The 3rd Generation Partnership Project (3GPP) adopts Orthogonal Frequency Division Multiplexing (OFDM) and Multiple-Input Multiple-Output (MIMO) technologies in Release7 to finish a future evolution path HSPA+ of High Speed Downlink Packet Access (HSDPA) and High Speed Uplink Packet Access (HSUPA). HSPA+ is an enhancement technology of 3GPP HSPA (including HSDPA and HSUPA), providing an approach of smooth evolution from HSPA to Long Term Evolution (LTE) with low complexity and low cost for the HSPA operator.
HSPA+ improves the peak data rate and spectrum efficiency by using technologies such as high order modulation (e.g., downlink 64 Quadrature Amplitude Modulation (QAM) and uplink 16QAM), MIMO, combination of high order modulation and MIMO, etc. On the other hand, in order to better support the packet service, HSPA+ further adopts a series of other enhancement technologies in order to increase user capacity, reduce time delay and terminal power consumption, improve support of Voice over IP (VoIP), enhance multicast/broadcast capability of the system, and so on.
In comparison with HSPA, HSPA+ transfers, in its system architecture, the function of the Radio Network Controller (RNC) to a base station Node B, forming a completely flat radio access network architecture, as shown in FIG. 1, in which the dotted line connection indicates Gn User Plane (UP, U-Plane) with a direct tunnel, and the solid line connection indicates Gn UP without direct tunnel. Wherein the Node B integrating the entire RNC function is called Evolved HSPA Node B or enhanced Node B (Node B+). SGSN+ is a Service GPRS (General Packet Radio System) Support Node (SGSN) that is updated to support HSPA+ security function. ME+ is a user terminal equipment capable of supporting HSPA+ security function. An evolved HSPA system can use the 3GPP Rel-5 and later versions of air interface, without any modification of HSPA service of air interface. With this scheme, each Node B+ becomes a node equivalent to the RNC, which has an Iu-PS interface and is capable of direct connection with a PS Core Network (CN), wherein the Iu-PS user plane terminates at the SGSN, and when the network supports direct tunnel function, the Iu-PS user plane can also terminate at a Gateway GPRS Support Node (GGSN). The communication between evolved HSPA Node Bs is performed through an Iur interface. The Node B+ has the capability of independent networking, and supports the entire mobility function, including inter-system switching and intra-system switching.
As the data of U-Plane can directly reach the GGSN without passing through the RNC after flattening, this means that the function of encryption and integrity protection of the user plane has to be moved to the Node B+. The enhanced security key hierarchy of currently defined HSPA+ is as shown in FIG. 2, in which the definitions of the root key (K), Ciphering Key (CK), and Integrity Key (IK) are identical with those in the Universal Mobile Telecommunications System (UMTS). Namely, the root key K is the one stored in the Authentication Center (AuC) and Universal Subscriber Identity Module (USIM), and the ciphering key CK and integrity key IK are those calculated from the root key K when the user equipment performs Authentication and Key Agreement (AKA) with the HSS (Home Subscriber Server).
In the UMTS, the RNC performs encryption and integrity protection on the data using the ciphering key CK and integrity key IK. However, as in the HSPA+ architecture, the function of the RNC is completely transferred to the base station Node B+, both encryption and decryption have to be performed at the Node B+. Meanwhile, the security of the Node B+ is not particularly high as the Node B+ is located in unsecured environment. Therefore, HSPA+ introduces a key hierarchy similar to Evolved Universal Terrestrial Radio Access Network (EUTRAN), i.e., UTRAN key hierarchy. In the UTRAN key hierarchy, the intermediate key KRNC (also called KASMEU) is the key newly introduced by HSPA+, and is derived from the ciphering key CK and integrity key IK. Further, the KASMEU generates CKU and IKU, where the CKU is configured to encrypt the user plane data and control plane signaling, and the IKU is configured to perform integrity protection on the control plane signaling. For clarity, in the specification, the CK and IK are called legacy air interface keys (i.e., legacy keys), and the CKU and IKU are called enhanced air interface keys (i.e., enhanced keys).
