[go: up one dir, main page]

WO2011098048A1 - Procédé d'accès à un réseau par un nœud radio, système et nœud de relais - Google Patents

Procédé d'accès à un réseau par un nœud radio, système et nœud de relais Download PDF

Info

Publication number
WO2011098048A1
WO2011098048A1 PCT/CN2011/070948 CN2011070948W WO2011098048A1 WO 2011098048 A1 WO2011098048 A1 WO 2011098048A1 CN 2011070948 W CN2011070948 W CN 2011070948W WO 2011098048 A1 WO2011098048 A1 WO 2011098048A1
Authority
WO
WIPO (PCT)
Prior art keywords
relay node
certificate
base station
donor base
mobility management
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2011/070948
Other languages
English (en)
Chinese (zh)
Inventor
陈璟
张爱琴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of WO2011098048A1 publication Critical patent/WO2011098048A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a wireless node access method, system, and relay node. Background of the invention
  • a relay node (Relay Node, RN for short) is introduced in the Long Term Evolution - Advanced (LTE-A).
  • LTE-A Long Term Evolution - Advanced
  • the RN is used to improve the throughput of the communication cell edge and facilitate the temporary network of operators or users.
  • the RN can be deployed in hotspots or blind spots in rural areas, cities, indoors, and the like.
  • the RN when the RN accesses the network, the RN is similar to an additional User Equipment (UE). Therefore, when the RN enters the network, the certificate-based authentication method cannot be implemented.
  • RAN Radio Access Network
  • UE User Equipment
  • the purpose of the embodiments of the present invention is to provide a wireless node access method, system, and relay node, so as to implement a certificate-based authentication method when the RN enters the network.
  • the embodiment of the invention provides a wireless node network access method, including:
  • the embodiment of the invention further provides a relay node, including:
  • a sending module configured to send, in the process of establishing a radio resource control connection between the relay node and the donor base station integrated with the home subscriber server, the certificate of the relay node and the relay node of the relay node a Philippine-Hellman parameter, such that the donor base station authenticates the relay node according to a certificate of the relay node;
  • Receiving an authentication module configured to receive a certificate of the donor base station sent by the donor base station and a Diffie-Hellman parameter of the donor base station, and perform authentication on the donor base station according to the certificate of the donor base station;
  • a calculation module configured to: according to the Diffie-Hellman parameter of the relay node and the Diffie-Hier of the donor base station received by the receiving module, if the relay node and the donor base station are successfully authenticated The base parameter calculation base key K;
  • a bearer establishing module configured to perform authentication and key negotiation with the mobility management entity based on the basic key K calculated by the computing module, and configured to perform non-access stratum security mode control with the mobility management entity, and The access layer security mode control between the donor base stations establishes a wireless bearer with the donor base station.
  • the embodiment of the invention further provides a wireless node network access system, comprising: a mobility management entity, a donor base station integrated with a home subscriber server, and a relay node as described above,
  • the donor base station integrated with the home subscriber server is configured to receive the sending by the relay node a certificate of the relay node and a Diffie-Hellman parameter of the relay node, and transmitting a certificate of the donor base station and a Diffie-Hellman parameter of the donor base station to the relay node; Calculating the base key K according to a Diffie-Hellman parameter of the relay node and a Diffie-Hellman parameter of the donor base station; an access layer key calculated according to the base key K, Performing access layer security mode control with the relay node;
  • the mobility management entity is configured to obtain an authentication vector calculated by the donor base station integrated with the home subscriber server based on the basic key K, and perform authentication and key negotiation with the relay node according to the authentication vector; And used for non-access stratum security mode control with the relay node according to the non-access stratum key calculated by the basic key K.
  • the embodiment of the invention further provides a wireless node network access method, including:
  • the embodiment of the invention further provides a relay node, including:
  • a sending module configured to send, by the donor base station, a certificate of the relay node to the home subscriber server and the foregoing, in a process of establishing a radio resource control connection between the relay node and the donor base station a Diffie-Hellman parameter of the relay node, so that the home subscriber server authenticates the relay node according to the certificate of the relay node;
  • Receiving an authentication module configured to receive, by the donor base station, a certificate of the home subscriber server sent by the home subscriber server and a Diffie-Hellman parameter of the home subscriber server, and according to the certificate of the home subscriber server Authenticating the home subscriber server;
  • a calculation module configured to: according to the Diffie-Hellman parameter of the relay node and the Diffy of the home subscriber server received by the receiving module, if the relay node and the home subscriber server are successfully authenticated - Herman parameter calculation base key K;
  • a bearer establishing module configured to perform authentication and key negotiation with the mobility management entity based on the basic key K calculated by the computing module, and configured to perform non-access stratum security mode control with the mobility management entity, and
  • the donor base station performs access layer security mode control to establish a radio bearer with the donor base station.
  • the embodiment of the invention further provides a wireless node network access system, comprising: a mobility management entity, a home subscriber server, a donor base station, and a relay node as described above,
  • the home subscriber server is configured to receive a certificate of the relay node sent by the relay node and a Diffie-Hellman parameter of the relay node, and send the certificate of the home subscriber server and the Calculating the basis of the Diffie-Hellman parameter of the home server to the relay node; calculating the basis according to the Diffie-Hellman parameter of the relay node and the Diffie-Hellman parameter of the home subscriber server Key K;
  • the mobility management entity is configured to acquire an authentication vector calculated by the home subscriber server based on the basic key K, perform authentication and key negotiation with the relay node according to the authentication vector, and use the a non-access stratum key calculated by the base key K, and performing non-access stratum security mode control with the relay node;
  • the donor base station is configured to acquire an access layer key calculated by the home subscriber server based on the basic key K, and perform access layer security mode control with the relay node according to the access layer key.
  • the embodiment of the invention further provides a wireless node network access method, including:
  • the embodiment of the invention further provides a relay node, including:
  • connection establishing module configured to complete establishment of a radio resource control connection between the relay node and the donor base station
  • a sending module configured to send an attach request message carrying a certificate of the relay node and a Diffie-Hellman parameter of the relay node to a mobility management entity integrated with a home subscriber server, to enable the mobility management Entity authenticating the relay node according to the certificate of the relay node;
  • Receiving an authentication module configured to receive, by the mobility management entity, a non-access stratum message carrying a certificate of a mobility management entity and a Diffie-Hellman parameter of the mobility management entity, and according to the mobility management entity
  • the certificate authenticates the mobile management entity
  • a calculation module configured to: according to the Diffie-Hellman parameter of the relay node and the Diffy of the mobile management entity received by the receiving module, if the relay node and the mobility management entity are successfully authenticated - Herman parameters calculate the shared key;
  • a bearer establishing module configured to calculate the shared key based on the computing module, and
  • the mobility management entity performs non-access stratum security mode control, and performs access layer security mode control with the donor base station to establish a radio bearer with the donor base station.
  • the embodiment of the invention further provides a wireless node network access system, comprising: a mobility management entity integrated with a home subscriber server, a donor base station, and a relay node as described above,
  • the mobility management entity integrated with the home subscriber server is configured to receive a certificate of the relay node sent by the relay node and a Diffie-Hellman parameter of the relay node, and send the mobility management entity a certificate and a Diffie-Hellman parameter of the mobility management entity to the relay node; a Diffie-Hellman parameter of the relay node and a Diffie-Hellman parameter of the mobility management entity Calculating the shared key; performing the non-access stratum security mode control with the relay node according to the non-access stratum key calculated by the shared key;
  • the donor base station is configured to acquire an access layer key calculated by the mobility management entity integrated with the home subscriber server based on the shared key, and connect to the relay node according to the access layer key Intrusion security mode control.
  • the embodiment of the invention further provides a wireless node network access method, including:
  • the authentication key AK is used as a temporary key KeNB shared by the relay node and the donor base station, and based on the temporary key KeNB, performs access layer security mode control with the donor base station.
  • the embodiment of the invention further provides a relay node, including: a sending module, configured to send, by the donor base station, a certificate of the relay node and the relay node in a process of establishing a radio resource control connection and/or establishing a radio bearer between the relay node and the donor base station a Diffie-Hellman parameter, such that the donor base station authenticates the relay node according to the certificate of the relay node;
  • a sending module configured to send, by the donor base station, a certificate of the relay node and the relay node in a process of establishing a radio resource control connection and/or establishing a radio bearer between the relay node and the donor base station a Diffie-Hellman parameter, such that the donor base station authenticates the relay node according to the certificate of the relay node;
  • Receiving an authentication module configured to receive a certificate of the donor base station sent by the donor base station and a Diffie-Hellman parameter of the donor base station, and perform authentication on the donor base station according to the certificate of the donor base station;
  • a calculation module configured to: according to the Diffie-Hellman parameter of the relay node and the Diffie-Hier of the donor base station received by the receiving module, if the relay node and the donor base station are successfully authenticated
  • the Manchester parameter calculation authentication key AK
