WO2022198671A1

WO2022198671A1 - Communication method and apparatus

Info

Publication number: WO2022198671A1
Application number: PCT/CN2021/083416
Authority: WO
Inventors: 李飞; 邓娟
Original assignee: 华为技术有限公司
Priority date: 2021-03-26
Filing date: 2021-03-26
Publication date: 2022-09-29
Also published as: CN116941263A

Abstract

A communication method and apparatus. The method comprises: acquiring a security parameter, wherein the security parameter is used to encrypt a message to be sent and/or used to decrypt a received message; and according to the security parameter, a first count value, a first bearer identity, first direction information and a key, encrypting the message to be sent, and/or according to the security parameter, a second count value, a second bearer identity, second direction information and a key, decrypting the received message. According to the method, an additional security parameter is added to existing parameters used for encryption and decryption, so as to encrypt a message to be sent, and/or decrypt a received message, so that the message security can be improved, and the risk of cracking a message can be reduced.

Description

A communication method and device

technical field

The present application relates to the field of wireless communication technologies, and in particular, to a communication method and device.

Background technique

In order to ensure the security of the communication between the terminal device and the access network and the core network, the messages between the terminal device and the network need to be encrypted. For example, in the 5th generation (5G) mobile communication system and the new radio (NR) system, in the access stratum (AS), the sender uses a key to encrypt the message to be sent, The parameters COUNT, BEARER, DIRECTION are also used as input parameters during encryption. Correspondingly, the receiver will also use the above input parameters to decrypt the encrypted message data. Among them, the key is the encryption key of the AS layer, COUNT is the value in the packet data convergence protocol (packet data convergence protocol, PDCP) counter (COUNT), which is 32 bits; BEARER is the 5-bit bearer identifier (5-bit bearer identity). DIRECTION is 1 bit, which identifies the upstream and downstream directions of the data. The value is 0 for upstream and 1 for downstream. The three parameters (COUNT, BEARER, DIRECTION) described above are generally called initialization vector (IV).

With the development of computer technology, the randomness and security strength of the key stream generated by the above initialization vector are at risk of being breached. Therefore, how to improve the randomness and security strength of the key stream to ensure the security of messages in the mobile communication network, is an urgent problem to be solved.

SUMMARY OF THE INVENTION

The purpose of the embodiments of the present application is to provide a communication method and apparatus, so as to improve the security of messages in a communication network.

In a first aspect, the present application provides a communication method, the execution subject of the method is a terminal device or an access network device or a core network device, the method includes: acquiring security parameters; the security parameters are used to encrypt messages to be sent, and/ or used to decrypt the received message; encrypt the message to be sent according to the security parameter, the first count value, the first bearer identifier, the first direction information and the key, and/or according to the security parameter, the second count value, the second The bearer identifier, the second direction information and the key decrypt the received message.

Through the above method, among the parameters used in the existing encryption and decryption, additional security parameters are added to encrypt the message to be sent, and/or decrypt the received message, so that the security of message transmission can be improved, and the security of the message can be reduced. risk of cracking. When the security parameter is used as a part of the initialization vector, the solution of the present application is equivalent to making the initialization vector longer, and using the longer initialization vector to encrypt and decrypt messages can improve the security of message transmission.

In a possible implementation manner, the security parameter is a bit sequence greater than or equal to 80 bits.

Since the length of the security parameter is at least 80 bits, the complexity of encryption is increased and the risk of being cracked is reduced.

In a possible implementation manner, the security parameter is a random number; or, the security parameter is related to at least one of the following parameters: a physical cell identifier; a synchronization signal block index; a temporary mobile user identifier; a resource identifier; an access network key; The derivation key of the access network key; the next hop chain counter value; the information of the next hop.

The security parameter is a random number, which can ensure that the security parameter does not have a generation law and reduce the risk of being cracked. The security parameters are generated according to other parameters, which can ensure that each terminal device obtains different security parameters, that is, for a terminal device, the security parameters of the terminal device are unique, which can improve the security. Further, for the access network key, the derivation secret key of the access network key, the next hop chain counter value and the information of the next hop among other parameters, these parameters are only the terminal equipment and the The corresponding network device knows, so the confidentiality of the generated security parameters can be guaranteed, thereby further improving the security of the security parameters. For parameters such as physical cell identity, synchronization signal block index, and temporary mobile user identity among other parameters, these parameters are easy to obtain, reducing the complexity of obtaining security parameters.

In a possible implementation manner, acquiring the security parameter includes: receiving a configuration message from a network device, where the configuration message includes the security parameter, and the network device is an access network device or a core network device; or, determining the security parameter according to the shared parameter, The security parameters are used for message transmission between the terminal device and the network device, and the shared parameters are parameters known to both the terminal device and the network device.

If the terminal device and the network device respectively generate security parameters according to the shared parameters, the network device does not need to transmit the security parameters to the terminal device, thereby reducing the risk of security parameter exposure and improving security.

In a possible implementation manner, the shared parameters include at least one of the following: a physical cell identifier; a synchronization signal block index; a temporary mobile user identifier; a resource identifier; an access network key; Next hop chain counter value; next hop information.

In a possible implementation manner, the method is applied to the terminal device, and before the security parameter is determined according to the shared parameter, the method further includes: receiving an access stratum security mode command message or a radio resource control connection reconfiguration message.

After receiving the above message, the terminal device generates security parameters, which can ensure that all messages after the above message can be encrypted and decrypted, thereby improving system security.

In a possible implementation manner, the method is applied to a core network device; before acquiring the security parameters, the method further includes: determining that at least one of the following is satisfied: determining to send a new next hop chain counter value and a next hop chain counter value to the access network device At least one of the hop information, wherein at least one of the new next hop chain counter value and the next hop information can be sent to the access network device together with the security parameter; determine to send the new access network password. determine the activation/change of the user plane security policy; determine to execute the non-access stratum security mode command process with the terminal device; determine to update the non-access stratum key; determine to generate the core network key or perform the core network key level deduction .

In this case, if the security parameter is used to encrypt and decrypt AS layer messages, the core network device also needs to send the security parameter to the access network device. If the security parameter is used to encrypt and decrypt NAS layer messages, the core network device may not send the security parameter to the access network device.

In a possible implementation manner, the method is applied to an access network device; before acquiring the security parameters, the method further includes: determining that at least one of the following is satisfied: determining to perform an access layer security mode command process or a radio resource control connection reconfiguration; Receive a new next hop chain counter value or next hop information or access network key; update the access network key; determine to send the next hop chain counter value or next hop to other access network devices information or access network key.

In a possible implementation manner, before acquiring the security parameter, the method further includes: determining that the access network device and the terminal device support encryption and decryption using the security parameter; or, determining that the terminal device supports encryption and decryption using the security parameter.

In a possible implementation manner, the method is applied to an access network device or a core network device, and the method further includes: sending a configuration message to the terminal device, where the configuration message includes security parameters.

In a possible implementation manner, the security parameters include a first security parameter and a second security parameter; the first security parameter is used to encrypt the message to be sent, and the second security parameter is used to decrypt the received message.

In a possible implementation manner, the configuration message is an access stratum security mode command message in the access stratum security mode command process; or, the configuration message is a radio resource control connection reconfiguration message in the radio resource control connection reconfiguration process. ; or, the configuration message is a non-access stratum security mode command message in the non-access stratum security mode command flow.

The access layer security mode command message and the radio resource control connection reconfiguration message can be considered as messages for activating user plane security. Sending security parameters through these messages can enable the messages that need to be encrypted and/or decrypted to be encrypted and/or decrypted in time. decrypt. If the security parameter is sent before the access layer security mode command message and the RRC connection reconfiguration message, because the previous message is not protected, the security parameter in the message will be tampered with, so the security of the security parameter cannot be guaranteed. The access layer security mode command message and the RRC connection reconfiguration message are themselves protected by security, such as being protected by the base station key, which can prevent the security parameters carried in these two messages from being tampered with, so the security parameters can be guaranteed. security.

In a second aspect, the present application further provides a communication device, the communication device having any of the methods provided in the above-mentioned first aspect. The communication device may be implemented by hardware, or by executing corresponding software by hardware. The hardware or software includes one or more units or modules corresponding to the above functions.

