Search

EP-4742827-A2 - METHOD AND DEVICE THEREOF FOR GENERATING ACCESS STRATUM KEY IN COMMUNICATION

EP4742827A2EP 4742827 A2EP4742827 A2EP 4742827A2EP-4742827-A2

Abstract

Embodiments of the present invention provide a method and a device thereof for generating an access stratum key in a In the communication system, a user equipment UE accesses a core network via a first network-side device by using a first air interface and connects to the first network-side device via a second network-side device by using a second air interface to access the core network. The method includes: acquiring, by the network-side device, an input parameter; calculating, by the network-side device, an access stratum root key KeNB* according to the input parameter and an access stratum root key KeNB on the first air interface, or using, by the network-side device, the KeNB as the KeNB*; and generating, by the second network-side device, an access stratum key on the second air interface according to the KeNB*, or sending, by the first network-side device, the KeNB* to the second network-side device, so that the second network-side device generates the access stratum key on the second air interface according to the KeNB*. In this way, security of data transmission over the second air interface may be improved by using the access stratum key on the second air interface.

Inventors

  • ZHANG, DONGMEI
  • CHEN, JING
  • CUI, Yang

Assignees

  • Huawei Technologies Co., Ltd.

Dates

Publication Date
20260513
Application Date
20121213

Claims (15)

  1. A method for generating an access stratum key in a communication system, wherein a first network-side device connects to a user equipment through a first air interface and accesses a core network, CN, and the first network-side device connects to a second network-side device, wherein the second network-side device is a device that connects to the user equipment through a second air interface, and the method comprises: acquiring (S110), by the first network-side device, an input parameter, wherein the input parameter comprises a time-varying parameter; calculating (S120), by the first network-side device, an access stratum root key on the second air interface according to the input parameter and an access stratum root key on the first air interface, wherein the second air interface is between the second network-side device and the user equipment; and sending (S130), by the first network-side device, the access stratum root key on the first air interface to the second network-side device.
  2. The method according to claim 1, wherein the time-varying parameter comprises a value of specific counter.
  3. The method according to claim 1 or 2, wherein the core network is a Long Term Evolution, LTE, core network.
  4. The method according to any one of claims 1 to 3, wherein the core network comprises mobility management entity, MME, the first network-side device is an evolved NodeB, eNB, and the first air interface is Uu air interface.
  5. The method according to any one of claims 1 to 4, wherein the method further comprises: receiving (S210), by the second network-side device, the access stratum root key on the second air interface from the first network-side device; and generating (S220), by the second network-side device, an access stratum key on the second air interface according to the access stratum root key on the second air interface.
  6. The method according to claim 5, wherein the generating step comprises: generating, by the second network-side device, an integrity protection key and a cipher key for the second air interface according to the access stratum root key on the second air interface.
  7. The method according to claim 5 or 6, wherein the generating step comprises: generating, by the second network-side device, a cipher key for user plane data according to the access stratum root key on the second air interface.
  8. A method for generating an access stratum key in a communication system, wherein a user equipment in the communication system accesses a core network via a first network-side device by using a first air interface, and connects to the first network-side device via a second network-side device by using a second air interface to access the core network, and the method comprises: acquiring (S310), by the user equipment, an input parameter, wherein the input parameter comprises a time-varying parameter; calculating (S320), by the user equipment, an access stratum root key on the second air interface according to the input parameter and an access stratum root key on the first air interface wherein the second air interface is between the second network-side device and the user equipment; and generating (S330), by the user equipment, an access stratum key on the second air interface according to the access stratum root key on the second air interface.
  9. The method according to claim 8, wherein the time-varying parameter comprises a value of specific counter.
  10. The method according to claim 8 or 9, wherein the core network is a Long Term Evolution, LTE, core network.
  11. The method according to any one of claims 8 to 10, wherein the core network comprises mobility management entity, MME, the first network-side device is an evolved NodeB, eNB, and the first air interface is Uu air interface.
  12. The method according to any one of claims 8 to 11, wherein the generating step comprises: generating, by the user equipment, an integrity protection key and a cipher key for the second air interface according to the access stratum root key on the second air interface.
  13. A first network side device being configured to carry out a method according to any one of claims 1 to 4.
  14. A user equipment being configured to carry out a method according to any one of claims 8 to 12.
  15. A computer-readable-medium comprises a program, when executed by a processor, for performing the method according to any one of claims 1 to 4 or 8 to 12.

