WO2012009972A1 - Procédé et système de distribution de clé pour transfert intercellulaire - Google Patents

Procédé et système de distribution de clé pour transfert intercellulaire Download PDF

Info

Publication number
WO2012009972A1
WO2012009972A1 PCT/CN2011/070533 CN2011070533W WO2012009972A1 WO 2012009972 A1 WO2012009972 A1 WO 2012009972A1 CN 2011070533 W CN2011070533 W CN 2011070533W WO 2012009972 A1 WO2012009972 A1 WO 2012009972A1
Authority
WO
WIPO (PCT)
Prior art keywords
value
ncc
key
handover
enb
Prior art date
Application number
PCT/CN2011/070533
Other languages
English (en)
Chinese (zh)
Inventor
杜高鹏
朱永升
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2012009972A1 publication Critical patent/WO2012009972A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
    • H04W36/0038Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/047Key management, e.g. using generic bootstrapping architecture [GBA] without using a trusted network node as an anchor
    • H04W12/0471Key exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the present invention relates to the field of mobile communication technologies, and in particular, to a key distribution method and system for handover.
  • LTE Long Term Evolution, Long Term Evolution
  • S AE System Architecture Evolution , System Architecture Evolution
  • 3GPP Third Generation Partnership Project
  • EUTRAN Evolved Universal Terrestrial Radio Access Network
  • the current key distribution method is as follows: The first handover performs a horizontal key generation chain, and the subsequent handover performs a vertical key generation chain.
  • FIG. 1 shows a schematic diagram of a key distribution process for the first handover.
  • eNB A switches to eNB B, eNB A performs a horizontal key generation chain. The specific process is described as follows:
  • Step 101 The UE reports a Measurement Report to the eNB A.
  • the K eNB is a shared key generated by the core network and sent to the eNB A when the UE accesses the eNB A, so that the eNB A derives the key of the AS (access layer) according to the key.
  • KDF Key Derivation Function
  • KDF Key Derivation Function
  • Step 103 the eNB A initiates a Handover Request to the target base station eNB B, and forwards the ⁇ NCC, KeNB* ⁇ to the eNB B;
  • NCC Next Hop Chaining Counter
  • Step 105 eNB B returns Handover Request Ack, and sets NCC
  • a HO Command Handover Command
  • Step 107 the UE generates K eNB *, II PCI II EARFCN_DL), and
  • Step 108 The UE sends a Handover Confirm to the eNB B.
  • Step 109 After completing the interaction with the handover signaling of the UE, the eNB B sends a Path Switch Request message to the MME.
  • Step 112 The eNB B saves the received ⁇ NCC, NH ⁇ pair for the next switch, and deletes other ⁇ NCC, NH ⁇ pairs that may be existing but not used;
  • Step 113 after the handover is completed, the eNB B sends a Release Resource to the eNB A.
  • the source message informs the eNB A to release the relevant resources of the UE.
  • FIG. 2 is a schematic diagram of a key distribution process for the first handover.
  • eNB C performs a vertical key generation chain by using a new ⁇ NH, NCC ⁇ . .
  • Step 201 The UE sends a Measurement Report to the eNB B.
  • Steps 205-206 the eNB C puts the NCC into the transparent container of the HO Command message, and forwards it to the UE through the source eNB B;
  • EARFCN_DL), and K eNB K eNB *;
  • steps 208 ⁇ 213 refer to steps 108 ⁇ 113 in Figure 1.
  • the main difference is that the NCCs of the two handovers are different, and will not be described here.
  • eNB A when the UE first switches from eNB A to eNB B, eNB A can derive the key of eNB B; when the UE switches from eNB B to eNB C for the second time, eNB B can The key of eNB C is derived.
  • eNB A cannot calculate the key of eNB C, that is, it takes 2 hops to achieve the purpose of forward security.
  • forward security refers to sharing a key K eNB for one eNB and one UE, and the eNB cannot calculate a key between the UE and another eNB.
  • the key K eNB of the target eNB is provided by the source eNB, so that once the source eNB is compromised, the key K eNB of the target eNB may be acquired during the X2 handover process. This is very unsafe; 2.
  • the current key distribution mechanism requires at least 2 hops to achieve forward security purposes, and cannot reach ⁇ 1 ⁇ forward security. Summary of the invention
  • the technical problem to be solved by the present invention is to provide a method and system for key distribution of a handover, which can achieve the purpose of forward security for one hop.
  • the present invention provides a handover key distribution method, and the method includes:
  • the target base station When the terminal performs handover between the source base station and the target base station, the target base station requests key generation information from the core network;
  • the target base station generates a key according to the key generation information provided by the core network, and the key is used to derive the key of the access layer.
  • the key generation information includes an intermediate key ( ⁇ ) value corresponding to a next hop chain counter ( NCC );
  • the target base station In the step of the target base station generating a key according to the key generation information provided by the core network, the target base station generates a key K eNB according to the threshold value.
  • the step of the target base station requesting the key generation information from the core network includes:
  • the target base station When receiving the handover request sent by the source base station, the target base station generates a second NCC value according to the first NCC value included in the handover request, and sends a handover NCC request to the core network mobility management entity, where the handover NCC request includes the second NCC value;
  • the mobility management entity When receiving the handover NCC request, the mobility management entity determines the NH value according to the second NCC value and the locally stored NCC value, and is included in the handover NCC response and sent to the target base station.
