• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    The present invention relates to methods and apparatus for flexible, security context management during MFA changes. One aspect of the invention is a mechanism for obtaining retroactive security during AMF changes. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, and sends a key change indication to the UE, either directly or through some another network node. The UE can then derive the new NAS key from the old NAS key. In some modalities, the MFA may provide a key generation parameter for the UE to use when deriving the new NAS key. In other modalities, the target MFA can change one or more security algorithms.
    公开号:BR112019015387B1
    申请号:R112019015387-0
    申请日:2018-01-29
    公开日:2020-11-03
    发明作者:Noamen Ben Henda;Christine Jost;Karl Norrman;Monica Wifvesson
    申请人:Telefonaktiebolaget Lm Ericsson (Publ);
    IPC主号:
    专利说明:

    TECHNICAL FIELD
    [001] The present invention relates in general to security in wireless communication networks and, more particularly, to methods and devices for handling the security context when making the switch between domains of mobility management. BACKGROUND
    [002] The Third Generation Partnership Project (3GPP) is currently developing standards for Fifth Generation (5G) systems. The expectation is that 5G networks support a series of new scenarios and use cases and be enablers for the Internet of Things (loT). 5G systems are also expected to offer connectivity to a wide range of new devices, such as sensors, smart wearables, vehicles, machines, etc. Flexibility will be a key property in 5G systems. This new flexibility is reflected in the security requirements for network access that requires the support of alternative authentication methods and different types of credentials other than the usual Authentication and Key Agreement (AKA) credentials previously provided by the operator and safely stored on the Universal Integrated Circuit Card (UICC). More flexible security features would allow those who own a factory or company to enhance their own identity and credential management systems for authentication and network access security.
    [003] Among the new security features in 5G systems is the introduction of the Security Anchor Function (SEAF). SEAF's purpose is to meet the need for flexibility and dynamics in the deployment of the 5G core network functions, by providing an anchor in a secure location for key storage. In fact, SEAF is expected to enhance virtualization to achieve the desired flexibility. As a consequence, the Mobility and Access Management Function (AMF), the 5G function responsible for managing mobility and access, can be deployed in a domain that is potentially less secure than the operator's core network, as the master key stays at SEAF in a safe place.
    [004] SEAF is designed to establish and share a key denoted KSEAF with the user's equipment (UE), which is used to derive other keys, such as keys for the protection of the control plan (for example, the KCN key ) and protection of the radio interface. These keys generally correspond to the non-access layer keys (NAS) and the access layer key (KENB) in Long Term Evolution systems. It is assumed that SEAF is located in a safe place and that the KSEAF key never leaves SEAF. SEAF communicates with MFAs and provides the necessary key material (derived from the KSEAF key) for protecting traffic from the control plane (CP) and the user plane (UP) with the user equipment (UE). An advantage of this approach is that it avoids re-authentication each time an UE moves from an area served by an MFA to an area served by another MFA. In fact, authentication is an expensive procedure, particularly when the UE is roaming.
    [005] Recently, a proposal was made to co-locate SEAF and AMF, which first defies SEAF's purpose. It is worth noting that the security project in LTE systems was conceptually based on the assumption that the mobility management entity (MME), that is, the node responsible for managing mobility in LTE systems, is always located in a secure location within the network. operator core. This assumption does not apply to MFA on 5G systems. In dense areas, an MFA could be deployed closer to the end of the network and thus potentially in exposed locations (for example, in a shopping center). Therefore, during an AMF change, it is possible that one of the AMFs is not located in an equally secure domain as the other, and therefore the source or target AMF would need to protect itself from each other.
    [006] The Evolved Package System (EPS) is based on the assumption that the MME is always located in a safe place. Therefore, during an MME change, the new MME simply sought the security context of the previous MME's UE. In addition, an MME can optionally trigger a new authentication for forwarded security.
    [007] With the mechanisms of the old system, the forwarded security (ie the old MME does not know the security context used by the new MME) could be obtained via reauthentication, but it has no mechanism for retroactive security (ie the new MME does not know the security context used by the former MME). The new AMF can trigger the new authentication thus eliminating any possibility of the old AMF determining the new keys. The need for reauthentication could, for example, be based on the operator's policy taking into account the location of the different MFAs.
    [008] Having only the authentication procedure is not very effective since, in terms of performance, it is one of the most costly procedures. Therefore, there remains a need to provide security when changing MFAs without the need for re-authentication. SUMMARY
    [009] The present invention relates to methods and devices for flexible management, security context during MFA changes. One aspect of the invention is a mechanism for obtaining retroactive security during AMF changes. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, and sends a key change indication (KCI) to the UE, either directly or through some other network nodes. The UE can then derive a new NAS key from the old NAS key. In some modalities, AMF may provide a key generation parameter for the UE to use when deriving a new NAS key. In other embodiments, the target AMF may change one or more security algorithms.
    [010] According to one aspect of the invention, the source MFA that contains a security context for a UE determines the need for an MFA change. Responsive to determining the need for changing MFA, the source MFA generates a new non-access layer key and sends the non-access layer key to an MFA. In some modalities the source AMF also sends a KCI to the UE, or to the target AMF.
    [01l] One aspect of the invention comprises methods implemented during a handover by a source base station on an access network of a wireless communication network. The source base station sends a first handover message to a source mobility management function on a core network of the wireless communication network to initiate a handover from a UE. Subsequently, the source base station receives, responsive to the first handover message, a second handover message from the source mobility management function. The second handover message includes a KCI that indicates that a non-access layer key has been changed. The source base station forwards the second KCI handover message to the UE.
    [012] Another aspect of the invention comprises a source base station configured to perform the methods above in the previous paragraph. In one embodiment, the base station comprises an interface circuit for communicating with the UE through an air interface; and a processing circuit adapted for handovering UE from the source base station to a target base station. The processing circuit is configured to send a first handover message to a source mobility management function on a core network of the wireless communication network to initiate a handover from a UE; receiving, responsive to the handover message, a second handover message from the source mobility management function, the second handover message including a key change indication that indicates that a non-access layer key has been changed; and forward, via the interface circuit, the handover command with the key change indication to the UE.
    [013] Another aspect of the invention comprises methods implemented during a handover by a source mobility management function in a core network of a wireless communication network. The source mobility management function receives a first handover message from the source base station indicating that the EU handover is required. The source mobility management function generates a new non-access layer key, and sends the new non-access layer key to a targeted mobility management function in the core network of the wireless network. The source mobility management function also sends a KCI to the UE in a second handover message. The KCI indicates a change to the non-access layer key.
    [014] Another aspect of the invention comprises a source mobility management function configured to perform the methods above in the previous paragraph. In one embodiment, the source mobility management function comprises an interface circuit to communicate with a base station and a target mobility management function over a communication network; and a processing circuit. The processing circuit is configured to receive, from a source base station on an access network of the wireless communication network, a first handover message indicating that a UE handover is required; generate a new non-access layer key; send, responsive to the handover message, the new key of non-access layer to a target mobility management function in the core network of the wireless communication network; and send, in a second handover message, a key change indication to the UE, a key change indication indicating a change of the non-access layer key.
    [015] Another aspect of the invention comprises methods implemented during a handover by a target mobility management function in a core network of a wireless communication network. The target mobility management function receives a new non-access layer key from the source mobility management function. The target mobility management function establishes a new security context by including a new access layer key derived from the new non-access layer key, and sends the new access layer key to a target base station.
    [016] Another aspect of the invention comprises a target mobility management function configured to perform the methods above in the previous paragraph. In one embodiment, the target mobility management function comprises an interface circuit for communicating with a target base station and source mobility management function over a communication network; and a processing circuit. The processing circuit is configured to receive, from the source mobility management function, a new non-access layer key; establish a new security context including a new access layer key derived from the new non-access layer key, and send the new access layer key to a target base station.
    [017] Another aspect of the invention comprises methods implemented during a handover by a UE on a wireless communication network during a handover. The UE receives a handover message including a KCI from a source base station in the domain of a source mobility management function wireless communication network. The KCI indicates to the UE that a non-access layer key has been changed. The UE performs a handover from the source base station to a target base station in a domain of a target mobility management function. The UE establishes, responsive to KCI, a new security context with the target mobility management function. The new security context includes a new non-access layer key. The UE can optionally communicate with the target mobility management function using the new non-access layer key.
    [018] Another aspect of the invention comprises a UE configured to carry out the methods in the previous paragraph. In one embodiment, the UE comprises an interface circuit for communicating with one or more base stations on a wireless network access network, and a processing circuit. The processing circuit is configured to receive a handover message from a source base station in a first mobility management domain of the wireless communication network, said handover message including a key change indication; perform a handover from the source base station to a target base station in a second wireless network mobility management domain; and establish, responsive to the indication of key change, a new security context with a target mobility management function, said new security context including a new non-access layer key.
    [019] Another aspect of the invention comprises methods implemented during a handover by a source mobility management function on a core network of a wireless communication network when an UE in idle mode changes the mobility management functions. The source mobility management function receives a request for a security context for the UE from a target mobility management function. The source mobility management function generates a new non-access layer key, and sends, responsive to the request, the new non-access layer key and a KCI to the target mobility management function. The KCI indicates a change to the non-access layer key.
