WO2013060154A1 - Method and device for updating pws key - Google Patents

Method and device for updating pws key Download PDF

Info

Publication number
WO2013060154A1
WO2013060154A1 PCT/CN2012/077423 CN2012077423W WO2013060154A1 WO 2013060154 A1 WO2013060154 A1 WO 2013060154A1 CN 2012077423 W CN2012077423 W CN 2012077423W WO 2013060154 A1 WO2013060154 A1 WO 2013060154A1
Authority
WO
WIPO (PCT)
Prior art keywords
pws key
pws
key
updated
network side
Prior art date
Application number
PCT/CN2012/077423
Other languages
French (fr)
Chinese (zh)
Inventor
李阳
冯成燕
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2013060154A1 publication Critical patent/WO2013060154A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/90Services for handling of emergency or hazardous situations, e.g. earthquake and tsunami warning systems [ETWS]

Definitions

  • the present invention relates to the field of communications, and in particular to a method and apparatus for updating a public alert system (PWS) key.
  • PWS public alert system
  • 3GPP 3rd Generation Partnership Project
  • PWS Public Alert System
  • CBS Cell Broadcast Service
  • GSM Global System of Mobile communication
  • UMTS Universal Mobile Telecommunications System
  • LTE Long Term Evolution
  • CBS Cell Broadcast Service
  • the functions of each network element are as follows: Cell Broadcast Entity (CBE): A communication network that is not defined by 3GPP.
  • the CBE is responsible for formatting the Cell Broadcast Service (CBS), including dividing the CBS message into different pages.
  • the Cell Broadcast Center (CBC) is a part of the core network and can be connected to multiple CBEs.
  • the CBC is responsible for the management of CBS messages, including: determining the time when the CBS message starts broadcasting; determining the time when the CBS message stops broadcasting, and Instructing each BSC/RNC to stop broadcasting CBS messages; determining a time interval during which CBS messages are repeatedly broadcasted; determining a cell broadcast channel for broadcasting CBS messages, etc.
  • BSC Base The Station Controller
  • RNC Radio Network Controller
  • MME Mobility Management Entity
  • the CBC After receiving the alarm information sent by the CBE, the CBC configures and encapsulates it, and sends it to the BSC (GSM system) and RNC (UMTS system) of the affected area.
  • MME LTE system
  • BSC/RNC/MME forwards it to the base station (GSM system is BTS, UMTS) System is B, LTE systems e B) broadcast to the user.
  • the currently defined CBS services are all sent on the broadcast channel.
  • the broadcast channel does not have any security protection. An attacker can tamper with an alert message, or after receiving an alert message, replay in the same region or at another location at other times, causing unnecessary panic and confusion in the public.
  • 3GPP decided to secure the PWS by introducing a signature algorithm and a key management scheme by using a digital signature field and a timestamp.
  • the terminal When the terminal receives the broadcasted alert message, it will first authenticate the message, and only if the authentication succeeds, it is considered to be a valid alert message.
  • the verifier needs to obtain the signer's key, which is usually a public key and needs to be guaranteed to be valid. That is, for the UE, it is necessary to obtain a signed key.
  • the key In order to ensure the freshness and security of the key, the key generally has an effective life cycle. During this life cycle, the key can be used normally.
  • the present invention provides a method and apparatus for updating a PWS key to at least solve the problem of the technical solution that the PWS key is not updated in the related art.
  • a method of updating a PWS key is provided.
  • the method for updating the PWS key according to the present invention includes: when the preset condition is met, the UE receives the updated PWS key sent by the network side device through the non-access stratum downlink message; the UE adopts the received PWS key.
  • the PWS key information includes a PWS key.
  • the PWS key information further includes an identifier of the PWS key.
  • the method further includes: the UE saves the PWS secret.
  • the ID of the key includes one of the following: the predetermined duration is reached; the network side device receives the key update message sent by the cell broadcast center CBC, where the key update message includes: the updated PWS key and the PWS The identity of the key.
  • the method further includes: the UE receiving the identifier of the updated PWS key sent by the network side device; and determining, by the UE, the saved PWS key Whether the identifier of the received updated PWS key is included in the identifier, if it is included, the update is successful.
  • the manner in which the network side device sends the identifier of the updated PWS key includes: a broadcast message delivery mode.
  • the method when the UE determines whether the identifier of the received PWS key includes the identifier of the received updated PWS key, the method further includes: if the identifier of the PWS key saved by the UE does not include the received update The identifier corresponding to the PWS key, the UE initiates a PWS key update procedure, and requests the updated PWS key to the network side device.
  • the UE initiates a PWS key update process, and the requesting the updated PWS key to the network side device includes: the UE sends a request message for updating the current PWS key to the network side device, where the request message carries the updated PWS The identifier of the key; the UE receives the updated PWS key delivered by the network side device.
  • the method further includes: receiving, by the UE, The PWS message delivered by the network side device, where the PWS message is encrypted by using the updated PWS key.
  • the method further includes: receiving, by the UE, a PWS message sent by the network side device, where the PWS message is an updated PWS key.
  • the key is encrypted; the UE receives the identifier of the updated PWS key sent by the network side device; in the case that the UE fails to authenticate the PWS message by using the current PWS key, the UE sends the updated current PWS to the network side device.
  • the request message of the key wherein the request message carries an identifier of the updated PWS key; the UE receives the updated PWS key delivered by the network side device.
  • the non-access stratum downlink message includes: an advertisement message.
  • the method for updating the PWS key includes: when the preset condition is met, the network side device is triggered to send the updated PWS key; and the network side device sends the updated PWS key to the UE by using the non-access stratum downlink message. So that the UE updates the current PWS key information with the received PWS key, wherein the PWS key information includes a PWS key.
  • the PWS key information further includes an identifier of the PWS key.
  • the method further includes: the UE saves the PWS secret. The ID of the key.
  • the preset condition includes one of the following: the predetermined duration is reached; the network side device receives the key update message sent by the cell broadcast center CBC, where the key update message includes: the updated PWS key and the PWS The identity of the key.
  • the method further includes: sending, by the network side device, an identifier of the updated PWS key.
  • the manner in which the network side device delivers the updated PWS key includes: a broadcast message delivery mode.
  • the method further includes:
  • the updated PWS key sent by the network side device is not included in the identifier of the PWS key saved by the UE, and the UE initiates a PWS key update process, and requests the updated PWS key from the network side device.
  • the UE initiates a PWS key update procedure, and requesting the updated PWS key from the network side device includes: the network side device receives a request message for updating the current PWS key from the UE, where the request message carries an update.
  • the identifier of the PWS key the network side device delivers the updated PWS key.
  • the method further includes: sending, by the network side device, the PWS message Wherein, the PWS message is encrypted using the updated PWS key.
  • the method when the UE uses the received PWS key to update the current PWS key to be abnormal, the method further includes: the network side device sends a PWS message, where the PWS message is encrypted by using the updated PWS key; The network side device sends an identifier of the updated PWS key, where the UE fails to use the current PWS key to authenticate the PWS message, the network side device receives the request message for updating the current PWS key from the UE, where The request message carries an identifier of the updated PWS key; the network side device delivers the updated PWS key.
  • the non-access stratum downlink message includes: an advertisement message.
  • the device for updating the PWS key includes: a first receiving module, configured to receive an updated PWS key sent by the network side device through the non-access stratum downlink message when the preset condition is met; And being configured to update current PWS key information by using the received PWS key, wherein the PWS key information includes a PWS key.
  • the PWS key information further includes an identifier of the PWS key
  • the apparatus further includes: a saving module, configured to save the identifier of the PWS key.
  • the method further includes: a second receiving module, configured to receive an identifier of the updated PWS key sent by the network side device; and a determining module, configured to determine whether the identifier of the saved PWS key includes the received The identifier of the updated PWS key, if included, the update is successful.
  • the method further includes: a sending module, configured to send, to the network side device, a request message for updating the current PWS key, when the output of the determining module is negative or the first receiving module or the updating module performs an operation abnormality, where The request message carries an identifier of the updated PWS key; the third receiving module is configured to receive the updated PWS key delivered by the network side device.
  • the method further includes: a fourth receiving module, configured to receive a PWS message sent by the network side device, where the PWS message is encrypted by using an updated PWS key.
  • a fourth receiving module configured to receive a PWS message sent by the network side device, where the PWS message is encrypted by using an updated PWS key.
  • an apparatus for updating a PWS key is provided.
  • the device for updating the PWS key according to the present invention includes: a triggering module, configured to trigger the network side device to send the updated PWS key when the preset condition is met; and the first sending module is configured to send the downlink message through the non-access stratum
  • the updated PWS key is sent, so that the UE updates the current PWS key information by using the received PWS key, where the PWS key information includes a PWS key.
  • the method further includes: a second sending module, configured to send the identifier of the updated PWS key.
  • the method further includes: a fifth receiving module, configured to receive a request message for updating the current PWS key from the UE, where the request message carries the updated PWS key
  • the third sending module is configured to deliver the updated PWS key.
  • the method further includes: a fourth sending module, configured to send a PWS message, where the PWS message is encrypted by using the updated PWS key.
  • FIG. 1 is a schematic diagram of a network architecture of a PWS in a 3GPP network according to the related art
  • FIG. 2 is a flowchart of a method for updating a PWS key according to a first embodiment of the present invention
  • FIG. 3 is a PWS key according to an example 1 of the present invention.
  • FIG. 4 is a flowchart of a method for updating a PWS key according to Example 2 of the present invention
  • FIG. 5 is a flowchart of a method for updating a PWS key according to Example 3 of the present invention
  • FIG. 6 is a flowchart according to the present invention.
  • FIG. 7 is a flowchart of a method for updating a PWS key according to Embodiment 2 of the present invention
  • FIG. 8 is a flowchart of an apparatus for updating a PWS key according to Embodiment 1 of the present invention
  • FIG. 9 is a block diagram showing a structure of an apparatus for updating a PWS key according to a preferred embodiment of the present invention.
  • FIG. 10 is a block diagram showing a structure of an apparatus for updating a PWS key according to a second embodiment of the present invention.
  • BEST MODE FOR CARRYING OUT THE INVENTION will be described in detail with reference to the accompanying drawings. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict.
  • 2 is a flow chart of a method for updating a PWS key according to a first embodiment of the present invention. As shown in FIG.
  • Step S202 When the preset condition is met, the UE receives the updated PWS key information sent by the network side device by using the non-access stratum downlink message, where The PWS key information includes a PWS key; Step S204: The UE updates the current PWS key by using the received PWS key.
  • the method shown in FIG. 2 is adopted, and when the preset condition is met, the network side device receives the updated PWS key by using the updated PWS key delivered by the non-access stratum downlink message; and adopts the received PWS.
  • the key updates the current PWS key, which solves the problem that the related art lacks the technical solution for updating the PWS key, and realizes the security protection of the PWS by real-time updating of the PWS key.
  • the PWS key information further includes an identifier of the PWS key, and after the UE receives the updated PWS key information sent by the network side device by using the non-access stratum downlink message, the method further includes: the UE saving the PWS key Logo.
  • the non-access stratum downlink message may include, but is not limited to: an announcement message.
  • the foregoing preset condition may include but is not limited to one of the following:
  • the predetermined duration may be preset by using a timer or the like for the usage period of the PWS key;
  • the network side device receives the key update message delivered by the cell broadcast center (CBC), where the key update message includes: the updated PWS key and the identifier of the PWS key.
  • the following processing may also be included:
  • the UE receives an identifier of the updated PWS key delivered by the network side device
  • the UE determines whether the identifier of the stored PWS key includes the identifier of the received updated PWS key, and if yes, the update succeeds.
  • the manner in which the network side device sends the updated PWS key may include, but is not limited to, a broadcast message sending manner.
  • the following processing may be further included: if the PWS secret saved by the UE The identifier of the key does not include the identifier corresponding to the received PWS key, and the UE initiates a PWS key update procedure, and requests the network side device to update the PWS key.
  • the UE initiates a PWS key update procedure, and the requesting the updated PWS key to the network side device may include the following processing: (1) The UE sends a request message for updating the current PWS key to the network side device, where the request message carries The identifier of the updated PWS key; (2) The UE receives the updated PWS key delivered from the network side device.
  • the UE can accurately determine whether the update is successful. If the identifier of the updated PWS key is consistent with the identifier of the received updated PWS key, the update is successful; if the updated PWS key is identified and received If the identifiers of the updated PWS keys are inconsistent, the subsequent operations may be continued.
  • FIG. 3 is a flow chart of a method for updating a PWS key according to Example 1 of the present invention. As shown in FIG. 3, this example shows a process in which a network side device actively sends an updated PWS key to a UE. This flow gives a flow chart of the LTE network, which is similar for the GSM/UMTS network, as long as the MME is replaced by the SGSN.
  • Step S302 The CBC sends a PWS key (key) to be updated to the network side device (for example, the MME) and the The identifier of the PWS key (key id);
  • Step S304 After receiving the delivered key message, the MME saves the key and sends a response message to the CBC.
  • Steps S302 and S304 are an MME trigger.
  • the case of the key update may also include other situations, such as the expiration of the key usage period in the MME, and the subsequent examples are the same;
  • Step S306 The MME prepares to actively send the updated PWS key to the UE.
  • the MME directly sends the NAS layer connection, and then the MME first sends the PWS key information, including the key and the NAS, to the UE.
  • the corresponding key ID may be a notification message (NOTIFICATION) or the like;
  • Step S310 The UE updates the locally saved current key information by using the newly received key information.
  • Step S312 After the MME sends the PWS key information, the interval is separated. After the time, the current PWS key ID is broadcast to the UE through the base station device.
  • the interval may be determined by a specific device by using a timer or other methods, and the interval time is determined by a specific device.
  • Step S314 After receiving the broadcast PWS ID, the UE determines whether the locally saved and the received ones are consistent. Then the PWS key update is successful.
  • Example 2 Figure 4 is a flow chart of a method for updating a PWS key according to Example 2 of the present invention. As shown in FIG. 4, the example shows that the network actively sends an updated PWS key to the terminal, and the UE does not successfully receive the exception handling process. This flow gives a flow chart of the LTE network. It is similar for the GSM/UMTS network, as long as the MME is replaced with the SGSN. The specific steps are as follows: Step S402: The CBC sends a PWS key (key) and an identifier (key id) of the PWS key to the MME.
