WO2012097620A1 - Procédé de configuration de mode de sécurité et terminal correspondant - Google Patents

Procédé de configuration de mode de sécurité et terminal correspondant Download PDF

Info

Publication number
WO2012097620A1
WO2012097620A1 PCT/CN2011/081346 CN2011081346W WO2012097620A1 WO 2012097620 A1 WO2012097620 A1 WO 2012097620A1 CN 2011081346 W CN2011081346 W CN 2011081346W WO 2012097620 A1 WO2012097620 A1 WO 2012097620A1
Authority
WO
WIPO (PCT)
Prior art keywords
algorithm
integrity protection
key
encryption
terminal
Prior art date
Application number
PCT/CN2011/081346
Other languages
English (en)
Chinese (zh)
Inventor
邓云
戴谦
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2012097620A1 publication Critical patent/WO2012097620A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/037Protecting confidentiality, e.g. by encryption of the control plane, e.g. signalling traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity

Definitions

  • the present invention relates to the field of mobile communications, and in particular, to a method and a terminal for configuring a security mode. Background technique
  • H2H Human to Human refers to the communication between people through the operation of the device.
  • the existing wireless communication technology is developed based on H2H communication, and machine to machine communication (M2M, Machine to Machine)
  • M2M Machine to Machine
  • the definition is based on the intelligent interaction of the machine terminal, and the networked application and service. It is based on the intelligent machine terminal, and uses multiple communication methods as access means to provide customers with information solutions to meet customer requirements. Information needs for monitoring, command and dispatch, data collection and measurement.
  • M2M can be used in industrial applications, home applications, personal applications, etc., in the field of industrial applications such as: traffic monitoring, alarm systems, marine rescue, vending machines, car payment, etc., in the field of home applications such as: Automatic meter reading, temperature control, etc., in the field of personal applications such as: life detection, remote diagnosis, etc.
  • the communication object of M2M is machine-to-machine or person-to-machine.
  • Data communication between one or more machines is defined as Machine Type Communication (MTC).
  • MTC Machine Type Communication
  • MD MTC equipment
  • MTC Device a terminal of the MTC user and can communicate with the MTC device and the MTC server through a public land mobile network (PLMN) network.
  • PLMN public land mobile network
  • the existing system can be optimized according to its characteristics to meet the requirements of the M2M application, and it does not affect the ordinary H2H equipment in the existing system.
  • Some notable features of the M2M application include: The number of MTC devices is huge, and the number is much higher than the existing H2H devices; the data transmission is regular, the amount of data transmitted per time is small; the mobility of MTC devices is low, and a large part of MTC devices are Not moving.
  • FIG. 1 shows the long-term evolution according to the related technology (LTE, Long Term). Evolution
  • the process of accessing the network by the MTC device in the system mainly includes the following steps:
  • Step 101 The MTC device initiates random access in the camping cell, and sends an RRC connection request signaling (RRC Connection Request) to the base station to which the camping cell belongs.
  • RRC Connection Request RRC Connection Request signaling
  • Step 102 The base station allocates resources for the MTC device, and sends an RRC Connection Setup message to the MTC device.
  • Step 103 After receiving the RRC connection setup signaling, the MTC device applies the resource configuration, and sends an RRC Connection Setup Complete signaling to the base station, where the completion signaling includes the MTC device sending to the core network.
  • Non-access stratum NAS, Non Access Stratum
  • signaling such as attach request (Attach), or service request (Service Request).
  • Step 104 The base station selects a core network element for the MTC device, and sends an initial user message (Initial UE Message) to the selected core network element, where the NAS signaling, such as an attach request or a service request, is included.
  • an initial user message such as an attach request or a service request
  • Step 105 After receiving the initial user equipment message, the core network authenticates the MTC device.
  • the core network needs to be from the home subscriber server (HSS, Home Subscriber Server).
  • the contract information of the MTC device is obtained (not shown in the drawing).
  • the core network sends an initial context setup request (initial Context Setup Request) to the base station, which includes the QoS parameters of the data radio bearer (DRB, Data Radio Bearer) that the base station needs to establish for the MTC device, and security configuration parameters.
  • the security configuration parameter includes a security key (or KeNB) and a UE Security Capabilities.
  • Step 106 After receiving the initial context setup request, the base station configures a security parameter for the MTC device, and sends a security mode command (Security Mode Command) to the MTC device, where the ciphering algorithm and the complete '1' bio-protection algorithm are included. (integrity Prot Algorithm) configuration.
