In a Long Term Evolution (LTE) system, the RRC functions of networks are located in the Evolved Universal Terrestrial Radio Access Network (E-UTRAN) NodeB (eNB), and the corresponding security protection mechanisms of RRC are also located in the eNB. As there are lots of eNBs allocated widely, the network entities among the access layers are highly dispersed regardless the geographical positions or the logical relationships, and operators cannot implement centralized security control for the eNBs. Each eNB is located in an unsafe area, so each eNB needs to select a security algorithm for the access layer security mechanism between the eNB and each User Equipment (UE) according to the security capability of the UE, so as to protect the communication security between the eNB and the UE.
According to the description of the current 33.401 protocol, during an initial context establishment process initiated by a Mobility Management Entity (MME), the MME can carry information of the security capability of the UE to the eNB in an initial context establishment request message. Then, the eNB selects the security algorithm between the eNB and the UE according to the following principles: selecting the security algorithm which has the highest priority configured by the eNB and is supported by the UE as the final access layer security algorithm, according to the security capability of the UE and the security algorithm configured by the eNB itself, wherein the access layer security algorithm comprises an access layer signaling integrity protection algorithm and a signaling and data encryption algorithm. After that, if the security algorithms need to be updated, the security algorithms are also selected according to the above principle.
According to the descriptions of the 33.401 protocol and the 36.331 protocol, under normal conditions, the access layer security algorithm does not change. Only when implementing handover, the eNB needs to re-select the new access layer security algorithm according to the security capability of the UE and the current security algorithm configured by the eNB on the basis of the above algorithm selecting principle. Then the newly-selected access layer security algorithm is notified to the UE via an RRC re-configuration message. After the re-configuration is successful, the UE starts to use the new access layer security algorithm to communicate with the eNB, that is, to use the new access layer security algorithm to implement integrity protection and signaling and data encryption from an RRC re-configuration completion message.
In the current RRC connection re-establishment processing flow, as shown in FIG. 1, no matter under what circumstances the UE sends an RRC connection re-establishment request message to the eNB, the eNB needs not to update the access layer security algorithm, and the security algorithm is not carried in the RRC connection re-establishment message which is sent to the eNB by the UE.
In the LTE, each eNB respectively maintains the access layer security parameters between the eNB and the UE, including: an access layer security algorithm and a security key. As the security algorithm supported by each eNB is configured and maintained respectively by each eNB, the supporting condition for the security algorithm implemented by each eNB cannot be completely the same. That is, a security algorithm supported by eNB1 cannot be completely supported by eNB2. Then under the condition that the eNB2 does not support the security algorithm configured by the eNB1, when the UE tries to RRC re-establish to the eNB2 due to a handover failure to the eNB2, the UE still uses the original security algorithm to perform integrity protection and encryption for the RRC re-establishment completion message if a new security algorithm is not re-selected according to the security algorithm supported by the eNB2. And then the eNB2 must fail to perform decryption and integrity check for the RRC re-establishment message because of not supporting the original security algorithm used by the UE, which can finally cause the UE access failure, and greatly influence the user experience.