  • Step S404 After receiving the issued key message, the MME saves the key. Key information, and send a response message to the CBC; Step S406: The MME prepares to actively send the updated PWS key to the UE. If the NAS layer connection of the UE exists in the MME, the PWS key is directly sent; otherwise, the MME first triggers the establishment of the NAS layer connection, and then sends the same; Step S408: The MME sends the PWS key to the UE by using the non-access stratum (NAS layer) message. Information, including the key and the corresponding key ID. For example, the NAS layer message may be an announcement message NOTIFICATION or the like; Step S410: The UE updates the locally saved information using the newly received key.
  • NAS layer may be an announcement message NOTIFICATION or the like.
  • Step S412 After the PGW sends the PWS key information, the MME broadcasts the current PWS key ID to the UE through the base station device.
  • the time interval may be a timer mode, and the interval time is determined by a specific device.
  • Step S414 After receiving the broadcast PWS ID, the UE determines that the local save is inconsistent with the received one, possibly due to step S408 and / or step S410 abnormally caused;
  • Step S416 After the UE is separated for a period of time, the tracking area update message requests to update the PWS key, and the message carries the PWS key id to be requested. If it is a GERAN/UMTS network, the location area or the router is used to update the message.
  • Step S418 After receiving the request message, the network side device sends a corresponding PWS key response message to the UE according to the PWS key id. As can be seen, FIG.
  • FIG. 3 shows a case where the UE successfully updates the current PWS key with the received PWS key in step S204
  • FIG. 4 shows that the UE adopts the received PWS key update in step S204.
  • the current PWS key is abnormal, that is, no update is successful.
  • the following processing may be further included: the UE receives the The PWS message delivered by the network side device, where the PWS message is encrypted by using the updated PWS key.
  • Example 3 is a flow chart of a method for updating a PWS key according to Example 3 of the present invention. As shown in FIG. 5, this embodiment shows that the network actively sends updated PWS key information to the terminal, and the process of receiving the PWS message is received after the PWS key of the UE has not been updated successfully.
  • This flow gives a flow chart of the LTE network. It is similar to the GSMAJMTS network, as long as the MME is replaced by the SGSN.
  • the specific steps are as follows: Step S502: The CBC sends a PWS key (key) and an identifier (key id) of the PWS key to the MME. Step S504: After receiving the issued key message, the MME saves the key.
  • Step S506 The MME prepares to actively send the updated PWS key to the UE. If the NAS layer connection of the UE exists in the MME, the MME directly sends the NAS layer connection, and then the MME first sends the PWS key information to the UE, including the key and the NAS. The corresponding key ID.
  • the NAS layer message may be an advertisement message NOTIFICATION or the like;
  • Step S510 The UE updates the locally saved information by using the newly received key information.
  • Step S512 After the MME sends the PWS key information, after a period of time, The current PWS key ID is broadcast to the UE by the base station device.
  • Step S514 After receiving the broadcast PWS ID, the UE determines that the local save is inconsistent with the received one;
  • Step S516 The UE receives the PWS message sent by the network side, and the PWS message is signed with the latest key. It should be noted that: Step S516 can occur at any time between step S512 and step S518.
  • Step S518 After receiving the PWS message, the UE stops the current processing and starts the process of requesting the PWS key by the UE. It should be noted that: the UE uses the tracking area update message to request to update the PWS key, and the message carries the PWS key id to be requested.
  • Step S520 After receiving the request message, the network side sends the corresponding PWS key to the UE according to the PWS key id.
  • the following processing may also be included:
  • the UE receives the PWS message sent by the network side device, where the PWS message is encrypted by using the updated PWS key;
  • the UE receives the identifier of the updated PWS key sent by the network side device; (3) in the case that the UE fails to authenticate the PWS message by using the current PWS key, the UE sends the update current to the network side device. a request message of the PWS key, where the request message carries an identifier of the updated PWS key;
  • FIG. 6 is a flow chart of a method for updating a PWS key according to Example 4 of the present invention. As shown in FIG. 6, this embodiment shows a process in which the network actively sends updated PWS key information to the terminal, and the UE receives the PWS message without successfully receiving the updated PWS key information.
  • This flow gives a flow chart of the LTE network. It is similar for the GSM/UMTS network, as long as the MME is replaced by the SGSN.
  • the specific steps are as follows: Step S602: The CBC sends a PWS key (key) to be updated and an identifier of the PWS key to the MME.
  • Step S604 After receiving the delivered key message, the MME saves the key information and sends a response message to the CBC.
  • Step S606 The MME prepares to actively send the updated PWS key to the UE. If the NAS layer connection of the UE exists in the MME, the MME directly sends the NAS layer connection, and then the MME first sends the PWS key information, including the key and the NAS, to the UE.
  • the corresponding key ID may be an announcement message NOTIFICATION or the like;
  • Step S610 The UE updates the locally saved information by using the newly received key information.
  • Step S608 An abnormality occurs in step S608 or step S610.
  • an abnormal situation occurs in which the UE does not receive the NAS layer message or the received content is incorrect.
  • Step S612 The UE receives the PWS message sent by the network side, and the PWS message is signed with the latest key.
  • Step S616 can occur at any time between step S608 and step S612.
  • Step S614 After the PGW sends the PWS key information, the MME broadcasts the current PWS key ID to the UE through the base station device. The interval may be in a timer mode, and the interval time is determined by a specific device.
  • Step S616 After receiving the PWS message, the UE stops the current processing and starts the process of requesting the PWS key by the UE. It should be noted that: the UE uses the tracking area update message to request to update the PWS key, and the message carries the PWS key id to be requested. If it is a GERAN/UMTS network, the location area or the router is used to update the message. Step S618: After receiving the request message, the network side sends the corresponding PWS key to the UE according to the PWS key id.
  • FIG. 7 is a flowchart of a method for updating a PWS key according to Embodiment 2 of the present invention. As shown in FIG.
  • Step S702 When a preset condition is met, the network side device is triggered to send updated PWS key information, where the PWS key information includes a PWS key;
  • Step S704 The network side device sends the updated PWS key to the UE by using the non-access stratum downlink message, so that the UE updates the current PWS key by using the received PWS key.
  • the PWS key information includes a PWS key
  • Step S704 The network side device sends the updated PWS key to the UE by using the non-access stratum downlink message, so that the UE updates the current PWS key by using the received PWS key.
  • the network side device when the preset condition is met, the network side device is triggered to send the updated PWS key; the network side device sends the updated PWS key to the UE through the non-access stratum downlink message, so that The UE uses the received PWS key to update the current PWS key, and solves the problem that the related technology does not involve updating the PWS key, and implements the real-time update of the PWS key to strengthen the security protection of the PWS.
  • the PWS key information further includes an identifier of the PWS key, and after the UE receives the updated PWS key information sent by the network side device by using the non-access stratum downlink message, the method further includes: the UE saving the PWS key Logo.
  • the non-access stratum downlink message may include, but is not limited to: an announcement message.
  • the foregoing preset condition may include but is not limited to one of the following:
  • the predetermined duration may be preset by using a timer or other means for the usage period of the PWS key
  • the network side device receives the key update message sent by the cell broadcast center CBC, where the key update message includes: the updated PWS key and the identifier of the PWS key.
  • the method further includes: sending, by the network side device, an identifier of the updated PWS key.
  • the identifier ID of the current PWS key of the UE is consistent with the identifier ID of the PWS key sent by the network side device, it indicates that the UE updates the PWS key successfully.
  • the manner in which the network side device sends the updated PWS key may include, but is not limited to, a broadcast message delivery mode. For further description of the above preferred embodiments, reference may be made to FIG.
  • the method may further include: if the identifier of the PWS key saved by the UE does not include the The updated PWS key, the UE initiates a PWS key update procedure, and requests the updated PWS key from the network side device.
  • the UE initiates a PWS key update procedure, and requesting the updated PWS key from the network side device may include the following processing:
  • the network side device receives the request message for updating the current PWS key from the UE, where the request message carries the identifier of the updated PWS key; (2) the network side device delivers the updated PWS key.
  • the network side device may further include: sending, by the network side device, a PWS message, Among them, the PWS message is encrypted with the updated PWS key.
  • the following processing may also be included:
  • the network side device delivers the PWS message, where the PWS message is encrypted by using the updated PWS key; (2) the identifier of the updated PWS key sent by the network side device;
  • the network side device receives a request message for updating the current PWS key from the UE, where the request message carries the updated PWS key.
  • FIG. 8 is a structural block diagram of an apparatus for updating a PWS key according to Embodiment 1 of the present invention.
  • the device for updating the PWS key may include: a first receiving module 800, configured to receive an updated PWS sent by a network side device through a non-access stratum downlink message when the preset condition is met. Key information, wherein the PWS key information includes a PWS key; and the updating module 802 is configured to update the current PWS key with the received PWS key.
  • the network side device receives the updated PWS key sent by the non-access stratum downlink message, and the first receiving module 800 receives the PWS key.
  • the update module 802 updates the current PWS key by using the received PWS key, thereby solving the problem that the related technology does not involve updating the PWS key, and realizing the security of the PWS by real-time updating of the PWS key. protection.
  • the foregoing apparatus may further include: a saving module 814, configured to save an identifier of the PWS key.
  • the non-access stratum downlink message may include, but is not limited to: an announcement message.
  • the preset condition may include, but is not limited to, one of the following: (1) reaching a predetermined duration; in a specific implementation process, the predetermined duration may be preset by using a timer or the like for the usage period of the PWS key;
  • the network side device receives the key update message delivered by the cell broadcast center (CBC), where the key update message includes: the updated PWS key and the identifier of the PWS key.
  • the foregoing apparatus may further include: a second receiving module 804, configured to receive an identifier of an updated PWS key sent by the network side device; and a determining module 806, configured to determine the saved Whether the identifier of the updated PWS key is included in the identifier of the PWS key, and if included, the update is successful.
  • the manner in which the network side device sends the updated PWS key may include, but is not limited to, a broadcast message sending manner.
  • the foregoing apparatus may further include: a sending module 808, configured to: when the output of the determining module is negative or the operation of the first receiving module or the updating module is abnormal, The network side device sends a request message for updating the current PWS key, where the request message carries an identifier of the updated PWS key; and the third receiving module 810 is configured to receive the device from the network side device.
  • the foregoing apparatus may further include: a fourth receiving module 812, configured to receive a PWS message sent by the network side device, where the PWS message is encrypted by using an updated PWS key. of.
  • the device may decrypt the PWS by using the updated key. If the first receiving module 800 or the updating module 802 works abnormally, and the updating module 802 does not update the PWS key, the PWS message sent by the network receiving device received by the fourth receiving module 812 needs to be in the following two manners.
  • mode 1 if the fourth receiving module 812 receives the PWS message sent from the network side device, and before the second receiving module 804 receives the identifier of the updated PWS key sent by the network side device, The determining module 806 stops working, and the sending module 808 sends a request message for updating the current PWS key to the network side device, and the third receiving module 810 receives the updated PWS key sent by the network side device.
  • FIG. 10 is a structural block diagram of an apparatus for updating a PWS key according to Embodiment 2 of the present invention. As shown in FIG.
  • the device for updating the PWS key may include: a triggering module 1000, configured to trigger the network side device to send updated PWS key information when the preset condition is met, where the PWS key information includes The first sending module 1002 is configured to send the updated PWS key through the non-access stratum downlink message, so that the UE updates the current PWS key by using the received PWS key.
  • the triggering module 1000 triggers the network side device to send the updated PWS key; the first sending module 1002 sends the downlink message through the non-access stratum.
  • the updated PWS key is used to enable the UE to update the current PWS key by using the received PWS key, thereby solving the problem that the related technology does not involve updating the PWS key, and realizing the real-time update by the PWS key.
  • the foregoing non-access stratum downlink message may include, but is not limited to: an advertisement message.
  • the foregoing preset condition may include but is not limited to one of the following:
  • the network side device receives the key update message delivered by the cell broadcast center (CBC), where the key update message includes: the updated PWS key and the identifier of the PWS key.
  • the foregoing apparatus may further include: a second sending module 1004, configured to send an identifier of the updated PWS key.
  • the manner in which the network side device sends the updated PWS key may include, but is not limited to, a broadcast message sending manner.
  • FIG. 11 the manner in which the network side device sends the updated PWS key may include, but is not limited to, a broadcast message sending manner.
  • the apparatus may further include: a fifth receiving module 1006, configured to receive a request message from the UE for updating a current PWS key, where the request message carries an updated PWS key
  • the third sending module 1008 is configured to deliver the updated PWS key.
  • the foregoing apparatus may further include: a fourth sending module 1010, configured to send
  • a PWS message wherein the PWS message is encrypted using an updated PWS key.
  • the PWS message sent by the fourth sending module 1010 may be sent by the first sending module 1002 to send an updated PWS key through the non-access stratum downlink message, and the fifth receiving module 1006 receives the update from the UE. Any moment between the request message of the current PWS key. From the above description, it can be seen that the present invention achieves the following technical effects: Before the current PWS key usage period expires, the current PWS key is updated, and the new PWS key can be successfully enabled, and the solution is solved.
  • the related art does not address the problem of how to update the PWS key, thereby achieving the effect of enhancing the security protection of the PWS by real-time updating of the PWS key.
  • modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices.
  • they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein.
  • the steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps are fabricated as a single integrated circuit module.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Environmental & Geological Engineering (AREA)
  • Public Health (AREA)
  • Emergency Management (AREA)
  • Health & Medical Sciences (AREA)
  • Business, Economics & Management (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Disclosed in the present invention are a method and device for updating Public Warning System (PWS) key。 According to the said method,when a preset condition is satisfied, UE receives updated PWS key from a network side device via a downlink NAS message; UE updates the current PWS key with the received PWS key. According to the technical solution provided by the present invention, the PWS security protection is enhanced by updating the PWS key in real time.

