KR101094057B1 - Method and apparatus for processing an initial signalling message in a mobile communication system - Google Patents

Abstract

A method and apparatus for ensuring integrity / checking and encrypting / decrypting an initial signaling message transmitted and received for signaling connection or data transmission in a mobile communication system are disclosed. According to the present invention, a terminal or a wireless access network of a mobile communication system generates an initial signaling message, performs integrity guarantee (or integrity and encryption operation) on the generated message, and transmits an encrypted initial signaling message. do. The encrypted initial signaling message is a message transmitted from the terminal to the radio access network (or to the core network) or a message transmitted from the radio access network (or from the core network) to the terminal. This invention can eliminate the risk of information leakage or attack on the air interface by ensuring integrity (or integrity and encryption) on the initial signaling message for signaling connection or data transmission.

Mobile communication system, initial signaling message, encryption / decryption, integrity / check

Description

METHOD AND APPARATUS FOR PROCESSING AN INITIAL SIGNALLING MESSAGE IN A MOBILE COMMUNICATION SYSTEM}

1 is a diagram illustrating a flow of an initial signaling message processing operation in a mobile communication system according to the prior art.

Figure 2 shows the processing flow of encryption / decryption and integrity / check according to the prior art, respectively.

3 is a diagram showing the structure of a mobile communication system to which the present invention is applied;

4 illustrates a flow of an initial signaling message processing operation according to a first embodiment of the present invention.

5 shows an example of the format of an initial uplink message used in the processing flow shown in FIG.

6 is a diagram showing a processing flow of encryption / decryption and integrity / check respectively according to the first embodiment of the present invention.

FIG. 7 is a diagram illustrating a processing flow of an operation performed in the network node shown in FIG. 3 for an initial signaling message processing operation according to the first embodiment of the present invention.

8 is a diagram illustrating a processing flow of an operation performed in the terminal shown in FIG. 3 for an initial signaling message processing operation according to the first embodiment of the present invention.

9 illustrates a flow of an initial signaling message processing operation according to a second embodiment of the present invention.

FIG. 10 is a diagram illustrating a processing flow of an operation performed at a network node for an initial signaling message processing operation according to a second embodiment of the present invention. FIG.

11 is a diagram illustrating a processing flow of an operation performed in a terminal for an initial signaling message processing operation according to a second embodiment of the present invention.

12 illustrates a configuration of a network node for an initial signaling message processing operation according to embodiments of the present invention.

13 illustrates a configuration of a terminal for an initial signaling message processing operation according to embodiments of the present invention.

14 is a view showing a flow of an initial signaling message processing operation according to a third embodiment of the present invention.

FIG. 15 is a diagram illustrating a processing flow of operations performed in a network node (E-RAN) for an initial signaling message processing operation according to a third embodiment of the present invention. FIG.

16 illustrates a flow of an initial signaling message processing operation according to a fourth embodiment of the present invention.

FIG. 17 is a diagram illustrating a processing flow of operations performed at a network node (E-RAN) for an initial signaling message processing operation according to a fourth embodiment of the present invention. FIG.

The present invention relates to a mobile communication system, and more particularly, to a method and apparatus for processing an initial signaling message for signaling connection or data transmission.

With the development of communication technology, the services provided by the mobile communication system using the wideband Code Division Multiple Access method are not only conventional voice services but also packet service communication and multimedia services that transmit large amounts of data. It is developing into multimedia broadcasting / communication that can be transmitted. An example of such a system is the Universal Mobile Telecommunication Service (UMTS) system, which is a third generation mobile communication system of the European type, which is being discussed by the 3rd Generation Partnership Project (3GPP) standard body. The mobile communication system (hereinafter referred to as 3GPP system) discussed in 3GPP is capable of transmitting packet-based text, digitized voice or video, and multimedia data at a high speed of 2Mbps or more regardless of where mobile phone or computer users are in the world. Provide consistent services. In such a 3GPP system, a ciphering / deciphering operation and an integrity check operation are performed during control signaling or data transmission.

1 is a diagram illustrating a processing flow according to the prior art of an initial signaling operation in a mobile communication system such as a 3GPP system. Specifically, FIG. 1 shows that an encryption / decryption operation and an integrity guarantee / check operation are performed during control signaling or data transmission in the current 3GPP system.

In FIG. 1, 101 UE represents a terminal, 102 represents a Radio Network Controller (RNC), and 103 represents a Serving General Packet Radio Services (SGSN) Support Node (SGSN). Indicates. The terminal 101 refers to a terminal device or a subscriber participating in wireless communication and is wirelessly connected to a Node B. Although not shown in the figure, the Node B manages the cells with a wireless base station apparatus that is directly involved in communication with the terminal 101. The RNC 102 controls a plurality of Node Bs and controls radio resources. The RNC 102 is connected to a Packet Switched Service (hereinafter referred to as "PS") network by SGSN 103. The SGSN 103 manages service billing-related data of each subscriber and selectively transmits and receives data to and from the terminal through a SRNC (Serving RNC) that manages the terminal. In a 3GPP system, a terminal, a node B, and an RNC are collectively called a radio access network (RAN), and later nodes including an SGSN are called a core network (CN).

In step 111, the terminal 101 transmits a message to the RNC 102 to establish a signaling connection with the network without having an RRC (Radio Resource Control) connection. The message transmitted in step 111 includes information such as ID information of the terminal, a reason for the RRC connection establishment, and a measurement result. In response to the message transmitted in step 111, the RNC 102 transmits a message to the terminal 101 to accept the RRC connection establishment request in step 112. The message transmitted in step 112 includes information such as a signaling link, a transport channel, a physical channel, and the like. The terminal 101 receiving the message transmitted in step 112 transmits a message to the RNC 102 to confirm RRC connection establishment in step 113. The message transmitted in step 113 includes information such as START, UE Radio Access Capability, UE System Specific Capability, and the like. START is a parameter used in an algorithm for encryption and an algorithm for integrity guarantee, which will be described in detail later with reference to FIG. 2. The radio access capability of the terminal includes terminal capability information on a Packet Data Convergence Protocol (PDCP), Radio Link Control (RLC), RF, measurement, and the like, and also includes security related capability information of the terminal. The security related capability information of the terminal includes an encryption / decryption algorithm (hereinafter referred to as UEA) and an integrity / check algorithm (UMTS Integrity-check Algorithm (hereinafter referred to as UIA)) supported by the terminal.

Through the RRC connection establishment procedure of steps 111, 112, and 113, the terminal 101 informs the RNC 102 of information on the encryption / decryption algorithm and integrity / check algorithm supported by the terminal and a START value. In step 121, the RNC 102 stores information about an encryption / decryption algorithm and integrity / check algorithm supported by the terminal 101 and a START value received from the terminal.

In step 131, the terminal 101 establishes an RRC connection through the steps 111, 112, and 113 and transmits an initial L3 message, which is an initial signaling message, to the SGSN 103. The initial signaling message may be a message such as SERVICE REQUEST, ROUTING AREA UPDATE REQUEST, ATTACH REQUEST, PAGING RESPONSE, etc., which is an initial message transmitted by the terminal 101 to the SGSN 103 for registration or service request of the terminal. . The message transmitted in step 131 includes information such as UE identity and key set identifier (KSI). KSI is information indicating a set of encryption / decryption keys, integrity / check keys used for encryption / decryption, integrity / check, which are allocated through the most recent authentication. Upon receiving the KSI, the CN node of SGSN 103 can determine which encryption / decryption key and which integrity / check key should be used for signaling and data transmission. The encryption / decryption key and the integrity / check key must be synchronized at the terminal, the RNC, and the CN node. Step 132 is a process of authentication and generation of a new key. The step 132 does not always occur, and is performed only when the KSI value of the step 131 is '111'. A KSI value of '111' indicates that the set of encryption / decryption keys and integrity / check keys received by the terminal during the most recent authentication process is no longer valid.

In step 141, the SGSN 103 determines priorities of UMAs (UMTS Integrity Algorithms) and UEAs (UMTS Encryption Algorithms) that can be used in the RNC 102, according to priorities. In step 151, the SGSN 103 is information about UIAs and UEAs listed in the priority determined in step 141, and an encryption / decryption key (CK: Ciphering Key) to be used for subsequent signaling and data transmission extracted through the KSI received in step 131. ) And a SECURITY MODE COMMAND message including information such as Integrity Key (IK), etc., to the RNC 102. In step 152, the RNC 102 selects a matching UIA and UEA among the UIAs and UEAs of the priority received in step 151 and the UIAs and UEAs supported by the terminal 101 received in step 113. In this case, when there are a plurality of matching UIAs and UEAs, the highest priority UIA and UEA are selected. In addition, the RNC 102 generates an FRESH value which is an arbitrary variable value. The FRESH value serves as an input parameter of the algorithm for integrity / checking.

In operation 152, an operation for ensuring integrity for downlink (DL) is started. That is, MAC-I (Message Authentication Code-Integrity) is generated by the integrity / check algorithm shown in FIG. 2 to be described later. In step 153, the RNC 102 transmits the UIA and UEA information selected in the step 152, the generated FRESH value, the generated MAC-I value, and the like, to the terminal 101 as a SECURITY MODE COMMAND message. At this time, the RNC 102 checks the radio access capability, the system specific capability, etc. of the terminal 101 received in step 113, and transmits the result to the SECURITY MODE COMMAND message to the terminal 101.

In step 154, the terminal 101 stores UIA and FRESH information indicated by the SECURITY MODE COMMAND message received in step 153, and COUNT-I (COUNT-Integrity) stored through the START value included in the message in step 113. EXpected MAC-I is obtained. At this time, the XMAC-I value is obtained using the integrity / check algorithm as shown in FIG. 2 to be described later. If the obtained XMAC-I value is the same as the MAC-I value of the message received in step 153, the step The message received at 153 is considered intact.

If the integrity check on the received SECURITY MODE COMMAND message is successfully performed in step 154, in step 155, the terminal 101 transmits a SECURITY MODE COMMAND COMPLETE message indicating successful reception of the SECURITY MODE COMMAND message to the RNC 102. . The SECURITY MODE COMMAND COMPLETE message includes the MAC-I value calculated by the terminal 101. In step 156, the RNC 102 compares its own parameters for integrity / check with XMAC-I obtained using the integrity / check algorithm and the MAC-I included in the message received in step 155. Check the integrity of the received message. If the integrity check is successfully passed in step 156, in step 157 the RNC 102 sends a SECURITY MODE COMPLETE message to SGSN 103 as a response message to the SECURITY MODE COMMAND message received in step 151. At this time, the SECURITY MODE COMPLETE message includes the UIA and UEA information selected by the RNC 102.

From steps 161 and 162, an encryption operation is started for signaling or data transmission. In steps 161 and 162 as described above, parameters such as UEA, ciphering key (CK), and COUNT-C (COUNT-Ciphering) required for encryption are exchanged, determined, and synchronized between the terminal 101 and the RNC 102. do. In step 171, the SGSN 103 transmits an initial L3 response message to the terminal 101 as a response message to the message received in step 131. Upon receiving the initial L3 response message, the terminal 101 transmits to the SGSN 103 a PDP CONTEXT REQUEST message, which is attribute information about a service to which an IP address is allocated and started in step 181. The PDP context request message includes a service context, service quality of service (QoS) information, and the like.

Figure 2 is composed of Figures 2a and 2b, respectively, which shows the processing flow of the encryption / decryption and integrity / check operation according to the prior art, respectively. FIG. 2A illustrates an operation principle of an algorithm for integrity / checking, and FIG. 2B illustrates an operation principle of an algorithm for encryption / decryption.

In FIG. 2A, f9 represents an example of an algorithm used to authenticate the integrity of a signaling message. When the terminal 101 or the RNC 102 of FIG. 1 sends a message, COUNT-I, MESSAGE, DIRECTION, FRESH, and IK are input, and the MAC-I is generated by the algorithm f9. Here, COUNT-I represents a 32-bit sequence number, and is configured as a 28-bit RRC Hyper Frame Number (HFN) and a 4-bit RRC Sequence Number (SN). RRC HFN increases by 1 for each RRC SN cycle. The initial COUNT-I value is set to the START value in which the upper 20 bits are stored in the Universal Subscriber Identity Module (USIM) of the terminal, and the lower 8 bits are set to '0'. MESSAGE represents a signaling message itself including a radio bearer (RB) ID. FRESH represents a 32-bit random variable generated by the RNC. DIRECTION is a parameter that distinguishes uplink (UL) and downlink (DL). When the message is transmitted from the terminal to the RNC, a value of '0' is transmitted and the message is transmitted from the RNC to the terminal. Has a value of '1'. The IK is stored in the USIM of the terminal.

The MAC-I is generated by the input of the parameters and algorithm f9, which is generated in a message transmitted by the terminal or the RNC, and the terminal or the RNC receiving the transmission message receives the parameters. Calculate XMAC-I using the same method. The integrity of the received message is determined by comparing the extracted XMAC-I value with the MAC-I value included in the transmission message. That is, if the calculated XMAC-I value and the MAC-I value included in the transmission message are the same, the received message is considered to be intact.