  • the step of determining, by the mobility management entity, the NH value according to the second NCC value and the locally saved NCC value comprises:
  • the mobility management entity compares the second NCC value with the locally stored NCC value,
  • the second NCC value is equal to the locally saved NCC value, determining the NH value corresponding to the second NCC value as the NH value; If the second NCC value is greater than the locally saved NCC value, the locally saved NCC value is set to the second NCC value, and the NH value corresponding to the second NCC value is calculated and determined as the NH value;
  • the handover NCC response sent by the mobility management entity to the target base station further includes an NCC value corresponding to the NH value; the target base station receives The NCC value is saved and forwarded to the terminal;
  • the terminal calculates a corresponding NH value according to the NCC value sent by the target base station, and calculates K eNB according to the calculated NH value.
  • the target base station calculates the second NCC value according to the following formula:
  • NCC 2 I KDF(NCCi
  • CRNTI) NCC maximum value, where NCd is the first NCC value, NCC 2 is the second NCC value, and CRNTI is the cell Wireless network temporary identification.
  • the second NCC value is smaller than the NCC value saved by the mobility management entity
  • the locally saved NCC value is equal to the maximum value in the NCC value range
  • the corresponding NCC value is directly calculated according to the locally saved NCC value.
  • the NH value is determined as the NH value.
  • the value range of the NCC is greater than or equal to 0 and less than or equal to 63.
  • a switched key distribution system the system includes: a base station and a core network, the base station includes a key information requesting unit and a key generating unit, and the core network includes a key information providing unit, wherein the key information requesting unit
  • the method is configured to: when receiving a handover request requested by the terminal, requesting the key generation information from the core network;
  • the key information providing unit is configured to provide the key generation information for the key information request unit according to the request;
  • the key generation unit is configured to generate a key based on the key generation information provided by the key information providing unit, the key being used to derive a key of the access layer.
  • the key generation information includes an NH value corresponding to the NCC
  • the key generated by the key generation unit is a K eNB
  • the key information requesting unit is further configured to: generate a second NCC value according to the first NCC value included in the handover request, and request the key generation information from the core network by sending a handover NCC request to the core network mobility management entity, where the switching NCC is performed
  • the request contains a second NCC value
  • the key information providing unit is further configured to, when receiving the handover NCC request, determine the NH value according to the second NCC value and the locally stored NCC value, and include the transmission to the key information requesting unit in the handover NCC response.
  • the key information providing unit is further configured to determine the NH value according to the second NCC value and the locally saved NCC value as follows:
  • the locally saved NCC value is set to the second NCC value, and the NH value corresponding to the second NCC value is calculated and determined as the NH value;
  • the locally saved NCC value is incremented.
  • the system further includes a terminal, where the terminal further includes a key calculation unit,
  • the key information providing unit is further configured to further include, in the handover NCC response sent to the key information requesting unit, an NCC value corresponding to the determined NH value;
  • the key information requesting unit is further configured to: after receiving the NCC value, save and forward the data to the terminal; the key calculating unit is configured to calculate a corresponding NH value according to the NCC value sent by the received key information requesting unit, and calculate according to the calculation The resulting NH value is calculated as K eNB .
  • the present invention also provides a base station in a key distribution system for handover, comprising a key information requesting unit and a key generating unit, wherein:
  • the key information requesting unit is configured to request key generation information from a core network in the switched key distribution system when receiving a handover request requested by the terminal;
  • the key generation unit is configured to: generate a key according to the key generation information provided by the core network according to the request of the key information request unit, where the key is used to derive the density of the access layer Key.
  • the key generation information includes an intermediate key (NH) value corresponding to a next hop chain counter (NCC), and the key generated by the key generation unit is a K eNB ;
  • NH intermediate key
  • NCC next hop chain counter
  • the key information requesting unit is further configured to generate a second NCC value according to the first NCC value included in the handover request, and request key generation information from the core network by sending a handover NCC request to the core network mobility management entity. And including, in the handover NCC request, the second NCC value; and receiving a handover NCC response sent by the core network, where the handover NCC response includes the core network according to the second NCC value and a locally saved NCC The value of the determined NH value.
  • the present invention also provides a terminal in a switched key distribution system, comprising a key calculation unit, the key calculation unit being configured to be based on a next hop chain counter (NCC) transmitted by a base station in the switched key distribution system.
  • NCC next hop chain counter
