WO2019159290A1 - Dispositif de communication, dispositif terminal, système de communication sans fil et procédé de production de clé - Google Patents

Dispositif de communication, dispositif terminal, système de communication sans fil et procédé de production de clé Download PDF

Info

Publication number
WO2019159290A1
WO2019159290A1 PCT/JP2018/005330 JP2018005330W WO2019159290A1 WO 2019159290 A1 WO2019159290 A1 WO 2019159290A1 JP 2018005330 W JP2018005330 W JP 2018005330W WO 2019159290 A1 WO2019159290 A1 WO 2019159290A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
unit
communication
gnb
information
Prior art date
Application number
PCT/JP2018/005330
Other languages
English (en)
Japanese (ja)
Inventor
陽平 工口
高木 淳一
大出 高義
Original Assignee
富士通株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 富士通株式会社 filed Critical 富士通株式会社
Priority to PCT/JP2018/005330 priority Critical patent/WO2019159290A1/fr
Publication of WO2019159290A1 publication Critical patent/WO2019159290A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • H04L9/16Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]

Definitions

  • the present invention relates to a communication device, a terminal device, a wireless communication system, and a key generation method.
  • LTE Long Term Evolution
  • data is encrypted using a key in order to ensure confidentiality of the data.
  • the keys used for encryption are hierarchized, and different keys depending on the hierarchy are exchanged between the terminal device and the network including the base station device and the host device.
  • CK Cipher Key
  • IK Integrity Key
  • AuC Authentication Center
  • AKA Authentication and Key Agreement
  • a key used with a handover destination base station apparatus is generated from a key used by the terminal apparatus with the handover source base station apparatus. That is, from the key K eNB used between the handover source base station apparatus, new key K 'eNB used between the handover destination base station, respectively in both the terminal apparatus and base station apparatus Generated.
  • next generation for example, the fifth generation (5G) wireless communication system
  • concentration and dispersion of processing are being studied.
  • separation of a base station apparatus (gNB) into a CU (Central Unit) that is a radio control apparatus and a DU (Distributed Unit) that is a radio apparatus is being studied.
  • CP Control Plane or control information processing area
  • UP User Plane or user data processing area
  • a CU-CP (a radio control apparatus mainly having a processing function of a control information processing area) and a CU-UP (a radio control apparatus mainly having a processing function of a user data processing area)
  • these devices may be connected by an inter-device interface such as an E1 interface.
  • an RRC (Radio Resource Control) layer processing unit is arranged in the CU-CP
  • a PDCP (Packet Data Convergence Protocol) layer user plane processing unit is arranged in the CU-UP.
  • the key used in the RRC layer is required for the CU-CP, whereas the user plane key is required for the CU-UP. Therefore, each key is managed by a different device.
  • the following two methods have been proposed for the user plane key generation method. That is, the first is a method in which the CU-CP generates a user plane key and passes it to the CU-UP via, for example, the E1 interface.
  • the second is a method in which the CU-CP passes a gNB-specific key to the CU-UP, and the CU-UP generates a user plane key from the gNB key.
  • the user plane key generated by the CU-CP since the user plane key generated by the CU-CP is transmitted to the CU-UP via the E1 interface, the user plane key information may be leaked. .
  • the gNB key since the gNB key is transmitted from the CU-CP to the CU-UP, the gNB key information may leak out.
  • the CU-UP may be installed in a place where monitoring by an administrator such as a mountainous area is difficult, and it is difficult to reliably prevent the leakage of key information.
  • the disclosed technology has been made in view of the above points, and provides a communication device, a terminal device, a wireless communication system, and a key generation method capable of reducing the risk of leakage of key information and improving security.
  • the purpose is to do.
  • a communication device disclosed in the present application is configured to provide an encryption control unit that generates a first key that can be used for data encryption or decryption, and information related to the first key.
  • the terminal device, the wireless communication system, and the key generation method disclosed in the present application there is an effect that it is possible to improve the security by reducing the risk that the key information is leaked.
  • FIG. 1 is a diagram illustrating a configuration of a radio communication system according to Embodiment 1.
  • FIG. 2 is a block diagram showing a configuration of the CU-CP according to the first embodiment.
  • FIG. 3 is a block diagram showing a configuration of the CU-UP according to the first embodiment.
  • FIG. 4 is a block diagram showing configurations of the DU and the UE according to Embodiment 1.
  • FIG. 5 is a sequence diagram illustrating the key generation method according to the first embodiment.
  • FIG. 6 is a diagram for explaining parameter conversion.
  • FIG. 7 is a sequence diagram illustrating a key generation method according to the second embodiment.
  • FIG. 8 is a block diagram showing a configuration of the CU-CP according to the third embodiment.
  • FIG. 9 is a block diagram showing a configuration of the CU-UP according to the third embodiment.
  • FIG. 10 is a sequence diagram illustrating a key generation method according to the third embodiment.
  • FIG. 1 is a diagram illustrating a configuration of a radio communication system according to Embodiment 1.
  • FIG. 1 includes a core network, a gNB corresponding to a base station device, and a terminal device (UE: User Equipment) 20.
  • the core network includes an AUSF (Authentication Server Function) 11, an AMF (Access and Mobility Management Function) 12, and a UPF (User Plane Function) 13.
  • AUSF Authentication Server Function
  • AMF Access and Mobility Management Function
  • UPF User Plane Function
  • AUSF11 performs the authentication process of UE20. Then, the AUSF 11 shares CK (Cipher Key) and IK (Integrity Key), which are initial keys, with the authenticated UE 20, and generates a key K ASME based on CK and IK.
  • CK Cipher Key
  • IK Integrity Key
  • the AMF 12 is a device that controls the control plane, and terminates the control plane in a radio access network (RAN).
  • AMF12 acquires the key K ASME from AUSF11, UE 20 from the key K ASME generates GNb unique key K GNb to communicate. And, AMF12 provides a key K gNB to the appropriate gNB.
  • UPF 13 is a device that controls the user plane, and executes routing and transfer of user data.
  • the AUSF 11, the AMF 12, and the UPF 13 may be arranged as separate devices, but a part or all of them may be integrated into one device.
  • the gNB that is a base station apparatus is separated into a CU that is a radio control apparatus and a DU 300 that is a radio apparatus, and the CU further controls a CU-CP 100 that controls a control plane and a CU-UP 200 that controls a user plane. And are separated. Therefore, the CU-CP 100 and the CU-UP 200 are a pair of communication devices.
  • the CU-CP 100 is connected to the AMF 12 of the core network, and executes RRC layer processing and SDAP (Service Data Adaptation Protocol) layer processing. Further, the CU-CP 100 executes the control plane process of the PDCP layer. Further, the CU-CP 100 manages a key used for encryption of communication with the UE 20. CU-CP100 obtains GNb unique key K GNb from AMF12, 'derives GNb, key K' new key K from the key K GNb generates the key K 'RRC used from GNb to the process of RRC layer .
