Method and device for key generation

US 9,049,594 B2
Filed: 07/29/2013
Issued: 06/02/2015
Est. Priority Date: 01/28/2011
Status: Active Grant

First Claim

Patent Images

1. A method for key generation, applied to a universal mobile telecommunications system (UMTS)-long term evolution (LTE) resource convergence scenario that has a base station as an anchor point, the method comprising:

after establishing a Radio Bearer between a User Equipment (UE), which is served by an LTE system, and a UMTS control node, deriving, according to a root key and a count value of the LTE system, or according to a random number and a root key of the LTE system, a UMTS integrity key and cipher key; and

sending the UMTS integrity key and cipher key to the UMTS control node, so that the UMTS control node implements cipher and integrity protection by using the UMTS integrity key and cipher key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and a device for key generation are disclosed in embodiments of the present invention. The method for key generation is applied to a UMTS-LTE resource convergence scenario that has a base station as an anchor point, and includes: deriving, according to a root key and a count value of an LTE system, or according to a random number and an LTE system root key, a UMTS integrity key and cipher key, and sending the UMTS integrity key and cipher key to a UMTS control node. The embodiments of the present invention enable the derivation of the UMTS integrity key and cipher key in a UMTS-LTE resource convergence scenario that has a base station as an anchor point, enable a user equipment to communicate securely through a UMTS, and further improve security of data transmitted in the UMTS.

23 Citations

View as Search Results

25 Claims

1. A method for key generation, applied to a universal mobile telecommunications system (UMTS)-long term evolution (LTE) resource convergence scenario that has a base station as an anchor point, the method comprising:
- after establishing a Radio Bearer between a User Equipment (UE), which is served by an LTE system, and a UMTS control node, deriving, according to a root key and a count value of the LTE system, or according to a random number and a root key of the LTE system, a UMTS integrity key and cipher key; and
  
  sending the UMTS integrity key and cipher key to the UMTS control node, so that the UMTS control node implements cipher and integrity protection by using the UMTS integrity key and cipher key.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method according to claim 1, wherein the LTE system root key comprises a non-access stratum root key to the LTE system and the count value of the LTE system comprises a current non-access stratum count value of the LTE system;
    - before the deriving, according to a root key and a count value of an LTE system, or according to a random number and an LTE system root key, a UMTS integrity key and cipher key, the method further comprises;
      
      receiving, by a core network node of the LTE system, a UMTS key derivation instruction message from an access network node of the LTE system; and
      
      the deriving, according to a root key and a count value of an LTE system, or according to a random number and an LTE system root key, a UMTS integrity key and cipher key comprises;
      
      deriving, by the core network node of the LTE system, according to the current non-access stratum count value of the LTE system and the non-access stratum root key to the LTE system, or according to the non-access stratum root key to the LTE system and a random number generated by the core network node of the LTE system, a UMTS integrity key and cipher key.
  - 3. The method according to claim 2, wherein the sending the UMTS integrity key and cipher key to a UMTS control node comprises:
    - sending, by the core network node of the LTE system, the UMTS integrity key and cipher key to the access network node of the LTE system, so that the access network node of the LTE system sends the UMTS integrity key and cipher key to the UMTS control node.
  - 4. The method according to claim 1, wherein the LTE system root key comprises an access layer root key to the LTE system and the count value of the LTE system comprises a packet data convergence protocol count value of the LTE system;
    - andthe deriving, according to a root key and a count value of an LTE system, or according to a random number and an LTE system root key, a UMTS integrity key and cipher key comprises;
      
      deriving, by an access network node of the LTE system, according to the access layer root key to the LTE system and the packet data convergence protocol count value of the LTE system, or according to the access layer root key to the LTE system and a random number generated by the access network node of the LTE system, a UMTS integrity key and cipher key.
  - 5. The method according to claim 4, wherein the sending the UMTS integrity key and cipher key to the UMTS control node, comprising:
    - sending, by the access network node of the LTE system, the UMTS integrity key and cipher key to the UMTS control node.
  - 6. The method according to claim 1, further comprising:
    - receiving, by the UMTS control node, the UMTS integrity key and cipher key as well as the UE security capability;
      
      sending, by the UMTS control node, through an access network node of the LTE system, a security mode command message under integrity protection to a user equipment, wherein the security mode command message carries;
      
      an integrity algorithm and a cipher algorithm that are selected by the UMTS control node according to the UE security capability, the UE security capability and parameter values generated by the UMTS control node, and an integrity message authentication code generated by the UMTS control node according to the UMTS integrity key, the parameter values generated by the UMTS control node, an integrity sequence number, the security mode command message, and a direction indication; and
      
      receiving, by the UMTS control node, a security mode command complete message under integrity protection that is sent, through the access network node of the LTE system, from the UE, wherein the UE sends the security mode command complete message to the UMTS control node through the access network node of the LTE system in the following scenario;
      
      after the UE receives the security mode command message, the UE generates an integrity message authentication code according to a UE integrity key to UMTS, the integrity sequence number, the direction indication, the security mode command message, and parameter values carried in the security mode command message;
      
      additionally, the UE determines that the integrity message authentication code generated by the UE is consistent with an integrity message authentication code carried in the security mode command message and the UE security capability carried in the security mode command message is consistent with a security capability of the UE itself.

