[go: up one dir, main page]

CN101325804A - Method, device and system for obtaining key - Google Patents

Method, device and system for obtaining key Download PDF

Info

Publication number
CN101325804A
CN101325804A CNA2007101451465A CN200710145146A CN101325804A CN 101325804 A CN101325804 A CN 101325804A CN A2007101451465 A CNA2007101451465 A CN A2007101451465A CN 200710145146 A CN200710145146 A CN 200710145146A CN 101325804 A CN101325804 A CN 101325804A
Authority
CN
China
Prior art keywords
authenticator
key information
migrated
needs
network device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA2007101451465A
Other languages
Chinese (zh)
Other versions
CN101325804B (en
Inventor
梁文亮
吴建军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN2007101451465A priority Critical patent/CN101325804B/en
Priority to PCT/CN2008/071254 priority patent/WO2008151569A1/en
Publication of CN101325804A publication Critical patent/CN101325804A/en
Application granted granted Critical
Publication of CN101325804B publication Critical patent/CN101325804B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

一种获取密钥的方法、设备及系统,其用于在认证器发生迁移后为需要获取密钥信息的网络设备获取密钥信息。且其包括:首先,需要获取密钥信息的网络设备接收用于表示发生认证器迁移的指示信息后,向迁移后的认证器发送密钥请求,并接收所述认证器返回的密钥信息。因此,本发明的实现可以在认证器发生迁移后,保证移动用户的需要获取密钥信息的网络设备可以获得相应的密钥信息,以使得后续通信过程的顺利进行,从而可以有效提高无线通信系统的通信性能。

Figure 200710145146

A method, device and system for obtaining keys, which are used to obtain key information for network devices that need to obtain key information after an authenticator is migrated. And it includes: firstly, after the network device that needs to obtain the key information receives the indication information indicating that the authenticator has migrated, it sends a key request to the migrated authenticator, and receives the key information returned by the authenticator. Therefore, the implementation of the present invention can ensure that the mobile user's network device that needs to obtain the key information can obtain the corresponding key information after the authenticator is migrated, so that the subsequent communication process can be carried out smoothly, thereby effectively improving the wireless communication system. communication performance.