  • Step 107 After receiving the security mode command, the MTC device obtains an encryption key (K RRCenc , K UPenc ) and an integrity protection key ( K RRCint ) according to the encryption algorithm and the integrity protection algorithm therein, and the protocol predefined rules. 0
  • the MTC device configures the underlying application encryption and integrity protection algorithm.
  • the MTC device needs to implement the integrity protection algorithm in the subsequent signaling, including Security Mode Complete signaling; the MTC device implements the encryption algorithm in the subsequent signaling. In addition to the security mode completion signaling, the encryption algorithm is not applied.
  • the MTC device sends a security mode completion signaling to the base station.
  • Step 108 The base station configures the measurement, configures the scheduling parameters of the data radio bearer DRB for the MTC device, and configures the parameters for the MTC device through the RRC connection reconfiguration signaling (RRC Connection Reconfiguration).
  • Step 109 After receiving the reconfiguration signaling, the MTC device applies the parameters therein, and sends an RRC Connection Reconfiguration Complete signaling to the base station.
  • Step 110 After receiving the RRC connection reconfiguration complete signaling, the base station sends an Initial Context Setup Response to the core network.
  • the MTC device establishes a radio access bearer for data transmission and can transmit data.
  • the network side will release the signaling through the RRC connection (RRC Connection). Release ) Release the already established bearer.
  • RRC Connection RRC Connection
  • Release Release the already established bearer.
  • multiple RRC signaling will be exchanged between the MTC device and the base station.
  • the RRC signaling interaction between the MTC device and the base station does not occupy too much radio resources.
  • the signaling interaction between the MTC device and the base station will occupy a lot of radio resources.
  • the main purpose of the present invention is to provide a security mode configuration method and a terminal, which can effectively reduce the number of air interface signaling when a terminal accesses a network, and save air interface resources.
  • the present invention provides a method for configuring a security mode, the method comprising:
  • the terminal obtains an encryption algorithm and/or an integrity protection algorithm explicitly or implicitly through radio resource control (RRC) connection reconfiguration, radio bearer setup, or radio bearer reconfiguration signaling;
  • RRC radio resource control
  • the terminal obtains an encryption key and/or an integrity protection key in a predetermined manner according to the obtained encryption algorithm and/or integrity protection algorithm, and configures an underlying application encryption algorithm and an integrity protection algorithm.
  • the terminal learns the encryption algorithm and/or the integrity protection algorithm when it is not handed over.
  • the explicit learned encryption algorithm and/or integrity protection algorithm is specifically:
  • the RRC connection reconfiguration, the radio bearer setup, or the radio bearer reconfiguration signaling includes a cell of an encryption algorithm and/or an integrity protection algorithm, and the encryption algorithm and/or integrity protection algorithm learned by the terminal is Encryption algorithm and/or integrity protection algorithm in the cell.
  • the implicit learned encryption algorithm and/or integrity protection algorithm is specifically: The terminal saves the encryption algorithm and/or integrity protection algorithm when accessing the network last time, and the encryption algorithm and/or integrity protection algorithm learned by the terminal is the encryption algorithm and/or complete when the last time the network is accessed. Sex protection algorithm.
  • the terminal obtains an encryption key and/or an integrity protection key in a predetermined manner according to the obtained encryption algorithm and/or integrity protection algorithm, specifically:
  • the terminal uses the security key used when accessing the network last time, and obtains the encryption key and the integrity protection key by using the encryption algorithm and/or the integrity protection algorithm; or
  • the terminal derives a new security key according to the security key used when accessing the network last time, or according to the security key used when accessing the network last time, combined with the cell identity and/or frequency of the cell accessed by the terminal. Deriving a new security key; the terminal obtains an encryption key and an integrity protection key according to the new security key and through the encryption algorithm and/or integrity protection algorithm.
  • the invention also provides a configuration terminal of a security mode, the terminal comprising:
  • An algorithm obtaining module configured to explicitly or implicitly obtain an encryption algorithm and/or an integrity protection algorithm by using an RRC connection reconfiguration, a radio bearer setup, or a radio bearer reconfiguration signaling;
