WO2011147154A1 - Procédé et système permettant de mettre en œuvre la synchronisation d'un algorithme de sécurité de couche d'accès - Google Patents
Procédé et système permettant de mettre en œuvre la synchronisation d'un algorithme de sécurité de couche d'accès Download PDFInfo
- Publication number
- WO2011147154A1 WO2011147154A1 PCT/CN2010/078017 CN2010078017W WO2011147154A1 WO 2011147154 A1 WO2011147154 A1 WO 2011147154A1 CN 2010078017 W CN2010078017 W CN 2010078017W WO 2011147154 A1 WO2011147154 A1 WO 2011147154A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- enb
- security algorithm
- algorithm
- security
- rrc connection
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
- H04W76/19—Connection re-establishment
Definitions
- the present invention relates to a Long Term Evolution (LTE) technology, and more particularly to a method and system for synchronizing an access layer security algorithm when a radio resource control (RRC) connection reestablishment occurs after handover.
- LTE Long Term Evolution
- RRC radio resource control
- the basic principle of the AS security algorithm selection is: the security capability information of the UE is sent to the eNB through the signaling process (for example, the core network carries the security capability of the UE to the eNB in the initial context setup request message), and the eNB supports the UE and the UE.
- the AS security algorithm intersection select a highest priority AS security algorithm.
- the eNB needs to update the AS security algorithm according to the above principles, and inform the UE of the new AS security algorithm through the air interface message.
- the eNB After receiving the RRC connection re-establishment request from the UE, the eNB performs AS security algorithm selection, and when the algorithm replacement condition is met, reconfigures the local AS security algorithm including the integrity protection algorithm and the encryption algorithm; the eNB to the UE Sending an RRC connection re-establishment message;
- the UE After receiving the RRC connection re-establishment message from the eNB, the UE does not start the AS security algorithm, and sends an RRC connection re-establishment complete message without encryption and integrity protection to the eNB.
- the original AS security algorithm is the selected AS security algorithm
- the local AS security algorithm configuration is used for local configuration.
- the eNB After receiving the RRC connection reestablishment complete message from the UE, the eNB activates the integrity protection function on the eNB side, and starts the SMC process, and the eNB sends the selected AS AS to the UE. SMC message for integrity protection of the entire algorithm;
- the UE and the eNB activate the encryption algorithm in the selected AS security algorithm, specifically:
- the method when the SMC process does not pass the integrity verification, the method further includes: the eNB performs abnormal processing on the UE.
- the UE is configured to perform integrity protection by using the selected AS security algorithm after the RRC connection re-establishment is completed. After the integrity verification, the SMC process activates the encryption algorithm in the selected AS security algorithm.
- the eNB is specifically configured to: after receiving the RRC connection re-establishment request from the UE, perform AS security algorithm selection, and reconfigure the local AS security including the integrity protection algorithm and the encryption algorithm when the algorithm replacement condition is met. Algorithm; and sending an RRC connection re-establishment message to the UE.
- the eNB initiates the SMC process immediately after the re-establishment is completed, and the UE activates the encryption function after the SMC is completed.
- the invention protects the user plane encryption algorithm in the RRC connection re-establishment from being tampered with, avoids the AS security algorithm exception, minimizes waste of bandwidth of the invalid data packet, improves the timeliness of abnormal recovery, and further Improved user experience before and after switching.
- FIG. 1 is a schematic flowchart of a process in which an AS security algorithm is out of synchronization during an RRC connection re-establishment process in the prior art
- FIG. 2 is a schematic diagram of a process for implementing synchronization of an AS algorithm when RRC connection reestablishment occurs after handover in the present invention
- FIG. 3 is a schematic structural diagram of a system for implementing synchronization of an AS security algorithm according to the present invention
- FIG. 4 is a schematic flowchart of an embodiment of implementing synchronization of an AS algorithm according to the present invention. detailed description
- the eNB determines, according to the configuration of the original AS security algorithm carried in the handover request message, whether the AS security algorithm configured by the eNB supports the original AS security algorithm (including the integrity protection algorithm and the encryption algorithm), if not supported (integrity protection algorithm and encryption algorithm) If there is an unsupported one, it is considered that the original AS security algorithm is not supported.
