METHOD AND APPARATUS FOR SECURITY COMMUNICATION OF CARRIER AGGREGATION BETWEEN BASE STATIONS

US 20140308921A1
Filed: 06/25/2014
Published: 10/16/2014
Est. Priority Date: 12/27/2011
Status: Active Grant

First Claim

Patent Images

1. A method for security communication of carrier aggregation between base stations, comprising:

receiving, by a user equipment, a first message sent by a primary base station, the first message indicating that the user equipment adds at least one cell controlled by a secondary base station as a service cell; and

creating, by the user equipment, a security key of the secondary base station according to security context of the primary base station and the first message, the security key of the secondary base station being used for communication between the user equipment and the secondary base station.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention discloses a method for security communication of carrier aggregation between base stations, which method comprises receiving, by a user equipment, a first message to add a cell controlled by a secondary base station as a service cell sent by a primary base station; and creating, by the user equipment, a security key for communication with cells controlled by the secondary base station according to security context of the primary base station and the first message. This invention further discloses the corresponding user equipment and base stations. Implementation of the method and apparatus according to the present invention makes it possible to effectively protect security of data transmission of the air interface and to avoid attacks on air interface security.

Citations

20 Claims

1. A method for security communication of carrier aggregation between base stations, comprising:
- receiving, by a user equipment, a first message sent by a primary base station, the first message indicating that the user equipment adds at least one cell controlled by a secondary base station as a service cell; and
  
  creating, by the user equipment, a security key of the secondary base station according to security context of the primary base station and the first message, the security key of the secondary base station being used for communication between the user equipment and the secondary base station.
- View Dependent Claims (2, 3)
- - 2. The method according to claim 1, wherein the first message further comprises a physical cell identity (PCI) and a downlink absolute radio frequency channel number of the service cell;
    - andthe step of creating, by the user equipment, a security key of the secondary base station according to security context of the primary base station and the first message comprises;
      
      creating, by the user equipment, the security key of the secondary base station according to a security key of the primary base station, the PCI and the EARFCN-DL identified by the secondary base station as security key deriving parameters.
  - 3. The method according to claim 1, wherein the first message comprises a PCI and an EARFCN-DL of the service cell, and further comprises a first next hop chaining counter (NCC) or a second NCC, wherein the first NCC is an updated NCC of the primary base station, and the second NCC is a current NCC of the primary base station;
    - andthe step of creating, by the user equipment, a security key of the secondary base station according to security context of the primary base station and the first message comprises;
      
      creating the security key of the secondary base station according to a next hop (NH) that corresponds to the first NCC, the PCI and the EARFCN-DL identified by the secondary base station as security key deriving parameters, when the first message comprises the first NCC;
      
      creating the security key of the secondary base station according to the security key of the primary base station, the PCI and the EARFCN-DL identified by the secondary base station as security key deriving parameters, when the first message comprises the second NCC.

4. A method for security communication of carrier aggregation between base stations, comprising:
- determining, by a primary base station, to add for a user equipment at least one cell controlled by a secondary base station as a service cell;
  
  creating, by the primary base station, at least one security key that corresponds to the service cell according to security context of the primary base station and identity information of the service cell; and
  
  transmitting, by the primary base station, the at least one security key to the secondary base station for the secondary base station to determine a security key of the secondary base station according to the at least one security key;
  
  wherein the security key of the secondary base station is used for communication between the secondary base station and the user equipment.
- View Dependent Claims (5, 6, 7)
- - 5. The method according to claim 4, characterized in that the step of creating, by the primary base station, at least one security key that corresponds to the service cell according to security context of the primary base station and identity information of the service cell comprises:
    - creating, by the primary base station, the at least one security key that corresponds to the service cell according to a security key of the primary base station, a physical cell identity (PCI) and a downlink absolute radio frequency channel number of the service cell.
  - 6. The method according to claim 5, characterized in that the step of creating, by the primary base station, the at least one security key that corresponds to the service cell according to a security key of the primary base station, a physical cell identity (PCI) and a downlink absolute radio frequency channel number (EARFCN-DL) of the service cell comprises, when there are plural service cells:
    - creating, by the primary base station, a shared security key that corresponds to the service cells according to the security context of the primary base station, the PCI and the identified by the primary base station as security key deriving parameters;
      
      orcreating, by the primary base station, different security keys according to the security context of the primary base station, the PCIs and the downlink absolute radio frequency channel number of the plural service cells, the each different security keys corresponds to the plural service cells.
  - 7. The method according to claim 4, wherein the step of creating, by the primary base station, at least one security key that corresponds to the service cell according to security context of the primary base station and identity information of the service cell comprises:
    - creating the at least one security key that corresponds to the service cell according to a next hop (NH) that corresponds to a first NCC, a PCI and an downlink absolute radio frequency channel number of the service cell;
      
      orcreating the at least one security key that corresponds to the service cell according to a current security key of the primary base station, a PCI and an downlink absolute radio frequency channel number of the service cell;
      
      wherein the first NCC is an updated NCC of the primary base station, and the NCC to which the current security key of the primary base station corresponds is a second NCC.

