WO2011127775A1 - Procédé de mise à jour pour clé d'interface hertzienne et système d'accès radio - Google Patents

Procédé de mise à jour pour clé d'interface hertzienne et système d'accès radio Download PDF

Info

Publication number
WO2011127775A1
WO2011127775A1 PCT/CN2011/071655 CN2011071655W WO2011127775A1 WO 2011127775 A1 WO2011127775 A1 WO 2011127775A1 CN 2011071655 W CN2011071655 W CN 2011071655W WO 2011127775 A1 WO2011127775 A1 WO 2011127775A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
intermediate key
rnc
migration
ncc
Prior art date
Application number
PCT/CN2011/071655
Other languages
English (en)
Chinese (zh)
Inventor
冯成燕
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2011127775A1 publication Critical patent/WO2011127775A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/10Reselecting an access point controller
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0433Key management protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the present invention relates to the field of wireless communications, and in particular to an air interface in a SRNC (Serving Radio Network Controller) migration of a wireless communication system.
  • SRNC Serving Radio Network Controller
  • HSPA+ 0 HSPA+ is 3GPP HSPA (Enhanced technologies, including HSDPA and HSUPA, provide HSPA operators with a low-complexity, low-cost path from HSPA to LTE (Long Term Evolution). Compared to HSPA, HSPA+ will be wireless on the system architecture.
  • Network controller
  • the function of the Controller (“NCC" for short) is placed on the Node B of the base station to form a completely flattened wireless access network architecture, as shown in Figure 1.
  • the Node B integrated with the full RNC function is Evolved HSPA Node B, or simply referred to as the enhanced node Node (Node B+ ) plague
  • SGSN+ is the SGSN that has been upgraded to support HSPA+ function ( SERVICE GPRS SUPPORT NODE, ⁇ GPRS ( GPRS: General Packet Radio System).
  • ME+ (not shown) is a user terminal device capable of supporting HSPA+ functions.
  • the evolved HSPA system can use 3GPP Rel-5 and later air interface versions. There is no tampering with the HSPA service of the air interface.
  • each Node B+ becomes a node equivalent to the RNC, and the Iu-PS interface can directly communicate with the PS CN (Core Network).
  • PS CN Core Network
  • the SGSN and GGSN in Figure 1 are connected, and the Iu-PS user plane is terminated in the SGSN. If the network supports the direct tunnel function, the Iu-PS user plane can also be terminated at the GGSN (Gateway GPRS Support Node).
  • the communication between the evolved HSPA Node Bs is performed through the Iur interface.
  • Node B+ has the capability of independent networking and supports complete mobility functions, including intersystem and system. Switch within the system.
  • K Key, Key
  • CK Ciphering Key
  • IK Integrity Key
  • the traditional keys CK and IK are user equipment and HSS (Home Subscriber Server, Home User Server)
  • the encryption key and integrity key calculated by ⁇ when performing AKA (Authentication and Key Agreement).
  • AKA Authentication and Key Agreement
  • RNC encrypts and integrity protects data using traditional air interface keys CK and IK. Since the functions of the RNC are all decentralized to the base station Node B+ in the HSPA+ architecture, encryption and decryption are performed at the Node B+, and the Node B+ is located in an insecure environment with low security.
  • HSPA+ introduces a key hierarchy similar to E-UTRAN (Evolved Universal Terrestrial Radio Access Network), namely UTRAN Key Hierarchyalt in the UTRAN key hierarchy
  • K RNC also known as KASMEU
  • K RNC generates enhanced air interface keys CKu and IKu, where CKu is used to encrypt the user plane.
  • Data and control plane signaling, IKu is used for integrity protection of control plane signaling.
  • SRNC/DRNC is generated due to the introduction of the Iur interface ( Drift
  • Both SRNC and DRNC are logical concepts for a particular UE.
  • the RNC that is directly connected to the CN (Core Network) and controls all resources of the UE (User Equipment) is called the SRNC of the UE; the UE is not connected to the CN.
  • the RNC that only provides resources for the UE is called the DRNC of the UE.
  • the UE in the connected state must have only one SRNC and can have 0 or more DRNCs.
  • SRNC Relocation refers to the process in which the SRNC of the UE changes from one RNC to another. According to the location of the UE before and after the migration, it can be divided into static migration and accompanying migration.
  • the condition for a static migration is that the UE accesses from one DRNC and only from one DRNC. Since the migration process does not require the participation of the UE, it is also referred to as UE Not Involved migration. After the migration occurs, the connection of the Iur interface is released, and the Iu interface is migrated.
  • the DRNC becomes the SRNC, as shown in Figure 3. Static migration is caused by soft handoffs because of the Iur interface, so migration begins after all wireless links are linked to the DRNC.
  • the accompanying migration refers to a process in which the UE hard-switches from the SRNC to the target RNC while the Iu interface changes, as shown in FIG. 4 . Since the migration process requires the participation of the UE, it is also called UE-volved (UE Involved) migration.
  • UE Involved UE-volved migration.
  • HSPA+ because Node B+ is in a physically insecure environment, it is vulnerable to malicious attacks and security is threatened.
  • the key is not updated when the SRNC is migrated, and the encryption key CK and the integrity key IK are not changed before and after the SRNC migration.
  • the attacker may derive the security key of the next hop target base station; on the other hand, if the key is leaked or illegally obtained by the attacker, the attacker can Listening to the user's communication all the time, you can also forge the data transmission between the user and the network, which will result in the user's communication security cannot be guaranteed.
  • the network entity supporting the enhanced security function coexists with the network entity supporting only the traditional security.
  • the user equipment migrates from an SRNC+ supporting enhanced security function to an unsupported enhancement. The security function of the target RNC scenario.
  • a primary object of the present invention is to provide a method for updating an air interface key and a wireless access system to solve the problem that communication security caused by not updating a key during SRNC migration cannot be guaranteed.
  • a method for updating an air interface key including: receiving, by a core network node, a migration completion indication message of a target RNC, the migration completion indication message indicating that the user equipment migrates from the source RNC to the target The RNC succeeds; the next megamorphic intermediate key is calculated using the stored traditional IK and the conventional CK; the next megamorphic intermediate key is sent to the target RNC.
  • the current morphing intermediate key of the active RNC is stored in the core network node; the method for updating the air interface key further includes: updating the current morphing intermediate key of the stored source RNC to the next megamorphic intermediate key.
  • the step of calculating the next hop deformed intermediate key using the stored conventional IK and the conventional CK comprises: calculating the next megamorphic intermediate density using the stored conventional IK and the conventional CK, and the stored current intermediate key of the source RNC.
  • the key, the current morphing intermediate key and the next megamorphic intermediate key are different keys.
  • the current deformation intermediate key of the source RNC is an initial deformation intermediate key, and the initial deformation intermediate key is obtained by using CK, IK and intermediate key calculation.
  • the method for updating the air interface key further comprises: setting, by the core network node, a next hop counter network NCC, counting the number of times of calculating the next hop deformed intermediate key; calculating the next use of the stored traditional IK and the conventional CK
  • the method also includes: The network NCC is incremented by 1.
  • the method for updating the air interface key further comprises the steps of: sending a network NCC to the target RNC, and the target RNC receiving the network NCC and storing.
  • the method before the step of receiving, by the core network node, the migration completion indication message of the target RNC, the method further includes: the core network node calculating the intermediate key by using the stored traditional IK and the traditional CK.
  • the method further includes: the core network node calculates the initial deformation intermediate key using the traditional IK, the traditional CK, and the intermediate key, where the initial deformation intermediate The key initially corresponds to a virtual deformation intermediate key, and the value of the corresponding network NCC is 0. After the calculation, the value of the network NCC corresponding to the initial deformation intermediate key is 1.
  • the method further includes: the core network node sending a security mode command message to the RNC, where the security mode command message includes an intermediate key.
  • the security mode command message further includes an initial morphing intermediate key.
  • the sending, by the core network node, the security mode command message to the RNC comprises: the core network node attaching to the network for the first time, or the user equipment switching from the idle mode to the connected mode, or the user equipment from the evolved universal terrestrial wireless access network E - UTRAN moves to the universal terrestrial radio access network UTRAN, or the user equipment transmits a security mode command message to the RNC when moving from the legacy UTRAN to the enhanced UTRAN.
  • the method further includes the following step: the source RNC sends a migration request message to the target RNC, where the migration request message carries the current modified intermediate key of the active RNC or The intermediate key; the target RNC receives the migration request message, and obtains the current modified intermediate key or intermediate key; the target RNC calculates the current enhanced encryption key CCu and/or the current enhanced integrity key using the current modified intermediate key or intermediate key IKu; and sending a migration completion indication message to the core network node.
  • the target RNC calculates the current enhanced CKu and/or the current enhanced IKu using the current transformed intermediate key, including: the target RNC makes the current modified intermediate key equal to its own intermediate key; uses the intermediate key to calculate the enhanced CKu and/or enhances the IKu .