    [020] Another aspect of the invention comprises a source mobility management function configured to perform the methods in the previous paragraph. In one embodiment, the source mobility management function comprises an interface circuit for communicating with a base station and target mobility management function over a communication network; and a processing circuit. The processing circuit is configured to receive a request for a security context for the UE from a target mobility management function; generate a new non-access layer key; and send, responsive to the request, the new non-access layer key and a KCI for the target mobility management function. The KCI indicates a change of non-access layer key.
    [021] Another aspect of the invention comprises methods implemented during a handover by a target mobility management function on a core network of a wireless communication network when a UE in idle mode changes mobility management functions. The target mobility management function receives a registration message or other control message from the UE indicating a change in the mobility management function. The target mobility management function requests a security context from a source mobility management function in the wireless communication network. Responsive to the request, the target mobility management function receives a new non-access layer key and a KCI that indicates that the non-access layer key has been changed. The target mobility management function sends the KCI to the UE and optionally establishes a new security context for the UE including the new non-access layer key.
    [022] Another aspect of the invention comprises a target mobility management function configured to perform the methods in the previous paragraph. In one embodiment, the target mobility management function comprises an interface circuit for communicating with a target base station and source mobility management function over a communication network; and a processing circuit. The processing circuit is configured to receive a registration message or other control message from the UE indicating a change in the mobility management function; request, responsive to the registration message, a security context of a source mobility management function in the wireless communication network; responsive to the request, receive a new non-access layer key and a KCI indicating that the non-access layer key has been changed; and send the KCI to the UE and optionally establish a new security context for the UE, including the new non-access layer key
    [023] Another aspect of the invention comprises methods implemented during a handover over an UE idle mode on a wireless communication network when the UE changes the MFA. The UE sends a registration message or other control message to a target mobility management function on the wireless communication network. The UE receives, responsive to the registration message or other control message, a KCI indicating that a non-access layer key has been changed. Responsive to KCI, the UE generates a new non-access layer key. After generating the new non-access layer key, the UE can optionally establish a new security context with the target mobility management function, where the new security context includes the new non-access layer key and then communicates with the target mobility management function using the new non-access layer key.
    [024] Another aspect of the invention comprises a UE configured to carry out the methods in the previous paragraph. In one embodiment, the UE comprises an interface circuit for communicating with one or more of a base station on an access network of a wireless communication network, and a processing circuit. The processing circuit is configured to send a registration message or other control message to a target mobility management function on the wireless communication network; receive, in response to the registration message or other control message, a KCI indicating that a non-access layer key has been changed; responsive to KCI, generate a new non-access layer key. After generating the new non-access layer key, the UE can optionally establish a new security context with the target mobility management function, where the new security context includes the new non-access layer key and then communicates with the target mobility management function using the new non-access layer key.
    [025] Other aspects and modalities of the invention are included in the enumerated modalities. BRIEF DESCRIPTION OF THE DRAWINGS
    [026] Figure 1 illustrates an exemplary wireless communication network.
    [027] Figure 2 illustrates a procedure for handling the security context during a handover.
    [028] Figure 3 illustrates a first procedure for handling the security context when an UE changes MFAs in an idle mode.
    [029] Figure 4 illustrates a first exemplary key generation procedure.
    [030] Figure 5 illustrates a second exemplary key generation procedure.
    [031] Figure 6 illustrates a second procedure for handling the security context during a handover.
    [032] Figure 7 illustrates a third procedure for handling the security context during a handover.
    [033] Figure 8 illustrates a second procedure for handling security context when an UE changes MFAs in an idle mode.
    [034] Figure 9 illustrates a method implemented by a source base station during a handover.
    [035] Figure 10 illustrates an exemplary base station configured to perform the method of Figure 9.
    [036] Figure 11 illustrates a method implemented by an AMF source during a handover.
    [037] Figure 12 illustrates an exemplary AMF source configured to perform the method of Figure 9.
    [038] Figure 13 illustrates a method implemented by a target MFA during a handover.
    [039] Figure 14 illustrates an exemplary target AMF configured to perform the method in Figure 13.
    [040] Figure 15 illustrates a method implemented by a UE during a handover
    [041] Figure 16 illustrates an exemplary UE configured to perform the method of Figure 15.
    [042] Figure 17 illustrates a method implemented by an AMF source when a UE changes the AMF in an idle mode.
    [043] Figure 18 illustrates an exemplary MFA source configured to perform the method of Figure 9.
    [044] Figure 19 illustrates a method implemented by a target MFA when an EU changes MFA in idle mode.
    [045] Figure 20 illustrates an exemplary target AMF configured to perform the method of Figure 19.
    [046] Figure 21 illustrates a location update method implemented by a UE when a UE moves between MFAs in idle mode.
    [047] Figure 22 illustrates an exemplary UE configured to perform the method of Figure 21.
    [048] Figure 23 illustrates an exemplary base station configured to implement the security context handling procedures as described here.
    [049] Figure 24 illustrates an exemplary core network node configured to implement the security context handling procedures, as described here.
    [050] Figure 25 illustrates an exemplary UE configured to implement the security context handling procedures as described here. DETAILED DESCRIPTION
    [051] With reference now to the drawings, an exemplary embodiment of the invention will be described in the context of a 5G wireless communication network. Those skilled in the art will note that the methods and devices described here are not limited to use in 5G networks, but can also be used in wireless communication networks that operate according to other standards.
    [052] Figure 1 illustrates a wireless communication network 10 according to an exemplary modality. The wireless communication network 10 comprises a Radio Access network (RAN) 20 and a core network 30. RAN 20 comprises one or more base stations 25 that provide Radio Access for the UE 70 operating within the communication network wireless 10. Base stations 25 are also referred to as gNóB (gNB). Core network 30 provides a connection between RAN 20 and other packet data networks 80.
    [053] In an exemplary embodiment, the core network 30 comprises an authentication server function (AUSF) 35, mobility and access management function (AMF) 40, session management function (SMF) 45, control function policy (PCF) 50, unified data management function (UDM) 55, and user plan function (UPF) 60. These components of the wireless communication network 10 comprise logical entities that reside on one or more core network nodes . The functions of logical entities can be implemented by one or more processors, hardware, firmware, or a combination of them. The roles can reside on a single core network node, or they can be distributed among two or more core network nodes.
    [054] AMF 40, among other things, performs mobility management functions similar to MME in LTE. AMF and MME are referred to here generically as mobility management functions. In the exemplary modality shown in Figure 1, AMF 40 is the end point for the security of the non-access layer (NAS). The AMF 40 shares a key, referred to as the core network key (KCN), with the UE 70 which is used to derive the lower level NAS protocol keys for integrity and confidentiality protection. The KCN key is generally equivalent to the base key called KASME in the Evolved Package System (EPS). The KCN key is generally equivalent to the KAMF key used in the 5G specifications. It occurs whenever, after authentication, a new KCN is put to use. Since the KCN key is established after authentication, it is not a material aspect of the present invention. The methods and devices described here do not depend on the particular method used for computing KCN after authentication. That is, the security context handling methods work regardless of whether the KCN is derived from a higher level key or is established directly by the authentication procedure similar to the establishment of KASMEin EPS.
    [055] Once a UE 70 is authenticated, the UE 70 can move between cells within the network. When an UE 70 moves between cells while in a connected mode, the handover is performed. When a UE 70 in idle mode moves between cells, a location update procedure can be performed. AMF 40 follows the location of UE 70 in its domain. Typically, the core network 30 will have multiple AMF 40, each providing mobility management services in a respective domain. When an UE 70 moves between cells supervised by different AMF 40, the security context needs to be transferred from the source AMF 40 to the target AMF 40.
    [056] In LTE systems, the security context is transferred unchanged from a source management mobility entity (MME) to the target MME during a handover or inter-MME location update. Following the change of AMF, a NAS Safe Mode Command (SMC) procedure can be performed, which puts new NAS keys and access layer (AS) in use. The generation of NAS and AS keys may be necessary, for example, when an algorithm change is required at the NAS level. Generally, the change in algorithm used in the NAS protocol layer has no effect on AS keys. However, changing the primary NAS context key makes current AS keys out of date.
    [057] One aspect of the invention is a mechanism for obtaining retroactive security during AMF change. Instead of passing the current NAS key to the target AMF 40, the source AMF 40 generates a new NAS key, provides the new NAS key to the target AMF 40, and sends a KCI to the UE 70. The UE 70 can then derive the new NAS key from the old NAS key. In some embodiments, the source AMF 40 can provide a key generation parameter for the UE 70 to use to derive the new NAS key. In other modalities, the target AMF 40 can change one or more security algorithms.
    [058] Figure 2 illustrates an exemplary procedure for transferring a security context during a handover where the MFA changes. In step 1, the source base station 25 (for example, source gNB) decides to initiate an N2-based handover because, for example, it has no Xn connectivity to the target base station 25 (for example, target gNB). The Xn interface is the 5G equivalent of the X2 interface in EPS. In step 2, the source base station 25 sends a requested handover message (or 5G equivalent of the requested handover message) to the source AMF 40. This is the AMF 40 currently serving the UE 70, with which it shares a total NAS security context based on a non-access layer key referred to here as the KCN key. The KCN key was established possibly following an earlier authentication or AMF 40 change procedure. In step 3, the source AMF 40 selects target AMF 40 and decides to derive a new KCN key to protect itself and protect all previous AMF 40 sessions target. The decision to derive a new key can be based on an operator specific security policy.
