[go: up one dir, main page]

WO2007033548A1 - Procede et dispositif pour obtenir les informations d'association de securite pendant la procedure de transfert du terminal mobile - Google Patents

Procede et dispositif pour obtenir les informations d'association de securite pendant la procedure de transfert du terminal mobile Download PDF

Info

Publication number
WO2007033548A1
WO2007033548A1 PCT/CN2006/001513 CN2006001513W WO2007033548A1 WO 2007033548 A1 WO2007033548 A1 WO 2007033548A1 CN 2006001513 W CN2006001513 W CN 2006001513W WO 2007033548 A1 WO2007033548 A1 WO 2007033548A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile terminal
access network
security association
network gateway
base station
Prior art date
Application number
PCT/CN2006/001513
Other languages
English (en)
Chinese (zh)
Inventor
Changhong Shan
Zhibin Lin
Shujun Dang
Yongmao Li
Jun Zhang
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2007033548A1 publication Critical patent/WO2007033548A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
    • H04W36/0038Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a method and apparatus for obtaining security association information or a user plane communication encryption key during handover of a mobile terminal.
  • BACKGROUND OF THE INVENTION In a mobile communication system, the mobility of a mobile terminal is such that it often switches from one base station to another. When the mobile terminal switches to another base station, in order to reduce the delay of communication between the mobile terminal and the new base station, new The base station needs to obtain security parameter information, including security association information, required by some mobile terminals to perform communication services on the original serving base station.
  • the security association information that is, the security association context information, the content in the SA (Security Association) context, especially the TEK (Traffic Encryption Key), is used as the MSS.
  • MSS Mobile Subscriber Station, mobile terminal is also called mobile subscription station
  • BS Base Station, base station
  • the SA is actually all the content contained in the context of the SA, and has SAID (Security Association Identity), SA Type (Security Association Type), SA Service Type (Security Alliance Service Type), Cryptographic.
  • SAID Security Association Identity
  • SA Type Security Association Type
  • SA Service Type Security Alliance Service Type
  • Cryptographic The contents of the parameters of the Suite (crypto tuple) and TEK (communication encryption key) pairs, the encryption tuple includes a data encryption algorithm and mode, a data authentication algorithm and mode, and a communication encryption key encryption algorithm and mode.
  • the parameters of the TEK pair include: TEK, KEY-Lifetime (remaining life cycle of communication encryption key), Key- Sequence-Number (communication encryption key serial number), CBC-IV (communication encryption key in CBC) Initial vector in mode), PN (sent packet sequence number), RxPN (received packet number), Associated GKEK Sequence Number (multicast key encryption key sequence number under multicast).
  • a security association such as an encryption key of a base station can be obtained by an Authenticator or an Access Network Gateway (ASN-GW).
  • the authority or the access network gateway may be on a different physical network element than the BS.
  • the authenticator or the access network gateway and the BS are both in an ASN (Access Service Network), but may not be in the same On a physical network element.
  • the problem that needs to be faced is: After the MSS switches between different BSs, how to obtain the communication encryption key and encryption used for communication between the MSS and the target base station through the authenticator or the access network gateway. Security alliance information such as algorithms and patterns is a problem that needs to be solved. At present, there is no way to solve this problem. Summary of the invention
  • An object of the present invention is to provide a method and apparatus for obtaining security association information in a mobile terminal handover process, so that the SA context list (ie, security association information) on the original BS can be taken over in the communication system. .
  • the present invention provides a method for obtaining security association information in a mobile terminal handover process, including: in a process in which a mobile terminal performs handover in a communication system, the target base station acquires the same security association information of the mobile terminal as the original base station as the target base station and the mobile terminal. Security alliance information.
  • the security association information includes a security association, a negotiated encryption algorithm and mode, and/or a communication encryption key and parameter information.
  • the method includes:
  • the authenticator or the access network gateway directly delivers the security association information corresponding to the mobile terminal to the target base station;
  • the target base station requests the security association information of the mobile terminal from the authenticator or the access network gateway, and the authenticator or the access network gateway acquires the required security association information from the original base station, and then, according to the request, the security alliance.
  • the information is sent to the target base station.
  • the original base station reports the security association information of the mobile terminal to the authenticator or the access network gateway through the handover request/instruction information.
  • Methods include:
  • the authenticator or the access network gateway requests the original base station for the security association information of the mobile terminal, and the original base station reports the security association information of the mobile terminal to the authenticator or the access network gateway according to the request;
