SAFETY IMPLEMENTATION METHOD, RELATED APPARATUS AND SYSTEM

专利摘要:
this application discloses a security implementation method, a related apparatus, and a system. the method includes: receiving, by a first network element, a request to automatically switch user equipment from a source access network device to a target access network device to perform communication; obtain, by the first network element, a security key, wherein the security key is used to protect the communication between the user equipment and the target network device from access after the user equipment is automatically switched from the network device source access to the target access network device; and sending, by the first network element, the security key to the target access network device.
公开号:BR112020001289B1
申请号:R112020001289-0
申请日:2018-04-26
公开日:2021-08-03
发明作者:Rong Wu；Lu Gan；Bo Zhang；Shuaishuai Tan
申请人:Huawei Technologies Co., Ltd；
IPC主号:

专利说明:

FIELD OF TECHNIQUE
[0001] This application relates to the field of communication technologies and, in particular, to a method of implementing security, a related apparatus, and a system. FUNDAMENTALS
[0002] Currently, user equipment (such as cell phones) has been widely used, making people's lives much easier. User equipment can directly establish a communication connection with a base station, to perform communication and provide a user with a rich communication experience using a data transmission service provided by a network. In some application scenarios, if user equipment moves from a base station cell to a current base station cell, a network connection of the user equipment needs to be handover from the original base station to the current base station before communication can continue to be maintained.
[0003] For a future mobile communication architecture (such as a 5G fifth generation communication system), a network also needs to meet a user equipment handover requirement. Currently, in an existing 3GPP standard for mobile communication, an SA2 architecture group has proposed an approximate architecture of a 5G network. In this architecture, an access management function (AMF) of a network core is typically deployed in a location relatively close to a base station. Therefore, when user equipment handovers between base stations for communication, handover between AMFs may also be caused.
[0004] However, a current communication security implementation method (an EAP Extensible Authentication Protocol method) is not applicable to security protection for handover between AMFs in a 5G network. Therefore, how to establish a security mechanism based on a future mobile communication architecture becomes an issue that urgently needs to be resolved at this time. SUMMARY
[0005] Modalities of the present invention provide a security implementation method, a related apparatus, and a system, to implement security protection in a handover scenario between AMFs, improve the security of a future mobile communication architecture, and satisfy a user requirement.
[0006] According to a first aspect, an embodiment of the present invention discloses a method of implementing security. The method includes: receiving, by a first network element, a request to handover user equipment from a source access network device to a target access network device to perform communication; obtain, by the first network element, a security key, where the security key is used to secure the communication between the user equipment and a target network after the user equipment is handover from the source access network device to the target access network device, where the target network includes the target access network device and a target core network device, and the target core network device includes the first network element; and sending, by the first network element, the security key to the target access network device.
[0007] A second network element is connected to the source access network device, and the second network element and the source access network device are network devices on a source side. The first network element is connected to the target access network device, and the first network element and the target access network device are network devices on a target side.
[0008] During specific implementation, the second network element can be a network device, such as a source AMF, a source SEAF or a source SMF, and the first network element is a corresponding network device, such as a target AMF, a target SEAF or a target SMF.
[0009] The request may carry a source-side security context. For example, the source-side security context may include one or more of a key lifetime, a key index, a UE security capability, an integrity algorithm, an integrity algorithm identifier, an algorithm encryption algorithm, an encryption algorithm identifier, and a counter related to key calculation. For example, the request can be a handover request, a trajectory switching request, or the like.
[0010] In this embodiment of the present invention, obtaining, by the first network element, a security key includes: obtaining, by the first network element, a first intermediate key, where the first intermediate key is a generated upper layer key after authentication, and is used to derive a lower layer AS access layer key and a lower layer NAS no access layer key; and determining, by the first network element, a security protection algorithm, and deriving the security key based on the security protection algorithm and the first intermediate key.
[0011] The security key may include an AS access layer key and a NAS non-access layer key. The AS key is used to secure the communication between the user equipment and an access network device, and the NAS key is used to secure the communication between the user equipment and a network core device (such as an AMF/ SEAF/SMF).
[0012] The first network element can obtain the first intermediate key in several ways.
[0013] In a specific embodiment, the first network element obtains the first intermediate key which is derived by the second network element based on a second intermediate key and a network parameter. The second intermediate key is an upper layer key generated after authentication, and is used to derive a lower layer access layer key and a lower layer no access layer key. For example, the second intermediate key is a Kamf key that originally exists in the second network element, and the Kamf key is obtained by the second network element when authentication is successful.
[0014] In a specific modality, the first network element receives the second intermediate key sent by the second network element; and the first network element derives the first intermediate key based on the second intermediate key and a network parameter.
[0015] In a specific modality, after the user equipment is handover handover from the source access network device to the target access network device, and bidirectional authentication in the user equipment is successful again, the first element of network obtains a Kseaf anchor key; and the first network element derives the first intermediate key based on the anchor key and a network parameter.
[0016] The network parameter may include one or more of a target side identifier, a slice identifier, a NAI network access identifier, NSSAI network slice selection assistance information, an AMF region identifier, an AMF configuration identifier, a GUAMI globally unique AMF identifier, an AMF pointer, an AMF pool identifier, and a Nonce count value, or a counter or a random number or a sequence number.
[0017] In a specific embodiment of the present invention, the first network element can additionally obtain a next-hop key, that is, a first NH and a next-hop chain counter, that is, a first NCC, where the first NH and the first NCC are sent by the second network element; the first network element gets a {second NH, second NCC} pair based on a {first NH, first NCC} pair. In a subsequent step, the first network element can send the {second NH, second NCC} pair, a second key, and a third key to the target access network device, and the target access network device generates a first key based on {second NH, second NCC} pair.
[0018] In one possible embodiment, the security key includes the first key, the second key, and the third key, where the first key is an intermediate key for security protection between the user equipment and the access network device target, the second key is a NAS signaling encryption protection key and the third key is a NAS signaling integrity protection key.
[0019] The determination, by the first network element, of a security protection algorithm, and deriving the security key based on the security protection algorithm and the first intermediate key includes: include, by the security protection algorithm, a NAS confidentiality algorithm identifier and a NAS integrity algorithm identifier; deriving, by the first network element, the first key such as a KgNB key, based on a first parameter, where the first parameter includes one or more of the first intermediate key, a target cell identifier, a frequency channel number , a NAS count value, a NAS connection identifier, and a counter or a random number or a sequence number; derive, by the first network element, the second key such as a Knasenc key, based on a second parameter, where the second parameter includes one or more of the first intermediate key, the NAS confidentiality algorithm identifier, and a counter or random number or a sequence number; and deriving, by the first network element, the third key such as Knasint based on a third parameter, where the third parameter includes one or more of the first intermediate key, the NAS integrity algorithm identifier and a counter or a number random or a sequence number.
The sending, by the first network element, of the security key to the target access network device includes: sending, by the first network element, the first key to the target access network device.
[0021] In a possible embodiment, the source access network device is an access network device in a first communication system; the target access network device is an access network device in a second communications system; and the first network element is a network element in the second communication system. The request includes a first communications system security context and a third intermediate key. The third middle key is an upper layer key generated after authentication in the first communications system and is used to derive a lower layer access layer key and a lower layer no access layer key.
[0022] Obtaining, by the first network element, a first intermediate key includes: deriving, by the first network element, the first intermediate key based on the security context of the first communications system, a security context of the second system communications, and the third intermediate key.
[0023] In a possible embodiment, the first network element includes a target AMF mobility management and access function, the second network element includes a source AMF, the target AMF is connected to the target access network device, and the source AMF is connected to source access network device; or the first network element includes a target SEAF security anchor function, the second network element includes a source SEAF security anchor function, the target SEAF is connected to the target access network device, and the source SEAF is connected to the source access network device.
[0024] In a possible embodiment, the network parameter includes one or more of a target side identifier, a slice identifier, a NAI network access identifier, NSSAI network slice selection assistance information, an identifier of AMF region, an AMF configuration identifier, a GUAMI globally unique AMF identifier, an AMF pointer, an AMF pool identifier, and a counter or a random number or sequence number.
[0025] In one possible embodiment, the first network element includes an MME mobility management entity network element in a first communications system; the target access network device is an access network device in the first communication system; and the source access network device is an access network device in a second communications system.
[0026] Specifically, the MME receives the user equipment handover request from the source access network device to the target access network device to perform the communication, where the request includes a security context of the second communication system; the MME obtains the security key, where the security key is used to secure the communication between the user equipment and the target access network device, after the user equipment is handover from the source access network device to the target access network device; and the MME sends the security key to the target access network device.
[0027] In a possible embodiment, the MME obtains a third intermediate key, where the third immediate key is derived by an HSS local subscriber server in the first communication system based on a first encryption key, a first encryption key. integrity, a service network name identifier, and an SQN sequence number; and the third intermediate key is an upper layer key generated after authentication in the first communication system, and is used to derive a lower layer access layer key and a lower layer no access layer key; and the MME derives the security key based on the security context of the second communications system and the third intermediate key.
[0028] In a possible embodiment, the MME obtains a first intermediate key sent by an AMF in the second communication system, where the first intermediate key is a higher layer key generated after authentication in the second communication system, and is used to derive a lower-layer AS access layer key and a lower-layer NAS no-access layer key; the MME derives the third intermediate key based on the first intermediate key; and the MME derives the security key based on the security context of the second communications system and the third intermediate key.
[0029] According to a second aspect, an embodiment of the present invention provides a method of implementing security, including: receiving, by a target access network device, a request to handover user equipment from a wireless node source to a target wireless node to perform communication; receiving, by the target access network device, a first key sent by a core network device, where the first key is an intermediate key for security protection between the user equipment and the target access network device; generating, by the target access network device, a second key based on the intermediate key, where the second key is an intermediate key for security protection between the user equipment and the target wireless node; send, by the target access network device, the second key to the target wireless node, so that the target wireless node generates a security key based on the second key, where the security key is used to secure the communication between the user equipment and the target wireless node after the user equipment is handover transferred from the source wireless node to the target wireless node.
[0030] According to a third aspect, an embodiment of the present invention provides a network element. The network element is a first network element. The first network element includes a receiver, a transmitter, a memory and a processor coupled to the memory. The receiver, transmitter, memory, and processor can be connected using a bus or in another way. The transmitter is configured to send data and signaling to an external device. The receiver is configured to receive data and signaling from the external device. Memory is configured to store program code and related data (such as configuration information, a security context, and a key). The processor is configured to invoke and run program code stored in memory, and perform related steps in the method according to the first aspect.
[0031] According to a fourth aspect, an embodiment of the present invention provides a target access network device. The target access network device includes a receiver, a transmitter, a memory, and a processor coupled to the memory. The receiver, transmitter, memory, and processor can be connected using a bus or in another way. The transmitter is configured to send data and signaling. The receiver is configured to receive data and signaling. Memory is configured to store program code and related data (such as configuration information, a security context, and a key). The processor is configured to invoke and run program code stored in memory, and perform related steps in the method according to the second aspect.
[0032] According to a fifth aspect, an embodiment of the present invention provides a network element. The network element includes a receiving module, a key processing module, and a sending module. The network element is configured to implement the method according to the first aspect.
[0033] According to a sixth aspect, an embodiment of the present invention provides a computer readable storage media configured to store code to implement the method according to the first aspect or the second aspect.
[0034] According to a seventh aspect, an embodiment of the present invention provides a computer software product. When running on a computer, the computer software product can be configured to implement the method according to either the first aspect or the second aspect.
[0035] During the implementation of the modalities of the present invention, in an element implementation process between networks (for example, handover between AMFs), a communication system can correspondingly generate a security key, and obtain and transmit a context and a safety switch on the target side using a safety net element (a SEAF/AMF). Embodiments of the present invention help to implement security protection in a handover scenario between AMFs in a future mobile communication architecture (such as 5G), improve the security of the future mobile communication architecture, and satisfy a user requirement. BRIEF DESCRIPTION OF THE DRAWINGS
[0036] The following are briefly described the attached drawings required for the foundations or modalities.
[0037] Figure 1 is a schematic architectural diagram of a mobile communications system according to an embodiment of the present invention;
[0038] Figure 2 is a schematic diagram of a scenario of an LTE system according to an embodiment of the present invention;
[0039] Figure 3 is a schematic diagram of a scenario of a 5G system according to an embodiment of the present invention;
[0040] Figure 4 is a schematic flowchart of a method of implementing security according to an embodiment of the present invention;
[0041] Figure 5 is a schematic flowchart of another method of implementing security according to an embodiment of the present invention;
[0042] Figure 6 is a schematic flowchart of yet another method of implementing security according to an embodiment of the present invention;
[0043] Figure 7 is a schematic flowchart of yet another method of implementing security according to an embodiment of the present invention;
[0044] Figure 8 is a schematic flowchart of yet another method of implementing security according to an embodiment of the present invention;
[0045] Figure 9 is a schematic flowchart of a method of implementing additional security according to an embodiment of the present invention;
[0046] Figure 10 is a schematic flowchart of yet another method of implementing security according to an embodiment of the present invention;
[0047] Figure 11 is a schematic diagram of a scenario of a 5G+WLAN system according to an embodiment of the present invention;
[0048] Figure 12 is a schematic structural diagram of an apparatus according to an embodiment of the present invention; and
[0049] Figure 13 is a schematic structural diagram of another apparatus according to an embodiment of the present invention. DESCRIPTION OF MODALITIES
[0050] The technical solutions in the embodiments of the present invention are clearly described below with reference to the attached drawings.
[0051] To facilitate the understanding of the solutions, a network architecture that can be applied to the solutions in the modalities of this application is first described as an example with reference to a related attached drawing. Figure 1 shows a future mobile communication network architecture. The network architecture includes user equipment, an access network device, and an operator network (eg, a 3GPP 5G network). The operator network additionally includes a core network and a data network, and the user equipment accesses the operator network using an access network device. Detailed descriptions are as follows:
[0052] User Equipment (UE): The UE is a logical entity. Specifically, the UE can be any one of terminal equipment (Terminal Equipment), a communications device (Communication Device) and an Internet of Things (IoT) device. The terminal equipment can be a smart phone (smartphone), a smart watch (smartwatch), a smart tablet computer (smart tablet), or the like. The communications device can be a server, a gateway (GW), a controller, or the like. The Internet of Things device can be a sensor, an electricity meter, a water meter, or the like.
[0053] Access network (AN): AN may also be called a radio access network (RAN) during specific application, and RAN includes access network devices and is responsible for accessing the user equipment. The RAN can be a base station (such as an NB, an eNB or a gNB), an access point via Wi-Fi (Wi-Fi), an access point via Bluetooth, or the like.
[0054] Data Network (DN): The DN may be an external network of an operator, or it may be a network controlled by an operator, and is configured to provide a business service to a user. UE can access the operator network in order to access the DN, and use a service provided by the operator or a third party in the DN.