  • RRC layer processing and SDAP (Service Data Adaptation Protocol) layer processing. Further, the CU-CP 100 executes the control plane process of the PDCP layer. Further, the CU-CP 100 manages a key used for encryption of communication with the UE 20. CU-CP100 obtains GNb unique key K GNb from AMF12, 'derives GNb, key K' new key K from the key K
  • the CU-CP 100 does not use the key K gNB acquired from the AMF 12 as it is, but generates a key K ′ RRC after deriving a new key K ′ gNB .
  • the key generation by the CU-CP 100 will be described in detail later.
  • the CU-UP 200 is connected to the UPF 13 of the core network, and executes PDCP layer user plane processing.
  • the CU-UP 200 and the CU-CP 100 are connected by, for example, an E1 interface. Further, the CU-UP 200 manages a key used for encryption of communication with the UE 20.
  • the CU-UP 200 obtains a gNB-specific key K gNB from the CU-CP 100 , derives a new key K ′ gNB from the key K gNB , and obtains a key K ′ UP used for user plane processing from the key K ′ gNB. Generate.
  • the CU-UP 200 does not use the key K gNB acquired from the CU-CP 100 as it is, but generates a key K ′ UP after deriving a new key K ′ gNB .
  • the key generation by the CU-UP 200 will be described in detail later.
  • DU 300 connects to CU-CP 100 and CU-UP 200, and wirelessly transmits data acquired from CU-CP 100 and CU-UP 200 to UE 20. Further, the DU 300 transmits the data wirelessly received from the UE 20 to the CU-CP 100 and the CU-UP 200.
  • the DU 300 and the CU-CP 100 or CU-UP 200 are connected by, for example, an F1 interface.
  • the UE 20 is a wireless terminal device and performs wireless communication with the DU 300. Specifically, UE 20 wirelessly transmits data addressed to CU-CP 100 or CU-UP 200 to DU 300. Further, the UE 20 wirelessly receives the data transmitted from the CU-CP 100 or the CU-UP 200 from the DU 300. After being authenticated by the authentication process by the AUSF 11, the UE 20 generates a gNB-specific key K gNB and receives parameters (or control information) from the CU-CP 100.
  • UE 20 is' derives GNb, key K 'new key K from the key K GNb using the received parameters are used from GNb to the processing of the key K' RRC and user plane used in the process of the RRC layer key K ' UP is generated. That is, the UE 20 does not use the key K gNB generated first, but generates a key K ′ RRC and a key K ′ UP after deriving a new key K ′ gNB .
  • the key generation by the UE 20 will be described in detail later.
  • FIG. 2 is a block diagram showing the configuration of the CU-CP 100 according to the first embodiment. 2 includes an RRC processing unit 110, an SDAP processing unit 120, a PDCP-C processing unit 130, a first communication interface unit (hereinafter abbreviated as “first communication IF unit”) 140, and a second communication interface. Section (hereinafter abbreviated as “second communication IF section”) 150.
  • first communication IF unit first communication interface unit
  • second communication IF section Section
  • the RRC processing unit 110 executes RRC layer processing such as setting of radio resources used for communication. That is, the RRC processing unit 110 performs RRC layer processing on the transmission signal acquired from the AMF 12 and outputs the transmission signal to the PDCP-C processing unit 130. In addition, the RRC processing unit 110 acquires a reception signal from the PDCP-C processing unit 130, and performs RRC layer processing on the reception signal.
  • RRC layer processing such as setting of radio resources used for communication. That is, the RRC processing unit 110 performs RRC layer processing on the transmission signal acquired from the AMF 12 and outputs the transmission signal to the PDCP-C processing unit 130.
  • the RRC processing unit 110 acquires a reception signal from the PDCP-C processing unit 130, and performs RRC layer processing on the reception signal.
  • the SDAP processing unit 120 executes processing of the SDAP layer such as assignment of a QoS (Quality of Service) identifier, for example. That is, the SDAP processing unit 120 executes SDAP layer processing on the transmission signal acquired from the AMF 12 and outputs the transmission signal to the PDCP-C processing unit 130. In addition, the SDAP processing unit 120 acquires a received signal from the PDCP-C processing unit 130, and executes an SDAP layer process on the received signal.
  • QoS Quality of Service
  • the PDCP-C processing unit 130 executes PDCP layer processing such as data ordering and header compression. That is, PDCP-C processing section 130 executes PDCP layer processing on the transmission signal of the control plane acquired from RRC processing section 110 or SDAP processing section 120 and outputs the transmission signal to second communication IF section 150. . In addition, the PDCP-C processing unit 130 acquires a control plane received signal from the second communication IF unit 150 and performs PDCP layer processing on the received signal. Further, the PDCP-C processing unit 130 manages a key used for encryption of control plane data. Specifically, the PDCP-C processing unit 130 includes an encryption control unit 131, a parameter generation unit 132, and a key derivation unit 133.
  • the encryption control unit 131 manages the key and executes encryption of the transmission signal using the key or decryption of the received signal.
  • the encryption control unit 131 acquires the gNB-specific key K gNB generated by the AMF 12 and transmits this key K gNB to the CU-UP 200 via the first communication IF unit 140.
  • the encryption control unit 131 acquires the key K ′ gNB from the key derivation unit 133 and generates a key K ′ RRC used for encrypting data in the RRC layer from the key K ′ gNB .
  • the encryption control unit 131 performs encryption and / or decryption of data in the RRC layer using the key K ′ RRC . Therefore, the encryption control unit 131 performs encryption and / or decryption using the key K ′ RRC based on the key K ′ gNB different from the key K gNB transmitted via the first communication IF unit 140. .
  • the parameter generation unit 132 When the key K gNB is transmitted to the CU-UP 200 via the first communication IF unit 140, the parameter generation unit 132 generates a parameter (or control information) for changing the key K gNB .
  • the parameter generation unit 132 generates a parameter corresponding to a service for which a key is used, for example.
  • a service for example, when three services of URLLC (Ultra-Reliable and Low Latency Communications), mMTC (massive Machine Type Communications) and eMBB (enhanced Mobile BroadBand) are provided, parameter generation The unit 132 generates a parameter corresponding to a service with which the UE 20 performs communication.
  • URLLC Ultra-Reliable and Low Latency Communications
  • mMTC massive Machine Type Communications
  • eMBB enhanced Mobile BroadBand
  • the type of data to be transmitted (user data for each UE, user data that is specific or common to all UEs) and communication conditions (for example, maximum transmission rate, guaranteed transmission rate, allowable If the transmission delay is different, the service is considered to be different.
  • the parameter generation unit 132 transmits the generated parameter to the CU-UP 200 via the first communication IF unit 140. In addition, the parameter generation unit 132 notifies the generated parameter to the key derivation unit 133 and also transmits it to the UE 20.
  • the parameters are transmitted to the UE 20, the parameters are transmitted to the DU 300 via the encryption control unit 131 and the second communication IF unit 150 and then wirelessly transmitted from the DU 300 to the UE 20.
  • the encryption control unit 131 may encrypt the parameter using the key K RRC generated from the key K gNB and transmit the encrypted parameter. That is, the encryption control unit 131 may generate the key K RRC from the key K gNB before the change and encrypt the parameter.
