CN101790168B - Method for commanding initial security modes of network attached storage (NAS) and automatic scanning (AS) - Google Patents
Method for commanding initial security modes of network attached storage (NAS) and automatic scanning (AS) Download PDFInfo
- Publication number
- CN101790168B CN101790168B CN201010110292.6A CN201010110292A CN101790168B CN 101790168 B CN101790168 B CN 101790168B CN 201010110292 A CN201010110292 A CN 201010110292A CN 101790168 B CN101790168 B CN 101790168B
- Authority
- CN
- China
- Prior art keywords
- message
- nas
- layer
- enodeb
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention relates to a method for commanding the initial security modes of network attached storage (NAS) and automatic scanning (AS), which is applied to Ethernet-universal terrestrial radio access network (E-UTRAN) in a long term evolution (LTE) system. The method comprises the following steps of: requesting a mobile management entity (MME) to reply the security algorithm and the Replayed field information of an NAS layer to evolution node B (eNode B) after the eNode B accomplishes the authentication for user equipment (UE); notifying the security algorithm of the local AS layer and the received security algorithm and the Replayed field information of the NAS layer to the UE through a Security Mode Command message after the eNode B receives the security algorithm and the Replayed field information; and carrying out integrity protecting verification and Replayed field comparison on the message by using the UE after the UE receives the message, if the integrity protecting verification is passed and the values of Replayed fields are consistent with the values of the corresponding fields in the attached request, activating the security modes of the AS layer and the NAS layer. With the method, the system resources can be saved.
Description
Technical field
The present invention relates to mobile communication technology, particularly relate to the method for a kind of NAS (Non-Access Stratum, NAS) and AS (Access Stratum, AS) initial safe mode command procedure.
Background technology
LTE (Long Term Evolution, mobile communication Long Term Evolution) grid side E-UTRAN (Evolved Universal Terrestrial Radio Access, evolved universal terrestrial radio access network) by base station equipment eNodeB (enode b) and equipment of the core network MME (Mobility ManagementEntity, mobile management entity) form, subscriber terminal equipment (User Equipment, UE) carries out the mutual of signaling and data by wireless air interface and eNodeB and MME.
In LTE protocol framework, protocol layer has been divided into Non-Access Stratum and Access Layer.Safety protecting mechanism in LTE system have employed different security mode command procedure to activate respective integrality and encryption function in Non-Access Stratum and Access Layer.The security mode command procedure of AS is configured with the security algorithm in RRC (RadioResource Control, radio resource control) signaling and user face, and the security mode command procedure of NAS is configured with the security algorithm of NAS signaling.
The initial safe mode command procedure carried out between UE and E-UTRAN is as follows:
(1) UE initiates ATTACH (attachment) request, and the AS layer triggering UE initiates RRC connection establishment process;
(2), after the AS layer of UE completes RRC connection establishment process, by E-UTRAN, authentication is carried out to UE, and issue authentication message; Carry out authentication calculations after UE receives authentication message and obtain key, and return authentication response message to E-UTRAN;
(3) E-UTRAN starts the initial safe mode command procedure carrying out AS layer;
The initial safe mode command procedure of AS layer, comprises the following steps:
The eNodeB of step 1:E-UTRAN side sends SecurityModeCommand (safe mode command) message by eating dishes without rice or wine to UE, wherein carry the parameters such as the security algorithm of the local AS layer preset, protection algorithm integrallty (integrityProtAlgorithm) and cryptographic algorithm in this security algorithm, can be comprised;
After step 2:UE receives SecurityModeCommand message; request bottom PDCP (PacketData Convergence Protocol; PDCP) integrity protection check is carried out to this message, checking algorithm adopts the integrityProtAlgorithm carried in SecurityModeCommand message:
If verification is passed through, bottom is then indicated to send SecurityModeComplete (safe mode completes) message to eNodeB, and integrity protection is carried out to this message, and follow-up, integrity protection and encryption are carried out to the message mutual with eNodeB and data, now think that the safe mode of AS layer activates;
If verification is not passed through, instruction bottom transmits SecurityModeFailure (safe mode failure) message to eNodeB, and does not use the follow-up message mutual with eNodeB and data and encrypt and integrity protection, AS safe activation procedure failure.
