公开(公告)号：US20150163678A1

公开(公告)日：2015-06-11

申请号：US14625789

申请日：2015-02-19

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei ZHANG ,  Jing CHEN ,  Lijia ZHANG ,  Zhuo CHEN

IPC: H04W12/10 ,  H04L9/14

CPC classification number: H04W12/10 ,  H04L9/14 ,  H04L63/205 ,  H04W12/02 ,  H04W12/08 ,  H04W84/047 ,  H04W92/20

Abstract: A method and an apparatus for protecting data carried on an Un interface between a eNB and a relay node are disclosed. Three types of radio bearers (RBs) are defined over the Un interface: signaling radio bearers (SRBs) for carrying control plane signaling data, signaling-data radio bearers (s-DRBs) for carrying control plane signaling date; and data-data radio bearers (d-DRBs) for carrying user plane data. An integrity protection algorithm and an encryption algorithm are negotiated for control plane signaling data on an SRB, control plane signaling data carried on an s-DRB, and user plane data carried on a d-DRB. With the respective integrity protection algorithm and encryption algorithm, the data over the Un interface can be protected respectively. Therefore, the security protection on the Un interface is more comprehensive, and the security protection requirements of data borne over different RBs can be met.

Abstract translation: 公开了一种用于保护在eNB和中继节点之间的Un接口上承载的数据的方法和装置。 在Un接口上定义了三种类型的无线承载（RB）：用于承载控制平面信令数据的信令无线电承载（SRB），用于承载控制平面信令日期的信令数据无线电承载（s-DRB）; 和用于承载用户平面数据的数据数据无线电承载（d-DRB）。 协调SRB上的控制平面信令数据，s-DRB上承载的控制平面信令数据和d-DRB上携带的用户平面数据的完整性保护算法和加密算法。 通过各自的完整性保护算法和加密算法，可以分别保护Un接口上的数据。 因此，Un接口的安全保护更全面，可以满足不同RB承载的数据的安全保护要求。

公开(公告)号：US20140233736A1

公开(公告)日：2014-08-21

申请号：US14264587

申请日：2014-04-29

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Lijia ZHANG ,  Jing Chen ,  Yixian Xu

IPC: H04W12/04

CPC classification number: H04W12/04 ,  H04L63/062 ,  H04L63/065 ,  H04W4/08 ,  H04W4/70 ,  H04W88/08

Abstract: Embodiments of the present invention provide a method and a related device for generating a group key. The method includes: obtaining a group ID of a group where a machine type communication MTC device is located; obtaining a group communication root key corresponding to the group ID; generating a group key corresponding to the group ID according to the group communication root key; and sending the group key encrypted by using an access stratum key of the MTC device to the MTC device, so that the MTC device obtains the group key through decryption according to the access stratum key of the MTC device. According to the foregoing technical solutions, a base station may allocate, to an MTC device, a group key corresponding to a group where the MTC device is located.

Abstract translation: 本发明的实施例提供了一种用于生成组密钥的方法和相关设备。 该方法包括：获取机器型通信MTC设备所在的组的组ID; 获取与组ID相对应的组通信根密钥; 根据组通信根密钥生成与组ID相对应的组密钥; 以及通过使用MTC设备的接入层密钥加密的组密钥发送给MTC设备，使得MTC设备根据MTC设备的接入层密钥通过解密获得组密钥。 根据上述技术方案，基站可以向MTC设备分配与MTC设备所在的组对应的组密钥。