WO2013075417A1 - Method and system for generating key during handover - Google Patents

Method and system for generating key during handover Download PDF

Info

Publication number
WO2013075417A1
WO2013075417A1 PCT/CN2012/071474 CN2012071474W WO2013075417A1 WO 2013075417 A1 WO2013075417 A1 WO 2013075417A1 CN 2012071474 W CN2012071474 W CN 2012071474W WO 2013075417 A1 WO2013075417 A1 WO 2013075417A1
Authority
WO
WIPO (PCT)
Prior art keywords
kenb
base station
mme
key
target
Prior art date
Application number
PCT/CN2012/071474
Other languages
French (fr)
Chinese (zh)
Inventor
曹岚健
余万涛
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2013075417A1 publication Critical patent/WO2013075417A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
    • H04W36/0038Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information

Definitions

  • the present invention relates to a key generation technique, and in particular, to a key generation method and system in a handover process. Background technique
  • EPS 3rd Generation Partnership Project
  • Evolved Packet System Evolved Packet System
  • E-UTRAN Evolved Universal Terrestrial Radio Access Network
  • EPS core Evolved Packet Core
  • E-UTRAN base station apparatus an evolved Node B (eNB, Evolved Node B) composition
  • EPS core network including a mobility management entity (MME, Mobility Management Entity) 0 user equipment (UE, User Equipment) through the wireless air interface and eNB Communication, and communication with the MME through the eNB.
  • MME mobility management entity
  • UE User Equipment
  • the protocol layer is divided into an access layer (AS, Access Stratum) and a non-access stratum (NAS, Non Access Stratum).
  • AS access layer
  • NAS Non Access Stratum
  • the EPS system is designed with a two-layer security protection mechanism, that is, the EPS system requires AS and NAS to use different security keys respectively.
  • the root key Kasme is negotiated.
  • the UE and the MME respectively save the root key Kasme and evolve the AS security key and the NAS security key respectively through Kasme.
  • the handover procedure of E-UTRAN supports handover between inter-eNB (Inter-eNB) and radio access (Inter-RAT).
  • Inter-RAT handover is supported by the S1 interface handover signaling procedure;
  • Inter-eNB handover is supported by the S1 or X2 interface handover signaling procedure.
  • the system performs handover between eNBs using the X2 interface.
  • the key generation and distribution process in the current latest handover process is as follows:
  • the UE sends an initial NAS message to the MME to initiate the conversion from the ECM-IDLE state to the ECM-CON ECTED state.
  • the MME initial NAS message includes the updated NAS COUNT and the key KeNB generated according to its own Kasme.
  • the MME initializes the next hop chaining counter (NCC, Next hop Chaining Counter) value.
  • NCC Next hop Chaining Counter
  • the MME generates the next hop It (NH, Next Hop Parameter) using the initially generated KeNB and its own saved Kasme, and updates the NCC value to 1.
  • the MME transmits the KeNB to the eNB, and the eNB uses the KeNB received from the MME as the initial key.
  • the eNB sends an AS security mode command to the UE, and the UE derives the KeNB using the NAS uplink COUNT value and its own saved Kasme.
  • the key generation and distribution process during the first X2 handover in the above scheme is not the first X2 cut Inconsistent key generation and distribution processes result in additional resource consumption.
  • the source eNB derives the key KeNB of the target eNB and sends it to the target eNB.
  • the source eNB may derive the key KeNB when the UE next hops, which may be utilized, thereby causing security risks of the communication system.
  • the main object of the present invention is to provide a key generation method and system in a handover process, which can avoid the key KeNB determined by the base station to determine the next hop in the UE handover process, and ensure the security of the communication system.
  • a key generation method in a handover process comprising:
  • the network side uses the NH to generate a next hop key KeNB; wherein the NH generated by the network side does not notify the base station.
  • the method further includes:
  • the network side and the UE side respectively synchronize the next hop key KeNB with the next hop counter NCC value notified by the target base station; the network side notifies the generated next hop key KeNB Target base station.
  • the using the NH to generate a next hop key KeNB is:
  • the next hop key KeNB is generated using the NH, the cell identity of the target base station, and the target universal terrestrial radio access UTRA downlink carrier frequency number.
  • the method further includes:
  • the initial next hopping key KeNB is generated by the network side based on the root key Kasme and the non-access stratum uplink counter NAS UL COUNT value; the network side initializes the NH according to the root keys Kasme and KeNB.
  • the method further includes:
  • the target base station will receive the next hop counter NCC value from the source base station and the target base station
  • the selected encryption and integrity protection algorithm notifies the UE by the source base station
  • the method further includes:
  • the target base station After receiving the handover confirmation of the UE, the target base station notifies the network side of the NCC value received from the source base station;
  • the target base station generates an encryption and decryption key and an integrity key for the user plane and the message plane, respectively, based on the received next hop key KeNB.
  • the network side is a mobility management unit MME.
  • the method further includes:
  • the source MME determines the NH corresponding to the NCC value received from the source base station, and sends the received NCC value and its corresponding NH to the target MME;
  • the target MME generates a next hop key KeNB according to the received NH, and increments the NCC value by one, and notifies the target base station of the next hop key KeNB and the added NCC value; the target base station selects encryption. And an integrity algorithm, and notifying the UE by the encryption and integrity algorithm and the received NCC value through the target MME, the source MME, and the source base station;
  • the UE determines an NH corresponding to the currently received NCC value, and generates a new next hop key KeNB according to the determined NH.
  • a key generation system in a handover process including an MME, a base station, and a UE, where: in the UE handover process, the MME uses the NH to generate a next hop key KeNB; wherein the NH generated by the MME does not notify the base station.
  • the MME and the UE side respectively synchronize the next hop key KeNB with the NCC value notified by the target base station; and the MME notifies the generated next hop key KeNB to the target base station.
  • the UE and the MME generate a next hop key KeNB by using the NH, the cell identifier of the target base station, and the target UTRA downlink carrier frequency number.
  • the MME is further configured to: generate an initial next hop key KeNB according to the root key Kasme and NAS UL COUNT values; and the root keys Kasme and KeNB initialize the NH.
  • the target base station is configured to notify the UE by the source base station by using an NCC value received from the source base station and an encryption and integrity protection algorithm selected by the target base station;
  • the UE is configured to determine an NH corresponding to the currently received NCC value, generate a new KeNB according to the determined NH, and generate an encryption and decryption key and an integrity key according to the new KeNB.
  • the target base station is configured to: after receiving the handover confirmation of the UE, notify the MME of the NCC value received from the source base station; and generate an encryption and decryption key and an integrity key according to the KeNB received from the MME. Key
  • the MME is configured to determine an NH corresponding to the currently received NCC value, generate a new KeNB according to the determined NH, and notify the target KeNB of the new KeNB.
  • the source MME is configured to determine an NH corresponding to the NCC value received from the source base station, and send the received NCC value and its corresponding NH to the target MME;
  • the target MME is configured to generate a KeNB according to the received NH, and increase the NCC value by one, and notify the target base station of the KeNB and the added NCC value;
  • the target base station is configured to: select an encryption and integrity algorithm, and notify the UE of the encryption and integrity algorithm and the received NCC value by the target MME, the source MME, and the source base station;
  • the UE is configured to determine an NH corresponding to the currently received NCC value, and generate a new KeNB according to the determined NH.
  • the UE and the MME use the NH to generate the next hop key KeNB; and the NH generated by the MME is not notified to the base station. In this way, since the base station cannot acquire the NH, the next hop key KeNB cannot be generated, and the possibility of illegally acquiring the next hop key KeNB is avoided, and forward security is ensured.
  • the invention greatly enhances the security of the communication system.
  • FIG. 1 is a flowchart of key generation in an X2 handover process between eNBs in a long term evolution system according to an embodiment of the present invention
  • FIG. 2 is a flowchart of key generation for the first handover to the X2 handover procedure according to an embodiment of the present invention
  • FIG. 3 is a key generation process during an X2 handover procedure in a case where a UE, an eNB, and an MME have a security context according to an embodiment of the present invention
  • FIG. 4 is a flowchart of key generation in S1 handover according to an embodiment of the present invention. detailed description
  • the basic idea of the present invention is: In the X2 handover process, the source eNB no longer derives the next hop key for the target eNB, and the source eNB only provides the target eNB with the next hop counter NCC value.
  • the target eNB uses the NCC value to keep the NHs in the UE and the MME in synchronization, so that the same KeNB is stored in the UE and the MME.
  • the target eNB applies for the same KeNB as the UE to the MME by using the NCC value, so that the KeNB of the UE and the KeNB of the UE are kept consistent.
  • the NH does not leave the MME, the eNB cannot obtain the NH, and the eNB does not have the ability to derive the NH (the calculation NH must have the Kasme). Therefore, the source eNB cannot obtain the KeNB of the target eNB in the next hop, and solves the forward security. problem.
  • the key generation and distribution process in the X2 handover process between the LTE base station eNBs specifically includes the following steps:
  • Step 101 In the initial process, the MME does not send the NH to the source eNB, and the MME only sends the NCC value to the source e
  • the initial procedure refers to the process of establishing an AS security context in the source eNB before the X2 handover occurs.
  • the AS security context already exists in the source eNB before the X2 handover occurs on the source eNB.
  • the process of establishing the security context may be an initial connection request (such as an attach request, a Tracking Area Update (TAU) request, etc.), Intra. - eNB handover, X2 handover, S1 handover or Inter-RAT handover, and the like.
  • the MSC sends an NCC value to the source eNB in the AS security context sent to the eNB.
  • Step 102 The source eNB sends an X2 handover request to the target eNB, that is, the source eNB sends an X2 handover request message to the target eNB, where the X2 handover request message includes an NCC value.
  • the NCC value is the NCC value that the MME sends to the source eNB in step 101.
  • Step 103 The target eNB sends the NCC value to the UE and the MME, and the UE and the MME synchronize the NH by using the NCC value, and use the NH to generate the same KeNB.
  • the target eNB notifies the UE of the NCC value in the handover command by the source eNB, and the UE compares the NCC value obtained from the target eNB with the NCC value saved by itself, and uses the NCC value obtained from the target eNB and the NCC value saved by itself.
  • the difference between the NHs is synchronized.
  • the so-called synchronization means that the NCC value stored in the general UE is smaller than the NCC value notified by the network side, and the KeNB needs to be generated using the NCC value notified by the network side.
  • the target eNB notifies the MME of the NCC value in the path switch request, and the MME compares the NCC value obtained from the target eNB with the NCC value saved by itself, using the NCC value obtained from the target eNB and the NCC value saved by itself.
  • the difference is NH synchronized.
  • the NCC values stored in the MME and the NCC values obtained from the target eNB in the present invention should be equal. This step can ensure that the same ⁇ NH, NCC ⁇ pair is present at the UE and the MME.
  • the UE uses the KeNB to generate an RRC/UP encryption and decryption key and an integrity key for data and signaling, respectively.
  • Step 104 The MME will generate a KeNB by using the synchronized NH, and the KeNB is consistent with the KeNB saved in the UE.
  • the MME carries the KeNB in the path switch request response message and sends the KeNB to the target eNB.
  • the target eNB uses the KeNB to generate an RRC/UP encryption/decryption key and a integrity key for data and signaling, respectively.
  • the RRC/UP encryption and decryption key and the integrity key are consistent with the RRC/UP plus decryption key and integrity key derived in the UE.
  • FIG. 2 is a flow chart of key generation for the first handover to the X2 handover procedure according to an embodiment of the present invention
  • FIG. 2 is a first handover initiated by an eNB that establishes a connection with the UE after establishing an initial connection, where The first switching process is the X2 switching process.
  • this embodiment is a complete process of key generation and key distribution in the X2 handover process, and specifically includes the following steps: Step 200: Establish an initialization AS security context in the UE and the MME, and the purpose is to initialize NH.
  • the MME transmits the NCC value to the source eNB through the SI AP Initialization Context Setup Request message; the UE initializes the ⁇ NH, NCC ⁇ pair and initializes the KeNB.
  • step 200 initial AS security is established in the MME.
  • the NAS UL COUNT is the NAS uplink counter in the initial connection request; if there is an Authentication Key Agreement (AKA) procedure before the AS SMC procedure, the NAS UL COUNT is the NAS uplink counter in the AKA procedure.
  • KDF represents a key algorithm. Specifically, the information corresponding to Kasme and NAS UL COUNT is sequentially arranged as a key.
  • the NCC value is sent to the eNB. Specifically, the eNB sends an SI AP initial context setup request message to the eNB, where the NCC value is carried in the SI AP initial context setup request message, and is sent by the MME to the eNB.
  • the eNB is the source eNB in the X2 handover procedure.
  • the MME does not send NH to the eNB.
  • step 200 the MME sends the NCC value to the eNB. Specifically, after receiving the NCC value sent by the MME, the eNB saves the NCC value.
  • Step 201 The UE sends a measurement report to the source eNB.
