WO2014110908A1 - Procédé de transmission de données sécurisée et système de réseau d'accès lte - Google Patents

Procédé de transmission de données sécurisée et système de réseau d'accès lte Download PDF

Info

Publication number
WO2014110908A1
WO2014110908A1 PCT/CN2013/083505 CN2013083505W WO2014110908A1 WO 2014110908 A1 WO2014110908 A1 WO 2014110908A1 CN 2013083505 W CN2013083505 W CN 2013083505W WO 2014110908 A1 WO2014110908 A1 WO 2014110908A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
lte
lpn
menb
user equipment
Prior art date
Application number
PCT/CN2013/083505
Other languages
English (en)
Chinese (zh)
Inventor
王昕�
和峰
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2014110908A1 publication Critical patent/WO2014110908A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement

Definitions

  • the present invention relates to the field of mobile communications, and in particular, to a data security transmission method and a Long Term Evolution (LTE) access network system.
  • LTE Long Term Evolution
  • LPN Long PN backhaul
  • the enhancements in LPN deployment have been identified by the Third Generation Partnership Projects (3GPP) as one of the most interesting topics in future network development.
  • 3GPP Third Generation Partnership Projects
  • the deployment of LPN in the coverage of the macro network is very different from the traditional macro network in terms of transmission, mobility, security and interference.
  • the demand for large data volume and high mobility; and due to practical limitations and historical factors, the selection of LPN backhaul (Backhaul) is also diverse, and the characteristics of each interface are different, and the macro network The coordination interaction is limited.
  • the present invention provides a data security transmission method and an LTE access network system, to at least solve the related art lacking a heterogeneous network in which a macro base station and a low power node are deployed, to provide a joint transmission service for the UE.
  • the present invention provides a data security transmission method for a heterogeneous network based on an LTE system.
  • the heterogeneous network includes: an LTE core network, an LTE access network, and an LTE user equipment.
  • One or more LTE access networks are deployed.
  • the macro base station MeNB has one or more low-power nodes LPNs deployed in the coverage of the MeNB.
  • the method includes: when the LTE user equipment accesses the MeNB, the MeNB acquires the base station key from the LTE core network, and generates the base station key according to the base station key.
  • An access layer key and through the control plane interface with the LTE user equipment, encrypts the corresponding control plane information and user data by using the first access layer key, and performs integrity protection on the corresponding control plane information And then sent to the LTE user equipment; the MeNB determines a traffic off policy of the user data of the LTE user equipment, and sends a multi-stream transmission service for the LTE user equipment to the corresponding LPN through the backward link interface between the MeNB and the LPN.
  • the MeNB receives the request response sent by the LPN, and receives the request response from the core network according to the offload policy
  • a part of the user data is encrypted by using the first access layer key to encrypt the corresponding user data and then sent to the LTE user equipment through the user plane interface with the LTE user equipment, and the other part of the user data is passed through the backward chain.
  • the road interface is sent to the LPN.
  • the LPN encrypts the corresponding user data by using the second access layer key, and sends the encrypted user data to the LTE user equipment through the user plane interface with the LTE user equipment.
  • the first access layer key comprises: a user plane encryption key for user plane data encryption, and a control plane encryption key for control plane signaling encryption and/or for control plane signaling integrity Protected control plane integrity protection key.
  • the method further includes: receiving, by the LPN, a measurement plane interface between the LTE user equipment and the LTE user equipment, and receiving the measurement result information reported by the LTE user equipment, and adjusting the scheduling of the LTE user equipment according to the measurement result information.
  • the second access layer key includes: a user plane encryption key for user plane data encryption; and between the LPN and the LTE user equipment.
  • the user interface interface and the control plane interface, the second access layer key includes: a user plane encryption key for user plane data encryption, and a control plane encryption key for control plane signaling encryption and/or for Control plane integrity protection key for control plane signaling integrity protection.
  • the first access layer key is the same as or different from the second access layer key; when the first access layer key is different from the second access layer key, the LTE user equipment needs to support two Set of security algorithms.
  • the offloading policy of the user data by the MeNB includes: determining, by the MeNB, a traffic offloading policy of the user data by using the radio bearer as the split granularity according to the network load and the measurement result information reported by the LTE user equipment.
  • the protocol form of the offloading policy includes: a data packet aggregation protocol entity for performing security protection, and each lower layer protocol entity respectively configured on the MeNB and the LPN, wherein each The lower layer protocol entities include: a radio link control sublayer, a medium access control sublayer, and a physical layer.
  • the method further includes: in a multi-stream transmission service process, when the key update is required according to the requirements of the operator, the LTE core network, or the LTE access network, the MeNB sends the secret to the LPN through the backward link interface.
  • the key update indication indicates that the key update indication carries a new access layer key; the MeNB receives the key update response that the LPN feeds back through the backward link interface, and notifies the LTE through the control plane interface between the LTE user equipment and the LTE user equipment. Update of the user device key.
  • the present invention also provides an LTE access network system in which one or more macro base stations MeNB are deployed in the LTE access network, and one or more low power nodes LPN are deployed within the coverage of the MeNB: MeNB, which is set to When the LTE user equipment accesses the MeNB, the base station key is obtained from the LTE core network, the first access layer key is generated according to the base station key, and the first access layer is used through the control plane interface with the LTE user equipment.
  • the key encrypts the corresponding control plane information and the user data, and performs integrity protection on the corresponding control plane information, and then sends the information to the LTE user equipment; determines a traffic splitting strategy of the user data of the LTE user equipment, and passes the LPN through the LPN.
  • a backward link interface sending a request message for providing a multi-stream transmission service for the LTE user equipment, control plane information required by the LPN, and a second access layer key to the corresponding LPN; receiving the request response sent by the LPN
  • the splitting policy a part of the user data received from the core network is used to interface with the LTE user equipment, and the first access layer key is used to input the corresponding user data.
  • the LTE user equipment After being encrypted, the LTE user equipment is sent to the LTE user equipment, and another part of the user data is sent to the LPN through the backward link interface.
  • the LPN is configured to receive the request message sent by the MeNB for providing the multi-stream transmission service for the LTE user equipment, and send the request message to the MeNB. Requesting a response; encrypting the corresponding user data by using the second access layer key, and transmitting the encrypted user data to the LTE user equipment through the user plane interface with the LTE user equipment.
  • the first access layer key comprises: a user plane encryption key for user plane data encryption, and a control plane encryption key for control plane signaling encryption and/or for control plane signaling integrity. Control surface integrity protection key for sexual protection.
  • the foregoing LPN is further configured to: receive, through its control plane interface with the LTE user equipment, receive
  • the second access layer key includes: a user plane encryption key for user plane data encryption; and between the LPN and the LTE user equipment.
  • the user interface interface and the control plane interface the second access layer key includes: a user plane encryption key for user plane data encryption, and a control plane encryption key for control plane signaling encryption and/or for Control plane integrity protection key for control plane signaling integrity protection.
  • the first access layer key is the same as or different from the second access layer key; when the first access layer key is different from the second access layer key, the LTE user equipment needs to support two Set of security algorithms.
  • the foregoing MeNB is configured to: determine, according to the network load and the measurement result information reported by the LTE user equipment, the traffic offloading policy of the user data by using the radio bearer as the split granularity.