7. A method for key generation, applied to a universal mobile telecommunications system (UMTS)-long term evolution (LTE) resource convergence scenario that has a base station as an anchor point, the method comprising:
- after establishing a Radio Bearer between a User Equipment (UE), which is served by an LTE system, and a UMTS control node, sending, by an access network node of the LTE system, a UMTS key derivation instruction message to the UMTS control node, wherein the UMTS key derivation instruction message carries a random number generated by the access network node of the LTE system, so that the UMTS control node generates, according to an internet protocol security key and the random number, a UMTS integrity key and cipher key; and
  
  deriving, by the access network node of the LTE system, according to the internet protocol security key and the random number, a UMTS integrity key and cipher key.
- View Dependent Claims (8)
- - 8. The method according to claim 7, before the sending, by an access network node of an LTE system, a UMTS key derivation instruction message to a UMTS control node, further comprising:
    - performing, by the access network node of the LTE system and the UMTS control node, a certificate-based authentication procedure, so as to generate the internet protocol security key and the random number.

9. A method for key generation, applied to a universal mobile telecommunications system (UMTS)-long term evolution (LTE) resource convergence scenario that has a base station as an anchor point, the method comprising:
- receiving, by a user equipment (UE) served by an LTE system, a UMTS key derivation instruction message after a Radio Bearer between the UE and a UMTS control node is established; and
  
  deriving, by the UE, according to a count value and a root key to the LTE system, or according to a root key of the LTE system and a random number carried in the UMTS key derivation instruction message, a UMTS integrity key and cipher key.
- View Dependent Claims (10, 11)
- - 10. The method according to claim 9, wherein the LTE system root key comprises a non-access stratum root key to the LTE system, the count value of the LTE system comprises a current non-access stratum count value of the LTE system, and the random number carried in the UMTS key derivation instruction message comprises a random number generated by a core network node of the LTE system;
    - the receiving, by the UE, a UMTS key derivation instruction message comprises;
      
      receiving, by the UE, the UMTS key derivation instruction message from the core network node of the LTE system; and
      
      the deriving, by the UE, according to a count value and a root key to an LTE system, or according to an LTE system root key and a random number carried in the UMTS key derivation instruction message, a UMTS integrity key and cipher key comprises;
      
      deriving, by the UE, according to the current non-access stratum count value of the LTE system and the non-access stratum root key to the LTE system, or according to the non-access stratum root key to the LTE system and the random number generated by the core network node of the LTE system, the UMTS integrity key and cipher key.
  - 11. The method according to claim 9, wherein the LTE system root key comprises an access layer root key to the LTE system, the count value of the LTE system comprises a packet data convergence protocol count value of the LTE system, and the random number carried in the UMTS key derivation instruction message comprises a random number generated by an access network node of the LTE network;
    - the receiving, by the UE, a UMTS key derivation instruction message comprises;
      
      receiving, by the UE, the UMTS key derivation instruction message from the access network node of the LTE system;
      
      wherein the UMTS key derivation instruction message carries the random number generated by the access network node of the LTE system; and
      
      the deriving, by the UE, according to a count value and a root key to an LTE system, or according to an LTE system root key and a random number carried in the UMTS key derivation instruction message, a UMTS integrity key and cipher key comprises;
      
      deriving, by the UE, according to the packet data convergence protocol count value of the LTE system and the access layer root key to the LTE system, or according to the access layer root key to the LTE system and the random number generated by the access network node of the LTE system, the UMTS integrity key and cipher key.

