Unlock instant, AI-driven research and patent intelligence for your innovation.

Method, apparatus and system for establishing security context

A contextual and secure technology, applied in the field of communication, can solve the problems of Uu’ interface without security protection, unable to guarantee the security of user plane data transmission, etc.

Active Publication Date: 2017-04-12
HUAWEI TECH CO LTD
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Although the Uu port on the PCC has security protection, the Uu’ port on the SCC has no security protection, and the transmission security of the user plane data transmitted on the Uu’ port cannot be guaranteed.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, apparatus and system for establishing security context
  • Method, apparatus and system for establishing security context
  • Method, apparatus and system for establishing security context

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0087] The embodiment of the present invention provides a method for establishing a security context, such as figure 1 As shown, the method includes the following steps:

[0088] 101. The base station acquires the encryption algorithm of the Hi AP.

[0089] The encryption algorithm is used to encrypt and protect the user plane data transmitted on the SCC. In the embodiment of the present invention, an Advanced Encryption Standard (AES) algorithm is used as the encryption algorithm as an example for illustration, and there is no limitation to this in practical applications.

[0090] 102. The base station acquires the root key.

[0091] The root key is used to derive an encryption key.

[0092] 103. The base station deduces the encryption key of the Hi AP according to the root key and the encryption algorithm.

[0093] Both the Hi AP and the UE need to deduce the encryption key. This step is a description of deriving the Hi AP encryption key. The encryption key on the UE sid...

Embodiment 2

[0103] The embodiment of the present invention provides a method for establishing a security context, the method is a further extension of the first embodiment, as figure 2 As shown, the method includes the following steps:

[0104] 201. The base station acquires the encryption algorithm of the Hi AP.

[0105] The encryption algorithm is used to encrypt and protect the user plane data transmitted on the SCC. In the embodiment of the present invention, the AES algorithm is used as the encryption algorithm as an example for description, and this is not limited in practical applications.

[0106] The base station can obtain the encryption algorithm in at least two ways:

[0107] 1) The base station receives the AES algorithm selected by the Hi AP, and the AES algorithm is an encryption algorithm with the highest priority selected by the Hi AP according to its own security capability, security policy, and UE security capability. Before receiving the AES algorithm selected by t...

Embodiment 3

[0133] The embodiment of the present invention provides a method for establishing a security context, such as image 3 As shown, the method includes the following steps:

[0134] 301. The Hi AP receives the encryption key sent by the base station.

[0135] Both the Hi AP and the UE need to deduce the encryption key. This step is a description of the Hi AP receiving the encryption key derived by the base station, and the encryption key on the UE side is independently deduced by the UE.

[0136] It should be noted that the embodiment of the present invention is described using the symmetric key encryption method as an example, so the root key used for deriving the encryption key on the base station side and the UE side is the same. In practical applications, the root key on the base station side After the key is authenticated, the MME sends it to the base station, and the base station deduces the encryption key for the Hi AP according to the root key and encryption algorithm. ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method, device and system for establishing a security context, relates to the communication field, and is invented for comprehensively protecting UE data. The method includes: obtaining an encryption algorithm of an access node; obtaining a root key, and deriving an encryption key of the access node according to the root key and the encryption algorithm; send the algorithm to the access node so that the access node starts downlink encryption and uplink decryption; send the encryption algorithm of the access node to the UE so as to negotiate an encryption algorithm with the UE; notify the access node The ingress node starts downlink encryption and uplink decryption, and notifies the UE to start downlink decryption and uplink encryption during the algorithm negotiation process. The invention is mainly applied to the safety protection of SCC.

Description

technical field [0001] The present invention relates to the communication field, in particular to a method, device and system for establishing a security context. Background technique [0002] The Long Term Evolution Hi (LTE Hi) architecture is a set of network architectures based on existing mobile communication technologies designed for fixed and low-speed scenarios. In the LTE Hi architecture, a user equipment (User Equipment, UE) initially establishes a primary carrier cell connection (Primary Carrier Cell, PCC) with a base station, and connects to a core network. When the network traffic load increases to the limit set by the operator, the base station configures a secondary carrier cell connection (Secondary Carrier Cell, SCC) for the UE through high-level signaling, and the UE connects to the core network through an access node. User plane data and control plane data can be transmitted on the PPC, while only user plane data can be transmitted on the SCC. The base st...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/00H04L9/14H04W12/03H04W12/0431H04W12/60
CPCH04W12/02H04W12/04H04L9/083H04L9/0861H04L63/06H04L63/205H04W12/08H04W36/0038H04L2463/061H04W12/037H04W12/033H04W12/0433H04W12/041H04W12/069H04W12/06H04L9/0816H04L2209/24
Inventor 张冬梅陈璟
Owner HUAWEI TECH CO LTD