  • the protocol form of the offloading policy includes:
  • the MeNB and the LPN are respectively provided with a data packet aggregation protocol entity for performing security protection, and each lower layer protocol entity, wherein each lower layer protocol entity includes: a radio link control sublayer, a media access control sublayer, and a physical layer.
  • each lower layer protocol entity includes: a radio link control sublayer, a media access control sublayer, and a physical layer.
  • the foregoing MeNB is further configured to: when the key update is required according to the requirements of the operator, the LTE core network, or the LTE access network, send the secret to the LPN through the backward link interface in the multi-stream transmission service process.
  • the key update indication carries a new access layer key; receives the key update response that the LPN feeds back through the backward link interface, and notifies the LTE user through the control plane interface between the LPN and the LTE user equipment Update of the device key.
  • the beneficial effects of the present invention are as follows: In the embodiment of the present invention, a part of user data can be offloaded to an LPN for transmission by a heavily loaded MeNB.
  • the signaling in the handover process can be reduced, and the message load of the network is reduced.
  • the bandwidth widening of the multi-carrier transmission can better meet the requirements of the large data volume service, and the distance.
  • the more recent LPN transmission is also more power efficient, and the system architecture improves the user experience.
  • the key is transmitted to the LPN through the macro base station in the heterogeneous access network.
  • the transmission on the radio link between the LPN and the UE can implement the configured security protection function, which ensures the security performance of the system architecture.
  • the technical solution of the embodiment of the present invention can provide a good joint transmission service for the UE securely and reliably.
  • FIG. 1 is a schematic diagram of a node deployment scenario according to an embodiment of the present invention.
  • FIG. 2 is a schematic diagram of a system architecture of the present invention
  • FIG. 3 is a flowchart of a data security transmission method according to an embodiment of the present invention
  • FIG. 5 is a schematic diagram of a user plane and a control plane protocol in the embodiment of the present invention
  • FIG. 6 is a signaling flowchart of the example 1 of the embodiment of the present invention
  • Figure 7 is a signaling flow chart of Example 2 of the embodiment of the present invention
  • Figure 8 is a signaling flow chart of Example 3 of the embodiment of the present invention
  • Figure 9 is a schematic structural diagram of an LTE access network system according to an embodiment of the present invention.
  • the present invention provides a heterogeneous network in which a macro base station and a low power node are deployed to provide a joint for the UE.
  • the system architecture of the transport service and the scheme for realizing secure transmission of data in the architecture are provided.
  • a data security transmission method is provided for a heterogeneous network based on a Long Term Evolution (LTE) system, where the heterogeneous network includes: an LTE core network, an LTE access network, and an LTE user equipment, and LTE access One or more macro base stations MeNB are deployed in the network, and one or more low power nodes LPN are deployed within the coverage of the MeNB.
  • LTE Long Term Evolution
  • FIG. 1 is a schematic diagram of a node deployment scenario according to an embodiment of the present invention.
  • one or more LPNs are deployed in a coverage area of a MeNB (eg, in a hotspot area), and the LPN may be a low-power micro base station ( Pico eNB), Relay Node or Home Base Station (HeNB).
  • the Backhaul interface between the LPN and the MeNB may be a wired interface (such as a fiber) or a wireless interface (such as an Un port).
  • 2 is a schematic diagram of a system architecture of the present invention. As shown in FIG.
  • the system includes an LTE core network (Core Network, abbreviated as CN), an LTE access network composed of an MeNB and an LPN, and a multi-data transmission and reception mechanism.
  • LTE user equipment The LTE core network is the same as the core network of the existing LTE network.
  • the LTE access network includes an MeNB and an LPN.
  • the MeNB and the core network and the UE are respectively connected to the existing Control Plane (CP) and User Plane (UP).
  • the LPN and the UE can be UP or UP.
  • the CP is connected, and the MeNB and the LPN are Backhaul interfaces (wired or wireless) that can transmit control signaling and user data.
  • FIG. 3 is a flowchart of a data security transmission method according to an embodiment of the present invention.
  • a data security transmission method includes the following processing: Step 301: When an LTE user equipment accesses an MeNB, the MeNB The core network obtains the base station key, generates the first access layer key according to the base station key, and uses the first access layer key pair to control the corresponding control plane information and user data through the control plane interface with the LTE user equipment. Performing encryption, and performing integrity protection on the corresponding control plane information, and then sending the information to the LTE user equipment; that is, before the offloading, the MeNB and the LTE user equipment perform normal user data interaction and control signaling interaction according to the prior art. .
  • the first access layer key includes: a user plane encryption key for user plane data encryption, and a control plane encryption key for control plane signaling encryption and/or for control plane signaling integrity protection.
  • the control plane integrity protects the key.
  • the MeNB determines the traffic policy of the user data, including: the MeNB according to at least the network load and the measurement result information reported by the LTE user equipment (the MeNB may also be based on other information) , with radio bearer A shunting policy for determining user data for the shunt granularity.
  • the protocol form of the offloading policy includes: a packet aggregation protocol entity for performing security protection on the MeNB and the LPN, and each lower layer protocol entity, wherein each lower layer The protocol entity includes: a radio link control sublayer, a medium access control sublayer, and a physical layer.
  • Step 303 The MeNB receives the request response sent by the LPN, and uses a first access layer key to the corresponding user by using a part of the user data received from the core network according to the splitting policy.
  • the data is encrypted and sent to the LTE user equipment, and another part of the user data is sent to the LPN through the backward link interface.
  • the LPN encrypts the corresponding user data by using the second access layer key, and passes through the data.
  • the user plane interface with the LTE user equipment sends the encrypted user data to the LTE user equipment.
  • the LPN can receive the measurement result information reported by the LTE user equipment by using the control plane interface with the LTE user equipment, and adjust the scheduling of the LTE user equipment according to the measurement result information.
  • the second access layer key includes: a user plane encryption key used for user plane data encryption; between the LPN and the LTE user equipment.
  • the second access layer key includes: a user plane encryption key for user plane data encryption, and a control plane encryption key for control plane signaling encryption and/or Control plane integrity protection key for control plane signaling integrity protection.
  • the first access layer key is the same as or different from the second access layer key; when the first access layer key is different from the second access layer key, LTE User equipment needs to support two sets of security algorithms.
  • the MeNB in the multi-stream transmission service process, when the key update is required according to the requirements of the operator, the LTE core network, or the LTE access network, the MeNB needs to send the secret to the LPN through the backward link interface.
  • the key update indication indicates that the key update indication carries a new access layer key; the MeNB receives the key update response that the LPN feeds back through the backward link interface, and notifies the LTE through the control plane interface between the LTE user equipment and the LTE user equipment. Update of the user device key.
  • the MeNB is responsible for all control signaling with the UE, and on the other hand is responsible for the control plane information required by the LPN, so that the LPN can hold the necessary UE context information, configure each protocol layer, and implement the UE.
  • Effective scheduling preferably, the LPN and the UE may also have a CP connection (there may be an existing CP connection) Part of the function), so as to obtain more timely information such as the measurement results of the UE, so as to quickly adjust the scheduling strategy.
  • the MeNB sends a part of the UE user data received from the core network to the UE through the UP connection between the UE and the UE according to the splitting policy determined by the user, and the other part is sent to the LP through the Backhaul interface, and then the LPN
  • the prior art is sent to the UE through an air interface.
  • the UE data offload policy determined by the MeNB may be a radio bearer (Radio Bearer, referred to as