  • the parameter generation unit 132 does not necessarily generate parameters for all services. For example, when the security requirement for the eMBB service is relatively low, no parameter need be generated for the key used for the eMBB service. Further, the parameter generation unit 132 may notify the key derivation unit 133 of the conversion parameter obtained by converting the initial value using the parameter corresponding to the service as the initial value.
  • the key derivation unit 133 derives a new key K ′ gNB from the key K gNB using the parameter notified from the parameter generation unit 132. At this time, the key deriving unit 133 derives a new key K ′ gNB from the key K gNB and the parameter using, for example, a hash function. Thus, the key derivation unit 133 changes the key K gNB to the new key K ′ gNB , so that the encryption control unit 131 can generate the key K ′ RRC based on the new key K ′ gNB .
  • the RRC processing unit 110, the SDAP processing unit 120, and the PDCP-C processing unit 130 described above can be realized by a processor and a memory, for example.
  • the processor may include, for example, a CPU (Central Processing Unit), an FPGA (Field Programmable Gate Array), or a DSP (Digital Signal Processor).
  • the memory may include, for example, RAM (Random Access Memory) or ROM (Read Only Memory).
  • the first communication IF unit 140 is connected to the CU-UP 200 through, for example, an E1 interface and transmits / receives various information to / from the CU-UP 200. Specifically, the first communication IF unit 140 transmits the key K gNB before the change output from the encryption control unit 131 and the parameter generated by the parameter generation unit 132 to the CU-UP 200.
  • the second communication IF unit 150 is connected to the DU 300 through, for example, an F1 interface, and transmits / receives various information to / from the DU 300. Specifically, the second communication IF unit 150 transmits a control plane transmission signal addressed to the UE 20 and a parameter generated by the parameter generation unit 132 to the DU 300. Further, the second communication IF unit 150 receives the control plane received signal received from the DU 300 from the DU 300.
  • FIG. 3 is a block diagram showing a configuration of CU-UP 200 according to the first embodiment.
  • the CU-UP 200 illustrated in FIG. 3 includes a first communication IF unit 210, a PDCP-U processing unit 220, and a second communication IF unit 230.
  • the first communication IF unit 210 is connected to the CU-CP 100 through, for example, an E1 interface and transmits / receives various information to / from the CU-CP 100. Specifically, the first communication IF unit 210 receives a gNB-specific key K gNB and parameters from the CU-CP 100.
  • the PDCP-U processing unit 220 executes PDCP layer processing such as data ordering and header compression. That is, the PDCP-U processing unit 220 performs PDCP layer processing on the user plane transmission signal acquired from the UPF 13 and outputs the transmission signal to the second communication IF unit 230. In addition, the PDCP-U processing unit 220 acquires a user plane received signal from the second communication IF unit 230, and executes PDCP layer processing on the received signal. Further, the PDCP-U processing unit 220 manages a key used for encrypting user plane data. Specifically, the PDCP-U processing unit 220 includes an encryption control unit 221, a parameter reception unit 222, and a key derivation unit 223.
  • the encryption control unit 221 manages the key, executes encryption of the transmission signal using the key, and executes decryption of the received signal.
  • the encryption control unit 221 acquires the gNB-specific key K gNB received by the first communication IF unit 210, and outputs this key K gNB to the key derivation unit 223. Thereafter, the encryption control unit 221 acquires the key K ′ gNB from the key derivation unit 223, and generates a key K ′ UP used for encrypting user plane data from the key K ′ gNB . Then, the encryption control unit 221 performs encryption and / or decryption of user plane data using the key K ′ UP . Therefore, the encryption control unit 221 performs encryption and / or decryption using the key K ′ UP based on the key K ′ gNB different from the key K gNB received by the first communication IF unit 210.
  • the parameter receiving unit 222 receives the parameter received from the CU-CP 100 by the first communication IF unit 210. Then, the parameter receiving unit 222 notifies the key derivation unit 223 of the received parameter.
  • the parameter reception unit 222 uses the received parameter as the initial value as a parameter. The same conversion as that performed by the generation unit 132 may be performed, and the obtained conversion parameter may be notified to the key derivation unit 223.
  • the key derivation unit 223 When the encryption control unit 221 acquires the gNB-specific key K gNB , the key derivation unit 223 derives a new key K ′ gNB from the key K gNB using the parameter notified from the parameter reception unit 222. At this time, the key deriving unit 223 derives a new key K ′ gNB by changing the key K gNB in the same manner as the key deriving unit 133 of the CU-CP 100. That is, when the key derivation unit 133 changes the key K gNB using a hash function, the key derivation unit 223 changes the key K gNB using the same hash function as the key derivation unit 133.
  • the key derivation unit 223 changes the key K gNB to the new key K ′ gNB in the same manner as the key derivation unit 133, so that the encryption control unit 221 has the same key as the encryption control unit 131 of the CU-CP 100.
  • K ′ gNB can be obtained and a key K ′ UP based on the key K ′ gNB can be generated.
  • the PDCP-U processing unit 220 described above can be realized by a processor and a memory, for example.
  • the processor may include, for example, a CPU, FPGA, DSP, or the like.
  • the memory may include a RAM or a ROM, for example.
  • the second communication IF unit 230 is connected to the DU 300 through, for example, an F1 interface, and transmits / receives various information to / from the DU 300. Specifically, the second communication IF unit 230 transmits a user plane transmission signal addressed to the UE 20 to the DU 300, and receives a user plane reception signal received by the DU 300 from the DU 300.
  • FIG. 4 is a block diagram showing configurations of DU 300 and UE 20 according to Embodiment 1.
  • the DU 300 and the UE 20 perform wireless communication with each other via an antenna.
  • the DU 300 illustrated in FIG. 4 includes an RLC (Radio Link Control) processing unit 310, a MAC (Media Access Control) processing unit 320, and a physical layer processing unit 330.
  • RLC Radio Link Control
  • MAC Media Access Control
  • the RLC processing unit 310 executes RLC layer processing such as retransmission control. That is, the RLC processing unit 310 acquires transmission signals from the CU-CP 100 and the CU-UP 200, and executes RLC layer processing on the transmission signals.
  • the transmission signal includes, for example, parameters generated by the parameter generation unit 132 of the CU-CP 100.
  • the RLC processing unit 310 acquires a reception signal from the MAC processing unit 320, and performs RLC layer processing on the reception signal.
  • the MAC processing unit 320 executes MAC layer processing such as scheduling and retransmission control. That is, the MAC processing unit 320 acquires a transmission signal from the RLC processing unit 310, and performs MAC layer processing on the transmission signal. In addition, the MAC processing unit 320 acquires a reception signal from the physical layer processing unit 330 and executes a MAC layer process on the reception signal.