  • the key obtaining module is configured to obtain an encryption key and/or an integrity protection key in a predetermined manner according to the obtained encryption algorithm and/or integrity protection algorithm, and configure an underlying application encryption algorithm and an integrity protection algorithm.
  • the algorithm obtaining module is further configured to learn the encryption algorithm and/or the integrity protection algorithm when the terminal is not switched.
  • the explicit learned encryption algorithm and/or integrity protection algorithm is specifically:
  • the RRC connection reconfiguration, the radio bearer setup, or the radio bearer reconfiguration signaling includes a cell of an encryption algorithm and/or an integrity protection algorithm, and the algorithm obtains an encryption algorithm and/or an integrity protection algorithm learned by the module, that is, An encryption algorithm and/or an integrity protection algorithm in the cell.
  • the implicit learned encryption algorithm and/or integrity protection algorithm is specifically: The terminal saves the encryption algorithm and/or the integrity protection algorithm when accessing the network last time, and the algorithm obtains the encryption algorithm and/or the integrity protection algorithm learned by the module, that is, the encryption algorithm and/or the last time the network is saved. Or integrity protection algorithm.
  • the key obtaining module is further configured to: use a security key used when the terminal accesses the network last time, and obtain an encryption key and an integrity protection key by using the encryption algorithm and/or an integrity protection algorithm; or
  • a new security key is obtained by the key acquisition module obtains an encryption key and an integrity protection key by the encryption algorithm and/or an integrity protection algorithm according to the new security key.
  • a security mode configuration method and terminal provided by the present invention, the terminal obtains an encryption algorithm explicitly or implicitly through radio resource control (RRC) connection reconfiguration, radio bearer establishment or radio bearer reconfiguration signaling.
  • RRC radio resource control
  • Integrity protection algorithm the terminal obtains an encryption key and/or an integrity protection key in a predefined manner according to the obtained encryption algorithm and/or integrity protection algorithm, and configures an underlying application encryption algorithm and an integrity protection algorithm.
  • the invention can reduce the number of RRC signaling exchanged when the terminal accesses the network, and save air interface resources.
  • the secure transmission of signaling and data can be ensured by the invention.
  • FIG. 1 is a flowchart of an MTC device accessing a network in an existing LTE system
  • FIG. 2 is a flowchart of accessing a network by an MTC device according to an embodiment of the present invention
  • FIG. 3 is a flowchart of initiating a service by an MTC device according to an embodiment of the present invention. detailed description
  • the method for configuring a security mode includes: the terminal obtaining an encryption algorithm and/or an integrity protection algorithm explicitly or implicitly through an RRC connection reconfiguration, a radio bearer setup, or a radio bearer reconfiguration signaling; The terminal obtains an encryption key and/or an integrity protection key according to the obtained encryption algorithm and/or integrity protection algorithm in a pre-agreed manner by the protocol, and then configures the underlying application encryption algorithm and the integrity protection algorithm.
  • the terminal learns an encryption algorithm and/or an integrity protection algorithm when it is not switched.
  • the explicit learned encryption algorithm and/or the integrity protection algorithm refers to a cell that includes an encryption algorithm and/or an integrity protection algorithm in the RRC connection reconfiguration, radio bearer setup, or radio bearer reconfiguration signaling, and the terminal.
  • the learned encryption algorithm and/or integrity protection algorithm is the encryption algorithm and/or integrity protection algorithm in the cell.
  • the implicitly learned encryption algorithm and/or the integrity protection algorithm refers to an encryption algorithm and/or an integrity protection algorithm that the terminal saves when accessing the network last time, and an encryption algorithm and/or an integrity protection algorithm learned by the terminal. This is the saved encryption algorithm and/or integrity protection algorithm when the network was last accessed.
  • the terminal uses the security key used when accessing the network last time, and obtains the encryption key and the integrity protection key by using the encryption algorithm and/or the integrity protection algorithm; or, the terminal accesses the network according to the last time.
  • the security key used at the time derives a new security key, or derives a new security key based on the security key used when accessing the network last time, combined with the cell identity and/or frequency of the cell accessed by the terminal;
  • An encryption key and an integrity protection key are obtained according to the new security key and by the encryption algorithm and/or integrity protection algorithm.
  • the terminal completes the RRC connection reconfiguration complete, the radio bearer setup completes or the radio bearer reconfiguration completes the application integrity protection algorithm, or applies the integrity protection algorithm and the encryption algorithm.