(4) E-UTRAN starts the initial safe mode command procedure carrying out NAS layer;
The initial safe mode command procedure of NAS layer, comprises the following steps:
The MME of step 1:E-UTRAN side sends SECURITY MODECOMMAND (safe mode command) message by eating dishes without rice or wine to UE; which kind of safe context is specified in this message to use carry out integrity protection and encipherment protection to NAS message; and use the instruction of Kasme field to need EPS (Evolved Packet System, the evolved packet system) safe context coming into operation or revise.MME only carries out integrity protection to SECURITY MODE COMMAND message and does not encrypt;
Step 2:UE asks bottom PDCP to carry out integrity protection check to this message after receiving SECURITY MODE COMMAND message;
The IE (Information Element, information element) " Replayed " that carries in message checks for UE and passes through to adhere to ask to send to whether MME's is consistent before.If the integrity checking of UE to SECURITYMODE COMMAND message passes through, and above-mentioned Replayed UE securitycapabilities and Replayed NONCEUE (will use during mapped safe context and check) ask UE security capabilities and NONCEUE sending to MME consistent respectively with by adhering to, then verification is passed through.
In verification by rear, UE needs the safe context using MME to specify, and sends SECURITY MODE COMPLETE message to MME, and carries out integrity protection and encryption to this message, now thinks that the safe mode of NAS layer activates.In addition, as MME carries IMEISV request (IMEI (International MobileEquipment Identity sending in SECURITYMODE COMMAND message, International Mobile Equipment Identity code) version request), then UE also needs the version information carrying IMEI in the SECURITY MODE COMPLETE message replying to MME.
If UE does not accept SECURITY MODE COMMAND, (namely the integrity checking of UE to SECURITYMODE COMMAND message does not pass through, or above-mentioned Replayed UE securitycapabilities asks the UE security capabilities sending to MME inconsistent with by adhering to, correspondingly can return cause value #23 and represent UE security capabilities mismatch (UE parameter is not mated), or #24 represents security mode rejected, unspecified (MAC (Media AccessControl, medium access control) check unsuccessfully)), then reply SECURITY MODEREJECT message to MME, and do not need to carry out integrity protection to this message.UE and MME uses the EPS safe context before failed SECURITY MODE COMPLETE code by recovering.
After initial safe mode command procedure completes, UE and E-UTRAN continues the reciprocal process performing follow-up idle message.
In sum, can find out in NAS and AS initial safe mode command procedure, UE carries out space interface signaling alternately with E-UTRAN many times, wastes system resource.
Summary of the invention
The technical problem to be solved in the present invention is to provide a kind of method of NAS and AS initial safe mode command procedure, to simplify the mutual and process of space interface signaling between UE and E-UTRAN.
For solving the problem, the invention provides a kind of method of NAS and AS initial safe mode command procedure, being applied to the E-UTRAN in LTE system, comprising:
Enode b (eNodeB) is after completing the authentication to subscriber equipment (UE), and request mobile management entity (MME) replys security algorithm and the Replayed field information of NAS layer to described eNodeB; After described eNodeB receives the security algorithm of described NAS layer, by SecurityModeCommand message, the AS layer security algorithm of this locality and the NAS layer security algorithm received and Replayed field information are informed to UE; After UE receives, successively integrity protection check is carried out to this message and Replayed field compares, as integrity protection check by and the value of Replayed field ask with attachment in the value of corresponding field consistent, then the safe mode of activation AS layer and NAS layer.
Further, said method also can comprise:
Judge described SecurityModeCommand message by integrity protection check and the value of Replayed field with attachment ask in value consistent after, described UE sends the SecurityModeComplete message of carrying and representing the Status Flag that NAS layer safe mode has activated to described eNodeB, and carries out integrity protection to this message; After described eNodeB receives, notify that the AS layer of described this UE of MME and the safe mode of NAS layer activate.
Further, said method also can have following characteristics:
As described in carry International Mobile Equipment Identity code (IMEI) version request in SecurityModeCommand message, then described UE adds IMEI version information in the described SecurityModeComplete message sent to described eNodeB.
Further, said method also can comprise:
If described SecurityModeCommand message is not by integrity protection check, then described UE sends SecurityModeFailure message to described eNodeB.
Further, said method also can comprise:
Described eNodeB, after receiving described SecurityModeFailure message, initiates the initial safe mode command procedure of AS layer and NAS layer again.
Further, said method also can comprise:
If described UE judge the value of Replayed field and described value of adhering to the corresponding field in asking inconsistent, then send the SecurityModeComplete message of carrying and representing the unactivated Status Flag of NAS layer safe mode to described eNodeB, and integrity protection is carried out to this message;
After described eNodeB receives, notify the security mode command procedure failure of the NAS layer of described this UE of MME.