  • RB is a traffic-split granularity, that is, for services with different Quality of Service (QoS), the MeNB may decide to transmit it to the UE through different carrier links according to its QoS characteristics. For example, real-time services (such as voice) are transmitted on the link between the MeNB and the UE, and services with large data volume and delay tolerance (such as video download) are offloaded to the LPN and then transmitted to the UE.
  • QoS Quality of Service
  • FIG. 4 is a schematic diagram of a feasible protocol form of a traffic offloading policy according to an embodiment of the present invention. As shown in FIG. 4, the MeNB includes the MeNB to transmit the offloaded data to the LPN and then to the user plane part of the UE (upstream data).
  • the Backhaul interface protocol between the MeNB and the LPN may be in other forms depending on the wired/wireless characteristics of the specific interface (for example, the GTP-U may also be replaced by other protocols).
  • PDCP Packet Data Convergence Protocol
  • the network side has a Packet Data Convergence Protocol (PDCP) entity and the following lower layer protocol entities (Radio Link Control (Radio Link Control).
  • PDCP Packet Data Convergence Protocol
  • the RLC, the Medium Access Control (MAC), and the Physical Layer (PHY) are located at the MeNB and the LPN.
  • the MeNB with heavy load can offload part of the user data to the LPN for transmission.
  • the signaling in the handover process can be reduced, and the message load of the network is reduced.
  • the multi-carrier transmission is performed.
  • the bandwidth widening can better meet the needs of large data services, and the power consumption is also more efficient with LPN transmissions that are closer.
  • the system architecture improves the user experience. In the process of message transmission between the user and the access network through the wireless interface, the network side needs to provide sufficient security protection mechanism to prevent the message from being intercepted and easily cracked by the attacker.
  • the MeNB when the UE is attached to the network, the MeNB acquires a base station key (eNB Key, denoted as K ⁇ B) from the core network and/or derives an access stratum key (AS Key for short). ).
  • the AS Key includes a user plane encryption key (UP Key, K UPen .), a control plane encryption key (RRC Key, K RRCen .), and a control plane security key (RRC Key, K RRCmt ), which are respectively used for the user plane. Encryption of data, encryption of control plane signaling, and integrity protection of control plane signaling.
  • the MeNB uses the AS Key and the corresponding encryption/guarantee algorithm to provide configuration security protection for the sending information, and after receiving the UE, the UE performs processing such as decryption/integrity verification according to the corresponding key and algorithm.
  • the functions are all located in the PDCP layer of the protocol.
  • the LPN is only a cooperative base station that performs the offload data transmission task in the access network, and does not have direct information interaction with the core network; and because the MeNB and the LPN use the RB as the offload granularity for data offloading and The joint data transmission service is provided to the UE.
  • the PDCP layer is located at the MeNB and the LPN, respectively.
  • the embodiment of the present invention proposes the following solutions:
  • the LPN obtains a security key (AS Key) from the MeNB, and performs corresponding security protection according to the configuration of the offloaded data and the possible control signaling transmitted on the radio interface.
  • the security key refers to the AS Key derived by the MeNB according to K ⁇ B, and the MeNB determines the AS Key used for transmitting to the LPN and the AS Key used by the MeNB according to the network configuration and the UE capability (supporting one/two sets of security contexts). Is it consistent?
  • the security key is different according to the specific traffic distribution mode: if only the transmission of the offload data between the LPN and the UE (that is, only UP), the AS Key only includes the UP Key, that is, K UP; if there is a split between the LPN and the UE
  • the transmission of data and control signaling ie having UP and CP, even if only part of the CP
  • the AS key includes all UP Keys and RRC Keys, ie K Upenc , and at least one of K RRCenc and K RRCmt .
  • the conditions for the LPN to obtain the security key from the MeNB are as follows (but not limited to):
  • the MeNB transmits the necessary information such as the offloading bearer and the security key to the LPN through the Backhaul interface;
  • the key is updated, that is, in the process of the joint transmission service, according to the requirement of the operator, the core network or the MeNB/LPN itself to update the UE key, the MeNB transmits the updated security key to the LPN through the Backhaul interface.
  • the key is transmitted to the LPN through the macro base station in the heterogeneous access network, so that the transmission on the radio link between the LPN and the UE can be configured.
  • the security protection function guarantees the security performance of the system architecture.
  • Example 1 The MeNB and the LPN are deployed in the network. These two nodes constitute the access network of the system architecture of the present invention, and the LPN bears the transmission of the offloaded data. At the network side, it is decided to provide the UE with cross-base station multi-stream joint transmission service.
  • Step 1 The UE accesses the macro cell established by the MeNB according to the existing LTE procedure, and A CP connection (RRC Connection) that can transmit control plane information and an UP connection that can transmit user data are established.
  • the MeNB obtains the KeNB from the core network, and derives the AS Key (including the UP Key and the RRC Key), and utilizes the AS.
  • Step 2 The MeNB decides to offload a certain data bearer of the UE to the LPN according to the network load and the measurement report of the UE, and the remaining bearers are still transmitted on the radio link between the MeNB and the UE.
  • the MeNB transmits the necessary UE context and the like to the LPN through the Backhaul interface to request to provide the multi-stream transmission service for the UE.
  • the information may be carried in a message called a “bearer setup request” (may be other existing The message, or a new message, which is the same as the processing of the message name mentioned below, includes the relevant parameters of the offloading bearer, the security capabilities of the UE, and the like.
  • the message should carry an AS Key derived by the MeNB according to the KeNB. In this example, there is only an UP connection between the LPN and the UE (as shown in FIG.
  • the AS Key transmitted by the MeNB to the LPN only includes the UP Key (such as KUPenc).
  • the AS Key transmitted by the MeNB to the LPN may be the same as or different from the AS Key used by the MeNB itself. If the two AS keys are different, the MeNB must know that the UE can support two different security contexts, that is, the messages sent/received by the UE on the two wireless carriers with the MeNB and the LPN are respectively encrypted/decrypted using different security keys. And integrity protection/verification.
  • the LPN agrees to the post-establishment reply response message of the offload bearer, which may be referred to as a "bearer setup response" message, and the message may carry a list of the admission bearers and specific configurations of the UE protocol layers.
  • Step 3 After receiving the consent splitting response message of the LPN reply, the MeNB notifies the UE to access the cell established by the LPN.
  • the UE only has an UP connection with the LPN, and the user data transmitted on the wireless carrier has a key (KUPenc) and an encryption protection according to the configuration, that is, the sender (such as the MeNB or the LPN).
  • the user data interacting with the wireless link on the receiving end can be encrypted and decrypted separately by using a valid key and a known algorithm, and the security performance requirements of the network are guaranteed.
  • Example 2 Same as the deployment scenario of instance 1. In the service process in which the MeNB and the LPN provide joint transmission for the UE, the MeNB side updates the key, and then it needs to notify the LPN of the updated key, so that its effective execution Line security features.
  • FIG. 7 is a signaling flowchart of Embodiment 2 of the embodiment of the present invention. As shown in FIG. 7, the following may be included. Step 1 In the system architecture of the embodiment of the present invention, a wireless connection between the UE and the MeNB and the LPN is respectively implemented.
  • the UE and the MeNB are the same as the prior art, and the CP and the UP are connected.
  • an UP connection is established between the UE and the LPN.
  • the LPN pairs the data transmitted between the UE and the UP Key (KUPenc) obtained from the MeNB.
  • KUPenc UP Key
  • the algorithm performs security protection for encryption/decryption.
  • Step 2 During the process of the UE being connected to the network, the key may be updated according to the requirements of the operator, the core network, or the access network itself. Then, after updating the own key, the MeNB needs to update the key. The key is notified to the LPN.
  • the information can be carried in a message called a "key update indication" and passed to the LPN via the Backhaul interface.
  • the message may also carry an indication of whether the key is updated, and the updated key.