  • the value calculates the corresponding intermediate key (NH) value, and calculates the key K eNB based on the calculated NH value.
  • the MME provides the target eNB with the generated material of the key, and the target eNB generates the K eNB key.
  • the target eNB generates the K eNB key.
  • FIG. 2 is a schematic diagram of a key distribution process of a second handover in the prior art
  • FIG. 3 is a schematic diagram of a key distribution process of a handover according to an embodiment of the present invention.
  • the core idea of the present invention is that, in the X2 handover, by the interaction between the target eNB and the MME, the MME provides the target eNB with the key generation material, and the target eNB performs the key generation. It is ensured that the source eNB cannot calculate the key between the target eNB and the UE, and achieves the goal of 1 hop forward security.
  • the present invention provides a handover key distribution method, which specifically uses the following technical solutions:
  • the target base station When the terminal performs handover between the source base station and the target base station, the target base station requests key generation information from the core network;
  • the target base station generates a key according to the key generation information provided by the core network, and the key is used to derive a key of the access layer.
  • the key generation information includes an NH value corresponding to the NCC, and the key generated by the target base station according to the NH value is K eNB .
  • the requesting, by the target base station, the key generation information to the core network includes: when the target base station receives the handover request sent by the source base station, generating, according to the first NCC value included in the handover request, generating a second An NCC value, and sending a handover NCC request to the core network mobility management entity, where the second NCC value is included in the handover NCC request;
  • the mobility management entity When the mobility management entity receives the handover NCC request, it determines a corresponding NH value according to the second NCC value and the locally saved NCC value, and is sent to the target base station in the handover NCC response.
  • the mobility management entity determines, according to the second NCC value and the locally saved NCC value, a corresponding NH value, specifically:
  • the mobility management entity compares the second NCC value with a locally saved NCC value, and if the second NCC value is equal to the locally saved NCC value, determining the NH value corresponding to the second NCC value as Said corresponding NH value;
  • the locally saved NCC value is set to the second NCC value, and the NH value corresponding to the second NCC value is calculated and determined as the corresponding NH value;
  • the second NCC value is smaller than the locally saved NCC value, the locally saved NCC value is incremented once, and the NH value corresponding to the incremented NCC value is calculated and determined as the corresponding value.
  • the value of the NCC is greater than or equal to 0 and less than or equal to 63.
  • the target base station calculates the second NCC value according to the following formula:
  • NCC 2 I KDF(NCCi
  • CRNTI) NCC maximum value, where NCCi is the first NCC value, NCC 2 is the second NCC value, CRNTI (Cell Radio Network Temporary Identify) is the temporary identifier of the cell wireless network.
  • the NCC is directly saved according to the local The value calculates the corresponding NH value and determines it as the corresponding NH value.
  • the terminal calculates a corresponding NH value according to the NCC value sent by the target base station, and calculates K eNB according to the calculated NH value.
  • FIG. 3 is a schematic flowchart of a key distribution method of a handover according to an embodiment of the present invention. As shown in FIG. 3, the process of this embodiment is specifically described as follows:
  • Step 301 The Measurement Report is performed on the UE
  • Step 302 The source eNB makes a handover decision according to the Measurement Report reported by the UE, and generates a K eNB *;
  • K eNB * KDF(NH
  • Step 303 The source eNB initiates a Handover Request to the target eNB, and forwards the ⁇ NCC, K eNB * ⁇ to the target eNB through a Handover Request message.
  • CRNTI); preferably, in order to better secure the security of the key, the value range of the standard NCC in the present invention is [ 0, 7] to expand, if the value range can be taken as [0, 63], etc., so that the source eNB can be prevented from deriving the key of the target eNB according to the value of a limited number of NCCs. Further, preferably, if the NCC* generated by the target eNB in this step is the maximum value in the range, then NCC* NCC*-1 is set to avoid the occurrence of the NCC flip.
  • Step 305 The target eNB sends a Handover NCC Request message to the MME, where the message carries the generated NCC*;
  • Step 306 After receiving the Handover NCC Request message, the MME compares the local NCC value with the NCC* value in the message, and determines the NH value as follows:
  • NCC* NCC
  • Step 307 The MME sends a Handover NCC Response message to the target eNB, where the message includes ⁇ NCC, NH ⁇ ;
  • Step 309 The target eNB returns a Handover Request Ack to the source eNB, and includes the NCC value sent by the received MME in the Handover Request Ack message.
  • Step 310 The source eNB sends the NCC to the UE in the Handover Command message.
  • Step 311: After receiving the Handover Command message containing the NCC value, the UE adds the NCC value until it matches the NCC value in the Handover Command message, and then passes Safety parameter The function defined by the specification iteratively calculates the NH corresponding to the NCC, and calculates K eNB according to the NH value, K eNB KDF (NH II PCI II EARFCN DL);
  • the UE does not need to pay attention to how the NCC value sent by the target eNB is determined, and only needs to determine the NCC value according to the existing iterative calculation method.
