WO2018166338A1 - Procédé et appareil de mise à jour de clé - Google Patents

Procédé et appareil de mise à jour de clé Download PDF

Info

Publication number
WO2018166338A1
WO2018166338A1 PCT/CN2018/077029 CN2018077029W WO2018166338A1 WO 2018166338 A1 WO2018166338 A1 WO 2018166338A1 CN 2018077029 W CN2018077029 W CN 2018077029W WO 2018166338 A1 WO2018166338 A1 WO 2018166338A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
terminal device
key
new
network device
Prior art date
Application number
PCT/CN2018/077029
Other languages
English (en)
Chinese (zh)
Inventor
刘亚林
李铕
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2018166338A1 publication Critical patent/WO2018166338A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying

Definitions

  • the present application relates to the field of communications technologies, and in particular, to a method and an apparatus for updating a secret key.
  • the data needs to be encrypted for transmission, and the sender encrypts the data with the secret key to send the data.
  • the receiving end performs the decryption operation:
  • the decryption succeeds and the data can be forwarded to the core network. If the keys of the sending and receiving parties are inconsistent, the decryption error occurs and the corresponding data is discarded.
  • the above encryption/decryption operation is performed by the PDCP (Packet Data Convergence Protocol) layer.
  • the key required for data transmission is configured during the RRC (radio resource control) connection establishment process, and can be reconfigured through the connection re-establishment or handover procedure.
  • the 5G communication system defines the inactive state of the terminal device.
  • the inactive state terminal device moves in the location update area and does not send a location update request.
  • Update its location For example, a RAN (radio access network)-based notification area (RAN) is a type of location update area. Therefore, in the RNA region, even if the terminal performs cell reselection, the terminal does not inform the base station of the new cell, nor does it trigger the key update.
  • RAN radio access network
  • the inactive terminal performs cell reselection in the update area move, for example, after moving from one cell of the RNA area to a new serving cell, the new serving cell does not have the key of the terminal; If the terminal is to perform uplink data transmission, the serving base station corresponding to the new serving cell cannot perform the decryption operation.
  • the present application provides a secret key update method to implement key update after cell reselection in a location update area.
  • a method for updating a secret key including: after a terminal device in an inactive state reselects to a serving cell of a new serving network device in a location update region, sending a first data to the serving network device to trigger The key is updated; the terminal device receives a new key that is sent after the serving network device receives the first data.
  • a method for updating a secret key includes: receiving, by a serving network device, a first terminal device that is inactive, reselecting to a serving cell corresponding to the serving network device in a location update area, and transmitting a trigger key update Data, a new secret key is sent to the terminal device.
  • a terminal device comprising: a sending module, configured to: after the terminal device reselects to a serving cell of a new serving network device in the location update area, when the terminal device is in an inactive state, send the first message to the serving network device The data is updated by the triggering key; the receiving module is configured to receive a new key that is sent after the serving network device receives the first data.
  • a network device comprising: a receiving module: receiving, by the terminal device in an inactive state, reselecting the first data of the trigger key update sent by the serving cell corresponding to the network device in the location update area; the sending module: Used to send a new secret key to the terminal device.
  • the network device may be a base station, the terminal device is in an inactive state, and is reselected from a certain cell to a cell of another serving base station in the area in the location update area, and sends data to the serving base station to trigger key update, service. After receiving the first data, the base station performs the key update immediately, and sends the obtained key to the terminal device.
  • the location update area may be an RNA region defined by 3GPP in which the terminal device performs cell reselection.
  • the receiving module can be implemented by a receiver, and the transmitting module can be implemented by a transmitter.
  • the terminal device suspends subsequent data transmission after transmitting the first data, and then sends subsequent data after receiving the new key. This method avoids that the network device receives the data encrypted with the old key and cannot decrypt it.
  • the new key is a secret key generated by the serving network device or a key obtained by the service network device after performing secret key negotiation with other network devices;