  • MAC layer processing such as scheduling and retransmission control. That is, the MAC processing unit 320 acquires a transmission signal from the RLC processing unit 310, and performs MAC layer processing on the transmission signal. In addition, the MAC processing unit 320 acquires a reception signal from the physical layer processing unit 330 and executes a MAC layer process on the reception signal.
  • the RLC processing unit 310 and the MAC processing unit 320 described above can be realized by a processor and a memory, for example.
  • the processor may include, for example, a CPU, FPGA, DSP, or the like.
  • the memory may include a RAM or a ROM, for example.
  • the RLC processing unit 310 and the MAC processing unit 320 are provided in the DU 300, and the processing units of the higher RRC layer, the SDAP layer, and the PDCP layer are provided in the CU-CP 100 or the CU-UP 200.
  • separation of CU and DU is not limited to this configuration.
  • the CU-CP 100 and the CU-UP 200 may be provided with RLC layer and MAC layer processing units, and the DU 300 may be provided with only a physical layer processing unit.
  • the physical layer processing unit 330 executes physical layer processing such as D / A (Digital / Analog) conversion, A / D (Analog / Digital) conversion, and amplification of signals. That is, the physical layer processing unit 330 acquires a transmission signal from the MAC processing unit 320, performs physical layer processing on the transmission signal, and transmits the transmission signal to the UE 20 via the antenna. In addition, the physical layer processing unit 330 receives a signal transmitted from the UE 20 via an antenna, and performs physical layer processing on the received signal.
  • D / A Digital / Analog
  • a / D Analog / Digital
  • the physical layer processing unit 330 can be realized by, for example, a D / A converter, an A / D converter, an amplifier, and the like.
  • the UE 20 illustrated in FIG. 4 includes a physical layer processing unit 21, a MAC processing unit 22, an RLC processing unit 23, a PDCP processing unit 24, and an RRC processing unit 25.
  • the physical layer processing unit 21 executes physical layer processing such as D / A (Digital / Analog) conversion, A / D (Analog / Digital) conversion, and amplification of signals. That is, the physical layer processing unit 21 receives the signal transmitted from the DU 300 via the antenna, and performs physical layer processing on the received signal.
  • the received signal includes, for example, parameters generated by the parameter generation unit 132 of the CU-CP 100.
  • the physical layer processing unit 21 acquires a transmission signal from the MAC processing unit 22, performs physical layer processing on the transmission signal, and transmits the transmission signal to the DU 300 via the antenna.
  • the MAC processing unit 22 executes MAC layer processing such as retransmission control. In other words, the MAC processing unit 22 acquires a received signal from the physical layer processing unit 21 and performs a MAC layer process on the received signal. Further, the MAC processing unit 22 acquires a transmission signal from the RLC processing unit 23, and executes a MAC layer process on the transmission signal.
  • MAC layer processing such as retransmission control.
  • the MAC processing unit 22 acquires a received signal from the physical layer processing unit 21 and performs a MAC layer process on the received signal. Further, the MAC processing unit 22 acquires a transmission signal from the RLC processing unit 23, and executes a MAC layer process on the transmission signal.
  • the RLC processing unit 23 executes RLC layer processing such as retransmission control. In other words, the RLC processing unit 23 acquires a reception signal from the MAC processing unit 22 and executes RLC layer processing on the reception signal. In addition, the RLC processing unit 23 acquires a transmission signal from the PDCP processing unit 24, and performs RLC layer processing on the transmission signal.
  • the PDCP processing unit 24 executes PDCP layer processing such as data ordering and header compression. That is, the PDCP processing unit 24 acquires a received signal from the RLC processing unit 23 and executes PDCP layer processing on the received signal. In addition, the PDCP processing unit 24 performs PDCP layer processing on the transmission signal acquired from the RRC processing unit 25 and outputs the transmission signal to the RLC processing unit 23. Further, the PDCP processing unit 24 manages a key used for data encryption. Specifically, the PDCP processing unit 24 includes an encryption control unit 24a, a parameter reception unit 24b, and a key derivation unit 24c.
  • the encryption control unit 24a manages the key and executes encryption of the transmission signal using the key or decryption of the reception signal.
  • the encryption control unit 24a shares CK (Cipher Key) and IK (Integrity Key), which are initial keys, with the AUSF 11, and generates a key K ASME based on CK and IK. Then, when the gNB of the communication partner of the UE 20 is determined, the encryption control unit 24a generates a gNB-specific key K gNB to be the communication partner from the key K ASME, and outputs this key K gNB to the key derivation unit 24c. To do.
  • the encryption control unit 24a 'acquires GNb, this key K' key K from the key deriving unit 24c used from GNb to encrypt the data key K 'RRC and user plane used in the process of the RRC layer A key K ′ UP is generated. Then, the encryption control unit 24a performs encryption and / or decryption of data in the RRC layer using the key K ′ RRC , and encrypts and / or decrypts data in the user plane using the key K ′ UP. Run.
  • the parameter receiving unit 24b receives the parameter generated by the parameter generating unit 132 of the CU-CP 100.
  • the parameter receiving unit 24b notifies the received parameter to the key deriving unit 24c.
  • the parameter reception unit 24b sets the received parameter as the initial value to the parameter The same conversion as that of the generation unit 132 may be performed, and the obtained conversion parameter may be notified to the key derivation unit 24c.
  • the parameter receiving unit 24b may decrypt the parameter using the key K RRC generated from the key K gNB by the encryption control unit 24a. That is, the encryption control unit 24a may generate the key K RRC from the key K gNB before the change, and the parameter received by the parameter receiving unit 24b may be decrypted using the key K RRC .
  • the key derivation unit 24c derives a new key K ′ gNB from the key K gNB using the parameter notified from the parameter reception unit 24b. At this time, the key derivation unit 24c derives a new key K ′ gNB by changing the key K gNB in the same manner as the key derivation unit 133 of the CU-CP 100 and the key derivation unit 223 of the CU-UP 200.
  • the key derivation unit 24c uses the same hash function as the key derivation unit 133 and the key derivation unit 223 to Change K gNB .
  • the key derivation unit 24c changes the key K gNB to the new key K ′ gNB in the same manner as the key derivation unit 133 and the key derivation unit 223, so that the encryption control unit 24a performs the CU-CP 100 and the CU-UP 200.
  • the key K ′ gNB can be obtained, and a key K ′ RRC and a key K ′ UP based on the key K ′ gNB can be generated.
  • the RRC processing unit 25 executes RRC layer processing such as setting of radio resources used for communication. That is, the RRC processing unit 25 acquires a reception signal from the PDCP processing unit 24, and executes RRC layer processing on the reception signal. In addition, the RRC processing unit 25 performs RRC layer processing on the transmission signal and outputs the transmission signal to the PDCP processing unit 24.
  • the MAC processing unit 22, RLC processing unit 23, PDCP processing unit 24, and RRC processing unit 25 described above can be realized by a processor and a memory, for example.
  • the processor may include, for example, a CPU, FPGA, DSP, or the like.
  • the memory may include a RAM or a ROM, for example.