Figure 200710145146

Description

Method, device and system for obtaining secret key
Technical Field
The invention relates to the technical field of network communication, in particular to an implementation scheme for acquiring a secret key under the condition that an authenticator is migrated.
Background
With the rapid development of internet services and the wide application of wireless networks, the security of mobile users has put higher demands on wireless systems, i.e. besides the corresponding processes of device authentication, user authentication, service authorization, etc., it is also necessary to establish a corresponding security channel between an AP (wireless user and access point) or a BS (base station) to implement corresponding secret information exchange, and to establish a security channel between a BS and an Authenticator (Authenticator), an Authenticator and an authentication server to implement secret information exchange, etc.
In a wireless network, a mobile subscriber needs to initiate authentication to an authenticator such as a NAS (network access server), and after the authentication is passed, an FA (foreign agent) of the mobile subscriber acquires corresponding key information through communication with the NAS, so as to be applied in a subsequent communication process.
After the mobile subscriber MS performs the re-authentication operation, the process of the FA obtaining the key is as shown in fig. 1, and the corresponding process includes the following steps:
step 1, the MS successfully accesses and authenticates through NAS 1;
specifically, NAS1 may initiate a corresponding authentication process to the AAA server, complete a corresponding authentication operation, and determine that the MS authentication passes;
step 2, the FA sends a request to the NAS1 when needing the MN-FA secret key or the FA-HA secret key so as to request to acquire the corresponding MN-FA secret key or the FA-HA secret key;
step 3, the MS is subjected to reauthentication through NAS 1;
similar to the authentication process, the re-authentication operation can be specifically sent to the AAA server through the NAS1 to complete the corresponding re-authentication process;
step 4, MS sends MIP-RRQ (MIP registration) message to FA, carries authentication extension calculated by new key, and SPI (security parameter index) is also calculated by FA-RK generated after re-authentication or generated by other methods;
step 5, after receiving the registration message, the FA compares the SPI carried in the MIP-RRQ message, determines that the SPI changes, namely re-authentication occurs, and then requests the NAS1 for key updating information;
that is, since re-authentication occurs in step 3, the key information on both NAS1 and the MS has been updated, but the FA does not know re-authentication and updated key information, so the FA needs to request the updated key information from NAS 1;
and 6, after the FA obtains the key, the FA can continue to process the MIP-RRQ message to complete the subsequent processing process.
It should be noted that, in the above processing procedure, no matter whether re-authentication occurs, if the FA migrates, step 5 will be executed to request the NAS1 for the key after the FA receives the MIP-RRQ message, so as to obtain the current key for completing the subsequent processing procedure.
In the process of implementing the invention, the inventor finds that at least the following problems exist in the prior art:
in the above processing procedure, if NAS migration still occurs during the re-authentication of the MS, the FA cannot obtain key information from the migrated NAS, so that the FA cannot process the received MIP-RRQ message after the NAS migration occurs.
Disclosure of Invention
Embodiments of the present invention provide a method, a device, and a system for obtaining a key, so that a network device that needs to obtain key information can still obtain corresponding key information when an authenticator is migrated, thereby ensuring smooth proceeding of a subsequent communication process.
The embodiment of the invention provides a method for acquiring a key, which is used for acquiring key information for network equipment needing to acquire the key information after an authenticator is migrated, and the method comprises the following steps:
after receiving the indication information for indicating that the authenticator is migrated, the network device which needs to acquire the key information sends a key request to the migrated authenticator, receives the key information returned by the authenticator, and acquires the key information corresponding to the terminal.
The invention also provides a method for obtaining the key, which is used for obtaining the key information for the network equipment needing to obtain the key information after the re-authentication, and the method comprises the following steps:
after receiving the indication information for indicating that the re-authentication occurs, the network device which needs to acquire the key information receives the key information corresponding to the terminal sent by the authenticator.
An embodiment of the present invention provides a network device, including:
the authentication device migration determining unit is used for determining the authentication device corresponding to the terminal to generate migration according to the received indication information for indicating the generation of the authentication device migration;
and the key request acquisition unit is used for sending a key request to the transferred authenticator after the authenticator transfer determination unit determines that the authenticator corresponding to the terminal is transferred, receiving the key information returned by the authenticator and acquiring the key information corresponding to the terminal.
The embodiment of the invention provides a system for acquiring a key, which comprises an authenticator and network equipment needing to acquire key information, wherein,
the authenticator is used for receiving a key request sent by the network equipment needing to acquire the key information and sending the generated key information corresponding to the terminal to the network equipment needing to acquire the key information;
the network device which needs to obtain the key information sends a key request to the transferred authenticator after receiving the indication information for indicating the transfer of the authenticator, and receives the key information returned by the authenticator.
The invention also provides a system for acquiring the key, which comprises an authenticator and a network device needing to acquire the key information, wherein,
the authenticator is used for sending the generated key information corresponding to the terminal to the network equipment needing to acquire the key information;
the network device which needs to acquire the key information is used for receiving the indication information which is used for indicating that the re-authentication occurs, and then receiving the key information which is sent by the authenticator and corresponds to the terminal.
The technical scheme provided by the embodiment of the invention can ensure that the network equipment needing to acquire the key information can acquire the corresponding key information after the authenticator is migrated, so that the subsequent communication process can be smoothly carried out. Therefore, the implementation of the embodiment of the invention can effectively improve the communication performance of the wireless communication system.
Drawings
FIG. 1 is a diagram illustrating a process of obtaining key information by an FA in the prior art;
fig. 2 is a first schematic diagram illustrating a process of acquiring key information by an FA in an embodiment of the present invention;
fig. 3 is a schematic diagram illustrating a processing procedure of acquiring key information by an FA in the embodiment of the present invention;
fig. 4 is a schematic diagram illustrating a third process of acquiring key information by the FA in the embodiment of the present invention;
FIG. 5 is a state machine diagram illustrating a process of obtaining key information by an FA in an embodiment of the present invention;
FIG. 6 is a schematic diagram of a complete process of an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a system according to an embodiment of the present invention.
Detailed Description
The embodiment of the invention is used for acquiring the key information for the network equipment needing to acquire the key information after the authenticator of the terminal migrates, namely after the network equipment needing to acquire the key information receives the indication information for indicating the generation of the authenticator migration, determining that the authenticator corresponding to the terminal migrates, and sending a key request to the migrated authenticator, thereby receiving the key information returned by the authenticator and acquiring the key information corresponding to the terminal.
In the embodiment of the present invention, the network device that needs to acquire the key information includes but is not limited to devices such as an FA (foreign agent), a BS (base station), or a GW (gateway), and the key information includes but is not limited to: at least one of a key, an SPI (security parameter index) and a life cycle.