In FIG. 2B, f8 represents an example of an algorithm used for encryption / decryption of a signaling or data message. When the terminal 101 or the RNC 102 of FIG. 1 sends a message, the terminal 101 or the RNC 102 receives COUNT-C, BEARER, DIRECTION, LENGTH, and CK, and is encrypted by the algorithm f8. Here, COUNT-C represents a 32-bit sequence number and has a different configuration of COUNT-C according to Radio Link Control (RLC) TM (Transparent Mode), RLC UM (Unacknowledged Mode), and RLC Acknowledged Mode (AM). . The RLC TM, RLC UM, and RLC AM indicate three transmission modes of a UMTS RLC layer. The RLC TM does not support Automatic Repeat Request (ARQ), and cannot perform concatenation or the like on data units descending from an upper layer, and indicates a mode of transmitting data units descending from an upper layer. Even in the RLC TM, segmentation to a specified size is possible. RLC UM represents a transmission mode that can be connected not only segmentation but also concatenation. The RLC UM does not support ARQ. The RLC AM indicates a transmission mode that supports segmentation, concatenation, and ARQ. COUNT-C consists of {24-bit MAC-d HFN} + {8-bit CFN (Connection Frame Number)} in RLC TM, and {25-bit RLC-HFN} + {7-bit RLC SN in RLC UM }, And in the RLC AM, {20-bit RLC HFN} + {12-bit RLC SN}. Each HFN increases by 1 for each cycle of CFN or RLC SN. The initial COUNT-C value is set to the START value in which the upper 20 bits are stored in the USIM of the terminal, and the remaining lower bits are set to '0'. BEARER represents a 5-bit RB id, DIRECTION is as described in the integrity / check above, and LENGTH determines the length of the keystream block required as 16 bits. CK is stored in the USIM of the terminal.

The keystream block is generated by the input of the parameters and by algorithm f8. The keystream block encrypts a plaintext block and outputs the encrypted text block as a ciphertext block. The terminal or the RNC receiving the encrypted message (block) generates a keystream block in the same way using the parameters it has and decrypts the original simpletext block using the generated keystream block. .

As described above, the encryption / integrity guarantee and the initial signaling transmission method in the current 3GPP system have been described with reference to FIGS. 1 and 2. As shown in FIG. 1, in the current 3GPP system, messages such as an initial RRC CONNECTION REQUEST, an RRC CONNECTION SETUP COMPLETE, and an initial UL L3 message are transmitted unencrypted, and also a method for checking the integrity of the messages. Not providing. In FIG. 1, the integrity guarantee starts in step 152 in case of DL, in step 154 in case of UL, and encryption is performed after the SECURITY MODE COMMAND COMPLETE message is transmitted between the terminal and SGSN. You can see that it starts from.

As described above, since the initial UL message and the initial DL message transmitted for signaling connection or data transmission are not encrypted, important information that operates as a direct input parameter to operate the encryption / decryption algorithm and integrity / check algorithm (eg, There is a risk of START or FRESH) being exposed to attackers on the air interface. In addition, as described above, the UE does not guarantee / check the integrity of the initial UL message or DL message for signaling connection or data transmission, and the terminal or the RNC because the messages are processed without checking the integrity of the messages. There is a risk of being attacked by fake nodes disguised as.

Meanwhile, the 3GPP standards organization is envisioning the Evolution system of the 3GPP system. In the 3GPP evolution system, an initial signaling message such as an initial UL message or an initial DL message for signaling connection or data transmission may include personal information such as an IP address of the terminal and a request service context. In this case, since the personal information is included in the initial signaling message and transmitted without being encrypted or guaranteed integrity, there is a risk of being leaked or attacked by an attacker on the air interface.

Accordingly, an object of the present invention is to provide a method and apparatus for ensuring integrity / checking and encrypting / decrypting an initial signaling message transmitted and received for signaling connection or data transmission in a mobile communication system.

Another object of the present invention is to provide a method and apparatus for removing the risk of personal information being exposed on an air interface, which may be included in an initial signaling message transmitted and received for signaling connection or data transmission in a mobile communication system.

According to a first aspect of the present invention for achieving these objects, a terminal UE, a wireless access network RAN to which the terminal is wirelessly connected, and a core network to which the wireless access network is wired. In a mobile communication system consisting of (CN), a method for processing an initial signaling message for signaling connection or data transmission includes the steps of performing, by the terminal, an integrity guarantee operation on an initial signaling request message for transmission; Transmitting an initial signaling request message on which the integrity guarantee operation is performed to the radio access network, the radio access network receiving and storing the initial signaling request message, and transmitting the initial signaling request message to the core network. And the core network accessing the radio access. In response to receiving the initial signaling request message from the network, transmitting an initial signaling response message to the radio access network, the radio access network receiving the initial signaling response message from the core network, and receiving the initial Checking the integrity of the stored initial signaling request message using a signaling response message, transmitting, by the radio access network, a signaling response message according to the integrity check result to the terminal, and by the terminal, the signaling response message And receiving an integrity check on the received signaling response message.

According to a second aspect of the present invention, a mobile communication system comprising a terminal UE, a wireless access network RAN to which the terminal is wirelessly connected, and a core network CN to which the wireless access network is wired. In one embodiment, a method for processing an initial signaling message for signaling connection or data transmission may include: performing, by the terminal, an integrity guarantee operation on a signaling request message for transmission, and performing a signaling request in which the terminal performs the integrity guarantee operation. Transmitting a message to the radio access network, receiving the signaling request message by the radio access network, forwarding the received signaling request message to the core network as an initial signaling request message, and The forwarded initial signaling request message Receiving an initial signaling response message in response to receiving the received initial signaling request message when the integrity checking is performed on the received initial signaling request message and the core network successfully performs the integrity checking procedure. Transmitting the signal to the wireless access network, receiving the initial signaling response message from the core network by the wireless access network, and transmitting a signaling response message to the terminal as a response to the received signaling request message; And receiving, by the terminal, the signaling response message and checking the integrity of the received signaling response message.

The foregoing has outlined rather broadly the features and technical advantages of the present invention in order that those skilled in the art may better understand the detailed description of the invention that follows.

Additional features and advantages of the invention will be described hereinafter which form the subject of the claims of the invention. Those skilled in the art should recognize that the disclosed concepts and specific embodiments of the invention may be readily used as a basis for modifying or designing other structures for achieving the same purposes of the present invention. Those skilled in the art should also recognize that structures equivalent to the invention do not depart from the spirit and scope of the broadest form of the invention.

DETAILED DESCRIPTION A detailed description of preferred embodiments of the present invention will now be described with reference to the accompanying drawings. It should be noted that reference numerals and like elements among the drawings are denoted by the same reference numerals and symbols as much as possible even though they are shown in different drawings. In the following description of the present invention, if it is determined that a detailed description of a related known function or configuration may unnecessarily obscure the subject matter of the present invention, the detailed description thereof will be omitted.

A. Application System and Principle of the Invention

3 is a view showing the structure of a mobile communication system to which the present invention is applied, and shows an embodiment of a 3GPP Evolution system that is currently being discussed by 3GPP standards organizations.

Referring to FIG. 3, 310 denotes a UE in a 3GPP Evolution system, and 340 denotes an E-RAN (Node B) and RNC (Radio Network Controller) in the existing 3GPP system. Evolved Radio Access Network). As in the existing 3GPP system, the E-RAN may have a form in which the roles of an Evolved Node B 320 and an Evolved Radio Network Controller 330 are physically separated from different nodes. . The Evolved Core Network (E-CN) 350 is a node that combines the functions of SGSN and Gateway GPRS Support Node (GGSN) of the existing 3GPP system, and between the Packet Data Network (PDN) 360 and the E-RAN 340. In this case, an IP address is assigned to the terminal 310 and serves as a gateway for connecting the terminal 310 to the PDN 360. Here, the present invention will be described as an embodiment applied to the 3GPP Evolution system as shown in the drawings, it should be noted that the principle of the present invention can be equally applied to existing 3GPP system or other systems.

That is, the present invention provides a mobile communication including a terminal (UE) 310, a wireless access network (RAN) 340 to which the terminal 310 is wirelessly connected, and a core network (CN) 350 to which the wireless access network 340 is connected by wire. The system is characterized by processing an initial signaling message for signaling connection or data transmission.

According to this aspect of the invention, the terminal or the radio access network generates an initial signaling message, performs integrity and encryption operations on the generated message, and transmits the encrypted initial signaling message. The encrypted initial signaling message is a message transmitted from the terminal to the radio access network or a message transmitted from the radio access network to the terminal.

According to another feature of the invention, the terminal generates an initial signaling message comprising a header, a first field and a message field consisting of a second field for storing information of higher importance than the information stored in the first field. do. Next, the terminal performs an integrity guarantee operation on the generated message. Then, the terminal transmits the partially encrypted initial signaling message to the radio access network by unencrypting the header and the first field of the generated message and encrypting the second field. The first field may include terminal ID information, and the second field may include terminal context information, service context information, location information, and the like for encryption / decryption and integrity / checking operations. The terminal context information may include at least information about an encryption / decryption algorithm and information about an integrity guarantee / check algorithm.

As described above, according to the features of the present invention, the integrity of the initial signaling message for signaling connection or data transmission can be eliminated and the risk of information leakage or attack on the air interface can be eliminated.

According to a specific embodiment of the present invention to be described below, the terminal 310 is signaled using default UEA / UIA / FRESH / START parameters broadcast from Ck, Ik and E-RAN 340 that it has stored in the USIM. Encrypt / enable initial L3 Up-Link (UL) / Down-Link (DL) messages (hereinafter referred to as initial UL / DL messages), which are initial signaling messages for connection or data transmission. Decryption and integrity / check processing. The initial UL / DL message will also be referred to as LTE CONNECTION REQUEST / LTE CONNECTION RESPONSE message below.

When encrypting the initial UL message, the terminal performs partial encryption / decryption instead of encrypting information of all fields included in the initial UL message. That is, the E-RAN receives the initial UL message and does not encrypt the information used for requesting and receiving Ik and Ck information from the E-CN for use in communication with the terminal. The information and the length of the partial unencrypted field are known to each other by the terminal and the E-RAN according to a predefined rule. The terminal and the E-RAN use the default UEA / START value for encryption / decryption of the initial UL message, and use the default UIA / FRESH / START value for integrity / checking.

On the other hand, the terminal and the E-RAN use a default UEA and a START value for encryption / decryption of the initial DL message. This START value informs the E-RAN by the initial UL message of the terminal and is a value confirmed by the E-RAN by the initial DL message. Integrity / checking uses UIA / FRESH and START values, which are values indicated by the E-RAN through an initial DL message and START values by the initial UL message of the terminal. This is the value informed to and confirmed by the E-RAN by the initial DL message. As described with reference to FIG. 2, the START value is used to generate a COUNT-I value in integrity check / check and a COUNT-C value in encryption / decryption.

B. Initial Signaling Message Processing According to the First Embodiment

4 is a diagram illustrating a flow of an initial signaling message processing operation according to a first embodiment of the present invention. An example of performing encryption / decryption and integrity / check operations is illustrated.

In FIG. 4, 401 represents a terminal, 402 represents an E-RAN, and 403 represents an E-CN. In step 411, the E-RAN 402 transmits a default UEA / UIA / FRESH / START to be used for an initial UL / DL message for signaling connection or data transmission through system information broadcast in the cell. Notify

In step 421, when the terminal 401 transmits an initial UL message to the E-CN 403 for registering its initial location with the E-CN 403, or for requesting a service from the E-CN 403, the initial UL message. Performs operations for ensuring integrity and encrypting the data.

First, an operation for ensuring integrity of an initial UL L3 message is performed using Ik stored in the USIM by the default UIA / FRESH / START known through the step 411. That is, the MAC-I is generated using the parameters and the generated MAC-I is included in the initial UL message.

Next, after performing an operation for ensuring integrity for the initial UL message, an encryption operation for the initial UL message is performed. When the encryption operation is performed, information necessary for requesting and receiving Ik and Ck information for use in communication with the terminal 401 after the initial UL message is received by the E-RAN 402 is not encrypted. Otherwise, if encryption is performed for the entire initial UL message, since the E-RAN 402 cannot perform decryption without knowing Ck, the E-CN 403 can request the encryption / decryption-related parameter information of the terminal 401. Because it is not.

The information to be included in the non-encrypted field of the initial UL message includes International Mobile Subscriber Identity (IMSI) and Packet-Temporary Mobile Subscriber Identity (P-TMSI) | Intra Domain NAS (NNAS) including a routing area identity (RAI), a PLMN id indicating a public landmark mobile network (PLMN) selected by the terminal, and route information for establishing a signaling connection with the corresponding E-CN node. Access Stratum) Node Selector), KSI, which is an encryption / integrity key set ID currently stored in the USIM. Fields containing the information are not encrypted, fields containing other information are encrypted. At this time, the positions of the unencrypted fields should be defined in advance. For example, since a rule is defined to ensure that unencrypted information is placed in the message by the size of the information from the beginning of the message, the E-RAN 402 receives the unencrypted portion of the message when the message is received. You should be able to read this information with accuracy. An example of this initial UL message form is shown in FIG. 5 to be described below. The initial UL message is encrypted using the Ck stored in the USIM by the terminal and a default UEA / START value known through step 411.