  • the source eNB decides to initiate an X2 handover to the target eNB through the measurement report.
  • Step 202 The source eNB sends a handover request to the target eNB, and the source eNB sends the next hop counter NCC value saved by itself to the target eNB in the handover request.
  • the source eNB also forwards the current AS security context of the source eNB and the security capability of the UE to the target eNB.
  • Step 204 The target eNB performs a handover request response message to the source eNB.
  • the handover request response message includes a transmission container, where the transmission container includes an NCC value saved by the target eNB, and an encryption and integrity protection algorithm identifier selected by the target eNB (EIA). , EEA), etc.
  • Step 205 The source eNB sends a handover command to the UE, where the handover command includes the transmission container received from the target eNB in step 204.
  • the source eNB encrypts and integrity protects the message using the current AS security context.
  • the UE extracts the NCC value therein.
  • the UE compares the NCC value received from the source eNB with the NCC value it holds.
  • the UE synchronizes its own ⁇ NH, NCC ⁇ pair to the ⁇ NH, NCC ⁇ pair corresponding to the received NCC value according to the difference between the NCC value received from the source eNB and the NCC value saved by itself.
  • the UE saves the ⁇ NH, NCC ⁇ pair generated by this synchronization.
  • Step 207 After the UE synchronizes the NH, the UE calculates the KeNB by using the NH.
  • the UE calculates an RRC/UP encryption/decryption key and an integrity key for data and signaling according to the received EEA, EIA, and the KeNB updated by itself, and replaces the current AS security context.
  • Step 208 The UE sends a handover confirmation message to the target eNB. This message is protected by the current AS security context of the UE, and the current AS security context of the UE has been updated in step 207.
  • Step 209 The target eNB sends a path switch request message to the MME.
  • the target eNB notifies the MME of the NCC value saved by itself.
  • the NCC value is the same as the NCC value received by the UE in step 206; the target eNB also sends its PCI and EARFCN_DL to the MME for deriving KeNB*.
  • Step 210 After receiving the path switch message from the target eNB, the MME extracts the NCC value. The MME compares the received NCC value with the NCC value saved by itself. If the MME is the same, the MME will take out the NH in the ⁇ NH, NCC ⁇ pair associated with the NCC value; if different, the MME will calculate and receive the received The NH associated with the NCC value.
  • the NCC value stored in the MME is greater than or equal to the NCC value received from the target eNB, and the MME stores the NH associated with the NCC value.
  • Step 213 The MME sends a path switch request response message to the target eNB, where the path switch request response message carries a new NCC value and the KeNB calculated in step 211.
  • the NCC value will be used for the NH synchronization between the UE and the MME of the next hop; the KeNB is consistent with the KeNB held in the UE.
  • the KeNB will be used by the target eNB to generate RRC/UP encryption and decryption keys and integrity keys for data and signaling.
  • Step 214 the target eNB will save the new NCC value, and calculate the RRC/UP encryption and decryption key and the integrity key using the KeNB and the EEA and EIA selected by the KeNB.
  • the target eNB will decrypt and verify the handover acknowledgment message received in step 208 using the newly generated AS security context.
  • Step 215 The target eNB sends a release resource message to the source eNB. After receiving the release resource message from the target eNB, the source eNB deletes all AS-related security contexts associated with the UE.
  • FIG. 3 is a flowchart of key generation in an X2 handover process in a case where a UE, an eNB, and an MME have a security context according to an embodiment of the present invention
  • FIG. 3 is that an AS security context is already present between the UE and the source eNB before the X2 handover is performed.
  • the MME also has a partial AS security context. These security contexts are generated by signaling interactions between previous UEs, eNBs, and MMEs. These signaling interactions may be previous initial connection procedures, handover procedures, and the like.
  • This embodiment is a complete flow of key generation and key distribution in the X2 handover process in the case where the UE, the eNB, and the MME have a security context. The process includes the following steps:
  • the UE Before the UE initiates the measurement report, the UE holds the ⁇ NH, NCC ⁇ pair, which is denoted as NCCJJE; the source eNB has an NCC value, which is denoted as NCC_eNB; and the MME holds the ⁇ NH, NCC ⁇ pair, which is denoted as NCC-MME.
  • the previous signaling interaction process can ensure that the NCC-UE is less than or equal to the NCC-eNB; and the NCC-eNB is less than or equal to the NCC-MME.
  • Step 301 The UE sends a measurement report to the source eNB.
  • the source eNB decides to initiate an X2 handover to the target eNB through the measurement report.
  • Step 302 the source eNB requests the target eNB sends a handover message to the handover request message carries an active saved e NB NCC- eNB.
  • the source eNB also forwards the current AS security context of the source eNB and the security capability of the UE to the target eNB.
  • Step 303 After receiving the handover request message of the source eNB, the target eNB saves the received NCC-eNB. The target eNB also selects an RRC/UP encryption and integrity protection algorithm based on the received UE security capabilities.
  • Step 304 The target eNB sends a handover request response message to the source eNB, where the handover request response message includes a transmission container, where the transmission container includes the target NCC-eNB, the encryption and integrity protection algorithm identifier (EIA, EEA) selected by the target eNB. Wait.
  • EIA encryption and integrity protection algorithm identifier
  • Step 305 The source eNB sends a handover command to the UE, where the handover command includes the transmission container received from the target eNB in step 304.
  • Step 306 After receiving the handover command sent by the source eNB, the UE decrypts and completes the message using the current AS security context.
  • the UE extracts the NCC value therein.
  • the UE compares the NCC value received from the source eNB with the NCC value it holds.
  • the UE synchronizes its own ⁇ NH, NCC ⁇ pair to the ⁇ NH, NCC ⁇ pair corresponding to the received NCC value according to the difference between the NCC value received from the source eNB and the NCC value saved by itself.
  • the UE saves the ⁇ NH, NCC ⁇ pair generated by this synchronization.
  • Step 308 The UE sends a handover confirmation message to the target eNB.
  • Step 309 The target eNB sends a path switch request message to the MME.
  • the target eNB notifies the MME of the NCC-eNB that it holds, and the target eNB notifies the MME of its PCI and EARFCN_DL.
  • Step 310 After receiving the path switch message from the target eNB, the MME extracts the NCC-eNB carried in the path switch message.
  • the MME compares the NCC_eNB with the NCC_MME stored by itself, and if the same, the MME extracts the NH in the ⁇ NH, NCC ⁇ pair associated with the NCC_MME; if different, the MME calculates the association with the received NCC_eNB. Li.
  • Step 311 After the MME synchronizes the NH, the MME calculates the KeNB by using the NH.
  • Step 313 The MME sends a path switch request response message to the target eNB, where the new NCC value and the KeNB calculated in step 311 are attached.
  • the NCC value will be used for the NH synchronization between the UE and the MME of the next hop; the KeNB and the KeNB held in the UE are consistent.
  • the KeNB will be used by the target eNB to generate RRC/UP encryption and decryption keys and integrity keys for data and signaling.
  • step 314 the target eNB will save the new NCC value, and use the KeNB and its selected EEA, EIA to calculate the RRC/UP encryption and decryption key and integrity key for data and signaling.
  • the target eNB will use the newly generated AS security context for the handover received in step 308.
  • the message is decrypted and integrity verified.
  • Step 315 The target eNB sends a release resource message to the source eNB. After receiving the release resource message from the target eNB, the source eNB deletes all AS-related security contexts associated with the UE.
  • the key generation process shown in FIG. 2 is only a special case of the process shown in FIG. 3, whether the first handover is the X2 handover process, or the X2 handover occurs in the UE and the eNB.
  • the present invention can keep the flow of the X2 handover process consistent and ensure forward security.
  • FIG. 4 is a flowchart of key generation in S1 handover according to an embodiment of the present invention
  • FIG. 4 is a key generation and key distribution process in an S1 handover, wherein, in order to ensure forward security in the X2 handover process, the handover process is performed in S1. It is also necessary to make the eNB unable to obtain the NH, so that the source eNB does not have the capability of deriving the KeNB of the target eNB, and specifically includes the following steps:
  • Step 401 The UE sends a measurement report to the source eNB.
  • the UE, the source eNB, and the source MME maintain the AS security context of the UE.
  • Step 402 The source eNB initiates a handover request to the source MME, where the handover requirement related message includes an NCC value saved by the source eNB.
  • Step 403 The source MME synchronizes the ⁇ NH, NCC ⁇ pair according to the NCC value received from the source eNB.
  • the source MME sends a Forwarding Relocation Request message to the target MME to send the synchronized ⁇ NH, NCC ⁇ pair and the Kasme and eKSI to the target MME.
  • Step 404 The target MME first calculates the KeNB according to the received ⁇ NH, NCC ⁇ pair, and then adds 1 to the NCC value to calculate a new ⁇ NH, NCC ⁇ pair.
  • the new ⁇ NH, NCC ⁇ pair is used for the generation of the next hop key.
  • Step 405 The target MME sends a handover request message to the target eNB.
  • the handover request message includes the KeNB and the new NCC value calculated in step 404.
  • the target MME does not send ⁇ to the target e phoenix
  • Step 406 The target eNB selects an encryption and integrity protection algorithm, and the selected encryption and integrity protection algorithm identifier and the NCC value are carried in the handover request response message, and are sent to the target MME.
  • Step 407 The target MME forwards the relocation response message to the source MME, where the relocation response message includes the NCC value, the encryption and the integrity protection algorithm identifier saved in the target eNB.
  • Step 408 The source MME sends a handover command to the source eNB, where the NCC value, the encryption and the integrity protection algorithm identifier saved in the target eNB are included.
  • Step 409 The source eNB sends a handover command to the UE, where the NCC value, the encryption and the integrity protection algorithm identifier saved in the target eNB are included.
  • Step 410 The UE synchronizes the ⁇ NH, NCC ⁇ pair according to the NCC value received from the source eNB, and calculates the KeNB by using the synchronized NH.
  • the UE calculates the encryption and decryption key and the integrity key for data and signaling based on the received encryption and integrity protection algorithm identification and the KeNB.
  • Step 411 The UE sends a handover confirmation message to the target eNB.
  • AS security is established between the UE and the target eNB.
  • the present invention also describes a key generation system in a handover process, including an MME, a base station, and a UE, where:
  • the MME uses the NH to generate a next hop key KeNB; wherein the NH generated by the MME does not notify the base station.
  • the MME and the UE side respectively use the NCC value notified by the target base station to synchronize the next hop key KeNB; and the MME notifies the generated next hop key KeNB to the target base station.
  • the UE and the MME generate a next hop key KeNB by using the NH, the cell identifier of the target base station, and the target universal terrestrial radio access UTRA downlink carrier frequency.
  • the MME is further configured to generate an initial next hop key KeNB according to the root key Kasme and the NAS UL COUNT value; and the root keys Kasme and KeNB initialize the NH.
  • the target base station is configured to: notify, by the source base station, the NCC value received from the source base station and the encryption and integrity protection algorithm selected by the target base station;
  • the UE is configured to determine an NH corresponding to the currently received NCC value, generate a new KeNB according to the determined NH, and generate an encryption and decryption key and an integrity key according to the new KeNB.
  • the target base station is configured to: after receiving the handover confirmation of the UE, notify the MME of the NCC value received from the source base station; and generate an encryption and decryption key and an integrity key according to the KeNB received from the MME. Key
  • the MME is configured to determine an NH corresponding to the currently received NCC value, generate a new KeNB according to the determined NH, and notify the target KeNB of the new KeNB.
  • the source MME is configured to: determine an NH corresponding to the NCC value received from the source base station, and send the received NCC value and its corresponding NH to the target MME;
  • the target MME is configured to generate a KeNB according to the received NH, and increase the NCC value by one, and notify the target base station of the KeNB and the added NCC value;
  • the target base station is configured to: select an encryption and integrity algorithm, and notify the UE of the encryption and integrity algorithm and the received NCC value by the target MME, the source MME, and the source base station;
  • the UE is configured to determine an NH corresponding to the currently received NCC value, and generate a new KeNB according to the determined NH.
  • the functions of the network elements in the key generation system in the example switching process can be understood by referring to the related descriptions of the foregoing FIGS. 1 to 4.
  • the key generation system is based on the existing network structure, and only the corresponding network element function has been modified.
  • the network structure can still be understood by referring to the existing network structure.
  • the source eNB no longer derives the next hop key for the target eNB, and the source eNB only provides the next hop variable counter NCC value for the target eNB.
  • the target eNB uses the NCC value to keep the NHs in the UE and the MME in synchronization, so that the same KeNB is stored in the UE and the MME.
  • the target eNB applies for the same KeNB as the UE to the MME using the NCC value, thereby keeping its own KeNB and the KeNB of the UE consistent.
  • the NH does not leave the MME, the eNB cannot obtain the NH, and the eNB does not have the ability to derive the NH (the calculation NH must have the Kasme). Therefore, the source eNB cannot obtain the KeNB of the target eNB in the next hop, and solves the forward security. problem.