  • a bearer establishing module configured to use the authentication key AK calculated by the calculating module as a temporary key KeNB shared by the relay node and the donor base station, and based on the temporary key KeNB, The donor base station performs access layer security mode control.
  • the embodiment of the invention further provides a wireless node network access system, comprising: a donor base station and a relay node as described above,
  • the donor base station is configured to receive a certificate of the relay node sent by the relay node and a Diffie-Hellman parameter of the relay node, and send the certificate of the donor base station and the donor base station a Diffie-Hellman parameter to the relay node; calculating the authentication key AK according to the Diffie-Hellman parameter of the relay node and the Diffie-Hellman parameter of the donor base station;
  • the authentication key AK is used as the temporary key KeNB shared by the relay node and the donor base station, and performs access layer security mode control with the relay node according to the temporary key KeNB.
  • the embodiment of the invention further provides a wireless node network access method, including:
  • the key exchange security association initial negotiation response message to exchange the Diffie-Hellman parameter of the relay node and the Diffie-Hellman parameter of the donor base station,
  • the Diffie-Hellman parameter is used to negotiate a security protection alliance between the relay node and the donor base station;
  • the embodiment of the invention further provides a relay node, including:
  • a parameter exchange module configured to send an Internet Key Exchange Security Association Initial Negotiation Request message to the donor base station after completing the process of establishing a radio resource control connection and establishing a radio bearer between the relay node and the donor base station, and receiving the Determining an Internet Key Exchange Security Association Initial Negotiation Response message replied by the donor base station to exchange a Diffie-Hellman parameter of the relay node and a Diffie-Hellman parameter of the donor base station, the Diffie- The Herman parameter is used to negotiate a security protection alliance between the relay node and the donor base station;
  • a first sending module configured to send an Internet Key Exchange Authentication Request message to the donor base station, where the Internet Key Exchange Authentication Request message carries information requesting a certificate of the donor base station; and receiving an authentication module, configured to receive Determining, by the donor base station, an Internet Key Exchange Authentication Response message carrying the certificate of the donor base station, and authenticating the donor base station according to the certificate of the donor base station, where the Internet Key Exchange Authentication Response message further carries a request Information of the certificate of the relay node;
  • An embodiment of the present invention further provides a wireless node network access system, including: a donor base station and a relay node as described above,
  • the donor base station is configured to receive the Internet Key Exchange Security Association Initial Negotiation Request message sent by the relay node, and return the Internet Key Exchange Security Association Initial Negotiation Response message to the relay node, to Exchanging a Diffie-Hellman parameter of the relay node and a Diffie-Hellman parameter of the donor base station, the Diffie-Hellman parameter being used to negotiate the relay node and the donor base station a security protection alliance between the two; receiving the Internet Key Exchange Authentication Request message sent by the relay node, where the Internet Key Exchange Authentication Request message carries information requesting a certificate of the donor base station; The relay node returns the Internet Key Exchange Authentication Response message carrying the certificate of the donor base station, where the Internet Key Exchange Authentication Response message further carries information requesting the certificate of the relay node; receiving the relay The Internet key exchange authentication response message sent by the node carrying the certificate of the relay node, and according to the certificate of the relay node Said relay node authentication.
  • the wireless node network access method, system, and relay node carry a relay by carrying a certificate in a message exchanged between the relay node and the donor base station or the home subscriber server or the mobility management entity.
  • the key is used to establish a radio bearer between the relay node and the donor base station, thereby implementing a certificate-based authentication method for the relay node to access the network, and making the network-side relay node more secure.
  • FIG. 1 is a schematic flowchart diagram of a first embodiment of a wireless node network access method according to the present invention
  • FIG. 2 is a signaling flowchart of a second embodiment of a wireless node network access method according to the present invention.
  • FIG. 3 is a signaling flowchart of a third embodiment of a wireless node network access method according to the present invention.
  • FIG. 4 is a schematic structural diagram of a first embodiment of a relay node according to the present invention
  • 5 is a schematic structural diagram of a first embodiment of a wireless node network access system according to the present invention
  • FIG. 6 is a schematic flowchart of a fourth embodiment of a wireless node network access method according to the present invention
  • FIG. 7 is a signaling flowchart of a fifth embodiment of a wireless node network access method according to the present invention.
  • FIG. 8 is a schematic structural diagram of a second embodiment of a relay node according to the present invention.
  • FIG. 9 is a schematic structural diagram of a second embodiment of a wireless node network access system according to the present invention.
  • FIG. 10 is a schematic flowchart diagram of a sixth embodiment of a wireless node network access method according to the present invention.
  • FIG. 11 is a signaling flowchart of a seventh embodiment of a wireless node network access method according to the present invention.
  • FIG. 12 is a schematic structural diagram of a third embodiment of a relay node according to the present invention.
  • FIG. 13 is a schematic structural diagram of a third embodiment of a wireless node network access system according to the present invention.
  • FIG. 14 is a schematic flowchart of an eighth embodiment of a wireless node network access method according to the present invention.
  • FIG. 15 is a signaling flowchart of a ninth embodiment of a wireless node network access method according to the present invention.
  • 16 is a signaling flowchart of a tenth embodiment of a wireless node network access method according to the present invention.
  • 17 is a signaling flowchart of an eleventh embodiment of a wireless node network access method according to the present invention.
  • FIG. 18 is a schematic structural diagram of a fourth embodiment of a relay node according to the present invention.
  • FIG. 19 is a schematic structural diagram of a fourth embodiment of a wireless node network access system according to the present invention.
  • FIG. 20 is a schematic flowchart diagram of a twelfth embodiment of a wireless node network access method according to the present invention.
  • 21 is a schematic structural diagram of a fifth embodiment of a relay node according to the present invention.
  • FIG. 22 is a schematic structural diagram of a fifth embodiment of a wireless node network access system according to the present invention. Mode for carrying out the invention
  • FIG. 1 is a schematic flowchart diagram of a first embodiment of a wireless node network access method according to the present invention. As shown in Figure 1, the following steps are included: Step 101: A radio resource between a relay node (RN) and a donor base station (Doner Node B, DeNB for short) integrated with a Home Subscriber Server (HSS) In the process of establishing a Radio Resource Control (RRC) connection, the RN's certificate and the RN's Diffie Hell-man (DH) parameter are sent to the DeNB, so that the DeNB performs the RN according to the RN's certificate. Certification.
  • RRC Radio Resource Control
  • DH Diffie Hell-man
  • Step 102 The RN receives the DeNB certificate sent by the DeNB and the DH parameter of the DeNB, and performs authentication on the DeNB according to the certificate of the DeNB.
  • the RN and the DeNB respectively send their own certificates to the peer to implement certificate-based authentication between the RN and the DeNB.
  • Step 103 If the RN and the DeNB are successfully authenticated, calculate the basic key K according to the DH parameter of the RN and the DH parameter of the DeNB.
  • the basic key ⁇ is similar to the basic key carried in the Universal Subscriber Identity Module (USIM) of the UE when the UE enters the traditional LTE.
  • K KDF(K DH );
  • the DeNB also calculates the base key K according to the DH parameter of the RN and the DH parameter of the DeNB, that is, the same algorithm is used to generate the base on the DeNB side. Key K.
  • Step 104 Perform authentication and key agreement (AKA) with the Mobile Management Entity (MME) based on the basic key, and perform non-access stratum with the MME (Non-Access Stratum)
  • the NAS is referred to as the Security Mode Control (SMC), and performs an Access Stratum (AS) SMC with the DeNB to establish a radio bearer between the RN and the DeNB.
  • AKA authentication and key agreement
  • MME Mobile Management Entity
  • AS Access Stratum
  • the AKA process between the RN and the MME is performed, according to the basic key.
  • K calculates the obtained non-access stratum key, performs the NAS SMC process, and calculates the obtained access stratum key based on the basic key K, and performs AS SMC between the RN and the DeNB.
  • the process is similar to the process in which the UE enters the network in the legacy LTE.
  • the RN is similar to the process in the LTE in the LTE, and the process of establishing the RN and the security mode is not described herein.
  • the wireless node network access method provided in this embodiment carries the certificate between the RN and the DeNB integrated with the HSS function in the RRC connection establishment process, and performs authentication between the RN and the DeNB, and passes the RN and the DeNB.
  • the DH parameter exchanged between the two is similar to the basic key K carried in the USIM card when the UE enters the network, and finally completes the establishment of the radio bearer between the RN and the DeNB, thereby implementing the certificate-based authentication method when the RN enters the network, and making the network Side RN access to the network is more secure.
  • FIG. 2 is a signaling flowchart of a second embodiment of a wireless node network access method according to the present invention.
  • the DeNB and the HSS are integrated on the same entity.
  • the RN uses the air interface message to carry the certificate and the key negotiation parameter, and negotiates the basic key K between the RN and the DeNB/HSS, and then the RN.
  • the AKA is mutually authenticated with the MME, and the subsequent SMC process is completely consistent with the existing SMC process of the legacy UE entering the network.
  • the method for accessing the wireless node includes the following steps:
  • Step 201 The RN sends an RRC connection setup request message to the DeNB integrated with the HSS function, where the RRC connection setup request message carries information such as the certificate of the RN and the DH parameter of the RN, so that the DeNB authenticates the RN according to the certificate of the RN.
  • the RRC Connection Setup Request message may also carry an Authentication (AUTH) parameter, which is used to prove that the secret associated with the entity's own ID is known, while protecting the previous and current data packets.
  • AUTH Authentication