  • the terminal implements an encryption algorithm and an integrity protection algorithm in subsequent signaling.
  • the terminal includes an MTC device and/or an H2H device.
  • a large number of MTC devices and H2H devices reside in a cell managed by any one of the base stations of the LTE system, and some of the devices are in a connected state, and some are in an idle state. At some point, some MTC devices need to initiate services because of data transmission.
  • 2 is a schematic flowchart of accessing a network by an MTC device (referred to as MD1) according to Embodiment 1 of the present invention. As shown in FIG. 2, the process includes:
  • Step 201 The MTC device initiates random access in the camping cell, and sends an RRC connection request signaling (RRC Connection Request) to the base station to which the camping cell belongs.
  • RRC Connection Request RRC Connection request signaling
  • Step 202 The base station allocates resources to the MTC device, and sends an RRC connection setup signaling (RRC Connection Setup) thereto.
  • Step 203 After receiving the RRC connection setup signaling, the MTC device applies the resource configuration, and sends an RRC Connection Setup Complete (RRC Connection Setup Complete) signaling to the base station, where the completion signaling includes the MTC device sending to the core network.
  • RRC Connection Setup Complete RRC Connection Setup Complete
  • NAS signaling in this embodiment, NAS signaling is an attach request.
  • Step 204 The base station selects a core network element for the MTC device, and the base station sends an initial user message (Initial UE Message) to the selected core network element, where the NAS signaling, that is, the attach request, is included.
  • an initial user message Initial UE Message
  • Step 205 After receiving the initial user equipment message, the core network authenticates the MTC device. In the process, the core network needs to obtain the subscription information of the MTC device from the Home Subscriber Server (HSS). Not shown). The core network sends an Initial Context Setup Request to the base station, which includes the QoS parameters and security configuration parameters of the Data Radio Bearer (DRB) that the base station needs to establish for the MTC device.
  • the security configuration parameters include a security key (or KeNB) and a UE Security Capabilities.
  • Step 206 After receiving the initial context establishment request, the base station configures a security parameter for the MTC device, including a ciphering algorithm and an integrity protection algorithm.
  • the configuration of the (integrityProtAlgorithm) the base station configures the MTC device for measurement, configures the scheduling parameters of the data radio bearer DRB, and the base station sends an RRC connection reconfiguration signaling (RRC Connection Reconfiguration) to the MTC device, where the signaling includes the base station configured for it.
  • Security parameters Encryption algorithm and integrity protection algorithm
  • measurement configuration is represented by RadioResourceConfigDedicated.
  • the security configuration parameter (securityConfigHO) at the time of handover is included, and the parameter is configured only when the MTC device is switched, and it is required to configure whether it is a parameter of intra-cell handover or inter-system handover.
  • the MTC device does not switch, so it is necessary to add a new cell to represent the security parameter configuration, including the encryption algorithm and the integrity protection algorithm; or change the existing securityConfigHO to enable it to be applied to the non-switched scenario (not required) Set whether it is a parameter for intra-cell handover and inter-system handover).
  • Step 207 After receiving the RRC connection reconfiguration signaling, the MTC device obtains an encryption key (KRR Cenc , K UPenc ) and an integrity protection key according to the encryption algorithm and the integrity protection algorithm and the protocol predefined rules. KRR Cint ;).
  • the MTC device configures the underlying application encryption and integrity protection algorithm.
  • the MTC device needs to implement the integrity protection algorithm in the subsequent signaling, including RRC Connection Reconfiguration Complete (RRC Connection Reconfiguration Complete); the MTC device is implemented in the subsequent signaling.
  • the encryption algorithm does not apply an encryption algorithm except for the RRC connection reconfiguration completion signaling.
  • the MTC device configures the measurement parameters and the resources configured by the application base station (included in the RadioResourceConfigDedicated), and then the MTC device sends the RRC connection reconfiguration complete signaling to the base station.
  • the MTC device needs to obtain the security key KeNB through the NAS count calculation included in the NAS signaling procedure, and then derive the encryption key and the integrity protection key by the KeNB, the encryption algorithm and the integrity protection algorithm.
  • the protocol stipulates a method for calculating keys by KeNB, encryption algorithm and integrity protection algorithm.