Abstract

Disclosed are a method and system for generating a key during handover. The method comprises: during UE handover, a network side using a next hop parameter NH to generate a next hop key KeNB, the NH generated by the network side being not notified to a base station; the network side and the UE side each using the value of a next hop counter NCC notified by a target base station to synchronize the next hop key KeNB; the network side notifying the generated next hop key KeNB to the target base station. The base station cannot obtain any NH, and therefore cannot generate the next hop key KeNB, so as to eliminate the possibility of illegally obtaining the next hop key KeNB, thereby ensuring forward security. The present invention significantly improves the security of a communications system.

Description

切换过程中密钥生成方法及系统 技术领域  Key generation method and system in handover process
本发明涉及密钥生成技术, 尤其涉及一种切换过程中密钥生成方法及 系统。 背景技术  The present invention relates to a key generation technique, and in particular, to a key generation method and system in a handover process. Background technique
第三代合作伙伴计划 (3GPP, 3rd Generation Partnership Project )演进 的分组系统(EPS, Evolved Packet System )是由演进的通用地面无线接入 网络 ( E-UTRAN, Evolved Universal Terrestrial Radio Access Network )和 EPS核心网 (Evolved Packet Core )组成。 E-UTRAN由基站设备一演进节 点 B( eNB, Evolved Node B )组成, EPS核心网包括移动性管理实体( MME, Mobility Management Entity )0 用户设备(UE, User Equipment )通过无线 空中接口与 eNB进行通信, 并且通过 eNB与 MME进行通信。 The 3rd Generation Partnership Project (EPS) evolved packet system (EPS, Evolved Packet System) is an Evolved Universal Terrestrial Radio Access Network (E-UTRAN) and EPS core. Evolved Packet Core. E-UTRAN base station apparatus an evolved Node B (eNB, Evolved Node B) composition, EPS core network including a mobility management entity (MME, Mobility Management Entity) 0 user equipment (UE, User Equipment) through the wireless air interface and eNB Communication, and communication with the MME through the eNB.
长期演进( LTE, Long Term Evolution ) 系统的通信协议架构中, 协议 层被分成了接入层(AS, Access Stratum )和非接入层(NAS, Non Access Stratum )。 EPS系统设计了双层安全保护机制, 即 EPS系统要求 AS和 NAS 分别使用不同的安全密钥。  In the communication protocol architecture of the Long Term Evolution (LTE) system, the protocol layer is divided into an access layer (AS, Access Stratum) and a non-access stratum (NAS, Non Access Stratum). The EPS system is designed with a two-layer security protection mechanism, that is, the EPS system requires AS and NAS to use different security keys respectively.
UE和 MME之间通过鉴权与密钥协商 ( AKA, Authentication and Key Agreement )过程后, 协商出根密钥 Kasme。 UE和 MME分别保存根密钥 Kasme , 并且通过 Kasme分别演进出 AS安全密钥和 NAS安全密钥。  After the authentication and key agreement (AKA) process between the UE and the MME, the root key Kasme is negotiated. The UE and the MME respectively save the root key Kasme and evolve the AS security key and the NAS security key respectively through Kasme.
E-UTRAN 的切换过程支持 eNB 之间 ( Inter-eNB ) 和无线接入之间 ( Inter-RAT )的切换。 Inter-RAT切换由 S1接口切换信令过程支持; Inter-eNB 切换由 S1或 X2接口切换信令过程支持。 通常系统使用 X2接口执行 eNB 之间的切换。 现有的最新切换过程中密钥生成和分发过程具体如下: The handover procedure of E-UTRAN supports handover between inter-eNB (Inter-eNB) and radio access (Inter-RAT). Inter-RAT handover is supported by the S1 interface handover signaling procedure; Inter-eNB handover is supported by the S1 or X2 interface handover signaling procedure. Usually the system performs handover between eNBs using the X2 interface. The key generation and distribution process in the current latest handover process is as follows:
初始过程时, UE向 MME发送一个初始 NAS消息, 发起 ECM-IDLE 态到 ECM-CON ECTED 态的转换, MME初始 NAS 消息中包含更新的 NAS COUNT和根据自身的 Kasme所生成的密钥 KeNB。  During the initial process, the UE sends an initial NAS message to the MME to initiate the conversion from the ECM-IDLE state to the ECM-CON ECTED state. The MME initial NAS message includes the updated NAS COUNT and the key KeNB generated according to its own Kasme.
MME初始化下一跳变计数器( NCC, Next hop Chaining Counter )值为 The MME initializes the next hop chaining counter (NCC, Next hop Chaining Counter) value.
0。 0.
MME利用初始产生的 KeNB和自身保存的 Kasme产生出下一跳变参 It ( NH, Next Hop Parameter ), 并且更新 NCC值为 1。 MME将产生的 NH 和更新的 NCC值绑定在一起, 为 {NH, NCC=1 }对,并保存 { NH, NCC=1}。  The MME generates the next hop It (NH, Next Hop Parameter) using the initially generated KeNB and its own saved Kasme, and updates the NCC value to 1. The MME binds the generated NH and the updated NCC value to {NH, NCC=1 } pairs and saves { NH, NCC=1}.
MME将 KeNB发送给 eNB, eNB使用从 MME处接收到的 KeNB为初 始密钥。 eNB发送 AS安全模式命令给 UE, UE使用 NAS uplink COUNT 值和自身保存的 Kasme来推导 KeNB。  The MME transmits the KeNB to the eNB, and the eNB uses the KeNB received from the MME as the initial key. The eNB sends an AS security mode command to the UE, and the UE derives the KeNB using the NAS uplink COUNT value and its own saved Kasme.
第一次 X2切换时 , 源 eNB根据 KeNB计算出 KeNB* , 并将 {KeNB* , NCC=0}发送给目标 eNB。 目标 eNB将 NCC=0发送给 UE, UE用自身的 NCC值和目标 eNB的 NCC值比较,保证自身更新的 KeNB与目标 eNB保 持一致。 MME更新 NCC值, 并利用旧的 NH和 Kasme计算新的 NH, 将 {NH, NCC=1 }对更新为 {NH, NCC=2}对。 MME将 { NH, NCC=2}对发送 给目标 eNB, 目标 eNB保存接收到的 { NH, NCC}对。  At the first X2 handover, the source eNB calculates KeNB* according to the KeNB and transmits {KeNB*, NCC=0} to the target eNB. The target eNB sends NCC=0 to the UE, and the UE compares its own NCC value with the NCC value of the target eNB to ensure that the updated KeNB and the target eNB remain consistent. The MME updates the NCC value and uses the old NH and Kasme to calculate the new NH, updating the {NH, NCC=1 } pair to the {NH, NCC=2} pair. The MME sends a { NH, NCC=2} pair to the target eNB, and the target eNB saves the received { NH, NCC} pair.
第二次 X2切换时, 源 eNB根据自身保存的 NH计算出 KeNB* , 并将 {KeNB*, NCC=2}发送给目标 eNB。 目标 eNB将 NCC=2发送给 UE, UE 将自身的 NCC值与目标 eNB的 NCC值进行比较, 保证自身更新的 KeNB 与目标 eNB保持一致。 MME更新 NCC值, 并利用旧的 NH和 Kasme计算 新的 NH,将 {NH, NCC=2}对更新为 {NH, NCC=3}对。 MME将{ NH, NCC=3} 对发送给目标 eNB , 目标 eNB保存接收到的 { NH , NCC}对。  In the second X2 handover, the source eNB calculates KeNB* according to its saved NH and transmits {KeNB*, NCC=2} to the target eNB. The target eNB sends NCC=2 to the UE, and the UE compares its own NCC value with the NCC value of the target eNB to ensure that the updated KeNB and the target eNB are consistent. The MME updates the NCC value and uses the old NH and Kasme to calculate the new NH, updating the {NH, NCC=2} pair to the {NH, NCC=3} pair. The MME transmits a { NH, NCC=3} pair to the target eNB, and the target eNB holds the received { NH , NCC} pair.
上述方案中第一次 X2切换时的密钥生成和分发过程与非第一次 X2切 换时的密钥生成和分发过程不一致, 造成了额外的资源损耗。 The key generation and distribution process during the first X2 handover in the above scheme is not the first X2 cut Inconsistent key generation and distribution processes result in additional resource consumption.
上述方案中源 eNB推导出目标 eNB的密钥 KeNB , 并将其发送给目标 eNB。 源 eNB可以推导出 UE下一跳变时的密钥 KeNB, 这可能会被利用, 从而造成通信系统的安全隐患。 发明内容  In the above solution, the source eNB derives the key KeNB of the target eNB and sends it to the target eNB. The source eNB may derive the key KeNB when the UE next hops, which may be utilized, thereby causing security risks of the communication system. Summary of the invention
有鉴于此, 本发明的主要目的在于提供一种切换过程中密钥生成方法 及系统, 能避免由基站确定 UE切换过程中的下一跳变的密钥 KeNB, 保证 了通信系统的安全性。  In view of this, the main object of the present invention is to provide a key generation method and system in a handover process, which can avoid the key KeNB determined by the base station to determine the next hop in the UE handover process, and ensure the security of the communication system.
为达到上述目的, 本发明的技术方案是这样实现的:  In order to achieve the above object, the technical solution of the present invention is achieved as follows:
一种切换过程中密钥生成方法, 包括:  A key generation method in a handover process, comprising:
在 UE切换过程中 ,网络侧使用 NH生成下一跳变的密钥 KeNB;其中, 所述网络侧生成的 NH不通知基站。  During the UE handover process, the network side uses the NH to generate a next hop key KeNB; wherein the NH generated by the network side does not notify the base station.
优选地, 所述方法还包括:  Preferably, the method further includes:
所述网络侧和所述 UE侧各自使用目标基站所通知的下一跳变计数器 NCC值同步下一跳变的密钥 KeNB; 所述网络侧将所生成的下一跳变的密 钥 KeNB通知目标基站。  The network side and the UE side respectively synchronize the next hop key KeNB with the next hop counter NCC value notified by the target base station; the network side notifies the generated next hop key KeNB Target base station.
优选地 , 所述使用 NH生成下一跳变的密钥 KeNB , 为:  Preferably, the using the NH to generate a next hop key KeNB is:
使用 NH、 目标基站的小区标识和目标通用地面无线接入 UTRA下行 载频号生成下一跳变的密钥 KeNB。  The next hop key KeNB is generated using the NH, the cell identity of the target base station, and the target universal terrestrial radio access UTRA downlink carrier frequency number.
优选地, 所述方法还包括:  Preferably, the method further includes:
初始下一跳变的密钥 KeNB由所述网络侧根据根密钥 Kasme和非接入 层上行链路计数器 NAS UL COUNT值生成;所述网络侧根据根密钥 Kasme 和 KeNB初始化 NH。  The initial next hopping key KeNB is generated by the network side based on the root key Kasme and the non-access stratum uplink counter NAS UL COUNT value; the network side initializes the NH according to the root keys Kasme and KeNB.
优选地, 所述方法还包括:  Preferably, the method further includes:
目标基站将接收自源基站的下一跳变计数器 NCC值以及所述目标基站 选择的加密和完整性保护算法通过源基站通知所述 UE; The target base station will receive the next hop counter NCC value from the source base station and the target base station The selected encryption and integrity protection algorithm notifies the UE by the source base station;
所述 UE确定与当前接收的 NCC值对应的 NH, 并根据所确定的 NH 生成新的下一跳变的密钥 KeNB, 再根据所述新的下一跳变的密钥 KeNB 分别生成用户面和信令面的加解密密钥和完整性密钥。  Determining, by the UE, the NH corresponding to the currently received NCC value, and generating a new next hopping key KeNB according to the determined NH, and generating a user plane according to the new next hopping key KeNB And the encryption and decryption key and integrity key of the signaling plane.
优选地, 所述方法还包括:  Preferably, the method further includes:
接收到所述 UE的切换确认后, 目标基站将接收自源基站的 NCC值通 知所述网络侧;  After receiving the handover confirmation of the UE, the target base station notifies the network side of the NCC value received from the source base station;
