[go: up one dir, main page]

WO2020029075A1 - Procédé et dispositif informatique permettant de réaliser une protection d'intégrité de données - Google Patents

Procédé et dispositif informatique permettant de réaliser une protection d'intégrité de données Download PDF

Info

Publication number
WO2020029075A1
WO2020029075A1 PCT/CN2018/099195 CN2018099195W WO2020029075A1 WO 2020029075 A1 WO2020029075 A1 WO 2020029075A1 CN 2018099195 W CN2018099195 W CN 2018099195W WO 2020029075 A1 WO2020029075 A1 WO 2020029075A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
wireless communication
communication device
next hop
derived key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2018/099195
Other languages
English (en)
Inventor
He Huang
Eswar Kalyan Vutukuri
Qian Dai
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to PCT/CN2018/099195 priority Critical patent/WO2020029075A1/fr
Priority to CN201880095240.0A priority patent/CN112400335B/zh
Publication of WO2020029075A1 publication Critical patent/WO2020029075A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/047Key management, e.g. using generic bootstrapping architecture [GBA] without using a trusted network node as an anchor
    • H04W12/0471Key exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Definitions

  • the present disclosure is related generally to wireless network communication and, more particularly, to a method and computing device for carrying out data integrity protection.
  • a network node e.g., a base station
  • a wireless communication device e.g., a User Equipment (UE)
  • the network node will initiate a handover procedure.
  • UE User Equipment
  • a handover procedure involves preparation of a target node, wherein the source node will transfer the necessary context of the wireless communication device to the target node, so that the wireless communication device can continue the session in the target node.
  • the source node will then transmit a handover over command to the wireless communication device, which includes the information necessary to access the target node.
  • the wireless communication device will then access the target node using this information and continue the session in the target.
  • the handover command may not be received by the wireless communication device because of rapid deterioration of the radio conditions.
  • the wireless communication device suffers radio link failure (RLF) .
  • RLF radio link failure
  • the wireless communication device may reselect to a better cell/node and attempt what is generally referred to as the “reestablishment procedure. ” This involves the wireless communication device transmitting a reestablishment message, enabling the target node to identify the wireless communication device and reinitiate the security of the link and reestablish the radio resources.
  • the reestablishment procedure can only be invoked when security has been previously established between the wireless communication device and the network node.
  • the reestablishment request e.g., UE to base station
  • the reestablishment response or simply the reestablishment message, sent, for example, from base station to the UE
  • the reestablishment request e.g., UE to base station
  • the reestablishment response or simply the reestablishment message, sent, for example, from base station to the UE
  • FIG. 1 depicts a wireless networking environment in which various embodiments may be employed.
  • FIG. 2 depicts a computer hardware architecture used in various embodiments.
  • FIG. 3 depicts a current key chaining model.
  • FIG. 4 depicts a current reestablishment procedure.
  • FIG. 5 illustrates an alternative reestablishment procedure.
  • FIG. 6 depicts a scenario in which additional signaling is needed if the vertically derived key is passed to the target node
  • FIG. 7 depicts a reestablishment procedure in accordance with an embodiment.
  • FIG. 8 depicts a handover preparation procedure carried out by a source node, according to an embodiment.
  • FIG. 9 depicts a handover preparation procedure carried out by a UE, according to an embodiment.
  • FIG. 10 depicts a handover preparation procedure carried out by a target node, according to an embodiment.
  • a source network node carries out the following actions in a reestablishment procedure: determining that there is an unused next hop parameter, next hop chaining counter pair; based on the determining step, computing a horizontally derived key and a vertically derived key; computing a security token using the horizontally derived key; and transmitting the horizontally derived key, the vertically derived key, the security token, and the next hop chaining counter to a target network node.
  • computing the horizontally derived key includes the source network node computing the horizontally derived key from a currently active key being used for communication between the source network node and a wireless communication device.
  • computing the vertically derived key comprises the source network node computing the vertically derived key from the unused next hop parameter.
  • the source network node carries out additional actions including: determining that there is no unused next hop parameter, next hop chaining counter pair for a second wireless communication device; based on the determination that there is no unused next hop parameter, next hop chaining counter pair, computing a second horizontally derived key without creating a vertically derived key; computing a second security token using the second horizontally derived key; and sending the second horizontally derived key, second security token and a previous next hop chaining counter to the target node.