  • Step 202 After receiving the RRC connection setup request message, the DeNB sends an RRC connection setup message to the RN that sends the message, where the RRC connection setup message carries information such as the DeNB certificate and the DH parameter of the DeNB, according to the DeNB certificate pair.
  • the DeNB performs authentication.
  • the RRC connection setup message may also carry an AUTH parameter, which is used to prove that the secret associated with the entity's own ID is known, while protecting the previous and current data packets.
  • the HSS integrated on the DeNB can also allocate an international RN to the RN.
  • An International Subscriber Identity (IMSI) if assigned, the IMSI is also sent to the RN along with the foregoing RRC Connection Setup message to uniquely identify the RN.
  • IMSI International Subscriber Identity
  • Step 203 The RN and the DeNB respectively calculate and generate the basic key K locally according to the DH parameter of the RN and the DH parameter of the DeNB in the two messages in the foregoing steps 201 and 202.
  • the basic key ⁇ is similar to the basic key K carried in the USIM card of the UE when the UE enters the legacy LTE.
  • Step 204 The RN sends an RRC connection setup complete message to the DeNB, where the RRC connection setup complete message carries a NAS attach request message.
  • Step 205 The DeNB forwards the NAS attach request message of the RN to the MME.
  • Step 206 The MME finds that the RN is attached, initiates the AKA authentication process, and first sends an authentication data request message to the HSS.
  • Step 207 The HSS sends the authentication vector calculated according to the basic key K to the MME, and the authentication vector may include ⁇ RAND, XRES, KASME, AUTN ⁇ .
  • Step 208 After obtaining the authentication vector, the MME sends an authentication request to the RN, and carries the AUTN and XRES for authentication and the RAND required to calculate the key.
  • Step 209 The MME receives the authentication response carrying the RES returned by the RN, and verifies the RES in the authentication response, so as to complete the AKA authentication between the RN and the MME.
  • Step 210 The SMC process is performed by using the SMC to perform the negotiation of the NAS encryption algorithm between the RN and the MME.
  • the SMC process is the same as the SMC process when the UE enters the traditional LTE network.
  • Step 211 The MME sends an initial context setup message of the RN to the DeNB, where the initial context setup message carries the AS key calculated in the AKA authentication process between the RN and the MME.
  • Step 212 The SMC process is performed by using the SMC to perform the AS-Secure algorithm between the DeNB and the RN.
  • the SMC process is the same as the SMC process in the traditional LTE when the UE enters the network.
  • Step 213 Perform a radio bearer setup process between the RN and the DeNB, and complete the RN network access authentication.
  • the length of the RRC connection setup request message or the RRC connection setup message is limited. Therefore, in step 201 and step 202, the certificate of the RN and/or the certificate of the DeNB may also be replaced by a certificate identifier with a shorter bit length. Not the certificate itself.
  • the RRC connection setup request message or the RRC connection setup message carries the certificate identifier instead of the certificate itself, the entity receiving the message needs to complete the registration association (RA) / certificate center (Certificate).
  • the association referred to as CA, interacts to obtain the content of the certificate indicated by the certificate identifier, and then authenticates the certificate-based content of the peer.
  • the method for the network access of the wireless node describes the signaling procedure of the certificate authentication between the RN and the DeNB integrated with the HSS.
  • the RRC connection setup request message carries the certificate of the RN, and is carried in the RRC connection setup message.
  • the certificate of the DeNB performs certificate-based authentication between the RN and the DeNB, and exchanges DH parameters through an RRC connection setup request message and an RRC connection setup message between the RN and the DeNB, and calculates a basic value similar to that carried by the USIM card when the UE enters the network.
  • the key K is used to complete the establishment of the radio bearer between the RN and the DeNB, thereby implementing a certificate-based authentication method for the RN to access the network, and making the network-side RN more secure.
  • FIG. 3 is a signaling flowchart of a third embodiment of a wireless node network access method according to the present invention.
  • the DeNB and the HSS are integrated on the same entity, and the RN carries the information required for the key negotiation in the RRC connection setup request message, and the RN carries the AUTH parameter of the DeNB in the RRC connection setup complete message to verify The transmitted RRC Connection Setup Request message.
  • the following steps are included:
  • Step 301 The RN carries information such as a certificate of the RN and a DH parameter of the RN in an RRC connection setup request message sent by the DeNB integrated with the HSS function.
  • Step 302 The DeNB calculates and obtains the basic key K according to the received DH parameter of the RN and the DH parameter of the local DeNB, and calculates an AUTH parameter according to the K, and sends an RRC connection setup message to the RN, where the RRC connection setup message is carried.
  • the certificate of the DeNB, the DH parameter of the DeNB, and the AUTH parameter are used to authenticate the DeNB according to the certificate of the DeNB.
  • the HSS integrated on the DeNB may also allocate an IMSI to the RN. If assigned, the IMSI is also sent to the RN along with the aforementioned RRC Connection Setup message to uniquely identify the RN.
  • Step 303 The RN sends an RRC connection setup complete message to the DeNB, where the RRC connection setup complete message carries the AUTH parameter of the RN to the DeNB, so that the DeNB completes the authentication of the RRC connection setup request message sent before the RN according to the value, and After the authentication succeeds, the RN is authenticated according to the RN's certificate.
  • the RRC connection setup complete message also carries the NAS attach request message of the RN.
  • Step 304 The RN calculates and generates the base key K locally according to the DH parameter of the RN and the DH parameter of the DeNB in the message in the foregoing steps 301 to 303.
  • the basic key ⁇ is similar to the basic key K carried in the USIM card of the UE when the UE enters the traditional LTE network.
  • Step 305 The DeNB forwards the NAS attach request message of the RN to the MME.
  • Step 306 The MME finds that the RN is attached, initiates the AKA authentication process, and first sends an authentication data request message to the HSS.
  • Step 307 The HSS sends the authentication vector calculated according to the basic key K to the MME, and the authentication vector may include ⁇ RAND, XRES, KASME, AUTN ⁇ .
  • Step 308 After obtaining the authentication vector, the MME sends an authentication request to the RN, and carries the AUTN and XRES for authentication and the RAND required to calculate the key.
  • Step 309 The MME receives the authentication response carrying the RES returned by the RN, and verifies the RES in the authentication response to complete the AKA authentication between the RN and the MME.
  • Step 310 Perform a negotiation of the NAS encryption algorithm between the RN and the MME by using the SMC.
  • the SMC process is the same as the SMC process when the UE enters the traditional LTE network in the prior art.
  • Step 311 The MME sends an initial context setup message of the RN to the DeNB, where the initial context setup message carries the AS key calculated in the AKA authentication process between the RN and the MME.
  • Step 312 Perform, by using the SMC, negotiation of an AS secret algorithm between the DeNB and the RN, where The SMC process is the same as the SMC process in the prior art when the UE enters the traditional LTE network.
  • Step 313 Perform a radio bearer setup process between the RN and the DeNB, and complete the RN network access authentication.
  • the RN certificate and/or the DeNB certificate may also be replaced by a certificate identifier with a shorter bit length instead of The certificate itself.
  • the entity receiving the message needs to complete the interaction with the RA/CA to obtain the certificate indicated by the certificate identifier. And then perform peer-based certificate-based authentication.
  • the wireless node network access method provided in this embodiment describes the signaling process of the certificate authentication between the RN and the DSS integrated with the HSS.
  • the embodiment obtains the same beneficial effects as the second embodiment of the wireless node network access method.
  • the certificate-based authentication method is implemented when the RN enters the network, so that the network-side RN is more secure.
  • FIG. 4 is a schematic structural diagram of a first embodiment of a relay node according to the present invention.
  • the relay node includes: a sending module 41, a receiving authentication module 42, a calculating module 43, and a bearer establishing module 44.
  • the sending module 41 is configured to send, in the process of establishing a radio resource control connection of the relay node and the donor base station integrated with the home subscriber server, the certificate of the relay node and the relay node to the donor base station.
  • the receiving authentication module 42 is configured to receive the donor base station sent by the donor base station a certificate and a Diffie-Hellman parameter of the donor base station, and authenticating the donor base station according to the certificate of the donor base station; and a calculating module 43, configured to: if the relay node and the donor base station are successfully authenticated And calculating a base key K according to the Diffie-Hellman parameter of the relay node and the Diffie-Hellman parameter of the donor base station received by the receiving module 42; the bearer establishing module 44 is configured to The basic key K calculated by the calculating module 43 is used for authentication and key negotiation with the mobility management entity, and is used for performing non-access stratum security mode control with the mobility management entity, and The donor base station performs access layer security mode control, and establishes with the donor base station Wireless bearer.
  • the specific method for implementing the wireless node network access is described in the foregoing method embodiment.
  • the message exchanged between the RN and the DeNB integrated with the HSS function carries the certificate, and the RN is performed.
  • the certificate-based authentication method is adopted when accessing the network, and the network-side RN is more secure.
  • FIG. 5 is a schematic structural diagram of a first embodiment of a wireless node network access system according to the present invention. As shown in FIG. 5, the method includes: a mobility management entity 51, a donor base station 52 integrated with a home subscriber server, and a relay node 53.
  • the relay node 53 is as described in the first embodiment of the foregoing relay node, and details are not described herein again.
  • the donor base station 52 integrated with the home subscriber server is configured to receive the certificate of the relay node sent by the relay node 53 and the Diffie-Hellman parameter of the relay node, and send the donor a certificate of the base station and a Diffie-Hellman parameter of the donor base station to the relay node 53; a Diffie-Hellman parameter according to the relay node and a Diffie-Hermann of the donor base station
  • the parameter calculates the base key K; and performs an access layer security mode control with the relay node 53 according to the access layer key calculated by the base key K.