所述网络侧确定与当前接收的 NCC值对应的 NH,并根据所确定的 NH 生成新的下一跳变的密钥 KeNB,并将所述新的下一跳变的密钥 KeNB通知 目标基站;  Determining, by the network side, NH corresponding to the currently received NCC value, and generating a new next hopping key KeNB according to the determined NH, and notifying the target node of the new next hopping key KeNB ;
目标基站根据所接收到的下一跳变的密钥 KeNB分别生成用户面和信 令面的加解密密钥和完整性密钥。  The target base station generates an encryption and decryption key and an integrity key for the user plane and the message plane, respectively, based on the received next hop key KeNB.
优选地, 所述网络侧为移动性管理单元 MME。  Preferably, the network side is a mobility management unit MME.
优选地, 所述方法还包括:  Preferably, the method further includes:
源 MME确定接收自源基站的 NCC值对应的 NH, 并向目标 MME发 送所接收的 NCC值及其对应的 NH;  The source MME determines the NH corresponding to the NCC value received from the source base station, and sends the received NCC value and its corresponding NH to the target MME;
目标 MME根据所接收的 NH生成下一跳变的密钥 KeNB , 并使 NCC 值加一, 将所述下一跳变的密钥 KeNB和加一后的 NCC值通知目标基站; 目标基站选择加密和完整性算法, 并将加密和完整性算法以及所接收 的 NCC值通过目标 MME、 源 MME以及源基站通知所述 UE;  The target MME generates a next hop key KeNB according to the received NH, and increments the NCC value by one, and notifies the target base station of the next hop key KeNB and the added NCC value; the target base station selects encryption. And an integrity algorithm, and notifying the UE by the encryption and integrity algorithm and the received NCC value through the target MME, the source MME, and the source base station;
所述 UE确定与当前接收的 NCC值对应的 NH, 并根据所确定的 NH 生成新的下一跳变的密钥 KeNB。  The UE determines an NH corresponding to the currently received NCC value, and generates a new next hop key KeNB according to the determined NH.
一种切换过程中密钥生成系统, 包括 MME、 基站和 UE, 其中: 在 UE切换过程中 , MME使用 NH生成下一跳变的密钥 KeNB; 其中 , MME生成的 NH不通知基站。 优选地, 所述 MME和所述 UE侧各自使用目标基站所通知的 NCC值 同步下一跳变的密钥 KeNB; 以及, 所述 MME将所生成的下一跳变的密钥 KeNB通知目标基站。 A key generation system in a handover process, including an MME, a base station, and a UE, where: in the UE handover process, the MME uses the NH to generate a next hop key KeNB; wherein the NH generated by the MME does not notify the base station. Preferably, the MME and the UE side respectively synchronize the next hop key KeNB with the NCC value notified by the target base station; and the MME notifies the generated next hop key KeNB to the target base station. .
优选地, 所述 UE以及 MME, 使用 NH、 目标基站的小区标识和目标 UTRA下行载频号生成下一跳变的密钥 KeNB。  Preferably, the UE and the MME generate a next hop key KeNB by using the NH, the cell identifier of the target base station, and the target UTRA downlink carrier frequency number.
优选地 ,所述 MME进一步用于 ,根据根密钥 Kasme和 NAS UL COUNT 值生成初始下一跳变的密钥 KeNB; 并根密钥 Kasme和 KeNB初始化 NH。  Preferably, the MME is further configured to: generate an initial next hop key KeNB according to the root key Kasme and NAS UL COUNT values; and the root keys Kasme and KeNB initialize the NH.
优选地, 目标基站用于, 将接收自源基站的 NCC值以及所述目标基站 选择的加密和完整性保护算法通过源基站通知所述 UE;  Preferably, the target base station is configured to notify the UE by the source base station by using an NCC value received from the source base station and an encryption and integrity protection algorithm selected by the target base station;
所述 UE用于, 确定与当前接收的 NCC值对应的 NH, 并根据所确定 的 NH生成新的 KeNB,再根据所述新的 KeNB生成加解密密钥和完整性密 钥。  The UE is configured to determine an NH corresponding to the currently received NCC value, generate a new KeNB according to the determined NH, and generate an encryption and decryption key and an integrity key according to the new KeNB.
优选地, 目标基站用于, 接收到所述 UE的切换确认后, 将接收自源基 站的 NCC值通知所述 MME; 以及, 根据接收自所述 MME的 KeNB生成 加解密密钥和完整性密钥;  Preferably, the target base station is configured to: after receiving the handover confirmation of the UE, notify the MME of the NCC value received from the source base station; and generate an encryption and decryption key and an integrity key according to the KeNB received from the MME. Key
所述 MME用于, 确定与当前接收的 NCC值对应的 NH, 并根据所确 定的 NH生成新的 KeNB, 并将所述新的 KeNB通知目标基站。  The MME is configured to determine an NH corresponding to the currently received NCC value, generate a new KeNB according to the determined NH, and notify the target KeNB of the new KeNB.
优选地, 源 MME用于, 确定接收自源基站的 NCC值对应的 NH, 并 向目标 MME发送所接收的 NCC值及其对应的 NH;  Preferably, the source MME is configured to determine an NH corresponding to the NCC value received from the source base station, and send the received NCC value and its corresponding NH to the target MME;
目标 MME用于, 根据所接收的 NH生成 KeNB , 并使 NCC值加一, 将所述 KeNB和加一后的 NCC值通知目标基站;  The target MME is configured to generate a KeNB according to the received NH, and increase the NCC value by one, and notify the target base station of the KeNB and the added NCC value;
目标基站用于, 选择加密和完整性算法, 并将加密和完整性算法以及 所接收的 NCC值通过目标 MME、 源 MME以及源基站通知所述 UE;  The target base station is configured to: select an encryption and integrity algorithm, and notify the UE of the encryption and integrity algorithm and the received NCC value by the target MME, the source MME, and the source base station;
所述 UE用于, 确定与当前接收的 NCC值对应的 NH, 并根据所确定 的 NH生成新的 KeNB。 本发明中, UE切换过程中, UE及 MME使用 NH生成下一跳变的密 钥 KeNB; 并且, MME所生成的 NH不再通知给基站。 这样, 由于基站不 能获取 NH, 因此不能生成下一跳变的密钥 KeNB, 避免了非法获取下一跳 变的密钥 KeNB的可能性, 保证了前向安全性。 本发明大大提升了通信系 统的安全性。 附图说明 The UE is configured to determine an NH corresponding to the currently received NCC value, and generate a new KeNB according to the determined NH. In the present invention, in the UE handover process, the UE and the MME use the NH to generate the next hop key KeNB; and the NH generated by the MME is not notified to the base station. In this way, since the base station cannot acquire the NH, the next hop key KeNB cannot be generated, and the possibility of illegally acquiring the next hop key KeNB is avoided, and forward security is ensured. The invention greatly enhances the security of the communication system. DRAWINGS
图 1为本发明实施例的长期演进系统中 eNB之间的 X2切换过程中密 钥生成流程图;  1 is a flowchart of key generation in an X2 handover process between eNBs in a long term evolution system according to an embodiment of the present invention;
图 2为本发明实施例的第一次切换为 X2切换过程的密钥生成流程图; 图 3为本发明实施例的 UE、 eNB和 MME已存在安全上下文情况下的 X2切换过程中密钥生成流程图;  2 is a flowchart of key generation for the first handover to the X2 handover procedure according to an embodiment of the present invention; FIG. 3 is a key generation process during an X2 handover procedure in a case where a UE, an eNB, and an MME have a security context according to an embodiment of the present invention; Flow chart
图 4为本发明实施例的 S1切换中密钥生成流程图。 具体实施方式  FIG. 4 is a flowchart of key generation in S1 handover according to an embodiment of the present invention. detailed description
本发明的基本思想为: 在 X2切换过程中, 源 eNB不再为目标 eNB推 导出下一跳变的密钥,源 eNB只为目标 eNB提供下一跳变计数器 NCC值。 目标 eNB使用 NCC值令 UE和 MME两实体内的 NH保持同步, 从而使 UE和 MME内保存相同的 KeNB。 目标 eNB使用 NCC值向 MME申请与 UE相同的 KeNB, 从而保持自身的 KeNB和 UE的 KeNB保持一致。 切换 过程中, NH不再离开 MME, eNB无法获得 NH, eNB也没有能力推导出 NH(计算 NH必须拥有 Kasme ),所以源 eNB无法获得下一跳变中目标 eNB 的 KeNB, 解决了前向安全问题。  The basic idea of the present invention is: In the X2 handover process, the source eNB no longer derives the next hop key for the target eNB, and the source eNB only provides the target eNB with the next hop counter NCC value. The target eNB uses the NCC value to keep the NHs in the UE and the MME in synchronization, so that the same KeNB is stored in the UE and the MME. The target eNB applies for the same KeNB as the UE to the MME by using the NCC value, so that the KeNB of the UE and the KeNB of the UE are kept consistent. During the handover, the NH does not leave the MME, the eNB cannot obtain the NH, and the eNB does not have the ability to derive the NH (the calculation NH must have the Kasme). Therefore, the source eNB cannot obtain the KeNB of the target eNB in the next hop, and solves the forward security. problem.
为使本发明的目的, 技术方案和优点更加清楚明白, 以下举实施例并 参照附图, 对本发明进一步详细说明。  The present invention will be further described in detail below with reference to the accompanying drawings.
图 1为本发明实施例的长期演进系统中 eNB之间的 X2切换过程中密 钥生成流程图, 如图 1所示, 本发明实施例中, LTE基站 eNB之间的 X2 切换过程中密钥生成与分发流程具体包括以下步驟: 1 is a dense process in an X2 handover process between eNBs in a long term evolution system according to an embodiment of the present invention; The key generation flowchart is as shown in FIG. 1. In the embodiment of the present invention, the key generation and distribution process in the X2 handover process between the LTE base station eNBs specifically includes the following steps:
步驟 101 ,初始过程中 , MME不发送 NH给源 eNB, MME仅发送 NCC 值给源 e鳳  Step 101: In the initial process, the MME does not send the NH to the source eNB, and the MME only sends the NCC value to the source e
这里,初始过程是指在 X2切换发生之前,在源 eNB内建立 AS安全上 下文的过程。 在源 eNB发生 X2切换之前, 源 eNB内已经存在了 AS安全 上下文, 建立此安全上下文的过程可以是初始的连接请求(如附着请求、 跟踪区更新 (TAU, Tracking Area Update )请求等)、 Intra-eNB切换、 X2 切换、 S1切换或 Inter-RAT切换等。 在这些过程中, MME发送给 eNB的 AS安全上下文中不包括 {NH, NCC}对, MME仅发送 NCC值给源 eNB。  Here, the initial procedure refers to the process of establishing an AS security context in the source eNB before the X2 handover occurs. The AS security context already exists in the source eNB before the X2 handover occurs on the source eNB. The process of establishing the security context may be an initial connection request (such as an attach request, a Tracking Area Update (TAU) request, etc.), Intra. - eNB handover, X2 handover, S1 handover or Inter-RAT handover, and the like. In these processes, the MSC sends an NCC value to the source eNB in the AS security context sent to the eNB.
步驟 102 ,源 eNB向目标 eNB发起 X2切换请求,即源 eNB向目标 eNB 发送 X2切换请求消息, 其中, 该 X2切换请求消息中包含 NCC值。 此处, NCC值是在步驟 101中 MME发送给源 eNB的 NCC值。  Step 102: The source eNB sends an X2 handover request to the target eNB, that is, the source eNB sends an X2 handover request message to the target eNB, where the X2 handover request message includes an NCC value. Here, the NCC value is the NCC value that the MME sends to the source eNB in step 101.
步驟 103 , 目标 eNB将 NCC值发送给 UE和 MME, UE和 MME通过 此 NCC值同步 NH , 并使用该 NH生成同样的 KeNB。  Step 103: The target eNB sends the NCC value to the UE and the MME, and the UE and the MME synchronize the NH by using the NCC value, and use the NH to generate the same KeNB.
