Methods, apparatuses and computer program products enabling to improve handover security in mobile communication networks

What is claimed is: 1. An apparatus comprising: a memory unit; and a processor connected to the memory unit, wherein the apparatus is configured to interface with at least one access node, and wherein the processor and the memory unit are configured at least to: process one or more higher level security keys received from a network entity to derive at least one local level security key within an established security context for a terminal; forward said derived at least one local level security key to the at least one access node; and invoke a context modification procedure to re-adjust the at least one local level security key with at least one local level security key maintained at the terminal within the established security context, wherein a re-keying procedure for the at least one access node is performed in which a network access stratum security mode command procedure is initiated, and an updated network access stratum count parameter of a most recent network access stratum security mode command message is obtained, with the updated network access stratum parameter being used to derive a new key for the at least one access node computed based on an existing higher level security key, the new key being provided to the at least one access node for a radio resource control reconfiguration performed between the at least one access node and a terminal, and the re-keying procedure being performed without performing an Authentication and Key Agreement procedure. 2. The apparatus according to claim 1 , wherein the at least one local level security key is a next hop (NH) key and a next hop chaining counter (NCC) being used as a key. 3. The apparatus according to claim 1 , wherein a trigger condition is verified by the apparatus, and wherein the trigger condition represents a number of past failed handovers concerning the interface between the apparatus and a second access node. 4. The apparatus according to claim 3 , wherein the number of past failed handovers depends on a maximum number of a next hop chaining counter (NCC) as at least one of the local level security keys. 5. The apparatus according to claim 1 , wherein the context modification procedure invoked is a terminal context modification procedure associated with the terminal to be handed over. 6. The apparatus according to claim 5 , wherein the processor and the memory unit are configured at least to: compose a terminal context modification request message comprising a latest one of the at least one local level security key, wherein a next hop chaining counter (NCC) as at least one of the local level security key is included in a distinct information element; and forward the distinct information element to a first access node. 7. The apparatus according to claim 1 , wherein the context modification procedure invoked is a network access stratum security mode procedure associated with the terminal to be handed over. 8. The apparatus according to claim 7 , wherein the control unit and the processor are further configured at least to: initiate a new network access stratum security mode procedure based on an evolved key set identifier (eKSI) and associated algorithms; obtain, based on the new network access stratum security mode procedure, the updated network access stratum parameter for such procedure; process the obtained updated parameter together with an intermediate base key of an access security management entity (K_ASME) to derive a fresh access node base key (K_eNB) as the at least one of the local level security key; and forward the fresh access node base key to the access node. 9. A method comprising: processing one or more higher level security keys received from a network entity to derive at least one local level security key within an established security context for a terminal; forwarding said derived at least one local level security key to at least one access node; and invoking a context modification procedure to re-adjust the at least one local level security key with at least one local level security key maintained at the terminal within the established security context, wherein a re-keying procedure for the at least one access node is performed in which a network access stratum security mode command procedure is initiated, and an updated network access stratum count parameter of a most recent network access stratum security mode command message is obtained, with the updated network access stratum parameter being used to derive a new key for the at least one access node computed based on an existing higher level security key, the new key being provided to the at least one access node for a radio resource control reconfiguration performed between the at least one access node and a terminal, and the re-keying procedure being performed without performing an Authentication and Key Agreement procedure. 10. The method according to claim 9 , wherein the at least one local level security key is a next hop (NH) key and a next hop chaining counter (NCC) being used as a key. 11. The method according to claim 9 , wherein a trigger condition is verified by the another network entity, and wherein the trigger condition represents a number of past failed handovers concerning the interface between another network entity and a second access node. 12. The method according to claim 11 , wherein the number of past failed handovers depends on a maximum number of a next hop chaining counter (NCC) as at least one of the local level security keys. 13. The method according to claim 9 , wherein the context modification procedure invoked is a terminal context modification procedure associated with the terminal to be handed over. 14. The method according to claim 13 further comprising: composing a terminal context modification request message comprising a latest one of the at least one local level security key, wherein a next hop chaining counter (NCC) as at least one of the local level security key is included in a distinct information element; and forwarding the distinct information element to a first access node. 15. The method according to claim 9 , wherein the context modification procedure invoked is a network access stratum security mode procedure associated with the terminal to be handed over. 16. The method according to claim 15 , further comprising: initiating a new network access stratum security mode procedure based on an evolved key set identifier (eKSI) and associated algorithms; obtaining, based on the new network access stratum security mode procedure, the updated network access stratum parameter for such procedure; processing the obtained updated parameter together with an intermediate base key of an access security management entity (K_ASME) to derive a fresh access node base key (K_eNB) as the at least one of the local level security key; and forwarding the fresh access node base key to the access node. 17. A computer program product embodied on a non-transitory computer-readable medium, said product comprising computer-executable components which, when the program is run on a computer, are configured to perform the method steps according to claim 9 . 18. A system comprising an access node, a user equipment, and an apparatus, the apparatus comprising: a memory unit; and a processor connected to the memory unit, wherein the apparatus is configured to interface with at least one access node, and wherein the processor and the memory unit are configured at least to: process one or more higher level security keys received from a network entity to derive at least one local