Further, said method also can have following characteristics:
Described UE carries evolved packet system mobile management (EMM) cause field in the described SecurityModeComplete message sent to described eNodeB, is used to indicate the reason of NAS secure mode active failure.
Further, said method also can comprise:
Described MME, after the security mode command procedure failure of NAS layer knowing described UE, initiates NAS security mode command procedure to described UE again.
Further, said method also can have following characteristics:
Described eNodeB is after the security algorithm receiving described NAS layer, described UE is sent to refer to the AS layer security algorithm of this locality and the NAS layer security algorithm received by described SecurityModeCommand message: described eNodeB more described AS layer security algorithm and described NAS layer security algorithm, as the two is consistent, then by described SecurityModeCommand message, described AS layer security algorithm is sent to described UE.
Further, said method also can have following characteristics:
Described UE carries out integrity protection check to the described SecurityModeCommand message received and refers to: described UE utilizes the AS layer security algorithm carried in described SecurityModeCommand message to carry out integrity protection check to described SecurityModeCommand message.
Compared with prior art; the present invention is by merging into a process by NAS and the AS initial safe mode command procedure originally sent respectively; simplify the Signalling exchange of eating dishes without rice or wine between upper E-UTRAN and UE; decrease the operations such as the corresponding integrity protection check of UE simultaneously, save system resource.
Accompanying drawing explanation
Fig. 1 is the Signalling exchange flow process of NAS and AS initial safe mode command procedure successful instance between UE and E-UTRAN in the embodiment of the present invention;
Fig. 2 is the Signalling exchange flow process of NAS and AS initial safe mode command procedure failure scenarios between UE and E-UTRAN in the embodiment of the present invention;
Embodiment
Below in conjunction with drawings and Examples, technical scheme of the present invention is described in detail.
The basic conception of the method for the invention is: the eNodeB of E-UTRAN side, after completing the authentication to UE, replys security algorithm (comprising cryptographic algorithm and the protection algorithm integrallty of NAS layer) and the Replayed field information of NAS layer to MME request; After eNodeB receives, by SecurityModeCommand message, the AS layer security algorithm of this locality and the NAS layer security algorithm received and Replayed field information are sent to UE; After UE receives, integrity protection check is carried out to this message and Replayed field compares, as integrity protection check by and the value of Replayed field ask with attachment in the value of respective field consistent, then the safe mode of activation AS layer and NAS layer.Wherein, this attachment request is ATTACH (attachment) request of UE in the attaching process of initiating to E-UTRAN side.
Judge SecurityModeCommand message by integrity protection check and the value of Replayed field ask with attachment in the value of respective field consistent after, UE also needs to send the SecurityModeComplete message of carrying and representing the Status Flag that NAS layer safe mode has activated to eNodeB, and carries out integrity protection to this message; After eNodeB receives, the AS layer of this UE of notice MME and the safe mode of NAS layer activate.
If SecurityModeCommand message is not by integrity protection check, then UE sends SecurityModeFailure message to eNodeB.After eNodeB receives, the initial safe mode command procedure of again initiating AS and NAS can be selected.
If UE judge SecurityModeCommand message by integrity protection check and the value of Replayed field and attachment ask in the value of respective field inconsistent, then UE also needs to send the SecurityModeComplete message of carrying and representing the unactivated Status Flag of NAS layer safe mode to eNodeB, and carries out integrity protection to this message; After eNodeB receives, the security mode command procedure failure of the NAS layer of this UE of notice MME.