  • the authenticator or the gateway gateway directly delivers the security association information of the mobile terminal to the target base station; or
  • the Cs authenticator or the access network gateway requests the original base station for the security association information of the mobile terminal, and the original base station reports the security association information of the mobile terminal to the authenticator or the access network gateway according to the request;
  • the target base station requests the security association information of the mobile terminal from the authenticator or the access network gateway, and the authenticator or the access network gateway sends the security association information to the target base station according to the request.
  • the method includes:
  • the target authenticator or the access network gateway requests the original authentication device or the original service access network gateway directly or through the network entity in the target network to request the mobile terminal security alliance information from the original authenticator or the access network gateway.
  • the original authenticator or the original service access network gateway reports the mobile terminal security association information to the target authenticator or the access network gateway;
  • the target authenticator or the access network gateway directly delivers the security association information corresponding to the mobile terminal to the target base station;
  • the target authenticator or the access network gateway requests the original authentication device or the access network gateway directly or through the network entity in the target network to request the mobile terminal security association information from the original authenticator or the access network gateway.
  • the right device or the original service access network gateway reports the mobile terminal security association information to the target authenticator or the access network gateway;
  • the target base station requests the security association information of the mobile terminal from the target authenticator or the access network gateway, and the target authenticator or the access network gateway sends the security association information to the target base station according to the request.
  • the method includes -
  • the target authenticator or the access network gateway requests the mobile terminal security alliance from the original authenticator or the original service access network gateway directly or after the network entity in the target network identifies the original authenticator or the original service access network gateway. information;
  • the original authenticator or the original service access network gateway requests the original base station for the security association information of the mobile terminal; the original base station reports the security association information of the mobile terminal to the original authenticator or the original service access network gateway according to the request;
  • the original authenticator or the original service access network gateway reports the mobile terminal security association information to the target authenticator or the access network gateway;
  • the target authenticator or the access network gateway directly delivers the security association information corresponding to the mobile terminal to the target base station;
  • the target authenticator or the access network gateway requests the mobile terminal security alliance from the original authenticator or the original service access network gateway directly or after the network entity in the target network identifies the original authenticator or the original service access network gateway. information; N, the original authenticator or the original service access network gateway requests the original base station for the security association information of the mobile terminal; the original base station reports the security association information of the mobile terminal to the original authenticator or the original service access network gateway according to the request;
  • the original authenticator or the original service access network gateway reports the mobile terminal security association information to the target authenticator or the access network gateway;
  • the target base station requests the security association information of the mobile terminal from the target authenticator or the access network gateway, and the target authenticator or the access network gateway sends the security association information to the target base station according to the request.
  • the method of the present invention further includes:
  • the target base station obtains the security association information from the handover preparation/confirmation message, or initiates a request for acquiring the security association information of the mobile terminal, triggered by the transmitted parameter and the power adjustment request message sent by the terminal.
  • the mobile communication system includes a microwave access global interworking Wimax system
  • the security association information in the system includes: a security association identifier, a security association type, a security association service type, an encryption tuple, and/or a communication encryption.
  • Key pair information, the encryption tuple includes a data encryption algorithm and a mode, a data authentication algorithm and a mode and/or a communication encryption key encryption algorithm and a mode
  • the communication encryption key pair information includes a communication encryption key, Remaining lifetime of the communication encryption key, communication encryption key serial number, communication encryption key, initial vector of the communication encryption key in CBC mode, packet sequence number, received packet number, and/or under multicast Multicast key encryption key serial number.