In the implementation process of the embodiment of the present invention, the indication information for indicating that the authenticator migration occurs may be specifically sent to the network device that needs to acquire the key information by the authenticator after the migration or by the original authenticator (the authenticator before the migration) or by the terminal or by the HA (home agent) or by the AAA (authentication, accounting) server, so that the corresponding network device that needs to acquire the key information can learn the indication information. Optionally, the migrated authenticator, the original authenticator, the terminal, the HA, the AAA server, or other devices may also send the address of the migrated authenticator to the network device that needs to acquire the key information; if the original authenticator sends the address of the migrated authenticator to the network device which needs to acquire the key information, the authenticator also maintains the corresponding relationship between the terminal and the address of the migrated authenticator, and optionally sets a corresponding life cycle for the corresponding relationship, so that the maintained corresponding relationship information can be deleted after a predetermined time period, thereby releasing the occupied storage and management resources.
In the above processing procedure, if the terminal sends the indication information to the network device that needs to acquire the key information, the terminal needs to determine in advance that the authenticator migration occurs. The process of determining, by the terminal, that the authenticator migration occurs may specifically include: firstly, in the authentication process, the authenticator sends the self identification information to the terminal, so that the terminal can determine whether the authenticator migrates or not according to the comparison result of the currently received identification information of the authenticator and the previously received identification information of the authenticator; for example, the identification information may include: address information of the authenticator and/or the number of authenticator-to-gateway hops.
In the embodiment of the invention, after the transferred authenticator generates the key information corresponding to the terminal, the transferred authenticator can actively send the key information to the corresponding network equipment needing to acquire the key information; or, optionally, the migrated authenticator sends the generated key information corresponding to the terminal to the original authenticator, and the original authenticator sends the key information to the network device that needs to acquire the key information.
In the embodiment of the present invention, if the network device that needs to acquire the key information obtains the key information through the above processing procedure, optionally, after determining that the authenticator corresponding to the terminal is migrated, the network device that needs to acquire the key information may further determine whether the key information sent by the migrated authenticator is received, and if it is determined that the key information corresponding to the terminal generated by the migrated authenticator is not obtained, the network device may acquire the key information by sending a key request to the migrated authenticator.
In the specific implementation process of the embodiment of the present invention, before the network device that needs to acquire the key information sends the key request to the migrated authenticator, the operation of acquiring the address information of the migrated authenticator may be further included, so that the network device that needs to acquire the key information may acquire the address of the migrated authenticator, and the key request message may be conveniently sent to the network device. The specific manner that can be used to obtain the address information of the migrated authenticator includes: one can request to obtain the address information of the authenticator after the migration from the original authenticator before the migration; and the other is to receive the address information of the transferred authenticator which is actively sent by the transferred authenticator or the original authenticator.
In the migration process of the authenticator, if network equipment such as FA, BS or GW which needs to acquire key information also migrates, the authenticator after migration can firstly send the key information to the network equipment which needs to acquire the key information before migration, and the network equipment which needs to acquire the key information originally sends the key information to the network equipment which needs to acquire the key information after migration; alternatively, the network device that originally needs to acquire the key information may send information such as an instruction to migrate the network device that needs to acquire the key information or an address of the network device that needs to acquire the key information after migration to the authenticator after migration, or the network device that needs to acquire the key information after migration may send an instruction to migrate the network device that needs to acquire the key information or an address of the network device that needs to acquire the key information after migration to the authenticator after migration, so that the authenticator after migration may send the key information to the network device that needs to acquire the key information after migration.
In the following, by taking an FA as a network device that needs to acquire key information as an example, the specific implementation process of the corresponding processing procedure for acquiring key information is described in different cases:
(1) the FA completes the migration before the NAS, and the new FA obtains the address of the original authenticator
In this case, the new FA after migration is taken as the current FA of the terminal, and the processing procedure is adopted to ensure that the network device which needs to acquire the key information can acquire the corresponding key information;
(2) the NAS completes the migration before the FA, and the original FA acquires the address of the new NAS
In this case, the new FA after migration can obtain a new NAS address during the migration process, which enables the network device that needs to obtain the key information to easily obtain the corresponding key information; for example, the FA after migration sends an indication of FA migration or an address of the FA after migration to the new NAS, or the original FA sends information such as an indication of FA migration or an address of the new FA to the new NAS, and then the new NAS sends the key information to the FA after migration, so that the new NAS sends the key information to the new FA;
(3) in the FA migration process, the original NAS is performing NAS migration at the moment
In this case, the new FA needs to request the key from the original NAS, and the sending of the key information to the new FA by the original NAS may specifically include:
if the original NAS informs that the new FA is carrying out NAS migration, the new FA is also informed of the address of the new NAS, the new FA sends a key request to the new NAS, if re-authentication is completed, the new NAS replies new key information, and if not, a command for enabling the new FA to wait is replied or the new key information is sent to the new FA after the re-authentication is completed;
if the original NAS only notifies the new FA that NAS migration is currently performed, but does not notify the new FA of the address of the new NAS after migration, the new FA may request the new NAS address from the original NAS (that is, the authenticator after migration may first send the key information to the original FA, and then the original FA sends the key information to the FA after migration), or wait for the new NAS to actively update the key.
In the embodiment of the invention, before the authenticator corresponding to the terminal is determined to be migrated, the network equipment which needs to acquire the key information also needs to determine whether the terminal is re-authenticated, so that whether the authenticator corresponding to the terminal is migrated is further determined under the condition that the terminal is determined to be re-authenticated, and the problem of acquiring the key information under the condition that the authenticator is migrated is further solved by utilizing the embodiment of the invention. The operation of determining whether the terminal is re-authenticated by the network device that needs to acquire the key information may specifically include: storing an SPI (security parameter index) between a terminal and a home agent in network equipment needing to acquire key information, if the SPI in a registration request sent by the terminal or other equipment is different from the stored SPI between the terminal and the home agent, determining that re-authentication aiming at the terminal occurs, otherwise, determining that re-authentication does not occur; or, the network device that needs to acquire the key information may also determine whether the terminal performs the re-authentication operation according to an explicit re-authentication indication or implicit re-authentication indication information in the received message.
Taking the FA as the network device that needs to acquire the key information as an example, the key information that the FA needs to acquire may be MIP key information. The embodiment of the invention can solve the problem that the MIP key can not be obtained due to the migration of the NAS in the process of updating the MIP key by the FA, reduces the competition scene and the time for obtaining the key, and provides an implementation scheme for obtaining the effective MIP key by the FA. It should be noted that the embodiments of the present invention are not limited to the specific examples.