目标 eNB通过源 eNB在切换命令中将 NCC值通知给 UE , UE将从目 标 eNB处得到的 NCC值和自身保存的 NCC值进行比较, 利用从目标 eNB 处得到的 NCC值和自身保存的 NCC值之间的差值进行 NH的同步。 这里, 所谓的同步是指, 一般 UE中存储的 NCC值要小于网络侧通知的 NCC值, 需要使用网络侧通知的 NCC值生成 KeNB。  The target eNB notifies the UE of the NCC value in the handover command by the source eNB, and the UE compares the NCC value obtained from the target eNB with the NCC value saved by itself, and uses the NCC value obtained from the target eNB and the NCC value saved by itself. The difference between the NHs is synchronized. Here, the so-called synchronization means that the NCC value stored in the general UE is smaller than the NCC value notified by the network side, and the KeNB needs to be generated using the NCC value notified by the network side.
目标 eNB在路径转换请求中将 NCC值通知给 MME, MME将从目标 eNB处得到的 NCC值和自身保存的 NCC值进行比较, 利用从目标 eNB处 得到的 NCC值和自身保存的 NCC值之间的差值进行 NH的同步。 一般来 说, 本发明中在 MME中保存的 NCC值和从目标 eNB处得到的 NCC值应 该是相等的。 本步驟能够保证 UE处和 MME处有相同的 {NH, NCC}对。 UE在生成 KeNB之后, 利用该 KeNB分别生成数据及信令用的 RRC/UP加解密密钥 和完整性密钥。 The target eNB notifies the MME of the NCC value in the path switch request, and the MME compares the NCC value obtained from the target eNB with the NCC value saved by itself, using the NCC value obtained from the target eNB and the NCC value saved by itself. The difference is NH synchronized. In general, the NCC values stored in the MME and the NCC values obtained from the target eNB in the present invention should be equal. This step can ensure that the same {NH, NCC} pair is present at the UE and the MME. After generating the KeNB, the UE uses the KeNB to generate an RRC/UP encryption and decryption key and an integrity key for data and signaling, respectively.
步驟 104, MME将利用同步的 NH生成 KeNB, 该 KeNB与 UE中保 存的 KeNB保持一致。  Step 104: The MME will generate a KeNB by using the synchronized NH, and the KeNB is consistent with the KeNB saved in the UE.
MME将该 KeNB承载于路径转换请求应答消息中, 发送给目标 eNB。 目标 eNB利用该 KeNB分别生成数据及信令用的 RRC/UP加解密密钥和完 整性密钥。 RRC/UP加解密密钥和完整性密钥和 UE中推导的 RRC/UP加解 密密钥和完整性密钥保持一致。  The MME carries the KeNB in the path switch request response message and sends the KeNB to the target eNB. The target eNB uses the KeNB to generate an RRC/UP encryption/decryption key and a integrity key for data and signaling, respectively. The RRC/UP encryption and decryption key and the integrity key are consistent with the RRC/UP plus decryption key and integrity key derived in the UE.
图 2为本发明实施例的第一次切换为 X2切换过程的密钥生成流程图, 图 2是在建立起初始连接后, 与 UE建立起连接的 eNB决定发起的第一次 切换, 这里, 第一次切换过程就是 X2切换过程。 如图 2所示, 本实施例是 该 X2切换过程中密钥生成与密钥分发的完整流程, 具体包括以下步驟: 步驟 200, 在 UE和 MME内建立起初始化 AS安全上下文, 其目的是 初始化 NH。 MME通过 SI AP初始化上下文建立请求消息将 NCC值发送 给源 eNB; UE初始化 {NH, NCC}对, 并初始化 KeNB。  2 is a flow chart of key generation for the first handover to the X2 handover procedure according to an embodiment of the present invention, and FIG. 2 is a first handover initiated by an eNB that establishes a connection with the UE after establishing an initial connection, where The first switching process is the X2 switching process. As shown in FIG. 2, this embodiment is a complete process of key generation and key distribution in the X2 handover process, and specifically includes the following steps: Step 200: Establish an initialization AS security context in the UE and the MME, and the purpose is to initialize NH. The MME transmits the NCC value to the source eNB through the SI AP Initialization Context Setup Request message; the UE initializes the {NH, NCC} pair and initializes the KeNB.
步驟 200中,在 MME内建立起初始 AS安全,具体为 , MME根据 Kasme 和 NAS 上行链路计数器推导出 KeNB , KeNB=KDF ( Kasme, NAS UL COUNT )。 NAS UL COUNT为初始连接请求中的 NAS上行链路计数器; 如果在 AS SMC 过程之前有认证密钥协商 (AKA )过程, 那么 NAS UL COUNT为 AKA过程中的 NAS上行链路计数器。 KDF表示密钥算法, 具 体的, 是将 Kasme及 NAS UL COUNT所对应的信息顺序排列, 作为密钥。  In step 200, initial AS security is established in the MME. Specifically, the MME derives KeNB, KeNB=KDF (Kasme, NAS UL COUNT ) according to the Kasme and NAS uplink counters. The NAS UL COUNT is the NAS uplink counter in the initial connection request; if there is an Authentication Key Agreement (AKA) procedure before the AS SMC procedure, the NAS UL COUNT is the NAS uplink counter in the AKA procedure. KDF represents a key algorithm. Specifically, the information corresponding to Kasme and NAS UL COUNT is sequentially arranged as a key.
步驟 200中 ,初始化 NH,具体为 , MME在获得 KeNB之后 ,根据 Kasme 和 KeNB计算出 NH, 并令 NCC值加 1 , 此时 NCC=1。 MME保存最新的 {丽, NCC}对。 步驟 200中 , ΜΜΕ将 NCC值发送给 eNB, 具体为 , ΜΜΕ向 eNB发 送 SI AP初始上下文建立请求消息, 其中, NCC值承载于 SI AP初始上下 文建立请求消息中,由 MME发送给 eNB。 eNB为 X2切换过程中的源 eNB。 In step 200, NH is initialized. Specifically, after obtaining the KeNB, the MME calculates NH according to Kasme and KeNB, and adds 1 to the NCC value, and then NCC=1. The MME saves the latest {Li, NCC} pairs. In the step 200, the NCC value is sent to the eNB. Specifically, the eNB sends an SI AP initial context setup request message to the eNB, where the NCC value is carried in the SI AP initial context setup request message, and is sent by the MME to the eNB. The eNB is the source eNB in the X2 handover procedure.
MME不发送 NH给 eNB。 The MME does not send NH to the eNB.
步驟 200中, MME将 NCC值发送给 eNB , 具体为, eNB在接收到由 MME发送的 NCC值后, 将 NCC值保存。  In step 200, the MME sends the NCC value to the eNB. Specifically, after receiving the NCC value sent by the MME, the eNB saves the NCC value.
步驟 200中, UE初始化 {NH, NCC}对,并初始化 KeNB,具体为, eNB 和 UE之间建立起无线 载, UE初始化 NCC=0; 初始化下一跳变密钥为 NH=void; 并且根据 Kasme 和 NAS 上行链路计数器推导出 KeNB , KeNB=KDF ( Kasme, NAS UL COUNT )。  In step 200, the UE initializes the {NH, NCC} pair and initializes the KeNB. Specifically, the radio bearer is established between the eNB and the UE, and the UE initializes NCC=0; the initial hop key is initialized to NH=void; The Kasme and NAS uplink counters derive KeNB, KeNB = KDF (Kasme, NAS UL COUNT ).
步驟 201 , UE向源 eNB发送测量报告。 源 eNB通过测量报告决定向 目标 eNB发起一次 X2切换。  Step 201: The UE sends a measurement report to the source eNB. The source eNB decides to initiate an X2 handover to the target eNB through the measurement report.
步驟 202, 源 eNB向目标 eNB发送切换请求, 源 eNB在切换请求中将 自身保存的下一跳变计数器 NCC值发送给目标 eNB。 此实施例中源 eNB 所保存的 NCC=1。 此步驟中源 eNB还将源 eNB的当前 AS安全上下文、 UE的安全能力转发给目标 eNB。  Step 202: The source eNB sends a handover request to the target eNB, and the source eNB sends the next hop counter NCC value saved by itself to the target eNB in the handover request. In this embodiment, the source eNB holds NCC=1. In this step, the source eNB also forwards the current AS security context of the source eNB and the security capability of the UE to the target eNB.
步驟 203 , 目标 eNB在接收到源 eNB的切换请求消息后, 保存接收到 的 NCC值。 NCC=1。 目标 eNB还根据接收到的 UE安全能力选择 RRC/UP 加密和完整性保护算法。  Step 203: After receiving the handover request message of the source eNB, the target eNB saves the received NCC value. NCC=1. The target eNB also selects an RRC/UP encryption and integrity protection algorithm based on the received UE security capabilities.
步驟 204 , 目标 eNB向源 eNB方式切换请求应答消息, 切换请求应答 消息中包括一个传输容器,传输容器中包括目标 eNB所保存的 NCC值、 目 标 eNB所选择的加密和完整性保护算法标识(EIA、 EEA )等。  Step 204: The target eNB performs a handover request response message to the source eNB. The handover request response message includes a transmission container, where the transmission container includes an NCC value saved by the target eNB, and an encryption and integrity protection algorithm identifier selected by the target eNB (EIA). , EEA), etc.
步驟 205, 源 eNB向 UE发送切换命令, 切换命令中包括了步驟 204 的从目标 eNB中接收到的传输容器。 源 eNB使用当前的 AS安全上下文对 消息进行加密和完整性保护。 步驟 206, UE在接收到源 eNB发送的切换命令后, 使用当前的 AS安 全上下文对消息进行解密和完整性验证。 Step 205: The source eNB sends a handover command to the UE, where the handover command includes the transmission container received from the target eNB in step 204. The source eNB encrypts and integrity protects the message using the current AS security context. Step 206: After receiving the handover command sent by the source eNB, the UE decrypts and completes the message using the current AS security context.
UE提取出其中的 NCC值。 UE将从源 eNB接收到的 NCC值和自身所 保存的 NCC值进行比较。 UE根据从源 eNB接收到的 NCC值和自身所保 存的 NCC值之间的差值, 将自身的 {NH, NCC}对同步到接收到的 NCC值 所对应的 {NH, NCC}对。 UE保存此次同步产生的 {NH, NCC}对。  The UE extracts the NCC value therein. The UE compares the NCC value received from the source eNB with the NCC value it holds. The UE synchronizes its own {NH, NCC} pair to the {NH, NCC} pair corresponding to the received NCC value according to the difference between the NCC value received from the source eNB and the NCC value saved by itself. The UE saves the {NH, NCC} pair generated by this synchronization.
步驟 207, UE在同步了 NH后, 利用该 NH计算得到 KeNB。 计算方 法为 KeNB*=KDF ( NH, PCI, EARFCN DL ), PCI为目标 eNB的小区标 识, EARFCN— DL 目标 E-UTRA下行载频号, UE可以测量得到目标 PCI 和目标 EARFCN DL; 然后利用 KeNB*更新 KeNB, KeNB=KeNB*。  Step 207: After the UE synchronizes the NH, the UE calculates the KeNB by using the NH. The calculation method is KeNB*=KDF (NH, PCI, EARFCN DL), PCI is the cell identifier of the target eNB, EARFCN-DL target E-UTRA downlink carrier frequency number, the UE can measure the target PCI and the target EARFCN DL; then use KeNB * Update KeNB, KeNB = KeNB *.
UE根据接收到的 EEA、 EIA以及自身更新的 KeNB计算出数据及信令 用的 RRC/UP加解密密钥和完整性密钥, 并替换当前的 AS安全上下文。  The UE calculates an RRC/UP encryption/decryption key and an integrity key for data and signaling according to the received EEA, EIA, and the KeNB updated by itself, and replaces the current AS security context.
步驟 208, UE发送切换确认消息给目标 eNB。此消息被 UE的当前 AS 安全上下文所保护, UE当前的 AS安全上下文已经在步驟 207中被更新。  Step 208: The UE sends a handover confirmation message to the target eNB. This message is protected by the current AS security context of the UE, and the current AS security context of the UE has been updated in step 207.
步驟 209, 目标 eNB发送路径转换请求消息给 MME。 其中目标 eNB 将自身所保存的 NCC值通知给 MME。 NCC值与 UE在步驟 206中接收到 的 NCC值相同; 目标 eNB还将其 PCI和 EARFCN— DL发送给 MME,用于 推导 KeNB*。  Step 209: The target eNB sends a path switch request message to the MME. The target eNB notifies the MME of the NCC value saved by itself. The NCC value is the same as the NCC value received by the UE in step 206; the target eNB also sends its PCI and EARFCN_DL to the MME for deriving KeNB*.