[0055] Core Network (CN): As a bearer network, the CN provides an interface to the DN, provides the UE with a communication connection, authentication, management, and policy control, data service support, and the like. CN additionally includes: an access and mobility management function, a session management function, an authentication server function, a policy control function, an application function, a user plan function, and the like. The related descriptions are specifically as follows:
[0056] Access and mobility management (AMF) function: As a control plane network element provided by an operator, the AMF is responsible for access control and mobility management when the UE accesses the operator's network and processes network signaling while serving as a termination of NAS signaling.
[0057] Security Anchor Function (SEAF): The SEAF is connected to the AMF and serves as a node of a security authentication function. During specific implementation, in terms of physical location, AMF and SEAF can be integrated or AMF and SEAF can be arranged separately and independently. Furthermore, during a possible implementation, the functions of the AMF and SEAF may be deployed separately in different network elements, or several functions of the AMF and SEAF may be arranged in the same network element (for example, the AMF has functions of SEAF).
[0058] Session Management Function (SMF): The SMF is a control plane network element provided by the operator, and is responsible for managing a session of a UE data packet.
[0059] Authentication Server Function (AUSF): The AUSF Authentication Server Function is a control plane network element provided by the carrier, and it is used for UE authentication. The AUSF can be deployed separately as an independent logical function entity, or it can be integrated into a device such as the AMF/SMF.
[0060] Unified Data Manager (UDM): The UDM is a control plan network element provided by the operator, and is responsible for storing a permanent subscriber identifier (SUPI), registration information, a credential, and data. operator network subscription. The data is used for authentication and authorization when the UE accesses the carrier network.
[0061] Application Role (AF): AF is configured to store a service security requirement, and provide policy determination information.
[0062] User Plane Function (UPF): The UPF may be a gateway, a server, a controller, a user plan function network element, or the like. The UPF can be deployed within the carrier network, or it can be deployed outside the carrier network. The UPF is an operator-provided user plan network element, and is a gateway for communication between the operator network and the DN.
[0063] Policy Control Function (PCF): A policy control function is implemented in the PCF, and the policy control function is a trade completion function for a user plan protection mechanism based on a security requirement in order to determine the user plane protection mechanism in a network.
[0064] It should be noted that Figure 1 shows logical relationships between network elements. In practice, some network elements can be deployed separately, or two or more network elements can be integrated into the same entity. For example, AMF and SMF can be implemented in the same entity, or AMF and SMF can be implemented separately in different entities.
[0065] Figure 2 shows a communication handover application scenario in an LTE communication system. The LTE communications system includes three parts: an evolved packet core (EPC), a base station (eNode B), and user equipment. The EPC is responsible for a part of the network core. The EPC includes a local subscriber server (HSS) 141 configured to store user subscription information, and a mobility management entity (MME) for signal processing and mobility management. The base station is responsible for a part of the access network. The base station is connected to the core network. As shown in the figure, a base station 121 is connected to an MME 131, and a base station 122 is connected to an MME 132. Uplink communication or downlink communication is performed between the user equipment and the station. base using LTE air interface technology (such as Uu interface).
[0066] In a specific communication scenario, the user equipment is in communication connection with the base station 121. If the user equipment moves from a location 111 to a location 112, the user equipment may need to transfer by handover a communication link from base station 121 to base station 122. After a handover process is completed, the user equipment is in communication link with base station 122, and then communication can continue to be performed . It can be seen that, in this process, the base station 121 and the base station 122 are respectively connected to different MMEs and, therefore, the aforementioned communication handover process is also accompanied by the communication handover of the MMEs.
[0067] Figure 3 shows a communication handover application scenario in a 5G communication system. The 5G communications system includes user equipment, an access network, and a core network. Refer to the related description of the embodiment in Figure 1. The access network includes a RAN device 221 and a RAN device 222. The network core includes a network core device group 231 and a network core device group 232 Access network devices are connected to network core devices. As shown in the figure, RAN device 221 is connected to an AMF in network core device group 231, and RAN device 222 is connected to an AMF in network core device group 232. downlink communication is performed between the user equipment and the access network device using a 5G air interface technology.
[0068] In a specific communication scenario, the user equipment is in communication connection with the RAN device 221. If the user equipment moves from a location 211 to a location 212, the user equipment may need to handover a communication link from RAN device 221 to RAN device 222. After a handover process is completed, the user equipment is in communication link with RAN device 222, and then communication can continue. It can be seen that, in this process, the RAN device 221 and the RAN device 222 are respectively connected to the AMFs in different groups of core network devices and, therefore, the aforementioned communication handover process is also accompanied with the handover of communication of the AMFs.
[0069] To improve the network security of a future mobile communication architecture, and to obtain sufficient security assurance on a network side on a user equipment side after handover between AMFs, an embodiment of the present invention provides a method of security implementation. Referring to Figure 4, the method includes, but is not limited to, the following steps.
[0070] 1. A source access network device triggers the communication handover.
[0071] In this modality of the present invention, the user equipment establishes a communication connection with the source access network device by using an access technology. When user equipment needs to be handover transferred from a currently connected source RAN to a target RAN, the source access network device triggers the communication handover. Access technology can be a technology such as CDMA2000, Wireless Local Area Network (WLAN), Fixed Access, Worldwide Interoperability for Microwave Access, WiMAX, Long Term Evolution ( Long Term Evolution, LTE) or 5G.
[0072] In a specific application scenario, when the UE is handover transferred between AMFs, that is, handover transferred from a source AMF to a target AMF, a source RAN connected to and managed by the source AMF of the UE also needs to be transferred by handover to a target RAN. There can be a variety of reasons for the handover. For example, there is no Xn interface connection between the source RAN and the target RAN, and when the UE moves from a communication cell of the source RAN to a communication cell of the target RAN, a current communication connection needs to be transferred by handover from source RAN to target RAN. As another example, when congestion in a current network causes a communication resource to be insufficient, a source RAN connected at that time needs to handover a communication connection request from the UE to a target RAN whose network status is relatively good . As another example, a current communications system (such as LTE) needs to be handover transferred to another communications system (such as 5G).
[0073] 2. The source access network device sends a first request to a second network element; and the second network element sends a second request to a first network element.
[0074] The first request sent by the source access network device to the second network element and the second request sent by the second network element to the first network element can be the same request, or they can be different requests. The first request or the second request can carry a source-side security context. For example, the source-side security context may include one or more of a key lifetime, a key index, a UE security capability, an integrity algorithm, an integrity algorithm identifier, an algorithm encryption algorithm, an encryption algorithm identifier, and a counter related to key calculation. For example, the first request is a handover request. For example, the second request is a path switching request. For requests listed in the following modalities, refer to the description in this document, and the details will not be described again below.
[0075] The second network element is connected to the source access network device, and the second network element and the source access network device are network devices on the source side. The first network element is connected to a target access network device, and the first network element and the target access network device are network devices on a target side.
[0076] During specific implementation, the second network element may be a network device such as a source AMF, a source SEAF, or a source SMF, and the first network element is a corresponding network device such as an AMF target, a target SEAF, or a target SMF.
[0077] 3. The first network element obtains a security key.
[0078] The security key is used to protect the communication between the user equipment and a target network after the user equipment is handover transferred from the source access network device to the target access network device, where the network target includes the target access network device and a target network core device, and the target network core device includes the first network element. The security key can include an AS access layer key and a NAS non-access layer key. The AS key is used to secure the communication between the user equipment and an access network device, and the NAS key is used to secure the communication between the user equipment and a network core device (such as an AMF/ SEAF/SMF).
[0079] The fact that the first network element obtains a security key includes: generating, by the first network element, the security key, or obtaining, by the first network element, the security key sent by another element network.
[0080] In this embodiment of the present invention, the first network element can first obtain a first intermediate key, where the first intermediate key is a higher layer key generated after authentication, and is used to derive an AS layer access layer lower key and a lower layer NAS no-access stratum key. For example, the first intermediate key is the new Kamf. Then, the first network element determines a security protection algorithm, including a specific security algorithm and a security algorithm identifier, where the identifier can be used to indicate the specific protection algorithm. Then, the first network element derives the security key based on the security protection algorithm and the first intermediate key. The security protection algorithm may include a NAS layer confidentiality algorithm identifier, a NAS layer integrity algorithm identifier, an AS layer confidentiality algorithm identifier, and an AS layer integrity algorithm identifier.
[0081] The security key includes a first key, a second key, and a third key, where the first key is an intermediate key for security protection between the user equipment and the target access network device, for example, a KgNB key, the second key is a NAS signaling encryption protection key, for example, a Knasenc key, and the third key is a NAS signaling integrity protection key, for example, Knasint.
[0082] Specifically, the first network element can derive the first key based on a first parameter, where the first parameter includes one or more of the first intermediate key, a target cell identifier, a frequency channel number, a NAS count value, a NAS connection identifier, and a Nonce count value or a counter or a random number or a sequence number; derive the second key based on a second parameter, where the second parameter includes one or more of the first intermediate key, a NAS confidentiality algorithm identifier, and a count value Nonce or a counter or a random number or a number of sequence; and deriving the third key based on a third parameter, where the third parameter includes one or more of the first intermediate key, a NAS integrity algorithm identifier, and a Nonce count value or a counter or a random number or a number of sequence. The first network element can store the second key and the third key, and send the first key to an access network device in a subsequent step.
[0083] The first network element can obtain the first intermediate key in several ways.
[0084] In a specific modality, the first network element obtains the first intermediate key which is derived by the second network element based on a second intermediate key and a network parameter. The second intermediate key is an upper layer key generated after authentication, and is used to derive a lower layer access layer key and a lower layer no access layer key. For example, the second intermediate key is a Kamf key that originally exists in the second network element, and the Kamf key is obtained by the second network element when authentication is successful.
[0085] In a specific mode, the first network element receives the second intermediate key sent by the second network element; and the first network element derives the first intermediate key based on the second intermediate key and a network parameter.
[0086] In a specific modality, after the user equipment is handover transferred from the source access network device to the target access network device, and bidirectional authentication in the user equipment is successful again, the first element network obtains a Kseaf anchor key; and the first network element derives the first intermediate key based on the anchor key and a network parameter.
[0087] The network parameter may include one or more of a target side identifier, a slice identifier, a NAI network access identifier, NSSAI network slice selection assistance information, an AMF region identifier, an AMF configuration identifier, a GUAMI globally unique AMF identifier, an AMF pointer, an AMF pool identifier, and a Nonce count value or a counter or a random number or a sequence number.
[0088] In a specific embodiment of the present invention, the first network element can additionally obtain a next-hop key, i.e., a first NH, and a next-hop chain counter, i.e., a first NCC, where the first NH and first NCC are sent by the second network element; the first network element gets a {second NH, second NCC} pair based on a {first NH, first NCC} pair. In a subsequent step, the first network element can send the {second NH, second NCC} pair, the second key, and the third key to the target access network device, and the target access network device generates the first key based on {second NH, second NCC} pair.
[0089] 4. The first network element sends the security key to a target access network device, where the sent security key includes a first key.
[0090] 5. The first network element sends a security context to the user equipment by using a second network element and an access network device, so that the user equipment can generate the security key with based on security context, where the security context received by the user equipment needs to include only one parameter, for example, a random RAND number, a Nonce count value or a counter, a timestamp, or an algorithm identifier of security related protection, which the user equipment side does not have when the network side generates keys related to the security key.
[0091] 6. The user equipment generates the security key based on the security context. In a specific modality, the user equipment can generate the security key based on the security context, the network parameter, a locally pre-stored intermediate key, and the like. The security key in this document includes an AS key and a NAS key.
[0092] 7. The user equipment and the target access network device complete a subsequent handover process, so that a user equipment communication connection is finally handovered from a current source RAN to a target RAN.
[0093] It should be noted that, in this embodiment of the present invention and embodiments described later, a security-related message (such as a security context, an intermediate key, a key request, or a key response) is transmitted between the The source side and the target side, between the source side and a UE side, or between the target side and the UE side can be transmitted in one form of an independent message, or it can be carried in another message (such as a handover-related request or response) for transmission, and there is no limitation thereto herein in the present invention.
[0094] Referring to Figure 5, an embodiment of the present invention provides another method of implementing security. In a scenario applying this method, after the UE is authenticated on a network, a Kseaf anchor key can be configured on both a UE side and a network side (such as a SEAF). When the UE needs to be handover transferred from a currently connected source RAN to a target RAN, network security can be implemented using the following method. The method includes, but is not limited to, the following steps.
[0095] 1. The source RAN triggers the communication handover.
[0096] In this embodiment of the present invention, when the UE is transferred by handover between AMFs, that is, transferred by handover from a source AMF to a target AMF, a source RAN connected to and managed by the source AMF also needs to be transferred by handover to the target RAN. The source RAN can trigger the communication handover. There can be a variety of reasons for the handover. For example, there is no Xn interface connection between the source RAN and the target RAN, and when the UE moves from a communication cell of the source RAN to a communication cell of the target RAN, a current communication connection needs to be transferred by handover from source RAN to target RAN. As another example, when congestion in a current network causes a communication resource to be insufficient, a currently connected source RAN needs to handover a communication connection request from the UE to a target RAN whose network status is relatively Good.
[0097] 2. The source RAN sends a handover request to a source AMF.
[0098] The source RAN sends a Handover Required message to the source AMF, to notify the source AMF that a user needs to handover, where the Handover Required message carries a UE identifier. AMF specifies a bearer used to forward data (a message).
[0099] 3. The source AMF sends a path switching request to a target AMF.
[0100] To implement the communication handover, the source AMF selects a target AMF, and sends a path switching request (Relocation Request Forwarding) to the target AMF. The path switching request may include a source-side security context.
[0101] 4. The target AMF sends a handover request to the target RAN.
[0102] The target AMF sends a Handover Request message to the target RAN, to request the target RAN to establish a radio network resource, and create, in the target RAN, a UE context. After a PDU session (PDU session) is enabled, the target AMF can additionally allocate an uplink communication tunnel identifier and an IP address for the PDU session, and send the PDU session to the target RAN.
[0103] 5. The target RAN returns a handover request confirmation message to the target AMF.
[0104] The target RAN sends the handover request confirmation message to the target AMF. The acknowledgment message includes a PDU session that was accepted by the target RAN. The target RAN allocates an identifier of a downlink communication tunnel and an IP address of the PDU session, and sends the PDU session to the target AMF.
[0105] 6. The target AMF sends a key request to the SEAF.
[0106] In this modality of the present invention, the SEAF serves as a node for security authentication and key configuration; AMF and SEAF can be implemented separately, or they can be integrated. When the AMF and SEAF are implemented separately, there may be one or more SEAFs. Specifically, during handover between AMFs, the source AMF and the target AMF can be connected to the same SEAF, or the source AMF and the target AMF can be connected separately to different SEAFs (the source AMF is connected to a source SEAF, and the target AMF is connected to a target SEAF). In this case, the handover between AMFs is accompanied by the handover between SEAFs. When AMF and SEAF are integrated, AMF and SEAF can be implemented in the same physical location, but they are two logical entities having different functions; and then the handover between AMFs is also accompanied by the handover between SEAFs.
[0107] In this embodiment of the present invention, to ensure network communication security after handover between AMFs, the target AMF sends the key request to the SEAF, to obtain an intermediate key used to generate the security key.