- the eNB selects the AS security algorithm with the highest priority and the UE support according to the AS security algorithm configured by the AS and the UE security capability carried in the handover request message. (including the integrity protection algorithm and the encryption algorithm) as the selected new AS security algorithm (that is, satisfying the algorithm replacement condition), and save the selected AS security algorithm to the local, and use the new AS security algorithm configuration for local configuration;
- Step 202 After the SMC process passes the integrity verification, the UE and the eNB activate the encryption algorithm in the selected AS security algorithm. After receiving the security mode complete message from the UE, the eNB activates the local encryption function if the integrity verification is passed. At this time, the synchronization of the AS security algorithm is completed; if the integrity verification is not passed, the eNB performs corresponding abnormal processing. The UE is released, and the method includes: sending an RRC connection release to the UE, and releasing all resources related to the UE on the eNB side;
- the UE is configured to perform integrity protection by using the selected AS security algorithm after the RRC connection re-establishment is completed. After the integrity verification, the SMC process activates the encryption algorithm in the selected AS security algorithm.
- the original AS security algorithm configuration is used for local configuration.
- Steps 406 to 407 After receiving the SMC message, the UE updates the local security configuration according to the parameters carried in the SMC (such as the selected AS security algorithm), and returns to the eNB to use the selected AS security algorithm for integrity protection.
- the security mode completion message it is important to emphasize that the security mode completion message is not encrypted.
- Step 408 After receiving the security mode complete message from the UE, the eNB activates the local encryption function if the integrity verification is passed. At this time, the synchronization of the AS security algorithm is completed; if the integrity verification is not passed, the eNB performs corresponding Exception handling, such as releasing the UE, generally includes: transmitting an RRC connection release to the UE, and releasing all the UE-related resources on the eNB side; and for the UE, after the integrity verification, the UE activates the security encryption function, and all subsequent receiving and transmitting The message enables the selected AS security algorithm for integrity protection and encryption processing.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
La présente invention se rapporte à un procédé permettant de mettre en œuvre la synchronisation d'un algorithme de sécurité de couche d'accès (AS). Pendant un processus de rétablissement de la connexion de commande de ressources radio (RRC), un nœud B évolué (eNB) sélectionne un algorithme de sécurité de couche AS ; après que le rétablissement de la connexion de commande RRC soit terminé, le nœud eNB déclenche un processus de commande de mode de sécurité (SMC) et un équipement utilisateur (UE) et le nœud eNB utilisent l'algorithme de sécurité de couche AS sélectionné pour réaliser une protection d'intégrité ; après que le processus de commande SMC a réussi la vérification d'intégrité, l'UE et le nœud eNB activent l'algorithme de cryptage dans l'algorithme de sécurité de couche AS sélectionné. La présente invention se rapporte également à un système permettant de mettre en œuvre de manière simultanée la synchronisation d'un algorithme de sécurité de couche AS. Grâce à la présente invention, l'algorithme de cryptage de plan d'utilisateur pendant le rétablissement de la connexion de commande RRC ne peut pas être falsifié, l'anomalie de l'algorithme de sécurité de couche AS est évitée, le gaspillage de la largeur de bande à cause de paquets d'interface radio invalides est évité au maximum, l'opportunité de rétablissement après anomalie est améliorée et l'expérience de l'utilisateur avant et après le transfert intercellulaire se trouve davantage améliorée.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201010187400.XA CN102264066B (zh) | 2010-05-27 | 2010-05-27 | 一种实现接入层安全算法同步的方法及系统 |