  • the source network node carries out additional actions including: identifying the wireless communication device based on the identifier included in a reestablishment request and retrieving a corresponding security token.
  • a target network node carries out the following actions in a reestablishment procedure: determining that a horizontally derived key and a vertically derived key have been received for a wireless communication device that is the subject of a communication reestablishment request; verifying the authenticity of the wireless communication device based on a comparison of a security token received from the wireless communication device with a security token received from a source network node; transmitting, to the wireless communication device, an encrypted reestablishment command, wherein the reestablishment command is encrypted using a key computed using the received horizontally derived key as the base key; and computing encryption and integrity protection keys using the vertically derived key as the base key.
  • the target network node carries out additional actions including using the encryption and integrity protection keys for ciphering and for integrity protecting subsequent messages transmitted to the wireless communication device.
  • the target network node carries out additional actions including using the encryption and integrity protection keys for deciphering and for verifying the integrity of subsequent messages received from the wireless communication device.
  • the target network node carries out additional actions including: determining that only the horizontally derived key was received for a second wireless communication device; verifying the authenticity of the wireless communication device based on a comparison of a security token received from the wireless communication device with a security token received from a source network node; and sending, to the second wireless communication device, an encrypted reestablishment command using a key computed using the received horizontally derived as the base key.
  • the target network node carries out additional actions including computing encryption and integrity protection keys for the second wireless communication device using the horizontally derived for the second wireless communication device as the base key.
  • a wireless communication device e.g., a user equipment carries out the following actions in a reestablishment procedure: receiving a reestablishment message that includes a value for a next hop chaining counter; decrypting the received reestablishment using a key computed using the horizontally derived key as the base key; determining that the next hop chaining counter has changed based on a comparison of the received next hop chaining counter value with a previously-received next hop chaining counter value; and based on the determining step, deriving a new key using vertical key derivation and deriving encryption and integrity protection keys using the vertically derived key as the base key.
  • the wireless communication device carries out additional actions including using the new key and the encryption and integrity protection keys for subsequent communication.
  • the wireless communication device carries out additional actions including: receiving a second reestablishment message that includes a second value for a next hop chaining counter; determining that the next hop chaining counter has not changed based on a comparison of the received second next hop chaining counter value with a previously-received next hop chaining counter value; and based on the determination that the next hop chaining counter has not changed, using a horizontally derived key as basis for all keys used for encryption and integrity protection for subsequent messages.
  • the wireless communication device carries out additional actions including: computing the horizontally derived key; using the computed horizontally derived key to calculate a security token; and transmitting the security token to a target network node in a reestablishment request.
  • the RAN of FIG. 1 includes one or more network nodes (e.g., base stations, enhanced (evolved) node Bs, etc. ) , which interact with wireless communication devices.
  • FIG. 1 depicts a wireless communication device 102 communicating with a network node (e.g., wireless base station) 104 within the RAN.
  • a network node e.g., wireless base station
  • the RAN of FIG. 1 has many components that are not depicted, including other network nodes, other wireless communication devices, wireless infrastructure, wired infrastructure, and other devices commonly found in communication networks.
  • Example implementations of the wireless communication device 102 include a smartphone, tablet, laptop computer, and a non-traditional device (e.g., household appliance or other part of the “Internet of Things” ) .
  • FIG. 2 illustrates a basic (computing device) hardware architecture found in the devices depicted in this disclosure, according to an embodiment.
  • the various device have other components as well, some of which are common to both and others that are not.
  • the hardware architecture depicted in FIG. 2 includes logic circuitry 202, memory 204, transceiver 206, and one more antennas represented by antenna 208. Each of these elements is communicatively linked to one another via one or more data pathways 210. Examples of data pathways include wires, conductive pathways on a microchip, and wireless connections.