步驟 210, MME在接收到来自于目标 eNB的路径转换消息后, 提取出 其中的 NCC值。 MME将接收到的 NCC值与自身所保存的 NCC值进行比 较, 若相同, MME将取出与此 NCC值关联的 {NH, NCC}对中的 NH; 若 不同, MME将计算出与接收到的 NCC值相关联的 NH。  Step 210: After receiving the path switch message from the target eNB, the MME extracts the NCC value. The MME compares the received NCC value with the NCC value saved by itself. If the MME is the same, the MME will take out the NH in the {NH, NCC} pair associated with the NCC value; if different, the MME will calculate and receive the received The NH associated with the NCC value.
本发明中,能保证 MME中保存的 NCC值大于等于从目标 eNB处接收 到的 NCC值, MME保存有与该 NCC值所关联的 NH。  In the present invention, it can be ensured that the NCC value stored in the MME is greater than or equal to the NCC value received from the target eNB, and the MME stores the NH associated with the NCC value.
步驟 211 , MME在同步了 NH后, 利用该 NH计算得到 KeNB。 计算 方法为 KeNB*=KDF ( NH, PCI, EARFCN DL ),这里, PCI和 EARFCN— DL 是目标 eNB 的 PCI 和 EARFCN— DL; 然后利用 KeNB*更新 KeNB , KeNB=KeNB*。 Step 211: After the MME is synchronized, the MME obtains the KeNB by using the NH calculation. Calculation The method is KeNB*=KDF (NH, PCI, EARFCN DL), where PCI and EARFCN-DL are the PCI and EARFCN-DL of the target eNB; then KeNB* is used to update KeNB, KeNB=KeNB*.
步驟 212, MME在计算出 KeNB后, 将计算下一跳变的 {NH, NCC} 对。 首先将 NCC值加 1 ; 其次计算 NH, NH=KDF ( NH old, Kasme ), 其 中, NH— old为 MME中保存的前次 NH。 此新计算出的 {NH, NCC}对将用 于下一次跳变的密钥更新。  Step 212: After calculating the KeNB, the MME calculates a {NH, NCC} pair of the next hop. First, the NCC value is increased by 1; secondly, NH, NH = KDF (NH old, Kasme ) is calculated, where NH_old is the previous NH stored in the MME. This newly calculated {NH, NCC} pair will be used for the next hop key update.
步驟 213 , MME向目标 eNB发送路径转换请求应答消息, 该路径转换 请求应答消息中携带有新的 NCC值和步驟 211所计算的 KeNB。 NCC值将 用于下一跳变的 UE和 MME之间的 NH同步; KeNB与 UE中保存的 KeNB 保持一致。 KeNB将被目标 eNB用于产生数据及信令用的 RRC/UP加解密 密钥和完整性密钥。  Step 213: The MME sends a path switch request response message to the target eNB, where the path switch request response message carries a new NCC value and the KeNB calculated in step 211. The NCC value will be used for the NH synchronization between the UE and the MME of the next hop; the KeNB is consistent with the KeNB held in the UE. The KeNB will be used by the target eNB to generate RRC/UP encryption and decryption keys and integrity keys for data and signaling.
步驟 214, 目标 eNB将保存新的 NCC值, 并使用 KeNB和自身所选择 的 EEA、 EIA计算出 RRC/UP加解密密钥和完整性密钥。 目标 eNB将使用 新生成的 AS安全上下文对步驟 208中所接收到的切换确认消息进行解密和 完整性验证。  Step 214, the target eNB will save the new NCC value, and calculate the RRC/UP encryption and decryption key and the integrity key using the KeNB and the EEA and EIA selected by the KeNB. The target eNB will decrypt and verify the handover acknowledgment message received in step 208 using the newly generated AS security context.
步驟 215 , 目标 eNB发送释放资源消息给源 eNB。 源 eNB在接收到来 自于目标 eNB的释放资源消息后, 将删除所有的与 UE有关的 AS安全上 下文。  Step 215: The target eNB sends a release resource message to the source eNB. After receiving the release resource message from the target eNB, the source eNB deletes all AS-related security contexts associated with the UE.
图 3为本发明实施例的 UE、 eNB和 MME已存在安全上下文情况下的 X2切换过程中密钥生成流程图, 图 3是在进行 X2切换之前, UE和源 eNB 已有了 AS安全上下文, MME也有了部分 AS安全上下文。 这些安全上下 文是由之前的 UE、 eNB、 MME之间信令交互产生的, 这些信令交互可能 是之前的初始连接过程、 切换过程等。 本实施例是在 UE、 eNB和 MME均 已存在安全上下文情况下的 X2 切换过程中密钥生成与密钥分发的完整流 程, 具体包括以下步驟: FIG. 3 is a flowchart of key generation in an X2 handover process in a case where a UE, an eNB, and an MME have a security context according to an embodiment of the present invention, and FIG. 3 is that an AS security context is already present between the UE and the source eNB before the X2 handover is performed. The MME also has a partial AS security context. These security contexts are generated by signaling interactions between previous UEs, eNBs, and MMEs. These signaling interactions may be previous initial connection procedures, handover procedures, and the like. This embodiment is a complete flow of key generation and key distribution in the X2 handover process in the case where the UE, the eNB, and the MME have a security context. The process includes the following steps:
在 UE发起测量报告以前, UE保存有 {NH, NCC}对, 记为 NCCJJE; 源 eNB处存在 NCC值, 记为 NCC_eNB; MME保存的 {NH, NCC}对, 记 为 NCC— MME。 之前的信令交互过程能够保证 NCC— UE 小于等于 NCC— eNB; 并且 NCC— eNB小于等于 NCC— MME。  Before the UE initiates the measurement report, the UE holds the {NH, NCC} pair, which is denoted as NCCJJE; the source eNB has an NCC value, which is denoted as NCC_eNB; and the MME holds the {NH, NCC} pair, which is denoted as NCC-MME. The previous signaling interaction process can ensure that the NCC-UE is less than or equal to the NCC-eNB; and the NCC-eNB is less than or equal to the NCC-MME.
步驟 301 , UE向源 eNB发送测量报告。 源 eNB通过测量报告决定向 目标 eNB发起一次 X2切换。  Step 301: The UE sends a measurement report to the source eNB. The source eNB decides to initiate an X2 handover to the target eNB through the measurement report.
步驟 302 , 源 eNB向目标 eNB发送切换请求消息, 该切换请求消息中 携带有源 eNB保存的 NCC— eNB。 此步驟中源 eNB还将源 eNB的当前 AS 安全上下文、 UE的安全能力转发给目标 eNB。 Step 302, the source eNB requests the target eNB sends a handover message to the handover request message carries an active saved e NB NCC- eNB. In this step, the source eNB also forwards the current AS security context of the source eNB and the security capability of the UE to the target eNB.
步驟 303 , 目标 eNB在接收到源 eNB的切换请求消息后, 保存接收到 的 NCC— eNB。目标 eNB还根据接收到的 UE安全能力选择 RRC/UP加密和 完整性保护算法。  Step 303: After receiving the handover request message of the source eNB, the target eNB saves the received NCC-eNB. The target eNB also selects an RRC/UP encryption and integrity protection algorithm based on the received UE security capabilities.
步驟 304 , 目标 eNB向源 eNB发送切换请求应答消息, 切换请求应答 消息中包括一个传输容器, 传输容器中包括目标 NCC— eNB、 目标 eNB所 选择的加密和完整性保护算法标识(EIA、 EEA )等。  Step 304: The target eNB sends a handover request response message to the source eNB, where the handover request response message includes a transmission container, where the transmission container includes the target NCC-eNB, the encryption and integrity protection algorithm identifier (EIA, EEA) selected by the target eNB. Wait.
步驟 305 , 源 eNB向 UE发送切换命令, 切换命令中包括了步驟 304 中的从目标 eNB中接收到的传输容器。  Step 305: The source eNB sends a handover command to the UE, where the handover command includes the transmission container received from the target eNB in step 304.
步驟 306, UE在接收到源 eNB发送的切换命令后, 使用当前的 AS安 全上下文对消息进行解密和完整性验证。  Step 306: After receiving the handover command sent by the source eNB, the UE decrypts and completes the message using the current AS security context.
UE提取出其中的 NCC值。 UE将从源 eNB接收到的 NCC值和自身所 保存的 NCC值进行比较。 UE根据从源 eNB接收到的 NCC值和自身所保 存的 NCC值之间的差值, 将自身的 {NH, NCC}对同步到接收到的 NCC值 所对应的 {NH, NCC}对。 UE保存此次同步产生的 {NH, NCC}对。  The UE extracts the NCC value therein. The UE compares the NCC value received from the source eNB with the NCC value it holds. The UE synchronizes its own {NH, NCC} pair to the {NH, NCC} pair corresponding to the received NCC value according to the difference between the NCC value received from the source eNB and the NCC value saved by itself. The UE saves the {NH, NCC} pair generated by this synchronization.
步驟 307, UE在同步了 NH后, 利用该 NH计算得到 KeNB。 计算方 法为 KeNB*=KDF( NH, PCI, EARFCN— DL );然后利用 KeNB*更新 KeNB, KeNB=KeNB*。 Step 307: After the UE synchronizes the NH, the UE calculates the KeNB by using the NH. Computing side The method is KeNB*=KDF(NH, PCI, EARFCN-DL); then KeNB is updated with KeNB*, KeNB=KeNB*.
步驟 308 , UE发送切换确认消息给目标 eNB。  Step 308: The UE sends a handover confirmation message to the target eNB.
步驟 309, 目标 eNB发送路径转换请求消息给 MME。 其中目标 eNB 将自身所保存的 NCC— eNB 通知给 MME ; 目标 eNB 将其 PCI 和 EARFCN— DL通知给 MME。  Step 309: The target eNB sends a path switch request message to the MME. The target eNB notifies the MME of the NCC-eNB that it holds, and the target eNB notifies the MME of its PCI and EARFCN_DL.
步驟 310, MME在接收到来自于目标 eNB的路径转换消息后, 提取该 路径转换消息中携带的 NCC— eNB。 MME将 NCC— eNB 与自身所保存的 NCC_MME进行比较, 若相同 , MME取出与此 NCC_MME关联的 {NH, NCC}对中的 NH; 若不同, MME将计算出与接收到的 NCC— eNB相关联的 丽。  Step 310: After receiving the path switch message from the target eNB, the MME extracts the NCC-eNB carried in the path switch message. The MME compares the NCC_eNB with the NCC_MME stored by itself, and if the same, the MME extracts the NH in the {NH, NCC} pair associated with the NCC_MME; if different, the MME calculates the association with the received NCC_eNB. Li.
步驟 311 , MME在同步了 NH后, 利用该 NH计算得到 KeNB。 计算 方法为 KeNB*=KDF ( NH, PCI, EARFCN— DL;),其中, PCI和 EARFCN— DL 为目标 eNB 的 PCI 和 EARFCN— DL; 然后利用 KeNB*更新 KeNB , KeNB=KeNB*。  Step 311: After the MME synchronizes the NH, the MME calculates the KeNB by using the NH. The calculation method is KeNB*=KDF (NH, PCI, EARFCN-DL;), where PCI and EARFCN-DL are the PCI and EARFCN-DL of the target eNB; then KeNB* is used to update KeNB, KeNB=KeNB*.
步驟 312, MME在计算出 KeNB后, 将计算下一跳变的 {NH, NCC} 对。 首先将 NCC值加 1 ; 其次计算 NH, NH= KDF ( NH old, Kasme )。 此 新计算出的 {NH, NCC}对将用于下一次跳变的密钥更新。  Step 312: After calculating the KeNB, the MME calculates a {NH, NCC} pair of the next hop. First increase the NCC value by 1; then calculate NH, NH = KDF (NH old, Kasme ). This newly calculated {NH, NCC} pair will be used for the key update for the next hop.
步驟 313 , MME向目标 eNB发送路径转换请求应答消息, 其中附带新 的 NCC值和步驟 311所计算出的 KeNB。 NCC值将用于下一跳变的 UE和 MME之间的 NH同步; KeNB和 UE中保存的 KeNB保持一致。 KeNB将 被目标 eNB用于产生数据及信令用的 RRC/UP加解密密钥和完整性密钥。  Step 313: The MME sends a path switch request response message to the target eNB, where the new NCC value and the KeNB calculated in step 311 are attached. The NCC value will be used for the NH synchronization between the UE and the MME of the next hop; the KeNB and the KeNB held in the UE are consistent. The KeNB will be used by the target eNB to generate RRC/UP encryption and decryption keys and integrity keys for data and signaling.
步驟 314, 目标 eNB将保存新的 NCC值, 并使用 KeNB和自身所选择 的 EEA、 EIA计算出数据及信令用的 RRC/UP加解密密钥和完整性密钥。 目标 eNB将使用新生成的 AS安全上下文对步驟 308中所接收到的切换确 认消息进行解密和完整性验证。 In step 314, the target eNB will save the new NCC value, and use the KeNB and its selected EEA, EIA to calculate the RRC/UP encryption and decryption key and integrity key for data and signaling. The target eNB will use the newly generated AS security context for the handover received in step 308. The message is decrypted and integrity verified.