In step 422, the terminal 401 transmits the initial UL message generated in step 421 to the E-RAN 402. In step 423 the E-RAN 402 receives the generated initial UL message and reads an unencrypted field of the message. In addition, in step 423, the E-RAN 402 sends a KEY_REQUEST message for requesting parameters related to encryption / decryption and integrity / checking, that is, Ik, Ck, UIAs, and UEAs, to the E-CN 403 based on the read field. Create The information necessary for the message and the information on the E-CN to which the message is to be transmitted are included in the unencrypted field in step 422, namely IMSI, P-TMSI | Obtained through RAI, PLMN id, KSI, etc. If the KEY_REQUEST message is generated, the E-RAN 402 stores the received initial UL message.

In step 424, the E-RAN 402 transmits the generated KEY_REQUEST message to the E-CN 403. The KEY_REQUEST message sent at this time includes IMSI, PLMN id, P-TMSI | Information such as RAI, IDNAS, and KSI is included. In step 425, the E-CN 403 receives the KEY_REQUEST message and transmits a response message KEY_RESPONSE to the E-RAN 402. The KEY_RESPONSE message includes information such as Ik, Ck, UIAs, and UEAs. Ik is a key value used for integrity guarantee, Ck is a key value used for encryption, and UIAs and UEAs represent values listing the available integrity algorithms and encryption algorithms by priority.

In step 426, the E-RAN 402 decrypts the undecoded portions of the initial UL message stored in the step 423, and performs an integrity check on the initial UL message. First, the E-RAN 402 performs a decryption operation using the Ck, the default UEA / START included in the KEY_RESPONSE message received in step 425. When decryption is complete, the E-RAN 402 performs integrity check on the initial UL message using Ik, the default UIA / FRESH / START included in the received KEY_RESPONSE message. At this time, the integrity check is performed by calculating XMAC-I using the parameters and checking whether the calculated XMAC-I is equal to the MAC-I included in the initial UL message. If they are equal to each other, the initial UL message is considered to be intact. Further, in step 426, the E-RAN 402 selects a UIA and a UEA to be used in communication with the terminal 401 among a plurality of priority UIAs and UEAs included in the KEY_RESPONSE message, and generates a FRESH random number. In addition, in step 426, the E-RAN 402 may include UIAs supported by the terminal included in the initial UL message received in step 422, UIAs included in the KEY_RESPONSE message received in step 425 based on UEAs information. The UIAs and UEAs having the highest priority among the UEAs and the UEAs matching the UEAs are selected.

In step 427, the E-RAN 402 transmits the initial UL message decoded in step 426 to the E-CN 403. In this case, the entire decoded initial UL message may be transmitted or only information necessary for E-CN may be transmitted. In step 428, the E-CN 403 transmits an initial DL message for signaling connection or data transmission to the E-RAN 402 as a response message to the decoded initial UL message received in step 427. The initial DL message contains the new P-TMSI | RAI, various timer information, network configuration information, and the like may be included.

In step 429, the E-RAN 402 receives the necessary information including the UIA / UEA selected in step 426, the FRESH generated in step 426, and the START value received from the terminal 401 in step 422. The message is included in the message, the MAC-I value is obtained, attached to the message, and the message is encrypted to ensure the integrity of the message. In this case, instead of the default UIA / FRESH / START, the integrity of the initial DL message includes the UIA selected by the E-RAN in step 426, the FRESH generated by the E-RAN in step 426, and the START received through the step 422. Is used. As Ik, Ik included in the KEY_RESPONSE message received in step 425 is used. Although the default UEA is used for encryption for the initial DL message, the START included in the initial UL message received in step 422 is used instead of the default START. As Ck, Ck included in the KEY_RESPONSE message received in step 425 is used. In step 430, the E-RAN 402 transmits the encrypted initial DL message to the terminal 401.

In step 431, the terminal 401 performs decoding using the default UEA, Ck stored in its USIM, and START informed to the E-RAN 402 in step 422. Through this decryption, information on the UIA, UEA, FRESH, which are selected and generated by the E-RAN 402 and included in the initial DL message, and the START to be used for future encryption / integrity guarantee can be determined. However, for the START parameter, it is necessary to check whether the terminal 401 has the same value as informed to the E-RAN 402 through the initial UL message in step 422. If the START parameter included in the initial DL message is not the same as the START value included in the initial UL message in step 422, the procedure may be terminated and restarted. If the START value is the same, Ik stored in the UIA / FRESH and the USIM included in the message in step 430, and in the decoded initial DL message using the START transmitted to the E-RAN 402 in step 422 Perform an integrity check on the The integrity check is made by calculating XMAC-I using the parameter and comparing this calculated X-MAC-I with the MAC-I value included in the initial DL message. If so, then the initial DL message is considered to be intact.

If the decryption / integrity check is successfully performed, the initial UL / DL message transmission for signaling connection or data transmission is completed. For signaling or data transmission after step 431, encryption / decryption using values such as UIA / UEA / FRESH received in step 431, START indicated by E-RAN 402 in step 422, Ik, Ck, etc. stored in the USIM. Perform integrity / check. In step 441, the terminal 401, E-RAN 402 and E-CN 403 perform encryption / decryption and integrity / check on subsequent signaling or transmission data using the above-described parameters.

However, the initial DL message transmitted in step 430 may not include the START value. The reason why the E-RAN 402 includes the START value included in the initial UL message received from the terminal 401 in the step 422 in the initial DL message transmitted in the step 430 is to reconfirm the START value received from the terminal 401. However, if the stability of the initial UL message transmission is assumed, it may not include the START value in the initial DL message. In this case, in step 431, the terminal 401 does not compare the START value included in the initial DL message received in step 430 with the START value included in the initial UL message transmitted in step 422. Integrity checking is performed immediately.

The first embodiment of the present invention as described above can be summarized as follows.

(1) The terminal guarantees integrity and encrypts the initial UL signaling message to be transmitted to the E-RAN, and transmits the encrypted initial UL signaling message to the E-RAN (step 421, step 422). In this case, the signaling message transmitted includes a header and a message field including a first field and a second field storing information of higher importance than information stored in the first field, wherein the header and the first field are stored. Is unencrypted and the second field is an encrypted signaling message.

(2) The E-RAN receives the initial UL signaling message from the terminal, decrypts and integrity checks, and transmits the decrypted initial UL signaling message to the E-CN (step 422, step 426, step 427).

(3) The E-RAN receives an initial DL signaling message from the E-CN after transmitting the decoded initial UL signaling message (step 428).

(4) The E-RAN ensures integrity and encrypts the received initial DL signaling message and sends an encrypted initial DL signaling message to the terminal (step 429, step 430).

(5) The terminal receives the initial DL signaling message from the E-RAN, decrypts and integrity checks (step 430, step 431).

In this first embodiment, the default UIA / UEA / START / FRESH is used for the initial UL message, the UIA, E- is determined based on the information received from the E-CN and the UE in the E-RAN for the initial DL message The FRESH generated by the RAN, the START received from the terminal, and the default UEA are used.

On the other hand, Figure 4 has been described with respect to the embodiment of performing both the integrity guarantee / check and the encryption / decryption for the initial UL / DL message, only performing the integrity guarantee / check for the initial UL / DL message It may not perform encryption / decryption. If only integrity assurance / check for the initial UL / DL message is performed, the E-RAN receiving the 422 message forms a new message by obtaining the information to be transmitted to the E-CN from the received 422 message or the 422 message. Can be sent directly to the E-CN. That is, the message transmission process of 424 and 425 is not performed, and the E-RAN directly transmits a 422 message or a newly formed message as described above to the E-CN as 427, and the Ck, Ik, UEAs, UIAs of 425, etc. Information can be sent via 428 messages. When the E-RAN receives the 428 message, the E-RAN performs an integrity check on the 422 message. In other words, when applying integrity assurance / check only to initial UL and DL messages, 422-> 427 (including information such as IMSI, PLMN id, P-TMSI | RAI, IDNAS, KSI, etc.)-> 428 (Ik, Ck, UIA, Information such as UEA)-> integrity check for 422 messages in E-RAN-> integrity assurance for 430 messages in E-RAN-> 430. At this time, the method of using the integrity guarantee / check applied in the terminal and the E-RAN as shown in FIG. The only difference is that encryption / decryption is not performed. Although not shown in FIG. 4, only the integrity / check operation may be performed on the initial UL message, and the integrity / check operation and the encryption / decryption operation may be applied to the initial DL message. If only integrity / check operation is performed for the initial UL message, and integrity / check operation and encryption / decryption operation are applied to the initial DL message, 422-> 427 (IMSI, PLMN id, P-TMSI | RAI, IDNAS, KSI, etc.)-> 428 (Include information such as Ik, Ck, UIA, UEA, etc.)-> Integrity check for 422 messages in E-RAN-> Guarantee integrity of 430 messages in E-RAN And encryption operation will be executed in the order of -430. At this time, the method using the integrity guarantee / check applied in the terminal and the E-RAN and as shown in FIG. The only difference is that encryption / decryption is not performed on the initial UL message.

FIG. 5 is a diagram illustrating an example of a format of an initial UL message used in the processing flow shown in FIG. 4.

Referring to FIG. 5, an initial UL message is composed of a message field 501 in which a message is stored, and a header field 513 including headers indicating that a message included in the message field 501 is an initial UL message. The message field 501 includes a field 511 to be encrypted and a field 512 to be not encrypted. The header field 513 is an unencrypted field and includes an RLC header 502 and a MAC header 503. The message field 501 includes all or divided portions of an initial L3 message generated for signaling connection or data transmission in an upper layer of the terminal. The reason why the whole or fragmented portion of the initial L3 message is included is that segmentation, concatenation, reassembly, etc. are performed in the RLC layer for the message descending from the upper layer to the RLC layer. to be. The RLC header 502 stores information such as an RLC sequence number (SN) and a length indicator (LI). When the information stored in the RLC header 502 is used, a higher function and an operation of retransmission through ARQ are performed. In this case, the retransmission is performed in units of RLC Protocol Data Units (PDUs), where the RLC PDU is a format of a message passing through the RLC layer and includes the RLC header 502 and the message field 501. When the RLC PDU passes through the MAC layer, which is a lower layer, a MAC header 503 is attached to the RLC PDU to generate a MAC PDU, and the initial UL message as the generated MAC PDU is then transmitted through a physical channel. The MAC header distinguishes a terminal or a channel with ID information of a terminal, transport channel information, and the like.

Encryption is partially performed on the initial UL message of the format as shown in FIG. 5. That is, not all of the initial UL messages included in the message field 501, or some of the divided parts, are encrypted for the field 512 and encrypted for the field 511 field. Not encrypting the field 512 is basically necessary information for the E-RAN receiving the initial UL message to transmit a KEY_REQUEST message for requesting parameters necessary for encryption / decryption and integrity / check operation to the corresponding E-CN. Because. If the entire initial UL message is encrypted, the E-RAN cannot obtain parameters necessary for encryption / decryption and integrity / check operation from the corresponding E-CN. This is because the E-RAN can decode the initial message only when the E-RAN needs to know the necessary parameters, for example, Ik and Ck. The type and size of the information included in the field 512 should be predetermined in advance between the terminal and the E-RAN. This is because the E-RAN can correctly interpret the field 512 portion of the initial UL message. For example, field 512 includes terminal ID information such as IMSI, PLMN id, IDNAS, KSI, and P-TMSI | RAI information and the like. The field 511 is an area including encrypted information of an initial UL message. For example, service context information (SERVICE CONTEXT INFO.) Requested by the terminal, context information (UE CONTEXT INFO.) Of the terminal or user, and location information (LOCATION INFO). .) And the like. These fields 511 contain important terminal context information such as START stored in the USIM of the terminal operating as an input element of encryption / decryption, integrity / check, UIAs / UEAs list supported by the terminal, and MAC-I extracted through integrity assurance. Included. Service context information, terminal context information, location information, and the like, which are not described above, may also include personal information important from the terminal or user's perspective. For example, the service context information may include a service ID, a service quality (QoS), and the terminal context information may include an IP address and an email address. Addr) may correspond to. By encrypting the sensitive or personal information, it is possible to reduce the probability that such information is attacked or leaked on the air interface.

If the initial UL message is received, the E-RAN should be able to recognize that the received message is an initial UL message. To this end, information indicating the initial UL message may be included in the MAC header. In the MAC header, information on a UE ID type, a UE ID, a TCTF, and a C / T may be stored. For example, if a temporary terminal ID of the air interface level has been allocated from the E-RAN before transmitting an initial UL message, the E-RAN uses the temporary terminal ID through the temporary terminal ID by using the temporary terminal ID in a MAC header. It may be determined, and whether or not the initial UL / DL message transmission process for the terminal has already been performed. For example, it can be found through the presence or absence of information such as Ik, Ck, UIA, UEA, etc. for encryption / decryption and integrity / check for the terminal. As another example, if the temporary terminal ID of the air interface level has not been allocated from the E-RAN before transmitting the initial UL message, the UE id type of the MAC header may be set to IMSI, and the IMSI value of the terminal is set to the UE id. Can be set. If the UE id type is set to IMSI in the MAC header and the IMSI value is set in the UE id, the E-RAN may determine the received message as an initial UL message of the terminal. Alternatively, by defining and using a special value indicating that the message is an initial UL message in a UE id type field, the E-RAN may be informed that the message is an initial UL message. In this case, however, the initial UL message should be transmitted in one RLC PDU without being segmented. If a special value indicating the initial UL message is used for the UE id type, the UE id field does not need to be used and a C / T field or an RLC header may immediately follow the UE id type. The E-RAN receiving the initial UL message may know the ID of the terminal through the IMSI value of the unencrypted portion of the initial UL message. The Target Channel Type Field (TCTF) of the MAC header indicates a type of logical channel, and C / T indicates an ID of a logical channel when a plurality of logical channels are transmitted through one transport channel. Indicates.