In a possible implementation manner, the communication apparatus includes: a processor configured to support the communication apparatus to perform corresponding functions of the methods shown above. The communication device may also include a memory, which may be coupled to the processor, which holds program instructions and data necessary for the communication device. Optionally, the communication apparatus further includes an interface circuit, and the interface circuit is used to support communication between the communication apparatus and equipment such as network equipment.

In a possible implementation manner, the communication device includes corresponding functional modules, which are respectively used to implement the steps in the above method. The functions can be implemented by hardware, or by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the above functions.

In a possible implementation manner, the structure of the communication device includes a processing unit and a communication unit, and these units can perform the corresponding functions in the above method examples. For details, please refer to the description of the method provided in the first aspect, which will not be repeated here. .

In a third aspect, a communication device is provided, comprising a processor and an interface circuit, wherein the interface circuit is configured to receive signals from other communication devices other than the communication device and transmit to the processor or send signals from the processor For other communication devices other than the communication device, the processor is configured to execute the computer program or instructions stored in the memory, so that the communication device implements the aforementioned first aspect and the method in any possible implementation manner of the first aspect.

In a fourth aspect, a computer-readable storage medium is provided, and a computer program or instruction is stored in the computer-readable storage medium, and when the computer program or instruction is executed on a computer, the computer is executed to realize the aforementioned first Aspects and methods in any possible implementation of the first aspect.

In a fifth aspect, there is provided a computer program product comprising computer-readable instructions, which, when executed on a computer, cause the computer to implement the aforementioned first aspect and any possible implementation manner of the first aspect Methods.

In a sixth aspect, a chip is provided, the chip includes a processor, and may also include a memory, the processor is coupled to the memory, and is configured to execute a computer program or instruction stored in the memory, so as to implement the foregoing first aspect and the first A method in any possible implementation of an aspect.

Description of drawings

FIG. 1 is a schematic diagram of a network architecture suitable for an embodiment of the present application;

Fig. 2 is a kind of encryption and decryption flow schematic diagram in the prior art;

3 is a schematic flowchart of a communication method provided by an embodiment of the present application;

4 is a schematic flow chart of encryption and decryption provided by an embodiment of the present application;

FIG. 5 is a schematic flowchart of a communication method provided by an embodiment of the present application;

FIG. 6 is a schematic flowchart of a communication method provided by an embodiment of the present application;

FIG. 7 is a schematic flowchart of a communication method provided by an embodiment of the present application;

FIG. 8 is a schematic structural diagram of a communication device according to an embodiment of the present application;

FIG. 9 is a schematic structural diagram of a communication device according to an embodiment of the present application.

Detailed ways

The embodiments of the present application will be described in further detail below with reference to the accompanying drawings.

The embodiments of the present application can be applied to various mobile communication systems, such as: a new radio (new radio, NR) system, a long term evolution (long term evolution, LTE) system, and other communication systems such as future communication systems. make restrictions.

In the embodiments of the present application, the interaction between a terminal device and an access network device or a core network device is used as an example for description. It should be noted that the methods provided in the embodiments of the present application can not only be applied to the interaction between the terminal device and the network side The interaction between two devices may also be applied to the interaction between any two devices, for example, device-to-device (device-to-device, D2D) communication, which is not limited in this embodiment of the present application.

In this embodiment of the present application, a terminal device may be referred to as a terminal for short, which is a device with a wireless transceiver function or a chip that can be provided in the device. The terminal device may also be referred to as user equipment (user equipment, UE), access terminal, or the like. In practical applications, the terminal device in the embodiments of the present application may be a mobile phone (mobile phone), a tablet computer (Pad), a computer with a wireless transceiver function, a virtual reality (virtual reality, VR) terminal, an augmented reality (augmented reality) , AR) terminal, wireless terminal in industrial control, etc. In this embodiment of the present application, the device for implementing the function of the terminal device may be the terminal device; it may also be a device capable of supporting the terminal device to realize the function, such as a chip system, and the device may be installed in the terminal device or connected with the terminal device. Match use.

Access network device: It can be a wireless access device under various standards in a wireless network. For example, an access network device can be a radio access network (RAN) node that connects a terminal device to a wireless network, or it can be a radio access network (RAN) node. It is called RAN equipment or base station. Some examples of access network equipment are: generation Node B (gNodeB), transmission reception point (TRP), evolved node B (evolved node B, eNB), radio network controller (radio network) controller, RNC), etc. In a network structure, the access network device may include a centralized unit (centralized unit, CU) node or a distributed unit (distributed unit, DU) node, or include a CU node and a DU node. When the access network equipment includes CUs and DUs, multiple DUs can be centrally controlled by one CU. In the embodiment of the present application, the device for implementing the function of the access network device may be the access network device; it may also be a device capable of supporting the access network device to realize the function, such as a chip system, and the device may be installed in the access network device. It can be used in the network access device or matched with the access network device.

Core network equipment, which can be a device used to manage the access and mobility of terminal equipment, such as an Access and Mobility Management Function (AMF) network element, or a mobility management entity (mobility management entity, MME) network element, etc., which are not limited in this application.

To facilitate understanding of the embodiments of the present application, a communication system applicable to the embodiments of the present application is first described. As shown in FIG. 1 , FIG. 1 is a schematic diagram of a network architecture to which an embodiment of the present application is applied. In FIG. 1 , a terminal device can access a wireless network through an access network device to obtain services from an external network (eg, the Internet) through the wireless network, or communicate with other devices through the wireless network, such as with other terminal devices.

In order to improve the security of data transmission, the access stratum (access stratum, AS) message between the access network device and the terminal device needs to be encrypted. Specifically, as shown in Figure 2, when the sender uses the key KEY to encrypt the plaintext data, it uses the parameters COUNT, BEARER, DIRECTION and the data length LENGTH as input parameters, and uses the encryption algorithm to generate a key stream block (KEYSTREAM BLOCK). The sender performs XOR calculation on the generated key stream block and the plaintext block (PLAINTEXT BLOCK) to be sent to the receiver, and then sends the ciphertext block (CIPHERTEXT BLOCK) obtained by the XOR calculation to the receiver.

Correspondingly, the receiving end uses the parameters COUNT, BEARER, DIRECTION and the data length LENGTH as input parameters, and uses the same encryption algorithm to generate a key stream block. The receiver performs XOR calculation between the key stream block and the ciphertext block from the sender, thereby recovering the plaintext block sent by the sender.

Among them, the key KEY can be the encryption key of the AS layer, COUNT is the value in the PDCP counter, with a length of 32 bits; BEARER is a 5-bit bearer identifier; DIRECTION indicates the direction information, which identifies the upstream and downstream directions of the data, with a length of 1 bit , the value is 0 when going up, and 1 when going down. The specific implementation manner of the encryption algorithm is not limited, and it can be stipulated by the protocol or specified by the network side. In the embodiment of the present application, the encryption algorithm may be a 128-bit 5G encryption algorithm (encryption algorithm for 5G) or a 256-bit 5G encryption algorithm, etc. The 128-bit 5G encryption algorithm includes but is not limited to the third generation of SNOW (the third generation, 3G) 128 algorithm, advanced encryption standard (AES) 128 algorithm, Zu Chongzhi 128 algorithm, etc.; 256-bit 5G encryption algorithms include but are not limited to SNOW-V 256 algorithm, AES256 algorithm, Zu Chongzhi 256 algorithm, etc.

Similarly, non-access stratum (non access stratum, NAS) messages between the core network device and the terminal device also need to be encrypted. Different from the AS layer, the key used at the NAS layer is the encryption key of the NAS layer, the corresponding BEARER is the NAS connection identifier, and the COUNT is 0x00||NAS COUNT, NAS COUNT It can be considered as the value of a counter on the NAS side. The length of the NAS COUNT is 24 bits, and the entire COUNT is also 32 bits. In the NAS layer, the meaning of DIRECTION is similar to that of the AS layer. The upper line is the terminal device to send a message to the core network device, the lower line is the core network device to send the message to the terminal device, and || is a splicer.

The network architecture and service scenarios described in the embodiments of the present application are for the purpose of illustrating the technical solutions of the embodiments of the present application more clearly, and do not constitute a limitation on the technical solutions provided by the embodiments of the present application. The evolution of the architecture and the emergence of new business scenarios, the technical solutions provided in the embodiments of the present application are also applicable to similar technical problems.

Some scenarios in the embodiments of the present application are described by taking the scenario of an NR network as an example. It should be noted that the solutions in the embodiments of the present application can also be applied to other wireless communication networks, and the corresponding names can also be used in other wireless communication networks. The name of the corresponding function will be replaced, and it will not be repeated here.