[0108] It should be noted that there is no mandatory sequence between step 6 and steps 4 and 5. Specifically, during specific implementation, step 6 can be placed alternatively after step 3, or after step 4. No limitation in this regard here in the present invention.
[0109] It should be further noted that, in this embodiment of the present invention, the key request is not limited to a separate signaling message; and in a possible implementation, the main request in step 6 can be carried out in another interactive message between the target AMF and SEAF.
[0110] 7. SEAF generates Kamf based on Kseaf and a network parameter.
[0111] The Kseaf key is an anchor key. The anchor key is a key generated after authentication, and it is an upper layer key in a service network. The anchor key can be used to derive a lower layer key in the service network.
[0112] It should be noted that, in this embodiment of the present invention, after the UE is authenticated in the network, the SEAF has the key Kseaf. Kseaf can be permanently stored at SEAF or temporarily stored at SEAF. Kseaf is deleted after the lower layer key in the network is generated. In this case, when SEAF receives the key request from the target AMF, SEAF can send a request to an AUSF, and the AUSF generates the Kseaf based on the request and sends the Kseaf to the SEAF.
[0113] SEAF generates the new intermediate key Kamf (a first intermediate key) based on Kseaf and the network parameter, where Kamf can be used to derive a lower layer AS access stratum key and a stratum key not access lower-layer NAS.
[0114] The network parameter is a related parameter on the network side. For example, the network parameter can be one or more of a target side identifier, a slice identifier, a NAI network access identifier, NSSAI network slice selection assistance information, an AMF region identifier, a GUAMI globally unique AMF identifier, an AMF pointer, an AMF pool identifier, an AMF configuration identifier, and a Nonce count value or a counter or a random number or a sequence number. During a specific implementation, the network parameter can additionally include other parameters. The network parameter is briefly described below.
[0115] Target side identifier: The target side identifier can be an identifier that can uniquely identify target side information, such as a target side service network identifier, a target side specific cell ID, or an ID of target side base station.
[0116] Slice identifier: The slice identifier is used to uniquely identify a network slice ID.
[0117] Network Access Identifier (NAI): The NAI is generally used to uniquely identify a mobile node.
[0118] Network slice selection assistance information (NSSAI): NSSAI can include multiple slice identifiers, and an identifier of an entity related to the slice. By providing the NSSAI, an endpoint can select and create an occurrence related to a network slice. A piece of network slice selection assistance information can correspond to a network slice.
[0119] AMF Region Identifier (AMF Region ID): The AMF Region identifier is an identifier used to distinguish a region in which an AMF is located.
[0120] AMF configuration identifier (AMF pool ID): The AMF pool identifier is an identifier that uniquely identifies an AMF pool in an AMF region.
[0121] AMF Pointer (AMF Pointer): The AMF pointer is an identifier that uniquely identifies an AMF in an AMF set.
[0122] GUAMI globally unique AMF identifier: The GUAMI can be used to finally indicate an AMF, and can specifically be: <GUAMI> = <MCC> <MNC> <AMF region identifier> <AMF configuration identifier> <AMF pointer>, where the MCC indicates a mobile country code (Mobile Country Code) and the MNC indicates a mobile network code (Mobile Network Code).
[0123] Other parameters: in this embodiment of the present invention, other network parameters can additionally be a timestamp, a registration type, an AMF ID, a SEAF ID, a NAS count (NAS count), a security algorithm identifier, a security algorithm type name, an SQN sequence number, and an AK, and may additionally be lengths of those parameters or a crucial parameter mentioned above, or the like. For descriptions of "other parameters" used to generate a related key in the description below, refer to the description in this document, and details will not be described again below.
[0124] For example, in a specific modality, SEAF derives the intermediate key Kamf based on Kseaf and the network parameter:Kamf = KDF (Kseaf, Target Side ID, Slice ID, NAI, NSSAI, Region Identifier of AMF, GUAMI, AMF pointer, AMF configuration identifier, Nonce count value or counter or random number or sequence number, other parameters), where KDF is a key derivation function.
[0125] 8. SEAF sends Kamf to target AMF and correspondingly target AMF obtains Kamf.
[0126] 9. The target AMF generates a security key based on the Kamf.
[0127] The security key is used to secure the communication between the UE and the target RAN after the UE is handover transferred from the source RAN to the target RAN. A protocol stack can be divided into an access stratum (AS) and a non-access stratum (NAS). Therefore, the security key generated in this document needs to include an AS layer key and a NAS layer key.
[0128] In a specific modality, after receiving the intermediate key Kamf, the target AMF can determine a key protection algorithm based on a predefined rule. For example, an algorithm priority list is predefined in the target AMF, and the algorithm priority list includes a plurality of algorithm IDs. The target AMF fetches the algorithm priority list and selects a new NAS algorithm based on the algorithm priority list to obtain a NAS confidentiality algorithm ID and a NAS integrity algorithm ID. The target AMF can alternatively select a new AS algorithm to obtain an AS confidentiality algorithm ID and an AS integrity algorithm ID.
[0129] For the AS stratum key, the target AMF first generates an intermediate key KgNB. The KgNB is an intermediate key used on one side of the target RAN, and the KgNB is used to generate, on the side of the target RAN, a key (such as Krrcenc, Krrcint, Kupenc or Kupint) related to the AS stratum. In a subsequent step, the KgNB needs to be sent to the target access network device.
[0130] In this embodiment of the present invention, the target AMF specifically derives the KgNB based on the Kamf and a first parameter as follows: KgNB = KDF (Kamf, target cell identifier, frequency channel number, count value of NAS, NAS connection identifier, Nonce count value or Random counter or random number or Sequence Number sequence number, other parameters).
[0131] The NAS count value (NAS count) is a counter of NAS messages transmitted by the NAS or a counter of NAS data packets, and can specifically be an uplink NAS count value or a count value of Downlink NAS. The frequency channel number (EARFCN-DL) indicates a downlink communication frequency of a network. The target cell identifier (physical target cell ID) is used to uniquely identify a target cell.
[0132] For the NAS stratum key, the target AMF needs to generate Knasenc and Knasint. Knasenc in this document is a network-side NAS signaling encryption protection key, and Knasint in this document is a network-side NAS signaling integrity protection key. The target AMF stores the NAS layer key, and can additionally send the NAS layer key to another network core device as required.
[0133] In this embodiment of the present invention, the target AMF specifically derives the Knasenc based on the Kamf, the redetermined key protection algorithm, and a second parameter as follows: Knasenc = KDF (Kamf, confidentiality algorithm ID of NAS, Nonce count value or Random or Sequence random number Sequence Number Sequence Number, other parameters).
[0134] In this embodiment of the present invention, the target AMF specifically derives the Knasint based on the Kamf, the redetermined key protection algorithm and a third parameter as follows: Knasint = KDF (Kamf, ID integrity algorithm of NAS, Nonce count value or counter or Random random number or Sequence number Sequence number, other parameters).
[0135] 10. The target AMF sends the security key and a security context to the target RAN. Likewise, the target RAN obtains the security key and security context. The security key in this document includes the KgNB.
[0136] In a specific modality, the target AMF also notifies the target RAN of a selected NAS algorithm (which may also include an AS algorithm), so that the target RAN determines a security protection algorithm.
[0137] In a possible embodiment, the target AMF may additionally send the security context to the target RAN. The security context includes information related to network security. Specifically, the security context includes: a key lifetime, a key index, a UE security capability, an integrity algorithm, an integrity algorithm identifier, an encryption algorithm, an encryption algorithm identifier, a counter related to key calculation and the like, and may additionally include a specific key. The UE security capability can be a list of encryption and integrity algorithms supported by the UE, a key length or a key lifetime that is required by the UE, or the like.
[0138] After obtaining the security key, the target RAN continues to derive an AS stratum specific key, including the Krrcenc key, the Krrcint key, the Kupenc key, the Kupint key, or the like, based on the protection algorithm of security and intermediate key KgNB. The Krrcenc key is a control plane signaling encryption key on the radio access side of an air interface. The Krrcint key is a signaling integrity protection switch on the radio access side of the air interface. The Kupenc key is a user-plane encryption protection key on the radio access side of the air interface. The Kupint key is a user plane integrity protection key on the radio access side of the air interface.
[0139] It should be noted that if step 6 is placed after step 3, in a possible modality, the security key and security context in step 10 may be additionally placed in the Handover Request message in step 4 during the specific implementation.
[0140] 11. The target RAN sends a response to the target AMF to notify the target AMF that the security key has been successfully obtained.
[0141] 12. The target AMF sends a path switching response and security context to the source AMF.
[0142] Specifically, to respond to the path switching request in step 3, the target AMF sends a path switching request confirmation message to the source AMF. The path switching request acknowledgment message can carry the security context.
[0143] 13. The source AMF sends a handover command and security context to the source RAN.
[0144] Specifically, to respond to the handover request in step 2, the source AMF sends the handover command (HO command) to the source RAN to notify the source RAN that a handover preparation is complete. The handover command can carry the security context.
[0145] 14. The source RAN sends the handover command and security context to the UE.
[0146] Specifically, the source RAN sends the handover command to the UE, to notify the UE that the handover preparation is complete, and trigger the UE to complete a subsequent handover operation. The handover request can carry the security context.
[0147] 15. The UE generates the security key based on the Kseaf and security context.
[0148] It should be noted that the security context received on a UE side need only include one parameter that the UE side does not have when keys are generated on the network side, eg a random number, a timestamp/ time, or a security protection algorithm identifier. The UE may already have, in the above-mentioned steps, another parameter used to generate the keys.
[0149] After the UE is originally authenticated in the network, the Kseaf is already configured for the UE, and the UE additionally shares the network parameter on the network side beforehand. Therefore, for the UE, the UE can similarly generate a new NAS layer key and a new AS layer key based on Kseaf, network parameter, and security context. For example, the UE can first generate the Kamf based on the Kseaf, and then generate the AS stratum key (such as Krrcenc, Krrcint, Kupenc or Kupint) and the NAS stratum key (such as Knasenc or to Knasint) based on Kamf, the network parameter, and the security context. For a specific process, similarly reference the descriptions listed in step 7, step 9 and step 10, and the details will not be described in this document again.
[0150] 16. The UE and the target RAN complete a subsequent handover process.
[0151] The UE and the target RAN proceed further to complete the subsequent handover process. For example, after the UE is successfully synchronized with a target cell, the UE sends a handover confirmation message to the target RAN. The target RAN sends a handover notification to the target AMF to notify the target AMF that the UE is already located in the target cell. The target AMF sends a path switching completion message to the source AMF. Then the source AMF returns a response to the target AMF. The source AMF sends a UE context release message to instruct the source RAN to release a resource related to the UE. The source RAN returns a release confirmation message to the source AMF, and so on. Finally, the UE communication link is handover transferred from the source RAN to the target RAN.
[0152] It should be noted that, in this embodiment of the present invention, when a communication system performs AMF handover, SMFs corresponding to different AMFs may be different. Therefore, the SMF handover can also take place in the aforementioned process. In this case, the security protection of the PDU session also needs to be considered.
[0153] During the specific implementation, in step 7, when SEAF generates the Kamf, updating a PDU session key needs to be considered on a target side. Therefore, when SEAF generates Kamf, SEAF sends referral information to AUSF to trigger AUSF to generate a new PDU session key. Specifically, a Left K key is pre-stored in the AUSF. Therefore, AUSF can specifically generate the new PDU session key Ksmf based on Left K and UE related information and session information (such as a session ID and slice information) which is sent by the source AMF as follows :Ksmf = KDF (Left K, NAI, NSSAI, Slice ID, AMF related parameter, SMF related parameter, Nonce count value or Random counter or random number or Sequence number sequence number, other parameters).
[0154] Then, AUSF sends Ksmf to SEAF or target AMF, SEAF or target AMF forwards Ksmf to target SMF and UE, and target SMF / UE uses Ksmf to update session key of PDU.
[0155] It can be seen that, during the implementation of this modality of the present invention, in a handover implementation process between AMFs, the communication system can correspondingly generate the security key, and obtain and transmit the security context and the target side safety key by the use of a SEAF/AMF safety net element or similar. For the network, the target side security key is generated by a network element (such as the target SEAF/AMF) on the target side. Therefore, the target RAN cannot obtain the security key used by the source RAN and cannot decode communication information between the source RAN and the UE, thus implementing network communication retroactive security. The source RAN cannot obtain the security key used by the target RAN, and cannot decode communication information between the target RAN and the UE, thereby implementing early security of network communication.
[0156] Referring to Figure 6, an embodiment of the present invention provides another method of implementing security. In a scenario of applying this method, after the UE is authenticated on a network, first Kamf can be configured on both a UE side and a network side (such as a source AMF/SEAF source). When the UE needs to be handover transferred from a currently connected source RAN to a target RAN, network security can be implemented using the following method. The method includes, but is not limited to, the following steps.
[0157] 1. Source RAN triggers communication handover. Refer to the description in step 1 in Figure 5.
[0158] 2. The source RAN sends a handover request to the source AMF/SEAF source.
[0159] In this modality of the present invention, the SEAF serves as a node for security authentication and key configuration; the source AMF and the source SEAF can be implemented separately, or they can be integrated. When the source AMF and the source SEAF are implemented separately, the source AMF is connected to the source SEAF. In this case, handover between AMFs is accompanied by handover between SEAFs. When the source AMF and the source SEAF are integrated, the source AMF and the source SEAF can be deployed in the same physical location, but there are still two logical entities having different functions; and then the handover between AMFs is also followed by the handover between SEAFs.
[0160] 3. The source AMF/source SEAF derives the second Kamf based on the first Kamf.
[0161] After the source AMF/SEAF receives the handover request sent by the source RAN, the source SEAF/AMF generates a second intermediate key Kamf (the second Kamf for short) based on a pre-stored first intermediate key Kamf (the first Kamf for short) and a network parameter. For example, the network parameter can be one or more of a target side identifier, a slice identifier, a NAI network access identifier, NSSAI network slice selection assistance information, an AMF region identifier, a GUAMI globally unique AMF identifier, an AMF pointer, an AMF pool identifier, and a Nonce count value or a random number or sequence number. During specific implementation, the network parameter additionally includes other parameters.
[0162] In a specific modality, the source SEAF /AMF specifically derives the second Kamf based on the pre-stored first Kamf and the network parameter as follows: Second Kamf = KDF (first Kamf, ID of target side, ID of slice, NAI, NSSAI, AMF region identifier, GUAMI, AMF pointer, AMF configuration identifier, Nonce count value or counter or Random random number or Sequence number sequence number, other parameters).
[0163] It should be noted that when source AMF and source SEAF are separated from each other, the fact that source AMF/source SEAF derives second Kamf based on first Kamf may include the following cases:
[0164] Case 1: The source AMF derives the second Kamf based on the predefined first Kamf.
[0165] Case 2: The source SEAF derives the second Kamf based on the predefined first Kamf, and sends the second Kamf to the source AMF.
[0166] 4. The source AMF/source SEAF sends a path switching request and the second Kamf to a target AMF/SEAF target.
[0167] In this embodiment of the present invention, the target AMF and the target SEAF can be deployed separately or can be integrated. When the target AMF and the target SEAF are deployed separately, the target AMF is connected to the target SEAF. In this case, handover between AMFs is accompanied by handover between SEAFs. When the target AMF and the target SEAF are integrated, the target AMF and the target SEAF can be deployed in the same physical location, but they are still two logical entities having different functions; and then the handover between AMFs is also followed by the handover between SEAFs.
[0168] In a specific modality, the source AMF/source SEAF sends a path switching request to the target AMF/SEAF target, where the path switching request carries the second Kamf.
[0169] In another specific modality, the source AMF/source SEAF respectively send the path switching request and the second Kamf to the target AMF/SEAF target.
[0170] 5. Target AMF/Target SEAF sends a handover request to the target RAN.
[0171] 6. The target RAN returns a handover request confirmation message to the target AMF/SEAF target.
[0172] 7. Target AMF/Target SEAF generates a security key based on the second Kamf.
[0173] The security key is used to secure the communication between the UE and the target RAN after the UE is handover transferred from the source RAN to the target RAN. The security key generated in this document includes an AS layer key and a NAS layer key.
[0174] In this embodiment of the present invention, after receiving the intermediate key Kamf, the target AMF/SEAF target can determine a NAS confidentiality algorithm ID and a NAS integrity algorithm ID based on a predefined rule, and the AMF target/SEAF target derives KgNB based on the first Kamf and a first parameter, derives Knasenc based on the first Kamf, a key protection algorithm, and a second parameter, and derives Knasint based on the first Kamf, the algorithm of key protection, and a third parameter. Target AMF/Target SEAF can store Knasenc and Knasint. For a specific operation, similarly refer to step 9 in the embodiment in Figure 5 and details will not be described in this document again.
[0175] It should be noted that, there is no mandatory sequence between steps 7 and steps 5 and 6. Specifically, during specific implementation, step 6 can be placed alternatively after step 4, or after step 5. There is no limitation in this regard herein in the present invention.
[0176] It should additionally be noted that when the target AMF and the target SEAF are separate from each other, the fact that the target AMF/target SEAF generates a security key based on the second Kamf may include the following cases:
[0177] Case 1: The target AMF derives the security key based on the second predefined Kamf.
[0178] Case 2: The target SEAF derives the security key based on the second predefined Kamf, and sends the security key to the target AMF.
[0179] 8. Target AMF/Target SEAF sends the security key and a security context to the target RAN. The security key sent includes the KgNB. For a specific operation, similarly refer to step 10 in the embodiment in Figure 5, and details will not be described in this document again.