12. A message sending method, applied to a universal mobile telecommunications system (UMTS)-long term evolution (LTE) resource convergence scenario that has a base station as an anchor point, the method comprising:
- receiving, by a UMTS control node, a UMTS integrity key and cipher key as well as a user equipment (UE) security capability from an access network node of an LTE system, after a Radio Bearer between the UE, which is served by the LTE system, and the UMTS control node is established; and
  
  sending, by the UMTS control node, through the access network node of the LTE system, a security mode command message under integrity protection to the UE, wherein the security mode command message carries;
  
  an integrity algorithm and a cipher algorithm that are selected by the UMTS control node according to the UE security capability, the UE security capability and parameter values generated by the UMTS control node, and an integrity message authentication code generated by the UMTS control node according to the UMTS integrity key, the parameter values generated by the UMTS control node, an integrity sequence number, the security mode command message, and a direction indication.
- View Dependent Claims (13)
- - 13. The method according to claim 12, after the sending, by the UMTS control node, through the access network node of the LTE system, a security mode command message under integrity protection to the UE, further comprising:
    - receiving, by the UMTS control node, a security mode command complete message under integrity protection that is sent, through the access network node of the LTE system, from the UE, wherein the UE sends the security mode command complete message to the UMTS control node through the access network node of the LTE system in the following scenario;
      
      after the UE receives the security mode command message, the UE generates an integrity message authentication code according to a UE integrity key to UMTS, the integrity sequence number, the direction indication, the security mode command message, and parameter values carried in the security mode command message;
      
      additionally, the UE determines that the integrity message authentication code generated by the UE is consistent with an integrity message authentication code carried in the security mode command message and the UE security capability carried in the security mode command message is consistent with a security capability of the UE itself.

14. A core network node for a long term evolution (LTE) system, applied to a universal mobile telecommunications system (UMTS) LTE resource convergence scenario that has a base station as an anchor point, the core network node comprising:
- non-transitory computer readable storage medium to store program(s), andcomputer hardware configured, including configured by the program(s), to implement;
  
  after establishing a Radio Bearer between a User Equipment (UE), which is served by the LTE system, and a UMTS control node, to derive, according to a non-access stratum root key to the LTE system and a current non-access stratum count value of the LTE system, or according to a non-access stratum root key to the LTE system and a random number generated by the core network node, a UMTS integrity key and cipher key; and
  
  to send the UMTS integrity key and cipher key derived by the first generation module to the UMTS control node, so that the UMTS control node implements cipher and integrity protection by using the UMTS integrity key and cipher key.
- View Dependent Claims (15, 16)
- - 15. The core network node according to claim 14, wherein the computer hardware is further configured to:
    - to receive a UMTS key derivation instruction message from an access network node of the LTE system;
      
      wherein the UMTS key derivation instruction message is used to trigger the first generation module to derive the UMTS integrity key and cipher key.
  - 16. The core network node according to claim 14, wherein the computer hardware is further configured to:
    - to send the UMTS integrity key and cipher key to an access network node of the LTE system, so that the access network node sends the UMTS integrity key and cipher key to the UMTS control node.

17. An access network node for a long term evolution (LTE) system, applied to a universal mobile telecommunications system (UMTS) LTE resource convergence scenario that has a base station as an anchor point, the access network node comprising:
- non-transitory computer readable storage medium to store program(s), andcomputer hardware configured, including configured by the program(s), to implement;
  
  after establishing a Radio Bearer between a User Equipment (UE), which is served by the LTE system, and a UMTS control node, to derive, according to an access layer root key to the LTE system and a packet data convergence protocol count value of the LTE system, or according to an access layer root key to the LTE system and a random number generated by the access network node, a UMTS integrity key and cipher key; and
  
  to send the UMTS integrity key and cipher key derived by the second generation module to the UMTS control node, so that the UMTS control node implements cipher and integrity protection by using the UMTS integrity key and cipher key.
- View Dependent Claims (18)
- - 18. The access network node according to claim 17, wherein the computer hardware is further configured to:
    - send a UMTS key derivation instruction message to the UE, so that the UE derives, according to the access layer root key to the LTE system and the packet data convergence protocol count value of the LTE system, or according to the access layer root key to the LTE system and a random number generated by the access network node and carried in the UMTS key derivation instruction message, a UMTS integrity key and cipher key.

19. An access network node for a long term evolution (LTE) system, applied to a universal mobile telecommunications system (UMTS) LTE resource convergence scenario that has a base station as an anchor point, the access network node comprising:
- non-transitory computer readable storage medium to store program(s), andcomputer hardware configured, including configured by the program(s), to implement;
  
  to send a UMTS key derivation instruction message to a control node of a UMTS after a Radio Bearer between a User Equipment (UE) served by an LTE system and the UMTS control node is established, wherein the UMTS key derivation instruction message carries a random number generated by the access network node, so that the UMTS control node generates, according to an internet protocol security key and the random number, a UMTS integrity key and cipher key; and
  
  to derive, according to the internet protocol security key and the random number, a UMTS integrity key and cipher key.
- View Dependent Claims (20)
- - 20. The access network node according to claim 19, the computer hardware is further is further configured:
    - to perform a certificate-based authentication procedure with the UMTS control node to generate the internet protocol security key and the random number.

