The 3rd Generation Partnership Project (3GPP) employs Orthogonal Frequency Division Multiplexing (shorted for OFDM) and Multiple-Input Multiple-Output (shorted for MIMO) technologies in Release7 to complete the future evolution path HSPA+ of High Speed Downlink Packet Access (HSDPA) and High Speed Uplink Packet Access (HSUPA). The HSPA+ is an enhancement technology of 3GPP HSPA (including HSDPA and HSUPA). The HSPA+ provides a way of smooth evolution from the HSPA to Long Term Evolution (LTE) with low complexity and low cost for HSPA operators.
Compared with HSPA, in HSPA+ system architecture, functions of the Radio Network Controller (shorted for RNC) are given to the Node B to form completely flat radio access network architecture, shown in FIG. 1. In this case, the Node B integrating all functions of the RNC is called the evolved HSPA Node B, or shorted for enhanced Node B (Node B+). SGSN+ is the upgraded Service General Packet Radio System (GPRS) Support Node (SGSN) which can support the functions of the HSPA+. ME+ is the user terminal equipment which can support the functions of the HSPA+. The evolved HSPA system can use the air interface of the version of 3GPP Rel-5 and later, without having any modification for HSPA services of the air interface. After this solution is employed, each Node B+ becomes a node equivalent to the RNC, and has an lu-PS interface to be able to directly connect with a PS Core Network (CN) (as SGSN and GGSN shown in FIG. 1). The lu-PS user plane ends at the SGSN. In the above, if the network supports a direct tunnel function, the lu-PS user plane may also end at the Gateway GPRS Support Node (GGSN). Communication between the evolved HSPA Nodes B is performed through an lur interface. Node B+ has the capability of independent networking, and supports complete mobility functions, including inter-system and intra-system handoff.
As the network is flattened, the user plane data may reach the GGSN directly without passing through the RNC. It means that ciphering and integrity protection function of the user plane must be shifted forward to Node B+. The present HSPA+ security key hierarchy structure is shown in FIG. 2. In the above, the definition of Key (K, the root key), Ciphering Key (CK) and Integrity Key (IK) is completely consistent to that in a traditional Universal Mobile Telecommunications System (UMTS). That is, K is a key saved in an Authentication Center (AuC) and a Universal Subscriber Identity Module (USIM). In the disclosure, CK and IK are called the traditional keys. The traditional keys CK and IK are a ciphering key and an integrity key calculated from K when Authentication and Key Agreement (AKA) is performed between the User Equipment and the Home Subscriber Server (HSS). In the UMTS, the RNC uses the traditional air interface keys CK and IK to perform data ciphering and integrity protection. As functions of the RNC are all given to the Node B+ in the HSPA+ architecture, both ciphering and deciphering need to be performed at the Node B+. But, the Node B+ is in an insecure environment with low security. Therefore, a key hierarchy similar to Evolved Universal terrestrial Radio Access Network (E-UTRAN), i.e., an UTRAN key hierarchy, is introduced to the HSPA+. In the UTRAN key hierarchy structure, the intermediate key KRNC (also called KASMEU) is a key newly introduced to the HSPA+, which is generated by respective derivation of CK and IK at the ME+ and the core network node (SGSN+ or MSC+). Further, the core network node sends the KRNC to the RNC+. According to the intermediate key KRNC, the ME+ and the RNC+ generate air interface keys CKU and IKU respectively, which are called enhanced keys. In the above, the enhanced key CKU is used for ciphering user plane data and control plane signaling, and the enhanced key IKU is used for performing integrity protection for the control plane signaling.
At present, there is another enhanced security key hierarchy structure shown in FIG. 3. In this key architecture, enhanced keys CKU and IKU are directly generated from traditional keys CK and IK at the ME+ and the core network node (SGSN+ or MSC+) respectively. The core network node sends the enhanced keys CKU and IKU to the RNC+.
In the UMTS, the concept of Serving RNC (SRNC)/Drift RNC (DRNC) is produced due to the introduction of the lur interface. Both SRNC and DRNC are logic concepts for a specific User Equipment (UE). Simply, for a certain UE, the RNC which is directly connected with the Core Network (CN) and controls all resources of the UE is called the SRNC of the UE. The RNC which is not connected with the CN and just provides resources for the UE is called the DRNC of the UE. The UE, which is in connected status, must have but only one SRNC, and may have 0 or multiple DRNCs.
In the UMTS, SRNC relocation is a process in which the SRNC of the UE changes from one RNC to another RNC. According to different positions of the UE before and after the relocation, there can be two types of relocation: the static relocation and concomitant relocation.
Concomitant relocation is a process in which the UE switches to a target RNC from the SRNC by hard handoff and the lu interface changes simultaneously, shown in FIG. 4. As the relocation process needs the participation of the UE, it is also called the UE involved relocation.
The condition for the static relocation is that the UE accesses but only from one DRNC. As the relocation process needs no participation of the UE, it is also called the UE not-involved relocation. After the relocation, the connection of the lur interface is released, the lu interface relocates, and the old DRNC becomes to the SRNC, shown in FIG. 5. The static relocation is caused by soft handoff. Due to the lur interface, the relocation starts after all radio links are linked to the DRNC.
During the SRNC relocation process, when a source RNC decision triggers the SRNC relocation process, the source RNC is very likely to be unable to determine whether the target RNC has an enhanced security function. Usually, the target RNC notifies the UE with its own security capability by the first downlink message sent to the UE (it may be transferred by the source RNC). The UE notifies the target RNC with its own security capability in the first uplink message sent to the target RNC. If the source RNC supports the enhanced security, in the preparation stage of the SRNC relocation, the source RNC may notify the target RNC with the enhanced security capability supported by the UE. In this way, the target RNC may know the security capability of the UE early, which is beneficial for judging whether the enhanced security mechanism or traditional security mechanism should be used.
In the concomitant relocation process, as the UE participates in the whole SRNC relocation process, the downlink message carrying the security capability of the target RNC is forwarded to the UE by the source RNC. Hence, the message is protected by a ciphering key between the source RNC and the UE. After receiving the message, the UE is able to determine which ciphering key should be used for deciphering. But, in the static relocation process, as the downlink message carrying the security capability of the target RNC is directly sent to the UE by the target RNC, the message should be protected by a ciphering key between the target RNC and the UE. However, after receiving the message, the UE is unable to know the security capability of the target RNC. Therefore the UE is unable to determine whether the traditional ciphering key or the enhanced ciphering key should be used to decipher the message.
At present, there is a proposed solution that, for static SRNC relocation, the source RNC first performs a intra-RNC SRNC relocation. That is, in this case the target RNC and the source RNC are the same SRNC. During this process, the SRNC updates the enhanced key. As the target RNC is the source RNC and the UE knows the security capability of the source RNC, after receiving the first downlink message sent by the target RNC (here, the source RNC), the UE is able to determine whether the traditional air interface key or the enhanced air interface key should be used to decipher the message. Then, the source RNC performs the inter-RNC relocation. During this process, the air interface key is not updated according to the UMTS mechanism. That is, the source RNC directly sends the enhanced keys IKU and CKU to the target RNC. In this way, as IKU and CKU have been updated during the intra-RNC relocation process, the purpose of updating the air interface keys during static SRNC relocation is realized.
However, in the above solution, if the static relocation is triggered by the cell update or UMTS Registration Area (URA) update process, if the UE moves too fast, the UE is very likely to be disconnected from the source RNC when the intra-RNC relocation is not completed. Thus the SRNC relocation time is prolonged and the UE disconnection risk is increased.