    [059] As an example the new KCN key could be put to use when an AMF set changes. It is generally assumed that a horizontal key tap is not necessary when an AMF set does not change. The current reasoning behind these two assumptions is that the 5G security context is stored in the unstructured data storage network (UDSF) function within a set of MFA. So, when a UE is assigned to different MFAs within the same MFA set, then horizontal KCN derivation is not necessary. But when a UE is assigned to different MFAs in different sets of MFAs, then a UDSF is different and horizontal KCN derivation is required. These assumptions, however, may not be true for all network deployments. First, UDSF is an optional network feature. In addition, there is no reason to restrict the network architecture to deployments where there is shared storage only within an AMF pool. Some network deployments could have secure storage across multiple sets of AMF. In this case, it is not necessary to order the horizontal derivation of KCN when the AMF set changes. Similarly, some network deployments could use multiple secure stores within a single set of MFA. In this case, the horizontal key tap may be desirable even when the UE 70 does not change the AMF set. Therefore, the decision to perform horizontal KCN derivation when there is a change between MFA should be made in accordance with the network policy, rather than the order / restriction based on the MFA set. For example, the network operator may have a policy that the new KCN is required when the UE 70 changes from a source AMF 40 to a target AMF 40 that does not share the same secure storage.
    [060] Returning to Figure 2, the source AMF 40, in step 4, sends a forwarded relocation request message (or equivalent to 5G), including the new KCN key along with some relevant security parameters, such as UE capabilities . The target AMF 40 uses this KCN key to set a new security context and derive a new AS key. In step 5, the target AMF 40 sends a handover request (or 5G equivalent) to the target base station 25. The handover request includes the new AS key and all relevant security parameters, such as UE capabilities. This establishes the security context UE 70 at the target base station 25. In step 6, the target base station 25 recognizes the handover request. In response to the acknowledgment, the target AMF 40 sends, in step 7, the forwarded relocation response message (or equivalent to 5G) including a transparent container for the AMF 40 source. This container is sent all the way to UE 70 in steps 8 and 9.
    [061] In steps 8 and 9, the source AMF 40 sends a handover message command to the UE 70 via the base station 25 source, which forwards the handover command to the UE 70. The handover command includes the relevant information from the message forwarded relocation response and a KCI indicating that the new KCN has been derived. The KCI may comprise an explicit key change indicator flag set to a value indicating that the KCN key has been changed. Responsive to KCI, UE 70 establishes a new security context and derives a new KCN. UE 70 uses the new KCN key to derive a new AS key to communicate with the target base station 25.
    [062] Figure 3 illustrates an exemplary procedure for transferring a security context when an UE 70 in idle mode changes AMF 40. In EPS, the location update during idle mode is denoted by UE 70 in an Update Request for Tracking Area (TAU). In 5G, the UE 70 is expected to use a "mobility record" registration request, as specified in TS 23.502, § 4.1.1.2.
    [063] In step 1, UE 70 sends a registration request (Type of Registration = mobility registration, other parameters) to the new AMF 40 (ie the target AMF). Those skilled in the art will note that other messages can be sent to initiate a location update. The registration request message includes all the information needed to allow the new AMF 40 to identify the old AMF 40 (ie the source AMF), which currently contains the EU 70 security context. In step 2, the new AMF 40 sends , responsive to the registration request message, a context request message for the old AMF 40 to request the security context for the UE 70. In step 3, the old AMF 40 decides to derive a new KCN Key to protect and protect itself all previous sessions of the target AMF 40. The decision can be based on an operator-specific security policy.
    [064] In step 4, the old AMF 40 sends a context request response message to the new AMF 40. The context request response message contains the necessary UE 70 security context information including the new KCN key . The context request response message also includes a KCI that indicates that the NAS key, KCN, has been changed. The old KCN key is not sent to the new AMF 40. The new AMF 40 uses the new KCN key to establish a new security context and activates the new security context when performing a NAS SMC procedure or similar procedure with the UE 70 as specified in TS 33.401, § 7.2.4.4. In step 5, the UE 70 is informed of a key change via a KCI in the first downlink message of the NAS SMC procedure, or another message sent during the NAS SMC procedure.
    [065] The NAS security context based on the KCN Key is shared between the UE 70 and the AMF 40 that currently serves it. The security context includes security parameters similar to those of LTE systems, such as NAS counters, key set identifier, etc. In an exemplary embodiment, a horizontal key derivation mechanism is used to generate a new KCN key during the change of the AMF 40. The derivation of the new KCN could only be based on the previous KCN. From a security perspective, there is no benefit from an additional entry in the key derivation step.
    [066] Figure 4 illustrates a first key derivation procedure. In this modality, it is assumed that the key derivation function (KDF) derives the new KCN Key based only on the old KCN key. This key chain from AMF 40 to AMF 40 can continue until a new authentication is performed. It can be left to the operator's policy how to configure the AMF 40 in relation to which safety mechanism is selected during an AMF 40 change. For example, depending on the operator's security requirements, the operator can decide whether to perform reauthentication on the target AMF 40, or if a key change is required on the source AMF 40.
    [067] Figure 5 illustrates another key derivation procedure. This modality can be useful in scenarios where an AMF 40 needs to prepare keys in advance for more than one potential AMF 40 target. In this case, an additional key derivation parameter (KDP) is required for cryptographic separation, so that different keys KCN are prepared for different AMF 40 potential targets. Depending on the type of parameter, the UE 70 would need to be provided with the chosen KDP, in addition to the KCI. In some embodiments, the KDP may also serve as an implicit KCI so that a separate KCI is not required. For example, where the KDP comprises a non-protected by the AMF 40 source, a non-need to be provided for the UE 70. Other potential KDPs include a timestamp, a version number and a freshness parameter. During a connected mode handover, the KDP could be sent from the source AMF 40 to the UE 70 via the source base station 25 in a handover command. Alternatively, the KDP can be sent to the UE 70 via the target AMF 40 in a container. transparent NAS. During a registration or location update procedure, the KDP could be sent from the target AMF 40 to an SMC NAS. However, in scenarios where a KDP is otherwise available for UE 70, said as a parameter of the public identifier type AMF, it may not be necessary to provide the UE 70 with the KDP parameter. More generally, any static information, said as a static network configuration parameter or static UE configuration parameter, known for the UE 70 and AMF 40 source can be used as a KDP.
    [068] Figure 6 illustrates a handover procedure where a KDP is used to derive the new KCN key. This procedure is generally the same as the procedure shown in Figure 2. For the sake of brevity, the steps that are not changed are not described. In step 3, the source AMF 40 selects the target AMF 40 and decides to derive a new KCN key to protect itself and protect all preceding sections from the target AMF 40. In this modality, the source AMF 40 generates a KDP (for example, version number) and uses KDP to derive the new KCN key. In step 4, the source AMF 40 sends a forwarded relocation request message (or equivalent to 5G), including the new KCN key along with any relevant security parameters, such as EU capabilities. The target AMF 40 uses this KCN key to set a new security context and derive a new AS key. The source AMF 40 does not provide the KDP for the new AMF 40. Instead, in step 8, the source AMF 40 sends a handover command to the source base station 25, where the handover command includes a KDP in addition to, or in, the place of KCI. As noted above, KDP can serve as an implicit KCI. Responsive to KCI and / or KDP, UE 70 establishes a new security context and derives a new KCN using KDP. The UE 70 can use the new KCN key to derive a new key to communicate with the target base station 25.
    [069] In LTE systems, a change in the NAS algorithm on the target AMF 40 can only be made through a NAS SMC procedure. Since the capabilities of the UE 70 are sent with other context information from the UE 70 to the target AMF 40, it is possible for the target AMF 40 to indicate which new NAS algorithms have been selected. Figure 7 illustrates a handoverexemplar procedure where the target AMF 40 selects one or more new NAS security algorithms (for example, cryptographic algorithms). Steps 1 through 4 are the same as described in Figure 2. In step 5, the target AMF 40 selects one or more new NAS security algorithms. Steps 6 and 7 are the same as steps 5 and 6 in Figure 2. In step 8, the target AMF 40 includes an indication of the new security algorithms in the transparent container for the source information element of the forwarded relocation response message sent to the AMF 40 source. This container is routed all the way to UE 70 in steps 9 and 10. The safety algorithm indication can be included with the KCI in the handover command, or in a separate message. As a consequence, the UE 70 has all the parameters necessary to activate the NAS security context with the target AMF 40 without the need for a NAS SMC procedure. This mechanism works independently of how the KCN key is derived.
    [070] Figure 8 illustrates an exemplary procedure for transferring a security context when an EU 70 in idle mode changes AMF 40. This procedure is similar to the procedure shown in Figure 3. In EPS, the location update during idle mode is denoted by UE 70 in a Request for Update of Area Tracking (TAU). In 5G, the UE 70 is expected to use a "mobility record" registration request as specified in TS 23.502, § 4.1.1.2.
    [071] In step 1, UE 70 sends a registration request (Type of registration = mobility registration, other parameters) to the new AMF 40 (ie target AMF). Those skilled in the art will note that other messages can be sent to initiate a location update. The registration request message includes all the information needed to allow the new AMF 40 to identify the old AMF 40 (ie the source AMF), which currently contains the EU 70 security context. In step 2, the new AMF 40 sends , responsive to the registration request message, a context request message for the old AMF 40 to request the security context for the UE 70. In step 3, the old AMF 40 decides to derive a new KCN key to protect and protect itself all previous sessions of the target AMF 40. The decision can be based on the operator-specific security policy.
