of the access network.
- the access network element selects the encryption algorithm according to the terminal capability information and the list of encryption algorithms allowed by the network, the first encryption algorithm is not selected. This avoids the occurrence of encryption errors caused by the mobile card's inserted card not supporting the first encryption algorithm.
- the GSM system strengthens the security protection of the system in two aspects: In terms of network access, the network authenticates the mobile station that initiated the access request through an authentication center (AUC) to determine the mobile station. Whether the mobile station is an authorized legal mobile station; in terms of communication, the GSM system encrypts the user information transmitted on the wireless path.
- AUC authentication center
- the core network finds that the key of the mobile station is inconsistent with the key on the network side, the authentication process will be initiated. If the mobile station does not have a valid key Kc, its CKSN is set to be invalid.
- CM Service Reques t a voice service
- RAU a RAU
- the mobile station is in the corresponding non-access layer (Non-Acces s Stratum).
- the NAS is sent to the core network in the message.
- the core network finds that the CKSN of the mobile station is invalid. If the key of the mobile station is inconsistent with the key on the network side, the core network initiates an authentication process.
- FIG. 2 is a flowchart of an authentication process involved in the embodiment of the present invention, where the authentication process includes:
- Step 201 If the Mobile Switch Center (MSC) does not store the authentication triplet of the mobile station, the MSC sends a Send Authentication Info to the Home Location Register (HLR).
- HLR Home Location Register
- the message carries the international mobile subscriber identity (IMSI) of the mobile station.
- IMSI international mobile subscriber identity
- Step 202 The HLR searches for an authentication triplet of the mobile station according to the IMSI of the mobile station, and sends a Send Authentication Info ACK message, where the authentication information response message (Send Authentication Info ACK) is carried
- the authentication triplet consists of a random number (RAND), an encryption key (Kc), and a response number (SERS), and the authentication triplet is provided by AUC.
- the AUC randomly generates a RAND, and the unique authentication value Ki of the RAND and the mobile station is processed by the A3 algorithm to obtain the SERS on the network side.
- Step 203 The MSC sends an authentication request message (Authentication Request) to the mobile station, where the authentication request message carries an RAND.
- Authentication Request an authentication request message
- Step 204 The mobile station obtains the SERS of the mobile station side by using the LL and the unique authentication value Ki saved by the mobile station itself, and the mobile station sends an authentication response message (Authentication Response) to the MSC, and the authentication response message (Authentication Response) It carries the SERS on the mobile station side.
- Authentication Response an authentication response message
- Ki the unique authentication value saved by the mobile station itself
- the MSC sends the SERS of the mobile station side to the VLR, and the VLR compares the SERS on the network side with the SERS on the mobile station side. If the two are consistent, the mobile station is legal; if the two are inconsistent, the mobile station is not obtained.
- Authorized illegal mobile stations the network side can release all mobility management connections and Radio Resources (RR) connections.
- RR Radio Resources
- the mobile station While generating the SRES, in the authentication process, the mobile station generates the encryption key Kc by the RAND and Ki through the A8 algorithm.
- the encryption key of the core network is generated by the AUC in the process of generating the SERS, and the encryption key Kc of the core network is part of the authentication triplet.
- the network side can judge The encryption key Kc calculated by the mobile station side is also consistent, and the encryption process can be initiated subsequently.
- FIG. 3 is a schematic diagram of a signaling interaction diagram of a method for negotiating an encryption algorithm according to the present invention.
- the embodiment is a method for negotiating an encryption algorithm involved in a mobile station location update process, including:
- Step 301 When the periodic location update timer expires or the mobile station roams across the location area, the mobile station initiates a location update procedure.
- the mobile station initiates an RR connection establish procedure.
- the mobile station transmits terminal capability information to a base station controller (Based Station Controller, BSC).
- BSC Base Station Controller
- the terminal capability information includes information indicating an encryption algorithm supported by the mobile station.
- the mobile station supports the A5/4 encryption algorithm
- the terminal capability information includes information indicating that the mobile station supports the A5/4 encryption algorithm.
- the mobile station implements the communication function together with the inserted card set thereon, and the mobile station supports the A5/4 encryption algorithm and does not represent the mobile card insertion card and also supports the A5/4 encryption algorithm.
- Step 302 After the wireless connection is established, the mobile station sends a location update request (Xocation Updating Request) to the MSC/Visitor Location Register (VLR) to indicate the current location information of the mobile station to the network.