Although the above-described FIG. 5 assumes that encryption is performed in the RLC layer as in the 3GPP system, even if encryption is performed in the MAC layer, the basic encrypted portion and the portion that should not be encrypted are the same as those of FIG. 5.

FIG. 6 is composed of FIGS. 6A and 6B, which show processing flows of encryption / decryption and integrity / check operations, respectively, according to the first embodiment of the present invention. 6A illustrates an operation principle of an algorithm for integrity / checking, and FIG. 6B illustrates an operation principle of an algorithm for encryption / decryption. It can be described as having a difference from the operation principle in the 3GPP system described in FIG.

Referring to FIG. 6A, an initial COUNT-I is set in a default START to ensure integrity / checking of an initial UL message, FRESH uses a default FRESH, and UIA uses a default UIA. On the other hand, to ensure integrity / check of the initial DL message, the terminal sets the initial COUNT-I in the START stored in the USIM, and uses FRESH and UIA indicated by the initial DL message by the E-RAN. The terminal uses the Ik stored in the USIM, and the E-RAN uses the Ik received through the initial DL message from the E-CN.

The initial COUNT-C is set in the default START to encrypt / decrypt the initial UL message, and the UEA uses the default UEA. On the other hand, the default UEA is used for encryption / decryption of the initial DL message, but the initial COUNT-C is set at the START stored in the USIM. The terminal uses the Ck stored in the USIM, and the E-RAN uses the Ck received through the initial DL message from the E-CN.

7 is composed of FIGS. 7A to 7C, which show a processing flow of operations performed in the E-RAN 402 shown in FIG. 4 for an initial signaling message processing operation according to the first embodiment of the present invention.

In step 701 of FIG. 7A, an UL message is received from the terminal. In step 702, it is determined whether the received UL message is an initial UL message for signaling connection or data transmission from the terminal. If it is determined that this is an initial UL message, the E-RAN 402 proceeds to step 711 where information stored in an unencrypted field (non-encrypted field) of the initial UL message, for example, IMSI, PLMN id, IDNAS, KSI, P -TMSI | Read RAI. In step 712, the E-RAN 402 generates a KEY_REQUEST message for requesting parameters related to encryption / decryption and integrity / checking to the corresponding E-CN 403 based on the information read in step 711. The KEY_REQUEST message includes KSI, IMSI, PLMN id, P-TMSI | Information such as RAI and IDNAS is included. This information is an example of information included in the KEY_REQUEST message, some of which may not be included. In step 713 the E-RAN 402 stores the received initial UL message. This is for the E-RAN 402 to receive the generated KEY_REQUEST message and to transmit the KEY_RESPONSE message in response to the E-CN 403 to receive the KEY_REQUEST message and to decrypt the encrypted portion of the initial UL message later. In step 714, the E-RAN 402 transmits the generated KEY_REQUEST message to the corresponding E-CN 403. Information about the E-CN 403 can be found by reading information such as IMSI, PLMN id, IDNAS, etc. stored in the unencrypted field in step 711. In step 715 the E-RAN 402 waits for receipt of a KEY_RESPONSE message from the E-CN 403. If it is determined in step 721 that the timer for receiving the KEY_RESPONSE message is completed, the E-RAN 402 proceeds to step 731 to retransmit the KEY_REQUEST message or terminate the procedure.

If it is determined that the KEY_RESPONSE message from the E-CN 403 has been received in step 732 of FIG. 7B before the timer in step 721 ends, in step 741 the E-RAN 402 determines the possible priority contained in the KEY_RESPONSE message. The UIAs and UEAs information for each rank and Ck and Ik used for encryption / integrity guarantee in communication with the terminal 401 are found. In step 742, the E-RAN 402 decodes the initial UL message stored in step 713 using the Ck received in step 741 and UEA / START determined by default. In step 743, the E-RAN 402 checks the integrity of the decrypted initial UL message using Ik received in step 741 and UIA / FRESH / START which is set by default. In step 744, the E-RAN 402 selects UIAs and UEAs to be used in communication with the terminal among the priority-based UIAs and UEAs received in step 741. In this selection, the available priority UIAs and UEAs lists received from the E-CN 403 in step 741 are matched among the UIAs and UEAs supported by the terminal included in the initial UL message received in step 702. The highest priority is selected in UIAs and UEAs. In step 744, the E-RAN 402 also generates a FRESH used for signaling or data integrity / checking after the initial UL and DL message transmission process is completed. The FRESH is a random value generated by a random value generator (not shown). The steps below this step 744 are an operation in the case where the decryption and integrity check for the initial UL message is successfully completed in steps 742 and 743 above. If the decryption or integrity check does not complete successfully, the procedure may be terminated. In step 745, the E-RAN 402 transmits the decoded initial UL message to the corresponding E-CN 403. In this case, the entire decoded initial UL message may be transmitted or only some information required by the E-CN 403 may be transmitted. In step 746 the E-RAN 340 waits for reception from the E-CN 403 of the initial DL message, which is a response message to the message sent in step 745. If the initial DL message is not received until it is determined in step 751 that the timer for initial DL message reception has expired, the E-RAN 402 proceeds to step 761 to retransmit the decrypted initial UL message or terminate the procedure. do.

If it is determined in step 752 of FIG. 7C that the initial DL message has been received before the timer expires, the E-RAN 402 proceeds to step 771 in which the UIA / selected and generated in the step 744 is generated in the received initial DL message. UEA / FRESH, and START included in the initial UL message received in step 702. In step 772, the E-RAN 402 performs integrity / check operation on the initial DL message including the parameters in step 771, which is a message to be transmitted to the terminal 310 through the air interface. In this case, the parameters UIA / FRESH selected and generated in the step 744, the parameter START included in the initial UL message received in the step 702, and the Ik obtained from the step 741 are used. In step 773, the E-RAN 340 encrypts the message on which the integrity / check operation is performed using the default UEA, the START received through the initial UL message in step 702, and the Ck obtained in step 741. In step 774, the E-RAN 402 performs operations for encryption / decryption and integrity / check for signaling and data transmission after completing the initial UL / DL message transmission. In this operation, the UIA / UEA selected in step 744, the FRESH generated in step 744, START received through an initial UL message in step 702, and Ik / Ck obtained in step 741 are used.

That is, the E-RAN 402 uses the default UEA / UIA / FRESH / START, Ck / Ik received from the E-CN 403 in step 741 for decryption / integrity checking of the initial UL message, and encrypts / To ensure integrity, the default UEA, the UIA selected in step 744, the FRESH generated in step 744, the START included in the initial UL message received from the terminal in 702, and the Ck / received from the E-CN 350 in step 741. Use Ik. Subsequent signaling and data other than the initial UL message or the initial DL message include UEA / UIA / FRESH selected and generated in step 744 for encryption / decryption and integrity / checking, and Ck / Ik received from E-CN 403 in step 741. In step 702, the START received through the initial UL message from the terminal 401 is used.

8 is composed of FIGS. 8A and 8B, which illustrate a processing flow of operations performed in the terminal 401 shown in FIG. 4 for an initial signaling message processing operation according to the first embodiment of the present invention.

In step 801 of FIG. 8A, the terminal 401 triggers initial UL message transmission for signaling connection or data transmission. In step 802, the terminal 401 performs an integrity guarantee by using default UIA / FRESH / START and Ik stored in the USIM indicated by the system information to broadcast the initial UL message. In step 803, the terminal 401 performs partial encryption on the initial UL message. Here, partial encryption refers to IMSI, PLMN id, IDNAS, KSI, and P-TMSI, which are information required for E-RAN 402 receiving the initial UL message to request encryption / integrity related parameters to the corresponding E-CN 403. | This is because information fields such as RAI are transmitted without encryption. Information and size entered in the non-encryption field are predefined between the terminal 401 and the E-RAN 402. The terminal 401 encrypts the initial UL message excluding the non-encryption field using Ck stored in the default UEA / START and USIM. In step 804, the terminal 401 waits for reception of an initial DL message, which is a response message to the initial UL message. If the initial DL message has not been received until the timer for receiving the initial DL message has expired in step 805, the terminal 401 proceeds to step 811 to retransmit the initial UL message or terminate the procedure.

If it is determined in step 812 that the initial DL message has been received before the timer expires in step 812 of FIG. 8B, the terminal 401 proceeds to step 821 with the Ck stored in the default UEA, USIM, and the received initial DL message. Decrypt using START stored in USIM. In step 822, the terminal 401 can know the UIA and UEA information selected by the E-RAN 402 by decoding the initial DL message, and can also find the FRESH information generated by the E_RAN 402. At this time, the terminal 401 checks whether the START value included in the decoded message matches the START value transmitted through the initial UL message. If the START value is the same, in step 823, the terminal 401 performs integrity check using UIA / FRESH obtained from step 822 and Ik / START stored in the terminal. In step 824, the terminal 401 encrypts / decrypts and integritys using the START / Ik / Ck stored in the terminal for future signaling or data transmission and UEA / UIA / FRESH indicated through the initial DL message in step 822. Perform a guarantee / check.

C. Initial Signaling Message Processing According to the Second Embodiment

FIG. 9 is a diagram illustrating a flow of an initial signaling message processing operation according to a second embodiment of the present invention. An example of performing encryption / decryption and integrity / check operations is illustrated.

This embodiment is different from the first embodiment shown in Fig. 4, before the UE transmits the initial UL message, the terminal first requests the bandwidth for transmitting the initial UL message from the E-RAN. The bandwidth request message BANDWIDTH_REQUEST is encrypted / decrypted and guaranteed / checked. If the E-RAN decrypts and checks the integrity of the bandwidth request message and successfully authenticates the terminal, the initial UL message transmission is allowed and the bandwidth for the initial UL message transmission is allocated. This embodiment is to prevent the unlimited access and use of the radio resources of the terminal by allowing the initial UL message transmission to all terminals in the state that the terminal is not authenticated through the integrity guarantee / check.

In FIG. 9, 901 represents a terminal, 902 represents an E-RAN, and 903 represents an E-CN. In step 911, the E-RAN 902 broadcasts system information to terminals in the cell. In this case, the broadcast system information includes a parameter default UEA / UIA / FRESH / START to be used in a subsequent BANDWIDTH REQUEST / RESPONSE process to transmit an initial UL message. In step 921, the terminal 901 performs an operation for ensuring integrity and encrypting a BANDWIDTH_REQUEST message, which is a bandwidth request message.

First, the terminal 901 performs integrity assurance by generating MAC-I using the Ik stored in the USIM and the default UIA / FRESH / START, and including the generated MAC-I in the bandwidth request message.

Next, after completing the operation for ensuring integrity, the terminal 901 performs encryption on the bandwidth request message including the MAC-I. During this encryption operation, the E-RAN 902 receives the bandwidth request message and requests the corresponding E-CN 903 to request and receive Ik and Ck information for use in communication with the terminal 901. That is, the bandwidth request message is partially encrypted / decrypted. Information to be included in the field to be unencrypted in the bandwidth request message includes IMSI, P-TMSI | RAI, PLMN id indicating the PLMN selected by the terminal, IDNAS including path information for establishing a signaling connection with the corresponding E-CN node, KSI which is an encryption / integrity key set ID currently stored in the USIM.

The field to be encrypted in the bandwidth request message includes a START stored in the USIM, a UIA / UEA list supported by the terminal, and a buffer occancy indicating a size of an initial UL message. The location of the field containing the unencrypted information (non-encrypted information) and the field containing the encrypted information are defined in advance between the terminal 901 and the E-RAN 902. For example, if a rule is previously defined such that the unencrypted information is located at the first size of the bandwidth request message by the size of the unencrypted information, the E-RAN 902 determines that the unencrypted information is received when the bandwidth request message is received. By accurately identifying the encryption information field and the encryption information field, desired information can be read. Ck stored in the USIM by the terminal 901 and a default UEA / START value included in the system information received in step 911 are used to encrypt the bandwidth request message.

In step 922, the terminal 901 transmits the partially encrypted bandwidth request message to the E-RAN 902. In step 923, the E-RAN 902 receives the transmitted bandwidth request message, reads an unencrypted field of the message, and generates a KEY_REQUEST message based on the read field. The KEY_REQUEST message is a message generated by the E-RAN 902 to request E-CN 903 parameters related to encryption / decryption and integrity / check, that is, Ik, Ck, UIAs, and UEAs. Information necessary for the KEY_REQUEST message and information on the E-CN to which the KEY_REQUEST message is to be transmitted are de-encrypted fields of the received bandwidth request message, that is, IMSI, P-TMSI | Obtained through RAI, PLMN id, KSI, etc. If the KEY_REQUEST message is generated, the E-RAN 902 stores the received bandwidth request message.