  • the method further includes the following step: the source RNC sends a migration request message to the target RNC, where the migration request message carries the current modified intermediate key of the active RNC or The intermediate key; the target RNC receives the migration request message, obtains the current modified intermediate key or the intermediate key; sends a migration completion indication message to the core network node; after the core network node receives the migration completion indication message of the target RNC, the following includes the following Procedure: The target RNC calculates the current enhanced encryption key CKu and/or the current enhanced integrity key IKu using the current morphing intermediate key or intermediate key.
  • the source RNC sends a migration request message to the target RNC, where the current modified intermediate key carrying the active RNC in the migration request message includes: the source RNC ⁇ 1 the current modified intermediate key is placed in the IK and CK fields of the migration request message, The target RNC sends; or, the source RNC sends the mapped legacy integrity key IK' and the mapped legacy encryption key CK' to the target RNC, IK' and CK' are placed in the IK and the migration required message and/or the migration request message.
  • the CK field where IK' and CK' are calculated using the current deformation intermediate key, or IK' and CK' are calculated using IKu and CKu.
  • the method for updating the air interface key further includes: the target RNC uses the content of the IK field of the migration request message as the IK, and the content of the CK field as the CK, according to the traditional security process in the UMTS; or, the target RNC will migrate The contents of the IK field and the CK field of the request message are fetched and concatenated into the current morphing intermediate key.
  • the migration request message further carries at least one of the following parameters: user equipment security capability information, and network NCC.
  • the method before sending the migration completion indication message to the core network node, the method further includes the following steps: the target RNC sends a migration response message to the source RNC, or transits through the core network node.
  • the migration request acknowledges and migrates the command message, where the message includes the network NCC; the source RNC receives the migration response message or the migration request confirmation and the migration command message, and sends a migration message to the user equipment, where the migration message includes the network NCC.
  • the network side security capability is also included in the migration message.
  • the method for updating the air interface key further comprises: receiving, by the user equipment, the migration message; calculating CKu and IKu using the current modified intermediate key or the intermediate key, and setting the terminal NCC, counting the number of times the modified intermediate key is executed .
  • the step of calculating the modified intermediate key comprises: determining, by the user equipment, whether the terminal NCC is equal to the network NCC; if yes, the user equipment updates the CKu and the IKu according to the pre-stored modified intermediate key corresponding to the terminal NCC according to the key derivation function; If not, the user equipment calculates the modified intermediate key and increments the corresponding terminal NCC until the terminal NCC is equal to the network NCC, and updates CKu and IKu according to the modified intermediate key according to the key derivation function.
  • calculating CKu and IKu using the current modified intermediate key or intermediate key comprises: using a current modified intermediate key or intermediate key, and at least one of the following parameters: a frequency point UARFCN allocated by the target RNC for the UE, a target cell physics Cell identity PCI, scrambling code ScramblingCode, user identity, target RNC identity, selected encryption algorithm identifier, selected integrity algorithm identifier, start parameter defined in UMTS, refresh parameter defined in UMTS, integrity sequence number defined in UMTS
  • the parameters, the radio resource control sequence number parameter defined in UMTS, and the radio link control sequence number parameter defined in UMTS calculate CKu and IKu.
  • calculating the intermediate key using the stored traditional ⁇ and the conventional CK at the core network node comprises: the core network node using the stored traditional ⁇ , the traditional CK, and at least one of the following parameters: a serial number SQN XOR or a hidden key AK or Counter value COUNT, user ID, service network ID, core network node type, calculation intermediate key.
  • the step of calculating CKu and IKu using the intermediate key comprises: determining, by the user equipment, whether the terminal NCC is equal to the network NCC; if yes, the user equipment updates the CKu and the IKu according to the terminal NCC using the intermediate key according to the key derivation function; and if not Then, the user equipment synchronizes the terminal NCC with the network NCC, calculates a modified intermediate key corresponding to the terminal NCC, and calculates and updates CKu and IKu according to the modified intermediate key according to the key derivation function.
  • the intermediate key is a valid intermediate key stored in the user equipment.
  • the method for updating the air interface key further comprises: the target RNC receiving the next hop deformed intermediate key, updating the intermediate key of the next hop using the next hop deformed intermediate key, and storing.
  • the source RNC and the target RNC are the same RNC.
  • a core network node of a wireless access system including: a receiving module, configured to receive a migration completion indication message of a target radio network controller RNC, where the migration completion indication message indicates a user equipment The migration from the source RNC to the target RNC is successful; the calculation module is configured to calculate the next hop deformation intermediate key using the stored traditional integrity key IK and the traditional encryption key CK; the sending module is set to deform the next mega intermediate The key is sent to the target RNC.
  • the calculation module comprises: an acquisition module, configured to acquire the traditional IK and the traditional CK; and a generation module configured to calculate the next hop deformation intermediate key using the traditional IK, the traditional CK and the current deformation intermediate key, wherein the current deformation The intermediate key and the next megamorphic intermediate key are different keys; or, the initial modified intermediate key is calculated using IK, CK, and intermediate keys.
  • the core network node further includes: a next hop counter network NCC, configured to count the number of times the next hop deformed intermediate key is calculated; and the sending module is further configured to send the network NCC to the target RNC.
  • an RNC of a radio access system including: a source RNC and a target RNC, where the source RNC includes a request sending module, configured to send a migration request message to the target RNC, and the migration request message The current variant intermediate key or intermediate key sent by the core network node; the target RNC includes: a key acquisition module, configured to receive the migration request message, and obtain the current modified intermediate key or intermediate key; 4 a dance module, The method is configured to calculate an enhanced encryption key CCu and an enhanced integrity key IKu using a current modified intermediate key or an intermediate key; and a node sending module configured to send a migration completion indication message to the core network node.
  • the target RNC further includes: an RNC sending module, configured to send a migration response message to the source RNC, where the migration response message includes a next hop counter network NCC;
  • the source RNC further includes: a terminal sending module, configured to receive the migration response message, And sending a migration message to the user equipment, where the migration message includes the network NCC.
  • a user equipment of a wireless access system comprising: a device key module, configured to synchronize a modified intermediate key of the network according to a network NCC sent by the source RNC.
  • the user equipment further comprises: a terminal calculation module configured to calculate the enhanced encryption key CCu and the enhanced integrity key IKu using the current modified intermediate key; the terminal NCC, configured to calculate CKu and use the current modified intermediate key for execution The number of times of the IKu is counted; the device key module includes: a judging module, configured to determine whether the terminal NCC is equal to the network NCC; and a determining module, configured to: if the judgment result of the judging module is yes, use the pre-corresponding function of the terminal NCC according to the key derivation function
  • the stored deformation intermediate key calculation updates CKu and IKu; and the negation module is set to calculate the deformation intermediate key if the judgment result of the determination module is no, and increment the corresponding terminal NCC until the terminal NCC is equal to the network NCC,
  • the terminal NCC synchronizes with the network NCC, and calculates a modified intermediate key corresponding to the terminal network NCC, and uses the modified intermediate key to calculate and update the CKu according to
  • a wireless access system including: the core network node, the RNC, and the user equipment.
  • the core network node of the wireless access system generates the next hop deformation intermediate key according to the traditional key IK and CK at the core network node when the terminal is initially attached, or after the SRNC migration is successfully completed, and The next hop deformed intermediate key is sent to the target RNC for use in the next SRNC migration, so that the source RNC and the target RNC dance different enhanced keys IKu and CKu using different morphing intermediate keys 4.
  • the air interface key used by the next hop target RNC is derived from the key material 4 issued by the core network, after two SRNC migrations, the source RNC cannot know the air interface density of the target RNC after two hops. key. Therefore, even if a base station is attacked or illegally controlled by an attacker, the two users can ensure secure communication after the SRNC migration, thereby ensuring the forward security of the user, thereby improving the communication security of the wireless access system as a whole.
  • FIG. 1 is a schematic structural diagram of a radio access network using HSPA+ technology in the related art
  • FIG. 2 is a schematic diagram of a HSPA+ security key hierarchy in the related art
  • 4 is a schematic diagram of a SRNC companion migration in the related art
  • FIG. 5 is a flow chart of a method for updating an air interface key according to an embodiment of the present invention
  • FIG. 6 is a flowchart according to an embodiment of the present invention.
