KEY GENERATION METHOD AND RELATED DEVICE

Abstract

Embodiments of this application provide a key generation method and a related device. The method includes: receiving, by a terminal, a first message sent by a source base station, where the first message includes a key exchange algorithm selected by a target base station and a first public key generated by the target base station; generating, by the terminal, a first shared key based on the key exchange algorithm, the first public key, and a first private key generated by the terminal; and sending, by the terminal, a second message to the target base station, where the second message includes a second public key generated by the terminal. According to the embodiments of this application, a communication latency and network load can be reduced while communication security is ensured.

Claims

1. A key generation method, comprising: receiving, by a terminal, a first message sent by a source base station, wherein the first message comprises a key exchange algorithm selected by a target base station and a first public key generated by the target base station; generating, by the terminal, a first shared key based on the key exchange algorithm, the first public key, and a first private key generated by the terminal; and sending, by the terminal, a second message to the target base station, wherein the second message comprises a second public key generated by the terminal.

2. The method according to claim 1, wherein the first message further comprises a cell identity and a carrier frequency of a target cell; and before the sending, by the terminal, a second message to the target base station, the method further comprises: generating, by the terminal, a second key based on a prestored first key, and the cell identity and the carrier frequency of the target cell; and performing encryption processing on the second message by using the second key.

3. The method according to claim 1, wherein before the receiving, by a terminal, a first message sent by a source base station, the method further comprises: sending, by the terminal, a plurality of key exchange algorithms supported by the terminal to the source base station.

4. The method according to claim 3, wherein the plurality of key exchange algorithms are sent by the source base station to the target base station.

5. The method according to claim 1, wherein after the generating, by the terminal, a first shared key based on the key exchange algorithm, the first public key, and a first private key generated by the terminal, the method further comprises: generating, by the terminal, an RRC integrity protection key, an RRC encryption key, and a user plane encryption key based on the first shared key.

6. The method according to claim 2, wherein after the generating, by the terminal, a first shared key based on the key exchange algorithm, the first public key, and a first private key generated by the terminal, the method further comprises: generating, by the terminal, a second shared key based on the first shared key, and the cell identity and the carrier frequency of the target cell.

7. A terminal, comprising: a receiving module configured to receive a first message sent by a source base station, wherein the first message comprises a key exchange algorithm selected by a target base station and a first public key generated by the target base station; a processing module configured to generate a first shared key based on the key exchange algorithm, the first public key, and a first private key generated by the terminal; and a sending module configured to send a second message to the target base station, wherein the second message comprises a second public key generated by the terminal.

8. The terminal according to claim 7, wherein the first message further comprises a cell identity and a carrier frequency of a target cell; and the terminal further comprises: the processing module configured to generate a second key based on a prestored first key, and the cell identity and the carrier frequency of the target cell, and perform encryption processing on the second message by using the second key.

9. The terminal according to claim 7, wherein the sending module is further configured to send a plurality of key exchange algorithms supported by the terminal to the source base station.

10. The terminal according to claim 9, wherein the plurality of key exchange algorithms are sent by the source base station to the target base station.

11. The terminal according to claim 7, wherein the processing module is further configured to generate an RRC integrity protection key, an RRC encryption key, and a user plane encryption key based on the first shared key.

12. The terminal according to claim 8, wherein the processing module is further configured to generate a second shared key based on the first shared key, and the cell identity and the carrier frequency of the target cell.

13. A base station, comprising: a receiving module configured to receive a second message sent by a terminal, wherein the second message comprises a second public key generated by the terminal; and a processing module configured to generate a first shared key based on the second public key, a key exchange algorithm selected by the target base station, and a second private key generated by the target base station.

14. The base station according to claim 13, wherein the receiving module is further configured to receive a handover request sent by a source base station, wherein the handover request comprises a plurality of key exchange algorithms supported by the terminal; and the processing module is further configured to select the key exchange algorithm from the plurality of key exchange algorithms.