In the embodiment of the present application, in order to improve the security of communication between devices, the security parameters are introduced to encrypt and decrypt messages, so as to enhance the security of encryption and decryption.

Specifically, in an implementation manner, the terminal device obtains the security parameter from the network device, so that the message to be sent can be encrypted according to the security parameter, the first count value, the first bearer identifier, the first direction information and the key, And/or decrypt the received message according to the security parameter, the second count value, the second bearer identifier, the second direction information and the key.

Wherein, the security parameter is used to encrypt the message to be sent and/or used to decrypt the received message. The security parameter can be a sequence of bits. The length of the security parameter is not limited, for example, it can be greater than or equal to 80 bits, such as 88 bits or 90 bits, etc., other lengths are also possible.

The first count value, the first bearer identifier and the first direction information are determined according to the message to be sent. For example, the first count value may refer to the sequence number corresponding to the message to be sent at the PDCP layer, which may also be referred to as COUNT; the first bearer identifier may refer to the bearer identifier of the bearer corresponding to the message to be sent; the first direction The information may indicate the transmission direction of the message to be sent. For example, the first direction information includes 1 bit, and the value is 0 when the transmission direction of the message to be sent is uplink, and the value is 1 when the transmission direction of the message to be sent is downlink.

The second count value, the second bearer identifier, and the second direction information are determined according to the received message. For example, the second count value may refer to the sequence number corresponding to the received message at the PDCP layer, which may also be called COUNT; the second bearer identifier may refer to the bearer identifier of the bearer corresponding to the received message; the second direction information may Indicates the transmission direction of the received message. For example, the second direction information includes 1 bit, and the value is 0 when the transmission direction of the received message is uplink, and the value is 1 when the transmission direction of the received message is downlink.

The key may refer to the encryption key of the AS layer, or may refer to the encryption key of the NAS layer, which is determined according to the actual situation.

It should be noted that, for the same message, the count value, bearer identifier, and direction information used by the sender for encryption are the same as the count value, bearer identifier, and direction information used by the receiver for decryption. For different messages, in addition to the security parameters and keys, the count value, bearer identification and direction information may vary according to the change of the message.

For the network device, the message to be sent may also be encrypted according to the security parameter, the first count value, the first bearer identifier, the first direction information, and the key, and/or according to the security parameter, the second count value, the second bearer identifier , the second direction information and the key to decrypt the received message. The network device may be an access network device or a core network device.

In this embodiment of the present application, the security parameter may be used to encrypt and/or decrypt the AS layer message; the security parameter may also be used to encrypt and/or decrypt the NAS layer message. The NAS layer message and the AS layer message may be encrypted and/or decrypted using the same security parameters, or may be encrypted and/or decrypted using different security parameters.

In another implementation manner, the same method may be used to generate security parameters between the network device and the terminal device, so as to avoid sending the security parameters through the network.

The following describes how to obtain security parameters and how to use security parameters from the perspective of device interaction. In each embodiment of the present application, if the parameter names are the same, they may represent the same meaning, and will not be described one by one.

Example 1:

In the first embodiment, taking the network device as the first access network device as an example, the terminal device may obtain security parameters from the first access network device, and the security parameters may be used to encrypt and/or decrypt AS layer messages. Of course, if the AS layer message and the NAS layer message can be encrypted and/or decrypted using the same security parameter, then the security parameter can also be used to encrypt and/or decrypt the NAS layer message.

As shown in FIG. 3 , a schematic flowchart of a communication method provided by an embodiment of the present application is shown. In FIG. 3 , operations performed by the terminal device may also be performed by a chip or module inside the terminal device, and operations performed by the first access network device may also be performed by a chip or module inside the first access network device. Referring to Figure 3, the method includes:

S301: The first access network device acquires security parameters, and sends the security parameters.

The first access network device may acquire the security parameters in various manners. In the first implementation manner, the first access network device may generate the security parameters autonomously.

For example, the first access network device may generate a random number and use the random number as a security parameter. Alternatively, the first access network device may also generate a new security parameter according to the currently used security parameter, and use the security parameter obtained by the new security parameter, such as the accumulation of the currently used security parameter and a preset value. and as security parameters.

For another example, the first access network device may also generate security parameters according to other parameters, for example, the security parameters may also be related to at least one of the following parameters:

A random number generated by the first access network device; a physical cell identifier, such as the identifier of the physical cell where the terminal device is located; a synchronization signal block index, such as the index of a synchronization signal block sent by the first access network device to the terminal device; the terminal device Temporary mobile subscriber identity (serving-temporary mobile subscriber identity, s-TMSI) of the device; resource identifier for the terminal device to receive or send data; the current access network key, for example, the access network key may refer to the base station key Kgnb ; Deduction secret key of the current access network key; next hop chaining counter value (next hop chaining counter, NCC), for example, can be the current next hop chain counter value; next hop (next hop, NH) The information, for example, can be the information of the current next hop. The next hop information may refer to the next hop key, and the next hop key may refer to the intermediate key in the cell handover process, which can be used to provide forward security (forward secrecy) in the cell handover process. . The next hop information can be used to generate a new access network key.

The above are just examples, and the parameters for generating the security parameters are not limited to those listed above, and other parameters may exist, which will not be repeated here.

It should be noted that the following briefly introduces the security mechanism of the access layer. There is a complete set of security mechanisms in the access layer of the wireless access network. Taking the NR network as an example, the access layer security mechanism is activated during the establishment of the initial security context. In this process, the terminal device and the network side respectively calculate the initial access stratum root key, that is, the access network key, according to the core network key (also referred to as the access stratum root key). Based on the access network key, the terminal device and the access network device further calculate one or more encryption and integrity protection keys for encryption and integrity protection of signaling and user plane data. The integrity protection key is the key used to encrypt the message to be sent and decrypt the received message.

In order to improve security, a "next hop" mechanism is introduced into the radio access network. At the first handover, the access layer can always perform a so-called "horizontal handover": directly use the initial access network key to calculate a new access network key. However, in the subsequent handover process between nodes, the access layer needs to perform at least "vertical handover": calculate a new access network key according to a certain "next hop information" provided by the non-access layer. Intra-node switching can still use the "horizontal switching" method. In order to ensure the synchronization between the terminal device and the network side, the network side will determine the new access network key by instructing the terminal device which next hop to use through the next hop chain counter value.

Therefore, in this embodiment of the present application, if a new next-hop chain counter value or new next-hop information or a new access network key needs to be acquired, it may indicate that the message to be sent is encrypted and/or the message to be received is encrypted. The key for decrypting the message also needs to be updated, and accordingly, security parameters need to be updated or generated.

In addition, the algorithm used by the first access network device to generate the security parameter is not limited in the embodiments of the present application, for example, it may be a hash-based message authentication code (HMAC) secure hash algorithm 256 (secure hash). algorithm 256, SHA-256) algorithm, that is, the HMAC algorithm that uses SHA-256 to generate hash values.

In this embodiment of the present application, when the first access network device acquires the security parameters, there may be various situations, for example, it may include but not limited to one or more of the following timings:

At the first opportunity, it is determined to perform the access layer security mode command process or the radio resource control connection reconfiguration. The first access network device may first determine that the access layer security mode command process or radio resource control connection reconfiguration is to be performed, and then acquire or generate security parameters. Before acquiring or generating the security parameter, the first access network device may also execute a part or all of the access layer security mode command process or the radio resource control connection reconfiguration.

At the second opportunity, a new next-hop chain counter value or new next-hop information or a new access network key is received. For the next hop chain counter value, the information of the next hop, the access network key, and the relationship between the keys, reference may be made to the description in the prior art, and details are not repeated here.

The third opportunity is to update the access network key. The access network key may refer to the key used to encrypt user plane services, for example, the access network key may refer to the base station key Kgnb.

At the fourth opportunity, it is determined to send at least one of the next hop chain counter value, next hop information or access network key to other access network devices, wherein the next hop chain counter value, next hop information or At least one of the access network keys may be sent to the other access network device together with the security parameters.

When one or more of the above occasions are satisfied, it indicates that the terminal device needs to be configured with parameters and keys for encrypting and/or decrypting messages, or it indicates that the parameters and keys for encrypting and/or decrypting messages need to be updated for the terminal device. key, for which the first access network device can obtain the security parameters and send them to the terminal device.