[0180] 9. The target RAN returns a response to the target AMF/target SEAF, to notify the target AMF/target SEAF that the security key has been successfully obtained.
[0181] 10. The target AMF/target SEAF sends a path switching response and security context to the source AMF/source SEAF.
[0182] Specifically, to respond to the path switching request in step 4, the target AMF sends a path switching request confirmation message to the source AMF. The path switching request acknowledgment message can carry the security context.
[0183] 11. The source AMF/source SEAF returns a handover command and security context to the source RAN. Specifically, to respond to the handover request in step 2, the source AMF sends the handover command (HO command) to the source RAN to notify the source RAN that a handover preparation has been completed. The handover request can carry the security context.
[0184] 12. The source RAN sends the handover command and security context to the UE.
[0185] Specifically, the source RAN sends the handover command to the UE, to notify the UE that the handover preparation is complete, and to trigger the UE to complete a subsequent handover operation. The handover request can carry the security context.
[0186] 13. The UE generates the security key based on the first Kamf and the security context.
[0187] It should be noted that the security context received on a UE side need only include one parameter that the UE side does not have when keys are generated on the network side, eg a random number, a timestamp/ time, or a security protection algorithm identifier. The UE may already have, in the above-mentioned steps, another parameter used to generate the keys.
[0188] After the UE is originally authenticated in the network, the first Kamf is already configured for the UE, and the UE additionally shared the network parameter on the network side beforehand. Therefore, it can be understood that, for the UE, the UE can similarly generate a new NAS stratum key and a new AS stratum key based on the first Kamf, the network parameter, and the security context. The UE and the target RAN complete a subsequent handover process.
[0189] It should be noted that, in the modality in Figure 6, in a possible implementation, step 3 can be canceled. In step 4, the source AMF/source SEAF sends the first Kamf to the target AMF/target SEAF, and after step 4, the target AMF/target SEAF generates the second Kamf based on the first Kamf.
[0190] It should be further noted that, in this embodiment of the present invention, when a communication system performs AMF handover, SMFs corresponding to different AMFs may be different. Therefore, the SMF handover can also take place in the aforementioned process. In this case, the security protection of a PDU session also needs to be considered. During the specific implementation, in step 7, when the target AMF/SEAF target generates the security key based on the second Kamf, updating a PDU session key needs to be considered on a target side. For example, the target AMF/target SEAF sends indication information to the AUSF to trigger the AUSF to generate a new PDU session key. Specifically, a Left K key is pre-stored in the AUSF. Therefore, AUSF can generate the new session key PDU Ksmf based on Left K, and UE related information and session information (such as a session ID and slice information) that are sent by the source AMF/SEAF source.
[0191] It can be seen that, during the implementation of this modality of the present invention, in a handover implementation process between AMFs, the communication system can correspondingly generate the security key, and obtain and transmit the security context and the target side safety key by the use of a SEAF/AMF safety net element or similar. The derivation of a lower layer key comes from the derivation of the first intermediate key Kamf by the source AMF/source SEAF, and one side of the source AMF/source SEAF generates and transmits a security context from the target side. For the network, the target RAN cannot decode communication information between the source RAN and the UE, thereby implementing network communication retroactive security.
[0192] Referring to Figure 7, an embodiment of the present invention provides another method of implementing security. When the UE needs to be handover transferred from a currently connected source RAN to a target RAN, network security can be implemented using the following method. The method includes, but is not limited to, the following steps.
[0193] 1. Source RAN triggers communication handover.
[0194] 2. The source RAN sends a handover request to a source AMF/SEAF source.
[0195] 3. The source AMF/source SEAF sends a path switching request to a target AMF/SEAF target.
[0196] 4. Target AMF/Target SEAF sends a handover request to the target RAN.
[0197] 5. The target RAN returns a handover request confirmation message to the target AMF/SEAF target.
[0198] 6. Target AMF/Target SEAF determines a local security policy.
[0199] The security policy can be predefined in a local cache, or it can be stored in another element of the security network (such as a PCF, UDM or AUSF). The security policy instructs to determine whether the handover from the UE to the target RAN needs to be re-authenticated. Target AMF/Target SEAF queries the local cache for security policy, or queries the other safety net element for security policy.
[0200] For example, the security policy can be determined based on the following implementation conditions: a key on the source AMF/SEAF side has expired or is no longer secure, or a UE security capability needs to be re-obtained but not is achieved using a security context transmitted by the source AMF/source SEAF side. Then, when a current status satisfies the implementation condition indicated by the security policy, the target AMF/SEAF target determines that the local security policy indicates that the handover from the UE to the target RAN needs to be reauthenticated. Therefore, the target AMF/target SEAF continues to play a subsequent step.
[0201] 7. The target AMF/SEAF target returns a path switching response to the source AMF/SEAF source, where the path switching response does not carry a security context.
[0202] 8. The source AMF/source SEAF returns a handover command to the source RAN, where the handover command does not carry a security context.
[0203] 9. The source RAN sends the handover command to the UE, where the handover command does not carry a security context.
[0204] 10. The UE and the target RAN complete a subsequent handover process.
[0205] 11. The UE and an AUSF or a UDM perform bidirectional authentication.
[0206] After a UE communication connection is handover transferred from the source RAN to the target RAN, the UE and an authenticating network element perform bidirectional authentication to verify the validity of an identity of the UE. The authentication network element can be the AUSF, or it can be the UDM. After bidirectional authentication is successful, both a UE side and a target AMF/SEAF side get a new Kseaf anchor key.
[0207] 12. Target AMF/Target SEAF generates a security key based on the new Kseaf.
[0208] It can be understood that the target AMF/SEAF target generates the security key (KgNB of an AS stratum key, and a NAS stratum key) based on the new Kseaf, on a shared network parameter in advance, and on a security context, and stores the NAS stratum key. For a detailed process, refer to the descriptions listed in step 7, step 9, and step 10 in the embodiment in Figure 5, and details will not be described in this document again.
[0209] It should be noted that the security context in this document may be a result of obtaining an intersection of the security context transmitted from the source AMF/source SEAF side and a security context from the target AMF/SEAF target side. For example, the security context finally obtained includes: an encryption algorithm ID, an integrity algorithm ID, the security capability of the user equipment, and the like.
[0210] 13. The target AMF/target SEAF sends the security key to the target RAN, where the sent security key includes KgNB.
[0211] 14. The UE generates the security key based on the new Kseaf. There is no required sequence between this step and steps 12 and 13.
[0212] It can be understood that the UE may alternatively generate the security key based on the new Kseaf, the shared network parameter in advance, and the security context. For a detailed process, refer to the descriptions listed in step 7, step 9 and step 10 in the modality in Figure 5 and details will not be described in this document again.
[0213] It should be noted that for a step not described in detail in the modality in Figure 7, refer similarly to the descriptions listed in the modalities in Figure 5 and Figure 6.
[0214] It should be further noted that, in this embodiment of the present invention, when a communication system performs AMF handover, SMFs corresponding to different AMFs may be different. Therefore, the SMF handover can also take place in the aforementioned process. In this case, the security protection of a PDU session also needs to be considered. Specifically, after the bidirectional authentication described in step 11 is successful, AUSF similarly obtains a new Left K key, and AUSF can generate a new PDU session key Ksmf, and send the new PDU session key Ksmf to an SMF. Details will not be described in this document again.
[0215] Authentication is performed again on a target side to obtain a new protection key, and early security and retroactive security are met. A source side does not need to transmit a key, and a protection key does not need to be generated based on an existing key either.
[0216] It can be seen that, during the implementation of this modality of the present invention, after the handover between AMFs ends, the communication system can obtain a new protection key after the bidirectional authentication is performed again, and the source network side does not it must pass an intermediate key, and an intermediate key does not have to be generated based on an original key either. For the network, the target RAN cannot obtain the security key used by the source RAN, and cannot decode communication information between the source RAN and the UE, thereby implementing network communication retroactive security. The source RAN cannot obtain the security key used by the target RAN, and cannot decode communication information between the target RAN and the UE, thereby implementing advance security of network communication.
[0217] Referring to Figure 8, an embodiment of the present invention provides another method of implementing security. In a scenario applying this method, after the UE is authenticated on a network, a first Kamf key can be configured on a UE side and a source AMF/SEAF source, and the first KgNB is configured on a source RAN side. When the UE needs to be handover transferred from a currently connected source RAN to a target RAN, network security can be implemented using the following method. The method includes, but is not limited to, the following steps.
[0218] 1. Source RAN triggers communication handover.
[0219] 2. The source RAN sends a handover request to the source AMF/SEAF source.
[0220] 3. Source AMF/source SEAF derives second Kamf based on first Kamf. For a detailed derivation process, refer to the description of step 3 in the modality in Figure 6
[0221] 4. The source AMF/source SEAF sends a path switching request, the second Kamf, a first NH and a first NCC to a target AMF/SEAF target.
[0222] In this embodiment of the present invention, a KeNB key is associated with an NH parameter and an NCC parameter, where NH indicates a next-hop key, and NCC indicates a next-hop chain counter. Both KeNB and NH can be derived from another intermediate key (such as Kasme). In an initial settlement process, KeNB is derived directly from Kasme, and an NCC value is 0. Subsequently, when KeNB needs to be updated, KeNB can be updated based on a {NH, NCC} pair.
[0223] In a specific modality, the source AMF/source SEAF determines a pair {first NH, first NCC} and separately sends {first NH, first NCC, second Kamf} and the path switching request to the target AMF/SEAF target.
[0224] In another specific modality, the source AMF/source SEAF determines a pair {first NH, first NCC} and sends separately the pair {first NH, first NCC} and the second Kamf to the target AMF/SEAF by use of the path switching request.
[0225] 5. Target AMF/Target SEAF generates a first security key based on the second Kamf, the first NH, and the first NCC.
[0226] During specific implementation, the target AMF/SEAF target stores the received pair {first NH, first NCC} and derives a pair {second NH, second NCC} based on the pair {first NH, first NCC} and the second Kamf . A specific derivation process is as follows: second NH = KDF (second Kamf, first NH); and second NCC = first NCC+1.
[0227] In addition, the target AMF/SEAF target additionally specifically derives Knasenc based on the second Kamf, a re-determined key protection algorithm, and a second parameter as follows: Knasenc = KDF (second Kamf, NAS confidentiality algorithm ID, Nonce count value or Random counter or random number or Sequence number Sequence number, other parameters).
[0228] Target AMF/Target SEAF additionally specifically derives Knasint based on the second Kamf, the key protection algorithm, and a third parameter as follows: Knasint = KDF (second Kamf, integrity algorithm ID of NAS, Nonce count value or counter or Random random number or Sequence number Sequence number, other parameters).
[0229] It can be understood that the first security key includes the {second NH, second NCC} pair, the Knasenc key, and the Knasint key. Subsequently, the target AMF/target SEAF stores the Knasenc key and the Knasint key, and sends the {second NH, second NCC} pair to an access network.
[0230] 6. The target AMF/target SEAF sends a handover request and a pair {second NH, second NCC} that is in the first security key to the target RAN and, correspondingly, the target RAN obtains and stores the pair {second NH, second NCC}.
[0231] 7. The target RAN sends a handover request confirmation message to the target AMF/SEAF to notify the target AMF/SEAF that the {second NH, second NCC} pair is in the first security key has been successfully obtained.
[0232] 8. The target RAN generates a second security key based on the first security key.
[0233] During the specific implementation, the target RAN specifically generates the second KgNB based on the pair {second NH, second NCC}, and a parameter as a physical identifier of the target RAN, as follows: second KgNB = KDF (second NH , physical identifier, other parameters).
[0234] It can be understood that, after obtaining the second KgNB, the target RAN can continue to derive specific AS strata keys, such as a Krrcenc key, a Krrcint key, a Kupenc key, and a Kupint key based on an algorithm of security protection and in the second KgNB.
[0235] 9. The target AMF/SEAF target returns a path switching response and a security context to the source AMF/SEAF source.
[0236] 10. The source AMF/source SEAF returns a handover command and security context to the source RAN.
[0237] 11. The source RAN returns the handover command and security context to the UE.
[0238] 12. The UE generates a security key based on the first Kamf and the security context.
[0239] It should be noted that the security context received on a UE side need only include one parameter that the UE side does not have when keys are generated on a network side, eg a random number, a stamp of date/time, a security protection algorithm identifier, or {first NH, first NCC}. The UE may already have, in the above-mentioned steps, another parameter used to generate the keys.
[0240] It can be understood that after the UE is originally authenticated in the network, the first Kamf is already configured for the UE, and the UE shared a network parameter on the network side beforehand. Therefore, the UE can generate a NAS stratum key based on the first Kamf, the network parameter, and the security context. Furthermore, the UE can further obtain {second NH, second NCC} based on {first NH, first NCC} and the first Kamf, generate the second KgNB based on {second NH, second NCC}, and the parameter such as the physical identifier of the target RAN and then deriving an AS stratum specific key based on the second KgNB.
[0241] 13. The UE and the target RAN complete a subsequent handover process.
[0242] It can be seen that, during the implementation of this modality of the present invention, in a handover implementation process between AMFs, a target side (such as the target RAN or the target AMF/SEAF target) generates a security key from the target side based on the KgNB and Kamf switches of a source side (such as source RAN or source AMF/source SEAF). For the network, the target RAN cannot obtain the security key used by the source RAN, and cannot decode communication information between the source RAN and the UE, thereby implementing the retroactive security of the network communication.
[0243] It should be noted that, in some of the aforementioned embodiments of the present invention, when a communication system performs AMF handover, SMFs corresponding to different AMFs may be different. Therefore, the SMF handover can also take place in the aforementioned process. In this case, the security protection of a PDU session also needs to be considered.
[0244] In an AMF handover procedure, updating a PDU session key needs to be considered on the target side. During the specific implementation, the target AMF/target SEAF sends indication information to the AUSF to trigger the AUSF to generate a new PDU session key. Specifically, a Left K key is pre-stored in AUSF. Therefore, AUSF can specifically generate the new PDU session key Ksmf based on Left K, and UE related information and session information (such as a session ID and slice information) that are sent by the target AMF/ Target SEAF:Ksmf = KDF (Left K, NAI, NSSAI, Slice ID, AMF related parameter, SMF related parameter, Nonce count value or counter or Random random number or Sequence number sequence number, other parameters).
[0245] Then the AUSF sends the Ksmf to the SEAF or the target AMF, the SEAF or the target AMF forwards the Ksmf to the target SMF and the UE, and the target SMF/UE uses the Ksmf to update the PDU session key.
[0246] The security implementation method provided in this modality of the present invention can not only be applied to a handover scenario between RANs/between AMFs in the same communication system, but can also be applied to a handover scenario between NodeBs ( an eNB and a gNB) or between access and management network elements (an MME and an AMF) in different communication systems. Referring to Figure 9, an embodiment of the present invention provides another method of implementing security. The method can be applied to handover processes in different communication systems. For example, the UE originally establishes a communication connection in a first communication system, and thereafter the UE needs to handover the communication connection to a second communication system (e.g., a mobile phone is handovered from a system communications system to a 5G communications system) based on a user requirement or a network status at that time. In one possible implementation, the first communications system (the LTE communications system) includes: an eNB located in an access network, an MME and an HSS located in a network core, and the like. The second communication system (the 5G communication system) includes: a gNB located in the access network, a target AMF/SEAF target and an AUSF located in the core network, and the like. When the UE needs to be handover transferred from the eNB currently connected to the gNB, network security can be implemented using the following method. The method includes, but is not limited to, the following steps.
[0247] 1. The eNB triggers the communication handover.
[0248] Specifically, the eNB can trigger the communication handover based on factors such as a UE requirement, UE movement, and a network status at that moment.
[0249] 2. The eNB sends a handover request to the MME.
[0250] The eNB sends a Handover Required message to the MME to notify the MME that a user needs to handover, where the Handover Required message carries an identifier of the UE.
[0251] 3. The MME sends a path switching request, a source system security context, and an intermediate Kasme key to the target AMF/SEAF target.
[0252] The source system security context is a security context of the first communications system. For example, the security context of the first communication system includes: a lifetime of a security-related key in the first communication system, a key index, a security capability of the UE, an integrity algorithm, an algorithm identifier an integrity code, an encryption algorithm, an encryption algorithm identifier, and a counter related to key calculation and may also include a specific key. The UE security capability may be a list of encryption and integrity algorithms supported by the UE, a key length or key lifetime required by the UE, or the like.
[0253] The intermediate key Kasme is an upper layer key generated after authentication in the first communication system, and is used to derive a lower layer access layer key and a lower layer no access layer key.
[0254] In a specific modality, the path switching request sent by the MME to the AMF/SEAF on a target side carries the security context of the first communications system and the intermediate key Kasme.
[0255] In another specific modality, the MME separately sends the path switching request, the security context of the first communication system, and the intermediate key Kasme to the target AMF/SEAF.