Description

PWS密钥的更新方法及装置 技术领域 本发明涉及通信领域,具体而言,涉及一种公共警报系统(Public Warning System, 简称为 PWS) 密钥的更新方法及装置。 背景技术 为了使用户能及时准确地接收到关于灾难和其它紧急情况的警报、 警告和关键信 息, 第三代合作伙伴计划(3rd Generation Partnership Project, 简称为 3GPP)定义了公 共警报系统 (PWS) 业务。 在遭遇例如地震、 海啸、 飓风和野外火灾等灾难时, 该业 务可以使得公众能采取合适的行动以保护他们自己及其家人不受重伤或死亡, 或遭受 重大财产损失。  TECHNICAL FIELD The present invention relates to the field of communications, and in particular to a method and apparatus for updating a public alert system (PWS) key. BACKGROUND OF THE INVENTION In order to enable users to receive timely, accurate and accurate alerts, warnings and critical information about disasters and other emergencies, the 3rd Generation Partnership Project (3GPP) defines the Public Alert System (PWS) service. . In the event of disasters such as earthquakes, tsunamis, hurricanes and wildfires, the business can enable the public to take appropriate action to protect themselves and their families from serious injury or death, or to suffer significant property damage.
3GPP 定义的不同的通信网络, 如全球移动通信系统 (Global System of Mobile communication, 简称为 GSM )、 通用移动通信系统 ( Universal Mobile Telecommunications System, 简称为 UMTS) 和长期演进 (Long Term Evolution, 简称 为 LTE)均支持 PWS业务,并规定 PWS业务采用小区广播业务(Cell Broadcast Service, 简称为 CBS) 来承载发送。 其架构如图 1所示, 各网元的功能如下说明: 小区广播实体 (Cell Broadcast Entity, 简称为 CBE): 不属于 3GPP定义的通信网 络。 CBE负责对小区广播业务(Cell Broadcast Service, 简称为 CBS)进行格式化, 包 括将 CBS消息划分到不同的页面。 小区广播中心(Cell Broadcast Center, 简称为 CBC 属于核心网络的一部分, 可 以与多个 CBE相连。 CBC负责 CBS消息的管理, 包括: 确定 CBS消息开始广播的时 间; 确定 CBS消息停止广播的时间, 且指示每一个 BSC/RNC停止广播 CBS消息; 确 定 CBS消息被重复广播的时间间隔;确定广播 CBS消息的小区广播信道等。对于 GSM 网络来说, CBC与位于无线接入网络的基站控制器 (Base Station Controller, 简称为 BSC) 相连; 对于 UMTS系统来说, CBC通过 Iu接口与位于无线接入网络的无线网 络控制器 (Radio Network Controller, 简称为 RNC) 相连; 对于 LTE系统来说, CBC 与核心网的移动性管理实体(Mobility Management Entity, 简称为 MME)相连。 CBC 接收到 CBE发送的警报信息后, 进行配置和封装, 发送给受影响区域的 BSC (GSM 系统)、 RNC (UMTS系统)、 MME (LTE系统), BSC/RNC/MME再将其转发给基站 (GSM系统为 BTS、 UMTS系统为 B, LTE系统为 e B) 广播给用户。 目前定义的 CBS 业务均是在广播信道上发送的。 而目前广播信道无任何安全保 护。 攻击者可以篡改警报消息, 或者接收到警报消息后, 在其它时间在同一地区或不 同地区进行重放, 从而在公众中造成不必要的恐慌和混乱。为了防止这种情况的出现, 3GPP决定对 PWS进行安全保护, 即通过使用数字签名字段和时间戳的方法, 引入签 名算法和密钥管理方案。 终端收到广播的警报消息后, 会首先对该消息进行认证, 仅 当认证成功通过, 才确信其为一个有效的警报消息。 对于任何基于签名的认证方案, 验证方需要获得签名方的密钥, 通常该密钥为一 公钥, 并且需要确保该密钥是有效的。 即对于 UE来说, 则需要获得签名的密钥。 同 时, 网络为了保证密钥的新鲜性和安全性, 密钥一般有一个有效的生命周期。 在该生 命周期内, 密钥可以被正常使用。 在密钥到期前, 网络需要对该密钥进行更新, 并成 功启用新的密钥。 在当前的 3GPP规范中, 还缺乏对 PWS密钥进行更新的技术方案。 发明内容 本发明提供了一种 PWS密钥的更新方法及装置,以至少解决相关技术中还缺乏对 PWS密钥进行更新的技术方案的问题。 根据本发明的一个方面, 提供了一种 PWS密钥的更新方法。 根据本发明的 PWS密钥的更新方法包括: 在满足预设条件时, UE接收来自于 网络侧设备通过非接入层下行消息下发的更新的 PWS密钥; UE采用接收到的 PWS 密钥更新当前的 PWS密钥信息, 其中, 所述 PWS密钥信息包括 PWS密钥。 在上述方法中, PWS密钥信息还包括 PWS密钥的标识, 在 UE接收来自于网络 侧设备通过非接入层下行消息下发的更新的 PWS密钥信息之后,还包括: UE保存 PWS 密钥的标识。 在上述方法中, 预设条件包括以下之一: 达到预定时长; 网络侧设备接收到小区 广播中心 CBC下发的密钥更新消息, 其中, 密钥更新消息包括: 更新的 PWS密钥以 及该 PWS密钥的标识。 在上述方法中, 在 UE采用接收到的 PWS密钥更新当前的 PWS密钥之后, 还包 括: UE接收来自于网络侧设备下发的更新的 PWS密钥的标识; UE判断保存的 PWS 密钥的标识中是否包括接收到的更新的 PWS密钥的标识, 如果包括, 则更新成功。 在上述方法中, 网络侧设备下发更新的 PWS密钥的标识的方式包括:广播消息下 发方式。 在上述方法中, 在 UE判断保存的 PWS密钥的标识中是否包括接收到的更新的 PWS密钥的标识时, 还包括: 如果 UE保存的 PWS密钥的标识中未包括接收到的更 新的 PWS密钥对应的标识, 则 UE发起 PWS密钥更新流程, 向网络侧设备请求更新 的 PWS密钥。 在上述方法中, UE发起 PWS密钥更新流程, 向网络侧设备请求更新的 PWS密 钥包括: UE向网络侧设备发送更新当前的 PWS密钥的请求消息, 其中, 请求消息携 带有更新的 PWS密钥的标识; UE接收来自于网络侧设备下发的更新的 PWS密钥。 在上述方法中,在 UE接收来自于网络侧设备下发的更新的 PWS密钥的标识之后, 在 UE向网络侧设备发送更新当前的 PWS密钥的请求消息之前, 还包括: UE接收来 自于网络侧设备下发的 PWS消息, 其中, PWS消息是采用更新的 PWS密钥进行加密 的。 在上述方法中,在 UE采用接收到的 PWS密钥更新当前的 PWS密钥发生异常时, 还包括: UE接收来自于网络侧设备下发的 PWS消息, 其中, PWS消息是采用更新的 PWS密钥进行加密的; UE接收来自于网络侧设备下发的更新的 PWS密钥的标识; 在 UE采用当前的 PWS密钥对 PWS消息认证失败的情况下, UE向网络侧设备发送更新 当前的 PWS密钥的请求消息, 其中, 请求消息携带有更新的 PWS密钥的标识; UE 接收来自于网络侧设备下发的更新的 PWS密钥。 在上述方法中, 非接入层下行消息包括: 通告消息。 根据本发明的另一个方面, 提供了一种 PWS密钥的更新方法。 根据本发明的 PWS密钥的更新方法包括:在满足预设条件时, 网络侧设备被触发 发送更新的 PWS密钥; 网络侧设备通过非接入层下行消息向 UE下发更新的 PWS密 钥, 以使 UE采用接收到的 PWS密钥更新当前的 PWS密钥信息, 其中, 所述 PWS 密钥信息包括 PWS密钥。 在上述方法中, PWS密钥信息还包括 PWS密钥的标识, 在 UE接收来自于网络 侧设备通过非接入层下行消息下发的更新的 PWS密钥信息之后,还包括: UE保存 PWS 密钥的标识。 在上述方法中, 预设条件包括以下之一: 达到预定时长; 网络侧设备接收到小区 广播中心 CBC下发的密钥更新消息, 其中, 密钥更新消息包括: 更新的 PWS密钥以 及该 PWS密钥的标识。 在上述方法中, 在 UE采用接收到的 PWS密钥更新当前的 PWS密钥之后, 还包 括: 网络侧设备下发更新的 PWS密钥的标识。 在上述方法中, 网络侧设备下发更新的 PWS密钥的标识方式包括:广播消息下发 方式。 在上述方法中, 在网络侧设备下发更新的 PWS 密钥的标识之后, 还包括: 如果Different communication networks defined by 3GPP, such as Global System of Mobile communication (GSM), Universal Mobile Telecommunications System (UMTS), and Long Term Evolution (LTE) Both support PWS services, and stipulate that the PWS service uses Cell Broadcast Service (CBS) to carry and transmit. The architecture is as shown in Figure 1. The functions of each network element are as follows: Cell Broadcast Entity (CBE): A communication network that is not defined by 3GPP. The CBE is responsible for formatting the Cell Broadcast Service (CBS), including dividing the CBS message into different pages. The Cell Broadcast Center (CBC) is a part of the core network and can be connected to multiple CBEs. The CBC is responsible for the management of CBS messages, including: determining the time when the CBS message starts broadcasting; determining the time when the CBS message stops broadcasting, and Instructing each BSC/RNC to stop broadcasting CBS messages; determining a time interval during which CBS messages are repeatedly broadcasted; determining a cell broadcast channel for broadcasting CBS messages, etc. For GSM networks, CBC and base station controllers located in the radio access network (Base The Station Controller (BSC) is connected; for the UMTS system, the CBC is connected to the Radio Network Controller (RNC) located in the radio access network through the Iu interface; for the LTE system, the CBC and the core The Mobility Management Entity (MME) is connected to the network. After receiving the alarm information sent by the CBE, the CBC configures and encapsulates it, and sends it to the BSC (GSM system) and RNC (UMTS system) of the affected area. MME (LTE system), BSC/RNC/MME forwards it to the base station (GSM system is BTS, UMTS) System is B, LTE systems e B) broadcast to the user. The currently defined CBS services are all sent on the broadcast channel. Currently, the broadcast channel does not have any security protection. An attacker can tamper with an alert message, or after receiving an alert message, replay in the same region or at another location at other times, causing unnecessary panic and confusion in the public. In order to prevent this from happening, 3GPP decided to secure the PWS by introducing a signature algorithm and a key management scheme by using a digital signature field and a timestamp. When the terminal receives the broadcasted alert message, it will first authenticate the message, and only if the authentication succeeds, it is considered to be a valid alert message. For any signature-based authentication scheme, the verifier needs to obtain the signer's key, which is usually a public key and needs to be guaranteed to be valid. That is, for the UE, it is necessary to obtain a signed key. At the same time, in order to ensure the freshness and security of the key, the key generally has an effective life cycle. During this life cycle, the key can be used normally. Before the key expires, the network needs to update the key and successfully enable the new key. In the current 3GPP specifications, there is also a lack of technical solutions for updating PWS keys. SUMMARY OF THE INVENTION The present invention provides a method and apparatus for updating a PWS key to at least solve the problem of the technical solution that the PWS key is not updated in the related art. According to an aspect of the present invention, a method of updating a PWS key is provided. The method for updating the PWS key according to the present invention includes: when the preset condition is met, the UE receives the updated PWS key sent by the network side device through the non-access stratum downlink message; the UE adopts the received PWS key. Updating current PWS key information, wherein the PWS key information includes a PWS key. In the above method, the PWS key information further includes an identifier of the PWS key. After the UE receives the updated PWS key information sent by the network side device from the non-access stratum downlink message, the method further includes: the UE saves the PWS secret. The ID of the key. In the above method, the preset condition includes one of the following: the predetermined duration is reached; the network side device receives the key update message sent by the cell broadcast center CBC, where the key update message includes: the updated PWS key and the PWS The identity of the key. In the above method, after the UE updates the current PWS key by using the received PWS key, the method further includes: the UE receiving the identifier of the updated PWS key sent by the network side device; and determining, by the UE, the saved PWS key Whether the identifier of the received updated PWS key is included in the identifier, if it is included, the update is successful. In the above method, the manner in which the network side device sends the identifier of the updated PWS key includes: a broadcast message delivery mode. In the above method, when the UE determines whether the identifier of the received PWS key includes the identifier of the received updated PWS key, the method further includes: if the identifier of the PWS key saved by the UE does not include the received update The identifier corresponding to the PWS key, the UE initiates a PWS key update procedure, and requests the updated PWS key to the network side device. In the above method, the UE initiates a PWS key update process, and the requesting the updated PWS key to the network side device includes: the UE sends a request message for updating the current PWS key to the network side device, where the request message carries the updated PWS The identifier of the key; the UE receives the updated PWS key delivered by the network side device. In the foregoing method, after the UE receives the identifier of the updated PWS key sent by the network side device, before the UE sends the request message for updating the current PWS key to the network side device, the method further includes: receiving, by the UE, The PWS message delivered by the network side device, where the PWS message is encrypted by using the updated PWS key. In the above method, when the UE uses the received PWS key to update the current PWS key to generate an abnormality, the method further includes: receiving, by the UE, a PWS message sent by the network side device, where the PWS message is an updated PWS key. The key is encrypted; the UE receives the identifier of the updated PWS key sent by the network side device; in the case that the UE fails to authenticate the PWS message by using the current PWS key, the UE sends the updated current PWS to the network side device. The request message of the key, wherein the request message carries an identifier of the updated PWS key; the UE receives the updated PWS key delivered by the network side device. In the above method, the non-access stratum downlink message includes: an advertisement message. According to another aspect of the present invention, a method of updating a PWS key is provided. The method for updating the PWS key according to the present invention includes: when the preset condition is met, the network side device is triggered to send the updated PWS key; and the network side device sends the updated PWS key to the UE by using the non-access stratum downlink message. So that the UE updates the current PWS key information with the received PWS key, wherein the PWS key information includes a PWS key. In the above method, the PWS key information further includes an identifier of the PWS key. After the UE receives the updated PWS key information sent by the network side device from the non-access stratum downlink message, the method further includes: the UE saves the PWS secret. The ID of the key. In the above method, the preset condition includes one of the following: the predetermined duration is reached; the network side device receives the key update message sent by the cell broadcast center CBC, where the key update message includes: the updated PWS key and the PWS The identity of the key. In the above method, after the UE updates the current PWS key by using the received PWS key, the method further includes: sending, by the network side device, an identifier of the updated PWS key. In the above method, the manner in which the network side device delivers the updated PWS key includes: a broadcast message delivery mode. In the foregoing method, after the identifier of the updated PWS key is sent by the network side device, the method further includes:
UE保存的 PWS密钥的标识中未包括网络侧设备下发的更新的 PWS密钥, UE发起 PWS密钥更新流程, 向网络侧设备请求更新的 PWS密钥。 在上述方法中, UE发起 PWS密钥更新流程, 向网络侧设备请求更新的 PWS密 钥包括: 网络侧设备接收来自于 UE的更新当前的 PWS密钥的请求消息, 其中, 请求 消息携带有更新的 PWS密钥的标识; 网络侧设备下发更新的 PWS密钥。 在上述方法中,在网络侧设备下发更新的 PWS密钥的标识之后,在网络侧设备接 收来自于 UE的更新当前的 PWS密钥的请求消息之前,还包括: 网络侧设备下发 PWS 消息, 其中, PWS消息是采用更新的 PWS密钥进行加密的。 在上述方法中,在 UE采用接收到的 PWS密钥更新当前的 PWS密钥发生异常时, 还包括: 网络侧设备下发 PWS消息, 其中, PWS消息是采用更新的 PWS密钥进行加 密的; 网络侧设备下发更新的 PWS密钥的标识; 在 UE采用当前的 PWS密钥对 PWS 消息认证失败的情况下,网络侧设备接收来自于 UE的更新当前的 PWS密钥的请求消 息, 其中, 请求消息携带有更新的 PWS密钥的标识; 网络侧设备下发更新的 PWS密 钥。 在上述方法中, 非接入层下行消息包括: 通告消息。 根据本发明的又一方面, 提供了一种 PWS密钥的更新装置。 根据本发明的 PWS密钥的更新装置包括:第一接收模块,设置为在满足预设条件 时,接收来自于网络侧设备通过非接入层下行消息下发的更新的 PWS密钥;更新模块, 设置为采用接收到的 PWS密钥更新当前的 PWS密钥信息, 其中, 所述 PWS密钥信 息包括 PWS密钥。 在上述装置中, PWS密钥信息还包括 PWS密钥的标识, 装置还包括: 保存模块, 设置为保存 PWS密钥的标识。 在上述装置中, 还包括: 第二接收模块, 设置为接收来自于网络侧设备下发的更 新的 PWS密钥的标识; 判断模块, 设置为判断保存的 PWS密钥的标识中是否包括接 收到的更新的 PWS密钥的标识, 如果包括, 则更新成功。 在上述装置中, 还包括: 发送模块, 设置为在判断模块输出为否或者第一接收模 块或者更新模块执行操作发生异常时,向网络侧设备发送更新当前的 PWS密钥的请求 消息, 其中, 请求消息携带有更新的 PWS密钥的标识; 第三接收模块, 设置为接收来 自于网络侧设备下发的更新的 PWS密钥。 在上述装置中,还包括:第四接收模块,设置为接收来自于网络侧设备下发的 PWS 消息, 其中, PWS消息是采用更新的 PWS密钥进行加密的。 根据本发明的再一方面, 提供了一种 PWS密钥的更新装置。 根据本发明的 PWS密钥的更新装置包括: 触发模块, 设置为在满足预设条件时, 触发网络侧设备发送更新的 PWS密钥;第一下发模块,设置为通过非接入层下行消息 下发更新的 PWS密钥, 以使 UE采用接收到的 PWS密钥更新当前的 PWS密钥信息, 其中, 所述 PWS密钥信息包括 PWS密钥。 在上述装置中,还包括:第二下发模块,设置为下发所述更新的 PWS密钥的标识。 在上述装置中, 还包括: 第五接收模块, 设置为接收来自于所述 UE的更新所述 当前的 PWS密钥的请求消息, 其中, 所述请求消息携带有所述更新的 PWS密钥的标 识; 第三下发模块, 设置为下发所述更新的 PWS密钥。 在上述装置中, 还包括: 第四下发模块, 设置为下发 PWS消息, 其中, 所述 PWS 消息是采用所述更新的 PWS密钥进行加密的。 通过本发明, 在当前 PWS密钥的使用周期到期之前, 对当前的 PWS密钥进行更 新, 可以成功启用新的 PWS密钥, 解决了相关技术中还缺乏对 PWS密钥进行更新的 技术方案的问题, 进而达到了通过 PWS密钥的实时更新加强对 PWS的安全保护的效 The updated PWS key sent by the network side device is not included in the identifier of the PWS key saved by the UE, and the UE initiates a PWS key update process, and requests the updated PWS key from the network side device. In the above method, the UE initiates a PWS key update procedure, and requesting the updated PWS key from the network side device includes: the network side device receives a request message for updating the current PWS key from the UE, where the request message carries an update. The identifier of the PWS key; the network side device delivers the updated PWS key. In the above method, after the network side device sends the identifier of the updated PWS key, before the network side device receives the request message for updating the current PWS key from the UE, the method further includes: sending, by the network side device, the PWS message Wherein, the PWS message is encrypted using the updated PWS key. In the above method, when the UE uses the received PWS key to update the current PWS key to be abnormal, the method further includes: the network side device sends a PWS message, where the PWS message is encrypted by using the updated PWS key; The network side device sends an identifier of the updated PWS key, where the UE fails to use the current PWS key to authenticate the PWS message, the network side device receives the request message for updating the current PWS key from the UE, where The request message carries an identifier of the updated PWS key; the network side device delivers the updated PWS key. In the above method, the non-access stratum downlink message includes: an advertisement message. According to still another aspect of the present invention, an apparatus for updating a PWS key is provided. The device for updating the PWS key according to the present invention includes: a first receiving module, configured to receive an updated PWS key sent by the network side device through the non-access stratum downlink message when the preset condition is met; And being configured to update current PWS key information by using the received PWS key, wherein the PWS key information includes a PWS key. In the above apparatus, the PWS key information further includes an identifier of the PWS key, and the apparatus further includes: a saving module, configured to save the identifier of the PWS key. In the above apparatus, the method further includes: a second receiving module, configured to receive an identifier of the updated PWS key sent by the network side device; and a determining module, configured to determine whether the identifier of the saved PWS key includes the received The identifier of the updated PWS key, if included, the update is successful. In the above apparatus, the method further includes: a sending module, configured to send, to the network side device, a request message for updating the current PWS key, when the output of the determining module is negative or the first receiving module or the updating module performs an operation abnormality, where The request message carries an identifier of the updated PWS key; the third receiving module is configured to receive the updated PWS key delivered by the network side device. In the above apparatus, the method further includes: a fourth receiving module, configured to receive a PWS message sent by the network side device, where the PWS message is encrypted by using an updated PWS key. According to still another aspect of the present invention, an apparatus for updating a PWS key is provided. The device for updating the PWS key according to the present invention includes: a triggering module, configured to trigger the network side device to send the updated PWS key when the preset condition is met; and the first sending module is configured to send the downlink message through the non-access stratum The updated PWS key is sent, so that the UE updates the current PWS key information by using the received PWS key, where the PWS key information includes a PWS key. In the above apparatus, the method further includes: a second sending module, configured to send the identifier of the updated PWS key. In the above apparatus, the method further includes: a fifth receiving module, configured to receive a request message for updating the current PWS key from the UE, where the request message carries the updated PWS key The third sending module is configured to deliver the updated PWS key. In the above apparatus, the method further includes: a fourth sending module, configured to send a PWS message, where the PWS message is encrypted by using the updated PWS key. With the present invention, the current PWS key is updated before the current PWS key usage period expires, and the new PWS key can be successfully enabled, which solves the technical solution that the PWS key is not updated in the related art. The problem, which in turn achieves the effectiveness of PWS security protection through real-time updates of PWS keys.
附图说明 此处所说明的附图用来提供对本发明的进一步理解, 构成本申请的一部分, 本发 明的示意性实施例及其说明用于解释本发明, 并不构成对本发明的不当限定。 在附图 中: 图 1是根据相关技术的 PWS在 3GPP网络中的网络架构示意图; 图 2是根据本发明实施例一的 PWS密钥的更新方法的流程图; 图 3是根据本发明实例一的 PWS密钥的更新方法的流程图; 图 4是根据本发明实例二的 PWS密钥的更新方法的流程图; 图 5是根据本发明实例三的 PWS密钥的更新方法的流程图; 图 6是根据本发明实例四的 PWS密钥的更新方法的流程图; 图 7是根据本发明实施例二的 PWS密钥的更新方法的流程图; 图 8是根据本发明实施例一的 PWS密钥的更新装置的结构框图; 图 9是根据本发明优选实施例一的 PWS密钥的更新装置的结构框图; 图 10是根据本发明实施例二的 PWS密钥的更新装置的结构框图; 以及 图 11是根据本发明优选实施例二的 PWS密钥的更新装置的结构框图。 具体实施方式 下文中将参考附图并结合实施例来详细说明本发明。 需要说明的是, 在不冲突的 情况下, 本申请中的实施例及实施例中的特征可以相互组合。 图 2是根据本发明实施例一的 PWS密钥的更新方法的流程图。如图 2所示,该方 法主要包括以下处理: 步骤 S202: 在满足预设条件时, UE接收来自于网络侧设备通过非接入层下行消 息下发的更新的 PWS密钥信息, 其中, 所述 PWS密钥信息包括 PWS密钥; 步骤 S204: UE采用接收到的 PWS密钥更新当前的 PWS密钥。 相关技术中, 目前还没有涉及如何对 PWS密钥进行更新的方法。采用了图 2所示 的方法, 在满足预设条件时, 网络侧设备通过非接入层下行消息下发的更新的 PWS 密钥, UE接收该更新的 PWS密钥;并采用接收到的 PWS密钥更新当前的 PWS密钥, 解决了相关技术中还缺乏对 PWS密钥进行更新的技术方案的问题, 实现了通过 PWS 密钥的实时更新加强对 PWS的安全保护。 优选地, PWS密钥信息还包括 PWS密钥的标识, 在 UE接收来自于网络侧设备 通过非接入层下行消息下发的更新的 PWS密钥信息之后, 还包括: UE保存 PWS密 钥的标识。 优选地, 上述非接入层下行消息可以包括但不限于: 通告消息。 优选地, 上述预设条件可以包括但不限于以下之一: BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are set to illustrate,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, In the drawing: 1 is a schematic diagram of a network architecture of a PWS in a 3GPP network according to the related art; FIG. 2 is a flowchart of a method for updating a PWS key according to a first embodiment of the present invention; FIG. 3 is a PWS key according to an example 1 of the present invention. FIG. 4 is a flowchart of a method for updating a PWS key according to Example 2 of the present invention; FIG. 5 is a flowchart of a method for updating a PWS key according to Example 3 of the present invention; FIG. 6 is a flowchart according to the present invention. FIG. 7 is a flowchart of a method for updating a PWS key according to Embodiment 2 of the present invention; FIG. 8 is a flowchart of an apparatus for updating a PWS key according to Embodiment 1 of the present invention; FIG. 9 is a block diagram showing a structure of an apparatus for updating a PWS key according to a preferred embodiment of the present invention; FIG. 10 is a block diagram showing a structure of an apparatus for updating a PWS key according to a second embodiment of the present invention; A block diagram of a device for updating a PWS key of a preferred embodiment 2 of the present invention. BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, the present invention will be described in detail with reference to the accompanying drawings. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict. 2 is a flow chart of a method for updating a PWS key according to a first embodiment of the present invention. As shown in FIG. 2, the method mainly includes the following processes: Step S202: When the preset condition is met, the UE receives the updated PWS key information sent by the network side device by using the non-access stratum downlink message, where The PWS key information includes a PWS key; Step S204: The UE updates the current PWS key by using the received PWS key. In the related art, there is currently no method for how to update the PWS key. The method shown in FIG. 2 is adopted, and when the preset condition is met, the network side device receives the updated PWS key by using the updated PWS key delivered by the non-access stratum downlink message; and adopts the received PWS. The key updates the current PWS key, which solves the problem that the related art lacks the technical solution for updating the PWS key, and realizes the security protection of the PWS by real-time updating of the PWS key. Preferably, the PWS key information further includes an identifier of the PWS key, and after the UE receives the updated PWS key information sent by the network side device by using the non-access stratum downlink message, the method further includes: the UE saving the PWS key Logo. Preferably, the non-access stratum downlink message may include, but is not limited to: an announcement message. Preferably, the foregoing preset condition may include but is not limited to one of the following:
( 1 ) 达到预定时长; 在具体实施过程中,预定时长可以采用定时器等方式对 PWS密钥的使用周期预先 进行设定; (1) reaching a predetermined duration; in a specific implementation process, the predetermined duration may be preset by using a timer or the like for the usage period of the PWS key;
( 2 ) 网络侧设备接收到小区广播中心(CBC )下发的密钥更新消息, 其中, 密钥 更新消息包括: 更新的 PWS密钥以及该 PWS密钥的标识。 优选地, 在 UE采用接收到的 PWS密钥更新当前的 PWS密钥之后, 还可以包括 以下处理: (2) The network side device receives the key update message delivered by the cell broadcast center (CBC), where the key update message includes: the updated PWS key and the identifier of the PWS key. Preferably, after the UE updates the current PWS key by using the received PWS key, the following processing may also be included:
( 1 ) UE接收来自于网络侧设备下发的更新的 PWS密钥的标识; (1) The UE receives an identifier of the updated PWS key delivered by the network side device;
( 2 ) UE判断保存的所述 PWS密钥的标识中是否包括接收到的更新的 PWS密钥 的标识是否一致, 如果包括, 则更新成功。 优选地, 网络侧设备下发更新的 PWS密钥的标识方式可以包括但不限于:广播消 息发送方式。 优选地,在所述 UE判断所述保存的 PWS密钥的标识中是否包括接收到的所述更 新的 PWS密钥的标识时, 还可以包括以下处理: 如果所述 UE保存的所述 PWS密钥的标识中未包括接收到的所述更新的 PWS密 钥对应的标识, 则所述 UE发起 PWS密钥更新流程, 向所述网络侧设备请求更新的 PWS密钥。 优选地, UE发起 PWS密钥更新流程, 向网络侧设备请求更新的 PWS密钥可以 包括以下处理: ( 1 ) UE 向网络侧设备发送更新当前的 PWS密钥的请求消息, 其中, 请求消息 携带有更新的 PWS密钥的标识; ( 2 ) UE接收来自于网络侧设备下发的更新的 PWS密钥。 通过上述处理, UE可以准确地确定更新是否成功, 如果更新后的 PWS密钥的标 识与接收到的更新的 PWS密钥的标识一致, 则更新成功; 如果更新后的 PWS密钥的 标识与接收到的更新的 PWS密钥的标识不一致, 则可以继续后续操作, 例如, 继续请 求网络侧设备下发更新的密钥, 之后继续执行更新操作, 从而确保更新成功。 下面结合图 3和图 4的实例进一步描述上述优选实施方式。 实例一: 图 3是根据本发明实例一的 PWS密钥的更新方法的流程图。如图 3所示,该实例 示出了网络侧设备主动向 UE下发更新的 PWS密钥的过程。 本流程给出的是 LTE网 络的流程图, 对于 GSM/UMTS网络是类似的, 只要把 MME换成 SGSN即可。 该流 程中, UE成功收到了网络侧下发的更新的密钥信息, 具体步骤说明如下: 步骤 S302: CBC向网络侧设备 (例如, MME)下发需要更新的 PWS密钥 (key) 和该 PWS密钥的标识 (key id) ; 步骤 S304: MME接收到下发的密钥消息后, 保存该密钥, 并向 CBC发送响应消 息; 需要说明的是: 步骤 S302和 S304是一种 MME触发密钥更新的情况, 也可以包 括其他情况, 比如 MME中密钥使用周期到期等, 后面的实例与此相同; 步骤 S306: MME准备主动向 UE下发更新的 PWS密钥。如果 MME中 UE的 NAS 层连接存在, 则直接下发; 否则, MME首先触发建立 NAS层连接, 然后在下发; 步骤 S308 : MME使用 NAS层消息向 UE下发 PWS密钥信息, 包括密钥和对应 的密钥 ID。 所述 NAS层消息可以是通告消息 (NOTIFICATION) 等; 步骤 S310: UE使用新收到的密钥信息更新本地保存的当前密钥信息; 步骤 S312: MME下发完 PWS密钥信息后, 间隔一段时间后, 通过基站设备向 UE广播当前的 PWS密钥 ID。所述间隔一段时间可以采用定时器或其他方式, 以及间 隔时间等由具体设备实现来定; 步骤 S314: UE收到广播的 PWS ID后, 判断本地保存的与收到的是否一致, 如 果一致, 则说明 PWS密钥更新成功。 实例二: 图 4是根据本发明实例二的 PWS密钥的更新方法的流程图。如图 4所示,该实例 示出了网络主动向终端下发更新的 PWS密钥, 而 UE没有成功接收的异常处理过程。 本流程给出的是 LTE网络的流程图, 对于 GSM/UMTS网络是类似的, 只要把 MME 换成 SGSN即可。 具体步骤说明如下: 步骤 S402: CBC向 MME下发需要更新的 PWS密钥 (key) 和该 PWS密钥的标 识 (key id) ; 步骤 S404: MME收到下发的密钥消息后, 保存密钥信息, 并向 CBC发送响应消 息; 步骤 S406: MME准备主动向 UE下发更新的 PWS密钥。如果 MME中 UE的 NAS 层连接存在, 则直接下发; 否则, MME首先触发建立 NAS层连接, 然后在下发; 步骤 S408 : MME使用非接入层(NAS层)消息向 UE下发 PWS密钥信息, 包括 密钥和对应的密钥 ID。 例如, 上述 NAS层消息可以是通告消息 NOTIFICATION等; 步骤 S410: UE使用新收到的密钥更新本地保存的信息。 需要注意的是, UE可能收到该 NAS层消息, 也可能没收到; 或者收到的内容不 正确等异常情况; 因此 UE采用所述接收到的 PWS密钥更新当前的 PWS密钥可能会 发生异常。 步骤 S412: MME下发完 PWS密钥信息后, 间隔一段时间后, 通过基站设备向 UE广播当前的 PWS密钥 ID。所述间隔一段时间可以采用定时器方式, 以及间隔时间 等由具体设备实现来定; 步骤 S414: UE收到广播的 PWS ID后, 判断发现本地保存的与收到的不一致, 可能由于步骤 S408和 /或步骤 S410异常造成; 步骤 S416: UE间隔一段时间后, 跟踪区更新消息, 请求更新 PWS key, 消息中 携带要请求的 PWS key id。 如果是 GERAN/UMTS网络, 则使用位置区或路由器更新 消息; 步骤 S418 : 网络侧设备收到该请求消息后, 根据 PWS key id, 把对应的 PWS key 响应消息发送给 UE。 由此可见,图 3示出了在步骤 S204中 UE采用接收到的 PWS密钥更新当前的 PWS 密钥成功的情况, 而图 4示出了在步骤 S204中 UE采用接收到的 PWS密钥更新当前 的 PWS密钥发生异常的情况, 即没有更新成功。 优选地, 在 UE接收来自于网络侧设备下发的更新的 PWS密钥的标识之后, 在 UE向网络侧设备发送更新当前的 PWS密钥的请求消息之前, 还可以包括以下处理: UE接收来自于网络侧设备下发的 PWS消息, 其中, PWS消息是采用更新的 PWS密 钥进行加密的。 下面结合图 5的实例进一步描述上述优选实施方式。 实例三: 图 5是根据本发明实例三的 PWS密钥的更新方法的流程图。如图 5所示,该实施 例示出了网络主动向终端下发更新的 PWS密钥信息, 而 UE的 PWS密钥还没有更新 成功就收到了 PWS 消息的处理过程。 本流程给出的是 LTE 网络的流程图, 对于 GSMAJMTS网络是类似的, 只要把 MME换成 SGSN即可。 具体步骤说明如下: 步骤 S502: CBC向 MME下发需要更新的 PWS密钥 (key)和该 PWS密钥的标识 (key id); 步骤 S504: MME收到下发的密钥消息后, 保存密钥信息, 并向 CBC发送响应消 息; 步骤 S506: MME准备主动向 UE下发更新的 PWS密钥。如果 MME中 UE的 NAS 层连接存在, 则直接下发; 否则, MME首先触发建立 NAS层连接, 然后在下发; 步骤 S508 : MME使用 NAS层消息向 UE下发 PWS密钥信息, 包括密钥和对应 的密钥 ID。 例如, 所述 NAS层消息可以是通告消息 NOTIFICATION等; 步骤 S510: UE使用新收到的密钥信息更新本地保存的信息; 步骤 S512: MME下发完 PWS密钥信息后, 间隔一段时间后, 通过基站设备向 UE广播当前的 PWS密钥 ID。所述间隔一段时间可以采用定时器方式, 以及间隔时间 等由具体设备实现来定; 步骤 S514: UE收到广播的 PWS ID后, 判断发现本地保存的与收到的不一致; 步骤 S516: UE收到网络侧下发的 PWS消息, 该 PWS消息是采用最新的密钥签 名的; 需要说明的是: 步骤 S516可以发生在步骤 S512和步骤 S518之间的任何时刻。 步骤 S518: UE收到 PWS消息后, 停止当前的处理, 开始 UE请求 PWS key的过 程。 需要说明的是: UE使用跟踪区更新消息, 请求更新 PWS key, 消息中携带要请求 的 PWS key id。 如果是 GERAN/UMTS网络, 则使用位置区或路由器更新消息; 步骤 S520: 网络侧收到该请求消息后, 根据 PWS key id, 把对应的 PWS key通过 响应消息发送给 UE。 优选地, 在 UE采用接收到的 PWS密钥更新当前的 PWS密钥发生异常时, 还可 以包括以下处理: (2) The UE determines whether the identifier of the stored PWS key includes the identifier of the received updated PWS key, and if yes, the update succeeds. Preferably, the manner in which the network side device sends the updated PWS key may include, but is not limited to, a broadcast message sending manner. Preferably, when the UE determines whether the identifier of the saved PWS key includes the identifier of the updated PWS key, the following processing may be further included: if the PWS secret saved by the UE The identifier of the key does not include the identifier corresponding to the received PWS key, and the UE initiates a PWS key update procedure, and requests the network side device to update the PWS key. Preferably, the UE initiates a PWS key update procedure, and the requesting the updated PWS key to the network side device may include the following processing: (1) The UE sends a request message for updating the current PWS key to the network side device, where the request message carries The identifier of the updated PWS key; (2) The UE receives the updated PWS key delivered from the network side device. Through the above processing, the UE can accurately determine whether the update is successful. If the identifier of the updated PWS key is consistent with the identifier of the received updated PWS key, the update is successful; if the updated PWS key is identified and received If the identifiers of the updated PWS keys are inconsistent, the subsequent operations may be continued. For example, the network side device is continuously requested to deliver the updated key, and then the update operation is continued to ensure that the update is successful. The above preferred embodiments are further described below in conjunction with the examples of FIGS. 3 and 4. Example 1: FIG. 3 is a flow chart of a method for updating a PWS key according to Example 1 of the present invention. As shown in FIG. 3, this example shows a process in which a network side device actively sends an updated PWS key to a UE. This flow gives a flow chart of the LTE network, which is similar for the GSM/UMTS network, as long as the MME is replaced by the SGSN. In this process, the UE successfully receives the updated key information sent by the network side, and the specific steps are as follows: Step S302: The CBC sends a PWS key (key) to be updated to the network side device (for example, the MME) and the The identifier of the PWS key (key id); Step S304: After receiving the delivered key message, the MME saves the key and sends a response message to the CBC. It should be noted that: Steps S302 and S304 are an MME trigger. The case of the key update may also include other situations, such as the expiration of the key usage period in the MME, and the subsequent examples are the same; Step S306: The MME prepares to actively send the updated PWS key to the UE. If the NAS layer connection of the UE exists in the MME, the MME directly sends the NAS layer connection, and then the MME first sends the PWS key information, including the key and the NAS, to the UE. The corresponding key ID. The NAS layer message may be a notification message (NOTIFICATION) or the like; Step S310: The UE updates the locally saved current key information by using the newly received key information. Step S312: After the MME sends the PWS key information, the interval is separated. After the time, the current PWS key ID is broadcast to the UE through the base station device. The interval may be determined by a specific device by using a timer or other methods, and the interval time is determined by a specific device. Step S314: After receiving the broadcast PWS ID, the UE determines whether the locally saved and the received ones are consistent. Then the PWS key update is successful. Example 2: Figure 4 is a flow chart of a method for updating a PWS key according to Example 2 of the present invention. As shown in FIG. 4, the example shows that the network actively sends an updated PWS key to the terminal, and the UE does not successfully receive the exception handling process. This flow gives a flow chart of the LTE network. It is similar for the GSM/UMTS network, as long as the MME is replaced with the SGSN. The specific steps are as follows: Step S402: The CBC sends a PWS key (key) and an identifier (key id) of the PWS key to the MME. Step S404: After receiving the issued key message, the MME saves the key. Key information, and send a response message to the CBC; Step S406: The MME prepares to actively send the updated PWS key to the UE. If the NAS layer connection of the UE exists in the MME, the PWS key is directly sent; otherwise, the MME first triggers the establishment of the NAS layer connection, and then sends the same; Step S408: The MME sends the PWS key to the UE by using the non-access stratum (NAS layer) message. Information, including the key and the corresponding key ID. For example, the NAS layer message may be an announcement message NOTIFICATION or the like; Step S410: The UE updates the locally saved information using the newly received key. It should be noted that the UE may receive the NAS layer message, or may not receive it; or the received content is incorrect or the like; therefore, the UE may update the current PWS key by using the received PWS key. abnormal. Step S412: After the PGW sends the PWS key information, the MME broadcasts the current PWS key ID to the UE through the base station device. The time interval may be a timer mode, and the interval time is determined by a specific device. Step S414: After receiving the broadcast PWS ID, the UE determines that the local save is inconsistent with the received one, possibly due to step S408 and / or step S410 abnormally caused; Step S416: After the UE is separated for a period of time, the tracking area update message requests to update the PWS key, and the message carries the PWS key id to be requested. If it is a GERAN/UMTS network, the location area or the router is used to update the message. Step S418: After receiving the request message, the network side device sends a corresponding PWS key response message to the UE according to the PWS key id. As can be seen, FIG. 3 shows a case where the UE successfully updates the current PWS key with the received PWS key in step S204, and FIG. 4 shows that the UE adopts the received PWS key update in step S204. The current PWS key is abnormal, that is, no update is successful. Preferably, after the UE receives the identifier of the updated PWS key sent by the network side device, before the UE sends the request message for updating the current PWS key to the network side device, the following processing may be further included: the UE receives the The PWS message delivered by the network side device, where the PWS message is encrypted by using the updated PWS key. The above preferred embodiment is further described below in conjunction with the example of FIG. Example 3: Figure 5 is a flow chart of a method for updating a PWS key according to Example 3 of the present invention. As shown in FIG. 5, this embodiment shows that the network actively sends updated PWS key information to the terminal, and the process of receiving the PWS message is received after the PWS key of the UE has not been updated successfully. This flow gives a flow chart of the LTE network. It is similar to the GSMAJMTS network, as long as the MME is replaced by the SGSN. The specific steps are as follows: Step S502: The CBC sends a PWS key (key) and an identifier (key id) of the PWS key to the MME. Step S504: After receiving the issued key message, the MME saves the key. Key information, and send a response message to the CBC; Step S506: The MME prepares to actively send the updated PWS key to the UE. If the NAS layer connection of the UE exists in the MME, the MME directly sends the NAS layer connection, and then the MME first sends the PWS key information to the UE, including the key and the NAS. The corresponding key ID. For example, the NAS layer message may be an advertisement message NOTIFICATION or the like; Step S510: The UE updates the locally saved information by using the newly received key information. Step S512: After the MME sends the PWS key information, after a period of time, The current PWS key ID is broadcast to the UE by the base station device. The interval may be determined by a specific device, and the interval time and the like may be determined by a specific device. Step S514: After receiving the broadcast PWS ID, the UE determines that the local save is inconsistent with the received one; Step S516: The UE receives the PWS message sent by the network side, and the PWS message is signed with the latest key. It should be noted that: Step S516 can occur at any time between step S512 and step S518. Step S518: After receiving the PWS message, the UE stops the current processing and starts the process of requesting the PWS key by the UE. It should be noted that: the UE uses the tracking area update message to request to update the PWS key, and the message carries the PWS key id to be requested. If it is a GERAN/UMTS network, the location area or the router is used to update the message. Step S520: After receiving the request message, the network side sends the corresponding PWS key to the UE according to the PWS key id. Preferably, when the UE updates the current PWS key by using the received PWS key, the following processing may also be included:
( 1 ) UE接收来自于网络侧设备下发的 PWS消息, 其中, 该 PWS消息是采用更 新的 PWS密钥进行加密的; (1) The UE receives the PWS message sent by the network side device, where the PWS message is encrypted by using the updated PWS key;
(2) UE接收来自于网络侧设备下发的更新的 PWS密钥的标识; ( 3 ) 在 UE采用当前的 PWS密钥对 PWS消息认证失败的情况下, UE向网络侧 设备发送更新当前的 PWS密钥的请求消息, 其中, 该请求消息携带有更新的 PWS密 钥的标识; (2) The UE receives the identifier of the updated PWS key sent by the network side device; (3) in the case that the UE fails to authenticate the PWS message by using the current PWS key, the UE sends the update current to the network side device. a request message of the PWS key, where the request message carries an identifier of the updated PWS key;
(4) UE接收来自于网络侧设备下发的更新的 PWS密钥。 下面结合图 6的实例进一步描述上述优选实施方式。 实例四: 图 6是根据本发明实例四的 PWS密钥的更新方法的流程图。如图 6所示,该实施 例示出了网络主动向终端下发更新的 PWS密钥信息,而 UE在还没有成功接收到更新 的 PWS密钥信息而收到了 PWS消息的处理过程。本流程给出的是 LTE网络的流程图, 对于 GSM/UMTS网络是类似的, 只要把 MME换成 SGSN即可。 具体步骤说明如下: 步骤 S602: CBC向 MME下发需要更新的 PWS密钥 (key)和该 PWS密钥的标识(4) The UE receives the updated PWS key delivered from the network side device. The above preferred embodiment is further described below in conjunction with the example of FIG. 6. Example 4: Figure 6 is a flow chart of a method for updating a PWS key according to Example 4 of the present invention. As shown in FIG. 6, this embodiment shows a process in which the network actively sends updated PWS key information to the terminal, and the UE receives the PWS message without successfully receiving the updated PWS key information. This flow gives a flow chart of the LTE network. It is similar for the GSM/UMTS network, as long as the MME is replaced by the SGSN. The specific steps are as follows: Step S602: The CBC sends a PWS key (key) to be updated and an identifier of the PWS key to the MME.
(key id); 步骤 S604: MME收到下发的密钥消息后, 保存密钥信息, 并向 CBC发送响应消 息; 步骤 S606: MME准备主动向 UE下发更新的 PWS密钥。如果 MME中 UE的 NAS 层连接存在, 则直接下发; 否则, MME首先触发建立 NAS层连接, 然后在下发; 步骤 S608 : MME使用 NAS层消息向 UE下发 PWS密钥信息, 包括密钥和对应 的密钥 ID。 例如, 所述 NAS层消息可以是通告消息 NOTIFICATION等; 步骤 S610: UE使用新收到的密钥信息更新本地保存的信息; 需要说明的是,在本示例中, UE更新密钥没有成功是因为步骤 S608或者步骤 S610 发生异常, 例如: 发生 UE没收到该 NAS层消息或者收到的内容不正确等异常情况。 步骤 S612: UE收到网络侧下发的 PWS消息, 该 PWS消息是采用最新的密钥签 名的; 需要说明的是: 步骤 S616可以发生在步骤 S608和步骤 S612之间的任何时刻。 步骤 S614: MME下发完 PWS密钥信息后, 间隔一段时间后, 通过基站设备向 UE广播当前的 PWS密钥 ID。所述间隔一段时间可以采用定时器方式, 以及间隔时间 等由具体设备实现来定; 步骤 S616: UE收到 PWS消息后, 停止当前的处理, 开始 UE请求 PWS key的过 程。 需要说明的是: UE使用跟踪区更新消息, 请求更新 PWS key, 消息中携带要请求 的 PWS key id。 如果是 GERAN/UMTS网络, 则使用位置区或路由器更新消息; 步骤 S618 : 网络侧收到该请求消息后, 根据 PWS key id, 把对应的 PWS key通过 响应消息发送给 UE。 图 7是根据本发明实施例二的 PWS密钥的更新方法的流程图。如图 7所示,该方 法主要包括以下处理: 步骤 S702: 在满足预设条件时, 网络侧设备被触发发送更新的 PWS密钥信息, 其中, 所述 PWS密钥信息包括 PWS密钥; 步骤 S704: 网络侧设备通过非接入层下行消息向 UE下发更新的 PWS密钥, 以 使 UE采用接收到的 PWS密钥更新当前的 PWS密钥。 相关技术中, 目前还没有涉及如何对 PWS密钥进行更新的方法。采用了图 6所示 的方法, 在满足预设条件时, 网络侧设备被触发发送更新的 PWS密钥; 网络侧设备通 过非接入层下行消息向 UE下发更新的 PWS密钥, 以使 UE采用接收到的 PWS密钥 更新当前的 PWS密钥,解决了相关技术中没有涉及如何对 PWS密钥进行更新的问题, 实现了通过 PWS密钥的实时更新加强对 PWS的安全保护。 优选地, PWS密钥信息还包括 PWS密钥的标识, 在 UE接收来自于网络侧设备 通过非接入层下行消息下发的更新的 PWS密钥信息之后, 还包括: UE保存 PWS密 钥的标识。 优选地, 上述非接入层下行消息可以包括但不限于: 通告消息。 优选地, 上述预设条件可以包括但不限于以下之一: (key id); Step S604: After receiving the delivered key message, the MME saves the key information and sends a response message to the CBC. Step S606: The MME prepares to actively send the updated PWS key to the UE. If the NAS layer connection of the UE exists in the MME, the MME directly sends the NAS layer connection, and then the MME first sends the PWS key information, including the key and the NAS, to the UE. The corresponding key ID. For example, the NAS layer message may be an announcement message NOTIFICATION or the like; Step S610: The UE updates the locally saved information by using the newly received key information. It should be noted that, in this example, the UE update key is not successful because An abnormality occurs in step S608 or step S610. For example, an abnormal situation occurs in which the UE does not receive the NAS layer message or the received content is incorrect. Step S612: The UE receives the PWS message sent by the network side, and the PWS message is signed with the latest key. It should be noted that: Step S616 can occur at any time between step S608 and step S612. Step S614: After the PGW sends the PWS key information, the MME broadcasts the current PWS key ID to the UE through the base station device. The interval may be in a timer mode, and the interval time is determined by a specific device. Step S616: After receiving the PWS message, the UE stops the current processing and starts the process of requesting the PWS key by the UE. It should be noted that: the UE uses the tracking area update message to request to update the PWS key, and the message carries the PWS key id to be requested. If it is a GERAN/UMTS network, the location area or the router is used to update the message. Step S618: After receiving the request message, the network side sends the corresponding PWS key to the UE according to the PWS key id. FIG. 7 is a flowchart of a method for updating a PWS key according to Embodiment 2 of the present invention. As shown in FIG. 7, the method mainly includes the following processing: Step S702: When a preset condition is met, the network side device is triggered to send updated PWS key information, where the PWS key information includes a PWS key; Step S704: The network side device sends the updated PWS key to the UE by using the non-access stratum downlink message, so that the UE updates the current PWS key by using the received PWS key. In the related art, there is currently no method for how to update the PWS key. The method shown in FIG. 6 is adopted, when the preset condition is met, the network side device is triggered to send the updated PWS key; the network side device sends the updated PWS key to the UE through the non-access stratum downlink message, so that The UE uses the received PWS key to update the current PWS key, and solves the problem that the related technology does not involve updating the PWS key, and implements the real-time update of the PWS key to strengthen the security protection of the PWS. Preferably, the PWS key information further includes an identifier of the PWS key, and after the UE receives the updated PWS key information sent by the network side device by using the non-access stratum downlink message, the method further includes: the UE saving the PWS key Logo. Preferably, the non-access stratum downlink message may include, but is not limited to: an announcement message. Preferably, the foregoing preset condition may include but is not limited to one of the following:
( 1 ) 达到预定时长; 其中, 预定时长可以采用定时器或者其他方式对 PWS密钥 的使用周期预先进行设定; (1) reaching a predetermined duration; wherein, the predetermined duration may be preset by using a timer or other means for the usage period of the PWS key;
( 2 ) 网络侧设备接收到小区广播中心 CBC下发的密钥更新消息, 其中, 密钥更 新消息包括: 更新的 PWS密钥以及该 PWS密钥的标识。 优选地, 在 UE采用接收到的 PWS密钥更新当前的 PWS密钥之后, 还可以包括: 网络侧设备下发更新的 PWS密钥的标识。在 UE当前的 PWS密钥的标识 ID与网络侧 设备下发的 PWS密钥的标识 ID—致时, 说明 UE更新 PWS密钥成功。 优选地, 网络侧设备下发更新的 PWS密钥的标识方式可以包括但不限于:广播消 息下发方式。 上述优选实施方式的进一步描述可以参见图 3, 此处不再赘述。 优选地, 在网络侧设备下发更新的 PWS密钥的标识之后, 还可以包括以下处理: 如果所述 UE保存的所述 PWS密钥的标识中未包括所述网络侧设备下发的所述更 新的 PWS密钥, 所述 UE发起 PWS密钥更新流程, 向所述网络侧设备请求所述更新 的 PWS密钥。 优选地, UE发起 PWS密钥更新流程, 向网络侧设备请求更新的 PWS密钥可以 包括以下处理: (2) The network side device receives the key update message sent by the cell broadcast center CBC, where the key update message includes: the updated PWS key and the identifier of the PWS key. Preferably, after the UE updates the current PWS key by using the received PWS key, the method further includes: sending, by the network side device, an identifier of the updated PWS key. When the identifier ID of the current PWS key of the UE is consistent with the identifier ID of the PWS key sent by the network side device, it indicates that the UE updates the PWS key successfully. Preferably, the manner in which the network side device sends the updated PWS key may include, but is not limited to, a broadcast message delivery mode. For further description of the above preferred embodiments, reference may be made to FIG. 3, and details are not described herein again. Preferably, after the network side device sends the identifier of the updated PWS key, the method may further include: if the identifier of the PWS key saved by the UE does not include the The updated PWS key, the UE initiates a PWS key update procedure, and requests the updated PWS key from the network side device. Preferably, the UE initiates a PWS key update procedure, and requesting the updated PWS key from the network side device may include the following processing:
( 1 ) 网络侧设备接收来自于 UE的更新当前的 PWS密钥的请求消息, 其中, 请 求消息携带有更新的 PWS密钥的标识; (2) 网络侧设备下发更新的 PWS密钥。 上述优选实施方式的进一步描述可以参见图 4, 此处不再赘述。 优选地,在网络侧设备下发更新的 PWS密钥的标识之后,在网络侧设备接收来自 于 UE的更新当前的 PWS密钥的请求消息之前, 还可以包括: 网络侧设备下发 PWS 消息, 其中, PWS消息是采用更新的 PWS密钥进行加密的。 上述优选实施方式的进一步描述可以参见图 5, 此处不再赘述。 优选地, 在 UE采用接收到的 PWS密钥更新当前的 PWS密钥发生异常时, 还可 以包括以下处理: (1) The network side device receives the request message for updating the current PWS key from the UE, where the request message carries the identifier of the updated PWS key; (2) the network side device delivers the updated PWS key. For further description of the above preferred embodiments, reference may be made to FIG. 4, and details are not described herein again. Preferably, after the network side device sends the identifier of the updated PWS key, before the network side device receives the request message for updating the current PWS key from the UE, the network side device may further include: sending, by the network side device, a PWS message, Among them, the PWS message is encrypted with the updated PWS key. For further description of the above preferred embodiments, reference may be made to FIG. 5, and details are not described herein again. Preferably, when the UE updates the current PWS key by using the received PWS key, the following processing may also be included:
( 1 ) 网络侧设备下发 PWS消息, 其中, 该 PWS消息是采用更新的 PWS密钥进 行加密的; (2) 网络侧设备下发更新的 PWS密钥的标识; (1) The network side device delivers the PWS message, where the PWS message is encrypted by using the updated PWS key; (2) the identifier of the updated PWS key sent by the network side device;
(3 )在 UE采用当前的 PWS密钥对 PWS消息认证失败的情况下, 网络侧设备接 收来自于 UE的更新当前的 PWS密钥的请求消息, 其中, 该请求消息携带有更新的 PWS密钥的标识; (3) In the case that the UE fails to authenticate the PWS message by using the current PWS key, the network side device receives a request message for updating the current PWS key from the UE, where the request message carries the updated PWS key. Identification