Concrete, the method for NAS and AS initial safe mode command procedure comprises the following steps:
1, when the initial safe mode command procedure of UE and E-UTRAN occurs, UE completes the authentication process with E-UTRAN, after obtaining the keys such as Kasme, NAS security information is sent to eNodeB by the MME of E-UTRAN under the request of eNodeB, wherein at least comprise the protection algorithm integrallty of NAS layer, cryptographic algorithm and Replayed UE security capabilities, can also comprise: the key of selection arranges instruction and (is used to indicate UE and uses which cover key, and the type of key is in standard or other standards map the safe context of coming) and/or IMEISV request field,
2, after eNodeB receives the NAS security information that MME sends, the security algorithm selected compares with the local AS layer security algorithm preset, if identical, then AS layer security algorithm field be can only comprise sending to the SecurityModeCommand message of UE, otherwise AS layer security algorithm field and NAS layer security algorithm field comprised in this message.In addition, the key that can increase the selection of NAS at this message rear portion arranges instruction, Replayed UE security capabilities and IMEISVrequest field information;
3, after UE receives SecurityModeCommand message, request bottom PDCP carries out integrity protection check to this message, and checking algorithm adopts the integrityProtAlgorithm in the AS layer security algorithm field of carrying in SecurityModeCommand;
If 4 integrity protection check pass through, the security related information of NAS layer is transmitted to NAS layer by the AS layer of UE, otherwise performs step 7;
5, NAS layer is as errorless in judged Replayed UE securitycapabilities in the security information that NAS layer is correlated with and Replayed nonceUE (will use during mapped safe context and check), then use the safe context that in NAS layer security information, MME specifies, and return NAS safe mode command success message to AS layer, and add IMEISV information according to the requirement of network side, otherwise return safe mode command failed message to AS layer;
6, the message that returns according to NAS layer of AS layer; integrity protection is carried out to SecurityModeComplete message; and accordingly by representing that the Status Flag whether NAS safe mode activates is included in after in message field, this message is sent to E-UTRAN, then perform step 8.If need additional IMEISV information, then additional IMEISV information field after this message.
Wherein, when the value of Status Flag is True, can represent that NAS security process activates successfully; When the value of Status Flag is False, can represent that NAS security process activates unsuccessfully.
If NAS safe activation identifies successfully, additional IMEISV information field can be selected.
If NAS safe activation identifies unsuccessfully, EMM (EPS Mobility Management, EPS Mobility Management) cause field need be added.
7, AS does not use encryption and integrity protection, and instruction bottom transmits SecurityModeFailure message to eNodeB, safe activation procedure failure.
8, the message that sends according to UE of E-UTRAN, judge whether to need to reactivate AS layer and NAS layer, or activate separately the safe mode of NAS layer, namely when receive SecurityModeComplete message and judge to carry in this message represent NAS safe mode unactivated Status Flag time, then can select the safe mode activating separately NAS layer, Activiation method can adopt the security mode command procedure of NAS layer in prior art; When receive SecurityModeComplete message and judge to carry in this message represent Status Flag that NAS safe mode activated time, then represent the security mode command procedure having activated AS layer and NAS layer; As received SecurityModeFailure message, then can select to reactivate AS layer and NAS layer security mode command procedure.
Be illustrated further with two methods example of the present invention below.
As shown in Figure 1, following steps are comprised under NAS and AS initial safe mode command procedure successful instance between UE and E-UTRAN:
Step 1:E-UTRAN prepares to initiate NAS and AS initial safe mode command procedure, and eNodeB sends message to MME, and request MME sends NAS security information to eNodeB;
NAS security information is fed back to eNodeB by step 2:MME;
Step 3:eNodeB merges the security information of NAS and AS, the algorithm selected compares with AS layer security algorithm, if identical, then only comprise AS layer algorithm field at idle message signaling SecurityModeCommand, otherwise AS layer security algorithm field and NAS security algorithm field will be comprised respectively;
Step 4:eNodeB sends above-mentioned idle message SecurityModeCommand to UE;
After the RRC module of step 5:UE receives SecurityModeCommand, request PDCP module carries out integrity protection check to this message, the integrityProtAlgorithm in the AS layer security algorithm carried in checking algorithm SecurityModeCommand;
Step 6: judge that whether integrity protection check is successful, if success, enter step 7;
The NAS security related information field of carrying in SecurityModeCommand is sent to EMM module by step 7:RRC module;
Step 8:EMM judges that whether Replayed UE security capabilities and ReplayednonceUE (will use during mapped safe context and check) in field be correct, if correct, enters step 9;
Step 9:EMM sends NAS analysis success message to RRC, informs the success of NAS analysis process, if there is the IMEISV field of network side request, attaches IMEISV information to RRC;
Step 10:RRC sends idle message SecurityModeComplete message to eNodeB, and comprise NAS safe activation mark in message, its value is set to True, mark NAS and AS safe mode all successful activation.If the IMEISV information having EMM to send, then additional IMEISV information field after this message;
Step 11:eNodeB judges after receiving SecurityModeComplete message whether NAS safe activation mark is True, if it is sends message informing MME NAS security process and activates successfully, if there is IMEISV information, will attach this information to MME.
