In a mobile communication system, a User Equipment (UE) generally needs to handover between base stations when moving from a local base station to a target base station. The Radio Access Networks (RANs) of base stations include: Second Generation (2G) system, Third Generation (3G) system, and the Long Term Evolution (LTE) system to be launched in the future. The security protection levels and protection measures between a UE and a RAN are different from those between the UE and another RAN.
FIG. 1 shows structure of two security-related layers in the LTE system. As shown in FIG. 1, the Xu interface, S1-C interface, S1-U interface, and X2 interface have security requirement. In an LTE system, the base station is in a locale vulnerable to attacks. Therefore, the base station is not as secure as the Radio Network Controller (RNC) in the Universal Mobile Telecommunications System (UMTS).
In the process of base station handover between the 2G system and the 3G system, the UE needs to negotiate the security parameters as regards only the access layer with the base station in the 2G system or 3G system. In the process of base station handover from the 2G or 3G system to the LTE system, more security information needs to be negotiated between the UE and the LTE system, and a higher security level is also required. The UE needs to negotiate the security parameters as regards both the access layer and the non-access layer with the base station of the LTE system. Therefore, security is crucial for the base station handover from a 2G system or 3G system to an LTE system.
FIG. 2 is a flowchart of negotiating security between the UE and the 2G system or 3G system in the process of base station handover between the 2G system and the 3G system in the conventional art. The negotiation process includes the following steps:
Step 1: The source Base Station Subsystem (BSS) of the UE decides to initiate a handover request according to the measurement report of the UE.
Step 2: The source BSS sends the UE capability information (including the integrity protection algorithm and encryption algorithm supported by the UE) and the key information to the Serving GPRS Support Node (SGSN) of 2G system.
Step 3: The SGSN of 2G system sends the received UE capability information and the key information to the SGSN of 3G system.
Step 4: The SGSN of 3G system sends the received key information and the algorithm supported by the UE to a RNC.
Step 5: According to the received key information and the algorithm supported by the UE, the RNC selects the algorithm supported by the RNC and sends it to the SGSN of 3G system.
Step 6: The SGSN of 3G system sends the algorithm supported by the RNC to the SGSN of 2G system.
Afterward, at the time of sending a handover request acknowledgement to the source access network of the UE, the SGSN of 2G system sends the algorithm supported by the 3G SGSN to the source access network. At the time of sending a handover command to the UE, the source access network sends the algorithm to be used by the target system to the UE, thus completing security negotiation.
In the process of implementing the present invention, the inventor finds that the LTE system has two security-related strata: Non Access Stratum (NAS), and Access Stratum (AS). During handover between the 2G system and the 3G system, the security information handled at the SGSN side relates to the AS only, without relating to the NAS. Therefore, the foregoing process of negotiation between the UE and the 2G system or 3G system cannot be applied to the UE handover from the 2G system or 3G system to the LTE system. That is, no handover solution is currently available to ensure secure handover of the base station from the 2G system or 3G system to the LTE system.