  • This example takes the UP connection between the LPN and the UE as an example. Therefore, the message carries the updated UP Key (such as KUPenc').
  • the New AS Key transmitted by the MeNB to the LPN may be the same as or different from the New AS Key used by the MeNB itself.
  • the MeNB must know that the UE can support two different security contexts, that is, the data transmitted/received by the UE on the two wireless carriers with the MeNB and the LPN are respectively encrypted/decrypted using different security keys. . It should be noted that when the MeNB and the LPN use different keys, only the LPN side needs to update the key at a time and the MeNB does not need the requirement. Then, the MeNB derives the updated key for the LPN and then notifies the LPN ( Because the MeNB and the LPN in this architecture will exchange some necessary information related to data packet transmission in real time, the MeNB will know the need to update the key on the LPN side in time.
  • the LPN may reply to the response message after successfully updating the key, such as a message called "Key Update Response".
  • the MeNB also needs to notify the UE of the update of the key.
  • the service for cross-base station offload joint transmission may be continued, and the data exchanged between the UE and the LPN in the access network uses a new key and algorithm for encryption/decryption security protection.
  • Example 3 Same as the deployment scenario of instance 1. In the architecture in which the MeNB and the LPN provide the UE with the inter-base station multi-stream joint transmission service, this embodiment takes the CP and the UP connection between the LPN and the UE as an example.
  • FIG. 8 is a signaling flowchart of Example 3 of the embodiment of the present invention. As shown in FIG. 8, the following may be included: Step 1: When the MeNB decides to provide a multi-stream transmission service across the base station for the UE accessing the cell, the MeNB determines that Information such as the UE context is transmitted to the LPN through the Backhaul interface, as carried in the "bearer setup request" message. In addition to the necessary information about the offloading bearer related parameters and the security capabilities of the UE, the message also needs to include the AS Key derived by the MeNB according to the KeNB.
  • the AS Key transmitted by the MeNB to the LPN needs to include the UP Key and the RRC Key (KUpenc, and at least one of KRRCenc and KRRCint).
  • the AS Key transmitted by the MeNB to the LPN may be the same as or different from the AS Key used by the MeNB itself. If the two AS Keys are different, then the MeNB must know that the UE can support two different sets of security contexts.
  • Step 3 In the process of the multi-stream service, if the network side (including the operator, the core network, the MeNB, and the LPN) has a need to update the key, the MeNB needs to notify the LPN of the updated key.
  • the information can be carried in a message called a "key update indication" and passed to the LPN via the Backhaul interface.
  • the message carries an indication of "whether the key is updated” and the updated key.
  • This example takes the example of an UP and RRC connection between the LPN and the UE. Therefore, the New AS Key transmitted by the MeNB to the LPN needs to include the UP Key and the RRC Key (KUpenc', and at least one of KRRCenc' and KRRCint').
  • the New AS Key transmitted by the MeNB to the LPN may be the same as or different from the New AS Key used by the MeNB itself.
  • the MeNB must know that the UE can support two different sets of security contexts.
  • the LPN may reply to the response message after successfully updating the key, such as a message called "Key Update Response".
  • the MeNB needs to notify the UE of information such as update of the key and change of the protocol layer configuration.
  • the service of the cross-base station offload joint transmission may be continued, and the UE and the access network
  • the user data and control signaling that the MeNB interacts with the LPN uses the new key and algorithm to perform effective encryption and secure security protection according to the configuration.
  • a part of user data can be offloaded to the LPN for transmission by the heavily loaded MeNB, and the UE can also reduce the signaling in the handover process when moving between the Small cells.
  • the key is transmitted to the LPN through the macro base station in the heterogeneous access network, so that the transmission on the radio link between the LPN and the UE can implement the configured security protection function. , to ensure the security of the system architecture.
  • an LTE access network system is provided.
  • One or more macro base stations MeNB are deployed in an LTE access network, and one or more low-power nodes are deployed in a coverage area of the MeNB.
  • LPN preferably, FIG. 1 is a schematic diagram of a node deployment scenario according to an embodiment of the present invention. As shown in FIG. 1, one or more LPNs are deployed in the coverage of the MeNB (such as in a hotspot area), and the LPN may be a low power micro.
  • a base station Pico eNB
  • a relay node Relay Node
  • HeNB home base station
  • the Backhaul interface between the LPN and the MeNB can be a wired interface (such as a fiber) or a wireless interface (such as an Un port).
  • 2 is a schematic diagram of a system architecture of the present invention.
  • the system includes an LTE core network (Core Network, abbreviated as CN), an LTE access network composed of an MeNB and an LPN, and a multi-data transmission and reception mechanism.
  • LTE user equipment is the same as the core network of the existing LTE network.
  • the LTE access network includes an MeNB and an LPN.
  • FIG. 9 is a schematic structural diagram of an LTE access network system according to an embodiment of the present invention.
  • an LTE access network according to an embodiment of the present invention includes: an MeNB 90, and an LPN 92.
  • the following modules are used in the embodiments of the present invention. Carry out detailed instructions.
  • the MeNB 90 is configured to: when the LTE user equipment accesses the MeNB 90, acquire a base station key from the core network, generate a first access layer key according to the base station key, and interface with a control plane between the LTE user equipment and the LTE user equipment, Encrypting the corresponding control plane information and the user data by using the first access layer key, and performing integrity protection on the corresponding control plane information, and then sending the information to the LTE user equipment; determining a traffic splitting strategy of the user data of the LTE user equipment, And through its backward link interface with the LPN 92, send a request message for providing a multi-stream transmission service for the LTE user equipment, control plane information required by the LPN 92, and a second access layer confidentiality to the corresponding LPN 92.
  • the first access layer key includes: user plane encryption for user plane data encryption. Key, and control plane encryption key for control plane signaling encryption and/or control plane integrity protection key for control plane signaling integrity protection.
  • the foregoing MeNB 90 is configured to: determine, according to the network load and the measurement result information reported by the LTE user equipment, the traffic offloading policy of the user data by using the radio bearer as the split granularity.
  • the protocol form of the offloading policy includes: the MeNB 90 and the LPN 92 are respectively provided with a packet aggregation protocol entity for performing security protection, and each lower layer protocol entity, wherein each lower layer protocol The entity includes: a radio link control sublayer, a medium access control sublayer, and a physical layer.
  • the foregoing MeNB 90 is further configured to: send a key to the LPN 92 through the backward link interface when the key update is required according to the requirements of the operator, the LTE core network, or the LTE access network in the multi-stream transmission service process.
  • the update indication, the key update indication carries a new access layer key; receives the key update response that the LPN 92 feeds back through the backward link interface, and notifies the LTE user through the control plane interface between the LTE user equipment and the LTE user equipment Update of the device key.
  • the LPN 92 is configured to receive a request message that is sent by the MeNB 90 to provide a multi-stream transmission service for the LTE user equipment, and send a request response to the MeNB 90; use the second access layer key to encrypt the corresponding user data, and pass the same
  • the user plane interface with the LTE user equipment sends the encrypted user data to the LTE user equipment.
  • the LPN 92 is further configured to: receive, by using a control plane interface with the LTE user equipment, the measurement result information reported by the LTE user equipment, and adjust the scheduling of the LTE user equipment according to the measurement result information.
  • the second access layer key includes: a user plane encryption key used for user plane data encryption; and the LPN 92 and the LTE user equipment.
  • the second access layer key includes: a user plane encryption key for user plane data encryption, and a control plane encryption key for control plane signaling encryption and/or Or control plane integrity protection key for control plane signaling integrity protection.
  • the first access layer key is the same as or different from the second access layer key; when the first access layer key is different from the second access layer key, the LTE user