  • the mobility management entity 51 is configured to acquire an authentication vector calculated by the donor base station 52 integrated with the home subscriber server based on the basic key K, and perform authentication and confidentiality with the relay node 53 according to the authentication vector. Key negotiation; and for the non-access stratum key calculated according to the basic key K, and performing non-access stratum security mode control with the relay node 53.
  • the wireless node network access system provided in this embodiment, and the specific method for implementing the wireless node network access refer to the foregoing method embodiment, where the certificate is carried in the message exchanged between the RN and the DeNB integrated with the HSS function in the RRC connection establishment process.
  • the authentication between the RN and the DeNB, and the DH parameter exchanged between the RN and the DeNB is similar to the basic key K carried in the USIM card when the UE enters the network, and finally completes the establishment of the radio bearer between the RN and the DeNB.
  • the certificate-based authentication method is adopted when the RN accesses the network, and the network-side RN is more secure.
  • FIG. 6 is a schematic flowchart diagram of a fourth embodiment of a wireless node network access method according to the present invention. As shown in Figure 6, Including the following steps:
  • Step 601 In the RRC connection establishment process between the RN and the DeNB, the DeNB sends the RN certificate and the DH parameter of the RN to the HSS, so that the HSS authenticates the RN according to the RN certificate.
  • Step 602 The RN receives the HSS certificate sent by the HSS and the DH parameter of the HSS through the DeNB, and authenticates the HSS according to the HSS certificate.
  • the RN and the HSS respectively send their own certificates to the peer to implement certificate-based authentication between the RN and the HSS.
  • Step 603 If the RN and the HSS are successfully authenticated, the basic key K is calculated according to the DH parameter of the RN and the DH parameter of the HSS.
  • the basic key ⁇ is similar to the basic key carried in the Universal Subscriber Identity Module (USIM) of the UE when the UE enters the traditional LTE.
  • K KDF(K DH ); in addition, the HSS also calculates the base key K according to the DH parameter of the RN and the DH parameter of the HSS, that is, the same algorithm is used to generate the base key on the DeNB side. K.
  • Step 604 Perform a MME based on the base key ⁇ , perform a NAS SMC with the MME, and perform an AS SMC with the DeNB to establish a radio bearer between the RN and the DeNB.
  • the RN side In this step 604, the RN side generates the basic key K, and the subsequent authentication vector calculated according to the basic key K performs an AKA process between the RN and the MME, and the non-access stratum calculated according to the basic key K.
  • the key performs the NAS SMC process, and performs the AS SMC process between the RN and the DeNB according to the access layer key calculated by the basic key K.
  • the process is similar to the process of the UE entering the traditional LTE network, and the RN is similar to the traditional LTE. The UE in the process of completing the RN network access authentication and security mode establishment is not described here.
  • the wireless node network access method provided in this embodiment carries the certificate between the RN and the HSS in the RRC connection establishment process, performs authentication between the RN and the HSS, and performs DH exchange between the RN and the HSS.
  • the calculation is similar to the USIM card carried when the UE enters the network.
  • the basic key K which finally completes the establishment of the radio bearer between the RN and the DeNB, thereby implementing the certificate-based authentication method when the RN enters the network, and making the network-side RN more secure.
  • FIG. 7 is a signaling flowchart of a fifth embodiment of a wireless node network access method according to the present invention.
  • the HSS is an independent physical entity, rather than being located on the DeNB.
  • the RN and the HSS still pass the certificate authentication, and negotiate the basic key K.
  • the DeNB forwards the corresponding message between the RN and the HSS.
  • the method for accessing the wireless node includes the following steps:
  • Step 701 The RN sends an RRC connection setup request message to the DeNB, where the RRC connection setup request message carries information such as a certificate of the RN, a DH parameter of the RN, and an AUTH parameter.
  • Step 702 The DeNB forwards the information of the RN, the DH parameter, and the AUTH parameter of the RN in the received RRC connection setup request message to the HSS, so that the HSS authenticates the RN according to the certificate of the RN.
  • Step 703 The HSS sends a message carrying the certificate of the HSS, the DH parameter of the HSS, and the AUTH parameter to the DeNB.
  • Step 704 After receiving the certificate of the HSS, the DH parameter of the HSS, and the AUTH parameter, the DeNB sends an RRC connection setup message to the RN, where the RRC connection setup message carries the HSS certificate, the DH parameter of the HSS, and the AUTH parameter, according to the HSS.
  • the certificate certifies the HSS.
  • the HSS may allocate an IMSI to the RN. If allocated, the DeNB also sends the IMSI to the RN in an RRC Connection Setup message to uniquely identify the RN.
  • Step 705 The RN and the HSS calculate the generated base key K locally according to the DH parameter of the RN and the DH parameter of the HSS in the message in the above steps 501 to 504, respectively.
  • the basic key ⁇ is similar to the basic key K carried in the USIM card of the UE when the UE enters the legacy LTE.
  • Step 706 The RN sends an RRC connection setup complete message to the DeNB, where the RRC connection setup complete message carries a NAS attach request message.
  • Step 707 The DeNB forwards the NAS attach request message of the RN to the MME.
  • Step 708 The MME finds that the RN is attached, and starts the AKA authentication process, first to the HSS. Issue an authentication data request message.
  • Step 709 The HSS sends the authentication vector calculated according to the basic key K to the MME, and the authentication vector may include ⁇ RAND, XRES, KASME, AUTN ⁇ .
  • Step 710 After obtaining the authentication vector, the MME sends an authentication request to the RN, and carries the AUTN and XRES for authentication and the RAND required to calculate the key.
  • Step 711 The MME receives the authentication response carrying the RES returned by the RN, and verifies the RES in the authentication response to complete the AKA authentication between the RN and the MME.
  • Step 712 Perform a negotiation of the NAS encryption algorithm between the RN and the MME by using the SMC.
  • the SMC process is the same as the SMC process when the UE enters the traditional LTE network in the prior art.
  • Step 713 The MME sends an initial context setup message of the RN to the DeNB, where the initial context setup message carries the AS key calculated in the AKA authentication process between the RN and the MME.
  • Step 714 The SMC process is performed by using the SMC to perform the AS confidentiality algorithm between the DeNB and the RN.
  • the SMC process is the same as the SMC process when the UE enters the traditional LTE network in the prior art.
  • Step 715 Perform a radio bearer setup process between the RN and the DeNB, and complete the RN network access authentication.
  • the certificate of the RN and/or the certificate of the HSS may also be replaced by a certificate identifier having a shorter bit length. Not the certificate itself.
  • the entity receiving the message needs to complete the interaction with the RA/CA to obtain the certificate indicated by the certificate identifier. And then perform peer-based certificate-based authentication.
  • the DeNB and the HSS are two separate entities.
  • This embodiment describes the signaling process of the certificate authentication between the RN and the HSS in detail, and carries the RN in the RRC connection setup request message.
  • the certificate carries the certificate of the HSS in the RRC connection setup message, performs certificate-based authentication between the RN and the HSS, and exchanges DH parameters between the RRC connection establishment request message and the RRC connection setup message between the RN and the HSS, and the calculation is similar.
  • the basic key K carried in the network-time USIM card finally completes the establishment of the radio bearer between the RN and the DeNB, thereby implementing a certificate-based authentication method for the RN to access the network, and making the network-side RN more secure.
  • FIG. 8 is a schematic structural diagram of a second embodiment of a relay node according to the present invention.
  • the relay node includes: a sending module 81, a receiving authentication module 82, a calculating module 83, and a bearer establishing module 84.
  • the sending module 81 is configured to send, by the donor base station, the certificate of the relay node and the relay node to the home subscriber server during a radio resource control connection establishment process between the relay node and the donor base station.
  • a Diffie-Hellman parameter such that the home subscriber server authenticates the relay node according to the certificate of the relay node
  • a receiving authentication module 82 configured to receive the home subscriber server by using the donor base station Transmitting the certificate of the home subscriber server and the Diffie-Hellman parameter of the home subscriber server, and authenticating the home subscriber server according to the certificate of the home subscriber server; The relay node and the home subscriber server are successfully authenticated, and then calculated according to the Diffie-Hellman parameter of the relay node and the Diffie-Hellman parameter of the home subscriber server received by the receiving module 82.
  • a base key K a base key K
  • a bearer establishing module 84 configured to calculate the base key K based on the calculation module 83, and mobility management Body authentication and key agreement; and a non-access stratum security mode control and the mobility management entity, a security mode control access layer and the donor base station, and establish a radio bearer between the donor base station.
  • the specific method for implementing the wireless node accessing network is as shown in the foregoing method embodiment.
  • the message exchanged between the RN and the HSS carries the certificate, and the RN and the HSS are performed.
  • Authentication, and through the DH parameters exchanged between the RN and the HSS the calculation is similar to the basic key K carried in the USIM card when the UE enters the network, and finally completes the establishment of the radio bearer between the RN and the DeNB, thereby implementing the certificate based on the RN entering the network.
  • the authentication method makes the network side RN more secure.
  • FIG. 9 is a schematic structural diagram of a second embodiment of a wireless node network access system according to the present invention. As shown in FIG. 9, the method includes: a mobility management entity 91, a home subscriber server 92, a donor base station 93, and a relay node 94.
  • the relay node 94 is as described in the second embodiment of the foregoing relay node, and details are not described herein again.
  • the home subscriber server 92 is configured to receive a certificate of the relay node sent by the relay node 94 and a Diffie-Hellman parameter of the relay node, and send a certificate of the home subscriber server and Defi-Herman parameter of the home subscriber server to the relay node 94; calculating according to the Diffie-Hellman parameter of the relay node and the Diffie-Hellman parameter of the home subscriber server
  • the base management key 91 is configured to acquire an authentication vector calculated by the home subscriber server 92 based on the basic key K, and perform authentication with the relay node 94 according to the authentication vector.