  • the present invention also provides an apparatus for obtaining security association information in a handover process of a mobile terminal that implements the foregoing method, including:
  • a security association list sending module configured to provide a security association list to the target base station
  • the security association information obtaining module acquiring the security association information of the mobile terminal of the original base station;
  • the security association information transmission module transmits the security association information of the mobile terminal acquired by the security association information obtaining module to the target base station.
  • the security association list sending module is configured on the original serving base station, and the security association information obtaining module is disposed on the target base station, and/or the authenticator or the access network gateway, and the security alliance information transmission module It is located on the authenticator or access network gateway. .
  • the authenticator or the access network gateway includes a primary authenticator or an original serving access network gateway to which the original base station of the mobile terminal belongs and/or a target authenticator or an access network gateway to which the target base station belongs.
  • the present invention provides a method for obtaining security association information during handover of a mobile terminal, so that after the mobile terminal switches the base station, the target base station can still use the same security as the original base station.
  • Alliance list That is, during the handover process of the mobile terminal, the target base station acquires the mobile terminal and the primordial base. The same security association list is used as a security association between the target base station and the mobile terminal, and a corresponding implementation process is provided. Therefore, the present invention provides a feasible implementation solution for the acquisition of the security association in the handover process of the mobile terminal.
  • Figure 2 is a flow chart 1 of the method of the present invention.
  • Figure 3 is a flow chart 2 of the method of the present invention.
  • Figure 4 is a flow chart 3 of the method of the present invention.
  • Figure 5 is a flow chart 4 of the method of the present invention.
  • FIG. 6 is a schematic view showing the structure of the apparatus of the present invention.
  • Mode for Carrying Out the Invention At the core of the present invention is a method for obtaining a security association in a mobile terminal handover process, so that after the mobile terminal switches the base station, the target base station still uses the same security association as the original base station. That is, during the handover of the mobile terminal, the target base station acquires the same security association as the original base station of the mobile terminal as a security association between the target base station and the mobile terminal.
  • the security associations described herein include the security association information and/or communication encryption keys mentioned above.
  • the process of the mobile terminal switching the base station in the communication system generally includes the following two main situations: 1.
  • the mobile terminal switches between the same authenticator or the BS within the range to which the access network belongs in the communication system; 2.
  • the authenticator or the access network gateway obtains the security association of the mobile terminal on the original base station, there are two main implementation forms: 1.
  • the original base station actively reports the security association of the mobile terminal to the authenticator or the access network.
  • the gateway sends the security association of the mobile terminal to the authenticator or the access gateway after receiving the request message from the authenticator or the access network gateway.
  • the access network gateway includes but is not limited to the original service access network gateway, the target access network gateway, the access network gateway where the authenticator is located, and/or the access network gateway where the foreign agent is located. , and many more. According to the above situation, there are four combinations, and the following is a detailed description of the four specific embodiments in conjunction with the switching request and the conventional processing after the switching.
  • Embodiment 1 As shown in FIG. 2, when the mobile terminal performs the handover between the same authenticator or the BS in the range to which the access network belongs in the communication system, the original base station has actively reported the security association to the corresponding authentication.
  • the method of the present invention includes the following steps when accessing the network gateway:
  • Step 21 The mobile terminal sends a handover request/instruction message to the original base station.
  • Step 22 The original base station sends a handover request/indication message to the authenticator or the access network gateway, where the message includes a mobile terminal identity (MSS), a target base station identifier (T-BSID), and all related to the mobile terminal.
  • MSS mobile terminal identity
  • T-BSID target base station identifier
  • Step 23 Perform an exchange preparation message exchange between the authenticator or the access network gateway and the target base station, so as to prepare for some handover.
  • Step 24 After the handover preparation is completed, the authenticator or the access network gateway needs to reply a response message to the serving base station (ie, the original base station).