In step 931, the E-RAN 902 transmits the generated KEY_REQUEST message to the E-CN 903. In this case, the KEY_REQUEST message includes IMSI, PLMN id, P-TMSI | Information such as RAI, IDNAS, and KSI may be included. In step 932, the E-CN 903 transmits a KEY_RESPONSE message, which is a response message to the reception of the KEY_REQUEST message, to the E-RAN 902. The KEY_RESPONSE message includes Ik, Ck, UIAs, UEAs, P-TMSI | Information such as RAI is included. Ik is a key value used for integrity assurance, Ck is a key value used for encryption, and UIAs and UEAs represent values listing the available integrity algorithms and encryption algorithms by priority, respectively. P-TMSI | The RAI is a temporary ID of the E-CN level assigned to the terminal 901 and information about a routing area (RA) to which the terminal 901 belongs.

In step 941, the E-RAN 902 decrypts the undecoded portions of the bandwidth request message stored in step 923, and performs an integrity check on the bandwidth request message.

First, in performing a decryption operation, the E-RAN 902 uses Ck and a default UEA / START included in the received KEY_RESPONSE message. When the decryption operation is completed, the E-RAN 902 performs integrity check on the bandwidth request message by using Ik and default UIA / FRESH / START included in the received KEY_RESPONSE message. At this time, the integrity check operation is performed by calculating the XMAC-I using the parameters and checking whether the calculated XMAC-I and the MAC-I included in the bandwidth request message are the same. If equal, the bandwidth request message is considered to be intact. In operation 941, the E-RAN 902 selects a UIA and a UEA to be used in communication with the terminal 901 among a plurality of priority UIAs and UEAs included in the received KEY_RESPONSE, and generates a random number FRESH. do. At this time, based on the UIAs and UEAs information supported by the terminal included in the bandwidth request message, the UIAs included in the KEY_RESPONSE received in step 932, UIAs matching UEAs, and UIAs having the highest priority among the UEAs and UEAs. Is selected.

In step 941, if the decryption and integrity check are successfully performed on the bandwidth request message, the E-RAN 902 performs integrity guarantee and encryption on the bandwidth response message BANDWIDTH_RESPONSE to be transmitted to the terminal 901. The bandwidth response message is a response message to the bandwidth request message BANDWIDTH_REQUEST received in step 922. The bandwidth response message is a UIA / UEA selected in step 941, a FRESH generated in step 941, a START received from the terminal 901 in step 922, Resource for initial UL message transmission, E-CN level terminal temporary ID received from E-CN 903 in step 932, and P-TMSI | RAI, temporary ID (TEMP UE id) of the air interface level of the terminal and the like. Since the terminal temporary ID of the air interface level has a smaller size than the terminal temporary ID of the E-CN level, it may be usefully used for communication with the terminal on the air interface. Integrity assurance for the bandwidth response message BANDWIDTH_RESPONSE is performed using MAC-I using the UIA selected in step 941, the generated FRESH, START received from the terminal in step 922, and Ik received in E-CN 903 in step 932. This is done by obtaining a value and including it in the bandwidth response message. The E-RAN 902 encrypts the bandwidth response message on which the integrity guarantee process is performed using the default UEA, the START received in step 922, and the Ck received in step 932. In step 942, the E-RAN 902 transmits the encrypted bandwidth response message to the terminal 901.

Upon receiving the bandwidth response message, the terminal 901 decrypts the received bandwidth response message using the default UEA, Ck stored in the USIM of the terminal in step 943, and the START signaled to the E-RAN 902 in step 922. Perform The terminal 901 finds information on the UIA / UIA / FRESH selected by the E-RAN 902 included in the bandwidth response message and the START to be used for future encryption / integrity through the decryption. In this case, the terminal 901 also includes resource information for initial UL message transmission and P-TMSI | which is a temporary ID of the terminal of the E-CN level. Information such as an RAI and a TEMP UE id, which is a temporary ID of a terminal of an air interface level, may also be obtained. However, for the START parameter, it is necessary to check whether the terminal 901 has the same value as informed to the E-RAN 902 through the bandwidth request message. If the START parameter included in the bandwidth response message is not the same as the START value included in the bandwidth request message, the procedure may be ended and restarted. However, if it is the same, the decoded bandwidth using UIA / FRESH included in the bandwidth response message received in step 942, Ik stored in the USIM, and START transmitted to E-RAN 902 in step 922. Perform an integrity check on the response message. Integrity checking is performed by calculating the XMAC-I using the parameter and comparing the same with the MAC-I value included in the bandwidth response message. If so, then the bandwidth response message is considered intact.

If the above operation of decryption / integrity check is successfully performed, initial UL / DL message transmission for signaling connection or data transmission is performed in steps 951, 952, 953, 954. From then on, the UIA / UEA / FRESH received in step 942, START, Ik, Ck, etc. stored in the USIM, which are notified to the E-RAN 902 in step 922, are used. Decryption, integrity / check operations are performed. In step 955, subsequent operations of signaling or data transmission are performed.

Although the bandwidth response message transmitted in step 942 has been described as including a START value, the START value may not be included. The reason for including the START value included in the bandwidth request message received from the terminal 901 in the step 922 in the bandwidth response message transmitted in the step 942 is to reconfirm the START value received from the terminal 901. If it is assumed that the transmission of the bandwidth request message transmitted in step 922 is stable, the START value may not be included in the bandwidth response message transmitted in step 942. In this case, there is no process in step 943 in which the terminal 901 compares the START value included in the bandwidth response message received in step 942 with the START value included in the bandwidth request message transmitted in step 922. The integrity check operation is performed immediately after decryption.

The second embodiment of the present invention as described above can be summarized as follows.

(1) The terminal guarantees integrity and encrypts the bandwidth request message for requesting bandwidth for transmission of the initial uplink signaling message, and transmits an encrypted bandwidth request message to the E-RAN (step 921, step 922). ). In this case, the bandwidth request message transmitted includes a header and a message field including a first field and a second field storing information of higher importance than information stored in the first field. The field is unencrypted and the second field is an encrypted bandwidth request message.

(2) The E-RAN receives, decrypts and integrity checks the bandwidth request message from the terminal (step 922, step 941).

(3) The E-RAN generates a bandwidth response message in response to receiving the bandwidth request message (step 941).

(4) The E-RAN ensures integrity and encrypts the received bandwidth response message and sends an encrypted bandwidth response message to the terminal (step 941, step 942).

(5) The terminal receives, decrypts and integrity checks the bandwidth response message from the E-RAN (step 942, step 943).

(6) The terminal transmits an initial uplink signaling message to the E-CN through the E-RAN when the decryption and integrity check operation on the received bandwidth response message is successfully performed, and from the E-CN. An initial downlink signaling message is received via the E-RAN (step 951 to step 954).

In this second embodiment, the default UIA / UEA / START / FRESH is used for the initial UL message, the UIA, E- is determined based on the information received from the E-CN and the UE in the E-RAN for the initial DL message The FRESH generated by the RAN, the START received from the terminal, and the default UEA are used.

Meanwhile, although FIG. 9 illustrates an embodiment in which integrity integrity / checking and encryption / decryption are performed for BANDWIDTH_REQUEST and BANDWIDTH_RESPONSE, as shown in FIG. / Decryption may not be performed. Alternatively, only integrity / checking may be performed on the BANDWIDTH_REQUEST message, and encryption / decryption may be performed on the BANDWIDTH_RESPONSE message as well as integrity / checking. At this time, the method of using the integrity guarantee / check applied to the terminal and the E-RAN or the method of performing encryption / decryption is the same as FIG. The only difference is whether a message should be guaranteed / checked only, or encrypted / decrypted.

10 is composed of FIGS. 10A and 10B, which illustrate a processing flow of operations performed in the E-RAN 902 illustrated in FIG. 9 for an initial signaling message processing operation according to the second embodiment of the present invention.

In step 1001 of FIG. 10A, the E-RAN 902 receives an UL message from the terminal 901. In step 1002, the E-RAN 902 determines whether the received UL message is a bandwidth request message for initial UL message transmission. If it is determined in step 1002 that the bandwidth request message is determined, the process proceeds to step 1011 in which the E-RAN 902 determines an unencrypted field of the bandwidth request message, for example, IMSI, PLMN id, IDNAS, KSI, and P-TMSI. | Read RAI. In step 1012, the E-RAN 902 generates a KEY_REQUEST message for requesting parameters related to encryption / decryption and integrity / check to the corresponding E-CN based on the information read in step 1011. The KEY_REQUST message includes KSI, IMSI, PLMN id, P-TMSI | Information such as RAI and IDNAS is included. For example, such information may be included in the KEY_REQUEST message, and as another example, some information may not be included among the included information. In step 1013, the E-RAN 902 stores the received bandwidth request message. This is for the E-RAN 902 to receive KEY_RESPONSE, which is a response message to the generated KEY_REQUEST message, from the corresponding E-CN 903 and subsequently decrypt the encrypted portion of the bandwidth request message. In step 1014, the E-RAN 902 transmits the generated KEY_REQUEST message to the corresponding E-CN 903. The information on the E-CN may be found through information such as IMSI, PLMN id, IDNAS, etc., which are the information read in step 1011. In step 1015 the E-RAN 902 waits for receipt of a KEY_RESPONSE message from the E-CN 903. If it is determined in step 1021 that the timer for receiving the KEY_RESPONSE message is completed, the E-RAN 902 proceeds to step 1031 to retransmit the KEY_REQUEST message or terminate the procedure.

If it is determined that the KEY_RESPONSE message has been received from the E-CN 903 in step 1032 of FIG. 10B before the timer is completed, in step 1041 the E-RAN 902 may have a priority priority included in the received KEY_RESPONSE message. Per-user UIAs, UEAs information, P-TMSI | Find out the RAI. In step 1042, the E-RAN 902 decodes the bandwidth request message stored in step 1013 by using Ck received in step 1041 and UEA / START set as a default. In step 1043, the E-RAN 902 checks the integrity of the bandwidth request message decoded in step 1042 by using Ik received in step 1041 and UIA / FRESH / START set as a default. In step 1044, the E-RAN 902 selects the UIAs and UEAs to be used in communication with the terminal among the available priority UIAs and UEAs found in step 1041. The UIA and UEA selected at this time are supported by the UEs included in the available priority UIAs and UEAs list found from the KEY_RESPONSE message received from the E-CN 903 in step 1041 and the initial UL message received in step 1002. Among the UIAs and UEAs to be matched, the highest priority among the UIAs and UEAs. In step 1044, the E-RAN 902 also generates FRESH for use in signaling or data integrity assurance / checking after the initial UL / DL message transmission process is completed. The FRESH is a random value generated by a random value generator (not shown). In FIG. 10, the processes below 1044 assume that the decoding and integrity checking for the initial UL message through 1042 and 1043 are completed successfully. If the decryption or integrity check does not complete successfully, the procedure may terminate.

In step 1045, the E-RAN 902 generates a bandwidth response message, which is a response message to the bandwidth request message received in step 1002, to the terminal 901. The bandwidth response message may be allocated to the UIA / UEA selected in step 1044, the generated FRESH, the START included in the received bandwidth request message, and the E-CN 903 in step 1041 | RAI, resource information for initial UL message transmission, and a TEMP UE id, which is a terminal temporary ID of an air interface level. In step 1046, the E-RAN 902 performs an operation for guaranteeing integrity of the bandwidth response message. This operation uses the UIA / FRESH selected in step 1044, the START included in the bandwidth request message received in step 1002, the Ik given from E-CN 903 in step 1041, and the like. The operation for ensuring integrity is performed by extracting MAC-I using the parameters and including it in the bandwidth response message.

In step 1047, the E-RAN 902 performs an encryption operation on the bandwidth response message which has performed the integrity guarantee operation. This operation uses a default UEA, a START included in the bandwidth request message received in step 1002, a Ck given from the E-CN in step 1041, and the like. In step 1048, the E-RAN 902 indicates that the bandwidth response message encrypted in step 1047 is transmitted to the terminal 901. In step 1049, the E-RAN 902 performs encryption / decryption and integrity / check operations on subsequent signaling or data transmission. In this subsequent operation, UEA / UIA / FRESH selected in step 1044, START included in the received bandwidth request message in step 1002, Ik / Ck, etc. given from E-CN in step 1041 are used.

11 is composed of FIGS. 11A and 11B, which illustrate a processing flow of operations performed in the terminal 901 of FIG. 9 for an initial signaling message processing operation according to the second embodiment of the present invention.

In step 1101 of FIG. 11A, the terminal 901 triggers an operation for requesting a bandwidth (radio resource) for initial UL message transmission. The terminal 901 generates a bandwidth request message to request a bandwidth required for the initial UL message transmission. In step 1102, the terminal 901 performs integrity guarantee on the bandwidth request message. This integrity operation is performed by using the default UIA / FRESH / START, Ik of the USIM as indicated in the broadcast system information. That is, the MAC-I is extracted using the parameters, and the MAC-I is included in the bandwidth request message to perform the integrity guarantee. In step 1103, the terminal 901 performs partial encryption on the bandwidth request message. Here, partial encryption refers to IMSI, PLMN id, IDNAS, KSI, and P-TMSI | that are required for the E-RAN 902 receiving the bandwidth request message to request encryption / integrity related parameters to the corresponding E-CN 903 | This is because information fields such as RAI are transmitted without encryption. Information and size entered in the non-encrypted field (non-encrypted field) are predefined between the terminal 901 and the E-RAN 902.