  • the base station also needs to calculate the key according to the KeNB, encryption algorithm and integrity protection algorithm received in step 205. Then, apply encryption between the base station and the MTC device. Algorithm and integrity protection algorithm.
  • Step 208 After receiving the RRC connection reconfiguration complete signaling, the base station sends an Initial Context Setup Response to the core network.
  • the base station establishes a radio access bearer for transmitting data for the MTC device, and the MTC device can perform data transmission.
  • the MTC device reduces the RRC signaling of the security mode separately when the radio access bearer is established, which can effectively reduce the consumption of air interface resources; and when the signaling is reduced, the security is not reduced.
  • the scenario of the MTC device is described, and is applicable to the H2H device in practical applications.
  • the base station simultaneously configures security parameters, measurement, and DRB related parameters through the existing RRC connection reconfiguration signaling, and may also add RRC signaling to transmit the configuration parameters.
  • RRC Radio Network Controller
  • the RRC signaling transmitted is a radio network controller (RNC, Radio Network Controller) 0 when When the terminal accesses the network, the RNC can configure the security parameters and the data radio bearer related parameters through Radio Bearer Setup or Radio Bearer Reconfiguration.
  • RNC Radio Network Controller
  • the MTC device configures an underlying application encryption and integrity protection algorithm, and the MTC device needs to implement an integrity protection algorithm in the subsequent signaling, including an RRC connection reconfiguration completion signal.
  • the MTC device implements an encryption algorithm in subsequent signaling, and also includes an RRC connection reconfiguration completion signaling application encryption algorithm.
  • the base station needs to perform decryption at the same time and implement integrity protection verification.
  • a large number of MTC devices and H2H devices reside in a cell managed by any one of the LTE systems, and some of the devices are in a connected state, and some are in an empty state. Idle state. At some point, some MTC devices need to initiate a service request because of data transmission.
  • the process of initiating a service by one of the already registered MTC devices (called MD2) is:
  • Steps 301 through 305 are the same as steps 201 through 205.
  • the NAS signaling sent by the MTC device is the service request signaling, because the MTC device has already registered, and no additional signaling is required.
  • the security key KeNB sent by the core network to the base station is a security key used by the MTC device to access the network at a time, and the core network sends the encryption algorithm and integrity used by the MTC device to the base station last time. Protection algorithm.
  • Step 306 After receiving the initial context setup request, the base station configures, configures, and configures a scheduling parameter of the data radio bearer DRB for the MTC device, and the base station sends an RRC connection reconfiguration signaling (RRC Connection Reconfiguration) to the MTC device, where the signaling includes the base station.
  • RRC connection reconfiguration signaling (RRC Connection Reconfiguration)
  • the measurement configuration, DRB related parameters configured for it (the existing protocol is represented by RadioResourceConfigDedicated).
  • the RRC connection reconfiguration signaling does not include an encryption algorithm and an integrity protection algorithm.
  • Step 307 After receiving the RRC connection reconfiguration signaling, the MTC device finds that there is no encryption algorithm and an integrity protection algorithm, and the MTC device uses the encryption algorithm and the integrity protection algorithm used when accessing the network last time. At the same time, the MTC device uses the security key KeNB used when accessing the network last time. The MTC device obtains the encryption key (K RRCenc , K UPenc ) and the integrity protection key (KRR Cint ;) according to the rules predefined by the protocol. The MTC device configures the underlying application encryption and integrity protection algorithm. The MTC device needs to implement the integrity protection algorithm in the subsequent signaling, including RRC Connection Reconfiguration Complete (RRC Connection Reconfiguration Complete); the MTC device is implemented in the subsequent signaling.
  • RRC Connection Reconfiguration Complete RRC Connection Reconfiguration Complete
  • the encryption algorithm does not apply an encryption algorithm except for the RRC connection reconfiguration completion signaling.
  • the MTC device configures the measurement parameters and the resources configured by the application base station (included in the Radio Resource Config Dedicated), and then the MTC device sends the RRC connection reconfiguration complete signaling to the base station.
  • Step 308 is the same as step 208.
  • the base station establishes a radio access bearer for transmitting data for the MTC device, and the MTC device can perform data transmission.
  • the separate safety mode flow can be reduced, and the air port load can be reduced.