  • Step 25 After the handover preparation is completed, the target base station needs to send a message requesting the mobile terminal security association to the authenticator or the access network gateway, where the message needs to include the identifier of the mobile terminal (ie, MSSID).
  • the security base station information of the mobile terminal may be sent after the target base station requests the authenticator or the access network gateway, or may be connected to the authenticator without the target base station.
  • the access gateway requests the security association information of the mobile terminal directly.
  • Step 26 The authenticator or the access network gateway sends the security association information to the target base station according to the request, and the message includes a mobile terminal identifier (MSS) and a corresponding security association list.
  • MSS mobile terminal identifier
  • Step 27 After receiving the SA list sent from the authenticator or the access network gateway, the target base station first allocates a new SA identity (SAID) to the SA in the SA list to replace the old SAID. .
  • SAID SA identity
  • the target base station will update all updated SAIDs associated with an MSS to the MSS so that the SAID on the MSS side is consistent with that on the target base station.
  • Step 29 The session continues and the subsequent session process continues.
  • step 25 is performed after performing step 24, after the target base station receives the Ranging Request (request for adjusting parameters and power information of the uplink and downlink) sent by the mobile terminal.
  • step 25 is performed after the target base station receives the Ranging Request (request for adjusting parameters and power information of the uplink and downlink) sent by the mobile terminal.
  • the Ranging response message will be sent by the target base station to the mobile terminal instead.
  • the method includes:
  • Step 31 The mobile terminal sends a handover request/instruction message to the original base station.
  • Step 32 The original base station sends a handover request/indication message to the authenticator or the access network gateway, where the message includes a mobile terminal identity (MSS) and a target base station identifier (T-BSID).
  • MSS mobile terminal identity
  • T-BSID target base station identifier
  • Step 33 Prepare for some handover between the authenticator or the access network gateway and the target base station.
  • Step 34 The authenticator or the access network gateway replies to the serving base station with a response message.
  • Step 35 The target base station sends a message requesting the mobile terminal security association to the authenticator or the access network gateway; the message includes the identifier (MSS) of the mobile terminal.
  • MSS identifier
  • the target base station may request the original base station to request the security alliance of the mobile terminal from the original base station after the target base station requests to the authenticator or the access network gateway; or may not go to the authenticator or the access without the target base station.
  • the network gateway requests the security association of the mobile terminal directly to the original base station.
  • Step 36 The authenticator or the access network gateway sends an SA message to the original base station, where the identifier of the mobile terminal is specified in the message, so as to obtain the corresponding SA information.
  • Step 37 The original base station reports the SA message of the mobile terminal to the authenticator or the access network gateway according to the request, and the identifier of the mobile terminal also needs to be specified in the message.
  • Step 38 The authenticator or the access network gateway sends the SA message to the target base station according to the request, where the message includes a mobile terminal identifier (MSS) and a corresponding security association list, where the mobile terminal is recorded in the list.
  • MSS mobile terminal identifier
  • Security Alliance information
  • Step 39 After receiving the SA list sent from the authenticator or the access network gateway, the target base station first allocates a new SA identity (SAID) to the SA in the SA list to replace the old SAID. .
  • SAID SA identity
  • Step 310 Start the Ranging process.
  • the target base station will update all updated SAIDs associated with an MSS to the MSS, so that the SAID on the MSS side is consistent with that on the target base station.
  • Step 311 Continue the subsequent session process.
  • step 34 after performing the step 34, after the target base station receives the Ranging Request message sent by the mobile terminal, step 35 is performed, and at this step, in the subsequent step 38, the target is changed to The base station sends a Ranging response message to the mobile terminal.
  • step 35 is performed, and at this step, in the subsequent step 38, the target is changed to The base station sends a Ranging response message to the mobile terminal.
  • Step 41 The mobile terminal sends a handover request/indication message to the original base station.
  • Step 42 The original base station sends a handover request/indication message to the authenticator or the access network gateway, where the message includes a mobile terminal identity (MSS), a target base station identifier (T-BSID), and all related to the mobile terminal.
  • MSS mobile terminal identity
  • T-BSID target base station identifier
  • Step 43 Prepare for some handover between the original authenticator or the original serving access network gateway and the target base station.
  • Step 44 The original authenticator or the original serving access network gateway replies to the serving base station with a response message.