In combination with the above description, the various timings described above can correspond to various scenarios, for example, including but not limited to the following scenarios:

Scenario 1: The terminal device initially accesses the first access network device. At this time, the terminal device initiates an initial registration request to the core network through the first access network device, and the first access network device can receive the information from the core network. After the terminal device makes the initial context establishment request, it needs to perform the access layer security mode command flow or the radio resource control connection reconfiguration with the terminal device.

Scenario 2, a terminal device in an idle mobility state accesses the first access network device. Likewise, in this scenario, the first access network device may determine that the access layer security mode command process or the radio resource control connection reconfiguration needs to be performed with the terminal device.

Scenario 3, when the first access network device includes a CU node and a DU node, when the DU node of the terminal device in the first access network device changes but the CU node does not change, the first access network device needs to update the AS layer Security context, such as update access network key Kgnb.

Scenario 4: The terminal device is switched from the evolved packet system (EPS) to the 5G system. In this scenario, the first access network device (target access network device) is the access network device in the 5G system, and the second The access network device (source access network device) is the access network device in the EPS system. In this scenario, the first access network device needs to send the next hop chain counter value or the next hop information or the access network key to other access network devices (ie, the second access network device). At this time, the first access network device generates security parameters, and sends the security parameters to the target AMF through the handover request response message. The target AMF then forwards the security parameters to the source MME, and the source MME forwards the security parameters to the second access network. device, so that the security parameter is forwarded to the terminal device by the second access network device.

Scenario 5, the terminal device is in an idle state in the EPS, and then switches to the 5G system. In this scenario, the first access network device (target access network device) can determine that it needs to perform an access layer security mode command with the terminal device. Process or RRC connection reconfiguration. The security parameters are generated by the first access network device and sent to the terminal device.

Scenario 6: When the radio resource control (RRC) is re-established, if the air interface of the terminal device changes, the source access network device switches to the target access network device. In this scenario, the source access network device can be The device or the target access network device generates the security parameter, that is to say, the first access network device may be the source access network device or the target access network device. Due to the change of the air interface, when the first access network device can be the source access network device, the first access network device needs to send the next hop chain counter value or the next hop chain counter value to other access network devices (source access network devices). hop information or access network key, etc., so as to determine the need to generate security parameters. When the first access network device may be the target access network device, since the RRC re-establishment needs to perform an RRC reconfiguration process, it is determined that the security parameter needs to be generated.

Scenario 7, in a dual-connectivity (DC) scenario, in this scenario, the first access network device may be a primary base station or a secondary base station. If the primary base station needs to add or modify the secondary base station, the access layer security mode command process or the radio resource control connection reconfiguration process needs to be performed between the secondary base station and the terminal device, then the primary base station or the secondary base station can generate security parameters. If the secondary base station generates security parameters, the security parameters are sent to the primary base station through messages such as the secondary base station addition response message or the secondary base station modification response message, and finally the primary base station sends the security parameters to the terminal device.

Scenario 8, Xn handover, in this scenario, the core network device (for example, AMF) does not change: Specifically, the terminal device is switched from the second access network device to the first access network device. At this time, the first access network device Can receive the new next-hop chain counter value, new next-hop information and new access network key and other information, the first access network device can generate security parameters, and pass the handover request (handover request) An acknowledgement (acknowledge, ACK) message sends the security parameter to the second access network device, so that the second access network device forwards the security parameter to the terminal device.

Scenario 9, N2 handover, in this scenario, the core network equipment (such as AMF) changes: Specifically, the terminal equipment is switched from the second access network equipment to the first access network equipment, and the first access network equipment can After receiving the new next-hop chain counter value, new next-hop information, and new access network key and other information, the first access network device can generate security parameters and respond with a handover request The message sends security parameters to the target core network device (eg, target AMF), and the target core network device forwards the security parameters to the second access network device, so that the second access network device forwards the security parameters to the terminal device.

It should be noted that, in scenarios 1 to 9, the first access network device may directly send the security parameters, or may send the identifiers of the security parameters or the parameters and algorithms used to generate the security parameters.

In addition, before generating the security parameter, the first access network device can also determine whether the terminal device supports encryption and/or decryption using a 256-bit encryption algorithm. If it is determined that the terminal device supports encryption and/or decryption using a 256-bit encryption algorithm, The core network equipment may generate security parameters.

Alternatively, before generating the security parameters, the first access network device may also determine whether the terminal device supports encryption and/or decryption by using security parameters. If it is determined that the terminal device supports encryption and/or decryption by using security parameters, the core network device may Generate security parameters.

Alternatively, before generating the security parameter, the first access network device may also determine whether the terminal device supports encryption and/or decryption by using the extended IV. If it is determined that the terminal device supports encryption and/or decryption by using the extended IV, the core network device may Generate security parameters. Wherein, using the extended IV to perform encryption and/or decryption may refer to using the IV and parameters other than the IV (for example, security parameters) to perform encryption and/or decryption.

It should be noted that when decrypting the received message or encrypting the message to be sent, the terminal equipment, access network equipment and core network equipment in the current standard all support the 128-bit encryption algorithm, and the 128-bit encryption algorithm is in the In the future, it will no longer be safe. Therefore, in the embodiment of the present application, when the security parameter is used, it is required that the terminal device, the access network device, and the core network device all support the 256-bit encryption algorithm. Therefore, the first access network device can determine whether the terminal device can use the security parameter to encrypt and/or decrypt the message according to whether the terminal device supports the 256-bit encryption algorithm.

In the second implementation manner, the first access network device acquires the security parameters from the core network device.

In this implementation manner, when the first access network device acquires the security parameters, that is, the timing when the core network device generates the security parameters, there may be various situations, for example, it may include but not limited to any of the following timings: the core network device Determine to send the new next hop chain counter value or new next hop information to the access network device, wherein at least one of the new next hop chain counter value and the next hop information can be together with the security parameter sent to the access network device; the core network device determines to send a new access network key, wherein the new access network key can be sent to the access network device together with the security parameters; the core network device determines to activate/modify User plane security policy.

Likewise, the above-mentioned various occasions can be applied to the scenarios 1 to 2 and scenarios 4 to 9 described above. The following describes how, in various scenarios, the first access network device specifically acquires security parameters from the core network device.

Scenario 1, in the scenario where the terminal device initially accesses the first access network device, the core network device may send the security parameters to the first access network device through an initial context setup message.

Scenario 2: In the scenario where the terminal device in the idle mobility state accesses the first access network device, the core network device can send the security parameters to the first access network device through the UE context modification request message. access network equipment.

Scenario 4: The terminal device switches from EPS to 5G system. At this time, the target base station can obtain the security parameters from the handover request of the AMF, and then carry the security parameters in the handover request response sent to the target AMF. The handover request response is sent to the target AMF via the target AMF. It is forwarded to the source MME, and then forwarded by the source MME to the source base station, and finally sent to the UE by the source base station. The first access network device may be the source base station, and the core network device may be the AMF.

Scenario 5, the terminal device is in the idle state in the EPS, and then switches to the 5G system. The core network device (target core network device) can send the security parameters to the first access network device through the initial context establishment message or the UE context modification request message , and then sent by the first access network device (target access network device) to the terminal device.

Scenario 6: In the RRC re-establishment scenario, if the terminal device switches access network devices, the core network device can generate security parameters and send them to the source access network device, and the target access network device can obtain the UE through the data sent by the source access network device. Security parameters are obtained from the context response (retrieve UE context response) message.

Scenario 8, in the Xn handover scenario, the first access network device (target access network device) can obtain the security parameters through the path switch request ACK (path switch request ACK) message of the core network device.

In the ninth scenario, in the N2 handover scenario, the first access network device (target access network device) may obtain security parameters through a handover request message of the core network device (target core network device). The first access network device sends the security parameter to the source core network device through the handover request response message, and then forwards it to the second access network device (source access network device) by the source core network device, and finally the source access network device. The device sends security parameters to the end device.

In addition, before generating the security parameters, the core network device can also determine whether the terminal device supports encryption and/or decryption using a 256-bit encryption algorithm. If it is determined that the terminal device supports encryption and/or decryption using a 256-bit encryption algorithm, the core network device Security parameters can be generated.

Alternatively, before generating the security parameters, the core network device may also determine whether the terminal device supports encryption and/or decryption using the security parameters. If it is determined that the terminal device supports encryption and/or decryption using the security parameters, the core network device may generate the security parameters. .