(4) 网络侧设备下发更新的 PWS密钥。 上述优选实施方式的进一步描述可以参见图 6, 此处不再赘述。 图 8是根据本发明实施例一的 PWS密钥的更新装置的结构框图。如图 8所示,该 PWS密钥的更新装置可以包括: 第一接收模块 800, 设置为在满足预设条件时, 接收 来自于网络侧设备通过非接入层下行消息下发的更新的 PWS 密钥信息, 其中, 所述 PWS密钥信息包括 PWS密钥; 更新模块 802, 设置为采用接收到的 PWS密钥更新当 前的 PWS密钥。 在图 8所示的 PWS密钥的更新装置中,在满足预设条件时, 网络侧设备通过非接 入层下行消息下发的更新的 PWS密钥, 第一接收模块 800接收该 PWS密钥; 更新模 块 802采用接收到的 PWS密钥更新当前的 PWS密钥, 从而解决了相关技术中没有涉 及如何对 PWS密钥进行更新的问题, 实现了通过 PWS密钥的实时更新加强对 PWS 的安全保护。 优选地, 如图 9所示, 上述装置中还可以包括: 保存模块 814, 设置为保存 PWS 密钥的标识。 优选地, 上述非接入层下行消息可以包括但不限于: 通告消息。 优选地, 上述预设条件可以包括但不限于以下之一: ( 1 ) 达到预定时长; 在具体实施过程中,预定时长可以采用定时器等方式对 PWS密钥的使用周期预先 进行设定; (4) The network side device delivers the updated PWS key. For further description of the above preferred embodiments, reference may be made to FIG. 6 and details are not described herein again. FIG. 8 is a structural block diagram of an apparatus for updating a PWS key according to Embodiment 1 of the present invention. As shown in FIG. 8, the device for updating the PWS key may include: a first receiving module 800, configured to receive an updated PWS sent by a network side device through a non-access stratum downlink message when the preset condition is met. Key information, wherein the PWS key information includes a PWS key; and the updating module 802 is configured to update the current PWS key with the received PWS key. In the updating device of the PWS key shown in FIG. 8, when the preset condition is met, the network side device receives the updated PWS key sent by the non-access stratum downlink message, and the first receiving module 800 receives the PWS key. The update module 802 updates the current PWS key by using the received PWS key, thereby solving the problem that the related technology does not involve updating the PWS key, and realizing the security of the PWS by real-time updating of the PWS key. protection. Preferably, as shown in FIG. 9, the foregoing apparatus may further include: a saving module 814, configured to save an identifier of the PWS key. Preferably, the non-access stratum downlink message may include, but is not limited to: an announcement message. Preferably, the preset condition may include, but is not limited to, one of the following: (1) reaching a predetermined duration; in a specific implementation process, the predetermined duration may be preset by using a timer or the like for the usage period of the PWS key;
(2) 网络侧设备接收到小区广播中心(CBC)下发的密钥更新消息, 其中, 密钥 更新消息包括: 更新的 PWS密钥以及该 PWS密钥的标识。 优选地, 如图 9所示, 上述装置中还可以包括: 第二接收模块 804, 设置为接收 来自于网络侧设备下发的更新的 PWS密钥的标识; 判断模块 806, 设置为判断保存的 所述 PWS密钥的标识中是否包括接收到的所述更新的 PWS密钥的标识, 如果包括, 则更新成功。 优选地, 网络侧设备下发更新的 PWS密钥的标识方式可以包括但不限于:广播消 息发送方式。 优选地, 如图 9所示, 上述装置中还可以包括: 发送模块 808, 设置为在所述判 断模块输出为否或者所述第一接收模块或者所述更新模块执行操作发生异常时, 向所 述网络侧设备发送更新所述当前的 PWS密钥的请求消息,其中,所述请求消息携带有 所述更新的 PWS密钥的标识; 第三接收模块 810, 设置为接收来自于网络侧设备下发 的更新的 PWS密钥。 优选地, 如图 9所示, 上述装置中还可以包括: 第四接收模块 812, 设置为接收 来自于网络侧设备下发的 PWS消息, 其中, 该 PWS消息是采用更新的 PWS密钥进 行加密的。 需要说明的是,上述装置在第一接收模块 800以及更新模块 802正常工作的时候, 如果更新模块 802更新 PWS密钥成功, 则上述装置可以通过更新的密钥对 PWS进行 解密。如果第一接收模块 800或者更新模块 802工作发生异常,更新模块 802更新 PWS 密钥不成功,那么对于第四接收模块 812接收的来自于网络侧设备下发的 PWS消息则 需要通过以下两种方式之一进行处理: 方式一:如果第四接收模块 812接收来自于网络侧设备下发的 PWS消息发生在第 二接收模块 804接收来自于网络侧设备下发的更新的 PWS密钥的标识之前,判断模块 806停止工作,而直接由发送模块 808向网络侧设备发送更新当前的 PWS密钥的请求 消息, 以及由第三接收模块 810接收来自于网络侧设备下发的更新的 PWS密钥。 方式二:如果第四接收模块 812接收来自于网络侧设备下发的 PWS消息发生在第 二接收模块 804接收来自于网络侧设备下发的更新的 PWS密钥的标识之后,发送模块 808在向所述网络侧设备发送更新所述当前的 PWS密钥的请求消息之前,判断模块 806 继续执行判断工作,然后由发送模块 808向网络侧设备发送更新当前的 PWS密钥的请 求消息, 以及由第三接收模块 810接收来自于网络侧设备下发的更新的 PWS密钥。 图 10是根据本发明实施例二的 PWS密钥的更新装置的结构框图。 如图 10所示, 该 PWS密钥的更新装置可以包括: 触发模块 1000, 设置为在满足预设条件时, 触发 网络侧设备发送更新的 PWS密钥信息, 其中, 所述 PWS密钥信息包括 PWS密钥; 第一下发模块 1002, 设置为通过非接入层下行消息下发更新的 PWS密钥, 以使 UE 采用接收到的 PWS密钥更新当前的 PWS密钥。 在图 10所示的 PWS密钥的更新装置中,在满足预设条件时,触发模块 1000触发 网络侧设备发送更新的 PWS密钥; 第一下发模块 1002通过非接入层下行消息下发更 新的 PWS密钥, 以使 UE采用接收到的 PWS密钥更新当前的 PWS密钥, 从而解决了 相关技术中没有涉及如何对 PWS密钥进行更新的问题, 实现了通过 PWS密钥的实时 更新加强对 PWS的安全保护。 例如, 上述非接入层下行消息可以包括但不限于: 通告消息。 优选地, 上述预设条件可以包括但不限于以下之一: (2) The network side device receives the key update message delivered by the cell broadcast center (CBC), where the key update message includes: the updated PWS key and the identifier of the PWS key. Preferably, as shown in FIG. 9, the foregoing apparatus may further include: a second receiving module 804, configured to receive an identifier of an updated PWS key sent by the network side device; and a determining module 806, configured to determine the saved Whether the identifier of the updated PWS key is included in the identifier of the PWS key, and if included, the update is successful. Preferably, the manner in which the network side device sends the updated PWS key may include, but is not limited to, a broadcast message sending manner. Preferably, as shown in FIG. 9, the foregoing apparatus may further include: a sending module 808, configured to: when the output of the determining module is negative or the operation of the first receiving module or the updating module is abnormal, The network side device sends a request message for updating the current PWS key, where the request message carries an identifier of the updated PWS key; and the third receiving module 810 is configured to receive the device from the network side device. The updated PWS key sent. Preferably, as shown in FIG. 9, the foregoing apparatus may further include: a fourth receiving module 812, configured to receive a PWS message sent by the network side device, where the PWS message is encrypted by using an updated PWS key. of. It should be noted that, when the first receiving module 800 and the updating module 802 are working normally, if the updating module 802 updates the PWS key successfully, the device may decrypt the PWS by using the updated key. If the first receiving module 800 or the updating module 802 works abnormally, and the updating module 802 does not update the PWS key, the PWS message sent by the network receiving device received by the fourth receiving module 812 needs to be in the following two manners. One of the processes: mode 1: if the fourth receiving module 812 receives the PWS message sent from the network side device, and before the second receiving module 804 receives the identifier of the updated PWS key sent by the network side device, The determining module 806 stops working, and the sending module 808 sends a request message for updating the current PWS key to the network side device, and the third receiving module 810 receives the updated PWS key sent by the network side device. Manner 2: After the fourth receiving module 812 receives the PWS message sent by the network side device, and after the second receiving module 804 receives the identifier of the updated PWS key sent by the network side device, the sending module 808 is Before the network side device sends the request message for updating the current PWS key, the determining module 806 continues to perform the determining work, and then the sending module 808 sends a request message for updating the current PWS key to the network side device, and The three receiving module 810 receives the updated PWS key delivered by the network side device. FIG. 10 is a structural block diagram of an apparatus for updating a PWS key according to Embodiment 2 of the present invention. As shown in FIG. 10, the device for updating the PWS key may include: a triggering module 1000, configured to trigger the network side device to send updated PWS key information when the preset condition is met, where the PWS key information includes The first sending module 1002 is configured to send the updated PWS key through the non-access stratum downlink message, so that the UE updates the current PWS key by using the received PWS key. In the updating device of the PWS key shown in FIG. 10, when the preset condition is met, the triggering module 1000 triggers the network side device to send the updated PWS key; the first sending module 1002 sends the downlink message through the non-access stratum. The updated PWS key is used to enable the UE to update the current PWS key by using the received PWS key, thereby solving the problem that the related technology does not involve updating the PWS key, and realizing the real-time update by the PWS key. Strengthen the security protection of PWS. For example, the foregoing non-access stratum downlink message may include, but is not limited to: an advertisement message. Preferably, the foregoing preset condition may include but is not limited to one of the following:
( 1 ) 达到预定时长; 在具体实施过程中,预定时长可以采用定时器等方式对 PWS密钥的使用周期预先 进行设定; (2) 网络侧设备接收到小区广播中心(CBC)下发的密钥更新消息, 其中, 密钥 更新消息包括: 更新的 PWS密钥以及该 PWS密钥的标识。 优选地, 如图 11所示, 上述装置还可以包括: 第二下发模块 1004, 设置为下发 更新的 PWS密钥的标识。 优选地, 网络侧设备下发更新的 PWS密钥的标识方式可以包括但不限于:广播消 息发送方式。 优选地, 如图 11所示, 上述装置还可以包括: 第五接收模块 1006, 设置为接收 来自于 UE的更新当前的 PWS密钥的请求消息,其中,该请求消息携带有更新的 PWS 密钥的标识; 第三下发模块 1008, 设置为下发更新的 PWS密钥。 优选地, 如图 11所示, 上述装置还可以包括: 第四下发模块 1010, 设置为下发(1) reaching a predetermined duration; in a specific implementation process, the predetermined duration may be preset by using a timer or the like for the usage period of the PWS key; (2) The network side device receives the key update message delivered by the cell broadcast center (CBC), where the key update message includes: the updated PWS key and the identifier of the PWS key. Preferably, as shown in FIG. 11, the foregoing apparatus may further include: a second sending module 1004, configured to send an identifier of the updated PWS key. Preferably, the manner in which the network side device sends the updated PWS key may include, but is not limited to, a broadcast message sending manner. Preferably, as shown in FIG. 11, the apparatus may further include: a fifth receiving module 1006, configured to receive a request message from the UE for updating a current PWS key, where the request message carries an updated PWS key The third sending module 1008 is configured to deliver the updated PWS key. Preferably, as shown in FIG. 11, the foregoing apparatus may further include: a fourth sending module 1010, configured to send
PWS消息, 其中, 该 PWS消息是采用更新的 PWS密钥进行加密的。 需要说明的是,第四下发模块 1010下发 PWS消息可以发生在第一下发模块 1002 通过非接入层下行消息下发更新的 PWS密钥与第五接收模块 1006接收来自于 UE的 更新当前的 PWS密钥的请求消息之间的任何时刻。 从以上的描述中, 可以看出, 本发明实现了如下技术效果: 在当前 PWS密钥的使 用周期到期之前, 对当前的 PWS密钥进行更新, 可以成功启用新的 PWS密钥, 解决 了相关技术中没有涉及如何对 PWS密钥进行更新的问题, 进而达到了通过 PWS密钥 的实时更新加强对 PWS的安全保护的效果。 显然, 本领域的技术人员应该明白, 上述的本发明的各模块或各步骤可以用通用 的计算装置来实现, 它们可以集中在单个的计算装置上, 或者分布在多个计算装置所 组成的网络上, 可选地, 它们可以用计算装置可执行的程序代码来实现, 从而, 可以 将它们存储在存储装置中由计算装置来执行, 并且在某些情况下, 可以以不同于此处 的顺序执行所示出或描述的步骤, 或者将它们分别制作成各个集成电路模块, 或者将 它们中的多个模块或步骤制作成单个集成电路模块来实现。 这样, 本发明不限制于任 何特定的硬件和软件结合。 以上所述仅为本发明的优选实施例而已, 并不用于限制本发明, 对于本领域的技 术人员来说, 本发明可以有各种更改和变化。 凡在本发明的精神和原则之内, 所作的 任何修改、 等同替换、 改进等, 均应包含在本发明的保护范围之内。 工业实用性 本发明技术方案在当前 PWS密钥的使用周期到期之前, 对当前的 PWS密钥进行 更新, 可以成功启用新的 PWS密钥, 解决了相关技术中还缺乏对 PWS密钥进行更新 的技术方案的问题, 进而达到了通过 PWS密钥的实时更新加强对 PWS的安全保护的 效果。 A PWS message, wherein the PWS message is encrypted using an updated PWS key. It should be noted that the PWS message sent by the fourth sending module 1010 may be sent by the first sending module 1002 to send an updated PWS key through the non-access stratum downlink message, and the fifth receiving module 1006 receives the update from the UE. Any moment between the request message of the current PWS key. From the above description, it can be seen that the present invention achieves the following technical effects: Before the current PWS key usage period expires, the current PWS key is updated, and the new PWS key can be successfully enabled, and the solution is solved. The related art does not address the problem of how to update the PWS key, thereby achieving the effect of enhancing the security protection of the PWS by real-time updating of the PWS key. Obviously, those skilled in the art should understand that the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein. The steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps are fabricated as a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software. The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention. Industrial applicability The technical solution of the present invention updates the current PWS key before the expiration of the current PWS key expiration period, and can successfully enable the new PWS key, thereby solving the technical solution that the PWS key is not updated in the related art. The problem, in turn, achieves the effect of enhancing the security protection of the PWS by real-time updating of the PWS key.