  • the other network device may be The core network device, such as an MME (mobility management entity), an HSS (home subscriber server), or an HLR (home location register).
  • MME mobility management entity
  • HSS home subscriber server
  • HLR home location register
  • the new secret key is sent to the terminal device in the same time slot of an ACK (acknowledgement) response of the first data.
  • the DRX window is reset. Send a DRX temporary reconfiguration indication to the terminal device.
  • the DRX temporary reconfiguration indication is sent to the terminal device in the same time slot of the ACK response of the first data.
  • the serving network device receives the data encrypted by the terminal device and encrypted by the old key, the data is forwarded to the anchor network device for decryption or directly discarded; for example:
  • the serving network device Before transmitting the new secret key to the terminal device, if the serving network device receives other data sent by the terminal device, forwarding the other data to the anchor network device for decryption; or
  • the new secret key is sent to the terminal device, if the service network device receives other data sent by the terminal device, if the decryption fails, the other data is forwarded to the anchor network device for decryption.
  • Yet another aspect of the present application provides a computer program product comprising instructions which, when run on a computer, cause the computer to perform the methods described in the various aspects above.
  • Yet another aspect of the present application provides a computer readable storage medium having instructions stored therein that, when executed on a computer, cause the computer to perform the methods described in the above aspects.
  • the new service network device when the new service network device receives the first data sent after the inactive terminal device reselects the serving cell, triggers the key update, configures the new key for the terminal device, and implements in time.
  • FIG. 1 is a schematic structural diagram of an application scenario network according to an embodiment of the present disclosure
  • FIG. 2 is a flowchart of a method for updating a secret key according to an embodiment of the present application
  • FIG. 3 is a flowchart of a method for updating a secret key according to another embodiment of the present application.
  • FIG. 4 is a schematic diagram of a terminal device according to an embodiment of the present application.
  • FIG. 5 is a schematic diagram of a network device according to an embodiment of the present application.
  • FIG. 6 is a schematic diagram of a network device/terminal device according to another embodiment of the present application.
  • FIG. 1 is a schematic diagram of an application scenario provided by an embodiment of the present application.
  • the wireless communication network shown in FIG. 1 mainly includes a plurality of network devices and terminal devices.
  • each base station may form one or more cells, and the inactive terminal device moves within the location update region, and reselects from the serving cell of one base station to the serving cell of another base station, and more
  • the serving cell and the terminal device of each base station may be within a range of location update areas; for example, the inactive terminal device reselects from the serving cell of the anchor base station to the serving cell of the new serving base station within the range of the RNA region, Or, after leaving the anchor base station, the serving cell of the old serving base station is reselected to the serving cell of the new serving base station.
  • the terminal device in the embodiment of the present application may refer to an access terminal, a user unit, a user station, a mobile station, a mobile station, a remote station, a remote terminal, a mobile device, a user terminal, a terminal, a wireless communication device, a user agent, or a user. Device.
  • the access terminal may be a cellular phone, a cordless phone, a Session Initiation Protocol ("SSIP") phone, a Wireless Local Loop (WLL) station, and a personal digital processing (Personal Digital) Assistant, referred to as "PDA" for short, a handheld device with wireless communication capabilities, a computing device or other processing device connected to a wireless modem, an in-vehicle device, a wearable device, a terminal in a 5G network, and the like.
  • SSIP Session Initiation Protocol
  • WLL Wireless Local Loop
  • PDA Personal Digital Processing
  • the network device in the implementation of the present application is a network side device that performs wireless communication with the terminal device, for example, a Wireless-Fidelity (Wi-Fi) access point, a base station of a next-generation communication, such as a gNB of 5G. Or a small station, a micro station, a TRP (transmission reception point), or a relay station, an access point, an in-vehicle device, a wearable device, or the like.
  • Wi-Fi Wireless-Fidelity