[0256] 4. Target AMF/Target SEAF obtains Kamf based on Kasme.
[0257] In a specific modality, the AMF/SEAF derives the Kamf based on the intermediate key Kasme and a network parameter. An example is as follows:Kamf = KDF (Kamf, Target Side ID, Slice ID, NAI, NSSAI, AMF Region Identifier, GUAMI, AMF Pointer, AMF Setting Identifier, Count Value Nonce or Counter or Random random number or Sequence number Sequence number, other parameters).
[0258] In addition, during specific implementation, AMF/SEAF may additionally derive Kamf by using Kasme, the security context of the first communications system (eg using the UE security capability), the network parameter, and the like.
[0259] 5. Target AMF/Target SEAF generates a security key based on Kamf.
[0260] In a specific modality, the target AMF/SEAF target can determine a key protection algorithm of the second communications system based on a predefined rule. For example, a 5G algorithm priority list is predefined in the target AMF/SEAF target, and the algorithm priority list includes a plurality of algorithm IDs. The target AMF fetches the algorithm priority list, and selects a 5G NAS algorithm based on the algorithm priority list, to obtain a NAS confidentiality algorithm ID and a NAS integrity algorithm ID.
[0261] It can be understood that the target AMF/target SEAF can derive an AS stratum key and a NAS stratum related key, for example, KgNB, Knasenc and Knasint, based on Kamf; and target AMF/target SEAF stores Knasenc and Knasint. For a detailed process, refer to the description of step 9 in Figure 5, and details will not be described in this document again.
[0262] 6. Target AMF/Target SEAF sends a handover request and security key to the gNB, where the security key sent in this document includes KgNB. Correspondingly, the gNB gets the KgNB.
[0263] In a specific modality, the target AMF/SEAF target sends the handover request to the gNB, where the handover request carries the KgNB key.
[0264] It should be noted that if the Nonce count value or counter is used in the aforementioned process of generating key 4 and in step 5, the handover request additionally carries the Nonce count value or counter, so that one side of UE can correctly generate the key.
[0265] In this embodiment of the present invention, when the second communications system supports user plane integrity protection, the gNB needs to determine whether a user plane integrity protection key needs to be generated and enabled. Specifically, the gNB can determine this based on a pre-stored policy, or the gNB can determine this by negotiating with a network element such as an SMF or an AMF, or the gNB can determine this based on a security context of the second communications system, where the security context includes information indicating whether integrity protection is enabled. Upon determining that user plane protection is supported, the gNB continues to generate a subsequent AS stratum key such as the Krrcenc key, the Krrcint key, the Kupenc key, or the Kupint key based on the KgNB.
[0266] 7. The gNB sends a handover request confirmation message to the target AMF/SEAF target.
[0267] 8. Target AMF/Target SEAF sends a path switching request and a security context to the MME.
[0268] If the Nonce count value or counter is used in the aforementioned process of generating the key, the security context includes the Nonce count value or counter.
[0269] 9. The MME sends a handover command and security context to the eNB.
[0270] 10. The eNB sends the handover command and security context to the UE.
[0271] 11. The UE generates the security key.
[0272] It should be noted that the security context received on the UE side need only include one parameter that the UE side does not have when keys are generated on a network side, for example, a random number (the Nonce count value or the counter), a timestamp, or a 5G-related security protection algorithm identifier. The UE may already have, in the above-mentioned steps, another parameter used to generate the keys.
[0273] The UE may obtain the Kasme from the first communication system. Therefore, for the UE, the UE can similarly generate a new NAS layer key and a new AS layer key based on Kasme, network parameter, security context, and the like. For example, the UE can first generate the Kamf based on the Kasme and then generate the AS stratum key (such as Krrcenc, Krrcint, Kupenc or Kupint) and the NAS stratum key (such as Knasenc or to Knasint) based on Kamf, network parameter, and security context. Details will not be described in this document again.
[0274] 12. The UE and the gNB complete a subsequent handover process, so that a communication connection from the UE is finally handover from the eNB to the gNB.
[0275] It should be noted that, in the modality in Figure 9, in a possible implementation, Kasme may not be transmitted in step 3, and step 4 may be canceled. Then, before step 5, AUSF generates a new Kseaf from the target side based on a CK/IK from the target side and a source system security context that is passed by the MME, and sends the new Kseaf to the AMF target/SEAF target. The target AMF/target SEAF then generates a subsequent key, such as the Kamf, based on the new Kseaf and a security protection algorithm from the first communications system (such as 5G).
[0276] It should additionally be noted that, in a possible implementation, Kasme may not be passed in step 3, and step 4 may be cancelled. Then, before step 5, HSS calculates a Klte key based on an HSS parameter, for example a CK/an IK or a NONCE, and passes the Klte to the AUSF, and then the AUSF generates the Kseaf and the Left K based on Klte. Specifically, Kseaf = KDF (Klte, service network name identifier, Nonce count value or Random counter or random number or Sequence number sequence number, other parameters). The AUSF sends the Kseaf to the target AMF/SEAF, and then the target AMF/SEAF generates a subsequent key, such as the Kamf, based on the Kseaf and the first communications system's security protection algorithm (such as 5G).
[0277] It can be seen that, during the implementation of this modality of the present invention, in an intercom system handover implementation process, a communications system on the target side can correspondingly generate a security key using a intermediate key and a security context of a communication system on a source side, to perform security protection on communication in the communication system after handover. For the network, the target-side communication system cannot obtain the security key used by the source-side communication system, and cannot decode communication information between the source-side communication system and the UE, thereby implementing security network communication retroactive effect.
[0278] Referring to Figure 10, an embodiment of the present invention provides another method of implementing security. The method can be applied to handover processes in different communication systems. For example, the UE originally establishes a communication connection in a second communication system, and later, the UE needs to handover the communication connection to a first communication system (e.g., a cell phone is handovered from a 5G communications system to LTE communication system) based on a user requirement and a network status at that time. In one possible implementation, the first communications system (the LTE communications system) includes: an eNB located in an access network, an MME and an HSS located in a network core, and the like. The second communication system (the 5G communication system) includes: a gNB located in the access network, a target AMF/SEAF target and an AUSF located in the core network, and the like. When the UE needs to be handover transferred from the currently connected gNB to the eNB, network security can be implemented using the following method. The method includes, but is not limited to, the following steps.
[0279] 1. The gNB triggers the communication handover.
[0280] Specifically, the eNB can trigger the communication handover based on factors such as a UE requirement, UE movement, and a network status at that moment.
[0281] 2. The gNB sends a handover request to a source AMF/SEAF source to notify the source AMF/SEAF source that a user needs to handover.
[0282] 3. The source AMF/source SEAF sends a path switching request and a source system security context to the MME, and the MME sends a handover request and the source system security context to the HSS.
[0283] The source system security context is a security context of the second communications system. For example, the security context of the second communications system includes: a lifetime of a security-related key in the second communications system, a key index, a security capability of the UE, an integrity algorithm, an algorithm identifier An integrity code, an encryption algorithm, an encryption algorithm identifier, and a counter related to key calculation, and may also include a specific key and information indicating whether integrity is enabled.
[0284] In a specific modality, the path switching request sent by the source AMF/source SEAF to the MME carries the security context.
[0285] 4. The HSS sends a path switching request response to the MME, and the MME returns the path switching request response to the source AMF/SEAF.
[0286] 5. AUSF sends a CK and an IK to the HSS.
[0287] In a specific modality of the present invention, to meet a security requirement of an LTE system after handover, the AUSF can be configured to: generate an integrity key (Integrity Key, IK) and a CK encryption key (Cipher Key, CK) that are needed by the HSS, and send the CK and IK to the HSS.
[0288] 6. The HSS sends a response to the AUSF to notify the AUSF that the CK and IK were successfully received.
[0289] 7. The HSS generates the Kasme based on the CK and the IK.
[0290] In a specific modality, the fact that the HSS additionally derives the intermediate key Kasme that fits the first communication system based on the obtained CK and IK can be specifically: Kasme = KDF (CK, IK, name identifier network number, SQN sequence number, other parameters).
[0291] 8. The HSS sends the generated Kasme to the MME and, correspondingly, the MME obtains the Kasme.
[0292] 9. The MME generates a security key based on Kasme and the security context.
[0293] In a specific modality, the MME can generate the security key (including a KeNB key and a NAS key) based on a parameter, such as Kasme, UE security capability, and a security capability of the network side, and the MME can store the NAS key. For example, the security capability of the UE may be a list of encryption and integrity algorithms supported by the UE, and a key length or key lifetime required by the UE. For example, network-side security capability can be a list of encryption and integrity algorithms that are supported by a network and configured in advance on a network device on the network side, a priority list of supported encryption and integrity algorithms. by an operator, a key length or key lifetime supported by the network device/operator, or the like.
[0294] During specific implementation, a main KeNB generation process can be:KeNB = KDF (new NAS count value, NAS count value length, algorithm identifier, other parameters).
[0295] 10. The MME sends a S1 path switching request and the security key to the eNB, where the security key sent includes the KeNB.
[0296] An S1 interface is an interface between the eNB and the MME. In a specific modality, the MME sends a trajectory switching request to the eNB by using the S1 interface, where the trajectory switching request can carry the KeNB. In another specific modality, the MME separately sends a path switching request and the KeNB to the eNB using the S1 interface.
[0297] 11. The eNB provides an S1 path response to the MME to notify the MME that the message was successfully received.
[0298] 12. The eNB does not calculate a user plan integrity key.
[0299] In this modality of the present invention, when the first communications system (LTE) does not support user plan integrity protection, the eNB determines that a user plan integrity protection key does not need to be generated and enabled. In this case, if the received security key includes the user plan integrity protection key, the eNB does not enable the key. Also, in a process where the eNB generates an AS key based on the received KeNB key, a user plane integrity protection key from an AS is no longer generated.
[0300] 13. The source AMF/source SEAF returns a handover command and security context to the gNB.
[0301] 14. The gNB sends the handover command and security context to the UE.
[0302] 15. The UE generates a security key.
[0303] It should be noted that the security context received by a UE side need only include one parameter that the UE side does not have when keys are generated on the network side, for example, a random number (the count value Nonce or the counter), a timestamp, or a security protection algorithm identifier related to LTE. The UE may already have, in the above-mentioned steps, another parameter used to generate the keys. The UE can derive the Kasme based on the predefined Kamf, and obtain a corresponding AS layer key and a corresponding NAS layer key based on the Kasme, a network parameter, the security context, and the like.
[0304] 16. The UE and the eNB complete a subsequent handover process, so that a communication connection from the UE is finally handover from the gNB to the eNB.
[0305] It should be noted that, in the modality in Figure 10, in a possible implementation, step 5 and step 6 can be canceled. In step 7, the HSS can generate the intermediate key Kasme based on the pre-stored CK/IK and the security context of the received source system (the second system). In step 9, the MME can generate the KeNB and NAS key based on the Kasme and security protection algorithm (such as 5G) of the first system.
[0306] It should also be noted that, in another possible implementation, the AMF can send the Kamf to the MME, and the MME can derive the Kasme based on the Kamf as follows: first derivation: Kasme = KDF (Kamf, ID of target side, service network name identifier, Nonce count value or Random counter or random number or sequence number Sequence number, sequence number, NAS count); second lead: Kasme = KDF (Kamf, Kasme in first lead, other parameters).
[0307] It can be seen that, during the implementation of this modality of the present invention, in an intercom system handover implementation process, a communications system on the target side can correspondingly generate a security key using a key intermediary and a security context of a communication system on a source side, to perform security protection on communication in the communication system after handover. For the network, the communication system on the target side cannot obtain the security key used by the communication system on the source side, and cannot decode information communicated between the communication system on the source side and the UE, implementing retroactive security in the communication network.
[0308] Referring to Figure 11, based on the same idea of the invention, an embodiment of the present invention provides a scenario of applying communication handover in a communication system that combines a 5G network and a WLAN network. The 5G network includes an access network and a network core. The access network includes a RAN device 331 and a RAN device 332, and the network core includes a group of network core devices 341. Access network devices are separately connected to network core devices using a N2 interface. The WLAN network includes a wireless node 321, a wireless node 322, and user equipment that establishes a communication connection with a wireless node (the wireless node can also be considered as a part of the access network). The wireless node can be connected separately to the RAN device 331 and the RAN device 332 using an Xw interface. Uplink or downlink communication is performed between the user equipment and the wireless node using a WLAN technology.
[0309] In a specific communication scenario, the user equipment is in communication connection with wireless node 321. If the user equipment moves from location 311 to location 312, the user equipment may need to transfer via handover a communication connection from wireless node 321 to wireless node 322. After a handover process is completed, the user equipment is in communication connection with wireless node 322, and then communication can continue. In this process, a communication handover process may be accompanied by a communication handover of a RAN device.
[0310] In this scenario, the security implementation method provided in the embodiments of the present invention can also be used to perform security protection in communication after handover. Specifically, the following steps can be included.
[0311] 1. The RAN device 332 receives a request to handover the user equipment from wireless node 321 to wireless node 322 to perform communication.
[0312] In this embodiment of the present invention, for example, the wireless node can be a WLAN (WLAN Termination) termination, a radio AP access point, a wireless router, or the like. For example, the RAN device can be a base station device such as a gNB.
[0313] 2. The RAN device 332 obtains a master key.
[0314] In a specific modality, the RAN device 332 can obtain the master key as follows:
[0315] The network core device group 341 generates an intermediate key KgNB, and sends the KgNB to the RAN device 332.
[0316] The RAN device 332 generates the master key based on the KgNB, for example, when the wireless node is a WLAN (WLAN Termination) termination.
[0317] The RAN device 332 specifically derives a master key S-Kwt based on KgNB and WLAN termination counter (WT counter) as follows: S-Kwt = KDF (KgNB, WT counter, other parameters).
[0318] 3. The RAN device 332 sends the master key to the wireless node 322 by using the Xw interface, where the S-Kwt is a WLAN air interface protection key, and the wireless node 322 generates a key security key based on the S-Kwt master key and the IEEE 802.11 standard, where the security key is used to secure the communication between the user equipment and the wireless node 322 after the user equipment is transferred by node handover wireless 321 to wireless node 322.
[0319] 4. The RAN device 332 sends a WLAN termination counter (WT counter) to the user equipment using an air interface message, such as an RRC signaling message, between the RAN device 332 and the UE, so that the user equipment can also calculate the corresponding S-Kwt, and then generate the security key based on the S-Kwt and the IEEE standard.
[0320] The methods in the embodiments of the present invention have been described so far in detail. To help better implement the aforementioned solutions in the embodiments of the present invention, the following are related apparatuses in the embodiments of the present invention.
[0321] Referring to Figure 12, an embodiment of the present invention provides an apparatus 1200. The apparatus 1200 includes a processor 1201, a memory 1202, a transmitter 1203, and a receiver 1204. The processor 1201, the memory 1202, the transmitter 1203, and receiver 1204 are connected to each other (for example, connected to each other using a bus).
[0322] Memory 1202 includes, but is not limited to, Random Access Memory (RAM), Read-Only Memory, ROM, Erasable Programmable Read Only Memory Memory, EPROM) or a compact disc read-only memory (Compact Disc Read-Only Memory, CD-ROM). Memory 1202 is configured to store a related instruction and related data.
[0323] Transmitter 1203 is configured to transmit data, and receiver 1204 is configured to receive data.
[0324] Processor 1201 may be one or more central processing units 1201 (Central Processing Unit, CPU), and when processor 1201 is a CPU, the CPU may be a single-core CPU, or a multi-core CPU.
[0325] Processor 1201 is configured to read program code stored in memory 1202 to implement authentication network element functions in the mode in Figure 3.
[0326] When apparatus 1200 is a first network element, the program code stored in memory 1202 is specifically used to implement functions of the first network element in the mode in Figure 4. Detailed descriptions are as follows:
[0327] Receiver 1204 is configured to receive a request to handover user equipment from a source access network device to a target access network device to perform communication.
[0328] Processor 1201 is configured to obtain a security key. The security key is used to protect communication between the user equipment and a target network after the user equipment is handover transferred from the source access network device to the target access network device, where the target network includes the device. of target access network and a target network core device, and the target network core device includes the first network element.
[0329] Transmitter 1203 is configured to send the security key to the target access network device.
[0330] In a specific modality, the fact that the 1201 processor is configured to obtain a security key includes: The 1201 processor is configured to obtain a first intermediate key, where the first intermediate key is an upper layer key generated after authentication, and is used to derive a lower-layer AS access layer key and a lower layer NAS no-access layer key; and the 1201 processor is configured to determine a security protection algorithm and derive the security key based on the security protection algorithm and the first intermediate key.
[0331] In a specific mode, the fact that the 1201 processor is configured to obtain a first intermediate key includes: The 1201 processor is configured to obtain, by use of the 1204 receiver, the first intermediate key, where the first intermediate key is derived by a SEAF security anchor function based on an anchor key and a network parameter.