  • Schematic diagram of a key chain for air interface key update
  • FIG. 7 is a schematic diagram of another key chain for air interface key update according to an embodiment of the present invention
  • FIG. 8 is an initial diagram of an embodiment of the present invention.
  • FIG. 9 is a flowchart of updating an air interface key for SRNC migration using the initial air interface key shown in FIG. 8.
  • FIG. 10 is a schematic diagram of using the initial air interface shown in FIG. Another air interface key update flow chart for key SRNC migration;
  • FIG. 10 is a schematic diagram of using the initial air interface shown in FIG. Another air interface key update flow chart for key SRNC migration;
  • FIG. 10 is a schematic diagram of using the initial air interface shown in FIG. Another air interface key update flow chart for key SRNC migration;
  • FIG. 11 is a flow chart of another initial air interface key establishment process according to an embodiment of the present invention
  • FIG. 12 is an initial air interface using
  • FIG. 13 is a flow chart for updating an air interface key for performing SRNC migration using the initial air interface key shown in FIG. 11
  • FIG. 15 is a structural block diagram of an RNC according to an embodiment of the present invention
  • FIG. 16 is a structural diagram of a user equipment according to an embodiment of the present invention
  • FIG. 17 is a structural block diagram of a wireless access system according to an embodiment of the present invention.
  • the SRNC migration involved in the UTRAN wireless access system involves a core network node (SGSN or MSC/VLR), a source RNC, a target RNC, a Node B, and a UE.
  • Node B+ can be seen as a combination of Node B and RNC, which are one physical entity but still two different logical entities.
  • Node B+ supporting the HSPA+ key hierarchy in the embodiment of the present invention may also be equivalent to
  • the RNC (RNC+) is upgraded in the UMTS.
  • the SRNC in the embodiment of the present invention is equivalent to the source RNC (source Node B+), and the DRNC and the target RNC (target Node B+) are equivalent.
  • Step S504 The core network node calculates the next hop deformation intermediate key by using the traditional IK and the traditional CK stored at the core network node; wherein, the core network node calculates the next mega deformation intermediate according to the traditional IK and the traditional CK using the key generation function. Key.
  • Step S506 The core network node sends the next hop deformed intermediate key to the target RNC. After the target RNC migration is completed and the migration completion indication message is sent to the core network node, the core network node calculates the next mega-transformation intermediate key based on the traditional IK and the traditional CK, and sends the next mega-transformation intermediate key to the target RNC.
  • the RNC stores the next mega-transformation intermediate key for use by the target RNC for the next SRNC migration.
  • the key before and after the migration is not changed in the SRNC migration.
  • the core network node sends the next hop deformation intermediate key to the target RNC, so that the user equipment performs the next time.
  • the target RNC and the user equipment derive the enhanced air interface key IKu/CKu based on the updated modified intermediate key, respectively, so that the source RNC and the target RNC use different keys.
  • the source RNC cannot obtain the air interface key used by the target base station after two hops, thereby ensuring the forward security of the user communication and improving the communication security of the wireless access system.
  • the intermediate key K RNC in addition to the traditional keys IK, CK, one or any combination of the following parameters may be used: Serial number SQN XOR or hidden key AK (may also be counted by one The value COUNT of the counter replaces the parameter, COUNT is managed and maintained by the SGSN and the UE respectively, the user identifier (such as the international subscriber identity IMSI, the temporary mobile subscriber identity TMSI), the service network identifier, and the core network node type.
  • the target RNC allocates the frequency point UARFCN, the target for the UE.
  • Cell physical cell identifier PCI Cell physical cell identifier PCI, scrambling code ScramblingCode, user identifier (such as international subscriber identity IMSI, temporary mobile subscriber identity TMSI, radio network temporary identifier RNTI, etc.), target RNC identity, selected encryption algorithm identifier enc-alg-ID, The selected integrity algorithm identifies the int-alg-ID, the start parameter defined in UMTS, the refresh parameter defined in UMTS, the integrity sequence number parameter defined in UMTS, the radio resource control sequence number parameter defined in UMTS, and the definition in UMTS. Radio link control serial number parameters, etc.
  • the embodiment of the present invention provides the following key function for calculating each security key, including a key function for calculating each security key at the initial time and during SRNC migration. In the following key functions, the parameters in parentheses are in no particular order, wherein Multiple parameters may be combined in a cascade or other form.
  • K RNC F1 ( IK, CK, SQN ⁇ AK );
  • KRNC* F2 ( IK, CK, RNC );
  • IKu F3 ( KR N C, FRESH, int-alg-ID );
  • K RNC denotes an intermediate key
  • K RNC * denotes a modified intermediate key
  • IKu denotes an enhanced integrity key
  • CKu denotes an enhanced encryption key
  • FRESH denotes a refresh random number
  • enc-alg-ID is a selected encryption algorithm identifier
  • int-alg-ID is the selected integrity algorithm identifier.
  • K RN c* F2 ( IK, CK, K RNC *_old );
  • IKu F3 ( K RNC *, FRESH, int-alg-ID );
  • IKu F3 ( KRNC, FRESH, int-alg-ID );
  • CKu F4 ( KR N C, FRESH, enc-alg-ID ).
  • Fl, F2, F3, and F4 represent different key functions
  • K RNC represents an intermediate key.
  • K RNC *_old indicates the current deformation intermediate key
  • K RNC * indicates the next hop deformation intermediate key
  • IKu indicates the enhanced integrity key
  • CKu indicates the enhanced encryption key
  • FRESH indicates the refresh random number
  • enc-alg-ID indicates The selected encryption algorithm identifier
  • int-alg-ID indicates the selected integrity algorithm identifier.
  • the processing of the deformed intermediate key by the node is generally divided into two cases.
  • One is that the core network node initially sends the modified intermediate key K RNC * to the SRNC.
  • the source RNC 4 bar K RNC * is sent to the target.
  • the RNC, the target RNC and the UE respectively derive the IKu and CKu using the modified intermediate key K RNC * , and the key chain of the air interface key update in this case is as shown in FIG.
  • NCC represents the next hop counter
  • the core network node does not initially send the modified intermediate key K RNC * to the SRNC.
  • the source RNC and the UE use the intermediate key K RNC 4 to calculate the IKu and CKu respectively, in the second time.
  • the target RNC and the UE derive the IKu and CKu using the modified intermediate key K RNC *, respectively.
  • the key chain of the air interface key update is as shown in FIG. 7, where NCC indicates the next Jump counter.
  • the following embodiments of the present invention provide an air interface key update method in the above two cases, respectively.
  • the core network node initially sends the modified intermediate key K RNC * to the SRNC.
  • the UE first attaches to the network, or when the UE transitions from idle mode to connected mode, or when the user equipment moves from E-UTRAN to UTRAN, or the user equipment from the legacy UTRAN (HSPA+ security is not supported.)
  • the modified intermediate key is delivered through the secure mode command flow.
  • Step S802 The core network node (such as SGSN+ or MSC/VLR+) determines the allowed encryption algorithm set and the integrity algorithm set, and calculates the intermediate key K according to the CK and IK received from the HSS. RNC .
  • the core network node calculates the modified intermediate key K RNC * according to the traditional encryption key CK, the integrity key IK, and the K RNC calculated in step S802.
  • Step S806 The core network node sends a security mode command message to the SRNC, where the message carries the intermediate key K RNC and the modified intermediate key K RNC *.
  • the security mode command message may also carry one of the following parameters or any combination thereof: user equipment security capability, key set identifier, selected integrity algorithm set, and encryption algorithm set.
  • Step S810 The SRNC generates a refresh random number, selects an integrity algorithm and/or an encryption algorithm from the integrity algorithm set and/or the encryption algorithm set, and the SRNC calculates the enhanced integrity key IKu and/or the encryption key CKu according to the K RNC .
  • Step S812 The SRNC sends a security mode command message to the UE.
  • the security mode command message may carry the message verification code calculated by IKu, and may also carry one of the following parameters or any combination thereof: user equipment security capability, key set identifier, selected integrity algorithm, encryption algorithm, refresh random number FRESH.
  • Step S814 After receiving the security mode command message, the UE stores the encryption algorithm and the integrity algorithm, and calculates the K RNC according to the encryption key CK and the integrity key IK generated by the AKA process (this process may also occur when the security mode command is received). Before the message), calculate the enhanced encryption key according to K RNC CKu and integrity key IKu. At this time, the UE and the SRNC share the same integrity key IKu and/or the encryption key CCu, and the above-mentioned key can be used to protect the communication between the two parties.
  • triggered safety mode when converting from the idle mode to a connected mode UE processes the command, if the UE also stores a valid K RNC, which can be used directly K RNC, without re-calculation.
  • the UE may further calculate the modified intermediate key K RNC * according to the encryption key CK, the integrity key IK and the intermediate key K RNC .
  • Step S816 The UE uses the IKu to verify the received security mode command message.
  • Step S 820 The SRNC verifies the received security mode completion message by using IKu; or, first decrypts the message with CKu, and then uses IKu to verify the received security mode completion message.
  • Step S822 If the security mode complete message verification is successful, the SRNC sends a security mode complete message to the SGSN+ or the MSC/VLR+, where the message may carry the parameter: the selected integrity algorithm and/or the encryption algorithm. Thereafter, the UE and the NodeB+ can start the encryption and decryption operation according to the above key.
  • the core network node maintains a next hop counter network NCC for counting the number of times of calculating the next mega-transformation intermediate key to synchronize with the user-side key.