  • logic circuitry means a circuit (a type of electronic hardware) designed to perform complex functions defined in terms of mathematical logic. Examples of logic circuitry include a microprocessor, a controller, or an application-specific integrated circuit. When the present disclosure refers to a device carrying out an action, it is to be understood that this can also mean that logic circuitry integrated with the device is, in fact, carrying out the action.
  • Possible implementations of the memory 204 include: volatile data storage; nonvolatile data storage; electrical memory; magnetic memory; optical memory; random access memory ( “RAM” ) ; cache memory; and hard drives.
  • a horizontally derived key may be used to perform the encryption.
  • a wireless communication device derives a new key using a horizontal key derivation method and the uses derived key for a reestablishment procedure (e.g., a decryption key is derived from this key and is used to decrypt the reestablishment message from the network node) .
  • a decryption key is derived from this key and is used to decrypt the reestablishment message from the network node.
  • the reestablishment will fail and this will result in a fall back procedure that incurs additional signaling and delay (to establish security) for user plane data, which defeats the purpose of using this alternative procedure for reestablishment in the first place.
  • the overall problem can be summarized as follows: Using a horizontally derived key at the wireless communication device (e.g., at the UE) to decrypt the reestablishment message from network node (e.g., from the base station) does not work if a vertically derived key is used by the target node as the base key to encrypt the reestablishment message in downlink. As a result, fallback procedure needs to be invoked to reestablish security and this incurs additional signaling and delay for the user plane data.
  • the Radio Access Network (RAN) nodes are assumed to be potentially in exposed locations, which makes them vulnerable to unauthorized access.
  • adequate security is required to protect the secret keys when a wireless communication device moves from one node to another.
  • This is called the forward security.
  • This means that even if the current key used between node and the wireless communication device is known to a potential attacker, it is computationally infeasible for the attacker to derive the keys used between another node and the wireless communication device for a future connection. In currently-used system, this forward security is satisfied after 2 hops (i.e., a potential attacker cannot guess the key after 2 handovers) .
  • the core network node such as the AMF
  • the wireless communication device derives a K gNB and a Next Hop parameter (NH) .
  • the K gNB and the NH are derived from the K ASME .
  • An NH Chaining Counter (NCC) is associated with each K gNB and NH parameter. Every K gNB is associated with the NCC corresponding to the NH value from which it was derived.
  • the K gNB is derived directly from K ASME , and is then considered to be associated with a virtual NH parameter with NCC value equal to zero.
  • the derived NH value is associated with the NCC value one.
  • K gNB * the basis for the K gNB that will be used between the wireless communication device and the target node, called K gNB *, is derived from either the currently active K gNB or from the NH parameter. If K gNB *is derived from the currently active K gNB this is referred to as a horizontal key derivation (see FIG. 3) and if the K gNB *is derived from the NH parameter the derivation is referred to as a vertical key derivation (see FIG. 3) .
  • the NH is further bound to the target PCI and its frequency EARFCN-DL before it is taken into use as the K gNB in the target node.
  • the currently active K gNB is further bound to the target PCI and its frequency EARFCN-DL before it is taken into use as the K gNB in the target node.
  • NH parameters are only computable by the wireless communication device and core network nodes (such as AMF) , it is arranged so that NH parameters are provided to network nodes from the MME in such a way that forward security can be achieved after 2 hops as described above.
  • a general reestablishment procedure currently being used is shown in FIG. 4
  • the reestablishment procedure will succeed if the wireless communication device reestablishes in a target node that has the wireless communication device context (i.e., a prepared target node) .
  • the preparation of the target node includes transferring the wireless communication device context, including the security context to the target node (step 401) .
  • the security context includes the KgNB*that is derived by the source node and is transferred to the target node.
  • the source node performs a vertical key derivation in case it has an unused ⁇ NH, NCC ⁇ pair.
  • the source node first computes K gNB *from target PCI, its frequency ARFCN-DL, and either from currently active K gNB in case of horizontal key derivation or from the NH in case of vertical key derivation.
  • the source node forwards the ⁇ K gNB *, NCC ⁇ pair to the target node.
  • the target node uses the received K gNB *directly as K gNB to be used with the wireless communication device.
  • the target node associates the NCC value received from source node with the K gNB .
  • the reestablishment message (step 408) is not encrypted. So, the wireless communication device receives the NCC value included in the reestablishment message (i.e., step 408 in FIG. 4) , updates the KgNB based on the received NCC value (i.e.
  • step 409 uses horizontal or vertical key derivation based on the value of NCC value) and uses the new KgNB for the rest of the communication (i.e., step 409 onwards) .
  • additional reconfiguration message is needed in this case (i.e., steps 410 and 411) to signal the configuration of the Signalling Radio Bearer 2 (SRB2) and the Data Radio Bearer (DRB) .
