Key update methods and related entities

Abstract

The embodiment of the present invention relates to a key update method and related entities. The method includes: after the first AMF receives the first message, when the first AMF determines that the second AMF serving the UE does not belong to the same set as the first AMF, the first AMF bases at least the first parameter and the currently used The first key of the UE generates the second key of the UE on the first AMF to update the first key; the first AMF sends a second message to the second AMF, the second message includes the second key, so that the second AMF sends the first parameter to the UE after receiving the second message, the first parameter is used by the UE at least based on the symmetry of the first parameter and the first key currently used on the UE The key generates a symmetric key of the second key; the first parameter is identification information of the second AMF, or address information of the second AMF, or capability information of the second AMF. The embodiment of the present invention can trigger the UE to generate an updated key corresponding to the network side.

Description

technical field [0001] The present invention relates to the field of communication, in particular to a key update method and related entities. Background technique [0002] In a mobile communication system, when a user equipment (User Equipment, UE) is in a session, the movement of the UE will cause a handover process, so that the UE accesses the target radio access entity from the source radio access entity, so that in this process, the UE A new security context needs to be established with the target radio access entity to protect signaling and data transmitted between the UE and the target radio access entity. During the handover process, it may also cause changes in the core network entity, such as the access and mobility management function (Access and Mobility Management Function, AMF) of the core network entity in the next-generation mobile communication network may change, and it is useful to save on the UE and the AMF To generate the Kamf of the non-access stratum ...

AI Technical Summary

Problems solved by technology

[0005] In the next-generation mobile communication network, the core network entity AMF may also be deployed at the edge of the network, resulting in greatly reduced security and vulnerability to attacks. Therefore, when the AMF changes, the key Kamf on the AMF needs to be updated, but during the handover process Or how to trigger the UE to generate an updated Kamf corresponding to the network side in the idle state is an unresolved problem in the prior art. Further, since the AMF is vulnerable to attacks, during the handover process based on the Xn and N2 interfaces, the security of the UE obtained from the AMF Capability information and security capabilities verified by AMF are also untrustworthy

Images