  • step 306 after receiving the initial context setup request, the base station uses the security key KeNB sent by the core network to derive a new security key KeNB* according to the protocol. Or, in combination with the cell identity and/or frequency of the cell accessed by the MTC device, a new security key KeNB* is derived according to the protocol.
  • the MTC device also derives a new security key KeNB* according to the originally agreed KeNB according to the protocol agreed; or combines the cell identifier and/or frequency of the cell accessed by the MTC device according to the protocol. A new security key KeNB* is derived.
  • the encryption key and integrity protection key are then obtained according to the KeNB* and the stored encryption algorithm and integrity protection algorithm, and the MTC device configures the underlying application of a new encryption key and an integrity protection key. In this way, the MTC device can use the new encryption algorithm and integrity protection algorithm in the air interface to enhance the security of the system.
  • the core network does not send the encryption algorithm and the integrity protection algorithm used by the MTC device to the base station, but the base station saves the encryption algorithm used by the MTC device last time. And integrity protection algorithms. Because some MTC devices are stationary, such as electricity meters, water meters, etc., these devices will only access the network through the cells of the same base station.
  • the base station can save its encryption algorithm and integrity when these devices first access the network to implement registration.
  • the protection algorithm can save the overhead of air interface signaling when it accesses the network later, and at the same time ensure the security of the system.
  • the scenario of the MTC device is described, and in fact is applicable to the H2H device.
  • the present invention also provides a configuration of a security mode.
  • the terminal includes: an algorithm acquisition module and a key acquisition module.
  • the algorithm acquiring module is configured to explicitly or implicitly obtain an encryption algorithm and/or an integrity protection algorithm by using an RRC connection reconfiguration, a radio bearer setup, or a radio bearer reconfiguration signaling.
  • the key acquisition module is configured to obtain an encryption key and/or an integrity protection key in a predetermined manner according to the obtained encryption algorithm and/or an integrity protection algorithm, and configure an underlying application encryption algorithm and an integrity protection algorithm.
  • the algorithm obtaining module is further configured to learn the encryption algorithm and/or the integrity protection algorithm when the terminal is not switched.
  • the explicit learned encryption algorithm and/or integrity protection algorithm is specifically:
  • the RRC connection reconfiguration, the radio bearer setup, or the radio bearer reconfiguration signaling includes a cell of an encryption algorithm and/or an integrity protection algorithm, and the algorithm obtains an encryption algorithm and/or an integrity protection algorithm learned by the module, that is, An encryption algorithm and/or an integrity protection algorithm in the cell.
  • the implicit learned encryption algorithm and/or integrity protection algorithm is specifically:
  • the terminal saves the encryption algorithm and/or the integrity protection algorithm when accessing the network last time, and the algorithm obtains the encryption algorithm and/or the integrity protection algorithm learned by the module, that is, the encryption algorithm and/or the last time the network is saved. Or integrity protection algorithm.
  • the key obtaining module is further configured to: use a security key used when the terminal accesses the network last time, and obtain an encryption key and an integrity protection key by using the encryption algorithm and/or an integrity protection algorithm; or
  • a new security key is obtained by the key acquisition module obtains the encryption key and the integrity protection key by the encryption algorithm and/or the integrity protection algorithm according to the new security key.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne un procédé de configuration de mode de sécurité et le terminal correspondant. Le procédé comprend: l'obtention distincte ou implicite par le terminal d'algorithme de chiffrement et/ou d'algorithme de protection d'intégralité par un signal de reconfiguration de connexion de contrôle de ressources radio (RRC), le signal d'établissement de porteuse radio ou le signal de reconfiguration de porteuse radio; l'obtention par le terminal de la clé de chiffrement et/ou de la clé de protection d'intégralité par un procédé préétabli et la configuration de l'algorithme de chiffrement et de l'algorithme de la protection d'intégralité pour l'application sous-jacente, selon l'algorithme de chiffrement et de l'algorithme de la protection d'intégralité obtenus. Le nombre de signaux de contrôle RCC interactifs lors de l'accès du terminal à un réseau peut être réduit, la ressource d'interface radio peut être économisée grâce à l'invention, et la transmission sécurisée de données et de signal peut être assurée grâce à l'invention.
PCT/CN2011/081346 2011-01-18 2011-10-26 Procédé de configuration de mode de sécurité et terminal correspondant WO2012097620A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110020123.8 2011-01-18
CN201110020123.8A CN102595390B (zh) 2011-01-18 2011-01-18 一种安全模式的配置方法和终端