15. The base station according to claim 14, wherein the base station further comprises: a sending module; configured to send a third message to the source base station, wherein the third message comprises the key exchange algorithm selected by the target base station and a first public key generated by the target base station.

16. The base station according to claim 13, wherein the processing module is further configured to generate an RRC integrity protection key, an RRC encryption key, and a user plane encryption key based on the first shared key.

17. The base station according to claim 13, wherein the processing module is further configured to generate a second shared key based on the first shared key, and a cell identity and a carrier frequency of a target cell.

Description

DESCRIPTION OF DRAWINGS

[0030] To describe the technical solutions in the embodiments of this application or in the background more clearly, the following briefly describes the accompanying drawings required for describing the embodiments of this application or the background.

[0031] FIG. 1 is a schematic flowchart of a key generation method according to a prior-art solution;

[0032] FIG. 2 is a schematic architectural diagram of a key generation system according to an embodiment of this application;

[0033] FIG. 3 is a schematic flowchart of a key generation method according to an embodiment of this application;

[0034] FIG. 4 is a schematic structural diagram of a terminal according to an embodiment of this application;

[0035] FIG. 5 is a schematic structural diagram of a target base station according to an embodiment of this application;

[0036] FIG. 6 is a schematic structural diagram of another terminal according to an embodiment of this application; and

[0037] FIG. 7 is a schematic structural diagram of another target base station according to an embodiment of this application.

DESCRIPTION OF EMBODIMENTS

[0038] The following describes the embodiments of this application with reference to the accompanying drawings in the embodiments of this application.

[0039] FIG. 2 is a schematic architectural diagram of a key generation system according to an embodiment of this application. The key generation system includes a terminal (UE), a source base station (Source eNB), and a target base station (Target gNB). The terminal may be handed over between the source base station and the target base station. The terminal may be a device that provides a voice and/or data connection to a user, may be a device that is connected to a computing device such as a laptop computer or a desktop computer, or may be an independent device such as a personal digital assistant (PDA). The terminal may also be referred to as a system, a subscriber unit, a subscriber station, a mobile station, a mobile console, a remote station, an access point, a remote terminal, an access terminal, a user terminal, a user agent, or a user apparatus. The source base station and the target base station, which may be access points, NodeBs, evolved NodeBs (Environment Bureau, eNB), or 5G base stations (Next generation base station, gNB), are devices that communicate with a wireless terminal in an access network over an air interface by using one or more sectors. By converting a received air interface frame into an IP packet, a base station may serve as a router between the wireless terminal and a remaining part of the access network. The access network may include an internet protocol network. The base station may further coordinate air interface attribute management.

[0040] FIG. 3 shows a key generation method according to an embodiment of this application. The method includes but is not limited to the following operations.

[0041] Operation S301. A terminal sends a measurement report to a source base station.

[0042] During specific implementation, the source base station may send a measurement request to the terminal. After receiving the measurement request, the terminal first measures a signal of a cell that is covered by the source base station, and then sends the measurement report to the source base station.

[0043] In one embodiment, when exchanging an access stratum (AS) security mode command (SMC) during an attach procedure, the terminal may send a DH (Deffie-Hellman) security capability supported by the terminal to the source base station. The source base station stores the DH security capability supported by the terminal in a terminal security context. The DH security capability includes a plurality of key exchange algorithms, each key exchange algorithm includes an algorithm used for subsequent DH key negotiation, a key length, and the like, and the key exchange algorithms are different from each other.

[0044] Operation S302. The source base station determines to perform an Xn (a communications interface between base stations) handover based on the measurement report.

[0045] During specific implementation, the source base station determines, based on the measurement report, whether the terminal moves from the cell covered by the source base station to a cell covered by the target base station. If determining that the terminal moves from the cell covered by the source base station to the cell covered by the target base station, the source base station determines to perform the Xn handover.