  • the donor base station 93 configured to acquire the The home subscriber server 92 performs access layer security mode control with the relay node 94 based on the access layer key calculated based on the base key K.
  • the specific method for implementing the wireless node network access is described in the foregoing method embodiment.
  • the message exchanged between the RN and the HSS carries a certificate between the RN and the HSS.
  • the authentication, and the DH parameter exchanged between the RN and the HSS is similar to the basic key K carried in the USIM card when the UE enters the network, and finally completes the establishment of the radio bearer between the RN and the DeNB, thereby implementing the certificate based on the certificate when the RN enters the network.
  • the authentication method of the network side makes the network side RN more secure.
  • FIG. 10 is a schematic flowchart diagram of a sixth embodiment of a wireless node network access method according to the present invention.
  • the HSS and the MME are integrated on the same entity. As shown in Figure 10, the following steps are included:
  • Step 1001 Complete an RRC connection establishment between the RN and the DeNB.
  • Step 1002 The RN sends an attach request message carrying the certificate of the RN and the DH parameter of the RN to the MME integrated with the HSS, so that the MME authenticates the RN according to the certificate of the RN.
  • Step 1003 The RN receives the non-access stratum message that is sent by the MME and carries the certificate of the MME and the DH parameter of the MME, and authenticates the MME according to the certificate of the MME.
  • Step 1004 If the RN and the MME are successfully authenticated, the shared key is calculated according to the DH parameter of the RN and the DH of the MME.
  • the MME calculates the shared key according to the DH parameter of the RN and the DH parameter of the MME.
  • Step 1005 Based on the shared key, the RN performs NAS SMC with the MME, and performs AS SMC with the DeNB to establish a radio bearer between the RN and the DeNB.
  • the RN completes the process of establishing the RN network access authentication and the security mode, similar to the UE in the traditional LTE, and is not described here.
  • the wireless node network access method provided in this embodiment performs the authentication between the RN and the MME by carrying the certificate in the message exchanged between the RN and the MME integrated with the HSS, and calculates the DH parameter exchanged between the RN and the MME. Similar to the shared key carried in the USIM card when the UE enters the network, the radio bearer between the RN and the DeNB is finally established, thereby implementing the certificate-based authentication method when the RN enters the network, and making the network-side RN more secure.
  • FIG. 11 is a signaling flowchart of a seventh embodiment of a wireless node network access method according to the present invention. This embodiment is a specific signaling procedure of the foregoing sixth embodiment, and the HSS and the MME are integrated on the same entity. As shown in Figure 11, the following steps are included:
  • Step 1101 The RN initiates an RRC connection setup request message to the DeNB.
  • Step 1102 The DeNB sends an RRC connection setup message to the RN.
  • Step 1103 The RN returns an RRC connection setup complete message to the DeNB.
  • Step 1104 The RN sends a NAS attach request message to the MME integrated with the HSS, where the NAS attach request message carries the certificate of the RN and the DH parameter of the RN.
  • Step 1105 The MME sends an IMSI request message to the RN, where the IMSI request message carries the certificate of the MME, the DH parameter of the MME, and the AUTH parameter used for the authentication.
  • the HSS integrated on the MME may also allocate an IMSI to the RN. If allocated, the IMSI is also carried in the foregoing IMSI request message and sent to the RN to uniquely identify the RN.
  • Step 1106 After receiving the certificate of the MME, the RN completes the authentication of the MME, and then the IMSI.
  • the AUTN parameter carried in the response message is sent to the MME, so that the MME performs certificate authentication on the RN according to the certificate of the RN sent in step 1104.
  • the subsequent security process is completed between the RN and the MME based on the shared key K1, and specifically includes two scenarios:
  • Step 1108a The MME integrated with the HSS function calculates an authentication vector according to the basic key K, and the authentication vector may include ⁇ RAND, XRES, KASME, AUTN ⁇ .
  • Step 1108b The MME integrated with the HSS function obtains an authentication vector including the root key KASME from the HSS, and the authentication vector may include ⁇ RAND, XRES, KASME, AUTN ⁇ .
  • Step 1109 After obtaining the authentication vector, the MME sends an authentication request to the RN, and carries the AUTN and XRES for authentication and the RAND required to calculate the key.
  • Step 1110 The MME receives the authentication response carrying the RES returned by the RN, and verifies the RES in the authentication response to complete the AKA authentication between the RN and the MME.
  • Step 1111 Perform a negotiation of the NAS encryption algorithm between the RN and the MME by using the SMC.
  • the SMC process is the same as the SMC process when the UE enters the traditional LTE network in the prior art.
  • Step 1112 The MME sends an initial context setup message of the RN to the DeNB, where the initial context setup message carries the AS key calculated in the AKA authentication process between the RN and the MME.
  • Step 1113 The SMC process is performed by using the SMC to perform the AS confidentiality algorithm between the DeNB and the RN.
  • the SMC process is the same as the SMC process in the traditional LTE when the UE enters the network.
  • Step 1114 Perform a radio bearer setup process between the RN and the DeNB, and complete the RN network access authentication.
  • the certificate of the RN and/or the certificate of the MME may also consider a certificate with a shorter bit length. Instead of the certificate itself, the entity receiving the message needs to first complete the interaction with the RA/CA to obtain the content of the certificate indicated by the certificate identifier, and then authenticate the certificate-based content of the peer.
  • the method for the network access of the wireless node describes the signaling procedure of the certificate authentication between the RN and the MME integrated with the HSS, which is similar to the sixth embodiment of the method for accessing the wireless node, and can also implement the certificate based on the RN when accessing the network.
  • FIG. 12 is a schematic structural diagram of a third embodiment of a relay node according to the present invention.
  • the relay node includes: a connection establishing module 121, a sending module 122, a receiving authentication module 123, a computing module 124, and a bearer establishing module 125.
  • the connection establishing module 121 is configured to complete the establishment of the radio resource control connection between the relay node and the donor base station, and the sending module 122 is configured to send the certificate carrying the relay node and the Diffie-He of the relay node.
  • the Diffie-Hellman parameter of the management entity calculates a shared key;
  • a bearer establishment module 125 is configured to calculate based on the calculation module 124 Said shared key, non-secure mode access control layer and the mobility management entity, and the access layer security mode control and the donor base station, establishing a radio bearer between the donor and the base
  • the specific method for implementing the wireless node network access is described in the foregoing method embodiment, and the certificate is carried in the message exchanged between the RN and the MME integrated with the HSS, and the authentication between the RN and the MME is performed, and The DH parameter exchanged between the RN and the MME is similar to the shared key carried in the USIM card when the UE enters the network, and finally the radio bearer between the RN and the DeNB is established, thereby implementing a certificate-based authentication method when the RN accesses the network, and Make the network side RN into The network is more secure.
  • FIG. 13 is a schematic structural diagram of a third embodiment of a wireless node network access system according to the present invention. As shown in FIG. 13, the method includes: a mobility management entity 131 integrated with a home subscriber server, a donor base station 132, and a relay node 133.
  • the relay node 133 is as described in the foregoing third embodiment of the relay node, and details are not described herein again.
  • the mobility management entity 131 integrated with the home subscriber server is configured to receive the certificate of the relay node sent by the relay node 133 and the Diffie-Hellman parameter of the relay node, and send the mobility management a certificate of the entity and a Diffie-Hellman parameter of the mobility management entity to the relay node 133; a Diffie-Hellman parameter of the relay node and a Diffie-Hier of the mobility management entity a shared key; the non-access stratum key calculated according to the shared key, and the non-access stratum security mode control with the relay node 133; the donor base station 132, configured to Obtaining an access layer key calculated by the mobility management entity integrated with the home subscriber server based on the shared key, and performing an access layer security mode control with the relay node 133 according to the access layer key.
  • the wireless node network access system provided in this embodiment and the specific method for implementing the wireless node network access, as described in the foregoing method embodiment, carries the authentication between the RN and the MME by carrying the certificate in the message exchanged between the RN and the MME integrated with the HSS. And the DH parameter exchanged between the RN and the MME is used to calculate a shared key that is carried in the USIM card when the UE enters the network, and finally completes the establishment of the radio bearer between the RN and the DeNB, thereby implementing a certificate-based authentication method when the RN enters the network. Moreover, the network side RN is more secure.
  • FIG. 14 is a schematic flowchart diagram of an eighth embodiment of a wireless node network access method according to the present invention. As shown in Figure 14, the following steps are included:
  • Step 1401 In the process of establishing an RRC connection and/or establishing a radio bearer between the RN and the DeNB, send the certificate of the RN and the DH parameter of the RN to the DeNB, so that the DeNB authenticates the RN according to the certificate of the RN.
  • Step 1402 Receive a DeNB certificate sent by the DeNB and a DH parameter of the DeNB, and perform authentication on the DeNB according to the certificate of the DeNB.
  • the RN and the DeNB respectively send their own certificates to the peer to implement certificate authentication between the RN and the DeNB.
  • Step 1403 If the RN and the DeNB are successfully authenticated, calculate the authentication key AK according to the DH parameter of the RN and the DH parameter of the DeNB.
  • the DeNB calculates the authentication key according to the DH parameter of the RN and the DH parameter of the DeNB.
  • Step 1404 The authentication key AK is used as a temporary key KeNB shared by the RN and the DeNB, and based on the temporary key KeNB, performs AS SMC with the DeNB.
  • the message exchanged between the RN and the DeNB carries a certificate between the RN and the DeNB.
  • Authentication, and through the DH parameters exchanged between the RN and the DeNB calculate the temporary key KeNB calculated when the UE enters the network, and finally complete the establishment of the radio bearer between the RN and the DeNB, thereby implementing certificate-based authentication when the RN enters the network.