  • Step 45 The target base station sends a message requesting the mobile terminal security association to the target authenticator or the access network gateway; the message includes the identifier of the mobile terminal (MSS);
  • the request message may need to pass through a network entity in the target network, such as a network management device, to find a corresponding original device according to the record information provided by the network device.
  • a network entity in the target network such as a network management device
  • this step may also be requested by the target base station to the target authenticator or the access network gateway, and then the target authenticator or the access network gateway requests the original authenticator or the original serving access network gateway to deliver the mobile terminal.
  • the target authenticator or the access network gateway may request the original authenticator or the original serving access network gateway to deliver the mobile terminal without requesting the target authenticator or the access network gateway.
  • Security Alliance when the second implementation is selected, this step can be omitted.
  • Step 46 The target authenticator or the access network gateway sends the SA request message to the original authenticator or the original service access network gateway according to the request, and the message includes the mobile terminal's indication (MSS) and corresponding The list of security associations to request the corresponding security association information from the original authenticator or the original service access network gateway.
  • MSS mobile terminal's indication
  • Step 47 After receiving the request message, the original authenticator or the original service access network gateway reports the mobile terminal security association message to the target authenticator or the access network gateway, where the message includes the mobile terminal.
  • the identification (MSS) and the corresponding security association list, the security association information of the mobile terminal is recorded in the list.
  • Step 48 The target authenticator or the access network gateway sends the mobile terminal security association message to the target base station, where the message includes the identity of the mobile terminal (MSS) and the corresponding security association list.
  • MSS mobile terminal
  • Step 49 After receiving the SA list sent from the target authenticator or the access network gateway, the target base station first allocates a new SA identity (SAID) to the SA in the SA list to replace the old SA. SAID.
  • SAID SA identity
  • Step 410 after, start the Ranging process, in which the target base station will put all the MSS with The associated updated SAID is updated to the MSS such that the SAID on the MSS side is consistent with that on the target base station.
  • Step 411 the session continues.
  • step 44 after performing step 44, after the target base station receives the Ranging Request message sent by the mobile terminal, step 45 is performed, and at this step, in the subsequent step 48, the target is changed to The base station sends a Ranging response message to the mobile terminal.
  • step 45 is performed, and at this step, in the subsequent step 48, the target is changed to The base station sends a Ranging response message to the mobile terminal.
  • the security association of the mobile terminal is passively reported to the authenticator or the access network gateway, and the method includes:
  • Step 51 The mobile terminal sends a handover request/instruction message to the original base station.
  • Step 52 The original base station sends a handover request/indication message to the authenticator or the access network gateway, where the message includes a mobile terminal identity (MSS), a target base station identifier (T-BSID), and all related to the mobile terminal.
  • MSS mobile terminal identity
  • T-BSID target base station identifier
  • Step 53 Prepare for some handover between the authenticator or the access network gateway and the target base station.
  • Step 54 The authenticator or the access network gateway replies to the serving base station with a response message.
  • Step 55 The target base station sends a message requesting the mobile terminal security association to the target authenticator or the access network gateway; the message includes the identifier of the mobile terminal (MSS);
  • the request message may need to pass through a network entity in the target network, such as a network management device, to find a corresponding original device according to the record information provided by the network device.
  • a network entity in the target network such as a network management device
  • the step 55 is an optional step, and may be requested by the target base station to the target authenticator or the access network gateway, and then requested by the target authenticator or the access network gateway to the original authenticator or the original service access network gateway.
  • the security association of the mobile terminal may be requested to be sent to the target authenticator or the access network gateway without requesting the target base station, and the target authenticator or the access network gateway requests the original authenticator or the original serving access network gateway to send the request.
  • the security association of the mobile terminal, when the second implementation is selected, the step can be omitted.
  • Step 56 The target authenticator or the access network gateway sends the SA request message to the original authenticator or the original service access network gateway according to the request, and the message includes the identifier (MSS) of the mobile terminal and the corresponding Security Alliance list.
  • MSS identifier
  • Step 57 The original authenticator or the original serving access network gateway sends an SA request message to the original base station, where the identifier of the mobile terminal is indicated in the message.