In the re-authentication process for the terminal, the authentication device may be migrated or may be directly performed on the original authentication device. When the authenticator migrates, the FA needs to be informed of the address information of the new authenticator so that the FA subsequently requests the key information. The FA migration and the authenticator migration are independent of each other, i.e. may or may not occur simultaneously.
The following describes a specific implementation process of the embodiment of the present invention, taking an application scenario in which NAS as an authenticator migrates and key information that an FA needs to acquire includes an MN-FA key as an example. In this scenario, the corresponding processing procedure is as shown in fig. 2, fig. 3, and fig. 4, and specifically includes the following steps:
step 1, the MS successfully accesses and authenticates through NAS 1;
step 2, the FA sends a request to NAS1 when needing the MN-FA key, specifically, the request can be obtained by sending a context request to NAS 1;
step 3, re-authentication of the MS is performed through NAS2, namely NAS migration occurs;
in the re-authentication process, the key information on the NAS2 and the MS is updated, but the FA does not know that the re-authentication event occurs, nor does the FA know the updated key information;
step 4, after re-authentication, devices such as MS or HA (home agent) (only MS is drawn in the figure) send MIP-RRQ message to FA, where the message carries authentication extension of new key calculation, where SPI is also obtained by calculation of FA-RK generated after re-authentication, or may be other indication information that may be used to determine whether re-authentication occurs;
step 5, after receiving the message, the FA compares whether the SPI carried in the MIP-RRQ message is the same as the locally maintained SPI, and if it is determined that the change occurs (re-authentication is determined), or it is determined that re-authentication occurs according to the indication information, the updated key information is obtained, and specifically, the context request can still be sent to the NAS2 to request to obtain the corresponding key;
in this step, if the FA migrates, after obtaining the address of the original NAS, the new FA is in the same state, that is, knows the address information of the original NAS and needs to obtain MIP key information;
in this step, there may be, but is not limited to, three specific implementation processes for requesting the NAS to acquire the updated key, and as shown in fig. 2, fig. 3, and fig. 4, each implementation process is:
(1) as shown in fig. 2, in the migration process of the NAS2, if the message of the NAS2 notifying the FA has not reached the FA, the FA requests the NAS1 for the key update information; and a NAS migration indication and/or a new NAS address (i.e., NAS2 address) is returned to it by NAS 1; then, the FA sends a key request message to the NAS2 to request to acquire corresponding MIP key information;
(2) as shown in fig. 3, in the migration process of the NAS2, if the message of the NAS2 notifying the FA has not reached the FA, the FA requests the NAS1 for the key update information; and returning, by the NAS1, the NAS migration indication and/or the new NAS address (i.e., NAS2 address) to the FA; before the FA sends the key request message to the NAS2, the notification message migrated by the NAS2 reaches the FA, and if the message carries the updated key and the context information, the FA does not send the key request any more; otherwise, the FA continues to send a key request to the NAS2 to request to acquire corresponding MIP key information;
(3) as shown in fig. 4, in the migration process of the NAS2, the NAS2 notifies the FA that the message of the FA has reached the FA, and if the message carries the updated key and the context information, the FA no longer sends the key request to the NAS 2; otherwise, the FA continues to send key requests to NAS2 to request to obtain corresponding MIP key information.
It should be noted that, if the FA is also migrated and an update message of the NAS2 is sent to the original FA, the original FA needs to forward the update message to the new FA, so that the new FA can still conveniently obtain the corresponding MIP key information, or an indication of FA migration or an address of the new FA is returned to the NAS2, and then the NAS2 sends the key information to the new FA.
Through the processing procedures of the steps 1 to 5, after the FA obtains the updated key information, the FA can continue to process the MIP-RRQ message.
Based on the situation that the MIP-RRQ message only carries the information whether to re-authenticate in the application scenario, an embodiment of the present invention further provides another specific implementation, in which it is considered that the MIP-RRQ message carries the indication information whether the NAS migrates, and a corresponding processing procedure is as shown in fig. 5, which may specifically include the following procedures:
step 1, authentication for the first time, wherein the NAS1 sends the address of the NAS or the hop count from the NAS to the serving GW (gateway) to the MS and records the address or the hop count in the EAP process;
step 2, re-authentication, the MS also obtains NAS1 address or the hop count from NAS to serving GW, and compares the obtained address or hop count with the previously recorded address or hop count information (i.e. the information recorded in step 1), and if the obtained address or hop count information is the same as the previously recorded address or hop count information, it is determined that NAS migration has not occurred;
step 3, the MS sends indication information carried in the MIP-RRQ to indicate re-authentication but no NAS migration, where the indication information may be: SPI different algorithms, or, a separate extension header;
the specific implementation process comprises the following steps: the single number of the SPI may indicate that the NAS has migrated, and the double number indicates that the NAS has not migrated; if the extended header mode is adopted, the extended header can directly contain a type to represent the migration state of the NAS, or directly contain the address information of the current NAS;
step 4, re-authentication, the MS also obtains NAS2 address or the hop count from NAS to serving GW, and compares the obtained address or hop count with the previously recorded address or hop count information (i.e. the information recorded in step 1), if the difference is found, it is confirmed that NAS has migrated;
and step 5, the MS sends indication information carried in the MIP-RRQ to indicate that the MS is subjected to re-authentication and occurs along with NAS migration.
Based on the above processing procedure, the processing procedure adopted by the FA after receiving the corresponding MIP-RRQ message may specifically be:
(1) after receiving the MIP-RRQ message, if the message does not carry NAS address information, the FA carries out processing according to the indication information of the MIP-RRQ message: if the authentication is not re-authenticated, continuing the processing; if the NAS is not migrated in the re-authentication process, requesting a key from the original NAS; if the new NAS is re-authenticated and the NAS is migrated, waiting for the new NAS to actively send the notification information, and if the notification information sent by the new NAS does not carry the key information required by the FA, requesting the corresponding key information from the new NAS, or requesting new NAS information or updated key information from the original NAS;
(2) after receiving the MIP-RRQ message, the FA may directly request the indicated NAS for the key information if the MIP-RRQ message directly carries the NAS address information.
In order to further understand the implementation process of obtaining the MIP key by the FA, the following will further describe a corresponding processing procedure by taking the example of obtaining the MN-FA key in the MIP key with reference to the drawings.
As shown in fig. 6, the process of implementing the state machine of the FA includes the following steps:
step 1, FA receives MIP-RRQ message;
step 2, judging whether a local MN-FA secret key exists, if so, executing step 3, otherwise, executing step 7;
step 3, comparing whether the SPI in the received MIP-RRQ message is the same as the SPI stored locally, if so, namely the two SPIs are consistent, indicating that re-authentication does not occur, executing step 15, otherwise, indicating that re-authentication occurs, and executing step 4;
step 4, judging whether NAS migration occurs, if so, executing step 5, otherwise, executing step 6, and specifically, but not limited to, judging whether NAS migration occurs according to an indication that indicates whether NAS migration is received, such as Context-Rpt (Context report) sent by SPI or new NAS;
in this step, if it is temporarily not possible to determine whether NAS migration has occurred, step 7 is performed;
it should be noted that, in this step, if it is determined that migration occurs, it may further be determined whether a new NAS key has been received, if so, step 15 is executed, otherwise, step 5 is executed; the received key of the new NAS may be directly transmitted by the new NAS or may be a key of the new NAS transmitted from the original NAS and received by the new NAS;