The terminal 901 encrypts the bandwidth request message excluding the unencrypted field by using the default UEA / START and Ck of the USIM. Examples of the information field to be encrypted include a START stored in the USIM of the terminal 901, a UIAs / UEAs list supported by the terminal 901, and a buffer occupancy (BO) which is size information of an initial UL message. In step 1104, the terminal 901 transmits the partially encrypted bandwidth request message to the E-RAN 902 in step 1103, and waits for a bandwidth response message that is a response message to the transmitted bandwidth request message. If it is determined in step 1105 that the bandwidth response message has not been received until the timer for receiving the transmitted bandwidth response message has expired, the process proceeds to step 1111 where the terminal 901 retransmits the bandwidth request message or the Terminate the procedure.

If it is determined in step 1112 of FIG. 11B that the bandwidth response message has been received before the timer expires, the terminal 901 proceeds to step 1121 and stores the received bandwidth response message in the default UEA and USIM. Decryption is performed using START stored in Ck and USIM. In step 1122, the UE 901 may select UIA / UEA information selected by the E-RAN 902 from the decoded bandwidth response message, FRESH information generated by the E_RAN 902, resource information for initial UL message transmission, and the E-CN level. P-TMSI, Temporary ID of Terminal | The RAI and the TEMP UE id, which are terminal temporary IDs at the air interface level, can be found. At this time, the terminal 901 checks whether the START value included in the decoded bandwidth response message matches the START value transmitted by the terminal through the bandwidth request message. If the START value is the same, in step 1123, the terminal 901 performs an integrity check operation on the bandwidth response message by using the UIA / FRESH obtained in step 1122 and Ik / START stored in the terminal. In step 1124, the terminal 901 performs encryption / decryption and integrity / check operation on signaling or data transmission occurring in the future. In this operation, the terminal stores START / Ik / Ck and UEA / UIA / FRESH indicated through the bandwidth response message in step 1122.

D. Network Node and Terminal for Initial Signaling Message Processing

FIG. 12 illustrates a configuration of a Node B 320 shown in FIG. 3 for an initial signaling message processing operation according to embodiments of the present invention. Although this drawing considers only the configuration for the operation according to the first embodiment of the present invention shown in FIG. 4, a configuration for the operation according to the second embodiment of the present invention shown in FIG. 9 may be possible according to the same principle. . In this case, however, parts shown as an initial UL message and an initial DL message in FIG. 12 need to be changed into a BANDWIDTH_REQUEST message and a BANDWIDTH_RESPONSE message, respectively.

In FIG. 12, 1201 is a receiver of an UL message (terminal → E-RAN) received from a terminal and a DL message (E-CN → E-RAN) transmitted to a terminal. 1202 is a determination unit that determines whether the UL message or DL message received by the receiver 1201 is an initial UL message or an initial DL message for signaling connection or data transmission. The message receiver 1201 and the initial UL / DL message determiner 1202 communicate with each other. 1211, if the message received by the message receiver 1201 is an initial UL message, extracts an unencrypted field (non-encrypted field) of the initial UL message and encrypts / decrypts it with the corresponding E-CN, and ensures integrity / checking parameters. A non-encrypted field extractor that finds out the information needed to request. 1213 is a message generator, and generates a KEY_REQUEST message for requesting parameters related to encryption / decryption, integrity guarantee / check to the corresponding E-CN based on the information extracted by the non-encryption field extractor 1211. The KEY_REQUEST message generated by the message generator 1213 is transmitted to the E-CN.

1212 is a storage unit of an initial UL message from which a non-encrypted field is extracted by the non-encrypted field extractor 1211. The reason for storing the initial UL message is to perform a decryption / integrity check operation on the initial UL message by 1231 when a parameter related to encryption / decryption and integrity / check is received from the E-CN. The decryption / integrity check execution unit 1231 communicates with the parameter management unit 1221 and the default parameter management unit 1223, and performs decoding and integrity check operations by importing corresponding parameters. The parameter manager 1221 selects, generates, and manages parameters such as UEA, UIA, Ik, Ck, FRESH, and START. The default parameter manager 1223 manages default parameters UEA / UIA / FRESH / START. 1231 is a decryption / integrity check controller which controls which of the parameter manager 1221 and the default parameter manager 1223 is to be fetched for decryption and integrity check operations. 1232 is an error processing unit of a decoding / integrity check that performs an error processing operation when the decoding / integrity check operation is not successfully performed by the decoding / integrity check control unit 1231.

If it is determined that the message received by the message receiving unit 1201 is an initial DL message through the interface between the message receiving unit 1201 and the message determining unit 1202, the message generating unit 1241 generates a message to be transmitted to the terminal. In this case, the message generator 1241 interfaces with the integrity / encryption controller 1222. The integrity / encryption control unit 1222 generates a MAC-I for integrity, which is attached to the message generated by the message generator 1241 and encrypts the message to which the MAC-I is attached. The integrity / encryption control unit 1222 controls which parameter is obtained from the parameter manager 1221 and the parameter manager 1223 where. The message generated for transmission to the terminal by the message generator 1241 is guaranteed and encrypted by the integrity / encryption control unit 1222, and the message thus processed is transmitted to the terminal via the message generator 1241.

13 is a diagram illustrating a configuration of a terminal for an initial signaling message processing operation according to embodiments of the present invention. Although this drawing considers only the configuration for the operation according to the first embodiment of the present invention shown in FIG. 4, a configuration for the operation according to the second embodiment of the present invention shown in FIG. 9 may be possible according to the same principle. . In this case, however, parts shown as an initial UL message and an initial DL message in FIG. 12 need to be changed into a BANDWIDTH_REQUEST message and a BANDWIDTH_RESPONSE message, respectively.

In FIG. 13, reference numeral 1301 denotes a universal subscriber identity module (USIM) of the terminal. The USIM 1301 stores parameters such as START, Ik, and Ck. 1302 is a parameter manager that selects / creates / manages parameters related to encryption / decryption and integrity / checking such as UEA, UIA, Ik, Ck, FRESH, and START. Parameters such as START, Ik, and Ck stored in the USIM 1301 are transmitted to the parameter manager 1302 and managed. 1303 is an SIB receiving unit that receives a system information block (SIB) that is broadcast in a cell. The default UEA / UIA / FRESH / STARTs included in the received system information are transmitted to and managed by the default parameter manager 1304. The default parameter manager 1304 manages default parameters such as UEA / UIA / FRESH / START.

1311 is a message receiving unit for receiving a message from an E-RAN or a terminal. 1321 is a message determination unit determining whether the message received by the message receiver 1311 is an initial UL message or an initial DL message. The message receiver 1311 determines whether a message received through an interface with the message determiner 1321 is an initial DL message. If it is determined by the message determining unit 1321 that the DL message received by the message receiving unit 1311 is an initial DL message, the decoding and integrity checking operations on the received initial DL message are performed by 1312. That is, 1312 is a decryption / integrity check controller for controlling performance of an initial DL message decryption / integrity check operation. During the decryption / integrity check operation, the decryption / integrity check controller 1312 obtains necessary parameters through an interface between the parameter manager 1302 and the default parameter manager 1304. 1361 is an error processing unit of the decoding / integrity check that performs an error processing operation when the decryption / integrity check operation is not successfully performed by the decryption / integrity check control unit 1312.

1331 is a UL message transmitter. It is determined whether the UL message transmitted by the UL message transmitter 1331 is an initial UL message through an interface with the message determiner 1321. 1332 is an unencrypted field generator that generates an unencrypted field of the initial UL message when the UL message is an initial UL message. The 1333 is an integrity / encryption control unit that performs integrity and encryption operations on the initial UL message. At this time, the IMSI, PLMN id, KSI, IDNAS, and P-TMSI generated by the unencrypted field generator 1332 of the initial UL message | Values such as RAI are not encrypted. That is, the integrity / encryption control unit 1333 encrypts portions of the initial UL message except for the field generated by the non-encryption field generator 1332. The integrity guarantee / encryption control unit 1333 controls to import parameters necessary for the integrity guarantee / encryption operation of the initial UL message through an interface between the parameter manager 1302 and the default parameter manager 1304, and uses the parameter to ensure integrity / encryption. Perform That is, the integrity / encryption control unit 1333 generates a MAC-I and attaches the generated MAC-I to the initial UL message for transmission, and encrypts the initial UL message to which the MAC-I is attached. The encrypted message is sent to the E-RAN.

4 to 11 consider the system in which both the operation for integrity and the operation for encryption are performed on the initial UL / DL message. However, a system may be considered in which only operations for ensuring integrity of the initial UL / DL message are performed. For example, integrity is mandatory for RRC messages in current 3G systems, and encryption can be applied as an option. 14 to 17, which will be described below, illustrate another embodiment proposed by the present invention, in which only operations for ensuring integrity of an initial UL / DL message will be described. Although the following embodiments describe only the integrity guarantee, the integrity guarantee method and any encryption guarantee method in the following embodiment may operate as a combination.

E. Initial Signaling Message Processing According to the Third Embodiment

FIG. 14 is a diagram illustrating a flow of an initial signaling message processing operation according to a third embodiment of the present invention. An example of performing integrity assurance / checking is illustrated.

This third embodiment is characterized by eliminating the procedure of using the KEY_REQUEST / RESPONSE message in the first and second embodiments. That is, according to the first embodiment and the second embodiment, the E-RAN transmits a KEY_REQUEST / RESPONSE message to the corresponding E-CN when an initial UL message is received from the terminal (UE), and through the transmitted message, After receiving Ik from E-CN and integrity checking the initial UL message, the initial UL message is transmitted to the corresponding E-CN. According to the third embodiment, when the initial UL message is received from the terminal, the E-RAN stores the received initial UL message and then performs the initial UL message without performing an integrity check on the initial UL message. Send to CN. The E-CN includes the Ik and the like in an initial DL message and transmits the information to the E-RAN. The E-RAN checks the integrity of the stored initial UL message after receiving the initial DL message. If the integrity check passes (success), that is, the MAC-I included in the initial DL message and the calculated value XMAC-I are the same, the E-RAN transmits the initial DL message to the terminal. On the other hand, if the integrity check fails, i.e., if the MAC-I included in the initial DL message and the calculated value XMAC-I are different, the E-RAN sends an initial UL REJECT to the terminal and the corresponding E-CN. Send a message. Upon receiving the initial UL reject message, the E-CN deletes the context for the terminal.

In FIG. 14, 1401 indicates a terminal, 1402 indicates an E-RAN, and 1403 indicates an E-CN. In step 1411, the E-RAN 1402 broadcasts system information to terminals in the cell. In this case, the broadcast system information includes a default UIA / FRESH / START which is a parameter used to transmit an initial UL message. In this case, if encryption is not applied to initial UL / DL message transmission, START may not be included in the parameter. This is because the START value stored by the terminal can be used as it is for MAC-I generation for integrity guarantee / check of the initial UL message. The START value stored by the terminal is included in an initial UL message and transmitted to the E-RAN. In the following description, the case of using the default START will be described as an example.

In step 1421, the terminal 1401 performs an operation for ensuring integrity on the initial UL message. The terminal 1401 generates a MAC-I using Ik stored in a USIM and the default UIA / FRESH / START, and includes the generated MAC-I in the initial UL message. In step 1431, the terminal 1401 transmits an initial UL message LTE CONNECTION REQUEST including the MAC-I to the E-RAN 1402.

In step 1441, the E-RAN 1402 stores the initial UL message sent in step 1431. In step 1451, the E-RAN 1402 corresponds to the initial UL message received in step 1431 without performing an integrity check. The E-CN 1403 sends the received initial UL message LTE CONNECTION REQUEST. In this case, the initial UL message transmitted in step 1451 may include only the information necessary for the E-CN without the information necessary only for the E-RAN from the initial UL message transmitted in the step 1431. The E-CN 1403, which has received the initial UL message in step 1451, processes the initial UL message normally as if the integrity check was performed by the E-RAN 1402, although the integrity check was not performed by the E-RAN 1402. That is, the E-CN 1403 may generate and store a terminal context, a service context, and the like for the terminal, such as a temporary ID allocation for the terminal. In step 1452, the E-CN 1403 generates and transmits an initial DL message LTE CONNECTION RESPONSE, which is a response message of the initial UL message, to the E-RAN 1402. The initial DL message includes not only information such as a temporary ID for the terminal but also Ik and UIAs, which are key information to be used for guaranteeing / checking in communication with the terminal.

Upon receiving the initial DL message, the E-RAN 1402 performs an integrity check on the initial UL message stored in the step 1441 in step 1461 as a ratio. At this time, the E-RAN 1402 calculates XMAC-I using the Ik received in step 1452 and the default UIA / FRESH / START, and compares it with the MAC-I included in the initial UL message received in step 1431. do. If the calculated XMAC-I and the received MAC-I are the same value, it passes the integrity check. If the integrity check passes, the E-RAN 1402 determines the UIA to be used in future communication with the terminal 1401, generates a FRESH as a random value, and generates an initial DL message to be transmitted to the terminal. Performs operations to ensure integrity. That is, the E-RAN 1402 generates a MAC-I using the determined UIA / generated FRESH, Ik received in step 1452, and START received in step 1431, and includes the MAC-I in an initial DL message to be transmitted to the terminal 140. The method of determining the UIA is the same as in the above-described first and second embodiments. In step 1462, the E-RAN 1402 transmits an initial DL message LTE CONNECTION RESPONSE including the generated MAC-I to the terminal 140. In this case, the initial DL message transmitted may include only information necessary for the terminal 1401 except for information necessary only for the E-RAN 1402 among initial DL messages received in step 1452. The initial DL message includes the UIA determined in step 1461 and the generated FRESH.