  • the device needs to support two sets of security algorithms.
  • the MeNB is responsible for all control signaling with the UE, and on the other hand is responsible for the control plane information required by the LPN, so that the LPN can hold the necessary UE context information, configure each protocol layer, and implement the UE. An effective scheduling is performed.
  • the LPN and the UE may also have a CP connection (which may be part of the function of the existing CP connection), so as to obtain information such as measurement results of the UE in a timely manner, so as to quickly adjust the scheduling policy.
  • the MeNB sends a part of the UE user data received from the core network to the UE through the UP connection between the UE and the UE according to the splitting policy determined by the user, and the other part is sent to the LP through the Backhaul interface, and then the LPN
  • the prior art is sent to the UE through an air interface.
  • the MeNB may determine that the UE data offloading policy may be a radio bearer (Radio Bearer, RB for short), that is, for a service with different quality of service (QoS), the MeNB may Its QoS characteristics determine that it is transmitted to the UE through different carrier links. For example, real-time services (such as voice) are transmitted on the link between the MeNB and the UE, and services with large data volume and delay tolerance (such as video download) are offloaded to the LPN and then transmitted to the UE.
  • FIG. 4 is a schematic diagram of a feasible protocol form of a traffic offloading policy according to an embodiment of the present invention. As shown in FIG.
  • the MeNB includes the MeNB to transmit the offloaded data to the LPN and then to the user plane part of the UE (upstream data). Then reverse); the interface between the MeNB and the LPN, and the control plane portion of the interface between the possible LPN and the UE.
  • the Backhaul interface protocol between the MeNB and the LPN may be in other forms depending on the wired/wireless characteristics of the specific interface (for example, the GTP-U may also be replaced by other protocols). It can be seen that when the RB is used as the offloading granularity, the network side has a Packet Data Convergence Protocol (PDCP) entity and the following lower layer protocol entities (Radio Link Control (Radio Link Control).
  • PDCP Packet Data Convergence Protocol
  • Radio Link Control Radio Link Control
  • FIG. 5 is a schematic diagram of a user plane and a control plane protocol in the embodiment of the present invention.
  • the MeNB with heavy load can offload part of the user data to the LPN for transmission.
  • the signaling in the handover process can be reduced, and the message load of the network is reduced.
  • the multi-carrier transmission is performed.
  • the bandwidth widening can better meet the needs of large data services, and the power consumption is also more efficient with LPN transmissions that are closer.
  • the system architecture improves the user experience.
  • the network side needs to provide sufficient security protection mechanism to prevent the message from being intercepted and easily cracked by the attacker.
  • the MeNB acquires the base station key (eNB Key, denoted as K ⁇ B) and/or from the core network, and derives the connection.
  • Access Stratum Key (AS Key).
  • the AS Key includes a user plane encryption key (UP Key, K UPen .), a control plane encryption key (RRC Key, K RRCen .), and a control plane security key (RRC Key, K RRCmt ), which are respectively used for the user plane.
  • the MeNB uses the AS Key and the corresponding encryption/guarantee algorithm to provide configuration security protection for the sending information, and after receiving the UE, the UE performs processing such as decryption/integrity verification according to the corresponding key and algorithm.
  • the functions are all located in the PDCP layer of the protocol.
  • the LPN is only a cooperative base station that performs the offload data transmission task in the access network, and does not have direct information interaction with the core network; and because the MeNB and the LPN use the RB as the offload granularity for data offloading and The joint data transmission service is provided to the UE.
  • the PDCP layer is located at the MeNB and the LPN, respectively. Therefore, the LPN cannot obtain K ⁇ B from the core network, and the PDCPLTM cannot protect the encryption/security of the shunt data and possible control signaling. The security problem is extremely serious. Because, in the architecture of the embodiment of the present invention, for the UE that obtains the joint transmission service, the MeNB needs to transmit its necessary key to the LPN that bears the offload transmission. However, if the MeNB is to transmit to the LPN in order to derive the AS Key, since the LPN is physically lower than the MeNB, it is easy to be intruded by an attacker, and the risk of key leakage is high.
  • the embodiment of the present invention proposes the following solutions:
  • the LPN obtains a security key (AS Key) from the MeNB, and performs corresponding security protection according to the configuration of the offloaded data and the possible control signaling transmitted on the radio interface.
  • the security key refers to the AS Key derived by the MeNB according to K ⁇ B, and the MeNB determines the AS Key used for transmitting to the LPN and the AS Key used by the MeNB according to the network configuration and the UE capability (supporting one/two sets of security contexts). Is it consistent?
  • the security key is different according to the specific splitting mode: if there is only the transmission of the offloaded data between the LPN and the UE (that is, only UP), then the AS Key only includes the UP Key, that is, ⁇ ⁇ ; if there is a split between the LPN and the UE
  • the transmission of data and control signaling ie having UP and CP, even if only part of the CP
  • the AS key includes all UP Keys and RRC Keys, ie K Upenc , and at least one of K RRCenc and K RRCmt .
  • the conditions for the LPN to obtain the security key from the MeNB are as follows (but not limited to):
  • the MeNB transmits the necessary information such as the offloading bearer and the security key to the LPN through the Backhaul interface;
  • the key is updated, that is, in the process of the joint transmission service, according to the requirement of the operator, the core network or the MeNB/LPN itself to update the UE key, the MeNB transmits the updated security key to the LPN through the Backhaul interface.
  • the key is transmitted to the LPN through the macro base station in the heterogeneous access network, so that the transmission on the radio link between the LPN and the UE can be configured.
  • the security protection function guarantees the security performance of the system architecture.
  • Example 1 The MeNB and the LPN are deployed in the network. These two nodes constitute the access network of the system architecture of the present invention, and the LPN bears the transmission of the offloaded data.
  • Step 1 The UE accesses the macro cell established by the MeNB according to the existing LTE procedure, and A CP connection (RRC Connection) that can transmit control plane information and an UP connection that can transmit user data are established.
  • the MeNB obtains the KeNB from the core network, and derives the AS Key (including the UP Key and the RRC Key), and utilizes the AS.
  • Step 2 The MeNB decides to offload a certain data bearer of the UE to the LPN according to the network load and the measurement report of the UE, and the remaining bearers are still transmitted on the radio link between the MeNB and the UE.
  • the MeNB transmits the necessary UE context and the like to the LPN through the Backhaul interface to request to provide the multi-stream transmission service for the UE.
  • the information may be carried in a message called a “bearer setup request” (may be other existing The message, or a new message, which is the same as the processing of the message name mentioned below, includes the relevant parameters of the offloading bearer, the security capabilities of the UE, and the like.
  • the message should carry an AS Key derived by the MeNB according to the KeNB.
  • there is only a UP connection between the LPN and the UE (as shown in Figure 6, that is, the LPN only bears the transmission of the offloaded data), then the AS Key transmitted by the MeNB to the LPN only contains the UP Key (such as KUPenc).
  • the AS Key transmitted by the MeNB to the LPN may be the same as or different from the AS Key used by the MeNB itself. If the two AS keys are different, the MeNB must know that the UE can support two different security contexts, that is, the messages sent/received by the UE on the two wireless carriers with the MeNB and the LPN are respectively encrypted/decrypted using different security keys. And integrity protection/verification.
  • the LPN agrees to the post-establishment reply response message of the offload bearer, which may be referred to as a "bearer setup response" message, and the message may carry a list of the admission bearers and specific configurations of the UE protocol layers.
  • Step 3 After receiving the consent splitting response message of the LPN reply, the MeNB notifies the UE to access the cell established by the LPN.
  • the UE only has an UP connection with the LPN, and then the wireless carrier
  • the transmitted user data has a key (KUPenc) and encryption protection according to the configuration of the algorithm, that is, the sender (such as MeNB or LPN) and the receiving end (such as UE) interact with each other on the wireless link between the two.
  • KUPenc key
  • the sender such as MeNB or LPN
  • the receiving end such as UE