Publications (1)

Publication Number Publication Date
WO2012097620A1 true WO2012097620A1 (fr) 2012-07-26

Family

ID=46483502

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/081346 WO2012097620A1 (fr) 2011-01-18 2011-10-26 Procédé de configuration de mode de sécurité et terminal correspondant

Country Status (2)

Country Link
CN (1) CN102595390B (fr)
WO (1) WO2012097620A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2882208A4 (fr) * 2012-07-30 2016-04-13 China Mobile Comm Corp Procédé, appareil, système et dispositif apparenté pour transmission de données

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103703717B (zh) * 2012-07-24 2017-07-14 华为技术有限公司 计数器检查方法和装置
CN103813308B (zh) * 2012-11-13 2017-11-10 电信科学技术研究院 一种上行数据传输方法、装置及系统
JP6687107B2 (ja) * 2015-09-24 2020-04-22 富士通株式会社 伝送時間間隔の設定方法、データ伝送方法、装置及びシステム
WO2017128306A1 (fr) * 2016-01-29 2017-08-03 华为技术有限公司 Procédé et équipement de communication
CN109246847B (zh) * 2017-05-16 2020-12-01 成都鼎桥通信技术有限公司 网络接入方法及系统
CN109391603B (zh) * 2017-08-11 2021-07-09 华为技术有限公司 数据完整性保护方法和装置
CN109819492B (zh) * 2017-11-20 2021-02-12 华为技术有限公司 一种确定安全能力的方法和装置
EP3793317A4 (fr) * 2018-05-10 2021-05-05 Huawei Technologies Co., Ltd. Procédé de mise à jour de clé, dispositif, et support de stockage
CN110831255B (zh) * 2018-08-09 2023-05-02 大唐移动通信设备有限公司 重建rrc连接的方法、基站、移动终端及存储介质