As shown in Figure 2, following steps are comprised under NAS and AS initial safe mode command procedure failure scenarios between UE and E-UTRAN:
Step 1:E-UTRAN prepares to initiate NAS and AS initial safe mode command procedure, and eNodeB sends message to MME, and request MME sends NAS security information to eNodeB;
NAS security information is sent to eNodeB by message by step 2:MME;
Step 3:eNodeB merges the security information of NAS and AS, the algorithm selected compares with AS layer security algorithm, if identical, then only comprise AS layer algorithm field at idle message signaling SecurityModeCommand, otherwise AS layer security algorithm field and NAS security algorithm field will be comprised respectively;
Step 4:eNodeB sends above-mentioned idle message SecurityModeCommand to UE;
The RRC module of step 5:UE receives SecurityModeCommand, and request PDCP module carries out integrity protection check to this message, the integrityProtAlgorithm in the AS layer security algorithm carried in checking algorithm SecurityModeCommand;
Step 6: judge that whether integrity protection check is successful, if failure, enter step 7, if success, enter step 9;
Step 7:RRC sends SecurityModeFailure message to eNodeB, informs security mode command procedure failure;
Step 8:eNodeB prepares again to initiate NAS and AS security mode command procedure next time.This security mode command procedure terminates;
The security related information field of the NAS layer carried in SecurityModeCommand is sent to EMM module by step 9:RRC module;
Step 10:EMM judges that whether Replayed UE security capabilities in field and Replayed nonceUE (will use during mapped safe context and check) is correct, if failure, enters step 11;
Step 11:EMM sends NAS analysis failed message to RRC, informs NAS analysis procedure failure, and the additional safe failure cause of EMM;
Step 12:RRC sends idle message SecurityModeComplete message to eNodeB, and comprise NAS safe activation mark in message, its value is set to False, the failure of mark NAS layer secure mode active.And additional EMM cause field informing network side failure cause;
Step 13:eNodeB judges after receiving SecurityModeComplete message that NAS safe activation identifies, if False then sends message informing MME NAS, security process activates unsuccessfully, and additional EMM cause reason is to MME;
Step 14:MME receive rear according to failure cause prepare again initiate NAS security mode command procedure next time, this NAS and AS security mode command procedure terminates.
Certainly; the present invention also can have other various embodiments; when not deviating from the present invention's spirit and essence thereof; those of ordinary skill in the art are when making various corresponding change and distortion according to the present invention, but these change accordingly and are out of shape the protection range that all should belong to the claim appended by the present invention.
Claims (9)
1. the method for a Non-Access Stratum (NAS) and Access Layer (AS) initial safe mode command procedure, be applied to the evolved universal terrestrial radio access network (E-UTRAN) in Long Term Evolution (LTE) system, it is characterized in that
Enode b (eNodeB) is after completing the authentication to subscriber equipment (UE), and request mobile management entity (MME) replys security algorithm and the Replayed field information of NAS layer to described eNodeB; Described eNodeB receives the security information of rear merging NAS and AS, by SecurityModeCommand message, the AS layer security algorithm of this locality and the NAS layer security algorithm received and Replayed field information is informed to UE; After UE receives, successively integrity protection check is carried out to this message and Replayed field compares, as integrity protection check by and the value of Replayed field ask with attachment in the value of corresponding field consistent, then the safe mode of activation AS layer and NAS layer,
Wherein, described eNodeB is after the security algorithm receiving described NAS layer, described UE is sent to refer to the AS layer security algorithm of this locality and the NAS layer security algorithm received by described SecurityModeCommand message: described eNodeB more described AS layer security algorithm and described NAS layer security algorithm, as the two is consistent, then by described SecurityModeCommand message, described AS layer security algorithm is sent to described UE.
2. the method for claim 1, is characterized in that, also comprises:
Judge described SecurityModeCommand message by integrity protection check and the value of Replayed field with attachment ask in value consistent after, described UE sends the SecurityModeComplete message of carrying and representing the Status Flag that NAS layer safe mode has activated to described eNodeB, and carries out integrity protection to this message; After described eNodeB receives, notify that the AS layer of described this UE of MME and the safe mode of NAS layer activate.
3. method as claimed in claim 2, is characterized in that,
As described in carry International Mobile Equipment Identity code (IMEI) version request in SecurityModeCommand message, then described UE adds IMEI version information in the described SecurityModeComplete message sent to described eNodeB.
4. as the method in claims 1 to 3 as described in any one, it is characterized in that, also comprise:
If described SecurityModeCommand message is not by integrity protection check, then described UE sends SecurityModeFailure message to described eNodeB.