  • the method makes the network side RN more secure.
  • FIG. 15 is a signaling flowchart of a ninth embodiment of a wireless node network access method according to the present invention.
  • the RN and the DeNB do not need to perform signaling interaction with the HSS to perform calculation of the basic key K, only need to pass certificate authentication between the RN and the DeNB, and perform calculation of the temporary key KeNB between the RN and the DeNB. And using the generated temporary key KeNB to protect the AS message between the RN and the DeNB.
  • the following steps are included:
  • Step 1501 The RN initiates an RRC connection setup request message to the DeNB to which the RN belongs, and the RRC connection setup request message carries information such as a certificate of the RN, a random number (nonce) 1, a DH parameter of the RN, and an AUTH parameter, so that the DeNB according to the RN
  • the certificate authenticates the RN.
  • the random number is to make the shared key obtained in the subsequent calculation different every time.
  • the RN's certificate can also be considered instead of a certificate with a shorter bit length than the certificate itself.
  • the method further includes: Step 1501: The RN needs to complete the message interaction with the RA/CA. To get the content of the certificate indicated by the certificate identifier. Then, the authentication of the peer-based certificate-based content is performed.
  • Step 1502 The DeNB returns an RRC connection setup message to the RN, where the RRC connection setup message carries information such as a certificate of the DeNB, a random number (nonce) 2, a DH parameter of the DeNB, and an AUTH parameter, so that the RN performs the DeNB according to the certificate of the DeNB. Certification.
  • the DeNB's certificate can also be considered instead of a certificate with a shorter bit length than the certificate itself.
  • the method further includes: Step 1502: The DeNB needs to complete the message interaction with the RA/CA to obtain the content of the certificate indicated by the certificate identifier. . Then, the authentication of the peer-based certificate-based content is performed.
  • Step 1503 The RN and the DeNB respectively calculate and generate the authentication key AK according to the DH parameter of the RN and the DH parameter of the DeNB in the two messages in the step 1501 and the step 1502, and use the authentication key AK as the temporary key.
  • the KeNB calculates an encryption key and an integrity protection key of the AS signaling.
  • Step 1504 The RN initiates an RRC connection setup complete message to the DeNB to which the RN belongs, and carries a NAS attach request message.
  • Step 1505 The DeNB to which the RN belongs forwards the NAS attach request message to the MME.
  • Step 1506 The MME sends an initial context setup message of the RN to the DeNB.
  • Step 1507 The AS SMC process is performed between the DeNB and the RN to which the RN belongs, and the AS algorithm negotiation between the DeNB and the RN is completed, and the AS protection is activated.
  • Step 1508 Perform a radio bearer setup process between the RN and the DeNB, and complete the RN network access authentication.
  • the wireless node network access method provided in this embodiment describes the certificate between the RN and the DeNB in detail.
  • the signaling process of the book authentication is similar to the eighth embodiment of the wireless network access method, and the certificate-based authentication method for the RN to access the network is also implemented, and the network-side RN is more secure.
  • FIG. 16 is a signaling flowchart of a tenth embodiment of a wireless node network access method according to the present invention. As shown in Figure 16, the following steps are included:
  • Step 1601 The RN sends an RRC Connection Setup Request message to the DeNB to which it belongs.
  • Step 1602 The DeNB to which the RN belongs restores an RRC connection setup message to the RN, and completes a connection establishment process of the random access channel.
  • Step 1603 The RN sends an RRC connection setup complete message to the DeNB to which the RN belongs, where the NAS attach request message is carried.
  • Step 1604 The DeNB to which the RN belongs encapsulates the NAS attach request message in an S1-AP message and transmits the message to the MME.
  • Step 1605 The MME sends a message such as a Serving Gateway (S-GW) address, an S1-TEID, a Bearer QoS, a security context, and the like to the DeNB to which the RN belongs, and activates for all the eNBs.
  • S-GW Serving Gateway
  • S1-TEID an S1-TEID
  • Bearer QoS a Bearer QoS
  • security context a security context, and the like.
  • EPS Evolved Packet System
  • Step 1606 The DeNB to which the RN belongs sends the RRC radio bearer setup message to the RN, and the RN authenticates the DeNB.
  • the RRC radio bearer setup message may also carry a random number (nonce). DH parameters and AUTH parameters.
  • the DeNB's certificate can also be considered instead of a certificate with a shorter bit length than the certificate itself.
  • the method further includes: Step 1606', the DeNB needs to complete the message interaction with the RA/CA to obtain the certificate indicated by the certificate identifier. content. Then, the authentication of the peer-based certificate-based content is performed.
  • Step 1607 The DeNB to which the RN belongs receives the RRC radio bearer setup complete message sent by the RN, where the RRC radio bearer setup complete message includes the RN certificate, the random number (nonce) 2, the DH parameter of the RN, and the AUTH parameter, so that the DeNB Authenticate the RN according to the certificate of the RN. Complete the establishment of the wireless 7-load.
  • the RN's certificate can also be considered instead of a certificate with a shorter bit length than the certificate itself.
  • the method further includes: Step 1607: The RN needs to complete the message interaction with the RA/CA to obtain the certificate indicated by the certificate identifier. Content. Then, the authentication of the certificate-based content of the peer is performed.
  • Step 1608 The RN and the DeNB respectively calculate and generate the authentication key AK according to the DH parameter of the RN and the DH parameter of the DeNB in the two messages in the step 1606 and the step 1607, and use the authentication key AK as the temporary key.
  • the KeNB calculates an encryption key and an integrity protection key of the AS signaling.
  • Step 1609 Perform an AS SMC process between the DeNB and the RN to which the RN belongs, complete the negotiation of the AS algorithm between the DeNB and the RN, and activate the AS protection.
  • the wireless node access method in this embodiment is a certificate-based authentication completed when the radio bearer is established, and the air interface protocol needs to be modified.
  • the process of certificate authentication may be that the certificate of the DeNB is not sent in step 1606, and the certificate of the DeNB is carried in the downlink message of the DeNB to the RN in the interaction message of step 1609, thereby implementing authentication of the DeNB.
  • the DeNB if the RN and the DeNB fail to be authenticated, the DeNB is triggered to initiate an RRC connection release procedure, or the DeNB is triggered to instruct the MME to initiate a process of de-attaching the RN, thereby disconnecting the radio bearer connection between the RN and the DeNB.
  • the method for the network access of the wireless node described the signaling procedure of the certificate authentication between the RN and the DeNB in detail. Similar to the eighth embodiment of the method for accessing the wireless node, the method for authenticating the certificate when the RN enters the network is also implemented. Moreover, the network side RN is more secure.
  • FIG. 17 is a signaling flowchart of an eleventh embodiment of a method for accessing a wireless node according to the present invention. As shown in Figure 17, the following steps are included:
  • Step 1701 The RN sends an RRC Connection Setup Request message to the DeNB to which it belongs.
  • Step 1702 The DeNB to which the RN belongs restores an RRC connection setup message to the RN, and completes randomization.
  • Step 1703 The RN sends an RRC connection setup complete message to the DeNB to which the RN belongs.
  • the RRC connection setup complete message carries the certificate of the RN, and is used by the DeNB to which the RN belongs to authenticate the RN.
  • the RRC connection setup complete message also carries a random number (nonce) 1, a DH parameter of the RN, and an AUTH parameter, which also carries a NAS attach request message.
  • the RN's certificate can also be considered instead of a certificate with a shorter bit length than the certificate itself.
  • the method further includes: Step 1703: The RN needs to complete the message interaction with the RA/CA to obtain the certificate indicated by the certificate identifier. content. Then, the authentication of the peer-based certificate-based content is performed.
  • Step 1704 The DeNB to which the RN belongs encapsulates the NAS attach request message in an S1-AP message and transmits the message to the MME.
  • Step 1705 The MME sends a message such as a serving gateway (S-GW) address, an S1-TEID, a bearer QoS, a security context, and the like to the DeNB to which the RN belongs, by using an S1-AP message, and is activated for all The radio bearer and SI bearer of the activated Evolved Packet System (EPS).
  • S-GW serving gateway
  • EPS Evolved Packet System
  • Step 1706 The DeNB to which the RN belongs sends the RRC radio bearer setup message to the RN, and the RN authenticates the DeNB.
  • the RRC radio bearer setup message may also carry a random number (nonce). DH parameters and AUTH parameters.
  • the DeNB's certificate can also be considered instead of a certificate with a shorter bit length than the certificate itself.
  • the method further includes: Step 1706: The DeNB needs to complete the message interaction with the RA/CA to obtain the certificate indicated by the certificate identifier. content. Then, the authentication of the peer-based certificate-based content is performed.
  • Step 1707 The RN and the DeNB respectively calculate and generate an authentication key AK according to the DH parameter of the RN and the DH parameter of the DeNB in the two messages in step 1703 and step 1706, and
  • the authentication key AK is used as the temporary key KeNB, and the encryption key and integrity protection key of the AS signaling are calculated.
  • step 1703 and step 1706 Through the interaction of the two messages in step 1703 and step 1706, the authentication based on the certificate when the RN enters the network is completed.
  • Step 1708 The DeNB to which the RN belongs receives the RRC radio bearer setup complete message sent by the RN, and completes the establishment of the radio bearer between the RN and the DeNB.
  • Step 1709 The AS SMC process is performed between the DeNB and the RN to which the RN belongs, and the AS algorithm negotiation between the DeNB and the RN is completed, and the AS protection is activated.
  • the method for the network access of the wireless node described the signaling procedure of the certificate authentication between the RN and the DeNB in detail. Similar to the eighth embodiment of the method for accessing the wireless node, the method for authenticating the certificate when the RN enters the network is also implemented. Moreover, the network side RN is more secure.
  • FIG. 18 is a schematic structural diagram of a fourth embodiment of a relay node according to the present invention.
  • the relay node includes: a sending module 181, a receiving authentication module 182, a calculating module 183, and a bearer establishing module 184.
  • the sending module 181 is configured to send, in the process of establishing a radio resource control connection and/or establishing a radio bearer between the relay node and the donor base station, the certificate of the relay node and the middle to the donor base station.