  • the method includes: after the terminal device in the inactive state reselects to the serving cell of the new serving base station in the location update area, transmitting data to the new serving base station to trigger key update, the new serving base station receiving the location After the first data sent by the terminal device is sent, the new key is sent to the terminal device.
  • the terminal device may perform data encryption processing with the new key and send it to the serving base station; the new serving base station may also perform decryption operation on the data with the new secret key.
  • the terminal device in this embodiment is in an inactive state, and reselects from a certain cell of the RNA region to a serving cell corresponding to the new serving base station; for example, reselecting from the serving cell of the anchor base station to the new serving base station After the serving cell, or leaving the anchor base station, the serving cell of the old serving base station is reselected to the serving cell of the new serving base station.
  • the terminal device sends data to the new serving base station to trigger a key update.
  • the terminal device reselects to the serving cell of the new serving base station, and sends data to the new serving base station to trigger the key update; the data here is still encrypted by the old key, used to trigger the new serving base station to update the key.
  • the data may be one or more.
  • the first data sent may be used to trigger the new serving base station to perform key update.
  • the first data here refers to the first data that the new serving base station can receive after the terminal device transmits.
  • the terminal device sends three data to the new serving base station, but the new serving base station only receives the third data and the first two data are not received, and the third data is considered to be the first sent by the terminal device.
  • a data if the first data sent by the terminal device can be received by the new serving base station, the first data triggers the key update.
  • the new serving base station After receiving the first data sent by the terminal device, the new serving base station sends a new secret key to the terminal device.
  • the new key here may be a secret key generated by a new serving base station, or may be a key obtained by a new serving base station and other network devices, such as a core network device for secret key negotiation, such as MME, HLR or HSS, etc.
  • the network element performs secret key negotiation, and the process of secret key negotiation can be implemented by the prior art, and the specific process is not detailed.
  • the first data here refers to the first data received by the new serving base station from the terminal device, and may be the first data sent by the terminal device cell to the new serving base station after reselection, or may be other Data, for example, the terminal device sends three data to the new serving base station, but the new serving base station receives only the third data and the first two data base stations do not receive it, then the third data sent by the terminal device is new.
  • the first data received by the serving base station; that is, the new serving base station immediately performs the key update upon receiving the first data.
  • the new serving base station Since the first data received by the new serving base station is still encrypted with the old key, it cannot be decrypted, and the new serving base station can forward the first data to the anchor base station for decryption, or can be discarded. .
  • the new serving base station may send the new key to the terminal device in the same time slot of the ACK response, and the ACK response may be the ACK response corresponding to the received first data, and the new key may carry the letter corresponding to the ACK response.
  • the transmission may be performed in other signaling.
  • the MAC CE Media Access Control control element
  • the new key may use the same MAC CE as the ACK response, or may be used.
  • Newly defined MAC CE may be used to carry the ACK response.
  • the new serving base station immediately triggers the key update by receiving the first data.
  • the new serving base station may also set the data to be triggered after the N unrecognizable data is continuously received, and the N value may be set. set.
  • the terminal device may encrypt the data with a new key and send the data to the new serving base station, so that the new serving base station may perform decryption.
  • the terminal device since the key update is triggered by the data sent by the terminal device, for example, triggered by the first data sent, and the terminal device may have other data to be sent during the key update process, the terminal device may be used up.
  • the key is encrypted and the new serving base station cannot decrypt.
  • step 101 after the terminal device sends the first data, the subsequent data transmission may be suspended, and after receiving the new key, the subsequent data is encrypted and sent by using the new key.
  • step 101 after the terminal device sends the first data, the subsequent data may not be suspended, and the terminal device still encrypts and transmits the data by using the old key before receiving the new key.