  • Step 58 The original base station reports the SA message of the mobile terminal to the original authenticator or the original service access network gateway according to the request; the identifier of the mobile terminal is indicated in the message.
  • Step 59 The original authenticator or the original service access network gateway reports the mobile terminal security association message to the target authenticator or the access network gateway; the message includes the mobile terminal identifier (MSS) and the corresponding security association list.
  • MSS mobile terminal identifier
  • Step 510 The target authenticator or the access network gateway sends the mobile terminal security association message to the target base station, where the message includes the identity of the mobile terminal (MSS) and the corresponding security association list.
  • MSS mobile terminal
  • Step 511 After receiving the security association list sent from the authenticator or the access network gateway, the target base station first allocates a new security association identifier (SAID) to the SA in the security association list to replace the old one. SAID.
  • SAID security association identifier
  • the Ranging process is started.
  • the target base station will update all the updated SAIDs associated with an MSS to the MSS, so that the SAID on the MSS side is consistent with that on the target base station.
  • Step 513 the session continues.
  • step 54 after performing the step 54, after the target base station receives the Ranging Request message sent by the mobile terminal, step 55 is performed, and in the subsequent step 58, the target is changed to The base station sends a Ranging response message to the mobile terminal.
  • the present invention also provides a device for obtaining a security association in a handover process of a mobile terminal that implements the foregoing method, as shown in FIG. 6, including a security association acquisition module and a security association transmission module, where:
  • Security association acquisition module obtaining a security association of the mobile terminal from the original base station
  • the security association information obtaining module receives the security association information of the mobile terminal sent by the security association information sending module of the original serving base station of the mobile terminal, and the security alliance information sending module is configured to be used in the original service of the mobile terminal.
  • the base station is responsible for providing the security association information to the target base station, that is, the corresponding security association list of the mobile terminal.
  • the security association transmission module transmitting the security association of the mobile terminal acquired by the security association acquisition module to the target base station;
  • the security association information transmission module sends the corresponding security association information to the security association information receiving module set in the target base station, and the security association information receiving module receives the security association information of the mobile terminal in the target base station.
  • the security association obtaining module is configured on a original authenticator or an original serving access network gateway of the mobile terminal in the communication system, or a target authenticator or an access network gateway; the security alliance transmission module The original authenticator or the original serving access network gateway and/or the target authenticator or the access network gateway to which the original base station belongs to the mobile terminal set in the communication system.
  • the device according to the present invention may be specifically configured in an authenticator or an access network gateway, where the access network gateway includes: a primary service access network gateway, a target access network gateway, and an authentication Access network gateway where the device is located and ' And the access network gateway where the foreign agent is located; the authenticator includes: the original authenticator to which the original base station of the mobile terminal belongs and/or the target authenticator to which the target base station belongs.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne un procédé et un dispositif pour le terminal mobile qui obtient des informations d'association de sécurité (SA) pendant la procédure de transfert; ils permettent à la station de base cible d'utiliser la même liste SA d'enregistrement des informations SA que celle utilisée par la station de base initiale après que le terminal mobile a transféré la station de base. Ainsi, pendant la procédure de transfert du terminal mobile, la station de base cible obtient une liste SA entre le terminal mobile et la station de base initiale identique à celle utilisée entre le terminal mobile et la station de base cible. L'implémentation de l'invention permet d'utiliser la liste SA utilisée par la station de base initiale dans la station de base cible après que le terminal mobile a transféré la station de base. Pendant la procédure de transfert du terminal mobile, la station de base cible obtient la liste SA utilisée entre le terminal mobile et la station de base initiale pour l'employer entre le terminal mobile et la station de base cible. Il est ainsi possible de réaliser une implémentation faisable et obtenir la liste SA pendant la procédure de transfert du terminal mobile.
PCT/CN2006/001513 2005-09-19 2006-06-30 Procede et dispositif pour obtenir les informations d'association de securite pendant la procedure de transfert du terminal mobile WO2007033548A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200510103479 2005-09-19
CN200510103479.2 2005-09-19