    [072] In a modality denoted Alternative 1, the old AMF 40 sends, in step 4A, a context request response message to the new AMF 40. The context request response message contains the necessary security context information UE 70 including the new KCN key. The context request response message also includes a KCI that indicates that the NAS key, KCN, has been changed and the KDP used to derive the new KCN key. The old KCN key is not sent to the new AMF 40. The new AMF 40 uses the new KCN key to establish a new security context and activates the new security context when performing a NASSMC procedure, or similar procedure, with the UE 70 as specified in TS 33.401, § 7.2.4.4. In step 5A, the KCI and KDP (for example a freshness parameter or nonce parameter) is sent to the UE 70 in the first downlink message of the NAS SMC procedure, or another downlink message in the SMC procedure of NAS. The KCI tells the UE 70 that the KCN key has been changed. KDP is a security parameter that is used by the UE 70 to derive the new KCN key. In this modality, KCI and KDP are separate parameters.
    [073] In another modality denoted Alternative 2, the old AMF 40 sends, in step 4B, a context request response message to the new AMF 40. The context request response message contains the necessary context information. EU 70 security including the new KCN key. The context request response message still includes a KDP that implicitly indicates that the NAS key, KCN, has been changed. The old KCN key is not sent to the new AMF 40. The new AMF 40 uses the new KCN key TO establish a new security context and activate the new security context when performing a NAS SMC procedure or similar procedure with the UE 70 as specified in TS 33.401, § 7.2.4.4. In step 5B, the new AMF 40 sends a KDP (for example a freshness parameter or nonce parameter) to the UE 70 in the first downlink message of the NAS SMC procedure, or some other downlink message in the SMC procedure of NAS. The KDP acts as a key change indication to indicate to the UE 70 that the NAS key has been changed. UE 70 uses KDP and its old KCN key to derive the new KCN key.
    [074] Figure 9 illustrates an exemplary method 100 implemented during a handover by a source base station 25 on an access network of a wireless communication network 10. The source base station 25 sends a first handover message to a source AMF 40 in a core network 30 of the wireless communication network 10 to initiate a handover of an UE 70 (block 105). Subsequently, the source base station 25 receives, responsive to the first handover message, a second source AMF 40 handover message (block 110). The second handover message includes a KCI that indicates that the non-access layer key (for example KCN) has been changed. The source base station 25 forwards the second handover message with the KCI to the UE 70 (block 115).
    [075] In some modalities of method 100, KCI comprises a flag indicator for changing the stipulated key to a value that indicates that the non-access layer key has been changed. In other modalities, KCI comprises a security parameter that implicitly indicates that the non-access layer key has been changed. The security parameter comprises one of nonce, timestamp, freshness parameter and version number.
    [076] Some modalities of method 100 still include receiving, from the AMF 40 source, a KDP required by the UE 70 to generate a new non-access layer key, and sending the KDP to the UE 70. In some examples, the KDP is received with KCI in the second handover message. KDP comprises, for example, one of a nonce, timestamp, freshness parameter and version number. In some embodiments, the key derivation serves as an implicit KCI.
    [077] Some modalities of method 100 also include receiving, from the AMF 40 source, a security algorithm parameter that indicates at least one security algorithm to be used by the UE 70, and sending the security algorithm parameter to the UE 70 In one example, the security algorithm parameter is received with the KCI in the second handover message.
    [078] In a method of method 100, the first handover message comprises a requested handover message that indicates the need for the EU 70 handover.
    [079] In a method of method 100, the second handover message comprises a handover command including a KCI.
    [080] In a method of method 100, the non-access layer key comprises a core network key (KCN).
    [081] Figure 10 is an exemplary base station 120 configured to perform method 100 shown in Figure 9. Base station 120 comprises a sending unit 125, a receiving unit 130 and a forwarding unit 135. The sending unit 125 is configured to send a first handover message to an AMF 40 source on a core network 30 of the wireless communication network 10 to initiate a handover from a UE 70. Receiving unit 130 is configured to receive, responsive to the first handover message , a second source handover message AMF 40. The forwarding unit 135 is configured to forward the second handover message with the KCI to the UE 70. The KCI indicates a change of non-access layer key (for example KCN). Sending unit 125, receiving unit 130 and forwarding unit 135 may comprise hardware circuits, microprocessors, and / or software configured to perform the method shown in Figure 9. In some embodiments, sending unit 125, the sending unit reception 130 and routing unit 135 are implemented by a single microprocessor. In other embodiments, the sending unit 125, the receiving unit 130 and the forwarding unit 135 can be implemented by two or more microprocessors.
    [082] Figure 11 illustrates an exemplary method 150 implemented during a handover by a source AMF 40 on a core network 30 of a wireless communication network 10. The source AMF 40 receives, from the source base station 25, the first handover message. indicates that an EU 70 handover is required (block 155). The source AMF generates a new non-access layer key (eg KCN) (block 160), and sends the new non-access layer key to a target AMF 40 on core network 30 of wireless communication network 10 (block 165 ). The source AMF 40 also sends a KCI to the UE 70 in a second handover message (block 170). The KCI indicates a change of non-access layer key.
    [083] In some modalities of method 150, generating the new non-access layer key involves generating the new non-access layer key from a previous non-access layer key. In other modalities, generating the new non-access layer key involves generating the new non-access layer key from a previous non-access layer and KDP key. In some modalities, the source AMF sends the KDP to the UE 70 together with the KCI in the second handover message.
    [084] Some modalities of method 150 still include selecting the target AMF 40, and generating the new non-access layer key depending on the selection of the target AMF 40.
    [085] Some modalities of method 150 still include generating two or more non-access stratum keys, each for different AMF 40 targets. In one example, the two or more non-access layer keys are generated using different KDP.
    [086] Some modalities of method 150 still include sending one or more safety parameters to the target AMF 40. In one example, the one or more security parameters are transmitted to the target AMF 40 in the second handover message. In one example, the one or more security parameters include UE capacity information.
    [087] Some modalities of method 150 still include receiving, from the target AMF 40, a security algorithm parameter that indicates at least one security algorithm, and sending the security algorithm parameter to the UE 70. In another example, the security algorithm parameter is received from the target AMF 40 in a forwarded relocation response message.
    [088] In a method of method 150, the first handover message comprises a requested handover message that indicates the need for an EU 70 handover.
    [089] In a method of method 150, the second handover message comprises a handover command including the KCI.
    [090] In a method of method 150, the new non-access layer key is sent to the target AMF (40) in a forwarded relocation request message.
    [091] In a method of method 150, the non-access layer key comprises a core network key (KCN).
    [092] Figure 12 is an exemplary source AMF 175 configured to perform the method 150 shown in Figure 11. The source AMF 175 comprises a receiving unit 180, a key generating unit 185, a first sending unit 190 and a second sending unit 195. Receiving unit 180 is configured to receive, from a source base station 25, a first handover message indicating that the EU 70 handover is required. The key generation unit 185 is configured to generate a new non-access layer key (for example KCN), as described herein. The first sending unit 190 is configured to send the new non-access layer key to an AMF 40 target on the core network 30 of the wireless communication network 10. The second sending unit 195 is configured to send a KCI to the UE 70 in a second handover message. The KCI indicates a change of the non-access layer key. The receiving unit 180, the key generating unit 185, the first sending unit 190 and the second sending unit 195 can comprise hardware circuits, microprocessors, and / or software configured to perform the method shown in Figure 11. In some embodiments, the receiving unit 180, the key generating unit 185, the first sending unit 190 and the second sending unit 195 are implemented by a single microprocessor. In other embodiments, the receiving unit 180, key generating unit 185, first sending unit 190 and second sending unit 195 can be implemented by two or more microprocessors.
    [093] Figure 13 illustrates an exemplary method 200 implemented during a handover by a target AMF 40 on a core 30 network of a wireless communication network 10. The target AMF 40 receives, from the source AMF 40, a new layer key. non-access (eg KCN) (block 205). The target AMF establishes a new security context including a new access layer key derived from the new non-access layer key (block 210), and sends the new access layer key to a target base station 25 (block 215) .
    [094] Some modalities of method 200 still include receiving one or more security parameters from the source mobility management function. In one example, the one or more security parameters include UE capacity information. In one mode, the security parameters are received with the new non-access layer key.
    [095] In some modalities of method 200, establishing the new security context involves selecting one or more security algorithms. In one example, at least one of the security algorithms is selected based on the UE capacity information.
    [096] Some modalities of method 200 still include sending to the source mobility management function, a security algorithm parameter that indicates at least one security algorithm for the new security context.
    [097] In some modalities of method 200, the new non-access layer key is received from the source mobility management function in a forwarded relocation request message.
    [098] In some methods of method 200, the new access layer key is sent to the target base station in a handover request.
    [099] In some modalities of method 200, the security algorithm parameter is sent to the source mobility management function in a forwarded relocation response message.
    [100] In some embodiments of method 200, the non-access layer key comprises a core network key (KCN).
    [101] Figure 14 is an exemplary target AMF 220 configured to perform method 200 shown in Figure 13. The target AMAM 220 comprises a receiving unit 225, a security unit 230 and a sending unit 235. The receiving unit 225 it is configured to receive, from an AMF 40 source, a new non-access layer key (eg KCN). Security unit 230 is configured to establish a new security context including a new access layer key originating from the new non-access layer key. Sending unit 235 is configured to send the new access layer key to a target base station 25. The receiving unit 225, the security unit 230 and the sending unit 235 may comprise hardware circuits, microprocessors, and / or software configured to perform the method shown in Figure 13. In some embodiments, the receiving unit 225, the security unit 230 and sending unit 235 are implemented by a single microprocessor. In other embodiments, the receiving unit 225, the security unit 230 and the sending unit 235 can be implemented by two or more microprocessors.