21. A user equipment (UE), applied to a universal mobile telecommunications system (UMTS)-long term evolution (LTE) resource convergence scenario that has a base station as an anchor point, the UE comprising:
- non-transitory computer readable storage medium to store program(s), andcomputer hardware configured, including configured by the program(s), to implement;
  
  to receive a UMTS key derivation instruction message after a Radio Bearer between the UE, which is served by an LTE system, and a UMTS control node is established; and
  
  to derive, according to a count value and a root key to the LTE system, or according to a root key of the LTE system and a random number carried in the UMTS key derivation instruction message, a UMTS integrity key and cipher key.
- View Dependent Claims (22, 23)
- - 22. The user equipment according to claim 21, wherein the computer hardware is further configured to receive, when the LTE system root key is a non-access stratum root key to the LTE system, the count value of the LTE system is a current non-access stratum count value of the LTE system, and the random number carried in the UMTS key derivation instruction message is a random number generated by a core network node, the UMTS key derivation instruction message from the core network node of the LTE system;
    - andto derive, according to the current non-access stratum count value of the LTE system and the non-access stratum root key to the LTE system, or according to the non-access stratum root key to the LTE system and the random number generated by the core network node of the LTE system, the UMTS integrity key and cipher key.
  - 23. The user equipment according to claim 21, wherein the computer hardware is further configured to receive, when the LTE system root key is an access layer root key to the LTE system, the count value of the LTE system is a packet data convergence protocol count value of the LTE system, and the random number carried in the UMTS key derivation instruction message is a random number generated by an access network node of the LTE system, the UMTS key derivation instruction message from the access network node of the LTE system, andto derive, according to the packet data convergence protocol count value of the LTE system and the access layer root key to the LTE system, or according to the access layer root key to the LTE system and the random number generated by the access network node of the LTE system, the UMTS integrity key and cipher key.

24. A control node for a universal mobile telecommunication system (UMTS), applied to a UMTS-long term evolution (LTE) system resource convergence scenario that has a base station as an anchor point, the UMTS control node comprising:
- non-transitory computer readable storage medium to store program(s), andcomputer hardware configured, including configured by the program(s), to implement;
  
  to receive a UMTS integrity key and cipher key as well as a user equipment (UE) security capability from an access network node of the LTE system after a Radio Bearer between the UE, which is served by the LTE system, and the UMTS control node is established; and
  
  to send, through the access network node of the LTE system, a security mode command message under integrity protection to UE, wherein the security mode command message carries;
  
  an integrity algorithm and a cipher algorithm that are selected by the UMTS control node according to the UE security capability, the UE security capability and parameter values generated by the UMTS control node, and an integrity message authentication code generated by the UMTS control node according to the UMTS integrity key, the parameter values generated by the UMTS control node, an integrity sequence number, the security mode command message, and a direction indication.
- View Dependent Claims (25)
- - 25. The UMTS control node according to claim 24, wherein the computer hardware is further configured to:
    - after the security mode command message is sent to the UE, receive a security mode command complete message under integrity protection that is sent, through the access network node of the LTE system, from the UE, wherein the UE sends the security mode command complete message to the UMTS control node through the access network node of the LTE system in the following scenario;
      
      after the UE receives the security mode command message, the UE generates an integrity message authentication code according to a UE integrity key to UMTS, the integrity sequence number, the direction indication, the security mode command message, and parameter values carried in the security mode command message;
      
      additionally, the UE determines that the integrity message authentication code generated by the UE is consistent with an integrity message authentication code carried in the security mode command message and the UE security capability carried in the security mode command message is consistent with a security capability of the UE itself.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
Zhang, Dongmei, Zhang, Lijia, Liu, Xiaohan, Chen, Xinyi
Primary Examiner(s)
Bhattacharya, Sam

Application Number

US13/952,985
Publication Number

US 20130310006A1
Time in Patent Office

673 Days
Field of Search

455/410, 455/411, 370/230, 370/235, 370/252, 370/328
US Class Current

1/1
CPC Class Codes

H04L 2463/061   applying further key deriva...

H04L 63/061   for key exchange, e.g. in p...

H04W 12/04   Key management, e.g. using ...

H04W 12/0431   Key distribution or pre-dis...

H04W 88/12   Access point controller dev...

Method and device for key generation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

25 Claims

Specification

Use Cases

Quick Links

Others

Method and device for key generation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

25 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others