In step 1463, the terminal 1401 performs an integrity check on the initial DL message received in step 1462. The terminal 1401 generates the XMAC-I using the UIA / created FRESH determined in the step 1461, the Ik stored in the terminal, and the START value received in the initial DL message in step 1462, and the generated MAC- The integrity check is performed by comparing I with MAC-I included in the initial DL message received in step 1462. The initial DL message transmitted from the E-RAN 1402 to the terminal 1401 in step 1462 includes a START value stored in the USIM of the terminal that the terminal 1401 informs the E-RAN 1402 through the initial UL message in step 1431. Can be. At this time, if the START value stored in the terminal and the START value included in the initial DL message received in step 1462 are different from each other, the terminal 1401 retransmits the initial UL message by performing an error processing without performing an operation for integrity check. You may.

In step 1471, signaling and data transmission operations are performed after the integrity check for the initial DL message in step 1463 has been successfully passed. At this time, the terminal 1401 and the E-RAN 1402 are guaranteed the integrity of the COUNT-I initialized by the UIA / generated FRESH determined in step 1461, the Ik stored in the terminal, the terminal was stored and the START value transmitted in the step 1431 Used to check.

FIG. 15 is a diagram illustrating a processing flow of operations performed in an E-RAN which is a network node for an initial signaling message processing operation according to a third embodiment of the present invention.

Referring to FIG. 15, in step 1501, the E-RAN 1402 of FIG. 14 receives an UL message from the terminal 1401. In step 1502, the E-RAN 1402 initializes the received UL message from the terminal 1401. It is determined whether the message is an UL message. The determination of whether the initial UL message is performed in step 1502 may be performed based on the presence or absence of a context for the terminal such as whether to assign a temporary ID to the terminal 1401. If the UL message is an initial UL message in step 1502, the E-RAN 1402 stores the initial UL message in step 1511.

In step 1512, the E-RAN 1402 sends an initial UL message to the E-CN 1403. The initial UL message transmitted to the E-CN 1403 may be a message that selectively includes only information necessary for the E-CN 1403 unlike the initial UL message received in step 1502. In step 1513, the E-RAN 1402 waits for an initial DL message from the E-CN 1403, which is a response message to the initial UL message transmitted in step 1512. In step 1521, the E-RAN 1402 determines whether a timer has expired to determine whether the initial DL message has been received. That is, when the timer is started in step 1521, the E-RAN 1402 waits for receiving an initial DL message from the E-CN 1403 while the timer is running. If the initial DL message is not received until the timer expires, the E-RAN 1402 proceeds to step 1531 to retransmit the initial UL message transmitted in step 1512 to the E-CN 1403 or the initial connection. Perform an operation such as terminating the process.

If it is determined in step 1532 that an initial DL message has been received from the E-CN 1403 before the timer expires, in step 1541 the E-RAN 1402 is information required from the initial DL message received in step 1532. -Obtain a UIA list supported by CN 1403 and Ik to be used for integrity guarantee / check with the terminal 1401. In step 1542, the E-RAN 1402 performs integrity check on the initial UL message of the terminal 1401 stored in step 1511. The integrity check is performed using the default UIA / FRESH / START and Ik received from E-CN 1403 in step 1541. If it is determined in step 1543 that the integrity check for the initial UL message has failed, the process proceeds to step 1551 and the E-RAN 1402 transmits an initial UL rejection message to the E-CN 1403 and the terminal 1401. If it is determined that the integrity check has failed in step 1543, the XMAC-I calculated using the parameter in step 1542 is different from the MAC-I included in the message stored in step 1511. In this case, a value indicating that the integrity check ends in failure may be set. The terminal 1401 receiving the initial UL rejection message in step 1551 may suspend the initial connection process or retransmit the initial UL message. In step 1551, the terminal 1401 receives the initial UL rejection message. Deletes the terminal context, service context, etc. created for 1401.

If it is determined in step 1543 that the integrity check for the initial UL message is successful, that is, XMAC-I calculated using the parameters of step 1542 is the same as the MAC-I included in the message stored in step 1511. In step 1561, the E-RAN 1402 selects a UIA to be used for integrity check / guarantee in future communication with the terminal 1401 and generates a FRESH. The generating method of the UIA is the same as the generating method in the first and second embodiments described above.

In step 1562, the E-RAN 1402 transmits the message to the terminal 1401 using START included in the message received in step 1512, UIA / FRESH of step 1561, and Ik received from the E-CN 1403 in step 1541. The MAC-I is obtained for the initial DL message to be transmitted and included in the initial DL message. In this case, the initial DL message to be transmitted to the terminal 1401 may selectively include only information necessary for the terminal, unlike the message received through the step 1532.

When the transmission of the initial UL message and the DL message is terminated, the E-RAN 1402 performs subsequent signaling or data transmission with the terminal 1401 in step 1564. Such transmission includes UIA / FRESH in step 1561, the step The COUNT-I that was included in the message received at 1512, i.e., initialized from the START value stored in the USIM of the terminal, is used, and Ik received from the E-CN 1403 in step 1541 is used.

The operation performed by the terminal for the initial signaling message processing operation according to the third embodiment of the present invention described above is omitted because it is the same as the operation of the terminal for integrity guarantee / check of the first embodiment. However, it should be noted that the operation for encryption / decryption does not apply in the terminal operation flow of the first embodiment.

F. Initial Signaling Message Processing According to the Fourth Embodiment

FIG. 16 is a diagram illustrating a flow of an initial signaling message processing operation according to a fourth embodiment of the present invention, and shows an example in which an operation of ensuring integrity / checking is performed.

In the fourth embodiment, when the E-RAN receives an initial UL message from the terminal, the E-RAN stores the received initial UL message and subsequently performs an integrity check by using Ik of the initial DL message received from the corresponding E-CN. Unlike the thirty-first embodiment, when the E-RAN receives an initial UL message from the terminal, the E-CN forwards the received initial UL message to the corresponding E-CN so that the E-CN performs integrity check only on the initial UL message. It is done. If the integrity check for the initial UL message is successful, the E-CN informs the E-RAN by transmitting information necessary for the E-RAN included in the initial UL message back to the initial DL message. If the integrity check for the initial UL message fails, the E-CN informs the E-RAN that the integrity check of the initial UL message has failed by sending the initial UL rejection message to the E-RAN, where the E-RAN is a terminal. The UL rejection message is transmitted to the.

In this embodiment 4, the E-CN performs integrity check only on the initial UL message, and the E-CN knew in advance the parameters required for the integrity check (UIA, FRESH, START, etc. used in the initial UL message) or the initial UL. It is assumed that the message is informed by the terminal or the E-RAN. In the following description, the UIA, FRESH, and START used in the initial UL message, which are parameters required for the integrity check in the E-CN, will be described in a manner in which the terminal informs the user through the initial UL message. This is also true when the RAN informs, the E-CN and the E-RAN, the method in which the terminal operates by a predetermined value, or the E-CN knows the parameters necessary for the integrity check in advance. The invention may be equally applicable. If the terminal uses a method of informing the parameters necessary for the integrity check through the initial UL message, the Ik value stored in the USIM of the terminal should not be transmitted through the initial UL message. The Ik value of is found through the database.

In FIG. 16, 1601 indicates a terminal, 1602 indicates an E-RAN, and 1603 indicates an E-CN. In step 1611, the E-RAN 1601 broadcasts system information to terminals in a cell. In this case, the broadcast system information includes default UIAs / FRESH / START which is a parameter to be used for transmission of an initial UL message. In this case, if encryption is not applied to initial UL / DL message transmission, START may not be included in the parameter. This is because the START value stored by the terminal can be used as it is for MAC-I generation for integrity guarantee / check of the initial UL message. The START value stored by the terminal is included in an initial UL message and transmitted to the E-RAN. In the following description, the case of using the default START will be described as an example.

In step 1621, the terminal 1601 performs an operation for guaranteeing integrity of an initial UL message. The terminal 1601 generates a MAC-I using Ik stored in a USIM, the default FRESH / START, and a default UIA, and includes the generated MAC-I in the initial UL message. If the default UIA is plural, the UIA selected from among them is used. In step 1631, the terminal 1601 transmits an initial UL message LTE CONNECTION REQUEST including the MAC-I to the E-RAN 1602. In this case, the initial UL message transmitted includes UIA, FRESH, START parameters used for generating the MAC-I of integrity guarantee. Upon receiving the transmitted initial UL message, the E-RAN 1602 forwards the received initial UL message LTE CONNECTION REQUEST to the corresponding E-CN 1603 without performing any specific operation in step 1632.

In step 1641, the E-CN 1603 performs integrity check on the initial UL message received in step 1632. The integrity check calculates XMAC-I using Ik obtained from the database as a value for the terminal 1601, START / UIA / FRESH obtained from the initial UL message received in step 1632, and the received initial UL. This is done by comparing with the MAC-I included in the message. If the integrity check is determined to be successful, i.e., if the received MAC-I is equal to the calculated XMAC-I value, in step 1651 the E-CN 1603 sends an initial DL message LTE CONNECTION RESPONSE to the E-RAN 1602. To send. In this case, the initial DL message transmitted includes information for the E-RAN 1602 included in the initial UL message in step 1632, and further includes Ik information for use in ensuring integrity / checking in communication with the terminal. The UIA list information supported by the E-CN 1603 is included. If it is determined that the integrity check has failed, that is, if the received MAC-I is equal to the calculated XMAC-I value, in step 1651 the E-CN 1603 sends an initial UL reject message instead of the initial DL message. . In this case, the initial UL reject message may include information indicating that integrity check has failed. If the E-RAN 1602 receives an initial UL rejection message from the E-CN 1603, the E-RAN 1602 also transmits an initial UL rejection message to the terminal 1601 to cause the terminal 1601 to stop initial connection establishment. Or retransmit the initial UL message.

If the E-RAN 1602 receives an initial DL message from the E-CN 1603 in step 1651, the E-RAN 1602 obtains necessary information of the initial UL message of step 1631 from the received message. That is, the E-RAN 1602 does not obtain the necessary information from the message received from the terminal 1601 in step 1631, but the message received in the step 1631 is directly forwarded to the E-CN 1603 and sent to the E-CN 1603. When the integrity check is successfully performed after the integrity check is performed on the forwarded initial UL message, the required information is obtained from the information informed by the E-CN 1602. That is, the information that the E-RAN 1602 needs to know through the initial UL message is transmitted to the E-CN 1603, and after the integrity of the initial UL message received at the E-CN 1603 is confirmed, the initial UL message is included in the initial UL message. It is included in an initial DL message, which is a response message, to be transmitted to the E-RAN 1602.

In step 1661, the E-RAN 1602 determines a UIA to be used for integrity / check in future communication with the terminal 1601 and generates a FRESH.The determined UIA / the generated FRESH, an initial DL message received in the step 1651. From the Ik / START stored in the terminal 1601 using the generated from the MAC-I for the integrity guarantee for the initial DL message to be transmitted to the terminal 1601. In step 1671, the E-RAN 1602 includes the generated MAC-I in the initial DL message LTE CONNECTION RESPONSE and transmits it to the terminal 1601. Unlike the initial DL message in step 1651, the initial DL message transmitted in step 1671 includes only information necessary for the terminal and includes the UIA / generated FRESH value determined in step 1661.

In step 1681, the terminal 1601 receives the initial DL message transmitted in the step 1671, uses the UIA / FRESH included in the received initial DL message, and Ik / START stored in the terminal 1601. Computes and performs an integrity check on the received initial DL message by comparing the calculated XMAC-I and the MAC-I included in the received initial DL message. The initial DL message transmitted from the E-RAN 1602 to the terminal 1601 in step 1671 includes a START value stored in the USIM of the terminal that the terminal 1601 informs the E-CN 1603 through an initial UL message in step 1631. May be included. At this time, if the START value stored in the terminal and the START value included in the initial DL message received in step 1671 are different, the terminal 1601 retransmits the initial UL message by performing an error processing without performing an operation for integrity check. You may.

In step 1691, the signaling and data transmission operation after the integrity check on the initial DL message in step 1681 is successfully performed. At this time, the terminal 1601 and the E-RAN 1602 store the COUNT-I initialized with the UIA / created FRESH determined in step 1661, the Ik stored by the terminal, and the START value stored by the terminal. use.

17 is a diagram illustrating a processing flow of operations performed in an E-RAN which is a network node for an initial signaling message processing operation according to a fourth embodiment of the present invention.

