Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for preventing network security out of sync

A network security and network technology, applied in the field of network security, can solve problems such as out of synchronization of network security parameters, failure of UE to access the network, etc., and achieve the effect of improving network availability and security

Active Publication Date: 2012-02-22
HUAWEI TECH CO LTD
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

actually as Image 6 In the case shown, the CK is saved on the ME ps , IK ps , the SGSN saves the CK deduced by Kasme on the MME when EUTRAN is switched to UTRAN ps ’, IK ps ’, the integrity protection key and encryption key stored on ME and SGSN are not the same, so the out-of-synchronization of network security parameters will cause the terminal UE to fail to access the network

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for preventing network security out of sync
  • Method and device for preventing network security out of sync
  • Method and device for preventing network security out of sync

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0083] Figure 7 It is Embodiment 1 of the present invention. In this embodiment, implementing the method for preventing network security out-of-sync provided by the embodiment of the present invention includes the following steps:

[0084] Step 701: the user terminal performs authentication and key agreement (AKA) on the original network (such as the EUTRAN network).

[0085] The original network mentioned above is the EUTRAN network, after the AKA process, the CK ps 、IK ps and the key identity of Kasme and Kasme KSIasme, CK ps 、IK ps, KSIasme is saved in USIM, and the same KSIasme as in USIM is saved in ME. It is the same as the prior art and will not be repeated here.

[0086] Step 702: Modify security parameters.

[0087] Preferably, after step 702, it also includes:

[0088] AKA is triggered again to generate new security parameter information.

[0089] In different embodiments, modifying security parameters may be implemented in different ways, and the embodiment...

Embodiment 2

[0090] Embodiment 2. In this embodiment, the modification of the security parameters is implemented by setting the security parameters of the USIM to an unavailable state. The unavailable state refers to making them unavailable by modifying the security parameters in the USIM. see Figure 8 , this embodiment specifically includes the following steps:

[0091] Step 801: the user terminal performs AKA on the original network.

[0092] Wherein the original network is an EUTRAN network, a UTRAN network or a GSM network.

[0093] When the UE is in the EUTRAN network, after the AKA process of the initial network, the CK is generated ps 、IK ps And the key identity of Kasme or KSI and Kasme KSIasme, CK ps 、IK ps And Kasme and KSIasme are saved in USIM, and the same KSIasme and Kasme in USIM are also saved in ME.

[0094] When the UE is in the UTRAN network, after the UTRAN AKA process, a CK is generated including ps 、IK ps And the key identity KSI, which is stored in the ME. ...

Embodiment 3

[0097] Embodiment 3, in this embodiment, the USIM is made unavailable by changing the value of START in the USIM, see Figure 9 , this embodiment specifically includes the following steps:

[0098] Step 901: the user terminal performs AKA on the original network.

[0099] Step 902: Set the START value of the USIM as a threshold value;

[0100] Or delete CK, IK;

[0101] Or set KSI to 111.

[0102] Figure 10 It is a corresponding signaling flowchart of an example provided by this embodiment. In this figure, the UE is in the EUTRAN network, and the specific steps are:

[0103] Step 1 to Step 2: UE is in the E-UTRAN network, and the UE sends a service request message to the MME through the eNB.

[0104] Step 3: There is no security parameter of the UE in the MME, the AKA process is triggered, and the UE and the MME generate the root key Kasme.

[0105] Step 4: On the UE side, the ME sets the START value in the USIM as the threshold.

[0106] When the START value of the US...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the present invention discloses a method and device for preventing network security out of synchronization, wherein the method includes separately processing the security parameters of the user terminal (USIM card part) at an appropriate time, or when the user terminal undergoes network switching , and perform security parameter processing on the user terminal (ME part) and the network side. According to the embodiment of the present invention, by timely changing the security parameters, the failure of the terminal to access the network due to out-of-sync security parameters is effectively avoided, and the network usability and security of handover-related scenarios are improved.

Description

technical field [0001] The invention relates to the field of communication technology, in particular to network security technology. Background technique [0002] At present, mobile communication has been developed to be very popular, and in the process of mobile communication, it involves the problem of switching terminals between different access systems. [0003] The wireless access network of the base station includes the second generation mobile communication (2G, Second Generation), the second generation mobile communication (3G, Third Generation) and the future long-term evolution (LTE, Long Term Evolve) system, etc. The level of security protection and protection measures between inbound networks are different. These heterogeneous access networks have different access technologies, and their security parameter structures are not completely the same. When the terminal switches between these different access networks, it also considers reusing the security context pa...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/14H04W12/06H04W12/37H04W12/40
CPCH04L63/068H04W12/04H04W88/02H04W12/041H04W12/0433
Inventor 陈璟杨艳梅许怡娴马库斯张爱琴
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products