[0332] In a specific mode, the fact that processor 1201 is configured to obtain a first intermediate key includes: Processor 1201 is configured to obtain, using receiver 1204, the first intermediate key, where the first intermediate key is derived by a second network element based on a second intermediate key and a network parameter, and the second intermediate key is an upper layer key generated after authentication and is used to derive a lower layer access layer key and a lower-layer no-access stratum key.
[0333] In a specific mode, the fact that processor 1201 is configured to obtain a first intermediate key includes: Processor 1201 is configured to receive, using receiver 1204, the second intermediate key sent by a second element of network; and processor 1201 is configured to derive the first intermediate key based on the second intermediate key and a network parameter, where the second intermediate key is a higher layer key generated after authentication, and is used to derive an access layer key. layer key and a lower layer no-access stratum key.
[0334] In a specific embodiment, the fact that the processor 1201 is configured to obtain a first intermediate key includes: after the user equipment is handover from the source access network device to the target access network device, and bidirectional authentication in the user equipment is successful again, obtaining, by processor 1201, an anchor key; and processor 1201 is configured to derive the first intermediate key based on the anchor key and a network parameter.
[0335] In a specific modality, the receiver 1204 is additionally configured to receive a next hop key, that is, a first NH, and a next hop chain counter, that is, a first NCC, where the first NH is the first NCC are sent by the second network element. Processor 1201 is additionally configured to obtain a second NH and a second NCC based on the first NH and the first NCC. Transmitter 1203 is further configured to send the second NH and second NCC to the target access network device.
[0336] In a specific embodiment, the security key includes a first key, a second key, and a third key, where the first key is an intermediate key for security protection between the user equipment and the access network device target, the second key is a NAS signaling encryption protection key, and the third key is a NAS signaling integrity protection key;
[0337] The fact that the 1201 processor is configured to determine a security protection algorithm, and derive the security key based on the security protection algorithm and the first intermediate key includes: include, by the security protection algorithm , a NAS confidentiality algorithm identifier and a NAS integrity algorithm identifier; processor 1201 is configured to derive the first key based on a first parameter, where the first parameter includes one or more of the first intermediate key, a target cell identifier, a frequency channel number, a NAS count value, a NAS connection identifier, and a counter or a random number or sequence number; processor 1201 is configured to derive the second key based on a second parameter, where the second parameter includes one or more of the first intermediate key, the NAS confidentiality algorithm identifier , and a counter or a random number or a sequence number; and processor 1201 is configured to derive the third key based on a third parameter, where the third parameter includes one or more of the first intermediate key, the NAS integrity algorithm identifier, and a counter or a random number or a number. of sequence.
[0338] The fact that transmitter 1203 is configured to send the security key to the target access network device includes: transmitter 1203 is configured to send the first key to the target access network device.
[0339] In a specific embodiment, the source access network device is an access network device in a first communication system; the target access network device is an access network device in a second communications system; and the first network element is a network element in the second communication system. The request includes a security context of the first communications system, and a third intermediate key. The third middle key is an upper layer key generated after authentication in the first communications system, and is used to derive a lower layer access layer key and a lower layer no access layer key.
[0340] The fact that processor 1201 is configured to obtain a first intermediate key includes: Processor 1201 is configured to derive the first intermediate key based on the security context of the first communications system, a security context of the second system communications, and the third intermediate key.
[0341] In a specific modality, the first network element includes a target AMF mobility management and access function, the second network element includes a source AMF, the target AMF is connected to the target access network device, and the Source AMF is connected to the source access network device. Alternatively, the first network element includes a target SEAF security anchor function, the second network element includes a target SEAF security anchor function, the target SEAF is connected to the target access network device, and the source SEAF is connected to the source access network device.
[0342] In a specific embodiment, the network parameter includes one or more of a target side identifier, a slice identifier, a NAI network access identifier, NSSAI network slice selection assistance information, an identifier of AMF region, an AMF configuration identifier, a GUAMI globally unique AMF identifier, an AMF pointer, an AMF pool identifier, and a counter or a random number or sequence number.
[0343] In a specific embodiment, the first network element includes an MME mobility management entity network element in a first communications system; the target access network device is an access network device in the first communication system; and the source access network device is an access network device in a second communications system.
[0344] The MME receiver 1204 is configured to receive a request to handover the user equipment from the source access network device to the target access network device to perform communication, where the request includes a security context of the second communications system.
[0345] MME processor 1201 is configured to obtain a security key.
[0346] The MME transmitter 1203 is configured to send the security key to the target access network device.
[0347] In a specific modality, the MME processor 1201 is configured to receive, using the MME receiver 1204, a third intermediate key, where the third intermediate key is derived by an HSS local subscriber server in the first system of communications based on a first encryption key, a first integrity protection key, a service network name identifier and an SQN sequence number; and the third intermediate key is an upper layer key generated after authentication in the first communication system, and is used to derive a lower layer access layer key and a lower layer no access layer key.
[0348] MME processor 1201 is configured to derive the security key based on a security context of the second communications system and the third intermediate key.
[0349] In a specific modality, the fact that MME processor 1201 is configured to obtain a security key includes: MME processor 1201 is configured to receive, using MME receiver 1204, a first intermediate key sent by an AMF in the second communication system, where the first intermediate key is an upper layer key generated after authentication in the second communication system, and is used to derive a lower layer AS access layer key and a layer key no NAS access; MME processor 1201 is configured to derive third intermediate key based on first intermediate key; and the MME 1201 processor is configured to derive the security key based on a security context of the second communications system and the third intermediate key.
[0350] It should be noted that when apparatus 1200 is the first network element, for a step performed by processor 1201 and another technical feature that is provided by processor 1201, further refer to the corresponding descriptions in the method modes shown in Figure 5 to Figure 10, and details will not be described in this document again.
[0351] When apparatus 1200 is the target access network device, the program code stored in memory 1202 is specifically used to implement functions of the RAN device 332 in the mode in Figure 11. Detailed descriptions are as follows:
[0352] Receiver 1204 is configured to receive a user equipment handover request from a source wireless node to a target wireless node to perform communication.
[0353] Receiver 1204 is additionally configured to receive a first key (such as KeNB or KgNB) sent by a network core device, where the first key is an intermediate key for security protection between the user equipment and the device of target access network.
[0354] Processor 1201 is configured to generate a second key (a master key) based on the intermediate key, where the second key is an intermediate key for security protection between the user equipment and the target wireless node.
[0355] Transmitter 1203 is configured to send the second key to the target wireless node, so that the target wireless node generates a security key based on the second key, where the security key is used to secure the communication between the user equipment and the target wireless node after the user equipment is handover transferred from the source wireless node to the target wireless node.
[0356] It should be noted that when apparatus 1200 is the first network element, for a step performed by processor 1201 and by another technical feature that is provided by processor 1201, make additional reference to the corresponding descriptions in the method mode shown in Figure 11, and details will not be described in this document again.
[0357] Referring to Figure 13, based on the same idea of the invention, an embodiment of the present invention provides another apparatus 1300. The apparatus 1300 is a first network element, and specifically includes: a receiving module 1301, a key processing module 1302, and a dispatch module 1303. Descriptions are as follows:
[0358] The receiving module 1301 is configured to receive a user equipment handover request from a source access network device to a target access network device to perform communication.
[0359] Key processing module 1302 is configured to obtain a security key. The security key is used to protect the communication between the user equipment and a target network after the user equipment is handover transferred from the source access network device to the target access network device, where the target network includes the target access network device and a target core network device, and the target network core device includes the first network element.
[0360] The sending module 1303 is configured to send the security key to the target access network device.
[0361] In a specific embodiment, the key processing module 1302 obtains a first intermediate key, where the first intermediate key is an upper layer key generated after authentication, and is used to derive an AS layer access layer key and a lower-layer NAS no-access stratum key.
[0362] Key processing module 1302 determines a security protection algorithm, and derives the security key based on the security protection algorithm and the first intermediate key.
[0363] In a specific embodiment, the fact that the first network element obtains a first intermediate key includes: obtaining, by the key processing module 1302 using the receiving module 1301, the first intermediate key, where the first Immediate key is derived by a SEAF security anchor function based on an anchor key and a network parameter.
[0364] In a specific embodiment, the fact that the key processing module 1302 obtains a first intermediate key includes: obtaining, by the key processing module 1302 using the receiving module 1301, the first intermediate key, where the first intermediate key is derived by a second network element based on a second intermediate key and a network parameter, and the second intermediate key is a higher layer key generated after authentication and is used to derive a layer key tier access key and a lower tier no-access stratum key.
[0365] In a specific embodiment, the fact that the key processing module 1302 obtains a first intermediate key includes: receiving, by the receiving module 1301, the second intermediate key sent by a second network element; and derive, by the key processing module 1302, the first intermediate key based on the second intermediate key and a network parameter, where the second intermediate key is a higher layer key generated after authentication, and is used to derive a key from lower tier access stratum and a lower tier no access stratum key.
[0366] In a specific embodiment, the fact that the key processing module 1302 obtains a first intermediate key includes: after the user equipment is handover from the source access network device to the target access network device , and bidirectional authentication in the user equipment is successful again, obtaining, by the key processing module 1302, an anchor key; and derive, by the key processing module 1302, the first intermediate key based on the anchor key and a network parameter.
[0367] In a specific modality, the key processing module 1302 additionally obtains, using the receiving module 1301, a next hop key, that is, a first NH and a next hop chain counter, that is , a first NCC, where the first NH and first NCC are sent by a second network element.
[0368] The key processing module 1302 obtains a second NH and a second NCC based on the first NH and the first NCC.
[0369] The sending module 1303 sends the second NH and second NCC to the target access network device.
[0370] In a specific embodiment, the security key includes a first key, a second key, and a third key, where the first key is an intermediate key for security protection between the user equipment and the access network device target, the second key is a NAS signaling encryption protection key, and the third key is a NAS signaling integrity protection key.
[0371] The fact that the key processing module 1302 determines a security protection algorithm, and derives the security key based on the security protection algorithm and the first intermediate key includes: include, by the security protection algorithm security, a NAS confidentiality algorithm identifier and a NAS integrity algorithm identifier; derive, by the key processing module 1302, the first key based on a first parameter, where the first parameter includes one or more of the first intermediate key, a target cell identifier, a frequency channel number, a NAS count value, a NAS connection identifier, and a counter or a random number or a sequence number; derive, by the processing module of key 1302, the second key based on a second parameter, where the second parameter includes one or more of the first intermediate key, the confidentiality algorithm identifier. NAS ality, and a counter or a random number or a sequence number; and derive, by the key processing module 1302, the third key based on a third parameter, where the third parameter includes one or more of the first intermediate key, the NAS integrity algorithm identifier, and a counter or a random number or a sequence number.
[0372] The fact that the sending module 1303 sends the security key to the target access network device includes: sending, by the sending module, the first key to the target access network device.
[0373] In a specific embodiment, the source access network device is an access network device in a first communications system; the target access network device is an access network device in a second communications system; and the first network element is a network element in the second communication system. The request includes a first communications system security context and a third intermediate key. The third middle key is an upper layer key generated after authentication in the first communications system, and is used to derive a lower layer access layer key and a lower layer no access layer key.
[0374] The fact that the key processing module 1302 obtains a first intermediate key includes: deriving, by the key processing module 1302, the first intermediate key based on the security context of the first communication system, in the context of security of the second communications system, and the third intermediate key.
[0375] In a specific modality, the first network element includes a target AMF mobility management and access function, the second network element includes a source AMF, the target AMF is connected to the target access network device, and the Source AMF is connected to the source access network device. Alternatively, the first network element includes a target SEAF security anchor function, the second network element includes a target SEAF security anchor function, the target SEAF is connected to the target access network device, and the source SEAF is connected to the source access network device.
[0376] In a specific embodiment, the network parameter includes one or more of a target side identifier, a slice identifier, a NAI network access identifier, NSSAI network slice selection assistance information, an identifier of AMF region, an AMF configuration identifier, a GUAMI globally unique AMF identifier, an AMF pointer, an AMF pool identifier, and a counter or a random number or sequence number.
[0377] In a specific embodiment, the first network element includes an MME mobility management entity network element in a first communications system; the target access network device is an access network device in the first communication system; and the source access network device is an access network device in a second communications system.
[0378] The key processing module 1302 receives, using the receiving module 1301, a request to handover the user equipment from the source access network device to the target access network device to perform communication, where the request includes a security context of the second communications system.
[0379] Key processing module 1302 obtains a security key. The security key is used to protect the communication between the user equipment and the target network after the user equipment is handover transferred from the source access network device to the target access network device.
[0380] The sending module 1303 sends the security key to the target access network device.
[0381] In a specific embodiment, the fact that the MME obtains a security key includes: obtaining, by the key processing module 1302 using the receiving module 1301, a third intermediate key, where the third intermediate key is derived by an HSS local subscriber server in the first communication system based on a first encryption key, a first integrity protection key, a service network name identifier and an SQN sequence number; and the third intermediate key is an upper layer key generated after authentication in the first communication system, and is used to derive a lower layer access layer key and a lower layer no access layer key; and derive, by the key processing module 1302, the security key based on a security context of the second communication system and the third intermediate key.
[0382] In a specific embodiment, the fact that the key processing module 1302 obtains a security key includes: receiving, by the key processing module 1302 using the receiving module 1301, a first intermediate key sent by an AMF in the second communication system, where the first intermediate key is an upper layer key generated after authentication in the second communication system, and is used to derive a lower layer AS access layer key and a non layer key. lower layer NAS access; deriving, by key processing module 1302, the third intermediate key based on the first intermediate key; and derive, by the key processing module 1302, the security key based on a security context of the second communication system and the third intermediate key.
[0383] All or any of the aforementioned modalities may be implemented using software, hardware, firmware or any combination thereof. When implemented using software, modalities can be implemented completely or partially in the form of a computer program product. The computer program product includes one or more computer instructions, and when the computer program instructions are loaded and executed on a computer, some or all of the procedures and functions in accordance with embodiments of the present invention are generated. The computer can be a general purpose computer, a dedicated computer, a computer network, or another programmable device. Computer instructions can be stored on computer-readable storage media, or they can be transmitted from computer-readable storage media to other computer-readable storage media. For example, computer instructions can be transmitted from a website, computer, server, or data center to another website, computer, server, or data center in a wired manner (eg, a coaxial cable, a optical fiber or a digital subscriber line (DSL)) or wireless (eg, infrared or microwave). Computer-readable storage media can be any usable media accessible to a computer, or a data storage device, such as a server or data center, integrating one or more usable media. Usable media can be magnetic media (eg, a floppy disk, hard disk, or magnetic tape), optical media (eg, DVD), semiconductor media (eg, solid-state disk), or similar.
[0384] In the aforementioned modalities, the description of each modality has respective focuses. For a part that is not described in detail in one modalities, refer to related descriptions in other modalities.