Publications (1)

Publication Number Publication Date
WO2007033548A1 true WO2007033548A1 (fr) 2007-03-29

Family

ID=37888535

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2006/001513 WO2007033548A1 (fr) 2005-09-19 2006-06-30 Procede et dispositif pour obtenir les informations d'association de securite pendant la procedure de transfert du terminal mobile

Country Status (1)

Country Link
WO (1) WO2007033548A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102196511A (zh) * 2010-03-15 2011-09-21 中国移动通信集团公司 小区参数优化的方法、系统及设备

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1321049A (zh) * 2000-02-09 2001-11-07 朗迅科技公司 无线通信中越区切换的强化安全性
CN1337134A (zh) * 1999-01-08 2002-02-20 艾利森电话股份有限公司 重新使用安全关联以改善切换性能
CN1630404A (zh) * 2003-12-18 2005-06-22 中国电子科技集团公司第三十研究所 数字蜂窝移动通信系统用户切换时密钥的管理分配传递方法
CN1630405A (zh) * 2003-12-18 2005-06-22 中国电子科技集团公司第三十研究所 数字蜂窝移动通信系统用户切换时的双向鉴别方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1337134A (zh) * 1999-01-08 2002-02-20 艾利森电话股份有限公司 重新使用安全关联以改善切换性能
CN1321049A (zh) * 2000-02-09 2001-11-07 朗迅科技公司 无线通信中越区切换的强化安全性
CN1630404A (zh) * 2003-12-18 2005-06-22 中国电子科技集团公司第三十研究所 数字蜂窝移动通信系统用户切换时密钥的管理分配传递方法
CN1630405A (zh) * 2003-12-18 2005-06-22 中国电子科技集团公司第三十研究所 数字蜂窝移动通信系统用户切换时的双向鉴别方法

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102196511A (zh) * 2010-03-15 2011-09-21 中国移动通信集团公司 小区参数优化的方法、系统及设备

Similar Documents

Publication Publication Date Title
US7236477B2 (en) Method for performing authenticated handover in a wireless local area network
US8127136B2 (en) Method for security association negotiation with extensible authentication protocol in wireless portable internet system
US7984298B2 (en) Method, system and authentication centre for authenticating in end-to-end communications based on a mobile network
US8549293B2 (en) Method of establishing fast security association for handover between heterogeneous radio access networks
TWI393414B (zh) 安全交談金鑰上下文
EP1713289B1 (fr) Pprocédé d'etablissement d'une association de securité entre l'abonne itinerant et le serveur du réseau visité
WO2019019736A1 (fr) Procédé de mise en œuvre de sécurité, et appareil et système associés
WO2009043278A1 (fr) Procédé, système et dispositif pour négocier la capacité de sécurité pendant qu'un terminal se déplace
KR20090004896A (ko) 액세스 시스템 간의 핸드오버 시의 인증 절차를 최적화하기위한 시스템 및 방법
WO2020248624A1 (fr) Procédé de communication, dispositif de réseau, équipement utilisateur et dispositif de réseau d'accès
US20120163597A1 (en) Method for implementing local routing of traffic, base station and system
WO2007121669A1 (fr) Procédé, dispositif et système pour établir une connexion hertzienne
WO2006115741A2 (fr) Procede et appareil permettant de generer des cles de session
WO2011120249A1 (fr) Procédé de négociation de clé de multidiffusion adapté pour un système d'appel de groupe et système associé
WO2007022727A1 (fr) Procede et systeme pour communiquer des informations contextuelles de cle d'autorisation
WO2011015060A1 (fr) Procédé d'authentification de protocole d'authentification extensible, station de base et serveur d'authentification associés
WO2009152656A1 (fr) Procédé et système de génération d’identifiant d’identité de clé lors du transfert du dispositif utilisateur
WO2009012052A1 (fr) Négociation de ressources de transition rapide
WO2016023198A1 (fr) Procédé de commutation et système de commutation entre des réseaux hétérogènes
CN115396887A (zh) 一种高速移动终端快速安全切换认证方法、装置及系统
WO2010069202A1 (fr) Procédé de négociation d'authentification et système associé, passerelle de sécurité, noeud local b
JP5540111B2 (ja) 交換デバイス間の安全な接続の構築方法及びシステム
JP5043928B2 (ja) 暗号化および整合性のために使用されるキーを処理する方法および装置
WO2022027476A1 (fr) Procédé de gestion de clés et appareil de communication
CN1937840B (zh) 一种移动终端切换过程中获得安全联盟信息的方法及装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06753075

Country of ref document: EP

Kind code of ref document: A1