  • the network NCC may be 0.
  • the K RNC calculated in step S802 corresponds to a virtual KRNC*, and the associated NCC is 0 at this time; when calculating K RNC * (step S804) ), the corresponding network NCC is 1.
  • the security mode command message may also carry the parameter network NCC and send it to the SRNC, which is received and stored by the SRNC.
  • the UE also maintains a next hop counter terminal NCC for counting the number of times the UE calculates the next megamorphic intermediate key to synchronize with the network side key, and the initial value is 0, corresponding to a virtual K RNC.
  • the flattened Node B+ is regarded as an evolved RNC, and the process uses an enhanced SRNC migration process, that is, direct communication between the source RNC and the target RNC without passing through the core network node CNN+.
  • This embodiment includes the following steps: Step S902: The SRNC decides to perform SRNC migration. The triggering condition of the decision may be: receiving a measurement report of the UE, or receiving an uplink signaling transmission indication sent by the target RNC, requesting a cell update or a URA (UTRAN Registration Area) update.
  • the migration request message may also include one or any combination of the following parameters: user equipment security capabilities, user supported encryption algorithms, user supported integrity algorithms, selected encryption algorithms, selected integrity algorithms, and the intermediate key K RNC * Associated Next Hop Counter Network NCC.
  • the SRNC since the SRNC may not be able to determine whether the target RNC supports enhanced security, the SRNC places the morphing intermediate key K RNC * in the IK and CK fields of the migration request message.
  • the placement method is as follows: The upper 128 bits of K RNC * are placed in the IK field, and the lower 128 bits are placed in the CK field; or the upper 128 bits of K RNC * are placed in the CK field, and the lower 128 bits are placed in the IK field.
  • Step S906 If the target RNC supports enhanced security, the target RNC derives the enhanced integrity key IKu and/or the enhanced encryption key CKu according to the modified intermediate key K RNC *. If the target RNC does not support the enhanced security, the target RNC directly uses the content of the IK field in the migration request message as the IK, and the content of the CK field is used as the CK, and is executed according to the traditional security procedure specified in the UMTS, and details are not described herein again.
  • the target RNC supports enhanced security, and if the SRNC places the morphing intermediate key K RNC * in the IK and CK fields of the migration request message, the target RNC extracts the contents of the IK field and the CK field, and cascades into a deformed intermediate key. Key K RNC *.
  • the target RNC makes the intermediate key K RNC equal to the modified intermediate key K RNC * , and calculates the updated IKu and/or CKu based on the intermediate key K RNC .
  • the target RNC may also perform key update in step S914a (as shown by the dashed box in FIG. 9).
  • one or any combination of the following parameters may also be used: the frequency point UARFCN allocated by the target RNC for the UE, the target cell physical cell identifier PCI, the scrambling code ScramblingCode, the user identifier (such as an international user) Identification code IMSI, Temporary Mobile Subscriber Identity (TMSI), Radio Network Temporary Identity (RNTI, etc.), target RNC identity, selected encryption algorithm identifier enc-alg-ID, selected integrity algorithm identifier int-alg-ID, defined in UMTS Start parameters, refresh parameters defined in UMTS, integrity sequence number parameters defined in UMTS, radio resource control sequence number parameters defined in UMTS, radio link control sequence number parameters defined in UMTS, and the like.
  • TMSI Temporary Mobile Subscriber Identity
  • RNTI Radio Network Temporary Identity
  • target RNC identity selected encryption algorithm identifier enc-alg-ID
  • selected integrity algorithm identifier int-alg-ID defined in UMTS Start parameters, refresh parameters defined in
  • step S906 may occur before step S908, or may occur after step S908 and before step S916.
  • Step S908 The target RNC allocates resources for the UE, and sends a migration response message to the SRNC.
  • the core network node is configured to maintain a next hop counter network NCC, and the migration response message carries network NCC parameters.
  • the migration response message may also carry one or any combination of the following parameters: security capability of the target RNC, selected integrity algorithm, selected encryption algorithm, FRESH parameters. The above parameters are carried in the transparent container of the target RNC to the source RNC.
  • Step S910 The SRNC sends a physical channel reconfiguration message or a UTRAN mobility information message to the UE.
  • the physical channel reconfiguration message or the UTRAN mobility information message may include: a security capability of the target RNC, a selected integrity algorithm, a selected encryption algorithm, a network NCC, a FRESH parameter, and the like.
  • Step S912 If the network side supports enhanced security, the UE updates the integrity key IKu and/or the encryption key CKu.
  • the target RNC makes the intermediate key K RNC equal to the modified intermediate key K RNC * , and calculates the updated IKu and/or CKu based on the intermediate key K RNC .
  • the UE maintains a next hop counter terminal NCC. When receiving the network NCC, it determines whether the terminal NCC is equal to the network NCC.
  • the UE stores the modified intermediate key according to the terminal NCC.
  • K RNC * updates the enhanced integrity key IKu and/or the enhanced encryption key CCu; if the terminal NCC is not equal to the network NCC, the UE calculates the variant intermediate key K RNC * and increments the corresponding terminal NCC until the terminal NCC Equal to the network NCC, the enhanced integrity key IKu and/or the encryption key CKu are updated according to the modified intermediate key K RNC *.
  • the UE maintains the key consistency with the target RNC through the network NCC and the terminal NCC.
  • Step S914 The UE sends a physical channel reconfiguration complete message or a UTRAN mobility information acknowledgement message to the target RNC, where the message is integrity protected with the updated integrity key IKu, or the updated integrity key IKu and the encryption key are used. CKu performs integrity and encryption protection on the message at the same time.
  • the user equipment security capability parameter may be carried in the physical channel reconfiguration complete message or the UTRAN mobility information acknowledgement message.
  • Step S914a If the target RNC learns that the target RNC and the UE support the HSPA+ security function through the physical channel reconfiguration complete message or the UTRAN mobility information acknowledgement message, the target RNC performs key update based on the K RNC or K RNC *. Optionally, the target RNC makes the intermediate key K RNC equal to the modified intermediate key K RNC * , and calculates the updated IKu and/or CKu based on the intermediate key K RNC . The specific operation synchronizes the 4 S S906.
  • Step S916 After the target RNC receives the physical channel reconfiguration complete message or the UTRAN mobility information acknowledgement message sent by the UE, if the air interface key has not been updated, the air interface key is updated first; if The air interface key is updated, and the target RNC performs security verification on the message with the updated integrity key IKu and/or the encryption key CCu. If the target RNC successfully verifies the physical channel reconfiguration complete message or the UTRAN mobility information acknowledgement message sent by the UE, the target RNC sends a migration complete request message to the core network node (such as SGSN+ or MSC/VLR+), and the message carries the core to the core. The network node indicates the information that the migration is complete.
  • the core network node such as SGSN+ or MSC/VLR+
  • the message carries a network NCC.
  • Step S918 The core network node increments the network NCC.
  • Step S920 The core network node based on IK, CK, and the current intermediate key K RNC * modification calculates the next hop modified intermediate key K RNC corresponding to the NCC networks and increment *.
  • the first core network node may be based on IK, CK, and the current intermediate key K RNC * modification calculates the next hop modified intermediate key K RNC *, then incrementing network NCC.
  • Step S922 The core network node sends a migration completion response message to the target RNC, where the message carries the following parameters: a network NCC, and a next hop deformed intermediate key corresponding to the network NCC.
  • Step S924 The target RNC stores the received NCC and the next hop deformed intermediate key K RNC *.
  • Step S926 The core network node (SGSN+ or MSC/VLR+) releases the Iu interface with the source RNC.
  • the core network node SGSN+ or MSC/VLR+
  • the message interaction between the SRNC and the target RNC needs to be relayed through the core network node CNN+ (SGSN+ or MSC/VLR+).
  • another mechanism for supporting conventional security is employed in the flow.
  • the mechanism for supporting traditional security can be interchanged with the traditional security support mechanism in the above embodiment, and does not affect the processing of enhanced security support.
  • This embodiment includes the following steps: Step S1002: The SRNC decides to perform SRNC migration.
  • the trigger condition of the decision may be:
  • the SRNC receives the measurement report of the UE, or receives the target.
  • Step S1004 The SRNC sends a migration required message to the core network node. If the SRNC connects two CNN+ nodes at the same time, the SRNC sends a migration request message to the two CNN+ nodes at the same time; if the source RNC and the target RNC are located under two different CNN+ nodes, the message needs to transit through the two CNN+ nodes. .
  • the migration request message carries the modified intermediate key K RNC *, and can also carry one or any combination of the following parameters: user equipment security capability, user-supported encryption algorithm, user support integrity Algorithm, selected encryption algorithm, selected integrity algorithm, next hop counter network NCC associated with the morphing intermediate key K RNC *.
  • the security material described above is carried in a transparent container from the source RNC to the target RNC.
  • the key material sent by the SRNC to the target RNC includes, in addition to the foregoing materials, a key material supporting traditional security, that is, the mapped traditional key IKVCK. '.
  • IKVCK' is derived for SRNC based on the deformed intermediate key K RNC * and other parameters, or based on the enhanced keys IKu, CKu and other parameters.