Alternatively, before generating the security parameters, the core network device can also determine whether the terminal device supports encryption and/or decryption using the extended IV, and if it is determined that the terminal device supports encryption and/or decryption using the extended IV, the core network device can generate the security parameters. . Wherein, using the extended IV to perform encryption and/or decryption may refer to using the IV and parameters other than the IV (for example, security parameters) to perform encryption and/or decryption.

In the embodiment of the present application, there may be various implementation manners for how the first access network device specifically sends the security parameter. The first access network device may send the security parameter to the terminal device through a configuration message. For example, the configuration message may be an access layer security mode command message in an access layer security mode command (security mode command, SMC) process, and the AS security mode command message may be used to instruct to perform an AS security mode command, the message can also indicate the 256-bit encryption algorithm used for encryption. Security parameters, count values, bearer identifiers, direction information, and message length can be used as input parameters, and a 256-bit encryption algorithm is used to generate a key stream block for encrypting or decrypting messages. 256-bit encryption algorithms include but are not limited to SNOW-V 256 algorithm, AES 256 algorithm, Zu Chongzhi 256 algorithm, etc. Among them, in the AS SMC process, the first access network device can indicate information such as integrity protection and confidentiality protection algorithms, so as to establish AS security with the terminal device.

For another example, the configuration message may also be a RRC connection reconfiguration message in the RRC connection reconfiguration process, and the RRC connection reconfiguration message may be used to instruct to perform RRC connection reconfiguration; In the reconfiguration process, the first access network device may indicate information such as integrity protection and confidentiality protection algorithms, so as to establish AS security with the terminal device. The 256-bit encryption algorithm used for encryption may also be indicated in the RRC connection reconfiguration message.

The access layer security mode command message and the radio resource control connection reconfiguration message can be considered as messages for activating user plane security. Sending security parameters through these messages can enable the messages that need to be encrypted and/or decrypted to be encrypted and/or decrypted in time. decrypt. If the security parameter is sent before the access layer security mode command message and the RRC connection reconfiguration message, the previous message is not protected, and the security parameter in the message will be tampered with.

It should be noted that the above is just an example, and the first access network device may also send security parameters for encrypting and/or decrypting AS layer messages to the terminal device through the NAS SMC process.

In addition, in addition to sending the security parameters, the first access network device may also send parameters such as a key, a next-hop chain counter value, and next-hop information to the terminal device, which will not be described one by one here.

S302: The terminal device obtains security parameters.

As mentioned above, the terminal device may acquire the security parameters from the first access network device. For example, the security parameters are obtained through the access layer security mode command message in the AS SMC process, or the security parameters are obtained through the RRC connection reconfiguration message in the RRC connection reconfiguration process.

S303: The terminal device encrypts the message to be sent according to the security parameter, the first count value, the first bearer identifier, the first direction information, and the key, and/or according to the security parameter, the second count value, the second bearer identifier, the first The bidirectional information and the key decrypt the received message.

S304: The first access network device encrypts the message to be sent according to the security parameter, the first count value, the first bearer identifier, the first direction information and the key, and/or according to the security parameter, the second count value, the second The bearer identifier, the second direction information and the key decrypt the received message.

It should be noted that the execution order of S303 and S304 is not limited, and may be executed sequentially or simultaneously.

It should be noted that the security parameter is used to encrypt the message to be sent, which may refer to the encryption operation of the message to be sent by using the security parameter and the like as an input parameter. The security parameter is used to decrypt the message to be sent, which may refer to the decryption operation of the received message by using the security parameter and the like as an input parameter parameter.

For example, as shown in FIG. 4 , a schematic diagram of an encryption/decryption message provided by an embodiment of the present application is shown. In FIG. 4 , when the sender (the first access network device or the terminal device) encrypts the plaintext block (including the data to be transmitted) using the key KEY, it uses the security parameters, the first count value, the first bearer identifier, the The first direction information and length are used as input parameters, and an encryption algorithm is used to generate a key stream block. where length is the length of the message to be sent. The sender performs XOR calculation between the key stream block and the plaintext block to be sent to the receiver (terminal device or the first access network device) to obtain the ciphertext block, and then sends the ciphertext block to the receiver.

The encryption algorithm may be a 256-bit encryption algorithm, including but not limited to SNOW-V 256 algorithm, AES256 algorithm, Zu Chongzhi 256 algorithm, etc.

Correspondingly, the receiving end uses the parameter security parameter, the first count value, the first bearer identifier, the first direction information, and the length as input parameters, and uses the same encryption algorithm to generate the key stream block. The receiver performs XOR calculation between the key stream block and the ciphertext block from the sender, thereby recovering the plaintext block sent by the sender.

It should be noted that, in FIG. 4 , the message sent by the sender is received by the receiver, so for this message, the first count value, the first bearer identifier, and the first direction information are all used as input parameters. If the message sent by the sender and the message received by the receiver in FIG. 4 are not the same message, the count value, bearer identifier and direction information may be different.

Among them, if the security parameter is used to encrypt and/or decrypt the AS layer message, the key KEY is the encryption key of the AS layer, COUNT is the value in the PDCP counter; BEARER is the bearer identifier; DIRECTION represents the direction information, which identifies the upstream and downstream directions of the data .

It should be noted that, in the embodiment of the present application, in a possible implementation manner, the security parameter may be used to encrypt the message to be sent, and may also be used to decrypt the received message. In this case, the security parameters used by the sender when encrypting the message to be sent are the same as those used by the receiver when encrypting the message to be sent.

In another possible implementation manner, the security parameters include a first security parameter and a second security parameter; the first security parameter is used to encrypt the message to be sent, and the second security parameter is used to decrypt the received message. At this time, the security parameter used by the sender to encrypt the message to be sent is different from the security parameter used by the receiver to encrypt the message to be sent. For example, the sender uses the first security parameter when encrypting the message to be sent, and the receiver encrypts the message to be sent. message using the second security parameter.

Through the above method, the message to be sent is encrypted by using the security parameter at the AS layer, and/or the received message is decrypted, so that the security of the AS layer message can be improved and the risk of being cracked can be reduced.

Embodiment 2:

In the second embodiment, taking the network device as an access network device as an example, the terminal device and the access network device respectively generate security parameters according to the same method, in this case, the access network device does not need to send the security parameters to the terminal device, In the second embodiment, description is given by taking the example that the security parameter can be used to encrypt and/or decrypt the AS layer message. Of course, if the AS layer message and the NAS layer message can be encrypted and/or decrypted using the same security parameter, then the security parameter can also be used to encrypt and/or decrypt the NAS layer message. It will be described in detail below.

As shown in FIG. 5 , a schematic flowchart of a communication method provided by an embodiment of the present application is shown. In FIG. 5 , operations performed by the terminal device may also be performed by a chip or module inside the terminal device, and operations performed by the access network device may also be performed by a chip or module inside the access network device. Referring to Figure 5, the method includes:

Optionally, S501: The access network device sends an AS security mode command message or an RRC connection reconfiguration message to the terminal device.

The AS security mode command message can be used to instruct the AS security mode command, and the RRC connection reconfiguration message can be used to instruct the RRC connection reconfiguration. These two messages can also indicate the 256-bit encryption algorithm used for encryption, where the 256 Bit encryption algorithms include but are not limited to SNOW-V 256 algorithm, AES256 algorithm, Zu Chongzhi (ZUC) 256 algorithm, etc.

S502: The access network device acquires security parameters.

It should be noted that, if the AS layer message and the NAS layer message can be encrypted and/or decrypted using the same security parameter, the access network device can also send the security parameter to the core network device.

S503: The terminal device obtains security parameters.

It should be noted that the execution order of S502 and S503 is not limited, and may be executed sequentially or simultaneously.

In S502 and S503, the access network device may acquire the security parameters through the core network device, or may generate the security parameters independently. End devices can generate security parameters autonomously.

When the access network device obtains the security parameter from the core network device, the core network device may determine the security parameter according to the shared parameter, and send the security parameter to the access network device. Similarly, when the access network device or the terminal device independently generates the security parameter, the access network device or the terminal device can determine the security parameter according to the shared parameter, where the shared parameter is the terminal device and the core network device, or the terminal device and the access network device. parameters known to all network devices.