[0046] Operation S303. The source base station calculates a second key based on a prestored first key, and a cell identity and a carrier frequency of a target cell, where KeNB*CELL=Func(KeNB, Target-cell PCI, Target-cell DlEarfcn). The derivation formula is defined in 3GPP 33.401 section A.S. KeNB*CELL is the second key (a new key), KeNB is the first key (an original key), Target-cell PCI (Physical Cell ID) is the cell identity of the target cell, and Target-cell DlEarfcn is the carrier frequency of the target cell.

[0047] Operation S304. The source base station sends a handover request to the target base station. The handover request includes a plurality of key exchange algorithms supported by the terminal, and the handover request also includes the second key and a next hop chaining count (Next Hop Chaining Count, NCC). The next hop chaining count may be used to deduce the new key from the original key.

[0048] Operation S305. The target base station selects the key exchange algorithm from the plurality of key exchange algorithms and generates a first public key and a second private key.

[0049] During specific implementation, the target base station may freely select the key exchange algorithm from the plurality of key exchange algorithms. When the first public key and the second private key are generated, the terminal and the target base station agree on an initial number g, and separately generate random numbers Nu and Nt locally, and then the target base station generates a public-private key pair based on the random numbers Nu and Nt.

[0050] Operation S306. The target base station sends a third message to the source base station.

[0051] The third message may be a handover request confirmation message. The handover request confirmation message includes the key exchange algorithm selected by the target base station and the first public key generated by the target base station.

[0052] Operation S307. The source base station sends a first message to the terminal.

[0053] The first message may be an RRC connection reconfiguration message. The RRC connection reconfiguration message may include the key exchange algorithm selected by the target base station and the first public key generated by the target base station.

[0054] Operation S308. The terminal calculates the second key based on the prestored first key, and the cell identity and the carrier frequency of the target cell, where KeNB*CELL=Func(KeNB, Target-cell PCI, Target-cell DlEarfcn). The derivation formula is defined in 3GPP 33.401 section A.S. KeNB* is the second key (the new key), KeNB is the first key (the original key), Target-cell PCI (Physical Cell ID) is the cell identity of the target cell, and Target-cell DlEarfcn is the carrier frequency of the target cell.

[0055] Operation S309. The source base station sends a state transfer message to the target base station. The state transfer message is used to notify the target base station of completion of a handover.

[0056] Operation S310. The terminal generates an RRC integrity protection key, an RRC encryption key, and a user plane encryption key based on the second key. The target base station generates the RRC integrity protection key, the RRC encryption key, and the user plane encryption key based on the first key.

[0057] Operation S311. The terminal generates a second public key and a first private key.

[0058] During specific implementation, the terminal and the target base station first agree on the initial number g, and separately generate the random numbers Nu and Nt locally, and then the terminal generates the public-private key pair based on the random numbers Nu and Nt. The public-private key pair includes the second public key and the first private key.

[0059] Operation S312. The terminal sends a second message to the target base station. The second message may be an RRC reconfiguration complete message. The RRC reconfiguration complete message includes the second public key generated by the terminal.

[0060] During specific implementation, before sending the second message to the target base station, the terminal first performs encryption processing on the second message by using the previously generated RRC integrity protection key and RRC encryption key, and then sends the encrypted second message to the target base station. After receiving the encrypted second message, the target base station decrypts the second message by using the RRC integrity protection key and the RRC encryption key that are previously generated by the target base station.

[0061] Operation S313. The terminal generates a first shared key based on the key exchange algorithm, the first public key, and the first private key generated by the terminal. The target base station generates the first shared key based on the second public key, the key exchange algorithm selected by the target base station, and the second private key generated by the target base station.

[0062] Operation S314. The terminal generates the RRC integrity protection key, the RRC encryption key, and the user plane encryption key based on the first shared key. The target base station generates the RRC integrity protection key, the RRC encryption key, and the user plane encryption key based on the first shared key.