  • the data cannot be decrypted.
  • the data encrypted by the old key can be forwarded to the anchor base station for decryption.
  • the anchor base station After receiving the base station, the anchor base station sends an ACK to the new serving base station.
  • the specific procedure is shown in FIG. 101a. This process is optional. After receiving the data encrypted by the old key, the new serving base station can also directly discard it.
  • the above process is also applicable to the data sent by the terminal device to the new serving base station for triggering the key update in step 101.
  • Step 101a occurs before the terminal device obtains a new key, as long as the new serving base station receives the data encrypted by the terminal device and encrypted by the old key, it can be forwarded or discarded.
  • a secret key negotiation with another network entity such as an entity located in the core network, is required to obtain a new key, and the new serving base station obtains the new key.
  • the process of the secret key introduces a delay.
  • the method includes:
  • the terminal device in this embodiment is in an inactive state, and is reselected from a certain cell of the RNA region to a new serving cell; for example, reselecting from the anchor base station serving cell to a new service After the serving cell of the base station, or leaving the anchor base station, the serving cell of the old serving base station is reselected to the serving cell of the new serving base station.
  • the terminal device sends data to the new serving base station to trigger a key update.
  • the terminal device reselects to the serving cell of the new serving base station, and sends data to the new serving base station to trigger the key update; the data here is still encrypted by the old key, used to trigger the new serving base station to update the key.
  • the data may be one or more.
  • the first data sent may be used to trigger the new serving base station to perform key update.
  • the first data here refers to the first data that the new serving base station can receive after the terminal device transmits.
  • the terminal device sends three data to the new serving base station, but the new serving base station only receives the third data and the first two data are not received, and the third data is considered to be the first sent by the terminal device.
  • a data if the first data sent by the terminal device can be received by the new serving base station, the first data triggers the key update.
  • the new serving base station After receiving the first data sent by the terminal device, the new serving base station obtains a new key.
  • obtaining a new key may be that the new serving base station directly generates a new key, or the new serving base station and other network devices, such as the core network device, obtain a new key after performing key key negotiation.
  • the key element negotiation is performed with a network element such as an MME, an HLR, or an HSS.
  • the process of secret key negotiation can be implemented by the prior art, and the specific process will not be detailed.
  • the first data here refers to the first data received by the new serving base station from the terminal device, and may be the first data sent by the terminal device cell to the new serving base station after reselection, or may be other Data, for example, the terminal device sends three data to the new serving base station, but the new serving base station only receives the third data and the first two data base stations do not receive it, then the third data sent by the terminal device is new.
  • the first data received by the serving base station; that is, the new serving base station immediately performs the key update upon receiving the first data.
  • the new serving base station Since the first data received by the new serving base station is still encrypted with the old key, it cannot be decrypted, and the new serving base station can forward the first data to the anchor base station for decryption, or can be discarded. .
  • the new serving base station immediately triggers the key update by receiving the first data.
  • the new serving base station may also set the data to be triggered after the N unrecognizable data is continuously received, and the N value may be set. set.
  • the new serving base station may determine, according to the DRX configuration, whether the DRX window needs to be reset: if the new serving base station still does not obtain the key before the end of the DRX window, for example: no key is generated or not
  • the DRX window is reset, and the new serving base station sends a DRX temporary reconfiguration indication to the terminal device, where the DRX temporary reconfiguration indication carries a timer or a counter, and may also carry a specific subframe.
  • step 202a if the new serving base station has obtained the key before the end of the DRX window, for example, a new key has been generated or the key agreement with the core network device is completed, no reset is required.
  • DRX window no step 202a in the figure.