  • the physical layer processing unit 21 can be realized by, for example, a D / A converter, an A / D converter, an amplifier, and the like.
  • step S101 When the UE 20 connects to the core network, authentication processing and initial setting are executed between the UE 20 and the AUSF 11 and AMF 12 (step S101). Specifically, the UE 20 is authenticated by the AUSF 11, and the initial keys CK and IK unique to the UE 20 are shared between the UE 20 and the AUSF 11 by, for example, AKA. Then, the encryption control unit 24a of the UE 20 generates a key K ASME from CK and IK, and the AUSF 11 also generates a key K ASME from CK and IK. The key K ASME generated by the AUSF 11 is transmitted to the AMF 12, and commands are transmitted and received between the UE 20 and the AMF 12. Through these authentication processes and initial settings, the UE 20 and the AMF 12 hold the same key K ASME .
  • the encryption control unit 24a of the UE 20 generates a key K gNB unique to the communication partner gNB from the key K ASME (step S102). Further, the encryption control unit 24a generates a key K RRC used for processing of the RRC layer from the key K gNB (step S103).
  • This key K RRC is a key for decrypting parameters generated by the CU-CP 100. Therefore, when the parameter generated by the CU-CP 100 is transmitted without being encrypted, the generation of the key K RRC may be omitted.
  • the key K gNB unique to the gNB of the communication partner of the UE 20 is generated from the key K ASME by the AMF 12 (step S104).
  • This key K gNB is the same as the key K gNB generated by the UE 20.
  • the generated key K gNB is transmitted from the AMF 12 to the CU-CP 100 (step S105).
  • the encryption control unit 131 When the key K gNB is received by the CU-CP 100, the encryption control unit 131 generates a key K RRC used for processing in the RRC layer from the key K gNB (step S106).
  • the key K RRC is a key for encrypting the parameter generated by the parameter generation unit 132. Therefore, when the parameter is transmitted to the UE 20 without being encrypted, the generation of the key K RRC may be omitted.
  • the key K gNB generated from the key K ASME is transmitted from the first communication IF unit 140 to the CU-UP 200 (step S107).
  • a parameter for changing the key K gNB is generated by the parameter generation unit 132, and the key K gNB and the parameter are used by the key derivation unit 133, whereby a new key K ′ gNB is obtained.
  • Is generated step S108). That is, for example, the parameter generation unit 132 generates a parameter corresponding to a service for which the UE 20 performs communication, and notifies the key deriving unit 133 of the parameter. Then, the key derivation unit 133 generates a new key K ′ gNB by using a hash function for the key K gNB and the parameter, for example.
  • the parameter used for generating the key K ′ gNB is transmitted from the first communication IF unit 140 to the CU-UP 200 (step S109).
  • the parameter is received by the parameter receiving unit 222 of the CU-UP 200, and the key derivation unit 223 uses the previously received key K gNB and the parameter to generate a new key K ′ gNB (step S110). ).
  • the same method as that of the CU-CP 100 is used, such as using the same hash function as that of the key derivation unit 133 of the CU-CP 100.
  • a key K ′ gNB different from the key K gNB transmitted / received between the first communication IF unit 140 and the first communication IF unit 210 is generated.
  • the encryption control unit 131 generates a key K ′ RRC used for encrypting data in the RRC layer from the key K ′ gNB (step S112). Thereafter, the encryption control unit 131 uses the key K ′ RRC for encryption and / or decryption of data in the RRC layer.
  • the encryption control unit 221 uses the key K ′ UP used for encrypting user plane data from the key K ′ gNB (step S113). Thereafter, the encryption control unit 221 uses the key K ′ UP for encryption and / or decryption of user plane data.
  • K gNB is transmitted from the CU-CP 100 to the CU-UP 200
  • the parameters are transmitted from the CU-CP 100 to the CU-UP 200
  • the CU-CP 100 and the CU-UP 200 are newly transmitted from the key K gNB, respectively.
  • K ′ gNB is generated.
  • CU-CP100 generates a RRC 'key K from GNb' key K
  • CU-UP200 generates UP 'key K from GNb' key K.
  • the key K GNb ' is generated UP, key K' RRC and the key K 'key K from GNb' different key K RRC and the key K ' Data can be kept secret by encryption using UP .
  • the parameters used to generate the key K 'GNb in CU-CP100 is also transmitted from the second communication IF unit 150 to the DU300, is transmitted from the DU300 to UE 20 (step S111).
  • the parameter may be encrypted using the key K RRC generated from the key K gNB in step S106.
  • the parameter is received by the parameter receiving unit 24b of the UE 20, and the key derivation unit 24c uses the already generated key K gNB and the parameter to generate a new key K ′ gNB (step S114).
  • the parameter may be decrypted using the key K RRC generated from the key K gNB in step S103.
  • the key K ′ gNB is generated using the same method as the CU-CP 100 and the CU-UP 200, such as using the same hash function as the key derivation unit 133 of the CU-CP 100 and the key derivation unit 223 of the CU-UP 200. It is done.
  • the UE 20 By generating the key K ′ gNB using the parameters, the UE 20 is different from the key K gNB generated first and is the same key as the key K ′ gNB held by the CU-CP 100 and the CU-UP 200. K ′ gNB is generated.
  • step S115 with RRC 'key K used by GNb to encrypt data the RRC layer' that key K is generated, from the key K 'GNb user plane
  • a key K ′ UP used for data encryption is generated (step S116).
  • the encryption control unit 24a uses the key K′RRC and the key K′UP for data encryption and / or decryption.
  • the UE 20 generates a new key K ′ gNB from the key K gNB in the same manner as the CU-CP 100 and CU-UP 200 using the parameters received from the CU-CP 100, and from this key K ′ gNB A key K ′ RRC and a key K ′ UP are generated. For this reason, the UE 20 can safely communicate with the CU-CP 100 and the CU-UP 200 using a key with which the risk of leakage of key information is reduced.
  • the parameters used for the key change are transmitted from the CU-CP to the CU-UP.
  • the CU-UP generates a key used for encryption after changing the key using the parameter. For this reason, a key used for encryption is generated from a key different from the key transmitted between the CU-CP and the CU-UP, and there is a risk that the key information of the key used for encryption will be leaked. It can be reduced and security can be improved.
  • parameters are transmitted from the CU-CP 100 to the CU-UP 200 and the UE 20.
  • information transmitted from the CU-CP 100 is not necessarily a parameter. That is, for example, an identifier of a service provided to the UE 20 is transmitted to the CU-UP 200 and the UE 20, and the CU-UP 200 and the UE 20 may use a parameter corresponding to the received identifier with reference to a table held in advance. good.
  • the parameters transmitted from the CU-CP 100 to the CU-UP 200 and the UE 20 may be converted and used for key generation.
  • parameters may be converted by a PN (Pseudo Noise) code such as an M sequence or a Gold sequence and used for key generation. That is, for example, as shown in FIG. 6, when the bit sequence 000011111 is transmitted from the CU-CP 100 to the CU-UP 200 and the UE 20 as the initial value of the parameter, the parameter may be converted by a generator polynomial of PN9 stage. .
  • the exclusive OR of D4 and D9 is output while shifting the bits of the bit sequence 000011111 in the taps D1 to D9.
  • bit sequence 111101110 different from the initial bit sequence 000011111 is obtained.
  • parameters different from the transmitted parameters can be used for key generation, which can further improve security. it can.