步驟 315, 目标 eNB发送释放资源消息给源 eNB。 源 eNB在接收到来 自于目标 eNB的释放资源消息后, 将删除所有的与 UE有关的 AS安全上 下文。  Step 315: The target eNB sends a release resource message to the source eNB. After receiving the release resource message from the target eNB, the source eNB deletes all AS-related security contexts associated with the UE.
从以上描述可以看出, 图 2所示密钥生成过程只是附图 3所示过程的 一个特例, 无论是第一次进行的切换就是 X2切换的过程, 还是 X2切换发 生在 UE和 eNB中已存在 AS安全上下文的情况下,本发明都能够使 X2切 换过程的流程保持一致, 并且保证了前向安全。  As can be seen from the above description, the key generation process shown in FIG. 2 is only a special case of the process shown in FIG. 3, whether the first handover is the X2 handover process, or the X2 handover occurs in the UE and the eNB. In the case where there is an AS security context, the present invention can keep the flow of the X2 handover process consistent and ensure forward security.
图 4为本发明实施例的 S1切换中密钥生成流程图, 图 4是一次 S1切 换中密钥生成和密钥分发流程,其中,为了保证 X2切换过程中的前向安全, 在 S1切换过程中也有必要使得 eNB无法获得 NH, 使源 eNB不具备推导 目标 eNB的 KeNB的能力, 具体包括以下步驟:  4 is a flowchart of key generation in S1 handover according to an embodiment of the present invention, and FIG. 4 is a key generation and key distribution process in an S1 handover, wherein, in order to ensure forward security in the X2 handover process, the handover process is performed in S1. It is also necessary to make the eNB unable to obtain the NH, so that the source eNB does not have the capability of deriving the KeNB of the target eNB, and specifically includes the following steps:
步驟 401 , UE向源 eNB发测量报告。 此时 UE、 源 eNB、 源 MME中 保持有 UE的 AS安全上下文。  Step 401: The UE sends a measurement report to the source eNB. At this time, the UE, the source eNB, and the source MME maintain the AS security context of the UE.
步驟 402, 源 eNB向源 MME发起切换需求, 切换需求相关消息中包 括源 eNB所保存的 NCC值。  Step 402: The source eNB initiates a handover request to the source MME, where the handover requirement related message includes an NCC value saved by the source eNB.
步驟 403 , 源 MME根据从源 eNB接收到的 NCC值同步 {NH, NCC} 对。 源 MME向目标 MME发送转发重定位请求消息 , 以将同步后的 {NH , NCC}对和 Kasme、 eKSI发送给目标 MME。  Step 403: The source MME synchronizes the {NH, NCC} pair according to the NCC value received from the source eNB. The source MME sends a Forwarding Relocation Request message to the target MME to send the synchronized {NH, NCC} pair and the Kasme and eKSI to the target MME.
步驟 404 , 目标 MME首先根据接收到的 {NH, NCC}对计算出 KeNB , 然后将 NCC值加 1 , 计算出新的 {NH, NCC}对。 新的 {NH, NCC}对用于 下一跳变密钥的生成。  Step 404: The target MME first calculates the KeNB according to the received {NH, NCC} pair, and then adds 1 to the NCC value to calculate a new {NH, NCC} pair. The new {NH, NCC} pair is used for the generation of the next hop key.
步驟 405, 目标 MME向目标 eNB发送切换请求消息。 该切换请求消 息中包括步驟 404中所计算出的 KeNB和新的 NCC值。 目标 MME不发送 丽给目标 e鳳 步驟 406, 目标 eNB将选择加密和完整性保护算法, 将选择好的加密 和完整性保护算法标识和 NCC值承载于切换请求应答消息中, 并发送给目 标 MME。 Step 405: The target MME sends a handover request message to the target eNB. The handover request message includes the KeNB and the new NCC value calculated in step 404. The target MME does not send 丽 to the target e phoenix Step 406: The target eNB selects an encryption and integrity protection algorithm, and the selected encryption and integrity protection algorithm identifier and the NCC value are carried in the handover request response message, and are sent to the target MME.
步驟 407, 目标 MME转发重定位响应消息给源 MME, 该重定位响应 消息中包括目标 eNB中所保存的 NCC值、 加密和完整性保护算法标识。  Step 407: The target MME forwards the relocation response message to the source MME, where the relocation response message includes the NCC value, the encryption and the integrity protection algorithm identifier saved in the target eNB.
步驟 408, 源 MME向源 eNB发切换命令, 其中包括目标 eNB中所保 存的 NCC值、 加密和完整性保护算法标识。  Step 408: The source MME sends a handover command to the source eNB, where the NCC value, the encryption and the integrity protection algorithm identifier saved in the target eNB are included.
步驟 409, 源 eNB向 UE发切换命令, 其中包括目标 eNB中所保存的 NCC值、 加密和完整性保护算法标识。  Step 409: The source eNB sends a handover command to the UE, where the NCC value, the encryption and the integrity protection algorithm identifier saved in the target eNB are included.
步驟 410, UE根据从源 eNB处接收到的 NCC值同步 {NH, NCC}对, 并利用同步好的 NH计算出 KeNB。 UE根据接收到的加密和完整性保护算 法标识以及 KeNB计算出数据及信令用的加解密密钥和完整性密钥。  Step 410: The UE synchronizes the {NH, NCC} pair according to the NCC value received from the source eNB, and calculates the KeNB by using the synchronized NH. The UE calculates the encryption and decryption key and the integrity key for data and signaling based on the received encryption and integrity protection algorithm identification and the KeNB.
步驟 411 , UE向目标 eNB发送切换确认消息。 UE和目标 eNB之间建 立起 AS安全。  Step 411: The UE sends a handover confirmation message to the target eNB. AS security is established between the UE and the target eNB.
本发明还记载了一种切换过程中密钥生成系统, 包括 MME、 基站和 UE, 其中:  The present invention also describes a key generation system in a handover process, including an MME, a base station, and a UE, where:
在 UE切换过程中 , MME使用 NH生成下一跳变的密钥 KeNB; 其中, MME生成的 NH不通知基站。  During the UE handover process, the MME uses the NH to generate a next hop key KeNB; wherein the NH generated by the MME does not notify the base station.
其中, 上述 MME和上述 UE侧各自使用目标基站所通知的 NCC值同 步下一跳变的密钥 KeNB; 以及, 所述 MME将所生成的下一跳变的密钥 KeNB通知目标基站。  The MME and the UE side respectively use the NCC value notified by the target base station to synchronize the next hop key KeNB; and the MME notifies the generated next hop key KeNB to the target base station.
上述 UE以及 MME, 使用 NH、 目标基站的小区标识和目标通用地面 无线接入 UTRA下行载频号生成下一跳变的密钥 KeNB。  The UE and the MME generate a next hop key KeNB by using the NH, the cell identifier of the target base station, and the target universal terrestrial radio access UTRA downlink carrier frequency.
上述 MME进一步用于, 根据根密钥 Kasme和 NAS UL COUNT值生 成初始下一跳变的密钥 KeNB; 并根密钥 Kasme和 KeNB初始化 NH。 优选地, 目标基站用于, 将接收自源基站的 NCC值以及所述目标基站 选择的加密和完整性保护算法通过源基站通知所述 UE; The MME is further configured to generate an initial next hop key KeNB according to the root key Kasme and the NAS UL COUNT value; and the root keys Kasme and KeNB initialize the NH. Preferably, the target base station is configured to: notify, by the source base station, the NCC value received from the source base station and the encryption and integrity protection algorithm selected by the target base station;
所述 UE用于, 确定与当前接收的 NCC值对应的 NH, 并根据所确定 的 NH生成新的 KeNB,再根据所述新的 KeNB生成加解密密钥和完整性密 钥。  The UE is configured to determine an NH corresponding to the currently received NCC value, generate a new KeNB according to the determined NH, and generate an encryption and decryption key and an integrity key according to the new KeNB.
优选地, 目标基站用于,接收到所述 UE的切换确认后, 将接收自源基 站的 NCC值通知所述 MME; 以及, 根据接收自所述 MME的 KeNB生成 加解密密钥和完整性密钥;  Preferably, the target base station is configured to: after receiving the handover confirmation of the UE, notify the MME of the NCC value received from the source base station; and generate an encryption and decryption key and an integrity key according to the KeNB received from the MME. Key
所述 MME用于, 确定与当前接收的 NCC值对应的 NH, 并根据所确 定的 NH生成新的 KeNB, 并将所述新的 KeNB通知目标基站。  The MME is configured to determine an NH corresponding to the currently received NCC value, generate a new KeNB according to the determined NH, and notify the target KeNB of the new KeNB.
或者, 优选地, 源 MME 用于, 确定接收自源基站的 NCC值对应的 NH, 并向目标 MME发送所接收的 NCC值及其对应的 NH;  Or, preferably, the source MME is configured to: determine an NH corresponding to the NCC value received from the source base station, and send the received NCC value and its corresponding NH to the target MME;
目标 MME用于, 根据所接收的 NH生成 KeNB , 并使 NCC值加一, 将所述 KeNB和加一后的 NCC值通知目标基站;  The target MME is configured to generate a KeNB according to the received NH, and increase the NCC value by one, and notify the target base station of the KeNB and the added NCC value;
目标基站用于, 选择加密和完整性算法, 并将加密和完整性算法以及 所接收的 NCC值通过目标 MME、 源 MME以及源基站通知所述 UE;  The target base station is configured to: select an encryption and integrity algorithm, and notify the UE of the encryption and integrity algorithm and the received NCC value by the target MME, the source MME, and the source base station;
所述 UE用于, 确定与当前接收的 NCC值对应的 NH, 并根据所确定 的 NH生成新的 KeNB。  The UE is configured to determine an NH corresponding to the currently received NCC value, and generate a new KeNB according to the determined NH.
本领域技术人员应当理解, 本示例切换过程中密钥生成系统中的各网 元的功能可参见前述图 1至图 4的相关描述而理解。 本发明切换过程中密 钥生成系统是在现有的网络结构基础上, 只是对相应的网元功能进行了改 进而已, 网络结构仍可参见现有网络结构而理解。  Those skilled in the art should understand that the functions of the network elements in the key generation system in the example switching process can be understood by referring to the related descriptions of the foregoing FIGS. 1 to 4. In the handover process of the present invention, the key generation system is based on the existing network structure, and only the corresponding network element function has been modified. The network structure can still be understood by referring to the existing network structure.
以上所述, 仅为本发明的较佳实施例而已, 并非用于限定本发明的保 护范围。  The above is only the preferred embodiment of the present invention and is not intended to limit the scope of the present invention.
工业实用性 本发明在 X2切换过程中, 使源 eNB不再为目标 eNB推导出下一跳变 的密钥, 源 eNB只为目标 eNB提供下一跳变计数器 NCC值。 目标 eNB使 用 NCC值令 UE和 MME两实体内的 NH保持同步, 从而使 UE和 MME 内保存相同的 KeNB。 目标 eNB使用 NCC值向 MME申请与 UE相同的 KeNB,从而保持自身的 KeNB和 UE的 KeNB保持一致。切换过程中, NH 不再离开 MME, eNB无法获得 NH, eNB也没有能力推导出 NH (计算 NH 必须拥有 Kasme ), 所以源 eNB无法获得下一跳变中目标 eNB的 KeNB, 解决了前向安全问题。 Industrial applicability In the X2 handover process, the source eNB no longer derives the next hop key for the target eNB, and the source eNB only provides the next hop variable counter NCC value for the target eNB. The target eNB uses the NCC value to keep the NHs in the UE and the MME in synchronization, so that the same KeNB is stored in the UE and the MME. The target eNB applies for the same KeNB as the UE to the MME using the NCC value, thereby keeping its own KeNB and the KeNB of the UE consistent. During the handover, the NH does not leave the MME, the eNB cannot obtain the NH, and the eNB does not have the ability to derive the NH (the calculation NH must have the Kasme). Therefore, the source eNB cannot obtain the KeNB of the target eNB in the next hop, and solves the forward security. problem.