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1571540A (zh) * 2004-04-23 2005-01-26 中兴通讯股份有限公司 协商选择空中接口加密算法的方法
CN101242629A (zh) * 2007-02-05 2008-08-13 华为技术有限公司 选择用户面算法的方法、系统和设备

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1960374B (zh) * 2006-11-06 2010-08-18 华为技术有限公司 完整性保护算法修改方法及其装置
KR100915589B1 (ko) * 2007-07-12 2009-09-07 엔에이치엔비즈니스플랫폼 주식회사 보안 인증 시스템 및 방법
CN101742498A (zh) * 2009-12-18 2010-06-16 中兴通讯股份有限公司 空口密钥的管理方法和系统

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1571540A (zh) * 2004-04-23 2005-01-26 中兴通讯股份有限公司 协商选择空中接口加密算法的方法
CN101242629A (zh) * 2007-02-05 2008-08-13 华为技术有限公司 选择用户面算法的方法、系统和设备

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2882208A4 (fr) * 2012-07-30 2016-04-13 China Mobile Comm Corp Procédé, appareil, système et dispositif apparenté pour transmission de données

Also Published As

Publication number Publication date
CN102595390B (zh) 2019-04-05
CN102595390A (zh) 2012-07-18

Similar Documents

Publication Publication Date Title
WO2012097620A1 (fr) Procédé de configuration de mode de sécurité et terminal correspondant
EP3329706B1 (fr) Établissement de communications de type machine au moyen d'un paramètre sim partagé
EP2530963B1 (fr) Procédé d'authentification pour un dispositif de communication de type machine, passerelle de communication de type machine et dispositifs associés
JP5523632B2 (ja) WiFi通信実施方法、ユーザ機器、及び無線ルータ
Zhao et al. Secure machine-type communications toward LTE heterogeneous networks
JP7127689B2 (ja) コアネットワーク装置、通信端末、及び通信方法
EP3076695B1 (fr) Procédé et système de transmission sécurisée de petites données de groupe de dispositifs mtc
TWI489901B (zh) 實現用戶設備與外部網路之間通訊之方法及系統
WO2011095002A1 (fr) Procédé et système de transmission de données dans système de communication
WO2011097981A1 (fr) Procédé et système pour la sélection d'un réseau d'accès radio (ran)
WO2012094879A1 (fr) Procédé et système de partage de clé destinés à un serveur de communication de machine à machine (mtc)
WO2012109823A1 (fr) Procédé de contrôle de congestion et système d'équipements de communication de type machine
WO2012075814A1 (fr) Procédé et système permettant une gestion de clés d'application pour des dispositifs de groupe mtc
CN108601093B (zh) 一种无线通信方法及系统
WO2012058965A1 (fr) Procédé et terminal capable d'accéder à un réseau
WO2018113402A1 (fr) Procédé et dispositif d'adjonction à un groupe de nœuds d'accès
CN101577916B (zh) 一种以本地mac模式实现wapi与capwap融合的方法
WO2010124569A1 (fr) Procédé et système permettant un contrôle d'accès utilisateur
WO2014183569A1 (fr) Procédé pour effectuer des communications sécurisées entre des dispositifs de communication de type machine et une entité de réseau
CN202551353U (zh) 一种无线透传终端设备及包括它的无线系统
WO2013139289A1 (fr) Procédé de coordination d'interférence entre des points d'accès dans un système de communication et dispositif de point d'accès
JP6167229B2 (ja) 無線通信システムにおけるエアインタフェースセキュリティアルゴリズムの選択方法及びmme
CN107925874B (zh) 超密集网络安全架构和方法
WO2011127724A1 (fr) Procédé et système de commande des émissions de signalisation ou de données d'un équipement de communication de type machine
EP3986009B1 (fr) Noeud amf et procédé associé

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11856467

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11856467

Country of ref document: EP

Kind code of ref document: A1