  • a feature of the second embodiment is that the CU-CP generates a key used for encrypting user plane data and transmits it to the CU-UP, and the CU-UP changes the received key using a parameter. It is.
  • Embodiment 2 Since the configuration of the wireless communication system according to Embodiment 2 is the same as that of Embodiment 1 (FIG. 1), description thereof is omitted. Further, the configurations of the CU-CP, CU-UP, DU, and UE according to the second embodiment are the same as those of the first embodiment (FIGS. 2 to 4), and thus the description thereof is omitted.
  • the encryption control unit 131 of the CU-CP 100 After obtaining the gNB-specific key K gNB generated by the AMF 12, the encryption control unit 131 of the CU-CP 100 generates a key K UP used for encrypting user plane data from the key K gNB . Then, the encryption control unit 131 transmits the generated key K UP to the CU-UP 200 via the first communication IF unit 140.
  • the encryption control unit 221 of the CU-UP 200 acquires the key K UP received by the first communication IF unit 210 and outputs this key K UP to the key derivation unit 223. After that, the encryption control unit 221 acquires the key K ′ UP from the key derivation unit 223, and executes encryption and / or decryption of user plane data using the key K ′ UP .
  • the key deriving unit 223 derives a new key K ′ UP from the key K UP using the parameter notified from the parameter receiving unit 222. In this way, the key derivation unit 223 changes the key K UP to the new key K ′ UP , so that the encryption control unit 221 uses a key K ′ UP different from the key K UP transmitted from the CU-CP 100.
  • user plane data can be encrypted and / or decrypted.
  • the encryption control unit 24a of the UE20 after generating the GNb unique key K GNb as a communication partner to generate a key K UP used from the key K GNb to encrypt the data of the user plane. Then, the encryption control unit 24a outputs the generated key K UP to the key derivation unit 24c.
  • the key derivation unit 24c When the key derivation unit 24c acquires the key K UP from the encryption control unit 24a, the key derivation unit 24c derives a new key K ′ UP from the key K UP using the parameter notified from the parameter reception unit 24b. At this time, the key deriving unit 24c derives a new key K ′ UP by changing the key K UP in the same manner as the key deriving unit 223 of the CU-UP 200. That is, when the key derivation unit 223 changes the key K UP using the hash function, the key derivation unit 24c changes the key K UP using the same hash function as the key derivation unit 223.
  • the encryption control unit 24a can acquire the same key K ′ UP as that of the CU- UP 200. it can.
  • step S101 When the UE 20 connects to the core network, authentication processing and initial setting are executed between the UE 20 and the AUSF 11 and AMF 12 (step S101). Then, the encryption control unit 24a of the UE 20 generates a key K gNB unique to the communication partner gNB from the key K ASME (step S102). Further, the encryption control unit 24a generates a key K RRC used for processing of the RRC layer from the key K gNB (step S103), and generates a key K UP used for processing of the user plane (step S201). ). In the present embodiment, since the key K RRC is used as it is for the processing of the RRC layer, the generation of the key K RRC is not omitted.
  • the key K gNB unique to the gNB of the communication partner of the UE 20 is generated from the key K ASME by the AMF 12 (step S104). Then, the generated key K gNB is transmitted from the AMF 12 to the CU-CP 100 (step S105).
  • the encryption control unit 131 When the key K gNB is received by the CU-CP 100, the encryption control unit 131 generates a key K RRC used for processing of the RRC layer from the key K gNB (step S106), and uses it for processing of the user plane. Key K UP to be generated is generated (step S202). In the present embodiment, since the key K RRC is used as it is for the processing of the RRC layer, the generation of the key K RRC is not omitted.
  • the key K UP generated from the key K GNb is transmitted from the first communication IF unit 140 to the CU-UP200 (step S203).
  • a parameter for changing the key K UP is generated by the parameter generation unit 132, and this parameter is transmitted from the first communication IF unit 140 to the CU-UP 200 (step S204).
  • the parameter is received by the parameter receiving unit 222 of the CU-UP 200, and the key derivation unit 223 uses the previously received key K UP and the parameter to generate a new key K ′ UP (step S205). ).
  • a key K ′ UP different from the key K UP transmitted / received between the first communication IF unit 140 and the first communication IF unit 210 is generated.
  • the encryption control unit 221 uses the key K ′ UP for encryption and / or decryption of user plane data.
  • the key K UP is transmitted from the CU-CP 100 to the CU- UP 200
  • the parameters are transmitted from the CU-CP 100 to the CU- UP 200, and the CU- UP 200 generates a new key K ′ UP from the key K UP.
  • the key K UP ' is generated UP, key K' different keys K to confidential data of the user plane by encryption using the UP Can do.
  • the parameter generated in the CU-CP 100 is also transmitted from the second communication IF unit 150 to the DU 300, and is transmitted from the DU 300 to the UE 20 (step S206).
  • the parameter may be encrypted using the key K RRC generated from the key K gNB in step S106.
  • the parameter is received by the parameter receiving unit 24b of the UE 20, and the key deriving unit 24c uses the already generated key K UP and the parameter to generate a new key K ′ UP (step S207).
  • the parameter may be decrypted using the key K RRC generated from the key K gNB in step S103.
  • the key K ′ UP is generated using the same method as the CU-UP 200, such as using the same hash function as the key derivation unit 223 of the CU-UP 200.
  • the UE 20 has a key K ′ UP that is different from the key K UP generated first and is the same as the key K ′ UP held by the CU- UP 200. It is generated.
  • the encryption control unit 24a uses the key K ′ UP for encryption and / or decryption of user plane data.
  • the UE 20 generates a new key K ′ UP from the key K UP in the same manner as the CU- UP 200 using the parameters received from the CU-CP 100. For this reason, the UE 20 can safely communicate with the CU-UP 200 using a key with which the risk of leakage of key information is reduced.
  • the parameters used for changing the key are changed from the CU-CP to the CU.
  • CU-UP changes the key using the parameters. For this reason, a key different from the key transmitted between the CU-CP and the CU-UP is used for encryption, reducing the risk of leaking key information of the key used for encryption, and improving security. Can be improved.
  • a feature of the third embodiment is that the CU-UP generates parameters used for key change and transmits them to the CU-CP.
  • FIG. 8 is a block diagram showing a configuration of the CU-CP 100 according to the third embodiment.
  • the CU-CP 100 shown in FIG. 8 has a parameter receiving unit 161 instead of the parameter generating unit 132 of the CU-CP 100 shown in FIG.
  • the parameter receiving unit 161 receives parameters received from the CU-UP 200 by the first communication IF unit 140. Then, the parameter receiving unit 161 notifies the key derivation unit 133 of the received parameter and transmits it to the UE 20. When the parameters are transmitted to the UE 20, the parameters are transmitted to the DU 300 via the encryption control unit 131 and the second communication IF unit 150 and then wirelessly transmitted from the DU 300 to the UE 20. At this time, the encryption control unit 131 may encrypt the parameter using the key K RRC generated from the key K gNB and transmit the encrypted parameter.
  • the parameter receiving unit 161 executes the same conversion as the CU-UP 200 using the received parameter as the initial value, and the obtained conversion The parameter may be notified to the key derivation unit 133.