For example, when the access network device and the terminal device respectively use the same shared parameters to generate the same security parameters, the shared parameters may include at least one of the following:

Physical cell identification, such as the identification of the physical cell where the terminal equipment is located; synchronization signal block index, such as the index of the synchronization signal block sent by the access network equipment to the terminal equipment; S-TMSI of the terminal equipment; resource identification, such as the terminal equipment receives or the resource identifier for sending data; the access network key, for example, the access network key may refer to the current base station key Kgnb; the derivation secret key of the access network key, for example, may refer to the current base station key Kgnb Derive the secret key; the next hop chain counter value, for example, can refer to the currently used next hop chain counter value; the next hop information, for example, can refer to the currently used next hop information.

For example, when the core network device and the terminal device respectively use the same shared parameters to generate the same security parameters, the shared parameters may include at least one of the following:

Physical cell identification, such as the identification of the physical cell where the terminal equipment is located; synchronization signal block index, such as the index of the synchronization signal block sent by the access network equipment to the terminal equipment; uplink (uplink, UL) NAS COUNT; downlink (downlink, DL) ) NAS COUNT; globally unique temporary UE identity (GUTI) of the terminal device; resource identifier, such as the resource identifier of the terminal device to receive or send data; core network key, such as the core network key can refer to the current The AMF key Kamf, the core network key can be used to generate the access network key, the access network key can be used to generate the encryption and integrity protection key, the encryption and integrity protection key is to be sent The key for message encryption and/or decryption of the received message; the derivation key of the core network key, for example, can refer to the derivation key of the current AMF key Kamf; the next hop chain counter value, for example, can refer to the current The counter value of the next hop chain used; the information of the next hop, for example, may refer to the information of the currently used next hop.

In this embodiment of the present application, the currently used next hop chain counter value and the currently used next hop information may respectively refer to the next hop chain counter value and the next hop information for generating the current access network key. .

In addition, the algorithm used when generating the security parameter is not limited in the embodiment of the present application, and may be, for example, the HMAC-SHA256 algorithm. For example, if the shared parameters are the current base station key Kgnb and S-TMSI, the HMAC-SHA256 algorithm can be used, and the base station key Kgnb and S-TMSI can be used as input parameters to obtain security parameters. The specific calculation process is no longer Repeat.

The timing for the terminal device to generate security parameters may include but is not limited to the following timings:

Receive the access layer security mode command message or the RRC connection reconfiguration message; after receiving the above message, the terminal device generates security parameters, which can ensure that the messages after the above message can be encrypted and/or decrypted by the security parameters, improving the Communication security performance.

An access stratum security context is generated, where the access stratum security context includes at least one of a next hop chain counter value, next hop information, and an access network key. The terminal device may determine that the access stratum security context needs to be generated when receiving the access stratum security mode command message or the RRC connection reconfiguration message.

It should be noted that, for the timing of generating the security parameter by the access network device and the core network device, reference may be made to the description in Embodiment 1, and details are not repeated here. In addition, the application scenarios corresponding to the timing of generating the security parameters by the terminal device, the access network device, and the core network device may be scenarios 1 to 9 in the first embodiment, which will not be repeated here.

It should be noted that, before the core network device or the access network device generates the security parameters, it can also determine whether the terminal device supports the 256-bit encryption algorithm for encryption and/or decryption by using security parameters, or whether it supports encryption and/or decryption by using security parameters. or decryption, or whether to support encryption and/or decryption with extended IV, if it is determined that the terminal device supports 256-bit encryption algorithm or supports the use of security parameters or whether it supports encryption and/or decryption with extended IV, security parameters can be generated.

Before generating the security parameter, the terminal device can generate the security parameter if it is determined that the AS security mode command message or the RRC connection reconfiguration message indicates a 256-bit encryption algorithm or that the access network device supports encryption and/or decryption using the security parameter.

Optionally, S504: The terminal device sends an AS security mode command completion message or an RRC connection reconfiguration completion message to the access network device.

S505: The terminal device encrypts the message to be sent according to the security parameter, the first count value, the first bearer identifier, the first direction information, and the key, and/or according to the security parameter, the second count value, the second bearer identifier, the first The bidirectional information and the key decrypt the received message.

S506: The access network device encrypts the message to be sent according to the security parameter, the first count value, the first bearer identifier, the first direction information, and the key, and/or according to the security parameter, the second count value, and the second bearer identifier , the second direction information and the key to decrypt the received message.

It should be noted that the execution order of S505 and S506 is not limited, and may be executed sequentially or simultaneously.

For the specific implementation process of S505 and S506, reference may be made to the foregoing description, which will not be repeated here.

In the above method, the access network device and the terminal device can respectively generate the same security parameters according to the same parameters and methods, so the access network device does not need to send security parameters to the terminal device, thereby avoiding security parameter exposure and improving system security. .

Embodiment three:

In the third embodiment, taking the network device as the core network device as an example, the terminal device may obtain security parameters from the core network device, and the security parameters may be used to encrypt and/or decrypt NAS layer messages. Of course, if the AS layer message and the NAS layer message can be encrypted and/or decrypted using the same security parameter, then the security parameter can also be used to encrypt and/or decrypt the AS layer message.

As shown in FIG. 6 , a schematic flowchart of a communication method provided by an embodiment of the present application is shown. In FIG. 6 , operations performed by the terminal device may also be performed by a chip or module inside the terminal device, and operations performed by the core network device may also be performed by a chip or module inside the core network device. Referring to Figure 6, the method includes:

S601: The core network device obtains security parameters and sends the security parameters.

The core network equipment may be equipment such as AMF or MME, which is not limited in this application.

In a possible implementation manner, the timing for the core network device to generate the security parameter may include but is not limited to the following timings:

Determine to carry out the NAS SMC process;

Determine that the key needs to be updated. In NAS, the key refers to the NAS key;

Determine to send a new next-hop chain counter value or next-hop information to the access network device;

Determine to generate the core network key, the core network key may refer to Kamf, etc.;

Determine the core network key level derivation.

When the above-mentioned timing for generating the security parameters is satisfied, it may indicate that the terminal device needs to be configured with parameters and keys for encrypting and/or decrypting messages, or it may indicate that the terminal device needs to update the parameters and keys for encrypting and/or decrypting messages. key.

How the core network device specifically generates the security parameter is not limited in this embodiment of the present application, and reference may be made to the description in Embodiment 1 or Embodiment 2, which will not be repeated here.

It should be noted that, before generating the security parameters, the core network device can also determine whether the terminal device supports the 256-bit encryption algorithm for encryption and/or decryption using security parameters, or whether it supports encryption and/or decryption using security parameters, or whether Encryption and/or decryption using extended IV is supported. If it is determined that the terminal device supports a 256-bit encryption algorithm or supports using security parameters or whether it supports encryption and/or decrypting using extended IV, security parameters can be generated.

How the core network device sends the security parameters can be implemented in various ways. For example, the core network device may send the security parameters to the terminal device in the NAS security mode command message in the NAS SMC process. Among them, in the NAS SMC process, the core network device can also indicate information such as integrity protection and confidentiality protection algorithms, so as to establish NAS security with the terminal device.

In addition, the core network device may directly send the security parameters, and may also send the identifiers of the security parameters or the parameters and algorithms used to generate the security parameters.

It should be noted that the above is just an example, and the core network device may also send the security parameters for encrypting and/or decrypting the NAS layer message to the terminal device through other processes.

In addition, in addition to sending security parameters, the core network device may also send parameters such as a key, a next-hop chain counter value, and next-hop information to the terminal device, which will not be described one by one here.

S602: The terminal device obtains security parameters.

As mentioned above, the terminal device can obtain the security parameters from the core network device, for example, obtain the security parameters through the NAS security mode command message in the NAS SMC process. Optionally, the terminal device sends a NAS security mode command completion message to the core network device.

S603: The terminal device encrypts the message to be sent according to the security parameter, the first count value, the first bearer identifier, the first direction information and the key, and/or according to the security parameter, the second count value, the second bearer identifier, the first The bidirectional information and the key decrypt the received message.

S604: The core network device encrypts the message to be sent according to the security parameter, the first count value, the first bearer identifier, the first direction information and the key, and/or according to the security parameter, the second count value, the second bearer identifier, The second direction information and the key decrypt the received message.

For example, for the same message, when the sender (core network device or terminal device) uses the key KEY to encrypt the plaintext block (including the message to be transmitted), it uses the security parameters, and the count value corresponding to the message, The bearer identification, direction information, and length are used as input parameters, and an encryption algorithm is used to generate a key stream block. The sender performs XOR calculation between the key stream block and the plaintext block to be sent to the receiver (terminal device or core network device) to obtain the ciphertext block, and then sends the ciphertext block to the receiver.