    [102] Figure 15 illustrates an exemplary method 250 implemented by an UE 70 on a wireless communication network 10 during a handover. The UE 70 receives a handover message including a KCI from a source base station 25 in the domain of an AMF 40 source of wireless communication network 10 (block 255). The KCI indicates to the UE 70 that the non-access layer key (e.g. KCN) has been changed. The UE 70 performs a handover from the source base station 25 to a target base station 25 in a domain of a target AMF 40 (block 260). UE 70 establishes, responsive to KCI, a new security context with the target AMF 40 (block 265). The new security context includes a new non-access layer key. The UE 70 can optionally communicate with the target AMF 40 using the new non-access layer key (block 270).
    [103] In some modalities of the 250 method, the KCI comprises a flag indicator for changing the stipulated key to a value that indicates that the non-access layer key has been changed. In other modalities, KCI comprises a security parameter that implicitly indicates that the non-access layer key has been changed. The security parameter comprises a KDP used to generate the new non-access layer key.
    [104] Some modalities of method 250 still include generating the new non-access layer key using KDP. In one example, KDP comprises one of a nonce, timestamp, freshness parameter, version number and static information known for the UE 70 and the source AMF. In some modalities, KDP is received with KCI in the second handover message. In some modalities, KDP serves as an implicit KCI.
    [105] Some modalities of method 250 further comprise generating a new access layer key from the new non-access layer key, and communicating with the target base station 25 using the new access layer key.
    [106] Some modalities of method 250 further comprise receiving a security algorithm parameter from the source base station 25 identifying one or more security algorithms used in the new security context. In one example, the security algorithm parameter is received in the handover message together with the KCI.
    [107] In some modalities of method 250, the handover message comprises a handover command.
    [108] In some embodiments of method 250, the non-access layer key comprises a core network key (KCN).
    [109] Figure 16 is an exemplary UE 275 configured to perform the method 250 shown in Figure 15. The UE 275 comprises a receiving unit 280, the handover unit 285 and the security unit 290. The receiving unit 280 is configured to receive a handover message including a KCI from a source base station 25 in the domain of an AMF 40 source from the wireless communication network 10. The KCI indicates to the UE 70 that the non-access layer key (for example KCN) has been changed. The handover unit 285 is configured to handover the source base station 25 to a target base station 25 in a domain of a target AMF 40. Security unit 290 is configured to establish, responsive to KCI, a new security context with the target AMF 40. The UE 275 can also optionally include and a communication unit 295 configured to communicate with the target AMF 40 using the new non-access layer key. The receiving unit 280, the handover unit 285, the security unit 290 and the communication unit 290 can comprise hardware circuits, microprocessors, and / or software configured to perform a method shown in Figure 15. In some embodiments, the unit receiver 280, handover unit 285, security unit 290 and communication unit 290 are implemented by a single microprocessor. In other embodiments, the receiving unit 280, the handover unit 285, the security unit 290 and the communication unit 290 can be implemented by two or more microprocessors.
    [110] Figure 17 illustrates an exemplary method 300 implemented by an AMF 40 source on a core network 30 of communication network 10 when UE 70 in idle changes AMF 40. The AMF 40 source receives a request for the context of security for the UE 70 from a target AMF 40 (block 305). The source AMF 40 generates a new non-access layer key (e.g. KCN) (block 310), and sends, responsive to the request, the new non-access layer key and KCI to the target AMF 40 (block 315). The KCI indicates a change of non-access layer key.
    [111] In some modalities of method 300, generating a new non-access layer key comprises generating a new non-access layer key from the old non-access layer key. In other modalities, generate a KDP and generate the new non-access layer key from an old non-access layer key and the KDP.
    [112] In some modalities of method 300, the key change indication comprises a change key change flag stipulated to a value that indicates that the non-access layer key has been changed. In other modalities, KCI comprises a security parameter that implicitly indicates that the non-access layer key has been changed. The security parameter can comprise, for example, a KDP used to generate the new non-access layer key.
    [113] Some modalities of method 300 still include sending, responsive to the request, a KDP used to generate the new non-access layer key. KDP comprises one of nonce, timestamp, freshness parameter and version number.
    [114] Some modalities of method 300 still include selecting the target AMF 40 and generating a new non-access layer key depending on the selection of the target AMF 40.
    [115] In some modalities of method 300, generating a new non-access layer key involves generating two or more non-access layer keys, each for a different target AMF 40. In one example, the two or more non-access stratum keys are generated using different KDP.
    [116] Some modalities of method 300 still include sending one or more security parameters with the new non-access layer key to the AMF 40 target. In one example, the one or more security parameters include Ability Information HUH.
    [117] In some modalities of method 300, the request for a security context is received from the target AMF 40 in a context request message.
    [118] In some modalities of method 300, the new non-access layer key is sent to the target AMF 40 in a context request response message.
    [119] In some embodiments of method 300, the non-access layer key comprises a core network key (KCN).
    [120] Figure 18 is an exemplary AMF 320 configured to perform the method 300 shown in Figure 17. The source AMF 320 comprises a receiving unit 325, a key generation unit 330 and a sending unit 335. The Reception 325 is configured to receive a request for a security context for the UE 70 from a target AMF 40. The key generation unit 330 is configured to generate a new non-access layer key (for example KCN). The sending unit 235 is configured to send, responsive to the request, the new key of non-access layer and a KCI for the target AMF 40. The receiving unit 325, a key generating unit 330 and a sending unit 335 can comprise hardware circuits, microprocessors, and / or software configured to perform the method shown in Figure 17. In some embodiments, the receiving unit 325 , the key generation unit 330 and the sending unit 335 are implemented by a single microprocessor. In other embodiments, the receiving unit 325, the key generation unit 330 and the sending unit 335 can be implemented by two or more microprocessors.
    [121] Figure 19 illustrates an exemplary method 350 implemented by a target AMF 40 on a core network 30 of a wireless communication network 10 when an UE 70 in idle changes to AMF 40. The target AMF 40 receives, from the UE 70, a registration message or other control message indicating an AMF change (block 355). The target AMF 40 requests a security context from an AMF 40 source on the wireless communication network (block 360). Responsive to the request, the target AMF 40 receives a new non-access layer key (e.g. KCN) and a KCI indicates that the non-access layer key has been changed (block 365). The target AMF 40 sends the KCI to the UE 70 (block 370) and optionally establishes a new security context for the UE 70, including the new non-access layer key (block 375).
    [122] Some modalities of method 350 still include establishing a new security context including the new non-access layer key.
    [123] Some modalities of method 350 still comprise receiving one or more safety parameters from the source AMF 40. For example, the one or more security parameters include UE capacity information. In another example, security parameters are received together with KCI.
    [124] In some modalities of method 350, the key change indication comprises a key change flag set to a value that indicates that the non-access layer key has been changed. In other modalities, the key change indication comprises a security parameter that implicitly indicates that the non-access layer key has been changed. The security parameter can comprise, for example, a KDP used to generate the new non-access layer key.
    [125] Some modalities of method 350 still include receiving, responsive to the request, a KDP used to generate the new non-access layer key. In one example, KDP comprises one of a nonce, a timestamp, a freshness parameter and version number. In some embodiments, the AMF 40 sends the KDP to the UE 70 together with the KCI in a NAS SMC message.
    [126] In some modalities of method 350, establishing a new security context comprises, in part, selecting one or more security algorithms. In one example, at least one of the security algorithms is selected based on UE capacity information.
    [127] Some modalities of method 350 still include sending a security algorithm parameter to UE 70 that indicates at least one security algorithm for the new security context.
    [128] In some embodiments of Method 350, KCI is received from a source AMF 70 in a context request response message.
    [129] In some modalities of the 350 method, the KCI is sent to eu 70 in a security establishment message.
    [130] In some embodiments of method 350, the non-access layer key comprises a core network key (KCN).
    [131] Figure 20 is an exemplary target AMF 380 configured to perform method 350 shown in Figure 19. Base station 380 comprises a first receiving unit 382, requesting unit 384, a second receiving unit 386, and a receiving unit sending 388. The first receiving unit 382 is configured to receive, from the UE 70, a registration message or other control message indicating an AMF change. The request unit 384 is configured to request, responsive to the log message, a security context from an AMF 40 source on the wireless communication network. The second receiving unit 386 is configured to receive, from the AMF 40 source responsive to the security context request, a new non-access layer key and a KCI indicating that the non-access layer key (eg KCN) was changed. Sending unit 388 is configured to send a KCI to UE 70. Base station 380 can also optionally include a security unit 390 configured to establish a new security context for UE 70, including the new non-security layer key. access. The first receiving unit 382, the requesting unit 384, the second receiving unit 386, the sending unit 388 and the security unit 390 may comprise hardware circuits, microprocessors, and / or software configured to perform the method shown in Figure 19. In some embodiments, the first receiving unit 382, the requesting unit 384, the second receiving unit 386, the sending unit 388 and the security unit 390 are implemented by a single microprocessor. In other embodiments, the first receiving unit 382, the requesting unit 384, the second receiving unit 386, the sending unit 388 and the security unit 390 can be implemented by two or more microprocessors.