  • Other parameters can be: The refresh parameters currently used by the SRNC and the UE.
  • SRNC places IKVCK' in the IK and CK fields of the migration required message.
  • Step S1006 The core network node sends a migration request message to the target RNC, where the message carries a transparent container of the active RNC to the target RNC, including the modified intermediate key K RNC *.
  • the foregoing message carries parameters: a mapped traditional key IK7CK.
  • the network side maintains a network NCC.
  • the migration request message also carries network NCC information.
  • the network NCC is sent to the target RNC to conveniently achieve the consistency of the key between the target RNC and the user.
  • the target RNC makes the intermediate key K RNC equal to the modified intermediate key K RNC * , and calculates the updated IKu and/or CKu based on the intermediate key K RNC .
  • the target RNC can only identify the mapped legacy key IKVCK'.
  • the target RNC directly uses the content of the IK field in the message as the IK, and the content of the CK field as the CK, and executes according to the traditional security procedure specified in the UMTS, and details are not described herein again.
  • the target RNC may also perform key update in step S1018a.
  • This step 4 can occur before step S 1010, or after S 1010 and before step S 1020.
  • Step S1010 The target RNC sends a migration request acknowledgement message to the core network node. Before sending the message, the target RNC and the core network node can establish a new Iu payload and allocate RRC for the UE. (Radio Resource Control, Radio Resource Control) connects resources such as resources and wireless links.
  • Radio Resource Control Radio Resource Control
  • the migration confirmation message carries the next hop counter network NCC parameter.
  • the core network node sends a migration command message to the SRNC.
  • the migration command message carries a next hop counter network NCC parameter of the core network node.
  • the physical channel reconfiguration message or the UTRAN mobility information message carries the next hop counter network NCC parameter.
  • Step S1016 If the network side supports enhanced security, the UE updates the integrity key IKu and/or the encryption key CCu.
  • the UE makes the intermediate key K RNC equal to the modified intermediate key K RNC *, and calculates the updated IKu and/or CKu based on the intermediate key K RNC .
  • the UE is set to the terminal NCC, and the UE receives the network NCC, and determines whether the terminal NCC is equal to the network NCC. If the two are equal, the UE updates the modified intermediate key K RNC * stored in the terminal according to the terminal NCC.
  • the integrity key IKu and/or the encryption key CCu if the network NCC is greater than the terminal NCC, the UE calculates the modified intermediate key K RNC * and increments the corresponding terminal NCC until the terminal NCC is equal to the network NCC, and the UE is in accordance with the deformation intermediate
  • the key K RNC * updates the integrity key IKu and/or the encryption key CKu.
  • the UE derives the mapped traditional key IKVCK' according to the same rule as the network side, and directly uses IKVCK' as the IK and CK, according to the traditional security rule, where No longer.
  • Step S1018 The UE sends a physical channel reconfiguration complete message or a UTRAN mobility information acknowledgement message to the target RNC.
  • the above message may be integrity protected with the updated integrity key IKu, or both the integrity and encryption protection of the message with the updated integrity key IKu and the encryption key CKu.
  • the user equipment security capability parameter may also be carried in the message.
  • Step S1018a If both the target RNC and the UE support the enhanced security function, the target RNC performs key update based on K RNC *. Optionally, the target RNC makes the intermediate key K RNC equal to the modified intermediate key K RNC * , and calculates the updated IKu and/or CKu based on the intermediate key K RNC .
  • the specific operation is the same as step S 1008.
  • Step S1020 The target RNC performs security verification on the message with the updated integrity key IKu and/or the encryption key CKu. If the target RNC successfully verifies the message sent by the UE, the target RNC sends a migration completion message to the core network node (SGSN+ or MSC/VLR+), where the message carries information indicating that the migration is completed to the core network node, and may also have network NCC information.
  • Step S1022 The core network node increments the network NCC.
  • Step 4 Poly S 1024 the core network node based on IK, CK, and the current intermediate key K RNC * deformation calculation of the next mega intermediate after modification with increasing NCC network corresponding to the key K RNC *.
  • the first core network node may be based on IK, CK, and the current intermediate key K RNC * deformation calculation of the next modification 3 trillion intermediate key K RNC *, then incrementing network NCC.
  • Step S1026 The core network node sends a migration completion confirmation message to the target RNC, where the message carries the network NCC parameter and the associated next mega-transformation intermediate key K RNC *.
  • Step S1028 The target RNC stores the received network NCC and the associated next hop deformed intermediate key K RNC *.
  • Step S1030 The core network node (SGSN+ or MSC/VLR+) releases the Iu interface with the source RNC.
  • FIG. 11 a flow diagram of another initial air interface key establishment procedure in accordance with an embodiment of the present invention is shown.
  • the core network node does not initially send the modified intermediate key K RNC * to the SRNC.
  • the UE first attaches to the network, or when the UE transitions from the idle mode to the connected mode, or when the user equipment moves from the E-UTRAN to the UTRAN, or when the user equipment moves from the legacy UTRAN (which does not support HSPA+ security) to the enhanced UTRAN, Establish a security key through the secure mode command process.
  • Step S1102 The core network node (such as SGSN+ or MSC/VLR+) determines the allowed encryption algorithm set and integrity algorithm set, and calculates its KRNC O according to the encryption key CK and the integrity key IK received from the HSS.
  • the step is optional, and the stored K RNC can be directly used. No need to recalculate.
  • the network NCC is set in the core network node for synchronizing with the user side key, and the initial value is 0, and jt ⁇ is associated with a virtual K RNC *.
  • Step S1104 The core network node calculates K RNC * according to the encryption key CK, the integrity key IK, and the K RNC . In this step, the network NCC value corresponding to K RNC * is 1.
  • Step S 1106 The core network node sends a security mode command message to the SRNC, where the message carries the intermediate key K RNC , and may also carry one or any combination of the following parameters: network NCC parameters, UE security capabilities, key set identifier, selected An integrity algorithm set and/or a set of encryption algorithms.
  • Step S1108 After receiving the security mode command message, the SRNC stores parameters such as the received K RNC and the network NCC. Preferably, if the network mode NCC parameter is not carried in the security mode command message, the SRNC initializes the NCC value to 0 after receiving the message.
  • Step S1110 The SRNC generates a refresh random number FRESH, selects an integrity and/or encryption algorithm from the integrity algorithm set and/or the encryption algorithm set, and the SRNC calculates the integrity key IKu and/or the encryption key CKu according to the K RNC .
  • Step S1112 The SRNC sends a security mode command message to the UE.
  • the security mode command message carries the message authentication code calculated by IKu and carries one of the following parameters or any combination thereof: UE security capability, key set identifier, selected integrity algorithm and/or encryption algorithm, random number FRESH.
  • Step S1114 After receiving the security mode command message, the UE stores the encryption algorithm and the integrity algorithm, and calculates the K RNC according to the encryption key CK and the integrity key IK generated by the AKA process. Occurs before the receipt of the security mode command message, the HSPA+ encryption key CKu and the integrity key IKu are calculated according to K RNC . At this time, the UE and the SRNC share the same integrity key and/or the encryption key CCu, and the communication between the two parties can be protected using the above calculated key.
  • the UE may further calculate the modified intermediate key K RNC * according to the encryption key CK, the integrity key IK and the intermediate key K RNC .
  • the UE maintains a next hop counter terminal NCC for synchronizing with the network side key, the initial value is 0, and the corresponding virtual K RNC * is 0, the above calculation! " ⁇ * corresponding terminal NCC value Is 1.
  • Step S 1116 The UE verifies the received security mode command message with IKu.
  • Step S1118 If the security mode command message is successfully verified, the UE sends a security mode complete message to the SRNC, where the message carries the message-risk code calculated by the IKu, and the message may also be encrypted by using CKu.
  • Step S1120 The SRNC verifies the received security mode completion message with IKu, or decrypts the message with CKu first, and then uses IKu to verify the received security mode completion message.
  • Step S1202 The SRNC decides to perform SRNC migration.
  • Step S1204 The SRNC sends a migration request message to the target RNC, where the message carries the intermediate key K RNC (the first SRNC migration of a user equipment), or the modified intermediate key K RNC * (In addition to the first SRNC migration), it can also carry parameters such as UE security capabilities and network NCC. Alternatively, since the SRNC may not be able to determine whether the target RNC supports enhanced security, the SRNC places the intermediate key K RNC or the morphing intermediate key K RNC * in the IK and CK fields of the migration request message.
  • the intermediate key K RNC the first SRNC migration of a user equipment
  • the modified intermediate key K RNC * In addition to the first SRNC migration
  • the SRNC places the intermediate key K RNC or the morphing intermediate key K RNC * in the IK and CK fields of the migration request message.
  • Placement method such as: K RNC or K RNC *
  • the upper 128 bits are placed in the IK field, the lower 128 bits are placed in the CK field; or the high 128 bits of K RNC or K RNC * are placed in the CK field, and the lower 128 bits are placed in the IK field.