  • the NH value can be calculated by calculating K eNB .
  • Step 312 The UE returns a Handover Confirm message to the target eNB.
  • Step 313 After completing the interaction with the handover signaling of the UE, the target eNB sends a Path Switch Request message to the MME.
  • Step 314 The MME sends a Path Switch Request Ack to the target eNB, where the message does not carry ⁇ NCC, ⁇ ;
  • Step 315 After the handover is completed, the target eNB sends a Release Resource message to the source eNB to notify the source eNB to release related resources of the UE.
  • the target eNB in step 304, the target eNB generates an NCC* according to the NCC value sent by the source eNB, and in steps 306-308, the MME determines the NH value and sends the value to the target eNB, and the target eNB according to the MME.
  • the provided NH value generates a key, so that the source eNB cannot calculate the key K eNB between the target eNB and the UE, and achieves one-hop forward security.
  • the key distribution system of the present embodiment includes: a base station and a core network, the base station includes a key information requesting unit and a key generating unit, and the core network includes a key information providing unit, wherein the key information requesting unit is configured to: Receiving the handover request requested by the terminal, requesting the key generation information from the core network;
  • the key information providing unit is configured to provide key generation information for the key information request unit according to the request;
  • the key generation unit is configured to generate a key according to the key generation information provided by the key information providing unit, and the key is used to derive a key of the access layer.
  • the key generation information includes an NH value corresponding to the NCC, and the key generated by the key generation unit is K eNB ; the key information requesting unit is further configured to generate the first NCC value according to the handover request a second NCC value, and requesting key generation information from the core network by sending a handover NCC request to the core network mobility management entity, where the second NCC value is included in the handover NCC request;
  • the key information providing unit is further configured to, when receiving the handover NCC request, determine the NH value according to the second NCC value and the locally stored NCC value, and include the transmission to the key information requesting unit in the handover NCC response.
  • the key information providing unit is further configured to determine the NH value according to the second NCC value and the locally stored NCC value as follows:
  • the locally saved NCC value is set to the second NCC value, and the NH value corresponding to the second NCC value is calculated and determined as the NH value; if the second NCC value Less than the locally saved NCC value, the locally saved NCC value is incremented
  • the system further includes a terminal, and the terminal further includes a key calculation unit,
  • the key information providing unit is further configured to further include, in the handover NCC response sent to the key information requesting unit, an NCC value corresponding to the determined NH value;
  • the key information requesting unit is further configured to: after receiving the NCC value, save and forward the data to the terminal; the key calculating unit is configured to calculate a corresponding NH value according to the NCC value sent by the received key information requesting unit, and calculate according to the calculation The resulting NH value is calculated as K eNB .
  • the present invention also provides a base station in a key distribution system for handover, comprising a key information requesting unit and a key generating unit, wherein:
  • the key information requesting unit is configured to request key generation information from a core network in the switched key distribution system when receiving a handover request requested by the terminal;
  • the key generation unit is configured to: generate a key according to the key generation information provided by the core network according to the request of the key information request unit, where the key is used to derive a key of an access layer .
  • the key generation information includes an intermediate key (NH) value corresponding to a next hop chain counter (NCC), and the key generated by the key generation unit is a K eNB ;
  • the key information requesting unit is further configured to generate a second NCC value according to the first NCC value included in the handover request, and request key generation information from the core network by sending a handover NCC request to the core network mobility management entity. And including, in the handover NCC request, the second NCC value; and receiving a handover NCC response sent by the core network, where the handover NCC response includes the core network according to the second NCC value and a locally saved NCC The value of the determined NH value.
  • the present invention also provides a terminal in a switched key distribution system, comprising a key calculation unit, the key calculation unit being arranged to be based on a next hop chain counter (NCC) sent by a base station in the switched key distribution system ) corresponding to the intermediate value calculating key (NH) value, and calculates K eNB key based on the calculated value NH.
  • NCC next hop chain counter
  • NH intermediate value calculating key
  • the present invention provides a handover key distribution method and system.
  • the target base station requests key generation information from the core network; the target base station generates a key according to the core network.
  • the information generation key is used to derive the key of the access layer to solve the security problem of key distribution during the handover process.
  • the MME provides the target eNB with the generated material of the key, and the target eNB generates the K eNB key.
  • the key K eNB of the eNB solves the security problem of key distribution in the handover process and achieves the goal of 1 hop forward security.