    [132] Figure 21 illustrates an exemplary method 400 implemented by an UE 70 idle mode on a wireless communication network 10 when the UE 70 changes the AMF 40. The UE 70 sends a registration message or other control message to a AMF 40 target on the wireless communication network (block 405). The UE 70 receives, responsive to the registration message or other control message, a KCI indicating that the non-access layer key (for example KCN) has been changed (block 410). Responsive to KCI, UE 70 generates a new non-access layer key (block 415). After generating the new non-access layer key, the UE 70 can optionally establish a new security context with the target AMF 40 (block 420), where the new security context includes a new non-access layer key and then communicates with the target AMF 40 using a new non-access layer key (block 425).
    [133] Some modalities of method 350 still comprise establishing, a new security context with the target AMF 40, the new security context including the new non-access layer key, and communicating with the target AMF 40 using the new key non-access layer.
    [134] In some modalities of method 400, KCI comprises the flag indicating the change of the stipulated key to a value that indicates that the non-access key has been changed. In other modalities, KCI comprises a security parameter that implicitly indicates that the non-access layer key has been changed. In one example, the security parameter comprises an inside a nonce, timestamp, freshness parameter and version number.
    [135] Some modalities of method 400 still include receiving a KDP from the target AMF 40, and generating the new non-access layer key using the KDP. In one example, KDP comprises one of a nonce, timestamp, freshness parameter and version number. In another example, KDP is received with KCI. In some embodiments, KDP serves with an implicit KCI.
    [136] In some modalities of method 400, generating the new non-access layer key comprises generating the new non-access layer key from the previous non-access layer key. In another modality of method 400, generating the new non-access layer key comprises generating the new non-access layer key from the previous non-access layer key and a KDP. The various modalities, the KDP comprises at least one among a nonce, timestamp, freshness parameter and version number. In other modalities, the KDP comprises static information that is known to the UE 70 and the AMF 40 source.
    [137] Some modalities of method 400 still comprise receiving a security algorithm parameter from the target AMF 40 that identifies one, or more, security algorithms used in the new security context. In one example, the security algorithm parameter is received with the KCI.
    [138] In some modalities of method 400, the new non-access layer key is received in a security establishment message.
    [139] In some modalities of method 400, the non-access layer key comprises a core network key (KCN).
    [140] Figure 22 is an exemplary UE 430 configured to perform method 400 shown in Figure 21. UE 430 comprises a sending unit 435, a receiving unit 440 and a key generating unit 445. The sending unit 435 is configured to send a registration message or other control message to a target AMF 40 on the wireless communication network. The receiving unit 440 is configured to receive, responsive to the registration message or other control message, a KCI that indicates that the non-access layer key has been changed. The key generation unit 445 is configured to generate, responsive to KCI, a new key of non-access layer. The UE 430 can also optionally include security unit 450 configured to establish a new security context with the target AMF 40, and communication unit 350 configured to communicate with the target AMF 40 using the new non-access layer key. Sending unit 435, receiving unit 440, key generation unit 445, security unit 450 and communication unit 455 can comprise hardware circuits, microprocessors, and / or software configured to perform the method shown in Figure 9. In some modalities, the sending unit 435, receiving unit 440, key generation unit 445, security unit 450 and communication unit 455 are implemented by a single microprocessor. In other embodiments, the sending unit 435, receiving unit 440, key generation unit 445, security unit 450 and communication unit 455 can be implemented by two or more microprocessors.
    [141] Figure 23 illustrates the main functional components of the base station 500 configured to implement the security context handling methods as described here. The base station 500 comprises a processing circuit 510, a memory 530, and an interface circuit 540.
    [142] The 540 interface circuit includes a 545 radio frequency (RF) interface circuit coupled to one or more 550 antennas. The RF interface circuit 550 comprises the radio frequency (RF) components necessary to communicate with the UE 70 through a wireless communication channel. Typically, RF components include a transmitter and receiver adapted for communications according to 5G standards or other Radio Access Technology (RAT). The interface circuit 540 further includes a network interface circuit 555 for communicating with the core network nodes in the wireless communication network 10.
    [143] Processing circuit 510 processes signals transmitted to or received by base station 500. Said processing includes encoding and modulating transmitted signals, and demodulation and decoding of received signals. The processing circuit 510 may comprise one or more microprocessors, hardware, firmware, or a combination thereof. The processing circuit 510 includes a mobility unit 515 to carry out the functions relating to the handover.The mobility unit 515 comprises the processing circuit dedicated to the mobility functions. The mobility unit 515 is configured to perform the methods and procedures as described here, including the methods shown in Figures 2, 6, 7, and 9.
    [144] Memory 530 comprises both volatile and non-volatile memory for storing code and computer program data required by processing circuit 510 for operation. Memory 530 may comprise any tangible, non-transitory, computer-readable storage medium for storing data including electronic, magnetic, optical, electromagnetic, or semiconductor data storage. Memory 530 stores a computer program 535 comprising executable instructions that configure processing circuit 510 to implement the methods and procedures described here including method 100 according to Figures 2, 6, 7, and 9. In general, the information Instructions and computer program settings are stored in non-volatile memory, referred to as read-only memory (ROM), erasable programmable read-only memory (EPROM) or flash memory. Temporary data generated during operation can be stored in volatile memory, referred to as random access memory (RAM). In some embodiments, the computer program 535 for configuring the processing circuit 510 as described herein can be stored in a removable memory, referred to as a portable compact disc, portable digital video disc, or other removable media. The 535 computer program can also be incorporated into a carrier said as an electronic signal, optical signal, radio signal, or computer-readable storage medium.
    [145] Figure 24 illustrates the main functional components of a core 600 network node in wireless communication network 10 configured to implement the security context handling procedures as described here. Core network node 600 can be used to implement core network functions, such as the source AMF 40 and target AMF 40 as described herein. Those skilled in the art will note that the core network function, referred to as the AMF 40, can be implemented by a single core network node, or can be distributed among two or more core network nodes.
    [146] Core network node 600 comprises processing circuit 610, memory 630, and interface circuit 640. Interface circuit 640 includes a network interface circuit 645 to allow communication with other core network nodes and with base station 25 in the RAN.
    [147] Processing circuit 610 controls the operation of the core network node 600. Processing circuit 610 may comprise one or more microprocessors, hardware, firmware, or a combination thereof. The processing circuit 610 can include a security unit 615 NAS to handle the security functions related to the NAS and a mobility unit management 620 to handle the management of mobility functions. Generally, the 615 NAS security unit is responsible for deriving security keys, establishing a security context, and other security-related functions. The mobility management unit 620 is responsible for handling the mobility management functions and related signage. As previously described, the NAS 615 security unit can provide mobility unit 620 management with information, such as NAS keys, KDP, and other security parameters to be sent to the UE 70. In some embodiments, the security unit NAS 615 security and mobility unit 620 management can reside on the same core network node. In other embodiments, they can reside on different core network nodes. In an exemplary embodiment, the 615 NAS security unit and the mobility unit management 620 are configured to perform the methods and procedures as described here, including the methods shown in Figures 2, 3, 6 to 8, 11, 13, 17 , and 19.
    [148] Memory 630 comprises both volatile and non-volatile memory to store codes and computer program data required by processing circuit 610 for operation. Memory 630 may comprise any tangible, non-transitory, computer-readable storage medium for storing data including electronic, magnetic, optical, electromagnetic, or semiconductor data storage. Memory 630 stores a computer program 635 comprising executable instructions that configure processing circuit 610 to implement the methods and procedures described here including the methods according to Figures 2, 3, 6 to 8,11,13,17, and 19. In general, computer program instructions and configuration information is stored in non-volatile memory, referred to as read-only memory (ROM), erasable programmable read-only memory (EPROM) or flash memory. Temporary data generated during operation can be stored in volatile memory, referred to as random access memory (RAM). In some embodiments, a computer program 635 for configuring processing circuit 610 as described herein can be stored in removable memory, said as a portable compact disk, portable digital video disk, or other removable media. The 635 computer program can also be incorporated into a carrier, said as an electronic signal, optical signal, radio signal, or computer-readable storage medium.
    [149] Figure 25 illustrates the main function components of the UE 700 configured to implement the security context handling methods as described here. The UE 700 comprises a processing circuit 710, a memory 730, and an interface circuit 740.
    [150] Interface circuit 740 includes a radio frequency (RF) interface circuit 745 coupled to one or more antennas 750. The RF interface circuit 745 comprises the radio frequency (RF) components necessary to communicate with UE 70s through a wireless communication channel. Typically, RF components include a transmitter and receiver adapted for communications according to 5G standards or other Radio Access Technology (RAT).
    [151] Processing circuit 710 processes signals transmitted to or received by UE 700. Said processing includes encoding and modulating transmitted signals, and demodulation and decoding of received signals. The processing circuit 710 may comprise one or more microprocessors, hardware, firmware, or a combination thereof. The processing circuit 710 may include a NAS security unit 715 to handle security functions related to the NAS and mobility unit management 720 to handle management of mobility functions. The NAS 715 security unit is generally responsible for deriving security keys, establishing a security context, and other security functions as described here. The mobility unit management 720 is responsible for handling the management of related mobility and signaling functions. In an exemplary embodiment, the NAS 715 security unit and the Mobility unit management 720 are configured to perform the methods and procedures as described here, including the methods shown in Figures 2, 3, 6 to 8.15 and 21.