  • Step S 1206 If the target RNC supports enhanced security, the target RNC according to the intermediate key K RNC (the migration request message received by the target RNC does not include the modified intermediate key K RNC * , only K RNC ) or the modified intermediate key K RNC * (The migration request message received by the target RNC includes the morphing intermediate key K RNC * ) The derived integrity key IKu and the encryption key CKu.
  • the target RNC directly uses the content of the IK field in the migration request message as the IK, and the content of the CK field is used as the CK, and is performed according to the traditional security process specified in the UMTS, where No longer.
  • the target RNC supports enhanced security, and if the SRNC places the intermediate key K RNC or the modified intermediate key K RNC * in the IK and CK fields of the migration request message, the target RNC sets the IK field and the CK field. Content is taken out and cascaded into intermediate key K RNC or variant intermediate key
  • the target RNC makes the intermediate key K RNC equal to the modified intermediate key K RNC * , and calculates the updated IKu and/or CKu based on the intermediate key K RNC .
  • the target RNC may perform a key update in step S 1214a.
  • Step S 1206 may occur before step S 1208 or may occur before step S 1216 after step S 1208.
  • Step S 1208 The target RNC allocates resources to the user, and sends a migration response message to the SRNC.
  • the migration response message carries network NCC parameters.
  • S1210 The SRNC sends a Physical Channel Reconfiguration message or a UTRAN Mobility Information message to the UE.
  • the physical channel reconfiguration message or the UTRAN mobility information message carries network NCC parameters.
  • Step S1212 If the network side supports enhanced security, the UE updates the integrity key IKu and/or the encryption key CKu. Optionally, the UE makes the intermediate key K RNC equal to the modified intermediate key K RNC * , based on the intermediate key
  • K RNC calculates the updated IKu and / or CKu. If the network side does not support enhanced security, the UE directly uses the high 128 bits of K RNC or K RNC * as the legacy key IK and the lower 128 bits as the legacy key CK according to the same rules as the network side; or The high 128 bits of K RNC or K RNC * are treated as CK, and the lower 128 bits are treated as IK. The process is performed according to the traditional security regulations, and will not be described here.
  • the UE is provided with a terminal NCC, and after receiving the network NCC, determining whether the terminal NCC is equal to the network NCC, and if so, the UE updates the integrity key IKu and/or the encryption key CKu according to the intermediate key K RNC ; If the network NCC is greater than the terminal NCC, the UE calculates the modified intermediate key K RNC * and increments the corresponding terminal NCC until the terminal NCC is equal to the network NCC, and the UE updates the integrity key IKu and / according to the modified intermediate key K RNC * Or the encryption key CKu.
  • Step S1214 The UE sends a physical channel reconfiguration complete message or a UTRAN mobility information acknowledgement message to the target RNC, where the message is integrity protected with the updated integrity key IKu, or the updated integrity key IKu and encryption secret are used.
  • the key CCu simultaneously protects the above messages with integrity and encryption.
  • the physical channel reconfiguration complete message or the UTRAN mobility information acknowledgement message carries the user equipment security capability parameter.
  • Step S 1214a If both the target RNC and the UE support the HSPA+ security function, the target RNC performs key update based on K RNC or K RNC *. The specific operation is the same as step S 1206.
  • Step 4 S S1616 The target RNC performs a security-risk on the message with the updated integrity key IKu and/or the encryption key CKu. If the target RNC successfully verifies the physical channel reconfiguration complete message or the UTRAN mobility information acknowledgement message sent by the UE, the target RNC sends a migration complete request message to the core network node (SGSN+ or MSC/VLR+). The message carries information indicating that the migration is completed to the core network node, and may also carry the terminal NCC.
  • Step S1220 The core network node calculates the next hop KRNC* corresponding to the incremental network NCC based on IK, CK and the current morphing intermediate key K RNC *. Alternatively, the first core network node may be based on IK, CK, and the current intermediate key K RNC * deformation calculation of the next modification 3 trillion intermediate key K RNC *, then incrementing network NCC.
  • Step S1222 The core network node sends a migration completion response message to the target RNC. The message carries parameters: Network NCC and Next Mega Deformation Intermediate Key K RNC *.
  • Step S 1226 The core network node (SGSN+ or MSC/VLR+) releases the Iu interface with the source RNC.
  • the target RNC receives the new network NCC sent by the core network node and the corresponding new modified intermediate key K RNC *
  • the intermediate key K RNC is equal to the modified intermediate key.
  • K RNC * and stored.
  • the SRNC may always transmit the intermediate key K RNC in step S1204. Referring to Figure 13, an updated flow diagram of another air interface key for SRNC migration using the initial air interface key shown in Figure 11 is shown.
  • Step S1302 The SRNC decides to perform SRNC migration.
  • Step S1304 The SRNC sends a migration required message to the core network. If the SRNC simultaneously connects two CNN+ nodes (SGSN+ and MSC/VLR+), the SRNC simultaneously sends a migration required message to the two CNN+ nodes. If the source RNC and the target RNC are located at two different CNN+ nodes
  • the message needs to be relayed through the two CNN+ nodes.
  • the migration requires the message to carry the intermediate key K RNC or the modified intermediate key K RNC * , and may also include one or any combination of the following parameters: user equipment security capabilities, user-supported encryption algorithms, user-supported integrity algorithms, selected encryption Algorithm, selected integrity algorithm, network NCC.
  • the above parameters are carried in the transparent container of the source RNC to the target RNC.
  • the key material sent by the SRNC to the target RNC includes, in addition to the foregoing materials, a key material supporting traditional security, that is, the mapped traditional key IKVCK. '.
  • IKVCK' is derived for SRNC based on the deformed intermediate key K RNC * and other parameters, or based on the enhanced keys IKu, CKu and other parameters.
  • Other parameters can be: The refresh parameters currently used by the SRNC and the UE.
  • SRNC places IKVCK' in the IK and CK fields of the migration required message.
  • Step S 1306 The core network node sends a migration request message to the target RNC, where the message carries an intermediate key K RNC or a modified intermediate key K RNC * , and the network NCC may also have parameters such as user equipment security capabilities.
  • the mapped traditional key IK, /CK is also carried.
  • Step S 1308 If the target RNC supports enhanced security, the target RNC derives the integrity key IKu and the encryption key CCu according to the intermediate key K RNC or the modified intermediate key K RNC *. If the target RNC does not support enhanced security, the target RNC can only identify the mapped legacy key IKVCK'.
  • the target RNC directly uses the content of the IK field in the message as the IK, and the content of the CK field as the CK, and executes according to the traditional security procedure specified in the UMTS, and is not mentioned here.
  • the target RNC may perform key update in step S 1314a.
  • This step 4 can occur before step 4 S 1310, or after step 4 S 1310, before step S 1320.
  • Step S1310 The target RNC sends a migration request acknowledgement message to the core network. Before sending the message, the target RNC and the core network may establish a new Iu payload, and allocate resources such as RRC connection resources and radio links to the UE.
  • the migration request acknowledgement message carries the parameters: Network NCC.
  • the core network node sends a migration command message to the SRNC.
  • the migration command message carries parameters: Network NCC.
  • Step S 1314 The SRNC sends a physical channel reconfiguration message or a UTRAN mobility information message to the UE.
  • the above message carries the parameters: Network NCC.
  • Step S 1316 If the network side supports enhanced security, the UE updates the integrity key IKu and/or the encryption key CKu with the same operation as the network side.
  • Step S 1318 The UE sends a physical channel reconfiguration complete message or a UTRAN mobility information acknowledgement message to the target RNC.
  • the message is integrity protected with the updated integrity key IKu, or the message is integrity and cryptographically protected with the updated integrity key IKu and encryption key CKu.
  • the foregoing message carries parameters: user equipment security capability.
  • Step S 1318a If both the target RNC and the UE support the HSPA+ security function, the target RNC performs key update based on K RNC or K RNC *. The specific operation is the same as step S 1308.
  • Step S 1320 The target RNC performs security verification on the message with the updated integrity key IKu and/or the encryption key CKu. If the target RNC successfully verifies the message sent by the UE, the target RNC sends a migration complete message to the core network node (SGSN+ or MSC/VLR+). The message carries information indicating the completion of the migration to the core network node and the terminal NCC.
  • Step S 1322 The core network node increments the network NCC.
  • Step 4 S 1324: The core network node calculates the K RNC * of the next hop corresponding to the incremental network NCC based on IK, CK and the current morphing intermediate key K RNC *. Alternatively, the first core network node may be based on IK, CK, and the current intermediate key K RNC * deformation calculation of the next mega modified intermediate key K RNC *, then incrementing network NCC.
  • Step S 1326 The core network node sends a migration completion confirmation message to the target RNC, where the message carries parameters: a network NCC, and a next hop deformation intermediate key K RNC * corresponding to the network NCC.
  • Step S 1328 The target RNC stores the received network NCC and the modified intermediate key K RNC * corresponding to the network NCC for use in the next SRNC handover.
  • Step S 1330 The core network node (SGSN+ or MSC/VLR+) releases the Iu interface with the source RNC.
  • the target RNC receives the new network NCC sent by the core network node and the corresponding new modified intermediate key K RNC *
  • the intermediate key K RNC is equal to the modified intermediate key.
  • K RNC * and stored.
  • the SRNC may always send the intermediate key K RNC in steps S 1304 and S 1306. Referring to FIG.