Referring to FIG. 17, in step 1701, the E-RAN 1602 of FIG. 16 receives an UL message from a terminal 1601, and determines whether the received UL message is an initial UL message transmitted from the terminal 1601 in step 1702. . In step 1702, whether the initial UL message is determined may be determined based on whether there is a context for the terminal, such as whether to assign a temporary ID to the terminal 1601. If the UL message is the initial UL message in step 1702, the E-RAN 1602 forwards the initial UL message to the corresponding E-CN 1603 in step 1703. In step 1704, the E-RAN 1602 waits from the E-CN 1603 to receive an initial DL message or an initial UL reject message, which is a response message to the initial UL message forwarded in the step 1703. In step 1711 the E-RAN 1602 determines whether the timer has expired to determine whether the initial DL message / initial UL rejection message has been received. That is, when the timer is started in step 1711, the E-RAN 1602 waits for reception of an initial DL message or an initial UL reject message from the E-CN 1603 during operation of the timer. If the initial DL message is not received until the timer expires, the E-RAN 1602 proceeds to step 1712 and retransmits the initial UL message sent in step 1703 to the E-CN 1603 or the initial connection. Perform an operation such as terminating the process.

If it is determined in step 1721 that an initial DL message is received from the E-CN 1603 before the timer expires, in step 1741 the E-RAN 1602 is information required from the received initial DL message. This UIA list information is supported, and Ik to be used for future integrity / check for the terminal 1601 is obtained. In step 1742, the E-RAN 1602 determines a UIA to use for future integrity / check for the terminal 1601 and generates a FRESH. In step 1743, the E-RAN 1602 performs integrity guarantee on an initial DL message to be transmitted to the terminal 1601. The integrity guarantee operation is performed using Ik received through the initial DL message received in step 1721, START stored in the terminal, and UIA / FRESH generated in step 1742. In step 1744, the E-RAN 1602 generates a MAC-I using the parameters and includes the generated MAC-I in an initial DL message to be transmitted to the terminal 1601. In this case, unlike the initial DL message received in step 1721, the initial DL message transmitted to the terminal 1601 may selectively include only information necessary for the terminal. In step 1745, the E-RAN 1602 performs UIA / FRESH determined in step 1742 and the COUNT- initialized from the START received in step 1721 to integrity check / guarantee for future communication (signaling or data transmission) with the terminal. Use I / Ik.

If it is determined in step 1731 that the initial UL reject message has been received from the E-CN 1603 before the timer expires, then in step 1751 the E-RAN 1602 sets an appropriate value indicating that the integrity check for the initial UL reject message has failed. Set to transmit to the terminal 1601.

Meanwhile, in the detailed description of the present invention, specific embodiments have been described, but various modifications are possible without departing from the scope of the present invention. Therefore, the scope of the present invention should not be limited to the described embodiments, but should be determined not only by the scope of the following claims, but also by those equivalent to the scope of the claims.

As described above, the present invention has the advantage of eliminating the risk of information leakage or attack on the air interface by guaranteeing integrity and encrypting an initial signaling message for signaling connection or data transmission.

Claims (36)

Mobile communication comprising a UE (User Equipment), a Radio Access Network (RAN) to which the terminal is wirelessly connected, and a Core Network (CN) to which the wireless access network is wired. In the system, a method for processing an initial signaling message for signaling connection or data transmission, Performing integrity guarantee on the initial signaling request message for transmission by the terminal; Transmitting, by the terminal, an initial signaling request message on which the integrity guarantee operation is performed to the radio access network; Receiving and storing, by the radio access network, an initial signaling request message on which the integrity operation is performed, and transmitting the initial signaling request message on which the integrity operation is performed to the core network; Transmitting, by the core network, an initial signaling response message to the radio access network in response to receiving an initial signaling request message from which the integrity operation is performed from the radio access network; Receiving, by the radio access network, the initial signaling response message from the core network, and performing integrity checking by using the received initial signaling response message to check the integrity of the stored initial signaling request message; Transmitting, by the radio access network, a signaling response message according to the integrity check result to the terminal; And receiving, by the terminal, the signaling response message and checking the integrity of the received signaling response message. The method of claim 1, wherein the integrity guarantee operation of the terminal is performed by generating a MAC-I using a pre-supplied parameter Ik and pre-supplied default parameters UIA / FRESH / START to the radio access network. The initial signaling request message transmitted comprises the MAC-I. The method of claim 1, wherein the checking of the integrity of the radio access network comprises: Calculating XMAC-I using the parameter Ik included in the received initial signaling response message and default parameters UIA / FRESH / START provided in advance; And checking the integrity of the stored initial signaling request message by comparing the calculated XMAC-I and the MAC-I included in the initial signaling request message from the terminal. The method of claim 1, wherein the checking of the integrity of the terminal comprises: Calculating XMAC-I using a parameter (UIA / FRESH) included in the received signaling response message, a parameter (Ik) stored in the terminal, and a previously provided parameter (START); Checking the integrity of the received signaling response message by comparing the calculated XMAC-I with the MAC-I included in the received signaling response message from the terminal. . Mobile communication comprising a UE (User Equipment), a Radio Access Network (RAN) to which the terminal is wirelessly connected, and a Core Network (CN) to which the wireless access network is wired. In the system, a method for processing an initial signaling message for signaling connection or data transmission, Performing an integrity guarantee operation on a signaling request message for transmission by the terminal; Transmitting, by the terminal, a signaling request message on which the integrity guarantee operation is performed to the radio access network; Receiving, by the radio access network, a signaling request message on which the integrity operation has been performed, and forwarding the signaling request message on which the integrity operation is performed to the core network as an initial signaling request message; Receiving, by the core network, the forwarded initial signaling request message and checking the integrity of the received initial signaling request message; Transmitting, by the core network, an initial signaling response message to the radio access network in response to receiving the received initial signaling request message when the integrity check process is successfully performed; Receiving, by the radio access network, the initial signaling response message from the core network, and transmitting a signaling response message to the terminal as a response to the signaling request message on which the integrity operation is performed; And receiving, by the terminal, the signaling response message and checking the integrity of the received signaling response message. 6. The method of claim 5, wherein the integrity guarantee operation of the terminal is performed by generating a MAC-I using a pre-supplied parameter Ik and pre-supplied default parameters UIA / FRESH / START, to the radio access network. The initial signaling request message transmitted comprises the MAC-I. The method of claim 5, wherein the checking of the integrity of the core network comprises: Calculating XMAC-I using parameters (START, UIA, FRESH) included in the forwarded initial signaling request message and a previously provided parameter (Ik); And checking the integrity of the received initial signaling request message by comparing the calculated XMAC-I and the MAC-I included in the forwarded initial signaling request message. The method of claim 5, wherein the checking of the integrity of the terminal comprises: Calculating XMAC-I using parameters (UIA / FRESH) included in the received signaling response message and parameters (Ik / START) stored in the terminal; Checking the integrity of the received signaling response message by comparing the calculated XMAC-I with the MAC-I included in the received signaling response message from the terminal. . Mobile communication comprising a UE (User Equipment), a Radio Access Network (RAN) to which the terminal is wirelessly connected, and a Core Network (CN) to which the wireless access network is wired. In the system, a method for processing an initial signaling message for signaling connection or data transmission, Generating an initial signaling message, Performing an integrity guarantee operation on the generated message; Encrypting the message on which the integrity guarantee operation is performed and transmitting an encrypted initial signaling message, And the initial signaling message encrypted by performing the integrity guarantee operation is a message transmitted from the terminal to the wireless access network. delete 10. The method of claim 9, wherein the initial signaling message encrypted by performing the integrity guarantee operation is a message transmitted from the radio access network to the terminal. Mobile communication comprising a UE (User Equipment), a Radio Access Network (RAN) to which the terminal is wirelessly connected, and a Core Network (CN) to which the wireless access network is wired. In the system, a method for processing an initial signaling message for signaling connection or data transmission, Generating an initial signaling message comprising a header and a message field comprising a first field and a second field storing information of higher importance than information stored in the first field; Performing an integrity guarantee operation on the generated message; And encrypting the header and the first field of the generated message, encrypting the second field, and transmitting a partially encrypted initial signaling message. 13. The method of claim 12, wherein the first field includes terminal ID information. 13. The method of claim 12, wherein the second field includes terminal context information for encryption / decryption and integrity / check operation. 15. The method of claim 14, wherein the second field further includes service context information and location information. 16. The method of claim 14 or 15, wherein the terminal context information includes at least information about an encryption / decryption algorithm and information about an integrity / check algorithm. 13. The method of claim 12, wherein the partially encrypted initial signaling message is transmitted from the terminal to the radio access network. 18. The method of claim 17, wherein the information stored in the first field is information that the terminal and the wireless access network know. Mobile communication comprising a UE (User Equipment), a Radio Access Network (RAN) to which the terminal is wirelessly connected, and a Core Network (CN) to which the wireless access network is wired. In the system, a method for processing an initial signaling message for signaling connection or data transmission, Ensuring integrity and encrypting an initial uplink signaling message to be transmitted from the terminal to the radio access network, and transmitting the integrity and encrypted initial uplink signaling message to the radio access network; Receiving, integrity checking and decrypting the integrity guaranteed and encrypted initial uplink signaling message from the terminal in the radio access network, and transmitting the integrity checked and decrypted initial uplink signaling message to the core network; Receiving an initial downlink signaling message from the core network after transmitting the integrity checked and decrypted initial uplink signaling message in the radio access network; Ensuring integrity and encrypting the received initial downlink signaling message in the radio access network, and transmitting the integrity and encrypted initial downlink signaling message to the terminal; And receiving, decrypting, and integrity-checking the integrity downed and encrypted initial downlink signaling message from the radio access network at the terminal. 20. The method of claim 19, wherein the initial uplink signaling message to be transmitted from the terminal to the radio access network includes a header, a first field, and a second field storing information of higher importance than information stored in the first field. And a message field to be processed. 21. The method of claim 20, wherein the initial uplink signaling message transmitted from the terminal to the radio access network is a partially encrypted message. 22. The method of claim 21, wherein the partially encrypted initial signaling message is an unencrypted header and the first field and the second field is an encrypted initial signaling message. Mobile communication comprising a UE (User Equipment), a Radio Access Network (RAN) to which the terminal is wirelessly connected, and a Core Network (CN) to which the wireless access network is wired. In the system, a method for processing an initial signaling message for signaling connection or data transmission, Ensuring integrity and encrypting a bandwidth request message for requesting bandwidth for transmission of the initial uplink signaling message in the terminal, and transmitting an encrypted bandwidth request message to the radio access network; Receiving, decrypting and integrity checking a bandwidth request message from the terminal in the radio access network; Generating a bandwidth response message in response to receiving the bandwidth request message in the wireless access network, ensuring integrity and encrypting the bandwidth response message, and transmitting an encrypted bandwidth response message to the terminal; Receiving, decrypting and integrity checking a bandwidth response message from the radio access network at the terminal; When the decryption and integrity check operation for the bandwidth response message received by the terminal is successfully performed, an initial uplink signaling message is transmitted to the core network through the radio access network, and an initial downlink signaling message from the core network. Signaling message processing method comprising the step of receiving via the wireless access network. 24. The method of claim 23, wherein the bandwidth request message transmitted from the terminal to the radio access network comprises a header, a first field and a second field in which information of higher importance than information stored in the first field is stored. Signaling message processing method comprising a field. 25. The method of claim 24, wherein the bandwidth request message transmitted from the terminal to the radio access network is a partially encrypted message. 27. The method of claim 25, wherein the partially encrypted bandwidth request message is an unencrypted header and the first field and the second field is an encrypted bandwidth request message. Mobile communication comprising a UE (User Equipment), a Radio Access Network (RAN) to which the terminal is wirelessly connected, and a Core Network (CN) to which the wireless access network is wired. An apparatus for processing an initial signaling message for signaling connection or data transmission in a system, the apparatus comprising: A message generator for generating an initial signaling message; An integrity guarantee / encryption control unit which performs an integrity guarantee operation on the generated message and encrypts the generated message; A message transmitter for transmitting the integrity guarantee operation and an encrypted initial signaling message, The integrity guarantee operation and the encrypted initial signaling message are messages transmitted from the terminal to the radio access network. delete 28. The apparatus of claim 27, wherein the guaranteed integrity and encrypted initial signaling message is a message transmitted from the radio access network to the terminal. Mobile communication comprising a UE (User Equipment), a Radio Access Network (RAN) to which the terminal is wirelessly connected, and a Core Network (CN) to which the wireless access network is wired. An apparatus for processing an initial signaling message for signaling connection or data transmission in a system, the apparatus comprising: A message generator for generating an initial signaling message including a header, a first field, and a message field including a second field storing information of higher importance than information stored in the first field; An integrity / encryption control unit that performs an integrity guarantee operation on the generated message, encrypts the header and the first field of the generated message, and encrypts the second field; And a message transmitter for transmitting the partially encrypted initial signaling message. 31. The apparatus of claim 30, wherein the first field includes terminal ID information. 31. The apparatus of claim 30, wherein the second field includes terminal context information for encryption / decryption and integrity / check operation. 33. The apparatus of claim 32, wherein the second field further includes service context information and location information. 34. The apparatus of claim 32 or 33, wherein the terminal context information includes at least information about an encryption / decryption algorithm and information about an integrity / check algorithm. 31. The apparatus of claim 30, wherein the partially encrypted initial signaling message is transmitted from the terminal to the radio access network. 36. The apparatus of claim 35, wherein the information stored in the first field is information known to the terminal and the wireless access network.

Images