step 5, judging whether the FA already knows the address of the new NAS after the migration, if so, executing step 8, otherwise, executing step 9;
and 6, the FA requests the original NAS to acquire the MN-FA, and executes the step 15.
Step 7, the FA requests the original NAS to acquire the MN-FA, or directly sets a clock and waits to receive information from the authenticator (authenticator for re-authentication), if NAS feedback information is received from the original NAS, step 10 is executed, and if the FA receives indication information sent by a new NAS, step 12 is executed;
after receiving the information, terminating the set clock; discarding the MIP-RRQ message if the clock expires without receiving information from an authenticator;
and step 8, the FA requests the new NAS after the migration to acquire the MN-FA, and step 15 is executed.
Step 9, the FA waits for the indication of the new NAS, or inquires the address of the new NAS or the MN-FA to the original NAS, and executes step 12 after receiving the indication of the new NAS or the feedback of the original NAS; the received indication of the new NAS or the feedback of the original NAS can be MN-FA of the new NAS or the address of the new NAS;
step 10, the FA judges whether NAS migration occurs or not according to feedback information returned by the original NAS, if so, the step 12 is executed, otherwise, the step 11 is executed;
also, in this step, it may be, but is not limited to, determining whether NAS migration occurs according to an indication indicating whether NAS migration is received, such as SPI or Context-Rpt (Context report);
step 11, if the feedback information sent by the original NAS does not carry the MN-FA, a request is sent to the original NAS to request to acquire the corresponding MN-FA, step 15 is executed after the MN-FA is acquired, and if the original NAS already carries the MN-FA in the feedback information, step 15 is directly executed.
Step 12, judging whether the new NAS already sends the corresponding MN-FA to the FA, namely judging whether the FA receives the MN-FA, if so, executing step 13, otherwise, acquiring the address of the new NAS from the received indication of the new NAS or the feedback information of the original NAS, and executing step 14;
step 13, the FA acquires MN-FA from the information sent by the new NAS and executes step 15;
step 14, according to the address of the new NAS, the FA requests to acquire a corresponding MA-FA from the new NAS, and step 15 is executed after the MN-FA is acquired;
and step 15, the FA processes the received MIP-RRQ message according to the acquired key information.
An embodiment of the present invention further provides a system for acquiring a key by a network device, where a specific implementation structure of the system is shown in fig. 7, and the system may specifically include the following processing units:
authentication device
The method is used for receiving a key request sent by a network device that needs to acquire key information, and sending generated key information corresponding to a terminal to the network device that needs to acquire the key information, and specifically may include:
(1) a key request receiving unit, configured to receive a key request sent by a network device that needs to acquire key information;
(2) and the key information sending unit is used for sending the generated key information corresponding to the terminal to the network equipment needing to acquire the key information after the key request receiving unit receives the key request.
Optionally, the authenticator may further include a migration indication sending unit, configured to send indication information indicating that the authenticator migration occurs to the network device that needs to acquire the key information; the authenticator can be specifically an authenticator after migration or an original authenticator before migration; if the migration indication sending unit is arranged in the original authenticator and needs to send the address of the migrated authenticator to the network device needing to acquire the key information, the authenticator further comprises a terminal information maintenance unit for maintaining the corresponding relationship between the terminal and the address of the migrated authenticator, and optionally setting a corresponding life cycle for the corresponding relationship.
Any one of the following units may be included in the authenticator:
the key information direct sending unit is used for directly and actively sending the key information generated by the transferred authenticator to the network equipment needing to acquire the key information;
and the key information indirect transfer unit is used for sending the key information generated by the transferred authenticator to the original authenticator and sending the key information to the network equipment needing to acquire the key information by the original authenticator.
In order for the terminal to determine whether the authenticator migrates, the authenticator may further include an identification information transmitting unit for transmitting address information of the authenticator or the number of hops from the authenticator to the gateway as identification information to the terminal.
(II) network equipment
The network device is a network device which needs to acquire key information, and after receiving indication information for indicating that the authenticator is migrated, the network device sends a key request to the migrated authenticator and receives the key information returned by the authenticator.
Specifically, the network device that needs to acquire the key information may specifically include:
(1) the authentication device migration determining unit is used for determining the authentication device corresponding to the terminal to generate migration according to the received indication information for indicating the generation of the authentication device migration;
(2) and the key request acquisition unit is used for sending a key request to the transferred authenticator after the authenticator transfer determination unit determines that the authenticator corresponding to the terminal is transferred, and is used for receiving the key information returned by the authenticator and acquiring the key corresponding to the terminal.
Optionally, the network device that needs to acquire the key information may further include a determination processing unit, configured to notify the key request acquisition unit if it is determined that the key information generated by the authenticator after the transfer is not acquired after the authenticator transfer determination unit determines that the authenticator transfer occurs.
Optionally, the network device that needs to acquire the key information may further include an authenticator address acquisition unit, configured to receive and acquire address information of the migrated authenticator sent by the migrated authenticator or the original authenticator, and notify the key request acquisition unit, so as to send a key request according to the address information.
Optionally, the network device that needs to obtain the key information may further include any one of the following units:
the key information forwarding unit is used for receiving the key information sent by the transferred authenticator and sending the key information to the transferred network equipment needing to acquire the key information;
the network equipment migration notification unit is used for returning an instruction of network equipment migration needing to acquire the key information or address information of the network equipment needing to acquire the key information after the migration to the authenticator after receiving the key information sent by the authenticator after the migration; or actively sending an instruction of network equipment migration needing to acquire key information or address information of the network equipment needing to acquire the key information after migration to the authenticator after migration; so that the authenticator after migration can send the key information to the network device after migration which needs to acquire the key information.
(III) terminal
In some application scenarios, the terminal may further send, to the network device that needs to acquire the key information, indication information for indicating that the authenticator corresponding to the terminal migrates, so that the terminal may further include a processing unit for determining whether the authenticator migrates, and specifically may include:
the migration determining unit is used for receiving the identification information sent by the authenticator in the authentication process, comparing the currently received identification information of the authenticator with the previously received identification information of the authenticator and determining whether the authenticator migrates;
and the indication information transmission unit is used for sending indication information for indicating that the authenticator migration occurs to the network equipment needing to acquire the key information after the migration determination unit determines that the migration occurs.
In summary, the embodiment of the present invention solves the problem that the updated MIP key cannot be obtained when the NAS migrates during the updating of the MIP key by the FA, so as to eliminate the competition scenario as much as possible and reduce the time for obtaining the key as much as possible.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (24)