- a location update request Xocation Updating Request
- VLR MSC/Visitor Location Register
- Step 303 The MSC/VLR determines that the mobile station currently needs to perform an authentication operation. If there is no mobile station's authentication vector in the MSC/VLR, the MSC/VLR may send a Send Authentication Information message to the mobile station to which the mobile station belongs, the message carrying the mobile station's IMSI.
- Step 304 The HLR queries the mobile station's authentication vector according to the IMSI of the mobile station, and the HLR sends a Send Authentication Info ACK message to the MSC, where the mobile station's authentication vector is carried. Since the inserted card type of the mobile station is a SIM card, the authentication vector returned by the HLR is an authentication triplet. If the inserted card type of the mobile station is a USIM card, the authentication vector returned by the HLR is an authentication quintuple, and the authentication quintuple includes a random number RAND, an expected response number XRES, an authentication token AUTN, and an encryption key. CK, integrity key IK. The authentication vector is one of the security information contexts of the mobile station.
- Step 305 The MSC/VLR receives the authentication triplet sent by the HLR, and initiates an authentication process to the mobile station.
- Step 306 After the authentication is successfully completed, the MSC/VLR performs an encryption algorithm negotiation process with the access network. First, the MSC/VLR determines the type of the inserted card of the mobile station according to the security context information of the mobile station sent by the HLR. Specifically, in this embodiment, The security context information of the mobile station is specifically an authentication triplet. Since the HLR returns an authentication triplet, it indicates that the inserted card type of the mobile station is a SIM card. Or the MSC/VLR determines whether the encryption key of the mobile station in the security context information sent by the HLR contains only a 64-bit encryption key.
- the MSC/VLR can obtain information that the mobile card's add-in card does not support the A5/4 encryption algorithm. Since the encryption key required by the A5/4 encryption algorithm is 128 bits, the MSC/VLR performs step 307. Otherwise, the MSC/VLR performs the prior art encryption algorithm negotiation process, that is, steps 307-313 are not performed, for example, If CK or IK is included, it can be determined that the encryption key is 128 bits, and the MSC/VLR can perform an encryption algorithm negotiation process related to the US IM card.
- Step 307 The MSC/VLR deletes the A5/4 encryption algorithm in the list of encryption algorithms allowed by itself, and the MSC/VLR sends an encryption mode command (c ipher mode command) to the BSC, where the command carries a 64-bit encryption key Kc and A list of encryption algorithms allowed by the MSC/VLR itself. It can be known that the A5/4 encryption algorithm is not included in the list of encryption algorithms sent by the MSC/VLR.
- a bit map (bi tmap ) can be used to indicate the list of encryption algorithms allowed by the network. For example, because the A5/4 encryption algorithm is deleted, the bit corresponding to the A5/4 encryption algorithm is used. Set to 0 to indicate that the A5/4 encryption algorithm is not allowed.
- Step 308 The BSC selects a force secret algorithm according to the encryption algorithm list sent by the MSC/VLR and the mobile terminal sending terminal capability information, and sends an encrypted secret command (encrypted i on command) to the base accounting unit (Based Trans) DCver Sta t ion, referred to as BTS), which carries the selected encryption algorithm and the encryption key opening force Kc, densely populated force command (encrypt ion command) further comprises a force-tight mode command port (cipher mode command) 0 because MSC
- BTS Base accounting unit
- densely populated force command encrypt ion command
- densely populated force command further comprises a force-tight mode command port (cipher mode command) 0 because MSC
- the A5/4 encryption algorithm is not included in the list of encryption algorithms sent by /VLR, so even if the terminal capability information indicates that the mobile station supports A5/4 encryption calculation Method, BSC will not choose A5/4 algorithm.
- Step 309 The BTS forwards the cipher mode command to the mobile station, and the BTS starts the data decryption function in the uplink direction.
- Step 310 After receiving the encryption mode command (c ipher mode command), the mobile station starts data transmission and reception in the encryption mode. After the mobile station completes the corresponding action of the cipher mode command, it sends a message to the BTS (c ipher mode complete).
- Step 311 After receiving the cipher mode complete message, the BTS starts its own encryption process.
- the BTS forwards the message to the BSC through a data indicating (c ipher mode complete) message.
- the data indicat is an Ab i s message transmitted between the BSC and the BTS.
- the interface between the BSC and the BTS is the Ab i s interface.
- Step 312 The BSC sends a cipher mode complete message to the MSC, indicating that the encryption mode is completed.
- the message carries the encryption algorithm finally selected by the BSC. After the encryption process is completed, the mobile station and the BTS can cooperate to complete the transmission and reception of encrypted data on the wireless link.
