At present, in all kinds of communication systems and particularly in mobile communication systems, the implementation of security communication is of great importance for guaranteeing security of information transmitted between subscribers. Therefore, it is necessary to protect the data being transmitted with encryption. Generally, encrypting the data for protection means an encryption algorithm is adopted by both the communication sides. The transmit side encrypts the data to be transmitted with a selected encryption algorithm and then transmits the encrypted data, which is decrypted with the selected algorithm after being received by the receive side.
In the prior 3rd Generation Wideband Code Division Multiple Access (3G WCDMA) mobile communication system, encryption protection can be used during the information transmission process between a User Equipment (UE) and the access network, namely between UE and the UMTS Terrestrial Radio Access Network (UTRAN). In this security communication process, the algorithm adopted by both sides is stored in UE and Radio Network Controller (RNC) of the access network respectively. Actually, the RNC stores the encryption algorithms supported by the Core Network (CN). The selection of encryption algorithm is implemented through comparing the algorithms supported by UE and the available algorithms designated by CN with the RNC. Since each encryption algorithm corresponds to one single identifier for User Encryption Algorithm (UEA), the RNC determines an encryption algorithm through comparing the UEAs. According to prescription of the prior WCDMA standard, a UEA occupies 4 bits, in which “0000” is defined as no encryption and “0001” is defined as standard KASUMI encryption algorithm. The other 14 values are undefined and can be used as reservation UEAs for self-defining usage.
As is shown in FIG. 1, the specific implementing process of the prior encryption protection is as follows.
1) Firstly, a Radio Resource Control (RRC) connection is established. Then UE sends the security information to the access network after the successful connection.
When a subscriber is calling or is being called, the high layer of UE will notify the access layer to establish a RRC connection, in more detail, to establish a RRC connection between UE and RNC of the access network. After the successful connection, UE sends its security capability information to RNC of the access network by way of a RRC CONNECTION COMPLETE message. RNC stores relevant security information including the UEAs supported by UE.
2) CN initiates establishment of security mode.
When CN initiates establishment of security mode, the Visiting Location Register (VLR) of CN determines which UEA shall be selected for use and sends RNC a SECURITY MODE COMMAND message carrying the UEAs and Cipher Key (CK).
3) RNC processes the received SECURITY MODE COMMAND.
RNC selects a UEA according to the received UEAs and the stored UEAs supported by UE. Then RNC sends UE a SECURITY MODE COMMAND message carrying the selected UEA.
4) The process after UE receives SECURITY MODE COMMAND is implemented.
After receiving SECURITY MODE COMMAND, UE sets the local UE security capability parameter as the received UE security capability parameter. Meanwhile UE sends SECURITY MODE COMPLETE message to RNC of the access network, which means the security mode has been successfully set.
5) Access network receives SECURITY MODE COMPLETE message.
After receiving the SECURITY MODE COMPLETE message, RNC of the access network sends the SECURITY MODE COMPLETE message, which carries the selected UEA, to the VRL of CN.
6) The process of encryption protection is completed.
After receiving SECURITY MODE COMPLETE message, VLR of CN completes setting of its own security mode and then waits until the predetermined time is due, after which security communication between UE and UTRAN begins. During this communication, the encryption algorithm corresponding to the selected UEA is employed to encrypt or decrypt data.
Due to the particularity of password application and in consideration of the information safeness and security of one's country or network, different countries or service providers prefer to use their individual encryption algorithms respectively in order to prevent uncertain loss which results from the ease of decrypting the password. Thus, besides the standard encryption algorithm, those countries or service providers needing private encryption algorithms can select one of the 14 reserved UEAs as the identifier of their independent and self-developed encryption algorithm. Thus, the system may support two encryption algorithms. In the communication procedure, if more than one encryption algorithm is available, the service providers tend to designate the one more suitable to the present situation than others. For instance, if the two subscribers in the same country both support standard encryption algorithm and domestic encryption algorithm, the latter shall be designated for domestic communication in priority; if the two parts have no the same encryption algorithm while security communication is required by CN, normal communication cannot be realized between UEs.
However, since there is no unified prescription concerning use of the reserved UEAs, every country or service provider can choose any one of the reserved UEAs. So, the problem of encryption algorithm identifier conflict may occur during the roaming of mobile subscribers. For example, a Chinese service provider selects “0010” as domestic UEA while an American service provider also selects “0010” as domestic UEA. The two “0010” correspond to different encryption algorithms despite of the same value. Then, when a subscriber of a Chinese service provider roams to America and the encryption algorithms are consulted, a normal connection will be established between both parts because of their equal UEA value, but normal communication cannot be realized because of different encryption algorithms.