  • the receiving authentication module 182 is configured to receive the a certificate of the donor base station and a Diffie-Hellman parameter of the donor base station, and authenticating the donor base station according to the certificate of the donor base station; a calculation module 183, configured to: if the relay node and the donor After the base station authentication succeeds, the authentication key AK is calculated according to the Diffie-Hellman parameter of the relay node and the Diffie-Hellman parameter of the donor base station received by the receiving module 182; the bearer establishing module 184, The authentication key AK calculated by the calculation module 183 is used as a temporary key KeNB shared by the relay node and the donor base station, and based on the temporary key KeNB, The donor base station performs access layer security mode control. In addition, the mobility management entity also interacts with the relay node through the donor base station.
  • the method for implementing the wireless node access network is as described in the above method.
  • the message exchanged between the RN and the DeNB carries a certificate, performs authentication between the RN and the DeNB, and passes the RN and the RN.
  • the DH parameters exchanged between the DeNBs are calculated similarly to the temporary key KeNB calculated when the UE enters the network, and finally the radio bearer establishment between the RN and the DeNB is completed, thereby implementing a certificate-based authentication method when the RN accesses the network, and the network side RN is implemented. Access to the network is more secure.
  • FIG. 19 is a schematic structural diagram of a fourth embodiment of a wireless node network access system according to the present invention. As shown in FIG. 19, the method includes: a mobility management entity 191, a donor base station 192, and a relay node 193.
  • the relay node 193 is as described in the fourth embodiment of the foregoing relay node, and details are not described herein again.
  • the mobility management entity 191 interacts with the relay node 193 via the donor base station 192.
  • the donor base station 192 is configured to receive a certificate of the relay node sent by the relay node 193 and a Diffie-Hellman parameter of the relay node, and send the certificate of the donor base station and the a Diffie-Hellman parameter of the donor base station to the relay node 193; calculating the authentication secret according to the Diffie-Hellman parameter of the relay node and the Diffie-Hellman parameter of the donor base station Key AK; using the authentication key AK as a temporary key KeNB shared by the relay node and the donor base station, and performing an access layer security mode with the relay node 193 according to the temporary key KeNB control.
  • the specific method for implementing the wireless node network access is described in the foregoing method embodiment.
  • the interactive message carries the certificate, performs authentication between the RN and the DeNB, and calculates a temporary key KeNB calculated by the UE when the UE enters the network through the DH parameter exchanged between the RN and the DeNB, and finally completes the relationship between the RN and the DeNB.
  • the radio bearer is set up to implement the certificate-based authentication method when the RN accesses the network, and the network-side RN is more secure.
  • FIG. 20 is a schematic flowchart diagram of a twelfth embodiment of a wireless node network access method according to the present invention.
  • the authentication process in this embodiment is based on the authentication with the USIM card in the RN, and the RN is similar to the secondary UE.
  • the RN first completes the process of establishing a radio bearer according to the USIM card therein, establishes an IP connection of the user plane/signaling plane, and then starts the second version (Internet Key Exchange version 2, referred to as IKEv2) of the IP layer based Internet Key Exchange Protocol 2 Certificate-based authentication process, establishing RN and its affiliated DeNB
  • IKEv2 Internet Key Exchange version 2 Certificate-based authentication process
  • Step 2001 The RN sends an IKE Security Association Initial Negotiation (IKE_SA_INIT) request message to the DeNB, where the parameter ⁇ HDR, SAil, Kei, Ni ⁇ is included in the IKE SA INIT request message.
  • IKE_SA_INIT IKE Security Association Initial Negotiation
  • the message header HDR includes a Security Parameter Index (SPIs), a version number, and a required flag.
  • SPIs Security Parameter Index
  • the SAil includes an encryption algorithm supported by the initiator to establish an IKE security association, Kei is the DH parameter of the initiator, and Ni is initiated. Square random number load.
  • Step 2002 The DeNB replies to the IKE-SA-INIT response message to the RN, and the parameters ⁇ HDR, SArl, KEr, Nr, [CERTREQ] ⁇ are included in the IKE-SA_INIT response message.
  • the DeNB places the selected algorithm in the SArl.
  • the initiator and the responder negotiate the required encryption algorithm and authentication algorithm.
  • Ni/Nr and Kei/Ker By exchanging Ni/Nr and Kei/Ker, The DH exchange is completed, so that both parties can calculate the shared key, which is used to protect the subsequent data and the key required to generate the IPsec security association; [CERTREQ] is the certificate request identifier.
  • Step 2003 The RN sends an IKE-AUTH request message to the DeNB to which it belongs, and the IKE AUTH request message includes parameters ⁇ HDR, SK, AUTH, SAi2, TSi, TSr, CFG_REQUEST ⁇ .
  • HDR contains SPIs, version number and required flags
  • SAi includes the encryption algorithm supported by the initiator to establish an IKE security association
  • SK indicates that the message is protected, AUTH is used to prove that ID-related secrets, integrity protection of both previous and current data packets
  • SAi2 carries a list of cryptographic algorithms for IPsec security associations
  • TSi/TSr represents data flows protected by IPsec security associations
  • CFG-REQUEST is used to The DeNB attached to the RN requests a certificate for authentication.
  • Step 2004 The DeNB to which the RN belongs sends an IKE-AUTH response message to the RN, where the IKE AUTH response message includes parameters ⁇ HDR, SK, AUTH, SAr2, TSi, TSr, [CERT], Config Payload, CFG_REQUEST ⁇ .
  • Step 050 The RN sends an IKE-AUTH response message to the DeNB to which the RN belongs, and the IKE AUTH response message includes parameters ⁇ HDR, SK, AUTH, SAr2, Tsi, TSr, [CERT], Config Payload ⁇ , and the RN
  • the certificate is sent to the DeNB to which the RN belongs, so that the DeNB to which the RN belongs completes the authentication of the RN.
  • the certificate of the RN and the certificate of the DeNB may also be replaced by a certificate identifier with a shorter bit length instead of the certificate itself, then the entity receiving the message needs to first The interaction with the RA/CA is completed to obtain the content of the certificate indicated by the certificate identifier, and then the authentication of the certificate-based content of the peer is performed.
  • the certificate authentication process is also required. As described in the above steps. On the network side node DeNB/MME of the certificate authentication, if the certificate authentication of the RN fails, the wireless connection/IPSec connection that triggers the Un interface between the RN and the DeNB/MME should be released or the MME initiates the process of registering the RN Detach. . Only after the RN's certificate is successfully authenticated, the RN can act as a network node to activate the bearer function of the Un interface. Otherwise, any UE cannot access the network through the RN.
  • FIG. 21 is a schematic structural diagram of a fifth embodiment of a relay node according to the present invention.
  • the relay node includes: a parameter switching module 2101, a first sending module 2102, a receiving authentication module 2103, and a second sending module 2104.
  • the parameter exchange module 2101 is configured to send an Internet Key Exchange Security Association Initial Negotiation Request message to the donor base station after completing the process of establishing a radio resource control connection and establishing a radio bearer between the relay node and the donor base station, And receiving an Internet Key Exchange Security Association Initial Negotiation Response message replied by the donor base station to exchange a Diffie-Hellman parameter of the relay node and a Diffie-Hellman parameter of the donor base station, The Diffie-Hellman parameter is used to negotiate a security protection alliance between the relay node and the donor base station; the first sending module 2102 is configured to send an Internet Key Exchange Authentication Request message to the donor base station, where Internet The key exchange authentication request message carries information for requesting the certificate of the donor base station; the receiving authentication module 2103 is configured to receive an Internet key exchange authentication response message that is returned by the donor base station and that carries the certificate of the donor base station, and according to The certificate of the donor base station authenticates the donor base station, the Internet key exchange authentication response message further carries information
  • the relay node provided in this embodiment which specifically implements the wireless node network access method, is described in the foregoing method.
  • the twelfth embodiment can implement the certificate-based authentication method when the RN accesses the network, and makes the network-side RN more secure.
  • FIG. 22 is a schematic structural diagram of a fifth embodiment of a wireless node network access system according to the present invention.
  • the wireless node network access system includes: a donor base station 2201 and a relay node 2202 as described in the fifth embodiment of the relay node described above.
  • the donor base station 2201 is configured to receive the Internet Key Exchange Security Association Initial Negotiation Request message sent by the relay node 2202, and return the Internet Key Exchange Security Association Initiality to the relay node 2202.
  • the wireless node network access system provided in this embodiment, and the wireless node network access method are specifically implemented in the twelfth embodiment of the foregoing method, which can implement the certificate-based authentication method when the RN accesses the network, and makes the network The network side RN is more secure.
  • the storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Les modes de réalisation de la présente invention portent sur un procédé d'accès à un réseau par un nœud radio, un système et un nœud de relais. Dans le procédé d'accès à un réseau par un nœud radio, le système et le nœud de relais des modes de réalisation de la présente invention, l'authentification entre le nœud de relais et un nœud B évolué donneur, un serveur d'abonnés résidentiels ou une entité de gestion de mobilité est réalisée par transport d'un certificat dans des messages échangés entre le nœud de relais et le nœud B évolué donneur, le serveur d'abonnés résidentiels ou l'entité de gestion de mobilité ; une clé partagée similaire à celle utilisée lorsqu'un équipement utilisateur accède à un réseau est calculée conformément à un paramètre de Diffie Hellman (DH) échangé entre le nœud de relais et le nœud B évolué donneur, le serveur d'abonnés résidentiels ou l'entité de gestion de mobilité ; et enfin, un support radio est établi entre le nœud de relais et le nœud B évolué donneur. En conséquence, le procédé d'authentification basé sur un certificat lorsqu'un nœud de relais accède à un réseau est mis en œuvre, et un nœud de relais côté réseau peut accéder à un réseau de façon plus sécurisée.
PCT/CN2011/070948 2010-02-12 2011-02-12 Procédé d'accès à un réseau par un nœud radio, système et nœud de relais Ceased WO2011098048A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010111422.8 2010-02-12
CN201010111422.8A CN102158860B (zh) 2010-02-12 2010-02-12 无线节点入网方法、系统及中继节点