  • Example 2 Same as the deployment scenario of instance 1.
  • the MeNB side updates the key, and then it needs to notify the LPN of the updated key, so that it can effectively perform the security protection function.
  • FIG. 7 is a signaling flowchart of Embodiment 2 of the embodiment of the present invention. As shown in FIG. 7, the following may be included. Step 1 In the system architecture of the embodiment of the present invention, a wireless connection between the UE and the MeNB and the LPN is respectively implemented. Connect, thereby obtaining a multi-stream joint transmission service across base stations.
  • the UE and the MeNB are the same as the prior art, and the CP and the UP are connected.
  • an UP connection is established between the UE and the LPN.
  • the LPN pairs the data transmitted between the UE and the UP Key (KUPenc) obtained from the MeNB.
  • KUPenc UP Key
  • the algorithm performs security protection for encryption/decryption.
  • Step 2 During the process of the UE being connected to the network, the key may be updated according to the requirements of the operator, the core network, or the access network itself. Then, after updating the own key, the MeNB needs to update the key. The key is notified to the LPN. For example, the information can be carried in a message called a "key update indication" and passed to the LPN via the Backhaul interface.
  • the message may also carry an indication of whether the key is updated, and the updated key.
  • the UP connection between the LPN and the UE is taken as an example. Therefore, the message carries the updated UP Key (such as KUPenc').
  • the MeNB transmits the New AS Key to the LPN and the MeNB itself.
  • New AS Keys can be the same or different. If the two AS keys are different, the MeNB must know that the UE can support two different security contexts, that is, the data transmitted/received by the UE on the two wireless carriers with the MeNB and the LPN are respectively encrypted/decrypted using different security keys. . It should be noted that when the MeNB and the LPN use different keys, only the LPN side needs to update the key at a time and the MeNB does not need the requirement. Then, the MeNB derives the updated key for the LPN and then notifies the LPN ( Because the MeNB and the LPN in this architecture will exchange some necessary information related to data packet transmission in real time, the MeNB will know the need of the update key on the LPN side in time.
  • the LPN may reply to the response message after successfully updating the key, such as a message called "Key Update Response".
  • the MeNB also needs to notify the UE of the update of the key.
  • the service for cross-base station offload joint transmission may be continued, and the data exchanged between the UE and the LPN in the access network uses a new key and algorithm for encryption/decryption security protection.
  • Example 3 Same as the deployment scenario of instance 1. In the architecture in which the MeNB and the LPN provide the UE with the inter-base station multi-stream joint transmission service, this embodiment takes the CP and the UP connection between the LPN and the UE as an example.
  • FIG. 8 is a signaling flowchart of Example 3 of the embodiment of the present invention. As shown in FIG. 8, the following may be included: Step 1: When the MeNB decides to provide a multi-stream transmission service across the base station for the UE accessing the cell, the MeNB determines that Information such as the UE context is transmitted to the LPN through the Backhaul interface, as carried in the "bearer setup request" message.
  • the message In addition to the necessary information about the offloading bearer related parameters and the security capabilities of the UE, the message also needs to include the AS Key derived by the MeNB according to the KeNB.
  • the UP and RRC connections between the LPN and the UE are taken as an example. Therefore, the AS Key transmitted by the MeNB to the LPN needs to include the UP Key and the RRC Key (KUpenc, and at least one of KRRCenc and KRRCint).
  • the AS Key transmitted by the MeNB to the LPN may be the same as or different from the AS Key used by the MeNB itself. If the two AS Keys are different, then the MeNB must know that the UE can support two different sets of security contexts.
  • Step 3 In the process of the multi-stream service, if the network side (including the operator, the core network, the MeNB, and the LPN) has a need to update the key, the MeNB needs to notify the LPN of the updated key.
  • the information can be carried in a message called a "key update indication" and passed to the LPN via the Backhaul interface.
  • the message carries an indication of "whether the key is updated" and the updated key.
  • the UP and RRC connections between the LPN and the UE are taken as an example. Therefore, the New AS Key transmitted by the MeNB to the LPN needs to include at least one of the UP Key and the RRC Key (KUpenc', and KRRCenc' and KRRCint'. ).
  • the New AS Key transmitted by the MeNB to the LPN may be the same as or different from the New AS Key used by the MeNB itself.
  • the MeNB must know that the UE can support two different sets of security contexts.
  • the LPN may reply to the response message after successfully updating the key, such as a message called "Key Update Response".
  • the MeNB needs to notify the UE of information such as update of the key and change of the protocol layer configuration.
  • the service of the cross-base station offload joint transmission may be continued, and the user data and control signaling exchanged between the UE and the LPN in the access network are valid according to the configuration by using a new key and algorithm. Encryption and security protection.
  • a part of user data can be offloaded to the LPN for transmission by the heavily loaded MeNB, and the UE can also reduce the signaling in the handover process when moving between the Small cells.
  • the key is transmitted to the LPN through the macro base station in the heterogeneous access network, so that the transmission on the radio link between the LPN and the UE can implement the configured security protection function. , to ensure the security of the system architecture.
  • the technical solution of the embodiment of the present invention can provide a good joint transmission service for the UE securely and reliably.
  • the algorithms and displays provided herein are not inherently related to any particular computer, virtual system, or other device.
  • Various general purpose systems can also be used with the teaching based on the teachings herein. From the above description, the structure required to construct such a system is obvious.
  • the invention is not directed to any particular programming language. It is to be understood that the invention may be embodied in a variety of programming language, and the description of the specific language has been described above in order to disclose the preferred embodiments of the invention. Numerous specific details are set forth in the description provided herein. However, it is understood that the embodiments of the invention may be practiced without these specific details.
  • modules in the devices of the embodiments can be adaptively changed and placed in one or more devices different from the embodiment.
  • the modules or units or components of the embodiments may be combined into one module or unit or component, and further they may be divided into a plurality of sub-modules or sub-units or sub-components.
  • any combination of the features disclosed in the specification, including the accompanying claims, the abstract and the drawings, and any methods so disclosed, or All processes or units of the device are combined.
  • Each feature disclosed in the specification (including the accompanying claims, the abstract and the drawings) may be replaced by alternative features that provide the same, equivalent, or similar purpose, unless otherwise stated.
  • the invention can also be implemented as a device or device program (e.g., a computer program and a computer program product) for performing some or all of the methods described herein.
  • a program implementing the invention may be stored on a computer readable medium or may be in the form of one or more signals. Such signals may be downloaded from an Internet website, provided on a carrier signal, or provided in any other form.
  • the word “comprising” does not exclude the presence of the elements or the steps in the claims.
  • the invention can be implemented by means of hardware comprising several distinct elements and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means can be embodied by the same hardware item.
  • the use of the words first, second, and third does not indicate any order. These words can be interpreted as names.
  • a data security transmission method and an LTE access network system provided by the embodiments of the present invention have the following beneficial effects:
  • a heavily loaded MeNB can offload part of user data to an LPN for transmission,
  • UE When moving between small cells, the signaling in the handover process can also be reduced, and the message load of the network is reduced.
  • the bandwidth widening of the multi-carrier transmission can better meet the demand of the large data volume service, and the distance is better.
  • the near-LPN transmission is also more power efficient, and the system architecture improves the user experience.
  • the key is transmitted to the LPN through the macro base station in the heterogeneous access network.
  • the transmission on the radio link between the LPN and the UE can implement the configured security protection function, which ensures the security performance of the system architecture.