    [152] Memory 730 comprises both volatile and non-volatile memory to store code and computer program data required by processing circuit 710 for operation. Memory 730 can comprise any tangible, non-transitory, computer-readable storage medium for storing data, including electronic, magnetic, optical, electromagnetic, or semiconductor data storage. Memory 730 stores a computer program 735 comprising executable instructions that configure processing circuit 710 to implement the methods and procedures described herein including method 100 according to Figures 2, 3, 6 to 8, 15 and 21. In general , computer program instructions and configuration information is stored in non-volatile memory, referred to as read-only memory (ROM), erasable programmable read-only memory (EPROM) or flash memory. Temporary data generated during operation can be stored in volatile memory, referred to as random access memory (RAM). In some embodiments, the computer program 735 for configuring the processing circuit 710 as described herein can be stored in a removable memory, said as a portable compact disc, portable digital video disc, or other removable media. The computer program 735 can also be incorporated into a carrier said as an electronic signal, optical signal, radio signal, or computer-readable storage medium.
    权利要求:
    Claims (26)
    [0001]
    1. Method for transferring a security context during a handover of user equipment (70, 275, 700), the method implemented by one or more core network nodes (175, 600) in a core network (30) of the network wireless communication (10), in which the one or more core network nodes (175, 600) provide a Mobility and Access Management Function (40) of Fifth Generation Systems of Partnership Project for the 35th Generation (3GPP- 5G) source, the method characterized by the fact that it comprises: receiving, from a base station (25, 120, 500) source, a first handover message indicating that a user equipment handover (70,275,700) is necessary; generate a new responsive non-access layer key to determine that a specific operator policy is adhered to; send, responsive to the first handover message, the new non-access layer key to a target 3GPP-5G Mobility and Access Management Function (40); and sending, to the user equipment, a second handover message including: a key change flag set to a value indicating a change of the non-access layer key; and an indication of at least one non-access layer security algorithm selected by the target 3GPP-5G Mobility and Access Management Function (40) and indicating a non-access layer security algorithm to be used by the user equipment .
    [0002]
    2. Method, according to claim 1, characterized by the fact that generating the new non-access layer key comprises: generating the new non-access layer key from a previous non-access layer key and a parameter key derivation.
    [0003]
    3. Method, according to claim 2, characterized by the fact that it also comprises sending the key derivation parameter to the user equipment (70).
    [0004]
    4. Method, according to claim 1, characterized by the fact that the first handover message is a requested handover message indicating a need for a handover of user equipment (70, 275, 700).
    [0005]
    5. Method, according to claim 1, characterized by the fact that the second handover message is a handover command.
    [0006]
    6. Method, according to claim 1, characterized by the fact that the new non-access layer key is sent to the target Mobility and Access Management Function (40) of 3GPP-5G in a relocation request message forwarded.
    [0007]
    7. Method, according to claim 1, characterized by the fact that the non-access layer key is a core network key (KCN).
    [0008]
    8. Core network node (175, 600) in a core network (30) of a wireless communication network (10), said core network node (175, 600) providing a Mobility and Access Management Function (40 ) of Fifth Generation Systems of a Partnership Project for the 35th Generation (3GPP-5G) source, said core network nodes (175, 600) characterized by the fact that it comprises: an interface circuit (640) to communicate with a base station (25, 120, 500) source and a Mobility and Access Management Function (40) of 5G target; and a processing circuit (610) configured to: receive, from a source base station (25, 120, 500), a first handover message indicating that a handover from the user equipment (70, 275, 700) is necessary; generate a new responsive non-access layer key to determine that a specific operator policy is adhered to; send, responsive to the handover message, the new key of non-access layer to a target Mobility and Access Management Function (40) of 3GPP-5G; and sending, to the user equipment (70, 275, 700), a second handover message including: a key change flag for a value indicating a change of the non-access layer key; and an indication of at least one non-access layer security algorithm selected by the target 3GPP-5G Mobility and Access Management Function (40) and indicating a non-access layer security algorithm to be used by the user equipment .
    [0009]
    9. Core network node (175, 600), according to claim 8, characterized by the fact that the processing circuit is further configured to generate the new non-access layer key by generating the new non-access layer key access from a preceding non-access layer key and a key derivation parameter.
    [0010]
    10. Core network node (175, 600), according to claim 9, characterized by the fact that the processing circuit is further configured to send the key derivation parameter to the user equipment.
    [0011]
    11. Core network node (175, 600), according to claim 8, characterized by the fact that the first handover message is a requested handover message indicating a need for a handover of the user equipment (70, 275, 700 ).
    [0012]
    12. Core network node (175, 600), according to claim 8, characterized by the fact that the second handover message is a handover command.
    [0013]
    13. Core network node (175, 600), according to claim 8, characterized by the fact that the processing circuit is configured to send the new non-access layer key to the Mobility and Access Management Function ( 40) of 3GPP-5G target in a forwarded relocation request message.
    [0014]
    14. Core network node (175, 600), according to claim 8, characterized by the fact that the non-access layer key is a core network key (KCN).
    [0015]
    15. Method (250) to establish a new security context during a handoverimplemented by user equipment (70, 275, 700) in a wireless communication network (10), the method characterized by the fact that it comprises: receiving a handover message from a base station (25,120, 500) source, said handover message including: a key change flag set to a value indicating that a non-access layer key has been changed based on a specific operator policy ; and an indication of at least one non-access layer security algorithm selected by a Mobility and Access Management Function (40) of Fifth Generation Partnership Project Systems for the 35th Generation (3GPP-5G) and indicating a non-access layer security algorithm to be used by user equipment. perform a handover from the source base station (25, 120, 500) to a target base station (25,120, 500); and establish, responsive to the key change indicator, the new security context with the target 3GPP-5G Mobility and Access Management Function, said new security context including a new non-access layer key.
    [0016]
    16. Method, according to claim 15, characterized by the fact that it further comprises generating the new non-access layer key using a previous non-access layer key and a key derivation parameter.
    [0017]
    17. Method, according to claim 16, characterized by the fact that the key derivation parameter comprises one of a nonce, timestamp, freshness parameter, version number, and static information.
    [0018]
    18. Method (250), according to claim 16, characterized by the fact that the key derivation parameter is received with the key change indicator flag in the handover message.
    [0019]
    19. Method (250), according to claim 15, characterized by the fact that the handover message is a handover command.
    [0020]
    20. Method (250) according to claim 15, characterized by the fact that the non-access layer key is a core network key (KCN).
    [0021]
    21. User equipment (70, 275, 700) for handover implemented by user equipment (70, 275, 700) in a wireless communication network (10), the user equipment characterized by the fact that it comprises: a interface circuit to communicate with one or more base stations (25,120, 500) on the wireless communication network (10); and a processing circuit configured to: receive a handover message from a base station (25,120, 500) source on the wireless communication network (10), said handover message including: a key change flag set to a value indicating that a non-access layer key has been changed based on a specific operator policy; an indication of at least one non-access layer security algorithm selected by a Target Generation 35 Mobility and Systems Management Role for the 35th Generation Project (3GPP-5G) and indicating a security algorithm for non-access layer to be used by user equipment; perform a handover from the source base station (25, 120, 500) to a target base station (25,120, 500) in the wireless communication network (10); and to establish, responsive to the key change indicator, a new security context with the Target 3GPP-5G Mobility and Access Management Function, said new security context including a new non-access layer key.
    [0022]
    22. User equipment (70, 275, 700) according to claim 21, characterized by the fact that the processing circuit is further configured to generate the new non-access layer key using a non-access layer key precedent and a key derivation parameter.
    [0023]
    23. User equipment (70, 275, 700) according to claim 22, characterized by the fact that the key derivation parameter comprises one of a nonce, timestamp, freshness parameter, version number, and static information .
    [0024]
    24. User equipment (70, 275, 700), according to claim 22, characterized by the fact that the processing circuit is further configured to receive the key derivation parameter with the key change indicator flag in the message handover.
    [0025]
    25. User equipment (70, 275, 700), according to claim 21, characterized by the fact that the handover message is a handover command.
    [0026]
    26. User equipment (70, 275, 700) according to claim 21, characterized by the fact that the non-access layer key is a core network key (KCN).