  • the DRX temporary reconfiguration indication may be sent to the terminal device in the same time slot of the ACK response, or may be separately sent. Referring to the sending manner of the new key in the foregoing embodiment, .
  • the new serving base station sends the new secret key to the terminal device.
  • the new serving base station may send the new key to the terminal device in the same time slot of the ACK response, and the ACK response may be the ACK response corresponding to the received first data, and the new key may carry the letter corresponding to the ACK response.
  • the MAC (media access control) CE control element
  • the new key can use the same MAC CE as the ACK response, and the newly defined MAC CE can also be used.
  • the terminal device if the terminal device does not receive the DRX temporary reconfiguration indication, the terminal device receives the new key in the original DRX window; if the DRX temporary reconfiguration indication is received, the DRX window is extended according to the DRX temporary reconfiguration indication, in the corresponding Receive a new key in the window;
  • the DRX window is extended, and the downstream signal is continued after the old DRX window ends until the counter or timer expires, or the reconfigured timer or counter is used directly instead of the old one.
  • the DRX window is listening. If the DRX temporary reconfiguration indication carries a specific subframe number or slot number, the downlink signal is continuously monitored until the subframe number configured by the new serving base station.
  • the above DRX temporary reset is valid only in the current DRX cycle, and the terminal device still receives data according to the initial DRX configuration in the next DRX cycle.
  • the terminal device may encrypt the data with a new secret key and send the data to the new serving base station, so that the new serving base station may perform decryption.
  • the terminal device since the key update is triggered by the data sent by the terminal device, for example, triggered by the first data sent, and the terminal device may have other data to be sent during the key update process, the terminal device may be used up.
  • the key is encrypted and the new serving base station cannot decrypt.
  • step 201 after the terminal device sends the first data, the subsequent data transmission may be suspended. After receiving the new key, the subsequent data is encrypted and sent by using the new key.
  • step 201 after the terminal device sends the first data, the terminal device may not suspend the transmission of the subsequent data, and the terminal device still encrypts and transmits the data by using the old key before receiving the new key. Then, after receiving the new serving base station, the data cannot be decrypted, and the data encrypted by the old key is forwarded to the anchor base station for decryption, and after receiving by the anchor base station, the ACK is sent to the new serving base station, and the specific procedure refers to 201a in the figure. This process is optional. After receiving the data encrypted by the old key, the new serving base station can also directly discard it. The above process is also applicable to the data sent by the terminal device to the new serving base station for triggering the key update in step 201. Step 201a occurs before the terminal device obtains a new key, as long as the new serving base station receives the data encrypted by the terminal device and encrypted by the old key, it can be forwarded or discarded.
  • the key update is triggered immediately, and the new key is configured for the terminal device, and the location is realized in time. Updating the key of the terminal device cell after reselection in the update range, further avoiding frequent data forwarding between the new serving cell and the anchor serving cell due to the transmission of subsequent data using the old key, thereby significantly reducing the base station between The load of interface interaction.
  • a terminal device is further disclosed. Referring to FIG. 4, the method includes:
  • the sending module 401 is configured to: after the terminal device reselects the serving cell of the new serving network device in the location update area, when the terminal device is in the inactive state, send the first data to the serving network device to trigger the key update. ;
  • the receiving module 402 is configured to receive a new key that is sent after the serving network device receives the first data.
  • a processing module (not shown) may be further included for encrypting the data with a new secret key and transmitting by the transmitting module 401.
  • the terminal device is completely corresponding to the terminal device in the method embodiment, and the corresponding module performs corresponding steps, for example, the sending module method performs the steps sent in the method embodiment, the receiving module performs the steps received in the method embodiment, and other steps,
  • the encryption/decryption of the data, the suspension of the data transmission, etc. can be implemented by the processing module (not shown).