- Step 313 After receiving the c ipher mode complete message, the MSC/VLR sends a location update accept message (Locate Id Accept) to the mobile station, indicating that the mobile station location update request is completed.
- the mobile station location information on the network side has been updated to the current location information of the mobile rejection station.
- FIG. 4 is a flowchart of Embodiment 3 of a method for negotiating an encryption algorithm according to the present invention, including: Step 401: Receive an encryption key sent by a network element of a core network.
- Step 402 If the encryption key is an encryption key that does not match the first encryption algorithm, then An encryption algorithm is selected among other encryption algorithms other than the first encryption algorithm, and the selected encryption algorithm is transmitted to the mobile station.
- the first encryption algorithm described above represents an encryption algorithm supported by the mobile station's plug-in card but supported by the core network element.
- the encryption key that does not match the first encryption algorithm may be a 64-bit encryption key.
- the method provided by the third embodiment of the present invention whether the terminal capability information indicates that the mobile station supports the A5/4 encryption algorithm, whether the A5/4 encryption algorithm is included in the encryption algorithm list sent by the core network element, if the core network element The returned encryption key is a 64-bit encryption key. Since the A5/4 encryption algorithm requires a 128-bit encryption key, the access network element selects an encryption algorithm from other encryption algorithms than the A5 / 4 encryption algorithm. That is to say, the access network element does not select the A5 / 4 encryption algorithm, so that the encryption error caused by the mobile card's inserted card does not support the A 5 / 4 encryption algorithm can be avoided.
- the steps 401-402 in Embodiment 4 may be performed by an access network element, such as by a BSC in the access network.
- FIG. 5 is a schematic diagram of a signaling interaction diagram of a method for negotiating an encryption algorithm according to an embodiment of the present invention.
- the embodiment is a method for negotiating an encryption algorithm involved in a mobile station location update process, including:
- the implementation process of the steps 501-505 is substantially the same as the steps 301-305, and is not described here.
- Step 506 After the authentication is successfully completed, the MSC/VLR performs an encryption algorithm negotiation process with the access network, and the MSC/VLR sends an encryption mode command (cipher mode command) to the BSC, where the command carries the 64-bit encryption key Kc and the MSC.
- /VLR itself allows a list of encryption algorithms.
- the MSC does not delete the A5/4 encryption algorithm, so the encryption algorithm list sent by the MSC includes the A5/4 encryption algorithm.
- Step 507 The BSC selects an encryption algorithm according to an encryption algorithm supported by itself, terminal capability information, a list of encryption algorithms sent by the MSC/VLR, and an encryption key. Since the encryption key is a 64-bit encryption key, even if the terminal capability information indicates that the mobile station supports the A5/4 encryption algorithm, the MSC/VLR The list of encryption algorithms sent includes the A5/4 encryption algorithm, and the BSC does not select the A5/4 encryption algorithm. The BSC needs to select an encryption algorithm from other encryption algorithms than the A5/4 encryption algorithm.
- Step 508 The BSC sends an encryption command to the base transceiver station (BTS), which carries the selected encryption algorithm and the dense copper Kc. Command also includes the c ipher mode command.
- BTS base transceiver station
- the implementation process of the steps 509-513 is substantially the same as the steps 309-313, and is not described here.
- the fifth process of the encryption algorithm negotiation method of the present invention mainly includes:
- the mobile station sends terminal capability information indicating that the first encryption algorithm is not supported to the access network element; so that the access network element is sent according to the core network element.
- the encryption algorithm list and the terminal capability information sent by the mobile station select an encryption algorithm from other encryption algorithms than the first encryption algorithm and send the selected encryption algorithm to the mobile station.
- the mobile station deletes the first encryption algorithm in the encryption algorithm list supported by the mobile station, and sends the encryption algorithm list deleted by the first encryption algorithm to the access network element. So that the access network element selects an encryption algorithm from the encryption algorithm list sent by the network element of the core network and the encryption algorithm list sent by the mobile station, and sends the selected encryption algorithm according to the encryption algorithm other than the first encryption algorithm. Give the mobile station.
- the first encryption algorithm may be an A5/4 encryption algorithm.
- the mobile station sends a message indicating that the A5/4 encryption algorithm is not supported, and the mobile station transmits The terminal capability information of the encryption algorithm is sent to the access network element, or the A5/4 encryption algorithm is deleted from the list of encryption algorithms supported by the access network element, so that the A5 is included in the list of encryption algorithms allowed by the network.