    类似技术:
    公开号 | 公开日 | 专利标题
    BR112019015387B1|2020-11-03|5g security context handling during connected mode
    BR112020001289B1|2021-08-03|SAFETY IMPLEMENTATION METHOD, RELATED APPARATUS AND SYSTEM
    JP2018502471A|2018-01-25|Apparatus and method for wireless communication
    KR20100114927A|2010-10-26|System and method for performing key management while performing handover in a wireless communication system
    BR112012032233B1|2021-03-02|methods and devices to facilitate synchronization of security settings
    KR20100126691A|2010-12-02|System and method for performing handovers, or key management while performing handovers in a wireless communication system
    BR112020002515A2|2020-08-04|triggering network authentication method and related device
    EP3485669B1|2019-09-25|Methods and apparatuses for re-establishing a radio resource control | connection
    US20220053445A1|2022-02-17|Method and Apparatus for Mobility Registration
    OA19349A|2020-06-29|Security context handling in 5G during connected mode
    WO2020221175A1|2020-11-05|Registration method and apparatus
    WO2020029075A1|2020-02-13|Method and computing device for carrying out data integrity protection
    同族专利:
    公开号 | 公开日
    DK3574669T3|2021-11-01|
    AR110865A1|2019-05-08|
    US20190141523A1|2019-05-09|
    DK3574670T3|2021-09-13|
    US11096045B2|2021-08-17|
    RU2719772C1|2020-04-23|
    KR102163343B1|2020-10-08|
    MX2019008770A|2019-09-09|
    AR110917A1|2019-05-15|
    US20200120498A1|2020-04-16|
    US20190141584A1|2019-05-09|
    JP6943965B2|2021-10-06|
    EP3574670B1|2021-07-28|
    EP3923616A4|2021-12-15|
    PL3574670T3|2022-02-07|
    US20200120497A1|2020-04-16|
    KR20190100366A|2019-08-28|
    ES2886881T3|2021-12-21|
    US20210360397A1|2021-11-18|
    PH12019501467A1|2020-02-24|
    EP3923616A1|2021-12-15|
    ZA201903899B|2020-12-23|
    CN109644340A|2019-04-16|
    EP3952375A1|2022-02-09|
    CN109644339A|2019-04-16|
    PT3574669T|2021-10-26|
    JP2022003793A|2022-01-11|
    JP6942804B2|2021-09-29|
    US10536849B2|2020-01-14|
    EP3574669B1|2021-10-13|
    US10531292B2|2020-01-07|
    JP2020507268A|2020-03-05|
    AU2018212610A1|2019-07-25|
    EP3574669A1|2019-12-04|
    AU2018212610B2|2021-07-08|
    BR112019015387A2|2019-12-17|
    WO2018138348A1|2018-08-02|
    WO2018138347A1|2018-08-02|
    JP2020505866A|2020-02-20|
    EP3574670A1|2019-12-04|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    US9106409B2|2006-03-28|2015-08-11|Telefonaktiebolaget L M Ericsson |Method and apparatus for handling keys used for encryption and integrity|
    TW200814641A|2006-06-07|2008-03-16|Qualcomm Inc|Methods and apparatus for using control values to control communications processing|
    CN101309500B|2007-05-15|2011-07-20|华为技术有限公司|Security negotiation method and apparatus when switching between different wireless access technologies|
    CN101378591B|2007-08-31|2010-10-27|华为技术有限公司|Method, system and device for negotiating safety capability when terminal is moving|
    CN101400059B|2007-09-28|2010-12-08|华为技术有限公司|Cipher key updating method and device under active state|
    US20090209259A1|2008-02-15|2009-08-20|Alec Brusilovsky|System and method for performing handovers, or key management while performing handovers in a wireless communication system|
    CN101516089B|2008-02-18|2012-09-05|中国移动通信集团公司|Switching method and system|
    JP5390611B2|2008-08-15|2014-01-15|サムスンエレクトロニクスカンパニーリミテッド|Secured non-connection layer protocol processing method for mobile communication system|
    CN101355507B|2008-09-12|2012-09-05|中兴通讯股份有限公司|Method and system for generating cipher key for updating tracking zonetime|
    US20100173610A1|2009-01-05|2010-07-08|Qualcomm Incorporated|Access stratum security configuration for inter-cell handover|
    CN101478752B|2009-01-12|2014-11-05|中兴通讯股份有限公司|Cipher key replacing method, system and device|
    CN101931951B|2009-06-26|2012-11-07|华为技术有限公司|Method, device and system for secret key deduction|
    EP2548389B1|2010-03-17|2015-06-24|Telefonaktiebolaget LM Ericsson |Enhanced key management for srns relocation|
    US9084110B2|2010-04-15|2015-07-14|Qualcomm Incorporated|Apparatus and method for transitioning enhanced security context from a UTRAN/GERAN-based serving network to an E-UTRAN-based serving network|
    CN101835152A|2010-04-16|2010-09-15|中兴通讯股份有限公司|Method and system for establishing reinforced secret key when terminal moves to reinforced UTRAN |
    CN101860863A|2010-05-21|2010-10-13|中国科学院软件研究所|Enhanced encryption and integrity protection method|
    KR101737425B1|2010-06-21|2017-05-18|삼성전자주식회사|Mehthod and apparatus for managing security in a mobiel communication system supporting emergency call|
    CN102340772B|2010-07-15|2014-04-16|华为技术有限公司|Security processing method, device and system in conversion process|
    CN102348206B|2010-08-02|2014-09-17|华为技术有限公司|Secret key insulating method and device|
    US20120159151A1|2010-12-21|2012-06-21|Tektronix, Inc.|Evolved Packet System Non Access Stratum Deciphering Using Real-Time LTE Monitoring|
    CN102118808B|2011-03-03|2014-11-12|电信科学技术研究院|Method for triggering switching and transferring identification information of mobile management entity pool and equipment|
    CN103931219B|2012-05-04|2018-04-10|华为技术有限公司|A kind of safe processing method and system in network switching process|
    CN105103577B|2014-01-28|2019-05-24|华为技术有限公司|A kind of device and method of encryption data|
    US10070357B2|2014-09-25|2018-09-04|Intel IP Corporation|Smooth UE transfer within an evolved packet core|
    US9801055B2|2015-03-30|2017-10-24|Qualcomm Incorporated|Authentication and key agreement with perfect forward secrecy|
    US9883385B2|2015-09-15|2018-01-30|Qualcomm Incorporated|Apparatus and method for mobility procedure involving mobility management entity relocation|
    US10873464B2|2016-03-10|2020-12-22|Futurewei Technologies, Inc.|Authentication mechanism for 5G technologies|
    US20180083972A1|2016-09-20|2018-03-22|Lg Electronics Inc.|Method and apparatus for security configuration in wireless communication system|
    AU2018212610B2|2017-01-30|2021-07-08|Telefonaktiebolaget Lm Ericsson |Security context handling in 5g during idle mode|
    US11071021B2|2017-07-28|2021-07-20|Qualcomm Incorporated|Security key derivation for handover|
    KR102343687B1|2017-11-20|2021-12-28|텔레호낙티에볼라게트 엘엠 에릭슨|Security context handling in 5G during handover|AU2018212610B2|2017-01-30|2021-07-08|Telefonaktiebolaget Lm Ericsson |Security context handling in 5g during idle mode|
    WO2018201398A1|2017-05-04|2018-11-08|华为技术有限公司|Method and device for acquiring key and communication system|
    US10812974B2|2017-05-06|2020-10-20|Vmware, Inc.|Virtual desktop client connection continuity|
    CN111165016A|2017-05-14|2020-05-15|鸿颖创新有限公司|Method, apparatus and system for beam refinement during handover|
    US10810316B2|2017-05-15|2020-10-20|International Business Machines Corporation|Updating monitoring systems using merged data policies|
    CN109309920B|2017-07-28|2021-09-21|华为技术有限公司|Security implementation method, related device and system|
    US10542428B2|2017-11-20|2020-01-21|Telefonaktiebolaget Lm Ericsson |Security context handling in 5G during handover|
    CN110830997A|2018-08-10|2020-02-21|中兴通讯股份有限公司|Key determination method and device, storage medium and electronic device|
    JP2021534662A|2018-08-13|2021-12-09|テレフオンアクチーボラゲット エルエム エリクソン(パブル)|Protection of non-access hierarchical communication in wireless communication networks|
    CN110881184B|2018-09-05|2021-05-18|华为技术有限公司|Communication method and device|
    CN111465012B|2019-01-21|2021-12-10|华为技术有限公司|Communication method and related product|
    US20200323017A1|2019-04-08|2020-10-08|Mediatek Singapore Pte. Ltd|5G NAS Recovery from NASC Failure|
    CN111866870B|2019-04-26|2022-02-01|华为技术有限公司|Key management method and device|
    CN111866867B|2019-04-28|2022-01-14|华为技术有限公司|Information acquisition method and device|
    CN111866967A|2019-04-29|2020-10-30|华为技术有限公司|Switching processing method and device|
    CN112020067B|2019-05-31|2021-12-10|荣耀终端有限公司|Method, device and communication system for acquiring security context|
    CN112654043A|2019-10-13|2021-04-13|华为技术有限公司|Registration method and device|
    CN111314856B|2020-02-13|2020-12-15|广州爱浦路网络技术有限公司|Hierarchical examination and tracking device and method for 5G user position information service|
    US11051161B1|2020-02-20|2021-06-29|Telefonaktiebolaget Lm Ericsson |Key maerial generation optimization for authentication and key management for applications|
    CN114051242A|2020-07-22|2022-02-15|大唐移动通信设备有限公司|Security management method, device and equipment between user and multiple terminals|
    法律状态:
    2020-04-28| B15K| Others concerning applications: alteration of classification|Free format text: AS CLASSIFICACOES ANTERIORES ERAM: H04W 12/04 , H04W 36/14 Ipc: H04W 12/04 (2009.01), H04W 36/14 (2009.01), H04W 3 |
    2020-06-02| B09A| Decision: intention to grant [chapter 9.1 patent gazette]|
    2020-11-03| B16A| Patent or certificate of addition of invention granted [chapter 16.1 patent gazette]|Free format text: PRAZO DE VALIDADE: 20 (VINTE) ANOS CONTADOS A PARTIR DE 29/01/2018, OBSERVADAS AS CONDICOES LEGAIS. |
    优先权:
    申请号 | 申请日 | 专利标题
    US201762452267P| true| 2017-01-30|2017-01-30|
    US62/452,267|2017-01-30|
    PCT/EP2018/052153|WO2018138347A1|2017-01-30|2018-01-29|Security context handling in 5g during connected mode|
    [返回顶部]