Abstract

La présente invention se rapporte à un procédé et à un système de distribution de clé pour la réalisation d'un transfert intercellulaire. Le procédé selon l'invention comprend les étapes suivantes : quand un terminal exécute une commutation entre une station de base source et une station de base cible, la station de base cible demande des données de génération de clé au cœur de réseau; la station de base cible génère une clé, qui est utilisée pour dériver une clé de la couche d'accès, à partir des données de génération de clé fournies par le cœur de réseau. Le schéma de distribution de clé proposé dans la présente invention fournit le matériau de génération de la clé pour le nœud B évolué (eNB) cible par le biais de l'entité de gestion de la mobilité (MME), et le eNB cible génère une clé KeNB. De cette manière, au cours du processus de transfert intercellulaire X2, même si le eNB source est cassé, la clé KeNB du eNB cible ne peut pas être obtenue. La solution technique de la présente invention permet de résoudre le problème de sécurité lié à la distribution de clé au cours du processus de transfert intercellulaire; elle permet également d'atteindre l'objectif de sécurité par un bond en avant.
PCT/CN2011/070533 2010-07-22 2011-01-24 Procédé et système de distribution de clé pour transfert intercellulaire WO2012009972A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010236671.X 2010-07-22
CN201010236671.XA CN102340774B (zh) 2010-07-22 2010-07-22 一种切换的密钥分发方法及系统

Publications (1)

Publication Number Publication Date
WO2012009972A1 true WO2012009972A1 (fr) 2012-01-26

Family

ID=45496481

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/070533 WO2012009972A1 (fr) 2010-07-22 2011-01-24 Procédé et système de distribution de clé pour transfert intercellulaire

Country Status (2)

Country Link
CN (1) CN102340774B (fr)
WO (1) WO2012009972A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190141585A1 (en) * 2013-12-27 2019-05-09 Huawei Technologies Co., Ltd. Method of Distributing Security Key Context, Mobility Management Entity, and Base Station
US11566118B2 (en) 2016-02-18 2023-01-31 Starlite Co., Ltd. Nanofiber dispersion, method of producing nanofiber dispersion, powdery nanofibers obtainable from the dispersion, resin composition containing the powdery nanofibers ad molding material for 3D printer using the resin composition