Correspondingly, the receiving end uses the parameter security parameter, the count value, bearer identifier, direction information and length corresponding to the message as input parameters, and uses the same encryption algorithm to generate a key stream block. The receiver performs XOR calculation between the key stream block and the ciphertext block from the sender, thereby recovering the plaintext block sent by the sender.

Among them, if the security parameter is used to encrypt and/or decrypt the NAS layer message, the key KEY is the encryption key of the NAS layer, COUNT=0x00||NAS COUNT; BEARER is the NAS link identifier; DIRECTION indicates the direction information, which identifies the upper and lower parts of the data row direction.

It should be noted that the execution order of S604 and S605 is not limited, and may be executed sequentially or simultaneously.

For the specific implementation process of S604 and S605, reference may be made to the foregoing description, which will not be repeated here.

Through the above method, the message to be sent is encrypted by using the security parameters at the NAS layer, and/or the received message is decrypted, so that the security of the NAS layer message can be improved and the risk of being cracked can be reduced.

Embodiment 4:

In the fourth embodiment, taking the network device as the core network device as an example, the terminal device and the core network device respectively generate security parameters according to the same method, in this case, the core network device does not need to send the security parameters to the terminal device. In the fourth embodiment, description is given by taking the example that the security parameter can be used for encrypting and/or decrypting NAS layer messages. Of course, if the AS layer message and the NAS layer message can be encrypted and/or decrypted using the same security parameter, then the security parameter can also be used to encrypt and/or decrypt the AS layer message. It will be described in detail below.

As shown in FIG. 7 , a schematic flowchart of a communication method provided by an embodiment of the present application is shown. In FIG. 7 , operations performed by the terminal device may also be performed by a chip or module inside the terminal device, and operations performed by the core network device may also be performed by a chip or module inside the core network device. Referring to Figure 7, the method includes:

Optionally, S701: The core network device sends a NAS security mode command message to the terminal device.

The NAS security mode command message may be used to instruct the NAS security mode command flow, wherein a 256-bit encryption algorithm may be indicated.

S702: The core network device obtains security parameters.

It should be noted that, if the AS layer message and the NAS layer message can be encrypted and/or decrypted by using the same security parameter, the core network device can also send the security parameter to the access network device.

S703: The terminal device obtains security parameters.

The core network device and the terminal device can respectively generate security parameters according to the shared parameters, and the specific process can refer to the foregoing description, which will not be repeated here.

Optionally, S704: The terminal device sends a NAS security mode completion message to the core network device.

S705: The terminal device encrypts the message to be sent according to the security parameter, the first count value, the first bearer identifier, the first direction information, and the key, and/or according to the security parameter, the second count value, the second bearer identifier, the first The bidirectional information and the key decrypt the received message.

S706: The core network device encrypts the message to be sent according to the security parameter, the first count value, the first bearer identifier, the first direction information and the key, and/or according to the security parameter, the second count value, the second bearer identifier, The second direction information and the key decrypt the received message.

It should be noted that the execution order of S705 and S706 is not limited, and may be executed sequentially or simultaneously.

For the specific implementation process of S705 and S706, reference may be made to the foregoing description, which will not be repeated here.

In the above method, the core network device and the terminal device can respectively generate the same security parameters according to the same parameters and methods, so the core network device does not need to send security parameters to the terminal device, thereby avoiding security parameter exposure and improving system security.

In the above embodiments provided by the present application, the methods provided by the embodiments of the present application are respectively introduced from the perspective of interaction between various devices. In order to implement the functions in the methods provided in the above embodiments of the present application, the core network device, the access network device, or the terminal device may include a hardware structure and/or a software module, and a hardware structure, a software module, or a hardware structure plus a software module form to achieve the above functions. Whether one of the above functions is performed in the form of a hardware structure, a software module, or a hardware structure plus a software module depends on the specific application and design constraints of the technical solution.

The division of modules in the embodiments of the present application is schematic, and is only a logical function division, and there may be other division manners in actual implementation. In addition, each functional module in each embodiment of the present application may be integrated into one processor, or may exist physically alone, or two or more modules may be integrated into one module. The above-mentioned integrated modules can be implemented in the form of hardware, and can also be implemented in the form of software function modules.

Similar to the above concept, as shown in FIG. 8 , an embodiment of the present application further provides an apparatus 800 for implementing the functions of the core network device or the access network device or the terminal device in the above method. For example, the apparatus may be a software module or a system-on-chip. In this embodiment of the present application, the chip system may be composed of chips, or may include chips and other discrete devices. The apparatus 800 may include: a processing unit 801 and a communication unit 802 .

In this embodiment of the present application, the communication unit may also be referred to as a transceiver unit, and may include a sending unit and/or a receiving unit, which are respectively configured to execute the data sent and received by the core network device or the access network device or the terminal device in the above method embodiments. step.

Hereinafter, the communication apparatus provided by the embodiments of the present application will be described in detail with reference to FIG. 8 to FIG. 9 . It should be understood that the description of the apparatus embodiment corresponds to the description of the method embodiment. Therefore, for the content not described in detail, reference may be made to the above method embodiment, which is not repeated here for brevity.

A communication unit may also be referred to as a transceiver, transceiver, transceiver, or the like. The processing unit may also be referred to as a processor, a processing single board, a processing module, a processing device, and the like. Optionally, the device for implementing the receiving function in the communication unit 802 may be regarded as a receiving unit, and the device for implementing the sending function in the communication unit 802 may be regarded as a transmitting unit, that is, the communication unit 802 includes a receiving unit and a transmitting unit. A communication unit may also sometimes be referred to as a transceiver, transceiver, or transceiver circuit, or the like. The receiving unit may also sometimes be referred to as a receiver, receiver, or receiving circuit, or the like. The transmitting unit may also sometimes be referred to as a transmitter, a transmitter, or a transmitting circuit, or the like.

When the communication apparatus 800 performs the function of the terminal device in the process shown in FIG. 5 in the above embodiment:

a communication unit, used to obtain security parameters; the security parameters are used to encrypt messages to be sent, and/or to decrypt received messages;

a processing unit, configured to encrypt the message to be sent according to the security parameter, the first count value, the first bearer identifier, the first direction information and the key, and/or according to the security parameter, the second count The value, the second bearer identification, the second direction information, and the key decrypt the received message.

The above are just examples, and the processing unit 801 and the communication unit 802 may also perform other functions. For more detailed descriptions, reference may be made to the related descriptions in the method embodiments shown in FIGS. 3 to 7 , which will not be repeated here.

FIG. 9 shows an apparatus 900 provided by an embodiment of the present application. The apparatus shown in FIG. 9 may be an implementation of a hardware circuit of the apparatus shown in FIG. 8 . The communication apparatus can be applied to the flow chart shown above to perform the functions of the terminal device or the network device in the above method embodiments. For convenience of explanation, FIG. 9 only shows the main components of the communication device.

As shown in FIG. 9 , the communication apparatus 900 includes a processor 910 and an interface circuit 920 . The processor 910 and the interface circuit 920 are coupled to each other. It can be understood that the interface circuit 920 can be a transceiver or an input-output interface. Optionally, the communication device 900 may further include a memory 930 for storing instructions executed by the processor 910 or input data required by the processor 910 to execute the instructions or data generated after the processor 910 executes the instructions.

When the communication apparatus 900 is used to implement the methods shown in FIGS. 3 to 7 , the processor 910 is used to implement the functions of the above-mentioned processing unit 801 , and the interface circuit 920 is used to implement the functions of the above-mentioned communication unit 802 .

When the above communication device is a chip applied to a terminal device, the terminal device chip implements the functions of the terminal device in the above method embodiments. The terminal device chip receives information from other modules (such as a radio frequency module or an antenna) in the terminal device, and the information is sent by the network device to the terminal device; or, the terminal device chip sends information to other modules (such as a radio frequency module or an antenna) in the terminal device antenna) to send information, the information is sent by the terminal equipment to the network equipment.

When the above communication device is a chip applied to a network device, the network device chip implements the functions of the network device in the above method embodiments. The network device chip receives information from other modules (such as a radio frequency module or an antenna) in the network device, and the information is sent by the terminal device to the network device; or, the network device chip sends information to other modules in the network device (such as a radio frequency module or an antenna). antenna) to send information, the information is sent by the network equipment to the terminal equipment.