8. A method for security communication of carrier aggregation between base stations, comprising:
- receiving, by a secondary base station, an indication message sent by a primary base station, wherein the indication message indicates to add at least one cell controlled by the secondary base station as a service cell of a user equipment, and the indication message comprises at least one security key that corresponds to the service cell; and
  
  determining, by the secondary base station, a security key of the secondary base station according to the at least one security key, the security key of the secondary base station being used for communication between the user equipment and the secondary base station.
- View Dependent Claims (9, 10)
- - 9. The method according to claim 8, further comprising:
    - forwarding, by the secondary base station, a first message via the primary base station to the user equipment, the first message indicating that the user equipment adds at least one cell controlled by the secondary base station as the service cell.
  - 10. The method according to claim 9, whereinthe first message comprises a first next hop chaining counter (NCC) and a second NCC from the primary base station, wherein the first NCC or the second NCC is used for creating the security key of the secondary base station, the first NCC is an updated NCC of the primary base station, and the second NCC is an NCC that corresponds to the current security key of the primary base station.

11. A user equipment, comprising:
- a receiving unit configured to receive a first message sent by a primary base station, the first message indicating that the user equipment adds at least one cell controlled by a secondary base station as a service cell; and
  
  a processing unit configured to create a security key of the secondary base station according to security context of the primary base station and the first message, the security key of the secondary base station being used for communication between the user equipment and the secondary base station.
- View Dependent Claims (12, 13)
- - 12. The user equipment according to claim 11, wherein the first message further comprises a physical cell identity (PCI) and a downlink absolute radio frequency channel number of the service cell;
    - andthe processing unit is further configured to create the security key of the secondary base station according to a security key of the primary base station, the PCI and the downlink absolute radio frequency channel number identified by the secondary base station as security key deriving parameters.
  - 13. The user equipment according to claim 11, wherein the first message comprises the PCI and the downlink absolute radio frequency channel number of the service cell, and further comprises a first next hop chaining counter (NCC) or a second NCC, wherein the first NCC is an updated NCC of the primary base station, and the second NCC is a current NCC of the primary base station;
    - and thatthe processing unit is further configured to;
      
      create the security key of the secondary base station according to a next hop (NH) that corresponds to the first NCC, the PCI and the downlink absolute radio frequency channel number identified by the secondary base station as security key deriving parameters, when the first message comprises the first NCC;
      
      create the security key of the secondary base station according to the security key of the primary base station, the PCI and the downlink absolute radio frequency channel number identified by the secondary base station as security key deriving parameters, when the first message comprises the second NCC.

14. A base station, comprising:
- a determining unit configured to determine to add for a user equipment at least one cell controlled by a secondary base station as a service cell;
  
  a processing unit configured to create at least one security key that corresponds to the service cell according to security context of a primary base station and identity information of the service cell; and
  
  a transmitting unit configured to transmit the at least one security key to the secondary base station for the secondary base station to determine a security key of the secondary base station according to the at least one security key;
  
  wherein the security key of the secondary base station is used for communication between the secondary base station and the user equipment.
- View Dependent Claims (15, 16, 17)
- - 15. The base station according to claim 14, wherein the processing unit is further configured to create the at least one security key that corresponds to the service cell according to a security key of the primary base station, a physical cell identity (PCI) and a downlink absolute radio frequency channel number of the service cell.
  - 16. The base station according to claim 15, wherein the processing unit is further configured to:
    - when there are plural service cells, create a shared security key that corresponds to the service cells according to the security context of the primary base station, the PCI and the downlink absolute radio frequency channel number identified by the primary base station as security key deriving parameters;
      
      orwhen there are plural service cells, create different security keys according to the security context of the primary base station, the PCIs and the downlink absolute radio frequency channel number of the plural service cells, each different security keys correspond to the plural service cells.
  - 17. The base station according to claim 14, wherein the processing unit is further configured to:
    - create the at least one security key that corresponds to the service cell according to a next hop (NH) that corresponds to a first NCC, the PCI and the downlink absolute radio frequency channel number of the service cell;
      
      orcreating the at least one security key that corresponds to the service cell according to a current security key of the primary base station, the PCI and the downlink absolute radio frequency channel number of the service cell;
      
      wherein the first NCC is an updated NCC of the primary base station, and the second NCC is an NCC that corresponds to the current security key of the primary base station.

18. A base station, comprising:
- a receiving unit configured to receive an indication message sent by a primary base station, wherein the indication message indicates to add at least one cell controlled by a secondary base station as a service cell of a user equipment, and the indication message comprises at least one security key that corresponds to the service cell; and
  
  a processing unit configured to determine a security key of the secondary base station according to the at least one security key, the security key of the secondary base station being used for communication between the user equipment and the secondary base station.
- View Dependent Claims (19, 20)
- - 19. The base station according to claim 18, further comprising:
    - a transmitting unit configured to transmit a first message to the primary base station to be forwarded via the primary base station to the user equipment, wherein the first message indicates that the user equipment adds at least one cell controlled by the secondary base station as a service cell.
  - 20. The base station according to claim 19, wherein the first message comprises a first next hop chaining counter (NCC) and a second NCC from the primary base station, wherein the first NCC or the second NCC is configured to create the security key of the secondary base station, the first NCC is an updated NCC of the primary base station, and the second NCC is an NCC that corresponds to the current security key of the primary base station.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
ZHANG, Hongping

Granted Patent

US 9,467,849 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/410
CPC Class Codes

H04L 2463/061   applying further key deriva...

H04L 5/001   the frequencies being arran...

H04L 5/0098   Signalling of the activatio...

H04W 12/041   Key generation or derivation

H04W 12/0433   Key management protocols

H04W 76/15   Setup of multiple wireless ...

H04W 92/20   between access points

METHOD AND APPARATUS FOR SECURITY COMMUNICATION OF CARRIER AGGREGATION BETWEEN BASE STATIONS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR SECURITY COMMUNICATION OF CARRIER AGGREGATION BETWEEN BASE STATIONS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links