  • the above content only lists some functions, and other functions can refer to the corresponding steps of the embodiment and the description of the content of the invention.
  • a network device is also disclosed. Referring to FIG. 5, the method includes:
  • the receiving module 501 is configured to: receive, by the terminal device in the inactive state, reselecting the first data of the trigger key update sent after the serving cell corresponding to the network device in the location update area;
  • the sending module 502 is configured to send a new secret key to the terminal device.
  • a processing module may be further included for decrypting data received by the receiving module 501 and encrypted with the new key.
  • the network device is completely corresponding to the base station in the method embodiment, and the corresponding module performs corresponding steps, for example, the sending module method performs the steps sent in the method embodiment, the receiving module performs the steps received in the method embodiment, and other steps, such as Encrypting/decrypting the data, determining whether it is necessary to reset the reset DRX window, generating a secret key, discarding the data, etc., may be implemented by a processing module (not shown), and the above content only lists some functions, and other functions may refer to The corresponding steps of the embodiment and the description of the content of the invention.
  • the network device and the terminal device have another form of embodiment, the processing module can be replaced by a processor, the sending module can be replaced by a transmitter, and the receiving module can be replaced by a receiver, respectively performing the sending operation and receiving in the method embodiment.
  • the transmitter and receiver can form a transceiver for operation and associated processing operations.
  • the processor may be a general purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array, or other programmable logic device.
  • the transmitter and receiver can form a transceiver. It is also possible to further include an antenna, and the number of antennas may be one or more.
  • bus includes a power bus, a control bus, and a status signal bus in addition to the data bus.
  • bus includes a power bus, a control bus, and a status signal bus in addition to the data bus.
  • the various buses are labeled as buses in the figure.
  • Figure 6 above is only a schematic diagram, and may include other components or only some components, including, for example, a transmitter and a receiver; or only a transmitter, a receiver, and a processor.
  • a memory (not shown) may be further included for storing computer executable program code, wherein when the program code includes an instruction, when the processor executes The instructions cause the network device or terminal device to perform the corresponding steps in the method embodiments.
  • the computer program product includes one or more computer instructions.
  • the computer can be a general purpose computer, a special purpose computer, a computer network, or other programmable device.
  • the computer instructions can be stored in a computer readable storage medium or transferred from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions can be from a website site, computer, server or data center Transfer to another website site, computer, server, or data center by wire (eg, coaxial cable, fiber optic, digital subscriber line (DSL), or wireless (eg, infrared, wireless, microwave, etc.).
  • the computer readable storage medium can be any available media that can be accessed by a computer or a data storage device such as a server, data center, or the like that includes one or more available media.
  • the usable medium may be a magnetic medium (eg, a floppy disk, a hard disk, a magnetic tape), an optical medium (eg, a DVD), or a semiconductor medium (such as a solid state disk (SSD)).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne un procédé de mise à jour de clé comprenant : le resélection par un dispositif terminal dans un état inactif d'une cellule de desserte d'un nouveau dispositif de réseau de service dans une zone de mise à jour d'emplacement, puis l'envoi de premières données audit dispositif de réseau de service de manière à déclencher une mise à jour de clé ; la réception par ledit dispositif terminal d'une nouvelle clé envoyée après que le dispositif de réseau de service a reçu lesdites premières données. Grâce au procédé et à l'appareil de mise à jour de clé de l'invention, une mise à jour de clé est déclenchée après qu'un nouveau dispositif de réseau de service reçoit des premières données sur un dispositif terminal d'état inactif resélectionnant une cellule de desserte, et une nouvelle clé est configurée pour le dispositif terminal, ce qui permet d'obtenir une mise à jour de clé après une resélection de cellule dans une plage de mise à jour d'emplacement.
PCT/CN2018/077029 2017-03-17 2018-02-23 Procédé et appareil de mise à jour de clé WO2018166338A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710161989.8 2017-03-17
CN201710161989.8A CN108632022B (zh) 2017-03-17 2017-03-17 一种秘钥更新方法、设备及计算机可读存储介质