权利要求:
Claims (37)
[0001]
1. Method of key derivation in a user equipment (UE) handover from a fifth-generation communications system to a Long-Term Evolution (LTE) system, CHARACTERIZED by the fact that it comprises: receiving, by the UE, a handover command comprising a security context of a base station (gNB) in the fifth-generation communication system; deriving, by the UE, an intermediate system LTE key (Kasme) based on an intermediate system key (Kamf) fifth-generation communications; and obtain, by the UE, an access layer key based on a network parameter, in Kasme, and the security context, where the access layer key is used to secure a communication between the UE and the base station (eNB) in the LTE system.
[0002]
2. Method according to claim 1, CHARACTERIZED by the fact that the security context comprises a security protection algorithm identifier related to LTE.
[0003]
3. Method according to claim 2, CHARACTERIZED by the fact that the network parameter comprises an uplink non-access stratum (NAS) count value.
[0004]
4. Method according to claim 2, CHARACTERIZED by the fact that obtaining, by the UE, an access stratum key based on a network parameter, in Kasme, and in the security context comprises: obtaining, by UE, a key (KeNB) of the eNB based on Kasme and NAS count value; and obtain, by the UE, the access layer key based on the KeNB and LTE-related security protection algorithm identifier.
[0005]
5. Method according to claim 1, CHARACTERIZED by the fact that it further comprises: sending, by the UE, a handover completion message to the eNB.
[0006]
6. Method according to claim 1, CHARACTERIZED by the fact that the derivation, by the UE, of an intermediate key (Kasme) of the LTE system based on an intermediate key (Kamf) of the fifth generation communication system comprises: derive, by the UE, the Kasme based on the Kamf and a downlink NAS count value.
[0007]
7. Method according to claim 1, CHARACTERIZED by the fact that the derivation, by the UE, of an intermediate key (Kasme) of the LTE system based on an intermediate key (Kamf) of the fifth generation communication system comprises: derive, by the UE, the Kasme based on the Kamf and an uplink NAS count value.
[0008]
8. Method according to claim 1, CHARACTERIZED by the fact that the method further comprises: obtaining, by the UE, a NAS key based on Kasme and the security context, where the NAS key is used to protect a communication between the UE and a core network apparatus in the LTE system.
[0009]
9. Method according to claim 8, CHARACTERIZED by the fact that the security context comprises a security protection algorithm identifier related to LTE.
[0010]
10. User Equipment (EU), CHARACTERIZED by the fact that it comprises: a processor; and a memory storing computer program instructions which, when executed by the processor, cause the processor to implement: receiving a handover command comprising a security context of a base station (gNB) in the fifth generation communication system; (Kasme) intermediary of the LTE system based on an intermediary (Kamf) key of the fifth-generation communications system; and obtain an access stratum key based on a network parameter, Kasme, and security context; wherein the access layer key is used to secure a communication between the UE and the base station (eNB) in the LTE system.
[0011]
11. UE, according to claim 10, CHARACTERIZED by the fact that the security context comprises a security protection algorithm identifier related to LTE.
[0012]
12. The UE according to claim 11, CHARACTERIZED by the fact that the network parameter comprises an uplink non-access stratum (NAS) count value.
[0013]
13. UE, according to claim 12, CHARACTERIZED by the fact that the instructions lead the processor to implement: obtain a key (KeNB) from the eNB based on the Kasme and the NAS count value; and obtain the access stratum key based on the KeNB and LTE-related security protection algorithm identifier.
[0014]
14. UE, according to claim 10, CHARACTERIZED by the fact that the instructions lead the processor to further implement: send a handover completion message to the eNB.
[0015]
15. UE, according to claim 10, CHARACTERIZED by the fact that the instructions lead the processor to implement:derive Kasme based on Kamf and a downlink NAS count value.
[0016]
16. UE, according to claim 10, CHARACTERIZED by the fact that the instructions lead the processor to implement:derive Kasme based on Kamf and an uplink NAS count value.
[0017]
17. UE, according to claim 10, CHARACTERIZED by the fact that the instructions lead the processor to further implement: obtain a NAS key based on Kasme and the security context; wherein the NAS key is used to secure the communication between the UE and a core network apparatus in the LTE system.
[0018]
18. UE, according to claim 17, CHARACTERIZED by the fact that the security context comprises a security protection algorithm identifier related to LTE, in which the instructions lead the processor to implement: obtain a NAS key based on in Kasme and the LTE-related security protection algorithm identifier.
[0019]
19. Computer readable storage media, CHARACTERIZED by the fact that computer readable storage media stores instructions which, when executed by a processor, cause the processor to implement a method as defined in any one of claims 1 to 9.
[0020]
20. Method of implementing security, CHARACTERIZED by the fact that the method comprises: receiving, by an AMF access management function in a fifth-generation communications system, a path switching request sent by a network element of the entity of MME mobility management in a fourth-generation communications system, wherein the path switching request comprises an intermediate Kasme key; obtain, by AMF, a fifth-generation communications system Kamf key based on a network parameter and at Kasme; egenerate, by AMF, a security key based on Kamf.
[0021]
21. Method of implementing security, CHARACTERIZED by the fact that the method comprises: upon receiving a handover request sent by a base station in a fourth generation communication system, obtaining, by the UE user equipment, a Kamf key of a fifth-generation communications system based on an intermediate Kasme key and a network parameter; egenerate, by the UE, a security key based on Kamf.
[0022]
22. Apparatus, CHARACTERIZED by the fact that the apparatus comprises a processor, a memory, a transmitter, and a receiver; memory stores program code; and when the program code is run, the processor and the receiver perform the following operations: The receiver is configured to receive a path switching request sent by a network element of an MME mobility management entity in a communication system. fourth generation, wherein the path switching request comprises an intermediate Kasme key; and the processor is configured to obtain, by AMF, a Kamf key in a fifth-generation communications system based on a network parameter and Kasme; and generate a security key based on Kamf.
[0023]
23. User equipment, CHARACTERIZED by the fact that the user equipment comprises a processor, a memory, a transmitter, and a receiver; memory stores program code; and when the program code is run, the processor performs the following operations: upon receiving a handover request sent by a base station in a fourth-generation communication system, obtaining a Kamf key from a fifth-generation communication system with based on an intermediate Kasme key and a network parameter; egenerate a security key based on Kamf.
[0024]
24. Key derivation method, CHARACTERIZED by the fact that the method comprises: receiving, by an AMF access management function in a fifth-generation communications system, a first intermediate Kasme key sent by an MME access management function in a fourth generation communications system; generate by AMF a second intermediate Kamf key based on the first intermediate Kasme key; generate by AMF a security key based on the second intermediate Kamf key; and send, via AMF, the security key to a base station.
[0025]
25. Key derivation method, CHARACTERIZED by the fact that the method comprises: receiving, by user equipment, a handover request sent by a radio access network in a fourth generation communications system, in which the request for handover comprises a security context; generating, by the user equipment, a security key based on a first intermediate Kasme key and the security context, where the first intermediate Kasme key is an upper layer key generated after authentication in the system of fourth generation communications, and is used to derive a lower layer access layer key and a lower layer no-access layer key of the fourth generation communications system; and handover transfer, by user equipment, from the radio access network in the fourth generation communications system to a radio access network in a fifth generation communications system.
[0026]
26. Key derivation method, CHARACTERIZED in that the method comprises: receiving, by a source access management function in a fifth generation communications system, a handover request sent by a source radio access network; generating, by the source access management function in response to the handover request, a second intermediate key based on a first intermediate key; and send, by the source access management function, a next-hop key, a next-hop thread counter, and the second intermediate key to a target access management function.
[0027]
27. Key derivation method, CHARACTERIZED by the fact that the method comprises: receiving, by user equipment, a handover request sent by a gNB base station in a fifth-generation communication system, wherein the handover request comprises a security context; deriving, by the user equipment, an intermediate Kasme key of a fourth-generation communication system based on an intermediate Kamf key of the fifth-generation communication system; and obtain, by the user equipment, an access layer key and a non-access layer key based on a network parameter, in Kasme, and in the security context.
[0028]
28. Key derivation method, CHARACTERIZED by the fact that the method comprises: receiving, by a source AMF access management function in a fifth generation communications system, a handover request sent by a RAN radio access network source in the fifth generation communications system; generate, by the source AMF, a second intermediate key based on a first intermediate key in response to the handover request, wherein the first intermediate key is a key configured on a source network side after user equipment authentication to succeed on a source network; and send, by the source AMF, the second intermediate key to a target AMF in the fifth-generation communications system, so that the target AMF generates a security key based on the second intermediate key.
[0029]
29. Key derivation method, CHARACTERIZED by the fact that the method comprises: receiving, by user equipment, a handover request sent by a source radio access network in a fifth-generation communications system, in which the handover request comprises a security context; e generate, by the user equipment, a security key based on a first intermediate key and the security context, where the first intermediate key is a key configured in the user equipment after user equipment authentication is successful in a source network.
[0030]
30. Method of implementing security, CHARACTERIZED in that it comprises: receiving, by a first network element, a request to handover user equipment from a source access network device to a target access network device for perform communication; obtain, by the first network element, a security key, wherein the security key is used to protect the communication between the user equipment and the target network after the user equipment is handover of the network device source access to the target access network device, wherein the target network comprises the target access network device and a target network core device, and the target network core device comprises the first network element; and sending, by the first network element, the security key to the target access network device.
[0031]
31. Method according to claim 30, CHARACTERIZED by the fact that obtaining, by the first network element, a security key comprises: obtaining, by the first network element, a first intermediate key, in which the first key intermediate is an upper layer key generated after authentication, and is used to derive a lower layer AS access layer key and a lower layer NAS no access layer key; and determine, by the first network element, a security protection algorithm, and derive the security key based on the security protection algorithm and the first intermediate key.
[0032]
32. Method according to claim 31, CHARACTERIZED by the fact that obtaining, by the first network element, a first intermediate key comprises: obtaining, by the first network element, the first intermediate key derived by a security anchor SEAF based on an anchor key and a network parameter.
[0033]
33. Security implementation method, CHARACTERIZED by the fact that it comprises: receiving, by a target access network device, a request to handover user equipment from a source wireless node to a target wireless node to perform communication receiving, by the target access network device, a first key sent by a core network device, wherein the first key is an intermediate key for security protection between the user equipment and the target access network device; generating, by the target access network device, a second key based on the intermediate key, wherein the second key is an intermediate key for security protection between the user equipment and the target wireless node; and send, by the target access network device, the second key to the target wireless node, so that the target wireless node generates a security key based on the second key, where the security key is used to protect the communication between the user equipment and the target wireless node after the user equipment is handover transferred from the source wireless node to the target wireless node.
[0034]
34. Key derivation method, CHARACTERIZED by the fact that it comprises: sending, by a mobile management entity (MME) in a Long Term Evolution System (LTE), a path switching request to a management function target mobility and access (AMF) in a fifth generation (5G) communications system, where the path switching request comprises an intermediate Access Security Management Entity (ASME) (Kasme) key of the LTE system; , by the target AMF, an intermediate AMF (Kamf) key based on Kasme; egenerate, by the target AMF, a security key based on Kamf.
[0035]
35. Key derivation method according to claim 34, CHARACTERIZED by the fact that the security key comprises a non-access stratum (NAS) signaling cryptographic protection key, a signaling integrity protection key of NAS, and a base station key (KgNB).
[0036]
36. Key derivation method according to claim 35, CHARACTERIZED by the fact that it further comprises: sending, by the target AMF, a handover request to a base station (gNB) of the 5G communication system, in which the port handover request to KgNB; and generate, by the gNB, an access stratum (AS) key based on the KgNB.
[0037]
37. Key derivation method, according to claim 36, CHARACTERIZED by the fact that it further comprises: sending, by the gNB, a handover request confirmation message to the target AMF; and send, by the target AMF, a second path switching request and a security context comprising a 5G-related security protection algorithm identifier to the MME in response to the acknowledgment message.