[0063] In one embodiment, after the terminal generates the first shared key based on the key exchange algorithm, the first public key, and the first private key generated by the terminal, the terminal generates a second shared key based on the first shared key, and the cell identity and the carrier frequency of the target cell. After the target base station generates the first shared key based on the second public key, the key exchange algorithm selected by the target base station, and the second private key generated by the target base station, the terminal generates the second shared key based on the first shared key, and the cell identity and the carrier frequency of the target cell. In this way, a new shared key is generated by using a historical shared key.

[0064] In this embodiment of this application, during the Xn handover of the terminal, a DH key exchange is implemented between the terminal and the target base station based on a current message, without requiring additional signaling. After the handover is completed, a secret shared key is created between the terminal and the base station. Subsequent communication is protected through derivation performed based on the shared key, so that there is no need to deduce a key relying on KeNB* of the source base station, and exposure of a historically used key does not lead to exposure of a future session key. In addition, during a handover, identity forgery of the UE and the target base station can be prevented, and a new key negotiated each time can be ensured to be novel and adaptable to the UE and the base station with different key strength security requirements.

[0065] The foregoing describes the method in the embodiment of this application in detail. The following provides an apparatus according to the embodiments of this application.

[0066] FIG. 4 is a schematic structural diagram of a terminal according to an embodiment of this application. The terminal may include a receiving module 401, a processing module 402, and a sending module 403. A detailed description of each unit is as follows:

[0067] The receiving module 401 is configured to receive a first message sent by a source base station, where the first message includes a key exchange algorithm selected by a target base station and a first public key generated by the target base station.

[0068] The processing module 402 is configured to generate a first shared key based on the key exchange algorithm, the first public key, and a first private key generated by the terminal.

[0069] The sending module 403 is configured to send a second message to the target base station, where the second message includes a second public key generated by the terminal.

[0070] Optionally, the processing module 402 is further configured to generate a second key based on a prestored first key, and a cell identity and a carrier frequency of a target cell, and perform encryption processing on the second message by using the second key.

[0071] In one embodiment, the sending module 403 is further configured to send a plurality of key exchange algorithms supported by the terminal to the source base station.

[0072] In one embodiment, the processing module 402 is further configured to generate an RRC integrity protection key, an RRC encryption key, and a user plane encryption key based on the first shared key.

[0073] In one embodiment, the processing module 402 is further configured to generate a second shared key based on the first shared key, and the cell identity and the carrier frequency of the target cell.

[0074] It should be noted that, for implementation of each module, reference may be made to corresponding descriptions in the method embodiment shown in FIG. 3, and each module performs a method and a function that are performed by the terminal in the foregoing embodiment.

[0075] FIG. 5 is a schematic structural diagram of a target base station according to an embodiment of this application. The target base station may include a receiving module 501, a processing module 502, and a sending module 503. A detailed description of each unit is as follows:

[0076] The receiving module 501 is configured to receive a second message sent by a terminal, where the second message includes a second public key generated by the terminal.

[0077] The processing module 502 is configured to generate a first shared key based on the second public key, a key exchange algorithm selected by the target base station, and a second private key generated by the target base station.

[0078] In one embodiment, the receiving module 501 is further configured to receive a handover request sent by a source base station, where the handover request includes a plurality of key exchange algorithms supported by the terminal; and the processing module 502 is further configured to select the key exchange algorithm from the plurality of key exchange algorithms.

[0079] In one embodiment, the sending module 503 is configured to send a third message to the source base station, where the third message includes the key exchange algorithm selected by the target base station and a first public key generated by the target base station.

[0080] In one embodiment, the processing module 502 is further configured to generate an RRC integrity protection key, an RRC encryption key, and a user plane encryption key based on the first shared key.

[0081] In one embodiment, the processing module 502 is further configured to generate a second shared key based on the first shared key, and a cell identity and a carrier frequency of a target cell.

[0082] It should be noted that, for implementation of each module, reference may be made to corresponding descriptions in the method embodiment shown in FIG. 3, and each module performs a method and a function performed by the target base station in the foregoing embodiment.