  • FIG. 9 is a block diagram showing a configuration of CU-UP 200 according to the third embodiment. 9, the same parts as those in FIG. 3 are denoted by the same reference numerals, and the description thereof is omitted.
  • the CU-UP 200 shown in FIG. 9 includes a parameter generation unit 241 instead of the parameter reception unit 222 of the CU-UP 200 shown in FIG.
  • the parameter generation unit 241 When the key K gNB is received by the first communication IF unit 210, the parameter generation unit 241 generates a parameter (or control information) for changing the key K gNB .
  • the parameter generation unit 241 generates a parameter corresponding to a service for which a key is used, for example. Specifically, for example, when three services of URLLC, mMTC, and eMBB are provided, the parameter generation unit 241 generates a parameter corresponding to a service with which the UE 20 performs communication.
  • the parameter generation unit 241 transmits the generated parameter to the CU-CP 100 via the first communication IF unit 210.
  • the parameter generation unit 241 notifies the generated parameter to the key derivation unit 223.
  • the parameter generation unit 241 does not necessarily have to generate parameters for all services. For example, when the security requirement for the eMBB service is relatively low, no parameter need be generated for the key used for the eMBB service.
  • the parameter generation unit 241 may notify the key derivation unit 223 of a conversion parameter obtained by converting the initial value using the parameter corresponding to the service as the initial value.
  • step S101 When the UE 20 connects to the core network, authentication processing and initial setting are executed between the UE 20 and the AUSF 11 and AMF 12 (step S101). Then, the encryption control unit 24a of the UE 20 generates a key K gNB unique to the communication partner gNB from the key K ASME (step S102). Further, the encryption control unit 24a generates a key K RRC used for processing of the RRC layer from the key K gNB (step S103).
  • the key K gNB unique to the gNB of the communication partner of the UE 20 is generated from the key K ASME by the AMF 12 (step S104). Then, the generated key K gNB is transmitted from the AMF 12 to the CU-CP 100 (step S105).
  • the encryption control unit 131 When the key K gNB is received by the CU-CP 100, the encryption control unit 131 generates a key K RRC used for processing in the RRC layer from the key K gNB (step S106).
  • the key K gNB generated from the key K ASME is transmitted from the first communication IF unit 140 to the CU-UP 200 (step S107).
  • the parameter generation unit 241 When the key K gNB is received by the first communication IF unit 210 of the CU-UP 200, the parameter generation unit 241 generates a parameter for changing the key K gNB , and the key derivation unit 223 generates the key K gNB and the parameter Is used, a new key K ′ gNB is generated (step S301). That is, for example, the parameter generation unit 241 generates a parameter corresponding to a service for which the UE 20 performs communication, and notifies the key deriving unit 223 of the parameter. Then, the key derivation unit 223 generates a new key K ′ gNB by using a hash function for the key K gNB and the parameter, for example.
  • the parameter used for generating the key K ′ gNB is transmitted from the first communication IF unit 210 to the CU-CP 100 (step S302).
  • the parameter is received by the parameter receiving unit 161 of the CU-CP 100, and the key derivation unit 133 uses the key K gNB and the parameter received from the AMF 12 to generate a new key K ′ gNB (step S303).
  • the key derivation unit 133 uses the key K gNB and the parameter received from the AMF 12 to generate a new key K ′ gNB (step S303).
  • same method as CU-UP200 is used. Thereby, in the CU-CP 100 and the CU-UP 200, a key K ′ gNB different from the key K gNB transmitted / received between the first communication IF unit 140 and the first communication IF unit 210 is generated.
  • the encryption control unit 131 generates a key K ′ RRC used for encrypting data in the RRC layer from the key K ′ gNB (step S112). Thereafter, the encryption control unit 131 uses the key K ′ RRC for encryption and / or decryption of data in the RRC layer.
  • the encryption control unit 221 uses the key K ′ UP used for encrypting user plane data from the key K ′ gNB (step S113). Thereafter, the encryption control unit 221 uses the key K ′ UP for encryption and / or decryption of user plane data.
  • the parameters used to generate the key K 'GNb in CU-CP100 is also transmitted from the second communication IF unit 150 to the DU300, is transmitted from the DU300 to UE 20 (step S304).
  • the parameter may be encrypted using the key K RRC generated from the key K gNB in step S106.
  • the parameter is received by the parameter receiving unit 24b of the UE 20, and the key derivation unit 24c uses the already generated key K gNB and the parameter to generate a new key K ′ gNB (step S114).
  • the key derivation unit 24c uses the already generated key K gNB and the parameter to generate a new key K ′ gNB (step S114).
  • the UE 20 is different from the key K gNB generated first and is the same key as the key K ′ gNB held by the CU-CP 100 and the CU-UP 200.
  • K ′ gNB is generated.
  • step S115 with RRC 'key K used by GNb to encrypt data the RRC layer' that key K is generated, from the key K 'GNb user plane
  • a key K ′ UP used for data encryption is generated (step S116).
  • the encryption control unit 24a uses the key K′RRC and the key K′UP for data encryption and / or decryption.
  • a key used for encryption is generated from a key different from the key transmitted between the CU-CP and the CU-UP, and there is a risk that the key information of the key used for encryption will be leaked. It can be reduced and security can be improved.
  • a key used for encrypting RRC layer data or a key used for encrypting user plane data is generated from a key unique to the base station device.
  • the generation source key is not necessarily a key unique to the base station apparatus. That is, for example, a key used for data encryption is generated from at least one of a key unique to a terminal device, a key unique to a service, and a key unique to a combination of two or more of a base station device, a terminal device, and a service. May be.
  • Embodiment 2 the CU-CP 100 generates a key K UP used for user plane processing and transmits it to the CU- UP 200, and the CU-UP 200 generates a parameter. You may transmit to CU-CP100. Even in such a case, since the key transmitted between the CU-CP 100 and the CU-UP 200 is different from the key used for processing the user plane data, the security can be improved.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Selon l'invention, un dispositif de communication (100) comprend : une unité de commande de chiffrement (131) qui produit une première clé qui peut être utilisée pour chiffrer et/ou déchiffrer des données ; une unité de transmission (140) qui transmet des informations concernant la première clé à un autre dispositif (200) formant une paire avec le dispositif de communication ; et une unité de changement (133) qui change la première clé en une deuxième clé conformément à des informations de changement de clé. L'unité de commande de chiffrement (131) chiffre et/ou déchiffre les données grâce à la deuxième clé. Ceci permet d'améliorer la sécurité en réduisant le risque de fuite d'informations de clé.
PCT/JP2018/005330 2018-02-15 2018-02-15 Dispositif de communication, dispositif terminal, système de communication sans fil et procédé de production de clé WO2019159290A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2018/005330 WO2019159290A1 (fr) 2018-02-15 2018-02-15 Dispositif de communication, dispositif terminal, système de communication sans fil et procédé de production de clé

