Long Term Evolution (Long Term Evolution, hereinafter referred to as LIE) is a next evolution target of a mobile broadband network standard defined by the Third Generation Partnership Project (Third Generation Partnership Project, hereinafter referred to as 3GPP), which supports operation on paired spectra and unpaired spectra, and may utilize existing and future wireless bands efficiently. FIG. 1 is a schematic structural diagram of an Evolved Universal mobile telecommunications system Terrestrial Radio Access Network (Evolved UMTS Terrestrial Radio Access Network, hereinafter referred to as E-UTRAN) of an access network part in an LTE system. Data interaction and signaling interaction are implemented between Evolved NodeBs (Evolved NodeBs, hereinafter referred to as eNBs) through an X2 interface. An eNB is connected to a Mobility Management Entity (Mobility Management Entity, hereinafter referred to as MME) in an Evolved Packet Core (Evolved Packet Core, hereinafter referred to as EPC) network through an S1 interface; and the eNB is connected to a Serving Gateway (Serving Gateway, hereinafter referred to as S-GW) through the S1 interface.
FIG. 2 is a schematic diagram of a security architecture of an LTE System Architecture Evolution (LTE System Architecture Evolution, hereinafter referred to as LTE-SAE) system. The LTE-SAE system has the following two layers security protection: One layer is an Access Stratum (Access Stratum, hereinafter referred to as AS) between User Equipment (User Equipment, hereinafter referred to as UE) and the eNB, which is mainly configured to provide security protection for Radio Resource Control (Radio Resource Control, hereinafter referred to as RRC) signaling between the UE and the eNB, and for user data on a User Plane (User Plane, hereinafter referred to as UP), including encryption protection and integrity protection for the RRC signaling, and encryption for the user data on the UP; and the other layer is a Non Access Stratum (Non Access Stratum, hereinafter referred to as NAS) between the UE and the MME, which is mainly configured to provide security protection for an NAS signaling between the UE and the MME, including encryption protection and integrity protection for the NAS signaling.
In the LTE-SAE system, capability of a UE includes UE radio capability (UE radio capability) and UE network capability (UE network capability). The UE radio capability is applied between the UE and the eNB, and is primarily embodied in an AS security algorithm list supported by the UE for the AS. It is assumed that a set of algorithms in the AS security algorithm list is represented as {A}. The UE network capability is applied between the UE and the MME, including security capability of the UE in the NAS, and is embodied in an NAS security algorithm list supported for the NAS. It is assumed that a set of algorithms in the NAS security algorithm list is represented as {B}. Security protection for data and signaling is started after successful startup of a security mode of the AS and the NAS. After the security mode of the AS and the NAS is started, the UE reports AS security algorithm {A} and NAS security algorithm {B} to network entities eNB and MME respectively. It is assumed that a security algorithm list of security algorithm supporting capability of the eNB is represented as {a}, and a security algorithm list of security algorithm supporting capability of the MME is represented as {b}. The eNB selects security algorithms of the AS from {{A}∩{a}}, and the selected algorithms include an RRC encryption algorithm, namely, Evolved Packet System (Evolved Packet System, hereinafter referred to as EPS) AS signaling Encryption Algorithm (EPS AS Encryption Algorithm, hereinafter referred to as EAEA), an RRC integrity protection algorithm, namely, EPS AS signaling Integrity protection Algorithm (EPS AS Integrity Algorithm, hereinafter referred to as EAIA), and a user plane encryption algorithm, namely, EPS User-plane Encryption Algorithm (EPS User-plane Encryption Algorithm, hereinafter referred to as EUEA). The MME selects security algorithms of the NAS from {{B}∩{b}}, and the selected algorithms include an EPS NAS Encryption Algorithm (EPS NAS Encryption Algorithm, hereinafter referred to as ENEA), and an EPS NAS Integrity protection Algorithm (EPS NAS Integrity Algorithm, hereinafter referred to as ENIA).
In the UE, the AS security algorithm list is the same as the NAS security algorithm list, that is, set {A}=set {B}. When the AS security algorithm list in the UE includes the security algorithm list of the eNB, and the NAS security algorithm list in the UE includes the security algorithm list of the MME, that is, when {a} is included in {A}, and {b} is included in {B}, the AS security algorithms selected by the eNB may be the same as the NAS security algorithms selected by the MME; and moreover, the AS security algorithm list in the UE includes the RRC signaling security algorithm and a UP security algorithm. Therefore, the RRC signaling security algorithm selected according to the prior art is the same as the UP security algorithm. In the LTE-SAE system, the UE and the network entity may support multiple types of security algorithms, and complexity and overheads of different security algorithms are different. Generally, algorithms with higher security level have a greater overhead and complexity. Different data types, service types and user requirements may require different security algorithms, or even no security protection is required. Therefore, it is not necessary to apply the same security algorithm to all services. However, in the prior art, based on different data types, service types and user requirements, the network entities eNB and MME cannot select a corresponding AS security algorithm and NAS security algorithm, and therefore, different security protection for the corresponding service cannot be performed according to different data types, service types and user requirements.