It can be understood that the processor in the embodiments of the present application may be a central processing unit (Central Processing Unit, CPU), and may also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application-specific integrated circuits (Application Specific Integrated Circuit, ASIC), Field Programmable Gate Array (Field Programmable Gate Array, FPGA) or other programmable logic devices, transistor logic devices, hardware components or any combination thereof. A general-purpose processor may be a microprocessor or any conventional processor.

In the embodiment of the present application, the memory may be a random access memory (Random Access Memory, RAM), a flash memory, a read-only memory (Read-Only Memory, ROM), a programmable read-only memory (Programmable ROM, PROM), an erasable memory Programmable Read Only Memory (Erasable PROM, EPROM), Electrically Erasable Programmable Read Only Memory (Electrically Erasable Programmable Read Only Memory, EEPROM), registers, hard disks, removable hard disks, CD-ROMs or any other form of storage medium known in the art . An exemplary storage medium is coupled to the processor, such that the processor can read information from, and write information to, the storage medium. Of course, the storage medium can also be an integral part of the processor. The processor and storage medium may reside in an ASIC. Alternatively, the ASIC may be located in a network device or in an end device. The processor and storage medium may also exist as discrete components in a network device or terminal device.

As will be appreciated by those skilled in the art, the embodiments of the present application may be provided as a method, a system, or a computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, etc.) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the present application. It will be understood that each flow and/or block in the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to the processor of a general purpose computer, special purpose computer, embedded processor or other programmable data processing device to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing device produce Means for implementing the functions specified in a flow or flow of a flowchart and/or a block or blocks of a block diagram.

These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory result in an article of manufacture comprising instruction means, the instructions The apparatus implements the functions specified in the flow or flow of the flowcharts and/or the block or blocks of the block diagrams.

Obviously, those skilled in the art can make various changes and modifications to the present application without departing from the scope of the present application. Thus, if these modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is also intended to include these modifications and variations.

Claims

A communication method, comprising:

Obtaining security parameters; the security parameters are used for encrypting the message to be sent, and/or for decrypting the received message;

The message to be sent is encrypted according to the security parameter, the first count value, the first bearer identifier, the first direction information and the key, and/or according to the security parameter, the second count value, the second bearer The identification, the second direction information, and the key decrypt the received message.
The method according to claim 1, wherein the security parameter is a random number;

Alternatively, the security parameter is related to at least one of the following parameters:

Physical cell identifier; synchronization signal block index; temporary mobile user identifier; resource identifier; access network key; derivation secret key of the access network key; next hop chain counter value; next hop information.
The method according to claim 1 or 2, wherein the acquiring security parameters comprises:

receiving a configuration message from a network device, where the configuration message includes the security parameter, and the network device is an access network device or a core network device;

Alternatively, the security parameter is determined according to a shared parameter, where the shared parameter is a parameter known by both the terminal device and the network device.
The method according to claim 3, wherein the shared parameters include at least one of the following:

Physical cell identifier; synchronization signal block index; temporary mobile user identifier; resource identifier; access network key; derivation secret key of the access network key; next hop chain counter value; next hop information.
The method according to any one of claims 3 to 4, wherein the method is applied to a terminal device, and before the security parameter is determined according to the shared parameter, the method further comprises:

Receive an access stratum security mode command message or a radio resource control connection reconfiguration message.
The method according to any one of claims 1 to 4, wherein the method is applied to core network equipment;

Before obtaining the security parameter, the method further includes:

Make sure at least one of the following is true:

Determine to send a new next-hop chain counter value or next-hop information to the access network device;

Determine to send a new access network key;

Determine activation/change user plane security policy;

Determine to execute the non-access stratum security mode command process with the terminal device;

Determine to update the non-access stratum key;

It is determined to generate a core network key or to perform a level deduction of the core network key.
The method according to any one of claims 1 to 4, wherein the method is applied to an access network device;

Before obtaining the security parameter, the method further includes:

Make sure at least one of the following is true:

Determine to perform the access layer security mode command process or the radio resource control connection reconfiguration;

Receive a new next-hop chain counter value or next-hop information or access network key;

Update the access network key;

It is determined to send the next hop chain counter value or the next hop information or the access network key to other access network devices.
The method according to any one of claims 1 to 7, wherein the method is applied to an access network device or a core network device, and the method further comprises:

A configuration message is sent to the terminal device, the configuration message including the security parameter.
The method according to any one of claims 3, 6 to 8, wherein the configuration message is an access stratum security mode command message in an access stratum security mode command flow;

Alternatively, the configuration message is a RRC connection reconfiguration message in the RRC connection reconfiguration process;

Alternatively, the configuration message is a non-access stratum security mode command message in the non-access stratum security mode command flow.
A communication device, comprising:

a communication unit, used to obtain security parameters; the security parameters are used to encrypt messages to be sent, and/or to decrypt received messages;

a processing unit, configured to encrypt the message to be sent according to the security parameter, the first count value, the first bearer identifier, the first direction information and the key, and/or according to the security parameter, the second count value, the second bearer identification, the second direction information, and the key to decrypt the received message.
The device according to claim 10, wherein the security parameter is a random number;

Alternatively, the security parameter is related to at least one of the following parameters:

Physical cell identifier; synchronization signal block index; temporary mobile user identifier; resource identifier; access network key; derivation secret key of the access network key; next hop chain counter value; next hop information.
The device according to claim 10 or 11, characterized in that,

The communication unit is specifically used for:

receiving a configuration message from a network device, where the configuration message includes the security parameter, and the network device is an access network device or a core network device;

Alternatively, the processing unit is specifically configured to: determine the security parameter according to a shared parameter, where the shared parameter is a parameter known by both the terminal device and the network device.
The apparatus according to claim 12, wherein the shared parameter comprises at least one of the following:

Physical cell identifier; synchronization signal block index; temporary mobile user identifier; resource identifier; access network key; derivation secret key of the access network key; next hop chain counter value; next hop information.
The device according to any one of claims 12 to 13, wherein the communication device is a terminal device, and the communication unit is further configured to: before the processing unit determines the security parameter according to the shared parameter, Receive an access stratum security mode command message or a radio resource control connection reconfiguration message.
The device according to any one of claims 10 to 13, wherein the communication device is core network equipment;

The processing unit is further configured to: before obtaining the security parameter, determine that at least one of the following is satisfied:

Determine to send a new next-hop chain counter value or next-hop information to the access network device;

Determine to send a new access network key;

Determine activation/change user plane security policy;

Determine to execute the non-access stratum security mode command process with the terminal device;

Determine to update the non-access stratum key;

It is determined to generate a core network key or to perform a level deduction of the core network key.
The device according to any one of claims 10 to 15, wherein the communication device is an access network device;

The processing unit is further configured to: before obtaining the security parameter, determine that at least one of the following is satisfied:

Determine to perform the access layer security mode command process or the radio resource control connection reconfiguration;

Receive a new next-hop chain counter value or next-hop information or access network key;

Update the access network key;

It is determined to send the next hop chain counter value or the next hop information or the access network key to other access network devices.
The device according to any one of claims 10 to 16, wherein the communication device is an access network device or a core network device, and the communication unit is further configured to:

A configuration message is sent to the terminal device, the configuration message including the security parameter.
The apparatus according to any one of claims 12, 15 to 17, wherein the configuration message is an access stratum security mode command message in an access stratum security mode command flow;

Alternatively, the configuration message is a RRC connection reconfiguration message in the RRC connection reconfiguration process;

Alternatively, the configuration message is a non-access stratum security mode command message in the non-access stratum security mode command flow.
A communication device, comprising a processor, an interface circuit, and a memory;

The processor is configured to execute the computer program or instructions stored in the memory, so that the communication apparatus implements the method of any one of claims 1 to 9.
A computer-readable storage medium, characterized in that, a computer program or instruction is stored, and when the computer program or instruction is run on a computer, the computer is made to implement the method described in any one of claims 1 to 9. method.
A chip, characterized in that it includes a processor, which is coupled to a memory and used to execute computer programs or instructions stored in the memory, so that the chip implements any one of claims 1 to 9. Methods.
A computer program product, characterized by comprising computer-readable instructions, which, when executed on a computer, cause the computer to implement the method according to any one of claims 1 to 9.