| 摘要 |
The invention relates to methods for establishing a secure communication link between a mobile station and a secondary base station in a mobile communication system. The invention is also providing mobile communication system for performing these methods, and computer readable media the instructions of which cause the mobile communication system to perform the methods described herein. Specifically, the invention suggests that in response to the detected or signaled potential security breach, the master base station increments a freshness counter for re-initializing the communication between the mobile station and the secondary base station; and the mobile station and the secondary base station re-initialize the communication there between. The re-initialization is performed under the control of the master base station and further includes deriving a same security key based on said incremented freshness counter, and establishing the secure communication link utilizing the same, derived security key. |
| 主权项 |
1. A method for establishing a secure communication link between a mobile station and a secondary base station in a mobile communication system comprising the mobile station, a master and the secondary base station, the mobile station being initialized for communication with the master and the secondary base station,
detecting, by the master or by the secondary base station, a potential security breach including:
a condition where a sequence counter of packet data units of an established secure communication link between the mobile station and the secondary base station is to wrap-up since initialization of the communication between the mobile station and the secondary base station, anda condition where a communication link identification is to be reused for establishing the secure communication link with the secondary base station since initialization of the communication between the mobile station and the secondary base station; and, in case the potential security breach is detected by the secondary base station, signaling the detected security breach to the master base station; incrementing, by the master base station, in response to the detected or signaled potential security breach, a freshness counter for re-initializing the communication between the mobile station and the secondary base station; and re-initializing, by the mobile station and by the secondary base station, the communication there between, the re-initializing step being performed under the control of the master base station and further includes deriving a same security key based on said incremented freshness counter, and establishing the secure communication link utilizing the same, derived security key. |