Claims

权利要求书 Claim
1、 一种切换过程中密钥生成方法, 其特征在于, 所述方法包括: 在用户设备 UE切换过程中,网络侧使用下一跳变参数 NH生成下一跳 变的密钥 KeNB; 其中, 所述网络侧生成的 NH不通知基站。  A key generation method in a handover process, wherein the method includes: in a handover process of a user equipment UE, the network side generates a next hop key KeNB by using a next hopping parameter NH; The NH generated by the network side does not notify the base station.
2、 根据权利要求 1所述的方法, 其特征在于, 所述方法还包括: 所述网络侧和所述 UE 侧各自使用目标基站所通知的下一跳变计数器 2. The method according to claim 1, wherein the method further comprises: the network side and the UE side each using a next hopping counter notified by the target base station
NCC值同步下一跳变的密钥 KeNB; 所述网络侧将所生成的下一跳变的密 钥 KeNB通知目标基站。 The NCC value synchronizes the next hop key KeNB; the network side notifies the target base station of the generated next hop key KeNB.
3、 根据权利要求 1所述的方法, 其特征在于, 所述使用 NH生成下一 跳变的密钥 KeNB, 为:  The method according to claim 1, wherein the using the NH to generate a next hop key KeNB is:
使用 NH、 目标基站的小区标识和目标通用地面无线接入 UTRA下行 载频号生成下一跳变的密钥 KeNB。  The next hop key KeNB is generated using the NH, the cell identity of the target base station, and the target universal terrestrial radio access UTRA downlink carrier frequency number.
4、 根据权利要求 1至 3中任一项所述的方法, 其特征在于, 所述方法 还包括:  The method according to any one of claims 1 to 3, wherein the method further comprises:
初始下一跳变的密钥 KeNB由所述网络侧根据根密钥 Kasme和非接入 层上行链路计数器 NAS UL COUNT值生成;所述网络侧根据根密钥 Kasme 和 KeNB初始化丽。  The initial next hopping key KeNB is generated by the network side based on the root key Kasme and the non-access stratum uplink counter NAS UL COUNT value; the network side initializes the MN according to the root keys Kasme and KeNB.
5、 根据权利要求 1至 3中任一项所述的方法, 其特征在于, 所述方法 还包括:  The method according to any one of claims 1 to 3, wherein the method further comprises:
目标基站将接收自源基站的下一跳变计数器 NCC值以及所述目标基站 选择的加密和完整性保护算法通过源基站通知所述 UE;  The target base station notifies the UE by the source base station of the next hopping counter NCC value received from the source base station and the encryption and integrity protection algorithm selected by the target base station;
所述 UE确定与当前接收的 NCC值对应的 NH, 并根据所确定的 NH 生成新的下一跳变的密钥 KeNB, 再根据所述新的下一跳变的密钥 KeNB 分别生成用户面和信令面的加解密密钥和完整性密钥。  Determining, by the UE, the NH corresponding to the currently received NCC value, and generating a new next hopping key KeNB according to the determined NH, and generating a user plane according to the new next hopping key KeNB And the encryption and decryption key and integrity key of the signaling plane.
6、 根据权利要求 5所述的方法, 其特征在于, 所述方法还包括: 接收到所述 UE的切换确认后, 目标基站将接收自源基站的 NCC值通 知所述网络侧; The method according to claim 5, wherein the method further comprises: After receiving the handover acknowledgement of the UE, the target base station notifies the network side of the NCC value received from the source base station;
所述网络侧确定与当前接收的 NCC值对应的 NH,并根据所确定的 NH 生成新的下一跳变的密钥 KeNB,并将所述新的下一跳变的密钥 KeNB通知 目标基站;  Determining, by the network side, NH corresponding to the currently received NCC value, and generating a new next hopping key KeNB according to the determined NH, and notifying the target node of the new next hopping key KeNB ;
目标基站根据所接收到的下一跳变的密钥 KeNB分别生成用户面和信 令面的加解密密钥和完整性密钥。  The target base station generates an encryption and decryption key and an integrity key for the user plane and the message plane, respectively, based on the received next hop key KeNB.
7、 根据权利要求 1至 6任一项所述的方法, 其特征在于, 所述网络侧 为移动性管理单元 MME。  The method according to any one of claims 1 to 6, wherein the network side is a mobility management unit MME.
8、 根据权利要求 1至 3中任一项所述的方法, 其特征在于, 所述方法 还包括:  The method according to any one of claims 1 to 3, wherein the method further comprises:
源 MME确定接收自源基站的 NCC值对应的 NH, 并向目标 MME发 送所接收的 NCC值及其对应的 NH;  The source MME determines the NH corresponding to the NCC value received from the source base station, and sends the received NCC value and its corresponding NH to the target MME;
目标 MME根据所接收的 NH生成下一跳变的密钥 KeNB , 并使 NCC 值加一, 将所述下一跳变的密钥 KeNB和加一后的 NCC值通知目标基站; 目标基站选择加密和完整性算法, 并将加密和完整性算法以及所接收 的 NCC值通过目标 MME、 源 MME以及源基站通知所述 UE;  The target MME generates a next hop key KeNB according to the received NH, and increments the NCC value by one, and notifies the target base station of the next hop key KeNB and the added NCC value; the target base station selects encryption. And an integrity algorithm, and notifying the UE by the encryption and integrity algorithm and the received NCC value through the target MME, the source MME, and the source base station;
所述 UE确定与当前接收的 NCC值对应的 NH, 并根据所确定的 NH 生成新的下一跳变的密钥 KeNB。  The UE determines an NH corresponding to the currently received NCC value, and generates a new next hop key KeNB according to the determined NH.
9、 一种切换过程中密钥生成系统, 包括 MME、 基站和 UE, 其特征在 于:  9. A key generation system in a handover process, comprising an MME, a base station, and a UE, wherein:
在 UE切换过程中 , MME使用 NH生成下一跳变的密钥 KeNB; 其中, MME生成的 NH不通知基站。  During the UE handover process, the MME uses the NH to generate a next hop key KeNB; wherein the NH generated by the MME does not notify the base station.
10、 根据权利要求 9所述的系统, 其特征在于:  10. The system of claim 9 wherein:
所述 MME和所述 UE侧各自使用目标基站所通知的 NCC值同步下一 跳变的密钥 KeNB; 以及, 所述 MME将所生成的下一跳变的密钥 KeNB通 知目标基站。 The MME and the UE side respectively synchronize with the NCC value notified by the target base station. a hopping key KeNB; and the MME notifying the target base station of the generated next hop key KeNB.
11、 根据权利要求 10所述的系统, 其特征在于, 所述 UE以及 MME, 使用 NH、 目标基站的小区标识和目标 UTRA下行载频号生成下一跳变的 密钥 KeNB0 The system according to claim 10, wherein the UE and the MME generate a next hop key KeNB 0 using the NH, the cell identifier of the target base station, and the target UTRA downlink carrier frequency number.
12、 根据权利要求 9至 11中任一项所述的系统, 其特征在于: 所述 MME进一步用于 , 根据根密钥 Kasme和 NAS UL COUNT值生 成初始下一跳变的密钥 KeNB; 并根密钥 Kasme和 KeNB初始化 NH。  The system according to any one of claims 9 to 11, wherein: the MME is further configured to generate an initial next hop key KeNB according to the root key Kasme and the NAS UL COUNT value; The root keys Kasme and KeNB initialize NH.
13、 根据权利要求 9至 11中任一项所述的系统, 其特征在于: 目标基站用于, 将接收自源基站的 NCC值以及所述目标基站选择的加 密和完整性保护算法通过源基站通知所述 UE;  The system according to any one of claims 9 to 11, wherein: the target base station is configured to: pass the NCC value received from the source base station and the encryption and integrity protection algorithm selected by the target base station to the source base station Notifying the UE;
所述 UE用于, 确定与当前接收的 NCC值对应的 NH, 并根据所确定 的 NH生成新的 KeNB,再根据所述新的 KeNB生成加解密密钥和完整性密 钥。  The UE is configured to determine an NH corresponding to the currently received NCC value, generate a new KeNB according to the determined NH, and generate an encryption and decryption key and an integrity key according to the new KeNB.
14、 根据权利要求 13所述的系统, 其特征在于:  14. The system of claim 13 wherein:
目标基站用于,接收到所述 UE的切换确认后,将接收自源基站的 NCC 值通知所述 MME; 以及, 根据接收自所述 MME的 KeNB生成加解密密钥 和完整性密钥;  The target base station is configured to: after receiving the handover acknowledgement of the UE, notify the MME of the NCC value received from the source base station; and generate an encryption and decryption key and an integrity key according to the KeNB received from the MME;
所述 MME用于, 确定与当前接收的 NCC值对应的 NH, 并根据所确 定的 NH生成新的 KeNB, 并将所述新的 KeNB通知目标基站。  The MME is configured to determine an NH corresponding to the currently received NCC value, generate a new KeNB according to the determined NH, and notify the target KeNB of the new KeNB.
15、 根据权利要求 9至 11中任一项所述的系统, 其特征在于: 源 MME用于,确定接收自源基站的 NCC值对应的 NH,并向目标 MME 发送所接收的 NCC值及其对应的 NH;  The system according to any one of claims 9 to 11, wherein the source MME is configured to determine the NH corresponding to the NCC value received from the source base station, and send the received NCC value to the target MME and Corresponding NH;
目标 MME用于, 根据所接收的 NH生成 KeNB , 并使 NCC值加一, 将所述 KeNB和加一后的 NCC值通知目标基站; 目标基站用于, 选择加密和完整性算法, 并将加密和完整性算法以及 所接收的 NCC值通过目标 MME、 源 MME以及源基站通知所述 UE; 所述 UE用于, 确定与当前接收的 NCC值对应的 NH, 并根据所确定 的 NH生成新的 KeNB。 The target MME is configured to generate a KeNB according to the received NH, and increase the NCC value by one, and notify the target base station of the KeNB and the added NCC value; The target base station is configured to: select an encryption and integrity algorithm, and notify the UE of the encryption and integrity algorithm and the received NCC value by the target MME, the source MME, and the source base station; the UE is configured to determine, with the currently received The NCC value corresponds to NH, and a new KeNB is generated according to the determined NH.
PCT/CN2012/071474 2011-11-25 2012-02-22 Method and system for generating key during handover WO2013075417A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110382646.7 2011-11-25
CN201110382646.7A CN103139771B (en) 2011-11-25 2011-11-25 Key generation method and system in handoff procedure

Publications (1)

Publication Number Publication Date
WO2013075417A1 true WO2013075417A1 (en) 2013-05-30

Family

ID=48469050

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/071474 WO2013075417A1 (en) 2011-11-25 2012-02-22 Method and system for generating key during handover

Country Status (2)

Country Link
CN (1) CN103139771B (en)
WO (1) WO2013075417A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102078866B1 (en) * 2013-08-09 2020-02-19 삼성전자주식회사 SCHEME FOR Security key management for PDCP distribution in dual connectivity
WO2015113197A1 (en) * 2014-01-28 2015-08-06 华为技术有限公司 Apparatus and method for encrypting data
WO2018227431A1 (en) * 2017-06-14 2018-12-20 Zte Corporation Methods and computing device for obtaining a security key for access to a wireless network
EP3682667B1 (en) 2017-09-15 2023-12-27 Telefonaktiebolaget LM Ericsson (Publ) Security context in a wireless communication system
CN108337661B (en) * 2018-01-04 2020-05-19 西南交通大学 LTE-R vehicle-ground communication access layer switching authentication method based on bill
CN110830988B (en) * 2018-08-08 2023-08-15 维沃移动通信有限公司 Security updating method, network equipment and terminal

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101772100A (en) * 2008-12-29 2010-07-07 中国移动通信集团公司 Key updating method, equipment and system for switching base station eNB in LTE (Long Term Evolution) system
CN102027769A (en) * 2008-09-22 2011-04-20 株式会社Ntt都科摩 Mobile communication method
CN102244862A (en) * 2010-05-10 2011-11-16 北京三星通信技术研究有限公司 Method for acquiring security key

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2424795B (en) * 2005-03-31 2007-04-18 Motorola Inc Apparatus and method for controlling a radio bearer reconfiguration

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102027769A (en) * 2008-09-22 2011-04-20 株式会社Ntt都科摩 Mobile communication method
CN101772100A (en) * 2008-12-29 2010-07-07 中国移动通信集团公司 Key updating method, equipment and system for switching base station eNB in LTE (Long Term Evolution) system
CN102244862A (en) * 2010-05-10 2011-11-16 北京三星通信技术研究有限公司 Method for acquiring security key

Also Published As

Publication number Publication date
CN103139771A (en) 2013-06-05
CN103139771B (en) 2018-03-30

Similar Documents

Publication Publication Date Title
EP3576446B1 (en) Key derivation method
CN109922051B (en) Method and system for enabling secure communication for inter-ENB transmission
US11658817B2 (en) Security key usage across handover that keeps the same wireless termination
KR101463671B1 (en) Local security key update at a wireless communication device
EP2663107B1 (en) Key generating method and apparatus
US20170359719A1 (en) Key generation method, device, and system
JP5774096B2 (en) Air interface key update method, core network node, and radio access system
WO2011137805A1 (en) Method, apparatus and system for security processing in switch process
Forsberg LTE key management analysis with session keys context
JP2011526097A (en) Traffic encryption key generation method and update method
WO2011127791A1 (en) Method and system for establishing enhanced key when terminal moves to enhanced universal terrestrial radio access network(utran)
KR20100114927A (en) System and method for performing key management while performing handover in a wireless communication system
WO2011085682A1 (en) Method and system for updating air interface keys
JP2010045692A (en) Mobile communication method, radio base station, and mobile station
WO2013075417A1 (en) Method and system for generating key during handover
WO2007022727A1 (en) A method and system for transmitting authorization key context information
EP2648437B1 (en) Method, apparatus and system for key generation
KR20150103063A (en) Method for synchronizing encryption information between scell and ue
JP2013541864A (en) Air interface key update method, core network node, and user equipment
JP2011515904A (en) System and method for performing handover or key management during handover in a wireless communication system
JP2017524273A (en) Protection of WLCP message exchange between TWAG and UE
WO2011143977A1 (en) Method and system for establishing enhanced keys when terminal moves to enhanced universal terrestrial radio access network (utran)
WO2011127775A1 (en) Update method for air interface key and radio access system
Nguyen et al. An pre-authentication protocol with symmetric keys for secure handover in mobile WiMAX networks
US8713317B2 (en) Method and system for encrypting data in a wireless communication system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12852268

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12852268

Country of ref document: EP

Kind code of ref document: A1