类似技术:

---

公开号 | 公开日 | 专利标题

---

BR112020001289B1|2021-08-03|SAFETY IMPLEMENTATION METHOD, RELATED APPARATUS AND SYSTEM

---

BR112019015387B1|2020-11-03|5g security context handling during connected mode

---

JP6639493B2|2020-02-05|Apparatus and method for wireless communication

---

KR101463671B1|2014-11-19|Local security key update at a wireless communication device

---

KR101813602B1|2017-12-29|Method and system for positioning mobile station in handover procedure

---

KR102187869B1|2020-12-07|Method for resolving security issues using nh and ncc pairs in mobile communication system

---

KR20100114927A|2010-10-26|System and method for performing key management while performing handover in a wireless communication system

---

US20170359719A1|2017-12-14|Key generation method, device, and system

---

BR112019023236A2|2020-05-19|key setting method, apparatus and system

---

BRPI0909124B1|2021-02-09|method and apparatus for providing multi-hop cryptographic separation for transfers

---

BRPI0717324B1|2021-05-25|CRYPTOGRAPHY IN WIRELESS TELECOMMUNICATIONS

---

BRPI1008831B1|2022-01-18|METHOD FOR TRADING CRYPTOGRAPHY ALGORITICS AND CORE NETWORK ELEMENT

---

US20210204133A1|2021-07-01|Communication terminal, network device, communication method, and non-transitory computer readable medium

---

BR112020013611A2|2020-12-01|key update method, device and computer readable storage media

---

BR112020002515A2|2020-08-04|triggering network authentication method and related device

---

WO2013152740A1|2013-10-17|Authentication method, device and system for user equipment

---

JP2020504521A|2020-02-06|Re-establishment of radio resource control connection

---

BR112019022792A2|2020-05-19|key generation method, user equipment, device, computer-readable storage media and communication system

---

BR112020009823B1|2021-11-03|METHOD OF SECURITY PROTECTION, APPLIANCE, COMPUTER AND SYSTEM READIBLE STORAGE MEDIA

---

BR112020009823A2|2020-11-03|security protection method, device, computer readable storage media and system

---

BR112020000870A2|2020-07-21|method of data transmission, device and system related to it

同族专利:

---

公开号 | 公开日

---

EP3917187A4|2021-12-01|

---

KR20200030592A|2020-03-20|

---

CN109462847A|2019-03-12|

---

CN108966220A|2018-12-07|

---

US11228905B2|2022-01-18|

---

EP3576446A1|2019-12-04|

---

BR112020001289A2|2020-07-28|

---

EP3576446A4|2020-01-08|

---

US20200128403A1|2020-04-23|

---

EP3576446B1|2021-03-31|

---

US10728757B2|2020-07-28|

---

CN108966220B|2019-07-23|

---

US20190274038A1|2019-09-05|

---

CN109309920A|2019-02-05|

---

EP3917187A1|2021-12-01|

---

KR102264718B1|2021-06-11|

---

CN109511113B|2020-04-14|

---

CN109462847B|2019-08-02|

---

CN109511113A|2019-03-22|

---

CN110945892B|2021-11-30|

---

CN110945892A|2020-03-31|

---

JP2020528249A|2020-09-17|

---

WO2019019736A1|2019-01-31|

---

CN109309920B|2021-09-21|

---

CN109005540A|2018-12-14|

---

CN109005540B|2019-07-23|

引用文献:

---

公开号 | 申请日 | 公开日 | 申请人 | 专利标题

---

---

GB2454204A|2007-10-31|2009-05-06|Nec Corp|Core network selecting security algorithms for use between a base station and a user device|

---

US8179860B2|2008-02-15|2012-05-15|Alcatel Lucent|Systems and method for performing handovers, or key management while performing handovers in a wireless communication system|

---

CN101257723A|2008-04-08|2008-09-03|中兴通讯股份有限公司|Method, apparatus and system for generating cipher key|

---

JPWO2009157171A1|2008-06-24|2011-12-08|パナソニック株式会社|Handover processing method, mobile terminal and connection management device used in the method|

---

EP2273820A1|2009-06-30|2011-01-12|Panasonic Corporation|Inter-VPLMN handover via a handover proxy node|

---

JP5164939B2|2009-07-04|2013-03-21|株式会社エヌ・ティ・ティ・ドコモ|Mobile communication method and radio base station|

---

WO2011038352A1|2009-09-26|2011-03-31|Cisco Technology, Inc.|Providing offloads in a communication network|

---

KR101718164B1|2009-12-17|2017-03-20|엘지전자 주식회사|Method and apparatus for performing handover with considering authentication procedure|

---

CN101742498A|2009-12-18|2010-06-16|中兴通讯股份有限公司|Management method and system of vent key|

---

US20110231654A1|2010-03-16|2011-09-22|Gurudas Somadder|Method, system and apparatus providing secure infrastructure|

---

CN101835152A|2010-04-16|2010-09-15|中兴通讯股份有限公司|Method and system for establishing reinforced secret key when terminal moves to reinforced UTRAN |

---

CN102244862A|2010-05-10|2011-11-16|北京三星通信技术研究有限公司|Method for acquiring security key|

---

US9215220B2|2010-06-21|2015-12-15|Nokia Solutions And Networks Oy|Remote verification of attributes in a communication network|

---

CN102340772B|2010-07-15|2014-04-16|华为技术有限公司|Security processing method, device and system in conversion process|

---

CN102378168B|2010-08-17|2016-02-10|中兴通讯股份有限公司|The method of multisystem core net notice key and multisystem network|

---

CN101931953B|2010-09-20|2015-09-16|中兴通讯股份有限公司|Generate the method and system with the safe key of apparatus bound|

---

WO2012050841A1|2010-09-28|2012-04-19|Research In Motion Corporation|Method and apparatus for releasing connection with local gw when ue moves out of the residential/enterprise network coverage|

---

KR101709352B1|2010-12-30|2017-02-22|에릭슨 엘지 주식회사|Radio resource allocation apparatus for improving handover and base station for the same|

---

CN102625300B|2011-01-28|2015-07-08|华为技术有限公司|Generation method and device for key|

---

US8990554B2|2011-06-30|2015-03-24|Verizon Patent And Licensing Inc.|Network optimization for secure connection establishment or secure messaging|

---

CN102958052B|2011-08-29|2017-07-14|华为技术有限公司|A kind of data safe transmission method and relevant device|

---

BR112014007959A2|2011-10-03|2017-06-13|Intel Corp|mechanisms for device to device communication|

---

CN103379490A|2012-04-12|2013-10-30|华为技术有限公司|Authentication method, device and system of user equipment|

---

CN103931219B|2012-05-04|2018-04-10|华为技术有限公司|A kind of safe processing method and system in network switching process|

---

US9204299B2|2012-05-11|2015-12-01|Blackberry Limited|Extended service set transitions in wireless networks|

---

CN103428787B|2012-05-17|2016-02-10|大唐移动通信设备有限公司|A kind of base station switch method and device|

---

CN104471981A|2012-07-17|2015-03-25|诺基亚公司|System and method for proactive u-plane handovers|

---

US8934632B2|2012-09-18|2015-01-13|Futurewei Technologies, Inc.|System and method for device-to-device assisted dynamic traffic control for cellular networks|

---

CN103781069B|2012-10-19|2017-02-22|华为技术有限公司|Bidirectional-authentication method, device and system|

---

WO2014120078A1|2013-01-30|2014-08-07|Telefonaktiebolaget L M Ericsson |Security activation for dual connectivity|

---

CN104160777B|2013-03-13|2018-01-23|华为技术有限公司|The transmission method of data, device and system|

---

EP2854450A1|2013-09-27|2015-04-01|Alcatel Lucent|Reducing signaling load to the corenetwork caused by frequent cell changes of an user equipment among small cells|

---

US9342699B2|2013-11-06|2016-05-17|Blackberry Limited|Method and apparatus for controlling access to encrypted data|

---

CN107277807B|2013-12-27|2020-10-09|华为技术有限公司|Security key context distribution method, mobile management entity and base station|

---

CN104980980A|2014-04-10|2015-10-14|电信科学技术研究院|Method, system and equipment for connection establishment|

---

CN104010305B|2014-05-09|2016-10-12|中国人民解放军信息工程大学|Terminal based on physical layer key and the two-way authentication Enhancement Method of access network|

---

GB2527518A|2014-06-23|2015-12-30|Nec Corp|Communication system|

---

US9918225B2|2014-11-03|2018-03-13|Qualcomm Incorporated|Apparatuses and methods for wireless communication|

---

WO2016106740A1|2014-12-31|2016-07-07|华为技术有限公司|Wireless communication method, apparatus and system|

---

CN104661217A|2015-02-09|2015-05-27|哈尔滨工业大学深圳研究生院|Authentication and key derivation method and system based on TD-LTE network|

---

WO2016134536A1|2015-02-28|2016-09-01|华为技术有限公司|Key generation method, device and system|

---

GB2537377B|2015-04-13|2021-10-13|Vodafone Ip Licensing Ltd|Security improvements in a cellular network|

---

JP6715867B2|2015-06-05|2020-07-01|コンヴィーダ ワイヤレス， エルエルシー|Unified authentication for integrated small cell and WIFI networks|

---

CN106658492A|2015-07-23|2017-05-10|中兴通讯股份有限公司|Cipher key updating method and cipher key updating device|

---

US9883385B2|2015-09-15|2018-01-30|Qualcomm Incorporated|Apparatus and method for mobility procedure involving mobility management entity relocation|

---

WO2017078657A1|2015-11-03|2017-05-11|Intel IP Corporation|Apparatus, system and method of cellular-assisted establishing of a secured wlan connection between a ue and a wlan ap|

---

CN106714152B|2015-11-13|2021-04-09|华为技术有限公司|Key distribution and receiving method, first key management center and first network element|

---

US10368238B2|2015-12-01|2019-07-30|Htc Corporation|Device and method of handling data transmission/reception for dual connectivity|

---

WO2017104858A1|2015-12-14|2017-06-22|엘지전자|Method for performing s1 connection between alternative base station and network entity in wireless communication system and apparatus for supporting same|

---

CN105515769A|2016-01-12|2016-04-20|汉柏科技有限公司|Dynamic password generation method and dynamic password generation system for network equipment|

---

KR20180070233A|2016-12-16|2018-06-26|삼성전자주식회사|Measuring method for highspeed movement and apparatus thereof|

---

US10299173B2|2017-01-05|2019-05-21|Htc Corporation|Device and method of handling a PDN connection in LTE to NR/5G inter-system mobility|

---

CN108282836B|2017-01-06|2020-10-30|展讯通信（上海）有限公司|Auxiliary base station switching method and device and base station|

---

AU2018212610B2|2017-01-30|2021-07-08|Telefonaktiebolaget Lm Ericsson |Security context handling in 5g during idle mode|

---

JP6725764B2|2017-01-30|2020-07-22|テレフオンアクチーボラゲット エルエム エリクソン（パブル）|Radio resource control connection reestablishment|

---

KR102280004B1|2017-04-20|2021-07-22|주식회사 케이티|Methods for performing terminal-based handover and Apparatuses thereof|US11071021B2|2017-07-28|2021-07-20|Qualcomm Incorporated|Security key derivation for handover|

---

WO2019066692A1|2017-09-26|2019-04-04|Telefonaktiebolaget Lm Ericsson |Managing security contexts and performing key derivation at handover in a wireless communication system|

---

CN110710238B|2018-01-19|2021-01-08|Oppo广东移动通信有限公司|Method for indicating user equipment to acquire key, user equipment and network equipment|

---

CN112789896A|2019-01-07|2021-05-11|华为技术有限公司|Method and device for switching transmission path|

---

CN111465012B|2019-01-21|2021-12-10|华为技术有限公司|Communication method and related product|

---

CN113396606A|2019-02-14|2021-09-14|瑞典爱立信有限公司|Network node, UE and method for handling handover with parameters for deriving security context|

---

CN111641947B|2019-03-01|2021-12-03|华为技术有限公司|Key configuration method, device and terminal|

---

CN111770492A|2019-03-30|2020-10-13|华为技术有限公司|Communication method and communication device|

---

CN111865872B|2019-04-26|2021-08-27|大唐移动通信设备有限公司|Method and equipment for realizing terminal security policy in network slice|

---

CN111866857B|2019-04-28|2022-03-08|华为技术有限公司|Communication method and device|

---

CN111866867B|2019-04-28|2022-01-14|华为技术有限公司|Information acquisition method and device|

---

CN111866874A|2019-04-29|2020-10-30|华为技术有限公司|Registration method and device|

---

CN112423272A|2019-08-05|2021-02-26|华为技术有限公司|Data transmission method and device|

---

US11197176B2|2019-11-06|2021-12-07|Oracle International Corporation|Methods, systems, and computer readable media for providing for policy-based access and mobility management functionselection using network slice selection assistance informationavailability information|

---

US10750366B1|2019-12-19|2020-08-18|Cisco Technology, Inc.|Efficient authentication and secure communications in private communication systems having non-3GPP and 3GPP access|

---

CN112838925A|2020-06-03|2021-05-25|中兴通讯股份有限公司|Data transmission method, device and system, electronic equipment and storage medium|

法律状态:
2021-06-08| B09A| Decision: intention to grant [chapter 9.1 patent gazette]|

---

2021-08-03| B16A| Patent or certificate of addition of invention granted [chapter 16.1 patent gazette]|Free format text: PRAZO DE VALIDADE: 20 (VINTE) ANOS CONTADOS A PARTIR DE 26/04/2018, OBSERVADAS AS CONDICOES LEGAIS. |

优先权:

---

申请号 | 申请日 | 专利标题

---

CN201710633559.1|2017-07-28|

---

CN201710633559.1A|CN109309920B|2017-07-28|2017-07-28|Security implementation method, related device and system|

---

PCT/CN2018/084702|WO2019019736A1|2017-07-28|2018-04-26|Security implementation method, and related apparatus and system|

---