- the access network element will not choose the A5/4 encryption algorithm, but will choose the encryption algorithm from other encryption algorithms except A5/4, so you can avoid The encryption error caused by the A5/4 encryption algorithm is not supported by the mobile card's add-in card.
- FIG. 6 is a signaling interaction diagram of a sixth embodiment of the encryption algorithm negotiation method according to the present invention.
- the embodiment is a method for negotiating an encryption algorithm involved in a mobile station location update process, including:
- Step 701 The mobile station determines its own inserted card type. If the inserted card type of the mobile station is a SIM card, the mobile station sends terminal capability information indicating that the A5/4 encryption algorithm is not supported to the BSC. If the type of the inserted card is a USIM card, the mobile station may send terminal capability information indicating that the A5/4 encryption algorithm is supported to the BSC. The step of the mobile station transmitting the terminal capability information is performed during the establishment of the wireless connection.
- the terminal capability information used to indicate that the A5/4 encryption algorithm is supported may be expressed in the form of a bitmap (bi tmap ). For example, if the mobile station supports the A5/4 encryption algorithm, the bit corresponding to the A5/4 encryption algorithm is set to 1. If the mobile station does not support the A5/4 encryption algorithm, the bit corresponding to the A5/4 encryption algorithm is set to zero.
- the mobile station may delete the A5/4 encryption algorithm in the list of encryption algorithms supported by itself, and send the list of encryption algorithms deleted by the A5/4 encryption algorithm to the BSC.
- steps 702-705 is the same as the implementation of steps 302-305, respectively.
- Step 706 After the authentication is successfully completed, the MSC/VLR performs an encryption algorithm negotiation process with the access network.
- the MSC/VLR sends a C i pher mode command to the BSC, which carries a 64-bit encryption key Kc and a list of encryption algorithms allowed by the MSC/VLR itself.
- the A5/4 encryption algorithm is included in the encryption algorithm list sent by the MSC/VLR.
- Step 707 The BSC selects an encryption algorithm according to an encryption algorithm supported by itself, terminal capability information, an encryption algorithm list sent by the MSC/VLR, and an encryption key, and sends an encryption command to the base transceiver station (Based on Transceiver S) Ta t ion (BTS for short), which carries the selected force secret algorithm and the force secret key Kc, and the encrypt i on command also includes the ci pher mode command ( 0 )
- the terminal capability information indicates that the mobile station does not support the A5/4 encryption algorithm or the A5/4 encryption algorithm is not included in the list of encryption algorithms supported by the mobile station. Therefore, the BSC does not select the A5/4 encryption algorithm, and the BSC will remove the 5/4. 4 Select an encryption algorithm from other encryption algorithms than the encryption algorithm.
- the implementation process of steps 708-712 is substantially the same as steps 309-313, and details are not described herein again.
- the method described in the foregoing embodiments of the present invention can also be applied to other networks, for example, can be applied to a universal mobile communication system (Universal Mobile Communication System, UMTS for short).
- UMTS Universal Mobile Communication System
- the core network element may be an MSC
- the access network element may be a radio network controller (Radio Network Controller, or RNC for short), that is, the RSC is used to replace the BSC in the present invention
- the terminal may be a user equipment.
- FIG. 7 is a schematic structural diagram of an embodiment of a core network element according to the present invention.
- the core network element includes an obtaining unit 11, an algorithm deleting unit 12, and a sending unit 13.
- the obtaining unit 11 is configured to obtain an insert card of the mobile station.
- the information of the first encryption algorithm; the algorithm deleting unit 12 is configured to: according to the information that the insertion card of the mobile station acquired by the obtaining unit 11 does not support the information of the first encryption algorithm, the first encryption algorithm in the list of encryption algorithms allowed by the core network element itself
- the sending unit 13 is configured to send the encryption algorithm list allowed by the core network element processed by the algorithm deleting unit 12 to the access network element, so that the access network element sends the core network according to the core network element.
- the encryption algorithm list allowed by the element itself and the terminal capability information transmitted by the mobile station select an encryption algorithm and transmit the selected encryption algorithm to the mobile station.
- the obtaining unit 11 may be specifically configured to obtain information of the mobile station that does not support the A5/4 encryption algorithm according to the security context information of the mobile station.
- the acquiring unit may obtain the inserted card type of the mobile station according to the authentication vector in the security context information of the mobile station: if the authentication vector is an authentication triplet, it is learned that the inserted card type of the mobile station is a SIM card, Supporting the A5/4 encryption algorithm; or, if the key portion of the mobile station's authentication vector contains a 64-bit encryption key, then the mobile station is known The insertion card does not support the A5/4 encryption algorithm.