Publications (1)

Publication Number Publication Date
WO2018166338A1 true WO2018166338A1 (fr) 2018-09-20

Family

ID=63522761

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/077029 WO2018166338A1 (fr) 2017-03-17 2018-02-23 Procédé et appareil de mise à jour de clé

Country Status (2)

Country Link
CN (1) CN108632022B (fr)
WO (1) WO2018166338A1 (fr)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111148279B (zh) * 2018-11-02 2022-02-25 华为技术有限公司 一种连接重建立方法及装置
WO2022141025A1 (fr) * 2020-12-29 2022-07-07 华为技术有限公司 Procédé et appareil de transmission de données
CN114222294B (zh) * 2021-12-09 2023-02-03 北京航空航天大学 Mac ce消息指示密钥更新的方法及装置
CN114554483A (zh) * 2022-02-09 2022-05-27 成都中科微信息技术研究院有限公司 一种nr系统xn切换过程中增加秘钥前向隔离度的方法、基站、ue及nr系统
CN114614985B (zh) * 2022-05-12 2022-08-05 施维智能计量系统服务(长沙)有限公司 通信秘钥更新方法、秘钥服务器及可读存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103338500A (zh) * 2012-12-24 2013-10-02 上海华为技术有限公司 一种数据传输方法、装置、系统及网络侧设备和终端设备
CN104812010A (zh) * 2014-01-28 2015-07-29 北京三星通信技术研究有限公司 一种在小小区增强场景下支持ue恢复的方法
CN105898894A (zh) * 2016-05-13 2016-08-24 华为技术有限公司 Rrc状态的控制方法和装置
WO2016195735A1 (fr) * 2015-05-29 2016-12-08 Yujian Zhang Mobilité continue pour des systèmes et des dispositifs de cinquième génération (5g) et d'évolution à long terme (lte)

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103338500A (zh) * 2012-12-24 2013-10-02 上海华为技术有限公司 一种数据传输方法、装置、系统及网络侧设备和终端设备
CN104812010A (zh) * 2014-01-28 2015-07-29 北京三星通信技术研究有限公司 一种在小小区增强场景下支持ue恢复的方法
WO2016195735A1 (fr) * 2015-05-29 2016-12-08 Yujian Zhang Mobilité continue pour des systèmes et des dispositifs de cinquième génération (5g) et d'évolution à long terme (lte)
CN105898894A (zh) * 2016-05-13 2016-08-24 华为技术有限公司 Rrc状态的控制方法和装置

Also Published As

Publication number Publication date
CN108632022B (zh) 2021-08-13
CN108632022A (zh) 2018-10-09

Similar Documents

Publication Publication Date Title
WO2018171703A1 (fr) Procédé et dispositif de communication
US11658817B2 (en) Security key usage across handover that keeps the same wireless termination
US11889405B2 (en) Handling a UE that is in the idle state
WO2018166338A1 (fr) Procédé et appareil de mise à jour de clé
US10798082B2 (en) Network authentication triggering method and related device
US10812973B2 (en) System and method for communicating with provisioned security protection
WO2019019736A1 (fr) Procédé de mise en œuvre de sécurité, et appareil et système associés
EP2936876B1 (fr) Procédés et appareils pour la différenciation de configurations de sécurité dans un réseau local de radiocommunication
JP2016021746A (ja) 無線電気通信における暗号化
US11445365B2 (en) Communication method and communications apparatus
WO2017133021A1 (fr) Procédé de traitement de sécurité et dispositif pertinent
WO2019095840A1 (fr) Procédé de traitement de couche 2, unité centrale, et unité distribuée
US20220330018A1 (en) Security Verification when Resuming an RRC Connection
CN113382404A (zh) 用于获取ue安全能力的方法和设备
US10123204B2 (en) Splitting method, base station, and user equipment
WO2017128306A1 (fr) Procédé et équipement de communication
WO2022252867A1 (fr) Procédé de communication et appareil de communication
WO2022206362A1 (fr) Procédé et appareil de communication
CN112154682B (zh) 密钥更新方法、设备和存储介质
WO2018228444A1 (fr) Procédé et terminal de gestion de connexion et dispositif de réseau d'accès radio
US20240179661A1 (en) Deregistration Method and Communication Apparatus
TW201742477A (zh) 處理安全驗證的裝置及方法
CN116634426A (zh) 一种通信的方法及装置
CN115250469A (zh) 一种通信方法以及相关装置
TW201703558A (zh) 處理認證程序的裝置及方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18766837

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18766837

Country of ref document: EP

Kind code of ref document: A1