Description

This application claims priority to Chinese Patent Application No. 201110421275.9, filed with the Chinese Patent Office on December 15, 2011 and entitled "METHOD AND DEVICE THEREOF FOR GENERATING ACCESS STRATUM KEY IN COMMUNICATIONS SYSTEM", which is incorporated herein by reference in its entirety. TECHNICAL FIELD The present invention relates to the radio communication field, and more particularly, to a method and a device thereof for generating an access stratum key in a communication system in the radio communication field. BACKGROUND In a newly proposed LTE-Hi (Long Term Evolution-Hi, Long Term Evolution-Hi) architecture, a user equipment (User Equipment, UE) may access a core network via an evolved NodeB (evolved NodeB, eNB), or may connect to the eNB via an LTE-Hi access point (LTE-Hi Access Point, LTE-Hi AP) and then access the core network via the eNB. The UE may also directly connect to a gateway device on another network via the LTE-Hi AP. In the LTE-Hi architecture, the UE has two radio air interfaces, that is, a Uu air interface between the UE and the eNB and a Uu' air interface between the UE and the LTE-Hi AP. The LTE-Hi architecture not only can support the scenario in which the UE performs access initially from the LTE-Hi AP and then some services are transferred to the eNB, but also can support the scenario in which the UE performs access initially from the eNB and then some services are transferred to the LTE-Hi AP. Therefore, an air interface security mechanism for the Uu' air interface needs to be compatible with the foregoing two scenarios. The UE may receive data through two links corresponding to the Uu' air interface and the Uu air interface at the same time to communicate with the LTE-Hi AP and the eNB at the same time. In such a scenario, two branches have their own air interfaces. Generation, maintenance, modification and deletion of an access stratum (Access Stratum, AS) security context on the two air interfaces need to be considered to ensure security of data transmitted over each air interface. However, in the prior art, only a manner of generating an AS key on the Uu air interface is provided, while how to generate the AS key on the Uu' air interface is not involved. As a result, security of data transmission over the Uu' air interface cannot be ensured. SUMMARY The present invention provides a method and a device thereof for generating an access stratum key in a communication system, which solves a problem in the prior art where security of data transmission over two air interfaces of a UE cannot be ensured at the same time and allows the UE to perform secure data transmission over the two air interfaces, thereby improving system security. According to one aspect, the present invention provides a method for generating an access stratum key in a communication system. In the communication system, a user equipment UE accesses a core network via a first network-side device by using a first air interface and connects to the first network-side device via a second network-side device by using a second air interface to access the core network. The method includes: acquiring, by the network-side device, an input parameter, where the input parameter includes a time-varying parameter and/or a parameter related to a serving cell of the second network-side device; calculating, by the network-side device, an access stratum root key KeNB* on the second air interface according to the input parameter and an access stratum root key KeNB on the first air interface, or using, by the network-side device, the KeNB as the access stratum root key KeNB* on the second air interface; and generating, by the second network-side device, an access stratum key on the second air interface according to the KeNB*, or sending, by the first network-side device, the KeNB* to the second network-side device so that the second network-side device generates the access stratum key on the second air interface according to the KeNB*. According to another aspect, the present invention provides a method for generating an access stratum key in a communication system. In the communication system, a user equipment UE accesses a core network via a first network-side device by using a first air interface and connects to the first network-side device via a second network-side device by using a second air interface to access the core network. The method includes: acquiring, by the UE, an input parameter, where the input parameter includes a time-varying parameter and/or a parameter related to a serving cell of the second network-side device; calculating, by the UE, an access stratum root key KeNB* on the second air interface according to the input parameter and an access stratum root key KeNB on the first air interface, or using, by the UE, the KeNB as the access stratum root key KeNB* on the second air interface; and generating, by the UE, an access stratum key on the second air interface according to the KeNB*. According to