  • SRB2 Signalling Radio Bearer 2
  • DRB Data Radio Bearer
  • One drawback of the reestablishment procedure depicted in FIG. 4 is that it requires additional reconfiguration step to resume the DRBs.
  • One way to avoid this additional step is to use a new security key to encrypt the reestablishment message and hence include in this encrypted message, the SRB2 and DRB configuration. This avoids the need for separate reconfiguration message (steps 410 and 411 in FIG. 4) .
  • This alternative procedure for reestablishment is depicted in FIG. 5.
  • the procedure of FIG. 5 may only work if a common key known both to the wireless communication device and the target node is used as the base key in step 508/509 of FIG. 5. This is may only be possible if a horizontally derived key (i.e., a key derived using the current KgNB and the current NCC value) is used. However, as noted above, the source node performs a vertical key derivation in case it has an unused ⁇ NH, NCC ⁇ pair.
  • the source node includes a vertically derived key for the target node to use and, hence, the reestablishment procedure will fail because in step 508/509 there is a key mismatch between the node and the wireless communication device (i.e., the wireless communication device uses a horizontally derived key to decrypt the reestablishment message, which has been encrypted by the target node using a vertically derived key) .
  • One way is to include an additional indication in the Handover Request message (step 501) to indicate whether a horizontal or a vertical key derivation is used to derive the KgNB*.
  • the target node has to first reestablish the AS (Access Stratum) security before resuming the data transfer.
  • AS Access Stratum
  • This requires additional messages over the air-interface (e.g., the security mode command procedure) to be executed before resuming AS security and hence the data transfer.
  • both a horizontally derived key and a vertically derived key are sent to the target node.
  • the target node uses the horizontally derived key to complete the reestablishment procedure (i.e., for encrypting the reestablishment message) but switches to a vertically derived key for the subsequent communication. This ensures that the 2-hop forward security principle is kept while the additional signaling that is incurred with the fallback procedure (e.g., to go via RRCSetup as shown in FIG. 6) is avoided.
  • FIG. 7 A handover preparation procedure and a reestablishment procedure according to an embodiment are depicted in FIG. 7.
  • a reestablishment procedure proceeds as follows.
  • the wireless communication device carries out a cell selection, resulting in a reselection to the target node at step 704.
  • the wireless communication device transmits a RACH message to the target node over a random access channel.
  • the target node transmits a random access response to the wireless communication device.
  • the wireless communication device uses a horizontal key derivation to derive a new KgNB (this is the same as H-KgNB*) and uses this to calculate the security token.
  • the wireless communication device transmits a reestablishment request including the wireless communication device ID and calculated security token to the target node.
  • the target node transmits a reestablishment message (which it encrypts using the new K RRCenc derived from H-KgNB*) , optionally including the SRB2 and DRB configuration and the NCC value.
  • the wireless communication device decrypts the reestablishment message using H-KgNB*. If the NCC value is incremented (i.e., not equal to the NCC value stored in the wireless communication device) , the wireless communication device derives a new key using vertical key derivation, and this will be V-KgNB*.
  • the wireless communication device transmits a reestablishment complete message to the target node. The message is encrypted and integrity protected by the wireless communication device using the new keys derived based on V-KgNB*.
  • the process begins at block 801.
  • the wireless communication device sends measurement reports to the source node which identifies one or more suitable target nodes for handover.
  • the source node checks if there is an unused ⁇ NH, NCC ⁇ pair. If the source node has an unused ⁇ NH, NCC ⁇ pair, then the process moves to blocks 803 and 805, at which the source node derives two keys as follows:
  • H-KgNB* This is the horizontally derived KgNB which uses the current 256-bit KgNB as the input key (which is one of the inputs to the Key Derivation Function) .
  • V-KgNB* This is the vertically derived KgNB which uses the unused NH as the input key (which is one of the inputs to the Key Derivation Function) .
  • KDF key derivation function
  • the source node calculates the K RRCint using the H-KgNB computes a security token, which is an authentication token used to authenticate the UE, using the K RRCint as the base key.
  • the source node only needs to derive one key (which is the same as the H-KgNB*) using the horizontal key derivation method described previously (at block 806) .
  • This key is used as basis for deriving the K RRCint , which is subsequently used to compute the security token as described above (block 807) .
  • the source node then prepares the target node for the arrival of the wireless communication device. For this preparation, the source node, among other information, sends the following to the target (included in the Handover Request message) : H-KgNB*, V-KgNB* (if unused ⁇ NH, NCC ⁇ pair existed) , Security token (calculated as above) , and NCC (block 808) .
  • the wireless communication device and the target node procedures for completion of the reestablishment are depicted in FIG. 9 and FIG. 10 respectively.
  • the wireless communication device derives H-KgNB*using horizontal key derivation and derives a new K RRCenc based on the H-KgNB*.
  • the wireless communication device uses K RRCenc to decrypt the reestablishment message from the target node. Also, the wireless communication device derives K RRCint based on H-KgNB*.
  • the wireless communication device determines whether the received NCC value is incremented/changed compared to the stored NCC. If yes, then at block 903 the wireless communication device derives V-KgNB*using vertical key derivation using NH and the new NCC value.
  • the wireless communication device derives K RRCenc and K RRCint based on the V-KgNB*and uses these for further messages.
  • the wireless communication device encrypts the reestablishment complete message using K RRCenc and integrity protects it using K RRCint .
  • the target node starts the reestablishment procedure (e.g., after receiving a reestablishment request from the wireless communication device) .
  • the target node determines whether both V-KgNB*and H-KgNB*have been received for the wireless communication device.
  • the target node derives a new K RRCenc based on the H-KgNB*and uses the derived K RRCenc to encrypt a reestablishment message.
  • the target node derives a new K RRCenc based on the V-KgNB*and use this to decrypt the reestablishment complete message.
  • the process moves to block 1005, at which the target node derives a new K RRCenc based on the H-KgNB*and uses this to encrypt reestablishment message.
  • the target node uses the same K RRCenc to decrypt the reestablishment complete message.
  • the wireless communication device subsequent to the completion of handover preparation (i.e., after sending the Handover Request message) , the wireless communication device suffers a radio link failure and fails to receive the handover command.
  • the wireless communication device then reselects to the prepared target node and performs the access in the target node by initiating Random Access procedure.
  • the wireless communication device also computes a new security key, KgNB using horizontal key derivation.
  • the inputs for this procedure are the same as the inputs used for the derivation of H-KgHB*by the source node, as discussed previously.
  • the key derived by the wireless communication device will be the same as the H-KgNB*noted previously.
  • the wireless communication device then also derives a K RRCint based on the H-KgNB*and uses this to compute the security token used for authentication of the wireless communication device.
  • This security token along with the UE ID are included in the Reestablishment Request message (step 708 of FIG. 7) .
  • the target node receives the security token and identifies the wireless communication device based on the UE ID and verifies the authenticity of the wireless communication device by matching the received security token with that received in the Handover Request message (step 1 of Figure 5) .
  • the target node After authenticating the wireless communication device, the target node sends the Reestablishment Message, encrypted using a K RRCenc that is derived from H-KgNB*.
  • This message also includes the NCC value received in handover request message (i.e., step 701 of) .
  • this message is also integrity protected.
  • K RRCint derived using H-KgNB*or K RRCint derived using V-KgNB* may be used by the target node.
  • One of these methods should be standardized (i.e. the same method should be used by both wireless communication device and node) .
  • the wireless communication device Upon receiving the reestablishment message, the wireless communication device first checks the NCC Value and compares it against the stored NCC value. If the NCC value has changed, then the wireless communication device derives a new key, using vertical key derivation (the inputs for this are same as the inputs for deriving V-KgNB*discussed in conjunction with FIG. 8).Thus, the wireless communication device calculates a new V-KgNB*.
  • the wireless communication device also verifies the authenticity of the received reestablishment message by checking the integrity of the message using either the K RRCint associated with H-KgNB*or a K RRCint associated with the newly computed V-KgNB* (the same base key should be used both by the target node and the wireless communication device for this step) .
  • the corresponding RRC keys i.e., K RRCint , K RRCenc , K UPenc (optionally) , and K UPint (optionally) are derived from the newly derived V-KgNB*. These are used for subsequent communication. Specifically, the newly derived K RRCint and K RRCenc are used to integrity protect and encrypt the reestablishment complete message respectively (step 711) .
  • the target node also switches to the corresponding keys (i.e., K RRCint and K RRCenc derived using the V-KgNB*as the base key) for decryption/encryption and integrity protection/verification from step 711 onwards.
  • K RRCint and K RRCenc derived using the V-KgNB*as the base key
  • various embodiments described herein involve a source network node carrying out the following actions. Upon making a decision to prepare (one or more cells of) a target network node, the source network node:
  • various embodiments described herein involve a target network node carrying out the following actions.
  • various embodiments described herein involve a wireless communication device carrying out the following actions. Upon initiating the reestablishment procedure, the wireless communication device:
  • H-Key horizontally derived key
  • V-Key vertical key derivation

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un nœud de réseau source qui réalise les actions suivantes dans une procédure de rétablissement consistant : à déterminer qu'il existe un paramètre de saut suivant inutilisé, une paire de compteurs de chaînage de saut suivant ; sur la base de l'étape de détermination, à calculer une clé dérivée horizontalement et une clé dérivée verticalement ; à calculer un jeton de sécurité à l'aide de la clé dérivée horizontalement ; et à transmettre la clé dérivée horizontalement, la clé dérivée verticalement, le jeton de sécurité et le compteur de chaînage de saut suivant à un nœud de réseau cible.
PCT/CN2018/099195 2018-08-07 2018-08-07 Procédé et dispositif informatique permettant de réaliser une protection d'intégrité de données Ceased WO2020029075A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2018/099195 WO2020029075A1 (fr) 2018-08-07 2018-08-07 Procédé et dispositif informatique permettant de réaliser une protection d'intégrité de données
CN201880095240.0A CN112400335B (zh) 2018-08-07 2018-08-07 用于执行数据完整性保护的方法和计算设备

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2018/099195 WO2020029075A1 (fr) 2018-08-07 2018-08-07 Procédé et dispositif informatique permettant de réaliser une protection d'intégrité de données

Publications (1)

Publication Number Publication Date
WO2020029075A1 true WO2020029075A1 (fr) 2020-02-13

Family

ID=69413928

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/099195 Ceased WO2020029075A1 (fr) 2018-08-07 2018-08-07 Procédé et dispositif informatique permettant de réaliser une protection d'intégrité de données

Country Status (2)

Country Link
CN (1) CN112400335B (fr)
WO (1) WO2020029075A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP4179839A4 (fr) * 2021-09-23 2023-05-17 Apple Inc. Récupération de défaillance de liaison radio rapide
WO2025014185A1 (fr) * 2023-07-12 2025-01-16 Samsung Electronics Co., Ltd. Procédés de gestion d'authentification pendant une mobilité déclenchée par des couches inférieures (ltm) dans un réseau sans fil
WO2025065975A1 (fr) * 2023-09-29 2025-04-03 Huawei Technologies Co., Ltd. Procédé et appareil de communication

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2025081474A1 (fr) * 2023-10-20 2025-04-24 Oppo广东移动通信有限公司 Procédé de dérivation de clé et dispositif
WO2025156504A1 (fr) * 2024-05-10 2025-07-31 Zte Corporation Procédé de mise à jour de clé de sécurité dans une mobilité déclenchée par couche 1/couche 2

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102238668A (zh) * 2010-05-07 2011-11-09 北京三星通信技术研究有限公司 一种通过网关进行x2切换的方法
CN102316451A (zh) * 2010-07-02 2012-01-11 电信科学技术研究院 一种下一跳链计数器的处理方法及设备
US20150094025A1 (en) * 2012-05-07 2015-04-02 Telefonaktiebolaget L M Ericsson (Publ) Base station and method in relay node mobility
US20160191471A1 (en) * 2013-08-09 2016-06-30 Samsung Electronics Co., Ltd. Security key generation and management method of pdcp distributed structure for supporting dual connectivity

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102215485B (zh) * 2010-04-04 2015-07-22 中兴通讯股份有限公司 多载波通信系统中保证多载波切换或重建安全性的方法
WO2012025158A1 (fr) * 2010-08-27 2012-03-01 Nokia Siemens Networks Oy Transfert de connexion d'un équipement utilisateur
CN104604271B (zh) * 2013-09-02 2018-11-30 华为技术有限公司 一种通信方法、网络侧设备、用户设备
US9497673B2 (en) * 2013-11-01 2016-11-15 Blackberry Limited Method and apparatus to enable multiple wireless connections

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102238668A (zh) * 2010-05-07 2011-11-09 北京三星通信技术研究有限公司 一种通过网关进行x2切换的方法
CN102316451A (zh) * 2010-07-02 2012-01-11 电信科学技术研究院 一种下一跳链计数器的处理方法及设备
US20150094025A1 (en) * 2012-05-07 2015-04-02 Telefonaktiebolaget L M Ericsson (Publ) Base station and method in relay node mobility
US20160191471A1 (en) * 2013-08-09 2016-06-30 Samsung Electronics Co., Ltd. Security key generation and management method of pdcp distributed structure for supporting dual connectivity

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP4179839A4 (fr) * 2021-09-23 2023-05-17 Apple Inc. Récupération de défaillance de liaison radio rapide
WO2025014185A1 (fr) * 2023-07-12 2025-01-16 Samsung Electronics Co., Ltd. Procédés de gestion d'authentification pendant une mobilité déclenchée par des couches inférieures (ltm) dans un réseau sans fil
WO2025065975A1 (fr) * 2023-09-29 2025-04-03 Huawei Technologies Co., Ltd. Procédé et appareil de communication

Also Published As

Publication number Publication date
CN112400335B (zh) 2022-09-09
CN112400335A (zh) 2021-02-23

Similar Documents

Publication Publication Date Title
US10958631B2 (en) Method and system for providing security from a radio access network
CN112566112B (zh) 用于无线通信的装置、方法和存储介质
US10959092B2 (en) Method and system for pairing wireless mobile device with IoT device
CN107409133B (zh) 一种具有完全前向保密的认证与密钥协商的方法以及设备
US20210368314A1 (en) Mtc key management for key derivation at both ue and network
US8838972B2 (en) Exchange of key material
WO2020029075A1 (fr) Procédé et dispositif informatique permettant de réaliser une protection d'intégrité de données
EP3952241B1 (fr) Procédé et appareil d'envoi de paramètres
KR20070112260A (ko) Sim/uicc 키 설정을 위한 네트워크 지원 단말기
JP5774096B2 (ja) エアインターフェースキーの更新方法、コアネットワークノード及び無線アクセスシステム
EP3634023B1 (fr) Ré-établissement d'une connexion de commande de ressource radio
CN108880813A (zh) 一种附着流程的实现方法及装置
CN112118568B (zh) 一种设备身份鉴权的方法及设备
US10700854B2 (en) Resource management in a cellular network
WO2018126791A1 (fr) Procédé et dispositif d'authentification, et support de stockage informatique
WO2019024937A1 (fr) Procédé, appareil et système de négociation de clé
CN1964259B (zh) 一种切换过程中的密钥管理方法
EP3804374B9 (fr) Procédé et appareil de négociation d'algorithme de sécurité
CN110169128B (zh) 一种通信方法、装置和系统
WO2025153433A1 (fr) Procédé, appareil et support lisible par ordinateur
WO2018126750A1 (fr) Procédé et dispositif de fourniture de clé
KR20150135715A (ko) 이동통신 시스템에서 사용자의 프라이버시를 보호하는 장치 및 방법

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18929347

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 15.06.2021)

122 Ep: pct application non-entry in european phase

Ref document number: 18929347

Country of ref document: EP

Kind code of ref document: A1