  • a structural block diagram of a core network node including: a receiving module 1502, configured to receive a migration completion indication message of a target RNC, where the migration completion indication message indicates that the user equipment The source RNC migrates to the target RNC successfully; the calculation module 1504 is configured to calculate the next hop deformation intermediate key using the stored traditional integrity key IK and the traditional encryption key CK; the sending module 1506 is configured to set the next hop The deformed intermediate key is sent to the target RNC.
  • the core network node may further comprise a network NCC, configured to count the number of times the next mega-transformation intermediate key is calculated using the current morphing intermediate key to synchronize with the user-side key.
  • the sending module 1506 is also arranged to send the network NCC to the target RNC.
  • the calculation module 1504 includes: an acquisition module configured to acquire the traditional IK and the traditional CK; and a generation module configured to calculate the next hop deformation intermediate key using the traditional IK, the traditional CK, and the current deformation intermediate key, wherein, the current The deformed intermediate key and the next megamorphic intermediate key are different keys; or, the initial transformed intermediate key is calculated using the IK, CK, and intermediate keys stored by the core network node.
  • the network NCC increments by 1
  • the calculation module 1504 calculates the data according to the traditional CK and the traditional IK, and the current modified intermediate key uses the key generation function. One megabyte of intermediate key.
  • the sending module 1506 sends the next hop deformed intermediate key, and the NCC to the target RNC, so that the target RNC updates its stored current morphing intermediate key that is the same as the source RNC.
  • the source RNC 1602 includes: a request sending module 16022, configured to send a migration request message to the target RNC 1604, where the migration request message carries the current modified intermediate key sent by the core network node after the last SRNC migration succeeds, or is initially sent by the core network node.
  • the target RNC 1604 further includes: an RNC sending module 16048, configured to be a source
  • the RNC 1602 sends a migration response message, and the migration response message includes a next hop counter network NCC of the core network node.
  • the source RNC 1602 further includes: a terminal sending module 16022, configured to receive a migration response message, and send a migration message to the UE, where the migration message includes a network NCC.
  • the request sending module 16022 of the source RNC 1602 sends a migration request message to the target RNC 1604, where the current modified intermediate key sent by the core network node is carried.
  • the key obtaining module 16042 of the target RNC 1604 receives the migration request message, and obtains the current modified intermediate key therein.
  • the dance module 1644 calculates the enhanced encryption key CCu and the enhanced integrity key IKu using the current modified intermediate key.
  • the node sending module 16046 sends a migration completion indication message to the core network node.
  • the RNC sending module 16048 of the target RNC 1604 also sends a migration response message to the source RNC 1602, which includes the next hop counter network NCC.
  • the terminal sending module 16022 of the source RNC 1602 receives the migration response message, and sends a migration message to the UE, where the migration message includes the network NCC.
  • a structural block diagram of a UE according to an embodiment of the present invention is shown, including: a device key module 1702, configured to synchronize a modified intermediate key K RNC * of a network NCC according to a source RNC.
  • the UE further includes: a terminal calculation module, configured to calculate the enhanced CKu and the enhanced IKu using the modified intermediate key of the terminal; and the terminal NCC, configured to count the number of times the modified intermediate key is executed, so that the user side and the user side Key synchronization on the network side.
  • the device key module 1702 includes: a determining module 17022, configured to determine whether the terminal NCC is equal to the network NCC; and a determining module 17024, configured to: if the determining result of the determining module 17022 is yes, searching for a pre-stored corresponding to the terminal NCC Deform the intermediate key, and follow the secret
  • the key derivation function uses the modified intermediate key to calculate and update its own CKu and IKu; the negation module 17026 is set to calculate the modified intermediate key KRNC* and increment the corresponding terminal NCC until the terminal NCC is reached, if the judgment result of the determination module 17022 is negative.
  • NCC is equal to the network NCC, and updates its own CKu and IKu using the current transformed intermediate key according to the key derivation function.
  • FIG. 17 a structural block diagram of a wireless access system according to an embodiment of the present invention is shown, including: a core network node 1802, a source RNC 1804, a target RNC 1806, and a user equipment 1808.
  • the core network node 1802 includes: a receiving module 18022, configured to receive a migration completion indication message of the target RNC, where the migration completion indication message indicates that the user equipment is successfully migrated from the source RNC to the target RNC; and the calculation module 18024 is configured to use the core network.
  • the traditional IK stored by the node and the traditional CK calculate the next hop deformed intermediate key; the sending module 18826 is configured to send the next hop deformed intermediate key to the target RNC.
  • the core network node may further include a network NCC, configured to count the number of times the calculation of the next mega-transformation intermediate key is performed to synchronize with the user-side key.
  • the sending module 18826 is also arranged to send the network NCC to the target RNC.
  • the calculation module 18024 includes: an acquisition module configured to acquire the traditional ⁇ and the traditional CK; and a generation module configured to calculate the next mega-transformation intermediate key using the traditional ⁇ , the traditional CK, and the current morphing intermediate key, wherein, the current The morphing intermediate key and the next megamorphic intermediate key are different keys; or, the initial morphing intermediate key is calculated using a conventional ⁇ , a conventional CK, and an intermediate key stored by the core network node.
  • the source RNC 1804, the request sending module 18042 is configured to send a migration request message to the target RNC 1806, where the migration request message carries the current modified intermediate key or intermediate key sent by the core network node; the terminal sending module 18044 is configured to receive Migrate the response message and send a migration message to the UE, which contains the network NCC.
  • the target RNC 1806 includes: a key obtaining module 18062, configured to receive a migration request message, and obtain a current modified intermediate key or an intermediate key; 4 a dance module 18064, configured to calculate by using a current modified intermediate key or an intermediate key The enhanced encryption key CKu and the enhanced integrity key IKu; the node sending module 18066 is configured to send a migration completion indication message to the core network node.
  • the method further includes: an RNC sending module 18068, configured to send a migration response message to the source RN 1804, where the migration response message includes a next hop counter network NCC.
  • the user equipment 1808 includes: a device key module 18082, configured to synchronize its own modified intermediate key K RNC * according to the network NCC sent by the source RNC.
  • the user equipment 1808 further includes: a terminal calculation module, configured to calculate CKu and IKu using the current morphing intermediate key; and a terminal NCC, configured to count the number of times the next hop deformed intermediate key K RNC * is calculated, so that the user side Synchronize with the key on the network side.
  • the device key module 18082 includes: a determining module 180822, configured to determine whether the terminal NCC is equal to the network NCC; and a determining module 180824, configured to: if the determining result of the determining module 180822 is yes, searching for a pre-stored corresponding to the terminal NCC Deform the intermediate key, and update the CKu and IKu by using the modified intermediate key according to the key derivation function; the negation module 180826 is set to calculate the deformation intermediate key K RNC * if the judgment result of the determination module 180822 is negative
  • the corresponding terminal NCC is incremented until the terminal NCC is equal to the network NCC, and the CKu and IKu of the update itself are calculated using the modified intermediate key according to the key derivation function.
  • the 802.16 system can apply its related mode to other wireless communication systems.
  • modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices.
  • they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein.
  • the steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps are fabricated as a single integrated circuit module.
  • the invention is not limited to any particular combination of hardware and software.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne un procédé de mise à jour pour clé d'interface hertzienne et un système d'accès radio. Le procédé de mise à jour pour clé d'interface hertzienne consiste en ce qu'un nœud de réseau central reçoit un message d'indication d'achèvement de repositionnement d'un contrôleur de réseau radiophonique de destination (RNC) (S502), le message d'indication d'achèvement de repositionnement indique le succès du repositionnement d'un équipement utilisateur depuis un RNC source vers le RNC de destination; le nœud de réseau central calcule une clé intermédiaire de déformation de prise suivante en utilisant une clé d'intégrité (IK) classique stockée et une clé de cryptage (CK) classique stockée (S504); et le nœud de réseau central envoie la clé intermédiaire de déformation de prise suivante au RNC de destination (S506). Selon la présente invention, lorsqu'un contrôleur de réseau radiophonique de service (SRNC) effectue un repositionnement, les différentes clés intermédiaires de déformation sont utilisées par le RNC source et le RNC de destination, et la sécurité de transmission de l'utilisateur est assurée, la sécurité de communication du système d'accès radio étant améliorée intégralement.
PCT/CN2011/071655 2010-04-16 2011-03-09 Procédé de mise à jour pour clé d'interface hertzienne et système d'accès radio WO2011127775A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010165573.1A CN101835151B (zh) 2010-04-16 2010-04-16 空中接口密钥的更新方法及无线接入系统
CN201010165573.1 2010-04-16