In the WCDMA (Wideband Code Division Multiple Access) system, due to the introduction of Iur interface, concepts of Serving RNC (SRNC) and Drift RNC (DRNC) are created. Both SRNC and DRNC are logical concepts with respect to a specific user equipment (UE). That is, for the UE, among the connections between the UE and the CN, the RNC directly connected with the CN and in control of all resources of the UE is called the SRNC of the UE; among the connections between the UE and the CN, the RNC not connected with the CN and merely provides resources for the UE is called the DRNC of the UE. The connected UE must and only have one SRNC, and may have no DRNC, or have one or more DRNCs.
SRNC relocation means the process that the SRNC of the UE shift from one RNC to another. According to different location of the UE before and after relocation, the relocation can be classified as static relocation and accompanied relocation, or as UE-not-involved relocation and UE-involved relocation.
The condition that static relocation occurs is that the UE is connected from one and only one DRNC. As no UE is involved in the relocation process, it is also called UE-not-involved relocation. After relocation, the connection of Iur interface is released, the Iu interface relocates, and the original DRNC becomes an SRNC, as shown in FIG. 3. Static relocation is caused by soft handover. Because of the Iur interface, the relocation is not very urgent and starts after all the radio links are connected to the DRNC.
Accompanied relocation means the process that the UE is handed over to the target RNC from the SRNC in a hard handover manner, and the Iu interface changes simultaneously, as shown in FIG. 4. As UE is involved in the relocation process, it is also called UE-involved relocation.
In the UMTS system, both the ciphering key CK and the integrity key IK do not change before and after SRNC relocation. The DRNC obtains integrity protection information (including integrity key IK and the allowed integrity protection algorithm) and/or ciphering information (including ciphering key CK and the allowed ciphering algorithm) of the UE from the SRNC or SGSN.
In SRNC relocation involved in HSPA+, the Node B+ may be considered as the combination of Node B and RNC. The two are one physical entity, but may still be considered as two different logic entities. Therefore, in the specification, the logic module within the Node B+ supporting HSPA+ key hierarchy may also be considered as the upgraded RNC in the UMTS. For clarity, it is called RNC+ in this specification. Therefore, the SRNC+ and the source Node B+ are identical, and the DRNC+ and the target Node B+ are identical in this specification.
In the actual network layout, the enhanced network entity supporting HSPA+ security function and the legacy network entity not supporting HSPA+ coexist, and enhanced user equipment and the legacy user equipment coexist. Therefore, when SRNC relocation occurs, there exists a scenario when the user equipment relocates from an enhanced SRNC+ to a legacy target RNC, or a scenario when the user equipment relocates from a legacy SRNC+ to an enhanced target RNC. For example, in the latter case, as the legacy RNC cannot identify the enhanced security capability of the user equipment reported in the initial attach request, during the preparation of SRNC relocation, it is possible that the SRNC has not informed the target RNC of the enhanced security capability of the user equipment in the relocation request message sent by the SRNC to the target RNC; hence the target RNC cannot learn whether the user equipment has the enhanced security capability until receiving the first message (Physical Channel Reconfiguration Complete message or UTRAN Mobility Information Confirm message) sent by the user equipment. However, as provided in the UMTS Standards, the SRNC can decide to let the target RNC send Downlink Dedicated Control Channel (DL DCCH) message (carried in an information unit “RRC information, target RNC to source RNC”) and perform integrity protection on the message. After receiving the DL DCCH, the SRNC directly forwards it to the user equipment. It is very likely that the target RNC cannot learn whether the user equipment supports enhanced security or not when sending the message. Hence the target RNC cannot decide whether it should perform integrity protection on the field using the legacy key IK or using the enhanced key IKU. As a result, the relocation process cannot be accomplished normally and the air interface key cannot be enabled normally.