Abstract

L'invention concerne un procédé de transmission de données sécurisée et un réseau d'accès LTE. Le procédé comprend les étapes suivantes : un MeNB obtient une clé de station de base à partir d'un réseau central, génère une première clé de couche d'accès en fonction de la clé de station de base, utilise la première clé de couche d'accès pour chiffrer des informations de plan de commande correspondantes et des données d'utilisateur, et envoie les informations de plan de commande correspondantes à un équipement d'utilisateur LTE après avoir réalisé une protection d'intégrité des informations de plan de commande correspondantes; le MeNB détermine une politique de dérivation des données d'utilisateur de l'équipement d'utilisateur LTE, et envoie un message de demande à un LPN correspondant pour fournir un service de transmission multi-flux pour l'équipement d'utilisateur LTE; le MeNB reçoit une réponse de demande envoyée par le LPN, envoie une partie des données d'utilisateur reçues à partir du réseau de base à l'équipement d'utilisateur LTE après avoir chiffré les données d'utilisateur correspondantes en utilisant la première clé de couche d'accès en fonction de la politique de dérivation, et envoie l'autre partie des données d'utilisateur au LPN; et le LPN utilise une seconde clé de couche d'accès pour chiffrer les données d'utilisateur correspondantes, et envoie les données d'utilisateur chiffrées à l'équipement d'utilisateur LTE.
PCT/CN2013/083505 2013-01-15 2013-09-13 Procédé de transmission de données sécurisée et système de réseau d'accès lte WO2014110908A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310013744.2 2013-01-15
CN201310013744.2A CN103929740B (zh) 2013-01-15 2013-01-15 数据安全传输方法及lte接入网系统