1、一种获取密钥的方法,其特征在于,用于在认证器发生迁移后为需要获取密钥信息的网络设备获取密钥信息,且该方法包括:1. A method for obtaining a key, characterized in that it is used to obtain key information for a network device that needs to obtain key information after the authenticator is migrated, and the method includes: 需要获取密钥信息的网络设备接收用于表示发生认证器迁移的指示信息后,向迁移后的认证器发送密钥请求,并接收所述认证器返回的密钥信息,获取该终端对应的密钥信息。After the network device that needs to obtain the key information receives the indication information indicating that the authenticator has migrated, it sends a key request to the migrated authenticator, receives the key information returned by the authenticator, and obtains the key corresponding to the terminal. key information. 2、根据权利要求1所述的方法,其特征在于,所述的用于表示发生认证器迁移的指示信息由迁移后的认证器或原认证器或终端或家乡代理或AAA服务器向需要获取密钥信息的网络设备发送,可选地,所述的迁移后的认证器或原认证器或终端或家乡代理或AAA服务器还将迁移后的认证器的地址发送给需要获取密钥信息的网络设备。2. The method according to claim 1, characterized in that, the instruction information used to indicate the occurrence of authenticator migration is provided by the migrated authenticator or the original authenticator or the terminal or the home agent or the AAA server. Optionally, the migrated authenticator or original authenticator or terminal or home agent or AAA server also sends the address of the migrated authenticator to the network device that needs to obtain the key information . 3、根据权利要求2所述的方法,其特征在于,在由终端发送所述指示信息时,该方法还包括:3. The method according to claim 2, characterized in that when the terminal sends the indication information, the method further comprises: 在认证的过程中,由网络侧将认证器的识别信息发送给终端;During the authentication process, the identification information of the authenticator is sent to the terminal by the network side; 终端根据当前收到的认证器的识别信息与之前收到的认证器的识别信息进行比较,确定认证器是否发生迁移。The terminal compares the currently received identification information of the authenticator with the previously received identification information of the authenticator to determine whether the authenticator has migrated. 4、根据权利要求3所述的方法,其特征在于,所述的识别信息包括:认证器的地址信息、认证器的标识信息和认证器到网关的跳数中的至少一项。4. The method according to claim 3, wherein the identification information includes: at least one item of address information of the authenticator, identification information of the authenticator, and hop counts from the authenticator to the gateway. 5、根据权利要求1至4任一项所述的方法,其特征在于,还包括:5. The method according to any one of claims 1 to 4, further comprising: 迁移后的认证器生成终端对应的密钥信息后,主动将所述密钥信息发送给所述需要获取密钥信息的网络设备;或者,After the migrated authenticator generates the key information corresponding to the terminal, it actively sends the key information to the network device that needs to obtain the key information; or, 迁移后的认证器将生成的终端对应的密钥信息发送给原认证器,并由原认证器发送给所述需要获取密钥信息的网络设备。The migrated authenticator sends the generated key information corresponding to the terminal to the original authenticator, and the original authenticator sends it to the network device that needs to obtain the key information. 6、根据权利要求5所述的方法,其特征在于,在所述的需要获取密钥信息的网络设备确定终端对应的认证器发生迁移后,该方法还包括:6. The method according to claim 5, characterized in that, after the network device that needs to obtain key information determines that the authenticator corresponding to the terminal has migrated, the method further includes: 需要获取密钥信息的网络设备在确定未获取到迁移后的认证器生成的终端对应的密钥信息后,执行向迁移后的认证器发送密钥请求的步骤。The network device that needs to obtain key information performs the step of sending a key request to the migrated authenticator after determining that the key information corresponding to the terminal generated by the migrated authenticator has not been obtained. 7、根据权利要求1至4任一项所述的方法,其特征在于,所述的需要获取密钥信息的网络设备向迁移后的认证器发送密钥请求之前还包括获取迁移后的认证器的地址信息的步骤,且该步骤包括:7. The method according to any one of claims 1 to 4, characterized in that before the network device that needs to obtain key information sends a key request to the migrated authenticator, it also includes obtaining the migrated authenticator The steps of address information, and the steps include: 从原认证器请求获取迁移后的认证器的地址信息;或者,接收迁移后的认证器或原认证器或终端或家乡代理或AAA服务器主动发送来的迁移后的认证器的地址信息。Request to obtain the address information of the migrated authenticator from the original authenticator; or receive the address information of the migrated authenticator actively sent by the migrated authenticator or the original authenticator or terminal or home agent or AAA server. 8、根据权利要求1至4任一项所述的方法,其特征在于,在认证器迁移过程中,若需要获取密钥信息的网络设备也发生迁移,则该方法还包括以下任一步骤:8. The method according to any one of claims 1 to 4, characterized in that, during the authenticator migration process, if the network device that needs to obtain the key information is also migrated, the method further includes any of the following steps: 迁移后的认证器将密钥信息通过原需要获取密钥信息的网络设备发送给迁移后的需要获取密钥信息的网络设备;The migrated authenticator sends the key information to the migrated network device that needs to obtain the key information through the original network device that needs to obtain the key information; 由迁移后的需要获取密钥信息的网络设备向迁移后的认证器发送需要获取密钥信息的网络设备迁移的指示或迁移后的需要获取密钥信息的网络设备的地址,并由迁移后的认证器将密钥信息发送给迁移后的需要获取密钥信息的网络设备;The migrated network device that needs to obtain the key information sends the migration instruction of the network device that needs to obtain the key information or the address of the migrated network device that needs to obtain the key information to the migrated authenticator, and the migrated network device needs to obtain the key information. The authenticator sends the key information to the migrated network device that needs to obtain the key information; 原需要获取密钥信息的网络设备向迁移后的认证器发送需要获取密钥信息的网络设备迁移的指示或迁移后的需要获取密钥信息的网络设备的地址,由迁移后的认证器将密钥信息发送给迁移后的需要获取密钥信息的网络设备。The original network device that needs to obtain the key information sends an instruction to migrate the network device that needs to obtain the key information or the address of the migrated network device that needs to obtain the key information to the migrated authenticator. The key information is sent to the migrated network device that needs to obtain the key information. 9、根据权利要求1至4任一项所述的方法,其特征在于,在确定终端对应的认证器发生迁移之前,还包括需要获取密钥信息的网络设备确定终端已发生重认证的步骤,且该步骤具体包括:9. The method according to any one of claims 1 to 4, characterized in that, before determining that the authenticator corresponding to the terminal has migrated, the network device that needs to obtain the key information further includes the step of determining that the terminal has re-authenticated, And this step specifically includes: 需要获取密钥信息的网络设备中保存终端与家乡代理之间的安全参数索引SPI,若收到的注册请求中终端与家乡代理之间的SPI与保存的SPI不同,则确定发生重认证。The security parameter index SPI between the terminal and the home agent is saved in the network device that needs to obtain the key information. If the SPI between the terminal and the home agent in the received registration request is different from the saved SPI, it is determined that re-authentication occurs. 10、一种获取密钥的方法,其特征在于,用于在重认证后为需要获取密钥信息的网络设备获取密钥信息,且该方法包括:10. A method for obtaining a key, characterized in that it is used to obtain key information for a network device that needs to obtain key information after re-authentication, and the method includes: 需要获取密钥信息的网络设备接收用于表示发生重认证的指示信息后,接收认证器发送的该终端对应的密钥信息。The network device that needs to obtain the key information receives the key information corresponding to the terminal sent by the authenticator after receiving the indication information indicating that re-authentication has occurred. 11、根据权利要求10所述的方法,其特征在于,所述认证器是进行重认证的认证器。11. The method of claim 10, wherein the authenticator is an authenticator performing re-authentication. 12、根据权利要求11所述的方法,其特征在于,需要获取密钥信息的网络设备接收用于表示发生重认证的指示信息后,启动一个定时器,在定时器有效期内接收所述该终端对应的密钥信息。12. The method according to claim 11, wherein the network device that needs to obtain the key information starts a timer after receiving the indication information indicating that re-authentication has occurred, and receives the terminal within the validity period of the timer. corresponding key information. 13、根据权利要求12所述的方法,其特征在于,如果在定时器有效期内没有接收到所述密钥信息,丢弃终端发送的移动IP注册请求。13. The method according to claim 12, wherein if the key information is not received within the validity period of the timer, the mobile IP registration request sent by the terminal is discarded. 