CN201010187400.X | 2010-05-27 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2011147154A1 true WO2011147154A1 (fr) | 2011-12-01 |
Family
ID=45003243
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2010/078017 WO2011147154A1 (fr) | 2010-05-27 | 2010-10-22 | Procédé et système permettant de mettre en œuvre la synchronisation d'un algorithme de sécurité de couche d'accès |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN102264066B (fr) |
WO (1) | WO2011147154A1 (fr) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018201506A1 (fr) | 2017-05-05 | 2018-11-08 | 华为技术有限公司 | Procédé de communication et dispositif associé |
WO2018227480A1 (fr) * | 2017-06-15 | 2018-12-20 | Qualcomm Incorporated | Rafraîchissement de clés de sécurité dans des systèmes sans fil 5g |
CN111641944A (zh) * | 2019-03-01 | 2020-09-08 | 华为技术有限公司 | 一种通信方法及设备 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101702818A (zh) * | 2009-11-02 | 2010-05-05 | 上海华为技术有限公司 | 无线链路控制连接重建立中的算法协商方法、系统及设备 |
US20100115275A1 (en) * | 2008-11-03 | 2010-05-06 | Samsung Electronics Co. Ltd. | Security system and method for wireless communication system |
-
2010
- 2010-05-27 CN CN201010187400.XA patent/CN102264066B/zh not_active Expired - Fee Related
- 2010-10-22 WO PCT/CN2010/078017 patent/WO2011147154A1/fr active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100115275A1 (en) * | 2008-11-03 | 2010-05-06 | Samsung Electronics Co. Ltd. | Security system and method for wireless communication system |
CN101702818A (zh) * | 2009-11-02 | 2010-05-05 | 上海华为技术有限公司 | 无线链路控制连接重建立中的算法协商方法、系统及设备 |
Non-Patent Citations (1)
Title |
---|
"Technical Specification Group Services and System Aspects; 3GPP System Architecture Evolution (SAE): Security architecture (Release 8)", 3GPP TS 33.401 V8.7.0 (2010-04), April 2010 (2010-04-01) * |
Also Published As
Publication number | Publication date |
---|---|
CN102264066A (zh) | 2011-11-30 |
CN102264066B (zh) | 2015-08-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10375609B2 (en) | Operation of a serving node in a network | |
CN102137400B (zh) | 一种rrc连接重建立时的安全处理方法和系统 | |
EP3322252B1 (fr) | Procédés de communication, dispositif côté réseau, et équipement utilisateur | |
EP2293610B1 (fr) | Procédé et dispositif de prévention de perte de synchronisation de sécurité de réseau | |
WO2011003299A1 (fr) | Procédé de traitement de clé de sécurité, dispositif et système pour le rétablissement de la connexion de contrôle de ressources radio (rrc) | |
WO2009020789A2 (fr) | Procédure de sécurité et appareil pour transfert dans un système à évolution à long terme 3gpp | |
JP7139434B2 (ja) | Rrcコネクション再開時のセキュリティ検証 | |
JP5750153B2 (ja) | 通信装置においてネットワークセキュリティ鍵を作成する方法及びネットワーク | |
WO2015062097A1 (fr) | Procédé et dispositif de traitement de clé en mode de connexion double | |
WO2018133607A1 (fr) | Procédé, dispositif et système de transmission de données | |
WO2009043294A1 (fr) | Procédé et dispositif pour mettre à jour la clé dans l'état actif | |
WO2015113207A1 (fr) | Procédé de changement de mot de passe de sécurité, station de base et équipement utilisateur | |
EP3965446B1 (fr) | Procédé de communication et dispositif associé | |
EP3827640B1 (fr) | Reprise sur défaillance mcg rapide avec changement de noeud secondaire | |
WO2011147153A1 (fr) | Procédé et système permettant une synchronisation des algorithmes de sécurité de couche d'accès (as) | |
WO2014044070A1 (fr) | Procédé et dispositif de rétablissement de connexion | |
WO2012171281A1 (fr) | Procédé de modification de paramètre de sécurité, et station de base | |
JP5576559B2 (ja) | アクセス層セキュリティアルゴリズムの保護方法及びアクセス層セキュリティアルゴリズムの保護システム | |
US20220345296A1 (en) | Managing Security Keys in a Communication System | |
US20230156820A1 (en) | Data Communication In An Inactive State | |
WO2011147154A1 (fr) | Procédé et système permettant de mettre en œuvre la synchronisation d'un algorithme de sécurité de couche d'accès | |
US20220345883A1 (en) | Security key updates in dual connectivity | |
CN114557033A (zh) | 用于处理无线资源控制非激活状态的系统和方法 | |
WO2008022498A1 (fr) | Procédé servant à modifier l'algorithme de cryptage en réadressage | |
WO2012155437A1 (fr) | Procédé et système d'amélioration de l'efficacité de reprise automatique et du taux de réussite |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10852023 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 10852023 Country of ref document: EP Kind code of ref document: A1 |