Publications (1)

Publication Number Publication Date
WO2014110908A1 true WO2014110908A1 (fr) 2014-07-24

Family

ID=51147789

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/083505 WO2014110908A1 (fr) 2013-01-15 2013-09-13 Procédé de transmission de données sécurisée et système de réseau d'accès lte

Country Status (2)

Country Link
CN (1) CN103929740B (fr)
WO (1) WO2014110908A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110365470A (zh) * 2018-03-26 2019-10-22 华为技术有限公司 一种密钥生成方法和相关装置

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10091649B2 (en) 2015-07-12 2018-10-02 Qualcomm Incorporated Network architecture and security with encrypted client device contexts
CN106375989B (zh) 2015-07-20 2019-03-12 中兴通讯股份有限公司 实现接入层安全的方法及用户设备和无线接入小节点
CN106375992B (zh) * 2015-07-20 2019-08-06 中兴通讯股份有限公司 实现接入层安全的方法及用户设备和节点
WO2017092814A1 (fr) 2015-12-03 2017-06-08 Telefonaktiebolaget Lm Ericsson (Publ) Établissement de connexion rrc légère dans un réseau multi-rat
EP3384698B1 (fr) * 2015-12-03 2022-09-14 Telefonaktiebolaget LM Ericsson (publ) Sécurité d'une strate d'accès multi-rat
CN108924826B (zh) * 2017-03-24 2023-04-14 北京三星通信技术研究有限公司 数据传送的控制方法及设备
CN109586900B (zh) * 2017-09-29 2020-08-07 华为技术有限公司 数据安全处理方法及装置
CN110831070B (zh) * 2018-08-13 2021-12-21 华为技术有限公司 一种处理业务流的方法、通信方法及装置
WO2020252790A1 (fr) * 2019-06-21 2020-12-24 Oppo广东移动通信有限公司 Procédé et appareil de transmission d'informations, dispositif de réseau et équipement utilisateur

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110274276A1 (en) * 2010-05-10 2011-11-10 Samsung Electronics Co. Ltd. Method and system for positioning mobile station in handover procedure
CN102625300A (zh) * 2011-01-28 2012-08-01 华为技术有限公司 密钥生成方法和设备
CN102857971A (zh) * 2011-06-30 2013-01-02 华为技术有限公司 用于数据传输的方法、分流点设备、用户终端及其系统

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102056159B (zh) * 2009-11-03 2014-04-02 华为技术有限公司 一种中继系统的安全密钥获取方法、装置
CN102056157B (zh) * 2009-11-04 2013-09-11 电信科学技术研究院 一种确定密钥和密文的方法、系统及装置
CN101945387B (zh) * 2010-09-17 2015-10-21 中兴通讯股份有限公司 一种接入层密钥与设备的绑定方法和系统
CN101931953B (zh) * 2010-09-20 2015-09-16 中兴通讯股份有限公司 生成与设备绑定的安全密钥的方法及系统
CN101977378B (zh) * 2010-09-30 2015-08-12 中兴通讯股份有限公司 信息传输方法、网络侧及中继节点
CN102142942B (zh) * 2011-04-01 2017-02-08 中兴通讯股份有限公司 一种中继节点系统中的数据处理方法及系统

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110274276A1 (en) * 2010-05-10 2011-11-10 Samsung Electronics Co. Ltd. Method and system for positioning mobile station in handover procedure
CN102625300A (zh) * 2011-01-28 2012-08-01 华为技术有限公司 密钥生成方法和设备
CN102857971A (zh) * 2011-06-30 2013-01-02 华为技术有限公司 用于数据传输的方法、分流点设备、用户终端及其系统

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110365470A (zh) * 2018-03-26 2019-10-22 华为技术有限公司 一种密钥生成方法和相关装置
CN110365470B (zh) * 2018-03-26 2023-10-10 华为技术有限公司 一种密钥生成方法和相关装置

Also Published As

Publication number Publication date
CN103929740B (zh) 2017-05-10
CN103929740A (zh) 2014-07-16

Similar Documents

Publication Publication Date Title
US11050727B2 (en) Security key generation and management method of PDCP distributed structure for supporting dual connectivity
US10567957B1 (en) Dual connectivity mode of operation of a user equipment in a wireless communication network
WO2014110908A1 (fr) Procédé de transmission de données sécurisée et système de réseau d'accès lte
CN109088714B (zh) 用于传递安全密钥信息的系统和方法
JP2020109975A (ja) 二重接続におけるセキュリティ鍵の導出
US11483705B2 (en) Method and device for generating access stratum key in communications system
CN109417740B (zh) 保持相同无线终端的切换期间的安全密钥使用
CN110463270A (zh) 用于动态数据中继的系统和方法
WO2018137689A1 (fr) Procédé de transmission sécurisée de données, réseau d'accès, terminal, et dispositif de réseau central
US10863569B2 (en) RRC connection re-establishment method for data transmission
WO2015062097A1 (fr) Procédé et dispositif de traitement de clé en mode de connexion double
WO2012071845A1 (fr) Procédé et système pour la réalisation de protection d'intégralité
TW201831040A (zh) 針對非行動管理訊息的非存取層傳輸
WO2011127791A1 (fr) Procédé et système pour établir clef optimisée lorsqu'un terminal passe à un réseau d'accès radio terrestre umts (« universal terrestrial radio access network » ou utran) optimisé
WO2017219355A1 (fr) Procédé et dispositif de communications multi-connexion
WO2014180280A1 (fr) Procédé d'établissement de liaison, station de base et système
WO2014101677A1 (fr) Procédé, station de base, et système pour la transmission de signaux rrc
WO2014190828A1 (fr) Procédé, appareil, et système de gestion de clés de sécurité
KR102104844B1 (ko) 데이터 전송 방법, 제1 장치 및 제2 장치
EP3046362B1 (fr) Procédé de distribution, station de base et équipement d'utilisateur
WO2011143977A1 (fr) Procédé et système d'établissement de clés améliorées lorsqu'un terminal rentre dans un réseau d'accès radio terrestre universel (utran) amélioré
WO2014040259A1 (fr) Procédé pour le rétablissement d'une connexion de gestion des ressources radioélectriques, dispositif et système de réseau
CN107925874B (zh) 超密集网络安全架构和方法
US20160249215A1 (en) Communication control method, authentication server, and user terminal
WO2014111049A1 (fr) Dispositif et procédé d'optimisation de cellule

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13872227

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13872227

Country of ref document: EP

Kind code of ref document: A1