14、一种网络设备,其特征在于,包括:14. A network device, characterized by comprising: 认证器迁移确定单元,用于根据接收到的用于表示发生认证器迁移的指示信息确定终端对应的认证器发生迁移;The authenticator migration determination unit is configured to determine that the authenticator corresponding to the terminal has migrated according to the received indication information indicating that the authenticator migration has occurred; 密钥请求获取单元,用于在所述认证器迁移确定单元确定终端对应的认证器发生迁移后,向迁移后的认证器发送密钥请求,并用于接收所述认证器返回的密钥信息,获取该终端对应的密钥信息。a key request acquisition unit, configured to send a key request to the migrated authenticator after the authenticator migration determination unit determines that the authenticator corresponding to the terminal has migrated, and to receive key information returned by the authenticator, Obtain the key information corresponding to the terminal. 15、根据权利要求14所述的设备,其特征在于,该设备还包括判断处理单元,用于在所述认证器迁移确定单元确定发生认证器迁移后,若确定未获取到迁移后的认证器生成的密钥信息,则通知所述密钥请求获取单元。15. The device according to claim 14, characterized in that the device further comprises a judging processing unit, configured to, after the authenticator migration determining unit determines that authenticator migration occurs, if it is determined that the migrated authenticator has not been obtained The generated key information is notified to the key request acquisition unit. 16、根据权利要求14或15所述的设备,其特征在于,该设备还包括认证器地址获取单元,用于接收并获取迁移后的认证器或原认证器发送来的迁移后的认证器的地址信息,并通知所述密钥请求获取单元。16. The device according to claim 14 or 15, characterized in that the device further comprises an authenticator address acquisition unit, configured to receive and acquire the address of the migrated authenticator or the migrated authenticator sent by the original authenticator. Address information, and notify the key request acquisition unit. 17、一种获取密钥的系统,其特征在于,包括认证器和需要获取密钥信息的网络设备,其中,17. A system for obtaining a key, characterized in that it includes an authenticator and a network device that needs to obtain key information, wherein, 认证器,用于接收需要获取密钥信息的网络设备发来的密钥请求,并向需要获取密钥信息的网络设备发送其生成的终端对应的密钥信息;The authenticator is used to receive the key request sent by the network device that needs to obtain the key information, and send the generated key information corresponding to the terminal to the network device that needs to obtain the key information; 需要获取密钥信息的网络设备,接收用于表示发生认证器迁移的指示信息后,向迁移后的认证器发送密钥请求,接收所述认证器返回的密钥信息。A network device that needs to obtain key information sends a key request to the migrated authenticator after receiving the indication information indicating that authenticator migration occurs, and receives the key information returned by the authenticator. 18、根据权利要求17所述的系统,其特征在于,该系统还包括终端,且该终端包括:18. The system according to claim 17, characterized in that the system further comprises a terminal, and the terminal comprises: 迁移确定单元,用于在认证的过程中,接收认证器发送来的识别信息,并根据当前收到的认证器的识别信息与之前收到的认证器的识别信息进行比较,确定认证器是否发生迁移;The migration determination unit is used to receive the identification information sent by the authenticator during the authentication process, and compare the currently received identification information of the authenticator with the previously received identification information of the authenticator to determine whether the authenticator has migrate; 指示信息传递单元,用于在所述迁移确定单元确定发生迁移后,向需要获取密钥信息的网络设备发送用于表示发生认证器迁移的指示信息。The indication information transmitting unit is configured to send indication information indicating that authenticator migration occurs to the network device that needs to obtain key information after the migration determination unit determines that migration occurs. 19、根据权利要求18所述的系统,其特征在于,所述认证器还包括识别信息发送单元,用于将认证器的地址信息或认证器到网关的跳数作为识别信息发送给所述终端。19. The system according to claim 18, wherein the authenticator further includes an identification information sending unit, configured to send the address information of the authenticator or the hop count from the authenticator to the gateway as identification information to the terminal . 20、根据权利要求17、18或19所述的系统,其特征在于,所述的认证器包括密钥请求接收单元和密钥信息发送单元,其中,20. The system according to claim 17, 18 or 19, wherein the authenticator includes a key request receiving unit and a key information sending unit, wherein, 密钥请求接收单元,用于接收需要获取密钥信息的网络设备发来的密钥请求;A key request receiving unit, configured to receive a key request from a network device that needs to obtain key information; 密钥信息发送单元,用于在所述密钥请求接收单元接收到密钥请求后,向需要获取密钥信息的网络设备发送其生成的终端对应的密钥信息;A key information sending unit, configured to send the generated key information corresponding to the terminal to the network device that needs to obtain the key information after the key request receiving unit receives the key request; 可选地,所述认证器还包括:Optionally, the authenticator also includes: 密钥信息直接发送单元,用于将迁移后的认证器生成的密钥信息后,直接发送给所述需要获取密钥信息的网络设备;或者,A key information direct sending unit, configured to directly send the key information generated by the migrated authenticator to the network device that needs to obtain the key information; or, 密钥信息间接传递单元,用于将迁移后的认证器将生成的密钥信息发送给原认证器,并由原认证器发送给所述需要获取密钥信息的网络设备。The key information indirect transfer unit is configured to send the key information generated by the migrated authenticator to the original authenticator, and the original authenticator sends the key information to the network device that needs to obtain the key information. 21、根据权利要求17、18或19所述的系统,其特征在于,所述的认证器还包括迁移指示发送单元,用于向需要获取密钥信息的网络设备发送用于表示发生认证器迁移的指示信息和/或者迁移后的认证器的地址。21. The system according to claim 17, 18 or 19, wherein the authenticator further includes a migration instruction sending unit, which is used to send a message indicating that authenticator migration occurs to the network device that needs to obtain key information. and/or the address of the migrated authenticator. 22、根据权利要求21所述的系统,其特征在于,若所述迁移指示发送单元向需要获取密钥信息的网络设备发送迁移后的认证器的地址,则所述的认证器还包括终端信息维护单元,用于维护终端与迁移后的认证器的地址之间的对应关系,可选地针对该对应关系设置对应的生存周期。22. The system according to claim 21, wherein if the migration instruction sending unit sends the address of the migrated authenticator to the network device that needs to obtain key information, the authenticator further includes terminal information The maintenance unit is configured to maintain the corresponding relationship between the terminal and the address of the authenticator after migration, and optionally set a corresponding lifetime for the corresponding relationship. 23、根据权利要求17、18或19所述的系统,其特征在于,所述的需要获取密钥信息的网络设备中还包括:23. The system according to claim 17, 18 or 19, characterized in that the network device that needs to obtain key information further includes: 密钥信息转发单元,用于接收迁移后的认证器发来的密钥信息,并发送给迁移后的需要获取密钥信息的网络设备;或者,A key information forwarding unit, configured to receive the key information sent by the migrated authenticator, and send it to the migrated network device that needs to obtain the key information; or, 网络设备迁移通知单元,用于在接收迁移后的认证器发来的密钥信息后,向迁移后的认证器返回需要获取密钥信息的网络设备迁移的指示或迁移后的需要获取密钥信息的网络设备的地址信息;或者,主动向迁移后的认证器发送需要获取密钥信息的网络设备迁移的指示或迁移后的需要获取密钥信息的网络设备的地址信息。The network device migration notification unit is used to return to the migrated authenticator an indication of the migration of the network device that needs to obtain the key information or the need to obtain the key information after the migration after receiving the key information sent by the migrated authenticator or actively send to the migrated authenticator an indication of the migration of the network device that needs to obtain the key information or the address information of the migrated network device that needs to obtain the key information. 24、一种获取密钥的系统,其特征在于,包括认证器和需要获取密钥信息的网络设备,其中,24. A system for obtaining a key, characterized in that it includes an authenticator and a network device that needs to obtain key information, wherein, 认证器,用于向需要获取密钥信息的网络设备发送其生成的终端对应的密钥信息;The authenticator is used to send the generated key information corresponding to the terminal to the network device that needs to obtain the key information; 需要获取密钥信息的网络设备,用于接收用于表示发生重认证的指示信息后,接收认证器发送的该终端对应的密钥信息。The network device that needs to obtain the key information is configured to receive the key information corresponding to the terminal sent by the authenticator after receiving the indication information indicating that re-authentication occurs.
CN2007101451465A 2007-06-11 2007-08-23 Method, device and system for acquiring cryptographic key Expired - Fee Related CN101325804B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN2007101451465A CN101325804B (en) 2007-06-11 2007-08-23 Method, device and system for acquiring cryptographic key
PCT/CN2008/071254 WO2008151569A1 (en) 2007-06-11 2008-06-10 Method, device and system for acquiring key