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9351160B2 (en) 2012-05-07 2016-05-24 Telefonaktiebolaget L M Ericsson (Publ) Base station and method in relay node mobility
CN104798392A (zh) * 2012-09-12 2015-07-22 诺基亚技术有限公司 用于异构网络中的移动性控制的方法和设备
CN111148279B (zh) * 2018-11-02 2022-02-25 华为技术有限公司 一种连接重建立方法及装置
WO2020155157A1 (fr) * 2019-02-02 2020-08-06 Oppo广东移动通信有限公司 Procédé et appareil de traitement d'informations de sécurité pendant un processus de transfert intercellulaire, dispositif de réseau et terminal

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101516089A (zh) * 2008-02-18 2009-08-26 中国移动通信集团公司 一种切换方法及系统
EP2109278A1 (fr) * 2008-04-07 2009-10-14 NTT DoCoMo, Inc. Procédé et appareil de génération d'une nouvelle clé
CN101772100A (zh) * 2008-12-29 2010-07-07 中国移动通信集团公司 LTE系统中基站eNB切换时的密钥更新方法、设备及系统

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101309503A (zh) * 2007-05-17 2008-11-19 华为技术有限公司 无线切换方法、基站及终端

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101516089A (zh) * 2008-02-18 2009-08-26 中国移动通信集团公司 一种切换方法及系统
EP2109278A1 (fr) * 2008-04-07 2009-10-14 NTT DoCoMo, Inc. Procédé et appareil de génération d'une nouvelle clé
CN101772100A (zh) * 2008-12-29 2010-07-07 中国移动通信集团公司 LTE系统中基站eNB切换时的密钥更新方法、设备及系统

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190141585A1 (en) * 2013-12-27 2019-05-09 Huawei Technologies Co., Ltd. Method of Distributing Security Key Context, Mobility Management Entity, and Base Station
US11566118B2 (en) 2016-02-18 2023-01-31 Starlite Co., Ltd. Nanofiber dispersion, method of producing nanofiber dispersion, powdery nanofibers obtainable from the dispersion, resin composition containing the powdery nanofibers ad molding material for 3D printer using the resin composition

Also Published As

Publication number Publication date
CN102340774A (zh) 2012-02-01
CN102340774B (zh) 2016-05-11

Similar Documents

Publication Publication Date Title
US10999065B2 (en) Method and apparatus for updating a key in an active state
CN110945892B (zh) 安全实现方法、相关装置以及系统
CN109417740B (zh) 保持相同无线终端的切换期间的安全密钥使用
US8707045B2 (en) Method and apparatus for traffic count key management and key count management
EP2293610B1 (fr) Procédé et dispositif de prévention de perte de synchronisation de sécurité de réseau
US20170359719A1 (en) Key generation method, device, and system
US20100002883A1 (en) Security procedure and apparatus for handover in a 3gpp long term evolution system
KR102187869B1 (ko) 이동 통신 시스템에서 nh 및 ncc 쌍을 이용하여 보안 문제를 해결하기 위한 방법
WO2011137805A1 (fr) Procédé, appareil et système permettant un traitement sécuritaire dans un processus de commutation
US20150269028A1 (en) Methods, apparatuses and computer program products enabling to improve handover security in mobile communication networks
US20120077461A1 (en) Method and system for preauthenticating a mobile node
US10624005B2 (en) Method and apparatus for proxy algorithm identity selection
WO2012009972A1 (fr) Procédé et système de distribution de clé pour transfert intercellulaire
WO2013029461A1 (fr) Procédé de transmission de données sécurisée et dispositif associé
WO2011153852A1 (fr) Procédé d'actualisation de clé d'interface radio, nœud de réseau de base et système d'accès sans fil correspondant
WO2016154884A1 (fr) Procédé de communication, équipement utilisateur et station de base
WO2009152656A1 (fr) Procédé et système de génération d’identifiant d’identité de clé lors du transfert du dispositif utilisateur
WO2011137823A1 (fr) Procédé et dispositif d'isolation de clé
WO2016026088A1 (fr) Procédé de commutation de trajet, point d'ancrage mobile et station de base
CN113170369A (zh) 用于在系统间改变期间的安全上下文处理的方法和装置
WO2018201381A1 (fr) Procédé de génération de clés et dispositifs associés
US8713317B2 (en) Method and system for encrypting data in a wireless communication system
CN115244892A (zh) 安全认证方法、装置、设备及存储介质
WO2023011263A1 (fr) Procédé de transmission de message et appareil de communication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11809161

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11809161

Country of ref document: EP

Kind code of ref document: A1