In an LTE (long term evolution, long term evolution) security architecture, a security system is divided into three parts: a radio plane, a transmission plane, and a maintenance plane.
To tackle transmission threats, a base station (Evolved NodeB, base station) uses an IPSec (IP Security) mechanism to ensure secrecy, integrity and availability of transmission. The IPSec mechanism uses IKE (internet key exchange, internet key exchange) negotiation to perform bidirectional authentication between nodes.
In a scenario that a security gateway (security gateway) exists, when the base station needs to be connected with the security gateway through IKE, the base station downloads a CRL (certificate revocation list, certificate revocation list) file from a CRL server first, and then uses the CRL file to authenticate a digital certificate of the security gateway. In the authentication process, the local time of the base station is used as a basis for judging whether the digital certificate of the security gateway is in a validity period.
Generally, a time server is located in a core network after the security gateway. After an IKE connection is set up between the base station and the security gateway, the local time of the base station may be checked against the time of the time server in the core network.
Currently, in the case that the base station is powered off or stops service interaction with the security gateway in a long time, the time on the base station is reset to a default value (such as January 2008). If the time of the base station is not checked through a GPS (global positioning system, global positioning system), the base station is unable to obtain the time on the time server before connecting to the security gateway. Consequently, the local time of the base station is not correct, and the actually valid digital certificate of the security gateway is unable to pass the authentication, or the actually expired digital certificate of the security gateway passes the authentication, which imposes security threats.
A solution in the prior art is: installing a clock component powered by a battery on the base station. The base station reads correct time from the clock component to align the local time.
In the implementation of the present disclosure, the inventor finds at least the following defects in the prior art.
In the solution put forward in the prior art, a time component and a battery need to be installed on the base station additionally, which increases the cost. Moreover, after the base station is connected with the security gateway, the base station checks time through the time server once obtaining the address of the time server, and the base station does not need the clock component any longer, which leads to waste of resources.