- the algorithm deleting unit 12 may be specifically configured to delete the A5/4 encryption algorithm in the encryption algorithm list allowed by the core network element itself according to the information that the inserted card of the mobile station does not support the A5/4 encryption algorithm.
- the core network element may be an MSC or a VLR.
- the core network element provided by the embodiment of the present invention deletes the first encryption algorithm in the encryption algorithm list allowed by the core network element itself after acquiring the information that the mobile station does not support the first encryption algorithm, so as to avoid The insert card of the station does not support the encryption error caused by the first encryption algorithm.
- FIG. 8 is a schematic structural diagram of an embodiment of an access network element according to the present invention.
- the access network element includes a receiving unit 21, a first determining unit 22, and a selecting unit 23, where the receiving unit 21 is configured to receive a core network.
- the first determining unit 22 is configured to determine whether the encryption key received by the receiving unit 21 matches the first encryption algorithm; and the selecting unit 23 is configured to: when the first determining unit 22 determines that the result is not matched, The encryption algorithm is selected from other encryption algorithms than the first encryption algorithm, and the selected encryption algorithm is transmitted to the mobile station.
- the access network element shown in Figure 8 can be a BSC or an RNC.
- the first encryption algorithm may be an A5/4 encryption algorithm, and the encryption key that does not match the first encryption algorithm may be a 64-bit encryption key.
- the access network element is an RNC, the first encryption algorithm may be an encryption algorithm supported only by the enhanced USIM card and not supported by the USIM card, and the encryption key that does not match the first encryption algorithm may be existing. The encryption key corresponding to the USIM card.
- the access network element provided by the embodiment of the present invention determines that the first encryption algorithm is not selected according to the encryption key of the mobile station, and can avoid the encryption error caused by the insertion card of the mobile station not supporting the first encryption algorithm.
- FIG. 9 is a schematic structural diagram of an embodiment of a mobile station according to the present invention.
- the mobile station includes a second determining unit 31 and a processing unit 32.
- the second determining unit 31 is configured to determine whether the inserted card of the mobile station is a SIM card.
- the unit 32 is configured to: when the judgment result of the second determining unit 31 is that the insertion card of the mobile station is a SIM card, send a terminal capability letter indicating that the first encryption algorithm is not supported.
- the access network element is configured to enable the access network element to select an encryption algorithm from the encryption algorithm other than the first encryption algorithm according to the encryption algorithm list sent by the core network element and the terminal capability information sent by the mobile station.
- the processing unit 32 is configured to: when the judgment result of the second determining unit 31 is that the mobile card of the mobile station is a SIM card, the first in the encryption algorithm list supported by the mobile station itself After the encryption algorithm is deleted, the encryption algorithm list supported by the mobile station is sent to the access network element, so that the access network element removes the list of encryption algorithms sent by the core network element and the list of encryption algorithms supported by the mobile station itself.
- an encryption algorithm is selected and the selected encryption algorithm is transmitted to the mobile station.
- the first encryption algorithm may be an A5/4 encryption algorithm.
- the terminal capability information sent by the processing module 32 for indicating that the A5/4 encryption algorithm is supported may be expressed in the form of a bitmap (bi tmap ). For example, if the mobile station does not support the A5/4 encryption algorithm, the A5/4 encryption algorithm. The corresponding bit is set to zero.
- the mobile station provided by the embodiment of the present invention sends the terminal capability information indicating that the mobile station does not support the first encryption algorithm, or sends and deletes the first encryption algorithm encryption algorithm list to the access network element, so that the access network
- the network element does not select the first encryption algorithm, and it can avoid the occurrence of encryption errors caused by the mobile card's inserted card not supporting the first encryption algorithm.