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
CN200710112367.2 2007-06-11
CN200710112367 2007-06-11
CN200710136389.2 2007-07-26
CN200710136389 2007-07-26
CN2007101451465A CN101325804B (en) 2007-06-11 2007-08-23 Method, device and system for acquiring cryptographic key

Publications (2)

Publication Number Publication Date
CN101325804A true CN101325804A (en) 2008-12-17
CN101325804B CN101325804B (en) 2011-04-20

Family

ID=40189067

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2007101451465A Expired - Fee Related CN101325804B (en) 2007-06-11 2007-08-23 Method, device and system for acquiring cryptographic key

Country Status (1)

Country Link
CN (1) CN101325804B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012022185A1 (en) * 2010-08-18 2012-02-23 中兴通讯股份有限公司 Air interface key update method, core network node and user equipment
CN106559913A (en) * 2015-09-25 2017-04-05 展讯通信(上海)有限公司 Data transfer control method when mobile terminal and its LTE and WLAN are converged

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7346772B2 (en) * 2002-11-15 2008-03-18 Cisco Technology, Inc. Method for fast, secure 802.11 re-association without additional authentication, accounting and authorization infrastructure
CN1658553B (en) * 2004-02-20 2011-04-27 中国电子科技集团公司第三十研究所 A Strong Authentication Method Using Public Key Cryptography Algorithm Encryption Mode
CN100561914C (en) * 2005-08-25 2009-11-18 华为技术有限公司 How to get the key

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012022185A1 (en) * 2010-08-18 2012-02-23 中兴通讯股份有限公司 Air interface key update method, core network node and user equipment
US9386448B2 (en) 2010-08-18 2016-07-05 Zte Corporation Method for updating air interface key, core network node and user equipment
CN106559913A (en) * 2015-09-25 2017-04-05 展讯通信(上海)有限公司 Data transfer control method when mobile terminal and its LTE and WLAN are converged
CN106559913B (en) * 2015-09-25 2019-11-05 展讯通信(上海)有限公司 Data transfer control method when mobile terminal and its LTE and WLAN are converged

Also Published As

Publication number Publication date
CN101325804B (en) 2011-04-20

Similar Documents

Publication Publication Date Title
CN101656668B (en) Method and apparatus for state transfer using core-based nodes
JP5392879B2 (en) Method and apparatus for authenticating a communication device
KR101167781B1 (en) System and method for authenticating a context transfer
US7561692B2 (en) Method of authenticating mobile terminal
KR101498917B1 (en) Method of relocating access service network functional entities during mobility events in wimax networks
US8483131B2 (en) Method for negotiating and transmitting length information of location update time
JP2008529368A (en) User authentication and authorization in communication systems
WO2007051423A1 (en) Communication method and system for terminal entering and leaving idle mode
US8521161B2 (en) System and method for communications device and network component operation
CN110830996B (en) Key updating method, network equipment and terminal
US7630712B2 (en) Method for reconnecting a mobile terminal in a wireless network
US20050287989A1 (en) Authentication method for supporting mobile internet protocol system
CN102668504B (en) There is the method and apparatus improving the speed of conversion and the encryption key distribution function of quality
WO2007045177A1 (en) Method, system and appatatus for realizing mobile protocol deregistering
EP2475199A1 (en) Handover method and device for an access service network
US20100085949A1 (en) Base station apparatus, authenticator apparatus and method for attaching a base station apparatus to an authenticator apparatus
CN101325804B (en) Method, device and system for acquiring cryptographic key
JP5055428B2 (en) Wireless communication system, gateway control apparatus, and base station
KR100419578B1 (en) Session control method in DIAMETER base transfer internet protocol net
US9485652B2 (en) Method and system for managing mobility of mobile station in a mobile communication system using mobile IP
CN101568063A (en) Method and system for achieving position service and connection service network (CSN)
JP2009031848A (en) Authentication transfer device
CN101203030B (en) An authentication device and method using a mobile terminal multi-mode protocol stack
CN114270881B (en) Network access method and device
WO2011095001A1 (en) Method for establishing data channels initiated initiatively by mobile station and asn system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20110420

CF01 Termination of patent right due to non-payment of annual fee