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2018/005330 WO2019159290A1 (fr) 2018-02-15 2018-02-15 Dispositif de communication, dispositif terminal, système de communication sans fil et procédé de production de clé

Publications (1)

Publication Number Publication Date
WO2019159290A1 true WO2019159290A1 (fr) 2019-08-22

Family

ID=67618940

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2018/005330 WO2019159290A1 (fr) 2018-02-15 2018-02-15 Dispositif de communication, dispositif terminal, système de communication sans fil et procédé de production de clé

Country Status (1)

Country Link
WO (1) WO2019159290A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008172728A (ja) * 2007-01-15 2008-07-24 Megachips System Solutions Inc セキュリティシステム
WO2008096396A1 (fr) * 2007-02-02 2008-08-14 Panasonic Corporation Dispositif de communication sans fil et procédé de mise à jour de clé de chiffrement
WO2017188064A1 (fr) * 2016-04-27 2017-11-02 日本電気株式会社 Procédé d'élaboration de clés, système de communication, terminal de communication et dispositif de communication
JP2017534204A (ja) * 2014-10-29 2017-11-16 クアルコム,インコーポレイテッド 次世代セルラーネットワークのためのユーザプレーンセキュリティ

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008172728A (ja) * 2007-01-15 2008-07-24 Megachips System Solutions Inc セキュリティシステム
WO2008096396A1 (fr) * 2007-02-02 2008-08-14 Panasonic Corporation Dispositif de communication sans fil et procédé de mise à jour de clé de chiffrement
JP2017534204A (ja) * 2014-10-29 2017-11-16 クアルコム,インコーポレイテッド 次世代セルラーネットワークのためのユーザプレーンセキュリティ
WO2017188064A1 (fr) * 2016-04-27 2017-11-02 日本電気株式会社 Procédé d'élaboration de clés, système de communication, terminal de communication et dispositif de communication

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project, 3GPP System Architecture Evolution(SAE);Security architecture, Technical Specification Group Services and System Aspects", TS 33.401, January 2018 (2018-01-01), XP051420476, Retrieved from the Internet <URL:http://www.3gpp.org/ftp/Specs/archive/33_series/33.401/33401-f30.zip> [retrieved on 20180510] *
"3rd Generation Partnership Project, Study of separation of NR Control Plane(CP) and User Plane(UP) for split option 2, Technical Specification Group Radio Access Network", TR 38.806, December 2017 (2017-12-01), pages 1 - 23, XP051365407, Retrieved from the Internet <URL:http://www.3gpp.org/ftp/Specs/archive/38_series/38.806/38806-100.zip> [retrieved on 20180510] *

Similar Documents

Publication Publication Date Title
US11025414B2 (en) Key exchange method and apparatus
US10813012B2 (en) Communication system
JP6825689B2 (ja) 分散ユニット
CN107113287B (zh) 在用户装备之间执行设备到设备通信的方法
CN109874139B (zh) 锚密钥生成方法、设备以及系统
EP2071885B1 (fr) Procédé de gestion de changement de clé de sécurité et dispositif de communication associé
US10567165B2 (en) Secure key transmission protocol without certificates or pre-shared symmetrical keys
CN101103586B (zh) 在通信系统中加密/解密信号的装置和方法
JP2008547257A (ja) アドホックネットワーク内でデータを安全に伝送するための方法および装置
KR102062688B1 (ko) 모바일 광대역 네트워크 환경에서 제어 패킷 및 데이터 패킷을 보호하기 위한 방법 및 시스템
WO2012024905A1 (fr) Procédé, terminal et ggsn de chiffrement et de déchiffrement de données dans un réseau de communication mobile
CN101588345A (zh) 站与站之间信息发送、转发和接收方法、装置和通信系统
CN108882233B (zh) 一种imsi的加密方法、核心网和用户终端
WO2022027476A1 (fr) Procédé de gestion de clés et appareil de communication
US20090265550A1 (en) Method and arrangement for transmitting data in a communication system that employs a multi-hop method
KR20080046130A (ko) 무선통신시스템에서 시그널링 무선베어러의 배치 방법 및장치
WO2019159290A1 (fr) Dispositif de communication, dispositif terminal, système de communication sans fil et procédé de production de clé
WO2015064475A1 (fr) Procédé de régulation de communications, serveur d&#39;authentification et équipement d&#39;utilisateur
CN114245372B (zh) 一种认证方法、装置和系统
CN108243082B (zh) 一种数据传输方法及设备
JP2005223838A (ja) 通信システムおよび中継装置
WO2022198671A1 (fr) Procédé et appareil de communication
CN110650476B (zh) 管理帧加密和解密
US20230171093A1 (en) Quantum cryptographic keys for secure wireless communications in a telecommunications network
KR20050107537A (ko) 무선 통신 시스템에서 사용자 인증 메시지 암호화 방법과장치 및 이를 위한 보안키 생성 방법

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18905930

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18905930

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP