METHOD AND DEVICE FOR KEY GENERATION

US 20130310006A1
Filed: 07/29/2013
Published: 11/21/2013
Est. Priority Date: 01/28/2011
Status: Active Grant

First Claim

Patent Images

1. A method for key generation, applied to a universal mobile telecommunications system (UMTS)-long term evolution (LTE) resource convergence scenario that has a base station as an anchor point, and comprising:

deriving, according to a root key and a count value of an LTE system, or according to a random number and an LTE system root key, a UMTS integrity key and cipher key; and

sending the UMTS integrity key and cipher key to a UMTS control node, so that the UMTS control node implements cipher and integrity protection by using the UMTS integrity key and cipher key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and a device for key generation are disclosed in embodiments of the present invention. The method for key generation is applied to a UMTS-LTE resource convergence scenario that has a base station as an anchor point, and includes: deriving, according to a root key and a count value of an LTE system, or according to a random number and an LTE system root key, a UMTS integrity key and cipher key, and sending the UMTS integrity key and cipher key to a UMTS control node. The embodiments of the present invention enable the derivation of the UMTS integrity key and cipher key in a UMTS-LTE resource convergence scenario that has a base station as an anchor point, enable a user equipment to communicate securely through a UMTS, and further improve security of data transmitted in the UMTS.

48 Citations

25 Claims

1. A method for key generation, applied to a universal mobile telecommunications system (UMTS)-long term evolution (LTE) resource convergence scenario that has a base station as an anchor point, and comprising:
- deriving, according to a root key and a count value of an LTE system, or according to a random number and an LTE system root key, a UMTS integrity key and cipher key; and
  
  sending the UMTS integrity key and cipher key to a UMTS control node, so that the UMTS control node implements cipher and integrity protection by using the UMTS integrity key and cipher key.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method according to claim 1, wherein the LTE system root key comprises a non-access stratum root key to the LTE system and the count value of the LTE system comprises a current non-access stratum count value of the LTE system;
    - before the deriving, according to a root key and a count value of an LTE system, or according to a random number and an LTE system root key, a UMTS integrity key and cipher key, the method further comprises;
      
      receiving, by a core network node, a UMTS key derivation instruction message from an access network node of the LTE system; and
      
      the deriving, according to a root key and a count value of an LTE system, or according to a random number and an LTE system root key, a UMTS integrity key and cipher key comprises;
      
      deriving, by the core network node, according to the current non-access stratum count value of the LTE system and the non-access stratum root key to the LTE system, or according to the non-access stratum root key to the LTE system and a random number generated by the core network node, a UMTS integrity key and cipher key.
  - 3. The method according to claim 2, wherein the sending the UMTS integrity key and cipher key to a UMTS control node comprises:
    - sending, by the core network node, the UMTS integrity key and cipher key to the access network node of the LTE system, so that the access network node of the LTE system sends the UMTS integrity key and cipher key to the UMTS control node.
  - 4. The method according to claim 1, wherein the LTE system root key comprises an access layer root key to the LTE system and the count value of the LTE system comprises a packet data convergence protocol count value of the LTE system;
    - andthe deriving, according to a root key and a count value of an LTE system, or according to a random number and an LTE system root key, a UMTS integrity key and cipher key comprises;
      
      deriving, by an access network node of the LTE system, according to the access layer root key to the LTE system and the packet data convergence protocol count value of the LTE system, or according to the access layer root key to the LTE system and a random number generated by the access network node, a UMTS integrity key and cipher key.
  - 5. The method according to claim 4, wherein the sending the UMTS integrity key and cipher key to a UMTS control node, comprising:
    - sending, by the access network node of the LTE system, the UMTS integrity key and cipher key to the UMTS control node.
  - 6. The method according to claim 1, further comprising:
    - receiving, by the UMTS control node, the UMTS integrity key and cipher key as well as a user equipment security capability;
      
      sending, by the UMTS control node, through an access network node of the LTE system, a security mode command message under integrity protection to a user equipment, wherein the security mode command message carries;
      
      an integrity algorithm and a cipher algorithm that are selected by the control node according to the user equipment security capability, the user equipment security capability and parameter values generated by the control node, and an integrity message authentication code generated by the control node according to the UMTS integrity key, the parameter values generated by the control node, an integrity sequence number, the security mode command message, and a direction indication; and
      
      receiving, by the UMTS control node, a security mode command complete message under integrity protection that is sent, through the access network node of the LTE system, from the user equipment, wherein the user equipment sends the security mode command complete message to the UMTS control node through the access network node of the LTE system in the following scenario;
      
      After the user equipment receives the security mode command message, the user equipment generates an integrity message authentication code according to a user equipment integrity key to UMTS, the integrity sequence number, the direction indication, the security mode command message, and parameter values carried in the security mode command message;
      
      additionally, the user equipment determines that the integrity message authentication code generated by the user equipment is consistent with an integrity message authentication code carried in the security mode command message and the user equipment security capability carried in the security mode command message is consistent with a security capability of the user equipment itself.

7. A method for key generation, applied to a universal mobile telecommunications system (UMTS)-long term evolution (LTE) resource convergence scenario that has a base station as an anchor point, and comprising:
- sending, by an access network node of an LTE system, a UMTS key derivation instruction message to a UMTS control node, wherein the UMTS key derivation instruction message carries a random number generated by the access network node, so that the UMTS control node generates, according to an internet protocol security key and the random number, a UMTS integrity key and cipher key; and
  
  deriving, by the access network node of the LTE system, according to the internet protocol security key and the random number, a UMTS integrity key and cipher key.
- View Dependent Claims (8)
- - 8. The method according to claim 7, before the sending, by an access network node of an LTE system, a UMTS key derivation instruction message to a UMTS control node, further comprising:
    - performing, by the access network node of the LTE system and the UMTS control node, a certificate-based authentication procedure, so as to generate the internet protocol security key and the random number.

9. A method for key generation, applied to a universal mobile telecommunications system (UMTS)-long term evolution (LTE) resource convergence scenario that has a base station as an anchor point, and comprising:
- receiving, by a user equipment, a UMTS key derivation instruction message; and
  
  deriving, by the user equipment, according to a count value and a root key to an LTE system, or according to an LTE system root key and a random number carried in the UMTS key derivation instruction message, a UMTS integrity key and cipher key.
- View Dependent Claims (10, 11)
- - 10. The method according to claim 9, wherein the LTE system root key comprises a non-access stratum root key to the LTE system, the count value of the LTE system comprises a current non-access stratum count value of the LTE system, and the random number carried in the UMTS key derivation instruction message comprises a random number generated by a core network node;
    - the receiving, by a user equipment, a UMTS key derivation instruction message comprises;
      
      receiving, by the user equipment, the UMTS key derivation instruction message from the core network node; and
      
      the deriving, by the user equipment, according to a count value and a root key to an LTE system, or according to an LTE system root key and a random number carried in the UMTS key derivation instruction message, a UMTS integrity key and cipher key comprises;
      
      deriving, by the user equipment, according to the current non-access stratum count value of the LTE system and the non-access stratum root key to the LTE system, or according to the non-access stratum root key to the LTE system and the random number generated by the core network node, the UMTS integrity key and cipher key.
  - 11. The method according to claim 9, wherein the LTE system root key comprises an access layer root key to the LTE system, the count value of the LTE system comprises a packet data convergence protocol count value of the LTE system, and the random number carried in the UMTS key derivation instruction message comprises a random number generated by an access network node of the LTE network;
    - the receiving, by a user equipment, a UMTS key derivation instruction message comprises;
      
      receiving, by the user equipment, the UMTS key derivation instruction message from the access network node of the LTE system;
      
      wherein the UMTS key derivation instruction message carries the random number generated by the access network node of the LTE system; and
      
      the deriving, by the user equipment, according to a count value and a root key to an LTE system, or according to an LTE system root key and a random number carried in the UMTS key derivation instruction message, a UMTS integrity key and cipher key comprises;
      
      deriving, by the user equipment, according to the packet data convergence protocol count value of the LTE system and the access layer root key to the LTE system, or according to the access layer root key to the LTE system and the random number generated by the access network node of the LTE system, the UMTS integrity key and cipher key.

12. A message sending method, applied to a universal mobile telecommunications system (UMTS)-long term evolution (LTE) resource convergence scenario that has a base station as an anchor point, and comprising:
- receiving, by a UMTS control node, a UMTS integrity key and cipher key as well as a user equipment security capability from an access network node of an LTE system; and
  
  sending, by the UMTS control node, through the access network node of the LTE system, a security mode command message under integrity protection to a user equipment, wherein the security mode command message carries;
  
  an integrity algorithm and a cipher algorithm that are selected by the control node according to the user equipment security capability, the user equipment security capability and parameter values generated by the control node, and an integrity message authentication code generated by the control node according to the UMTS integrity key, the parameter values generated by the control node, an integrity sequence number, the security mode command message, and a direction indication.
- View Dependent Claims (13)
- - 13. The method according to claim 12, after the sending, by the UMTS control node, through the access network node of the LTE system, a security mode command message under integrity protection to a user equipment, further comprising:
    - receiving, by the UMTS control node, a security mode command complete message under integrity protection that is sent, through the access network node of the LTE system, from the user equipment, wherein the user equipment sends the security mode command complete message to the UMTS control node through the access network node of the LTE system in the following scenario;
      
      After the user equipment receives the security mode command message, the user equipment generates an integrity message authentication code according to a user equipment integrity key to UMTS, the integrity sequence number, the direction indication, the security mode command message, and parameter values carried in the security mode command message;
      
      additionally, the user equipment determines that the integrity message authentication code generated by the user equipment is consistent with an integrity message authentication code carried in the security mode command message and the user equipment security capability carried in the security mode command message is consistent with a security capability of the user equipment itself.

14. A core network node, applied to a universal mobile telecommunications system (UMTS)-long term evolution (LTE) resource convergence scenario that has a base station as an anchor point, and comprising:
- a first generation module, configured to derive, according to a non-access stratum root key to an LTE system and a current non-access stratum count value of the LTE system, or according to a non-access stratum root key to an LTE system and a random number generated by the core network node, a UMTS integrity key and cipher key; and
  
  a first sending module, configured to send the UMTS integrity key and cipher key derived by the first generation module to a control node of a UMTS, so that the control node of the UMTS implements cipher and integrity protection by using the UMTS integrity key and cipher key.
- View Dependent Claims (15, 16)
- - 15. The core network node according to claim 14, further comprising:
    - a first receiving module, configured to receive a UMTS key derivation instruction message from an access network node on the LTE system;
      
      wherein the UMTS key derivation instruction message is used to trigger the first generation module to derive the UMTS integrity key and cipher key.
  - 16. The core network node according to claim 14, wherein the first sending module is specifically configured to:
    - send the UMTS integrity key and cipher key to the access network node on the LTE system, so that the access network node sends the UMTS integrity key and cipher key to the control node of the UMTS.

17. An access network node, applied to a universal mobile telecommunications system (UMTS)-long term evolution (LTE) resource convergence scenario that has a base station as an anchor point, and comprising:
- a second generation module, configured to derive, according to an access layer root key to an LTE system and a packet data convergence protocol count value of the LTE system, or according to an access layer root key to an LTE system and a random number generated by the access network node, a UMTS integrity key and cipher key; and
  
  a second sending module, configured to send the UMTS integrity key and cipher key derived by the second generation module to a control node of a UMTS, so that the control node of the UMTS implements cipher and integrity protection by using the UMTS integrity key and cipher key.
- View Dependent Claims (18)
- - 18. The access network node according to claim 17, wherein the second sending module is further configured to:
    - send a UMTS key derivation instruction message to a user equipment, so that the user equipment derives, according to the access layer root key to the LTE system and the packet data convergence protocol count value of the LTE system, or according to the access layer root key to the LTE system and a random number generated by the access network node and carried in the UMTS key derivation instruction message, a UMTS integrity key and cipher key.

19. An access network node, applied to a universal mobile telecommunications system (UMTS)-long term evolution (LTE) resource convergence scenario that has a base station as an anchor point, and comprising:
- a third sending module, configured to send a UMTS key derivation instruction message to a control node of a UMTS, wherein the UMTS key derivation instruction message carries a random number generated by the access network node, so that the control node of the UMTS generates, according to an internet protocol security key and the random number, a UMTS integrity key and cipher key; and
  
  a third generation module, configured to derive, according to the internet protocol security key and the random number, a UMTS integrity key and cipher key.
- View Dependent Claims (20)
- - 20. The access network node according to claim 19, further comprising:
    - an authentication module, configured to perform a certificate-based authentication procedure with the control node of the UMTS to generate the internet protocol security key and the random number.

21. A user equipment, applied to a universal mobile telecommunications system (UMTS)-long term evolution (LTE) resource convergence scenario that has a base station as an anchor point, and comprising:
- a fourth receiving module, configured to receive a UMTS key derivation instruction message; and
  
  a fourth generation module, configured to derive, according to a count value and a root key to an LTE system, or according to an LTE system root key and a random number carried in the UMTS key derivation instruction message, a UMTS integrity key and cipher key.
- View Dependent Claims (22, 23)
- - 22. The user equipment according to claim 21, wherein the fourth receiving module is specifically configured to receive, when the LTE system root key is a non-access stratum root key to the LTE system, the count value of the LTE system is a current non-access stratum count value of the LTE system, and the random number carried in the UMTS key derivation instruction message is a random number generated by a core network node , the UMTS key derivation instruction message from the core network node;
    - andthe fourth generation module is specifically configured to derive, according to the current non-access stratum count value of the LTE system and the non-access stratum root key to the LTE system, or according to the non-access stratum root key to the LTE system and the random number generated by the core network node, the UMTS integrity key and cipher key.
  - 23. The user equipment according to claim 21, wherein the fourth receiving module is specifically configured to receive, when the LTE system root key is an access layer root key to the LTE system, the count value of the LTE system is a packet data convergence protocol count value of the LTE system, and the random number carried in the UMTS key derivation instruction message is a random number generated by an access network node of the LTE system, the UMTS key derivation instruction message from the access network node on the LTE system, and the fourth generation module is specifically configured to derive, according to the packet data convergence protocol count value of the LTE system and the access layer root key to the LTE system, or according to the access layer root key to the LTE system and the random number generated by the access network node on the LTE system, the UMTS integrity key and cipher key.

24. A control node, applied to a universal mobile telecommunications system (UMTS)-long term evolution (LTE) resource convergence scenario that has a base station as an anchor point, and comprising:
- a fifth receiving module, configured to receive a UMTS integrity key and cipher key as well as a user equipment security capability from an access network node on an LTE system; and
  
  a fourth sending module, configured to send, through the access network node on the LTE system, a security mode command message under integrity protection to a user equipment, wherein the security mode command message carries;
  
  an integrity algorithm and a cipher algorithm that are selected by the control node according to the user equipment security capability, the user equipment security capability and parameter values generated by the control node, and an integrity message authentication code generated by the control node according to the UMTS integrity key, the parameter values generated by the control node, an integrity sequence number, the security mode command message, and a direction indication.
- View Dependent Claims (25)
- - 25. The control node according to claim 24, wherein the fifth receiving module is further configured to:
    - after the fourth sending module sends the security mode command message to the user equipment, receive a security mode command complete message under integrity protection that is sent, through the access network node on the LTE system, from the user equipment, wherein the user equipment sends the security mode command complete message to the control node of the UMTS through the access network node on the LTE system in the following scenario;
      
      After the user equipment receives the security mode command message, the user equipment generates an integrity message authentication code according to a user equipment integrity key to UMTS, the integrity sequence number, the direction indication, the security mode command message, and parameter values carried in the security mode command message;
      
      additionally, the user equipment determines that the integrity message authentication code generated by the user equipment is consistent with an integrity message authentication code carried in the security mode command message and the user equipment security capability carried in the security mode command message is consistent with a security capability of the user equipment itself.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
CHEN, Xinyi, Zhang, Dongmei, Zhang, Lijia, Liu, Xiaohan

Granted Patent

US 9,049,594 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/411
CPC Class Codes

H04L 2463/061   applying further key deriva...

H04L 63/061   for key exchange, e.g. in p...

H04W 12/04   Key management, e.g. using ...

H04W 12/0431   Key distribution or pre-dis...

H04W 88/12   Access point controller dev...

METHOD AND DEVICE FOR KEY GENERATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

48 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND DEVICE FOR KEY GENERATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links