Claims

权 利 要 求 书 Claim
1. 一种公共警报系统 PWS密钥的更新方法, 包括: 1. A public alarm system PWS key update method, including:
在满足预设条件时, 用户设备 UE接收来自于网络侧设备通过非接入层下 行消息下发的更新的 PWS密钥信息, 其中, 所述 PWS密钥信息包括 PWS密 钥;  When the preset condition is met, the user equipment UE receives the updated PWS key information sent by the network side device through the non-access stratum downlink message, where the PWS key information includes a PWS key;
所述 UE采用接收到的 PWS密钥更新当前的 PWS密钥。  The UE updates the current PWS key with the received PWS key.
2. 根据权利要求 1所述的方法, 其中, 所述 PWS密钥信息还包括 PWS密钥的标 识, 在所述 UE接收来自于所述网络侧设备通过所述非接入层下行消息下发的 所述更新的 PWS密钥信息之后,还包括: 所述 UE保存所述 PWS密钥的标识。 The method of claim 1, wherein the PWS key information further includes an identifier of a PWS key, and the UE receives a downlink message from the network side device by using the non-access layer. After the updated PWS key information, the method further includes: the UE saving the identifier of the PWS key.
3. 根据权利要求 1所述的方法, 其中, 所述预设条件包括以下之一: 3. The method according to claim 1, wherein the preset condition comprises one of the following:
达到预定时长;  Reach the predetermined length of time;
所述网络侧设备接收到小区广播中心 CBC下发的密钥更新消息,其中,所 述密钥更新消息包括: 所述更新的 PWS密钥以及该 PWS密钥的标识。  The network side device receives the key update message sent by the cell broadcast center CBC, where the key update message includes: the updated PWS key and the identifier of the PWS key.
4. 根据权利要求 2所述的方法, 其中, 在所述 UE采用所述接收到的 PWS密钥更 新所述当前的 PWS密钥之后, 还包括: The method of claim 2, after the UE uses the received PWS key to update the current PWS key, the method further includes:
所述 UE接收来自于所述网络侧设备下发的所述更新的 PWS密钥的标识; 所述 UE判断保存的所述 PWS密钥的标识中是否包括接收到的所述更新的 PWS密钥的标识, 如果包括, 则更新成功。  The UE receives an identifier of the updated PWS key that is sent by the network side device; the UE determines whether the saved PWS key includes the received PWS key. The identifier, if included, is updated successfully.
5. 根据权利要求 4所述的方法, 其中, 在所述 UE判断所述保存的 PWS密钥的标 识中是否包括接收到的所述更新的 PWS密钥的标识时, 还包括: The method according to claim 4, wherein, when the UE determines whether the identifier of the updated PWS key is included in the identifier of the saved PWS key, the method further includes:
如果所述 UE保存的所述 PWS密钥的标识中未包括接收到的所述更新的 PWS密钥对应的标识, 则所述 UE发起 PWS密钥更新流程, 向所述网络侧设 备请求更新的 PWS密钥。  If the identifier of the PWS key that is saved by the UE does not include the identifier corresponding to the received PWS key, the UE initiates a PWS key update procedure, and requests an update from the network side device. PWS key.
6. 根据权利要求 5所述的方法, 其中, 所述 UE发起 PWS密钥更新流程, 向所述 网络侧设备请求所述更新的 PWS密钥包括: The method of claim 5, wherein the UE initiates a PWS key update process, and the requesting, by the network side device, the updated PWS key comprises:
所述 UE向所述网络侧设备发送更新所述当前的 PWS密钥的请求消息,其 中, 所述请求消息携带有所述更新的 PWS密钥的标识; 所述 UE接收来自于所述网络侧设备下发的所述更新的 PWS密钥。 Sending, by the UE, a request message for updating the current PWS key to the network side device, where the request message carries an identifier of the updated PWS key; The UE receives the updated PWS key delivered by the network side device.
7. 根据权利要求 6所述的方法, 其中, 在所述 UE接收来自于所述网络侧设备下 发的所述更新的 PWS密钥的标识之后,在所述 UE向所述网络侧设备发送更新 所述当前的 PWS密钥的请求消息之前, 还包括: The method according to claim 6, wherein after the UE receives the identifier of the updated PWS key delivered by the network side device, the UE sends the identifier to the network side device Before updating the request message of the current PWS key, the method further includes:
所述 UE接收来自于所述网络侧设备下发的 PWS消息, 其中, 所述 PWS 消息是采用所述更新的 PWS密钥进行加密的。  The UE receives the PWS message sent by the network side device, where the PWS message is encrypted by using the updated PWS key.
8. 根据权利要求 1所述的方法, 其中, 在所述 UE采用接收到的 PWS密钥更新当 前的 PWS密钥发生异常时, 还包括: The method according to claim 1, wherein, when the UE uses the received PWS key to update the current PWS key to be abnormal, the method further includes:
所述 UE接收来自于所述网络侧设备下发的 PWS消息, 其中, 所述 PWS 消息是采用所述更新的 PWS密钥进行加密的;  Receiving, by the UE, a PWS message sent by the network side device, where the PWS message is encrypted by using the updated PWS key;
所述 UE接收来自于所述网络侧设备下发的所述更新的 PWS密钥的标识; 在所述 UE采用所述当前的 PWS密钥对所述 PWS消息认证失败的情况下, 所述 UE向所述网络侧设备发送更新所述当前的 PWS密钥的请求消息, 其中, 所述请求消息携带有所述更新的 PWS密钥的标识;  The UE receives an identifier of the updated PWS key that is sent by the network side device; in a case that the UE fails to authenticate the PWS message by using the current PWS key, the UE Sending, to the network side device, a request message for updating the current PWS key, where the request message carries an identifier of the updated PWS key;
所述 UE接收来自于所述网络侧设备下发的所述更新的 PWS密钥。  The UE receives the updated PWS key delivered by the network side device.
9. 根据权利要求 1至 8中任一项所述的方法,其中,所述非接入层下行消息包括: 通告消息。 The method according to any one of claims 1 to 8, wherein the non-access stratum downlink message comprises: an announcement message.
10. 一种公共警报系统 PWS密钥的更新方法, 包括: 10. A public alarm system PWS key update method, including:
在满足预设条件时, 网络侧设备被触发发送更新的 PWS密钥信息, 其中, 所述 PWS密钥信息包括 PWS密钥;  When the preset condition is met, the network side device is triggered to send the updated PWS key information, where the PWS key information includes a PWS key;
所述网络侧设备通过非接入层下行消息向用户设备 UE 下发所述更新的 PWS密钥, 以使所述 UE采用接收到的 PWS密钥更新当前的 PWS密钥。  And the network side device sends the updated PWS key to the user equipment UE by using a non-access stratum downlink message, so that the UE updates the current PWS key by using the received PWS key.
11. 根据权利要求 10所述的方法, 其中, 所述预设条件包括以下之一: 达到预定时长; The method according to claim 10, wherein the preset condition comprises one of: reaching a predetermined duration;
所述网络侧设备接收到小区广播中心 CBC下发的密钥更新消息,其中,所 述密钥更新消息包括: 所述更新的 PWS密钥以及该 PWS密钥的标识。 The network side device receives the key update message sent by the cell broadcast center CBC, where the key update message includes: the updated PWS key and the identifier of the PWS key.
12. 根据权利要求 10所述的方法, 其中, 在所述 UE采用所述接收到的 PWS密钥 更新所述当前的 PWS密钥之后,还包括:所述网络侧设备下发所述更新的 PWS 密钥的标识。 The method according to claim 10, after the UE uses the received PWS key to update the current PWS key, the method further includes: the network side device delivering the updated The ID of the PWS key.
13. 根据权利要求 12所述的方法, 其中, 所述网络侧设备下发所述更新的 PWS密 钥的标识方式包括: 广播消息下发方式。 The method according to claim 12, wherein the manner in which the network side device delivers the updated PWS key comprises: a broadcast message delivery mode.
14. 根据权利要求 12所述的方法,其特征在于,在所述网络侧设备下发所述更新的 PWS密钥的标识之后, 还包括: The method according to claim 12, further comprising: after the network side device sends the identifier of the updated PWS key,
如果所述 UE保存的所述 PWS密钥的标识中未包括所述网络侧设备下发的 所述更新的 PWS密钥, 所述 UE发起 PWS密钥更新流程, 向所述网络侧设备 请求所述更新的 PWS密钥。  If the updated PWS key sent by the network side device is not included in the identifier of the PWS key saved by the UE, the UE initiates a PWS key update procedure, and requests the network side device The updated PWS key.
15. 根据权利要求 14所述的方法, 其中, 所述 UE发起 PWS密钥更新流程, 向所 述网络侧设备请求所述更新的 PWS密钥包括: The method of claim 14, wherein the UE initiates a PWS key update procedure, and the requesting, by the network side device, the updated PWS key comprises:
所述网络侧设备接收来自于所述 UE的更新所述当前的 PWS密钥的请求消 息, 其中, 所述请求消息携带有所述更新的 PWS密钥的标识;  The network side device receives a request message for updating the current PWS key from the UE, where the request message carries an identifier of the updated PWS key;
所述网络侧设备下发所述更新的 PWS密钥。  The network side device delivers the updated PWS key.
16. 根据权利要求 15所述的方法, 其中, 在所述网络侧设备下发所述更新的 PWS 密钥的标识之后, 在所述网络侧设备接收来自于所述 UE 的更新所述当前的 PWS密钥的请求消息之前, 还包括: The method according to claim 15, wherein after the network side device sends the identifier of the updated PWS key, the network side device receives an update from the UE to the current Before the request message of the PWS key, it also includes:
所述网络侧设备下发 PWS消息, 其中, 所述 PWS消息是采用所述更新的 PWS密钥进行加密的。  The network side device sends a PWS message, where the PWS message is encrypted by using the updated PWS key.
17. 根据权利要求 10所述的方法, 其中, 在所述 UE采用接收到的 PWS密钥更新 当前的 PWS密钥发生异常时, 还包括: The method according to claim 10, wherein, when the UE updates the current PWS key by using the received PWS key, the method further includes:
所述网络侧设备下发 PWS消息, 其中, 所述 PWS消息是采用所述更新的 PWS密钥进行加密的;  The network side device sends a PWS message, where the PWS message is encrypted by using the updated PWS key;
所述网络侧设备下发所述更新的 PWS密钥的标识;  Sending, by the network side device, an identifier of the updated PWS key;
在所述 UE采用所述当前的 PWS密钥对所述 PWS消息认证失败的情况下, 所述网络侧设备接收来自于所述 UE的更新所述当前的 PWS密钥的请求消息, 其中, 所述请求消息携带有所述更新的 PWS密钥的标识;  In a case that the UE fails to authenticate the PWS message by using the current PWS key, the network side device receives a request message for updating the current PWS key from the UE, where The request message carries an identifier of the updated PWS key;
所述网络侧设备下发所述更新的 PWS密钥。 The network side device delivers the updated PWS key.
18. 根据权利要求 10至 17中任一项所述的方法, 其中, 所述非接入层下行消息包 括: 通告消息。 The method according to any one of claims 10 to 17, wherein the non-access stratum downlink message comprises: an announcement message.
19. 一种公共警报系统 PWS密钥的更新装置, 包括: 19. A public alarm system PWS key update device, comprising:
第一接收模块, 设置为在满足预设条件时, 接收来自于网络侧设备通过非 接入层下行消息下发的更新的 PWS密钥信息, 其中, 所述 PWS密钥信息包括 PWS密钥;  The first receiving module is configured to: when the preset condition is met, receive the updated PWS key information that is sent by the network side device by using the non-access stratum downlink message, where the PWS key information includes a PWS key;
更新模块, 设置为采用接收到的 PWS密钥更新当前的 PWS密钥。  The update module is set to update the current PWS key with the received PWS key.
20. 根据权利要求 19所述的装置, 其中, 所述 PWS密钥信息还包括 PWS密钥的 标识, 所述装置还包括: The device according to claim 19, wherein the PWS key information further includes an identifier of the PWS key, and the device further includes:
保存模块, 设置为保存所述 PWS密钥的标识。  The save module is set to save the identifier of the PWS key.
21. 根据权利要求 20所述的装置, 其中, 所述装置还包括: The device according to claim 20, wherein the device further comprises:
第二接收模块,设置为接收来自于所述网络侧设备下发的所述更新的 PWS 密钥的标识;  a second receiving module, configured to receive an identifier of the updated PWS key delivered by the network side device;
判断模块, 设置为判断保存的所述 PWS 密钥的标识中是否包括接收到的 所述更新的 PWS密钥的标识, 如果包括, 则更新成功。  The judging module is configured to determine whether the identifier of the updated PWS key is included in the identifier of the saved PWS key, and if yes, the update succeeds.
22. 根据权利要求 21所述的装置, 其中, 所述装置还包括: 发送模块, 设置为在所述判断模块输出为否或者所述第一接收模块或者所 述更新模块执行操作发生异常时, 向所述网络侧设备发送更新所述当前的 PWS 密钥的请求消息, 其中, 所述请求消息携带有所述更新的 PWS密钥的标识; 第三接收模块,设置为接收来自于所述网络侧设备下发的所述更新的 PWS 密钥。 The device according to claim 21, wherein the device further comprises: a sending module, configured to: when the output of the determining module is negative or the operation of the first receiving module or the updating module is abnormal, Sending, to the network side device, a request message for updating the current PWS key, where the request message carries an identifier of the updated PWS key; and a third receiving module is configured to receive from the network The updated PWS key delivered by the side device.
23. 根据权利要求 19所述的装置, 其中, 所述装置还包括: 第四接收模块, 设置为接收来自于所述网络侧设备下发的 PWS 消息, 其 中, 所述 PWS消息是采用所述更新的 PWS密钥进行加密的。 The device according to claim 19, wherein the device further comprises: a fourth receiving module, configured to receive a PWS message sent by the network side device, where the PWS message is The updated PWS key is encrypted.
24. 一种公共警报系统 PWS密钥的更新装置, 包括: 24. A public alarm system PWS key update device, comprising:
触发模块, 设置为在满足预设条件时, 触发网络侧设备发送更新的 PWS 密钥信息, 其中, 所述 PWS密钥信息包括 PWS密钥; 第一下发模块, 设置为通过非接入层下行消息下发所述更新的 PWS密钥, 以使所述 UE采用接收到的 PWS密钥更新当前的 PWS密钥。 The triggering module is configured to: when the preset condition is met, trigger the network side device to send the updated PWS key information, where the PWS key information includes a PWS key; The first sending module is configured to send the updated PWS key by using a non-access stratum downlink message, so that the UE updates the current PWS key by using the received PWS key.
25. 根据权利要求 24所述的装置, 其中, 所述装置还包括: The device according to claim 24, wherein the device further comprises:
第二下发模块, 设置为下发所述更新的 PWS密钥的标识。  The second sending module is configured to send the identifier of the updated PWS key.
26. 根据权利要求 25所述的装置, 其中, 所述装置还包括: The device according to claim 25, wherein the device further comprises:
第五接收模块,设置为接收来自于所述 UE的更新所述当前的 PWS密钥的 请求消息, 其中, 所述请求消息携带有所述更新的 PWS密钥的标识;  a fifth receiving module, configured to receive a request message for updating the current PWS key from the UE, where the request message carries an identifier of the updated PWS key;
第三下发模块, 设置为下发所述更新的 PWS密钥。  The third sending module is configured to deliver the updated PWS key.
27. 根据权利要求 24所述的装置, 其中, 所述装置还包括: 27. The device according to claim 24, wherein the device further comprises:
第四下发模块, 设置为下发 PWS消息, 其中, 所述 PWS消息是采用所述 更新的 PWS密钥进行加密的。  The fourth sending module is configured to send a PWS message, where the PWS message is encrypted by using the updated PWS key.
PCT/CN2012/077423 2011-10-25 2012-06-25 Method and device for updating pws key WO2013060154A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2011103277436A CN103079197A (en) 2011-10-25 2011-10-25 Method and device for updating public warning system (PWS) secret key
CN201110327743.6 2011-10-25

Publications (1)

Publication Number Publication Date
WO2013060154A1 true WO2013060154A1 (en) 2013-05-02

Family

ID=48155581

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/077423 WO2013060154A1 (en) 2011-10-25 2012-06-25 Method and device for updating pws key

Country Status (2)

Country Link
CN (1) CN103079197A (en)
WO (1) WO2013060154A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103888261B (en) * 2014-03-24 2017-10-27 北京智谷睿拓技术服务有限公司 Certificate update method and device
CN107800502B (en) * 2016-08-31 2019-05-31 深圳市中兴微电子技术有限公司 The method and device switched between encryption and decryption mode
CN110234102B (en) * 2018-07-13 2020-12-29 Oppo广东移动通信有限公司 Communication method and apparatus

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010118571A1 (en) * 2009-04-15 2010-10-21 华为技术有限公司 Method, apparatus and system for receiving public warning system (pws) messages
CN101959134A (en) * 2009-07-13 2011-01-26 华为技术有限公司 Transmitting and receiving methods, device and system of public warning system (PWS) messages

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010118571A1 (en) * 2009-04-15 2010-10-21 华为技术有限公司 Method, apparatus and system for receiving public warning system (pws) messages
CN101959134A (en) * 2009-07-13 2011-01-26 华为技术有限公司 Transmitting and receiving methods, device and system of public warning system (PWS) messages

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ZTE CORPORATION.: "PWS Key Update Improvements", 3GPP TSG-SA3 (SECURITY) SA3#64, 15 July 2011 (2011-07-15), pages 3 - 110703 *

Also Published As

Publication number Publication date
CN103079197A (en) 2013-05-01

Similar Documents

Publication Publication Date Title
WO2018171703A1 (en) Communication method and device
US20150319172A1 (en) Group authentication and key management for mtc
KR101600220B1 (en) Management of public keys for verification of public warning messages
US20140150064A1 (en) Authentication of Warning Messages in a Network
CN102457844A (en) Method and system for managing group key in M2M (machine-to-machine) group authentication
CN109756900B (en) Method and device for improving UE identification security and computer storage medium
JP2021525987A (en) Network legality verification methods and devices, computer storage media
WO2010028603A1 (en) Key generation method and system when a tracking area is updated
WO2013107152A1 (en) Pws signature information verification method, device and system
WO2013060154A1 (en) Method and device for updating pws key
US20150236851A1 (en) Method and apparatus for updating ca public key, ue and ca
WO2012167637A1 (en) Method and network entity for sending public warning system secret key message to terminal
JP5147450B2 (en) Paging signal transmission method and mobile station
US8577282B2 (en) Method for reporting multi-address information, mobile station and authentication organization system
CN102833743B (en) Transmission, update method and the relevant device of public warning system key updating information
EP2490472B1 (en) Communicating network features during a routing area update procedure
EP2785003A1 (en) Methods, apparatuses and computer program products enabling to improve public warning systems
US10827347B1 (en) Dynamic identities in a mobile device
WO2013004103A1 (en) Updating method for pws key in wireless communication system, network side apparatus and terminal
US20150296375A1 (en) Methods, devices, and computer program products improving the public warning system for mobile communication
CN111132167B (en) Method for 5G user terminal to access 5G network, user terminal equipment and medium
WO2015036022A1 (en) Paging procedure in a control node
WO2012171392A1 (en) Method and system for configuring public warning system key information in wireless communication system
WO2013117070A1 (en) Public alarm system security information sending method, device, and system
WO2012174874A1 (en) Method for sending and updating public warning system key update information and corresponding device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12844507

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12844507

Country of ref document: EP

Kind code of ref document: A1