- the program can be executed by instructing related hardware, and the program can be stored in a computer readable storage medium. When executed, the program includes all or part of the above steps, such as: ROM/ RAM, disk, CD, etc.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Mobile Radio Communication Systems (AREA)
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
RU2011129116/08A RU2488976C2 (ru) | 2009-09-08 | 2010-09-08 | Способ, элемент сети и мобильная станция для согласования алгоритмов шифрования |
BRPI1008831-8A BRPI1008831B1 (pt) | 2009-09-08 | 2010-09-08 | Método para negociação de algoritimos de criptografia e elemento de rede núcleo |
US13/415,681 US8908863B2 (en) | 2009-09-08 | 2012-03-08 | Method, network element, and mobile station for negotiating encryption algorithms |
US14/550,734 US9729523B2 (en) | 2009-09-08 | 2014-11-21 | Method, network element, and mobile station for negotiating encryption algorithms |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200910090699.4 | 2009-09-08 | ||
CN2009100906994A CN102014381B (zh) | 2009-09-08 | 2009-09-08 | 加密算法协商方法、网元及移动台 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/415,681 Continuation US8908863B2 (en) | 2009-09-08 | 2012-03-08 | Method, network element, and mobile station for negotiating encryption algorithms |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2011029388A1 true WO2011029388A1 (zh) | 2011-03-17 |
Family
ID=43301998
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2010/076715 WO2011029388A1 (zh) | 2009-09-08 | 2010-09-08 | 加密算法协商方法、网元及移动台 |
Country Status (6)
Country | Link |
---|---|
US (2) | US8908863B2 (zh) |
EP (1) | EP2293515B1 (zh) |
CN (1) | CN102014381B (zh) |
BR (1) | BRPI1008831B1 (zh) |
RU (1) | RU2488976C2 (zh) |
WO (1) | WO2011029388A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110234104A (zh) * | 2018-03-06 | 2019-09-13 | 中国移动通信有限公司研究院 | 被叫鉴权是否验证的确定方法及装置、终端及存储介质 |
Families Citing this family (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102011106484B4 (de) * | 2011-06-14 | 2013-05-08 | T-Mobile Austria Gmbh | Verfahren zum Aufbau einer verschlüsselten Verbindung, Netzvermittlungseinheit und Telekommunikationssystem |
KR101873330B1 (ko) | 2011-10-04 | 2018-07-03 | 삼성전자 주식회사 | 암호화 제어 방법 및 이를 지원하는 네트워크 시스템과 단말기 및 단말기 운용 방법 |
CN103973651B (zh) * | 2013-02-01 | 2018-02-27 | 腾讯科技(深圳)有限公司 | 基于加盐密码库的账户密码标识设置、查询方法及装置 |
US9935977B1 (en) | 2013-12-09 | 2018-04-03 | Amazon Technologies, Inc. | Content delivery employing multiple security levels |
CN103925942B (zh) * | 2014-03-18 | 2016-06-22 | 烽火通信科技股份有限公司 | 电子设备的防尘网检测装置及方法 |
US20170142162A1 (en) * | 2014-05-20 | 2017-05-18 | Nokia Technologies Oy | Method, Network Element, Mobile Terminal, System and Computer Program Product for Cryptographic Algorithm Negotiation |
US9961059B2 (en) * | 2014-07-10 | 2018-05-01 | Red Hat Israel, Ltd. | Authenticator plugin interface |
CN104168561B (zh) * | 2014-07-24 | 2018-08-28 | 南京中兴软件有限责任公司 | 一种无线局域网中的热点配置方法、接入方法及设备 |
US10477394B2 (en) | 2014-12-22 | 2019-11-12 | Telefonaktiebolaget Lm Ericsson (Publ) | Mitigating drawbacks of ciphering failures in a wireless network |
CN106658485A (zh) * | 2015-07-13 | 2017-05-10 | 中国移动通信集团重庆有限公司 | 一种差异化加密方法、终端及系统 |
US11558745B2 (en) | 2017-01-30 | 2023-01-17 | Telefonaktiebolaget Lm Ericsson (Publ) | Methods for integrity protection of user plane data |
PL3596953T3 (pl) | 2017-03-17 | 2023-10-09 | Telefonaktiebolaget Lm Ericsson (Publ) | Rozwiązanie dotyczące bezpieczeństwa włączania i wyłączania zabezpieczeń dla danych up pomiędzy ue a ran w 5g |
CN111954208B (zh) | 2017-11-17 | 2024-04-12 | 华为技术有限公司 | 一种安全通信方法和装置 |
CN110121168B (zh) | 2018-02-06 | 2021-09-21 | 华为技术有限公司 | 安全协商方法及装置 |