[0083] FIG. 6 is a schematic structural diagram of a terminal according to this application. As shown in the figure, the terminal may include at least one processor 601, for example, a CPU, at least one communications interface 602, at least one memory 603, and at least one communications bus 604. The communications bus 604 is configured to implement connection communication between these components. The communications interface 602 of the device in this embodiment of this application is configured to perform signaling or data communication with another node or device. The memory 603 may be a high-speed RAM memory, or may be a non-volatile memory (non-volatile memory), for example, at least one disk memory. Optionally, the memory 603 may be at least one storage apparatus that is located away from the foregoing processor 601. The memory 603 stores a set of program code, and the processor 601 executes a program that is executed by the foregoing terminal in the memory 603, to perform the following operations:

[0084] receiving a first message sent by a source base station, where the first message includes a key exchange algorithm selected by a target base station and a first public key generated by the target base station;

[0085] generating a first shared key based on the key exchange algorithm, the first public key, and a first private key generated by the terminal; and

[0086] sending a second message to the target base station, where the second message includes a second public key generated by the terminal.

[0087] Further, the processor may work with the memory and the communications interface to perform an operation performed by the terminal in the foregoing embodiment of this application.

[0088] FIG. 7 is a schematic structural diagram of a target base station according to this application. As shown in the figure, the target base station may include at least one processor 701, for example, a CPU, at least one communications interface 702, at least one memory 703, and at least one communications bus 704. The communications bus 704 is configured to implement connection communication between these components. The communications interface 702 of the device in this embodiment of this application is configured to perform signaling or data communication with another node or device. The memory 703 may be a high-speed RAM memory, or may be a non-volatile memory, for example, at least one disk memory. Optionally, the memory 703 may be at least one storage apparatus that is located away from the foregoing processor 701. The memory 703 stores a set of program code, and the processor 701 executes a program that is executed by the foregoing terminal in the memory 703, to perform the following operations:

[0089] receiving a second message sent by a terminal, where the second message includes a second public key generated by the terminal; and

[0090] generating a first shared key based on the second public key, a key exchange algorithm selected by the target base station, and a second private key generated by the target base station.

[0091] All or some of the foregoing embodiments may be implemented by using software, hardware, firmware, or any combination thereof. When software is used for implementation, all or some of the foregoing embodiments may be implemented in a form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, all or some of procedures or functions in the embodiments of the present invention are generated. The computer may be a general-purpose computer, a special-purpose computer, a computer network, or another programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or may be transmitted from one computer-readable storage medium to another computer-readable storage medium. For example, the computer instructions may be transmitted from a website, computer, server, or data center to another website, computer, server, or data center in a wired (for example, a coaxial cable, an optical fiber, or a digital subscriber line (DSL) manner or a wireless (for example, infrared, radio, or microwave) manner. The computer-readable storage medium may be any usable medium accessible to a computer, or a data storage device including one or more usable media, such as a server or a data center. The usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, or a magnetic tape), an optical medium (for example, a DVD), a semiconductor medium (for example, a solid state disk Solid State Disk (SSD), or the like.

KEY GENERATION METHOD AND RELATED DEVICE

Inventors

Cpc classification

Classification Explorer

H04W12/041

ELECTRICITY

Classification Explorer

H04L9/0861

ELECTRICITY

Classification Explorer

H04L9/14

ELECTRICITY

Classification Explorer

H04W12/0433

ELECTRICITY

Classification Explorer

H04L9/0819

ELECTRICITY

Classification Explorer

H04L9/30

ELECTRICITY

Classification Explorer

H04W12/108

ELECTRICITY

Classification Explorer

H04W36/0064

ELECTRICITY

Classification Explorer

H04W36/0038

ELECTRICITY

Classification Explorer

H04W12/033

ELECTRICITY

International classification

Classification Explorer

H04L9/08

ELECTRICITY

Classification Explorer

H04W12/10

ELECTRICITY

Classification Explorer

H04L9/30

ELECTRICITY

Classification Explorer

H04W12/00

ELECTRICITY

Classification Explorer

H04L9/14

ELECTRICITY

Abstract

Claims

Description