Publications (1)

Publication Number Publication Date
WO2011098048A1 true WO2011098048A1 (fr) 2011-08-18

Family

ID=44367290

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/070948 Ceased WO2011098048A1 (fr) 2010-02-12 2011-02-12 Procédé d'accès à un réseau par un nœud radio, système et nœud de relais

Country Status (2)

Country Link
CN (1) CN102158860B (fr)
WO (1) WO2011098048A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3755064A4 (fr) * 2018-02-14 2021-03-17 Vivo Mobile Communication Co., Ltd. Procede d'etablissement de relation de voisinage, relais sans fil et noeud reseau
CN114830705A (zh) * 2019-12-31 2022-07-29 华为技术有限公司 认证方法、装置及系统

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103167492B (zh) 2011-12-15 2016-03-30 华为技术有限公司 在通信系统中生成接入层密钥的方法及其设备
GB201201915D0 (en) * 2012-02-03 2012-03-21 Nec Corp Mobile communications device and system
CN106792788B (zh) * 2015-11-24 2019-08-23 大唐移动通信设备有限公司 一种终端附着方法及基站
US10588019B2 (en) * 2016-05-05 2020-03-10 Qualcomm Incorporated Secure signaling before performing an authentication and key agreement
CN107809411B (zh) * 2016-09-09 2021-12-03 华为技术有限公司 移动网络的认证方法、终端设备、服务器和网络认证实体
CN108712742B (zh) * 2018-03-22 2019-08-27 创新维度科技(北京)有限公司 物联网网络安全优化方法、用户终端和网络侧设备
CN108768661B (zh) * 2018-05-29 2021-02-02 如般量子科技有限公司 一种基于对称密钥池和跨中继的改进型aka身份认证系统和方法
US11523277B2 (en) * 2019-06-14 2022-12-06 Samsung Electronics Co., Ltd. Method of dynamically provisioning a key for authentication in relay device
CN114499913B (zh) * 2020-10-26 2022-12-06 华为技术有限公司 加密报文的检测方法及防护设备
CN115720149A (zh) * 2020-10-26 2023-02-28 华为技术有限公司 加密报文的检测方法及防护设备
CN112887947B (zh) * 2021-01-14 2021-12-03 南通大学 一种双层区块链的蓝牙Mesh分簇组网方法
US12225130B2 (en) * 2022-01-14 2025-02-11 Micron Technology, Inc. Embedded TLS protocol for lightweight devices
CN115348583B (zh) * 2022-10-18 2023-01-03 中国民航信息网络股份有限公司 一种高速移动场景下的通信方法及系统

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101292558A (zh) * 2005-10-18 2008-10-22 Lg电子株式会社 为中继站提供安全性的方法
CN101388707A (zh) * 2007-09-13 2009-03-18 中兴通讯股份有限公司 中继站实现网络接入及初始化的方法
CN101640887A (zh) * 2008-07-29 2010-02-03 上海华为技术有限公司 鉴权方法、通信装置和通信系统
CN101640886A (zh) * 2008-07-29 2010-02-03 上海华为技术有限公司 鉴权方法、重认证方法和通信装置

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101292558A (zh) * 2005-10-18 2008-10-22 Lg电子株式会社 为中继站提供安全性的方法
CN101388707A (zh) * 2007-09-13 2009-03-18 中兴通讯股份有限公司 中继站实现网络接入及初始化的方法
CN101640887A (zh) * 2008-07-29 2010-02-03 上海华为技术有限公司 鉴权方法、通信装置和通信系统
CN101640886A (zh) * 2008-07-29 2010-02-03 上海华为技术有限公司 鉴权方法、重认证方法和通信装置

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3755064A4 (fr) * 2018-02-14 2021-03-17 Vivo Mobile Communication Co., Ltd. Procede d'etablissement de relation de voisinage, relais sans fil et noeud reseau
US11576104B2 (en) 2018-02-14 2023-02-07 Vivo Mobile Communication Co., Ltd. Neighboring relationship establishment method, wireless relay and network side node
CN114830705A (zh) * 2019-12-31 2022-07-29 华为技术有限公司 认证方法、装置及系统

Also Published As

Publication number Publication date
CN102158860B (zh) 2014-05-21
CN102158860A (zh) 2011-08-17

Similar Documents

Publication Publication Date Title
CN102158860B (zh) 无线节点入网方法、系统及中继节点
US11895229B2 (en) States secondary authentication of a user equipment
US10849191B2 (en) Unified authentication for heterogeneous networks
EP2445143B1 (fr) Procédé et système d'accès à un réseau de 3ème génération
CN111726804B (zh) 用于集成小型小区和Wi-Fi网络的统一认证
US8561200B2 (en) Method and system for controlling access to communication networks, related network and computer program therefor
CN107005927B (zh) 用户设备ue的接入方法、设备及系统
CN108781366A (zh) 用于5g技术的认证机制
CN103428690B (zh) 无线局域网络的安全建立方法及系统、设备
CN101371491A (zh) 提供无线网状网络的方法和装置
WO2012100749A1 (fr) Procédé et appareil de génération de clé
MX2009002507A (es) Autentificacion de seguridad y gestion de claves dentro de una red de multisalto inalambrica basada en infraestructura.
CN101375545A (zh) 用于提供无线网状网的方法和设备
EP3175639B1 (fr) Authentication durant un transfer intercellulaire entre deux réseaux différents de communication sans fil
WO2013181847A1 (fr) Procédé, appareil et système pour une authentification d'accès wlan
WO2011091771A1 (fr) Procédé, dispositif et système d'authentification de noeud de relais
CN108293183B (zh) E-utran与wlan之间的切换
WO2012028043A1 (fr) Procédé, dispositif et système d'authentification
CN101656956A (zh) 一种接入3gpp网络的方法、系统和网关
CN101911742B (zh) 用于交互rat切换的预认证方法
WO2012083873A1 (fr) Procédé, appareil et système de génération de clé
WO2012022234A1 (fr) Procédé d'authentification mutuelle entre des équipements d'accès réseau et équipements d'accès réseau
CN107211488A (zh) 由集成无线通信网络中的wlan节点执行的用于对接收的业务数据应用安全的方法
CN102752298B (zh) 安全通信方法、终端、服务器及系统
WO2012094920A1 (fr) Procédé et système d'authentification de nœud relais

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11741919

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11741919

Country of ref document: EP

Kind code of ref document: A1