Publications (1)

Publication Number Publication Date
WO2011127775A1 true WO2011127775A1 (fr) 2011-10-20

Family

ID=42719040

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/071655 WO2011127775A1 (fr) 2010-04-16 2011-03-09 Procédé de mise à jour pour clé d'interface hertzienne et système d'accès radio

Country Status (2)

Country Link
CN (1) CN101835151B (fr)
WO (1) WO2011127775A1 (fr)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101835151B (zh) * 2010-04-16 2016-03-30 中兴通讯股份有限公司 空中接口密钥的更新方法及无线接入系统
CN101841810B (zh) * 2010-06-07 2016-01-20 中兴通讯股份有限公司 空中接口密钥的更新方法、核心网节点及无线接入系统
CN113645033B (zh) * 2021-10-15 2022-03-22 天聚地合(苏州)数据股份有限公司 接口密钥重置方法、装置、存储介质及服务器

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101232731A (zh) * 2008-02-04 2008-07-30 中兴通讯股份有限公司 用于ue从utran切换到eutran的密钥生成方法和系统
CN101378591A (zh) * 2007-08-31 2009-03-04 华为技术有限公司 终端移动时安全能力协商的方法、系统及装置
CN101835151A (zh) * 2010-04-16 2010-09-15 中兴通讯股份有限公司 空中接口密钥的更新方法及无线接入系统

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1209934A1 (fr) * 2000-11-27 2002-05-29 Siemens Aktiengesellschaft Procédé et appareil pour contrer la menace "rogue shell" par dérivation locale de clé
MY140529A (en) * 2006-06-19 2009-12-31 Interdigital Tech Corp Method and apparatus for security protection of an original user identity in an initial signaling message
CN101399767B (zh) * 2007-09-29 2011-04-20 华为技术有限公司 终端移动时安全能力协商的方法、系统及装置
JP4505528B2 (ja) * 2008-09-22 2010-07-21 株式会社エヌ・ティ・ティ・ドコモ 移動通信方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101378591A (zh) * 2007-08-31 2009-03-04 华为技术有限公司 终端移动时安全能力协商的方法、系统及装置
CN101232731A (zh) * 2008-02-04 2008-07-30 中兴通讯股份有限公司 用于ue从utran切换到eutran的密钥生成方法和系统
CN101835151A (zh) * 2010-04-16 2010-09-15 中兴通讯股份有限公司 空中接口密钥的更新方法及无线接入系统

Also Published As

Publication number Publication date
CN101835151B (zh) 2016-03-30
CN101835151A (zh) 2010-09-15

Similar Documents

Publication Publication Date Title
JP7327603B2 (ja) 基地局及び基地局により行われる方法
EP3576446A1 (fr) Procédé de mise en oeuvre de sécurité, et appareil et système associés
CN109417740B (zh) 保持相同无线终端的切换期间的安全密钥使用
CN101841810B (zh) 空中接口密钥的更新方法、核心网节点及无线接入系统
US20080039096A1 (en) Apparatus, method and computer program product providing secure distributed HO signaling for 3.9G with secure U-plane location update from source eNB
KR20100114927A (ko) 무선 통신 시스템에서 핸드오버를 실행하는 동안 키 관리를 실행하기 위한 시스템 및 방법
JP2011526097A (ja) トラフィック暗号化キー生成方法及び更新方法
WO2011085682A1 (fr) Procédé et système de mise à jour de clés d'interface radio
JP2012217207A (ja) 鍵マテリアルの交換
WO2011088770A1 (fr) Procédé et système permettant de produire des clés de chiffrement d'une interface radio
JP5770288B2 (ja) エアーインターフェースキーの更新方法、コアネットワークノード及びユーザ設備
WO2013075417A1 (fr) Procédé et système pour générer une clé durant un transfert intercellulaire
WO2011153855A1 (fr) Procédé pour actualiser et générer une clé d'interface hertzienne et système d'accès sans fil
WO2011131063A1 (fr) Procédé et système d'établissement de clé d'interface radio améliorée
WO2011127775A1 (fr) Procédé de mise à jour pour clé d'interface hertzienne et système d'accès radio
WO2008152611A1 (fr) Dispositif, procédé et progiciel produisant un conteneur transparent
WO2011095077A1 (fr) Procédé, système et appareil pour gérer une clé de mappage d'interface radio dans un système de communication sans fil
CN101902736B (zh) 空中接口密钥的更新方法、核心网节点及无线接入系统
WO2011153851A1 (fr) Procédé et système de traitement de clés d'interface radio
WO2012022186A1 (fr) Procédé de mise à jour de clé d'interface radio, nœud de réseau central, matériel d'utilisateur et système d'accès sans fil
CN116941263A (zh) 一种通信方法及装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11768387

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11768387

Country of ref document: EP

Kind code of ref document: A1