WO2020254113A1 (en) * | 2019-06-17 | 2020-12-24 | Telefonaktiebolaget Lm Ericsson (Publ) | Key distribution for hop by hop security in iab networks |
US11502834B2 (en) | 2020-02-26 | 2022-11-15 | International Business Machines Corporation | Refreshing keys in a computing environment that provides secure data transfer |
US11546137B2 (en) | 2020-02-26 | 2023-01-03 | International Business Machines Corporation | Generation of a request to initiate a secure data transfer in a computing environment |
US11310036B2 (en) | 2020-02-26 | 2022-04-19 | International Business Machines Corporation | Generation of a secure key exchange authentication request in a computing environment |
US11489821B2 (en) | 2020-02-26 | 2022-11-01 | International Business Machines Corporation | Processing a request to initiate a secure data transfer in a computing environment |
US11184160B2 (en) | 2020-02-26 | 2021-11-23 | International Business Machines Corporation | Channel key loading in a computing environment |
US11652616B2 (en) | 2020-02-26 | 2023-05-16 | International Business Machines Corporation | Initializing a local key manager for providing secure data transfer in a computing environment |
US11405215B2 (en) * | 2020-02-26 | 2022-08-02 | International Business Machines Corporation | Generation of a secure key exchange authentication response in a computing environment |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1289512A (zh) * | 1998-01-29 | 2001-03-28 | 诺基亚移动电话有限公司 | 加密数据传输方法和应用此方法的一种蜂窝无线电系统 |
CN1471326A (zh) * | 2002-07-26 | 2004-01-28 | ��Ϊ��������˾ | 一种自主选择保密通信中无线链路加密算法的方法 |
CN1571540A (zh) * | 2004-04-23 | 2005-01-26 | 中兴通讯股份有限公司 | 协商选择空中接口加密算法的方法 |
CN1708005A (zh) * | 2004-06-04 | 2005-12-14 | 中兴通讯股份有限公司 | 一种无线通信系统中选择加密算法的方法 |
EP1458198B1 (en) * | 2001-12-21 | 2007-05-09 | Huawei Technologies Co., Ltd. | A method for determining encryption algorithm of secret communication based on mobile country codes |
Family Cites Families (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6705529B1 (en) * | 1998-11-26 | 2004-03-16 | Nokia Mobile Phones, Ltd. | Data card holder and reader therefor |
EP1226736B1 (en) * | 1999-11-03 | 2005-08-03 | Nokia Corporation | Method and apparatus for selecting an identification confirmation information |
FR2809897B1 (fr) | 2000-05-31 | 2005-04-29 | Gemplus Card Int | Procede de communication securisee entre un reseau et une carte a puce d'un terminal |
JP4596728B2 (ja) * | 2002-08-13 | 2010-12-15 | ルネサスエレクトロニクス株式会社 | 外部モジュール及び移動体通信端末 |
CN1479480A (zh) | 2002-08-26 | 2004-03-03 | 华为技术有限公司 | 一种协商加密算法的方法 |
JP4688808B2 (ja) * | 2003-09-26 | 2011-05-25 | テレフオンアクチーボラゲット エル エム エリクソン(パブル) | 移動体通信システムにおける暗号化の強化セキュリティ構成 |
US7933591B2 (en) * | 2004-06-17 | 2011-04-26 | Telefonaktiebolaget L M Ericsson (Publ) | Security in a mobile communications system |
JP2006191509A (ja) * | 2005-01-07 | 2006-07-20 | N-Crypt Inc | 通信システム、通信方法 |
US7198199B2 (en) * | 2005-02-04 | 2007-04-03 | Chun-Hsin Ho | Dual universal integrated circuit card (UICC) system for a portable device |
CN100433915C (zh) | 2005-08-19 | 2008-11-12 | 华为技术有限公司 | 一种提高3g网络系统到2g网络系统切换成功率的方法 |
CN1937487A (zh) | 2005-09-22 | 2007-03-28 | 北京三星通信技术研究有限公司 | Lte中鉴权和加密的方法 |
EP1895706B1 (en) | 2006-08-31 | 2018-10-31 | Apple Inc. | Method for securing an interaction between a first node and a second node, first node arranged for interacting with a second node and computer program |
WO2009020789A2 (en) | 2007-08-03 | 2009-02-12 | Interdigital Patent Holdings, Inc. | Security procedure and apparatus for handover in a 3gpp long term evolution system |
CN101222322B (zh) | 2008-01-24 | 2010-06-16 | 中兴通讯股份有限公司 | 一种超级移动宽带系统中安全能力协商的方法 |
-
2009
- 2009-09-08 CN CN2009100906994A patent/CN102014381B/zh active Active
-
2010
- 2010-09-08 RU RU2011129116/08A patent/RU2488976C2/ru active
- 2010-09-08 EP EP20100175725 patent/EP2293515B1/en active Active
- 2010-09-08 WO PCT/CN2010/076715 patent/WO2011029388A1/zh active Application Filing
- 2010-09-08 BR BRPI1008831-8A patent/BRPI1008831B1/pt active IP Right Grant
-
2012
- 2012-03-08 US US13/415,681 patent/US8908863B2/en active Active
-
2014
- 2014-11-21 US US14/550,734 patent/US9729523B2/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1289512A (zh) * | 1998-01-29 | 2001-03-28 | 诺基亚移动电话有限公司 | 加密数据传输方法和应用此方法的一种蜂窝无线电系统 |
EP1458198B1 (en) * | 2001-12-21 | 2007-05-09 | Huawei Technologies Co., Ltd. | A method for determining encryption algorithm of secret communication based on mobile country codes |
CN1471326A (zh) * | 2002-07-26 | 2004-01-28 | ��Ϊ��������˾ | 一种自主选择保密通信中无线链路加密算法的方法 |
CN1571540A (zh) * | 2004-04-23 | 2005-01-26 | 中兴通讯股份有限公司 | 协商选择空中接口加密算法的方法 |
CN1708005A (zh) * | 2004-06-04 | 2005-12-14 | 中兴通讯股份有限公司 | 一种无线通信系统中选择加密算法的方法 |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110234104A (zh) * | 2018-03-06 | 2019-09-13 | 中国移动通信有限公司研究院 | 被叫鉴权是否验证的确定方法及装置、终端及存储介质 |
Also Published As
Publication number | Publication date |
---|---|
US20120170746A1 (en) | 2012-07-05 |
US9729523B2 (en) | 2017-08-08 |
US8908863B2 (en) | 2014-12-09 |
CN102014381A (zh) | 2011-04-13 |
BRPI1008831A2 (pt) | 2021-07-06 |
BRPI1008831B1 (pt) | 2022-01-18 |
EP2293515A1 (en) | 2011-03-09 |
US20150104020A1 (en) | 2015-04-16 |
CN102014381B (zh) | 2012-12-12 |
EP2293515B1 (en) | 2013-08-21 |
RU2011129116A (ru) | 2013-01-20 |
RU2488976C2 (ru) | 2013-07-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2011029388A1 (zh) | 加密算法协商方法、网元及移动台 | |
EP3777021B1 (en) | Subscriber identity privacy protection against fake base stations | |
CN108293223B (zh) | 一种数据传输方法、用户设备和网络侧设备 | |
EP1448009B1 (en) | Method for storing a security start value in a wireless communications system | |
US10306432B2 (en) | Method for setting terminal in mobile communication system | |
JP5462411B2 (ja) | セキュリティ設定の同期を支援する方法および装置 | |
US10798082B2 (en) | Network authentication triggering method and related device | |
US20040228491A1 (en) | Ciphering activation during an inter-rat handover procedure | |
KR102390380B1 (ko) | 비인증 사용자에 대한 3gpp 진화된 패킷 코어로의 wlan 액세스를 통한 긴급 서비스의 지원 | |
US20100064135A1 (en) | Secure Negotiation of Authentication Capabilities | |
KR20100086013A (ko) | 콘텍스트 전달을 인증하는 시스템 및 방법 | |
Vintilă et al. | Security analysis of LTE access network | |
JP6123035B1 (ja) | Twagとueとの間でのwlcpメッセージ交換の保護 | |
CN102970678B (zh) | 加密算法协商方法、网元及移动台 | |
CN1964259B (zh) | 一种切换过程中的密钥管理方法 | |
EP2566205B1 (en) | Notifying key method for multi-system core network and multi-system network | |
JP2020505845A (ja) | 緊急アクセス中のパラメータ交換のための方法およびデバイス | |
Krichene et al. | Securing roaming and vertical handover in fourth generation networks | |
CN115250469A (zh) | 一种通信方法以及相关装置 | |
WO2001043476A1 (en) | Communication method | |
WO2012022188A1 (zh) | 多系统无线接入网获知密钥的方法和多系统无线接入网 | |
Bluszcz | UMTS Security UMTS Security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10814990 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 4604/CHENP/2011 Country of ref document: IN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2011129116 Country of ref document: RU |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 10814990 Country of ref document: EP Kind code of ref document: A1 |
|
REG | Reference to national code |
Ref country code: BR Ref legal event code: B01A Ref document number: PI1008831 Country of ref document: BR |
|
ENP | Entry into the national phase |
Ref document number: PI1008831 Country of ref document: BR Kind code of ref document: A2 Effective date: 20110803 |