5. method as claimed in claim 4, is characterized in that, also comprise:
Described eNodeB, after receiving described SecurityModeFailure message, initiates the initial safe mode command procedure of AS layer and NAS layer again.
6. method as claimed in claim 4, is characterized in that, also comprise:
If described UE judge the value of Replayed field and described value of adhering to the corresponding field in asking inconsistent, then send the SecurityModeComplete message of carrying and representing the unactivated Status Flag of NAS layer safe mode to described eNodeB, and integrity protection is carried out to this message;
After described eNodeB receives, notify the security mode command procedure failure of the NAS layer of described this UE of MME.
7. method as claimed in claim 6, is characterized in that,
Described UE carries evolved packet system mobile management (EMM) cause field in the described SecurityModeComplete message sent to described eNodeB, is used to indicate the reason of NAS secure mode active failure.
8. method as claimed in claims 6 or 7, is characterized in that, also comprise:
Described MME, after the security mode command procedure failure of NAS layer knowing described UE, initiates NAS security mode command procedure to described UE again.
9. the method for claim 1, is characterized in that,
Described UE carries out integrity protection check to the described SecurityModeCommand message received and refers to: described UE utilizes the AS layer security algorithm carried in described SecurityModeCommand message to carry out integrity protection check to described SecurityModeCommand message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010110292.6A CN101790168B (en) | 2010-02-01 | 2010-02-01 | Method for commanding initial security modes of network attached storage (NAS) and automatic scanning (AS) |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010110292.6A CN101790168B (en) | 2010-02-01 | 2010-02-01 | Method for commanding initial security modes of network attached storage (NAS) and automatic scanning (AS) |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101790168A CN101790168A (en) | 2010-07-28 |
| CN101790168B true CN101790168B (en) | 2015-05-20 |
Family
ID=42533166
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010110292.6A Active CN101790168B (en) | 2010-02-01 | 2010-02-01 | Method for commanding initial security modes of network attached storage (NAS) and automatic scanning (AS) |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101790168B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012055114A1 (en) * | 2010-10-29 | 2012-05-03 | Nokia Siemens Networks Oy | Security of user plane traffic between relay node and radio access network |
| US10924914B2 (en) * | 2015-08-07 | 2021-02-16 | Sharp Kabushiki Kaisha | Terminal device, MME, communication control method for terminal device, and communication control method for MME |
| CN108702624B (en) * | 2016-01-05 | 2021-02-23 | 华为技术有限公司 | Mobile communication method, device and equipment |
| ES2788074T3 (en) * | 2017-10-02 | 2020-10-20 | Ericsson Telefon Ab L M | Security in the access layer in a wireless communication system |
| CN110972135A (en) * | 2018-09-28 | 2020-04-07 | 华为技术有限公司 | Secure communication method, encrypted information determination method and device |
| US11310661B2 (en) * | 2020-02-14 | 2022-04-19 | Mediatek Inc. | Security key synchronization method and associated communications apparatus |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101242629A (en) * | 2007-02-05 | 2008-08-13 | 华为技术有限公司 | Method, system and device for selection algorithm of user plane |
| CN101483516A (en) * | 2008-01-07 | 2009-07-15 | 华为技术有限公司 | Security control method and system thereof |
-
2010
- 2010-02-01 CN CN201010110292.6A patent/CN101790168B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101242629A (en) * | 2007-02-05 | 2008-08-13 | 华为技术有限公司 | Method, system and device for selection algorithm of user plane |
| CN101483516A (en) * | 2008-01-07 | 2009-07-15 | 华为技术有限公司 | Security control method and system thereof |
Non-Patent Citations (2)
| Title |
|---|
| (Release 8).《3GPP TS 33.401 V8.6.0》.2009,第7.2.4.4-7.2.4.5节. * |
| 3GPP TSG Services and System Aspects.3GPP System Architecture Evolution (SAE):Security architecture * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101790168A (en) | 2010-07-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10419938B2 (en) | Mobile communication method, apparatus, and device | |
| CN109716810B (en) | Authorization verification method and device | |
| CN109802809B (en) | Network access method, terminal equipment and network equipment | |
| US8600353B2 (en) | Methods and arrangements for communication channel re-establishment | |
| CN115278658A (en) | Method for integrity protection of user plane data | |
| CN101790168B (en) | Method for commanding initial security modes of network attached storage (NAS) and automatic scanning (AS) | |
| CN108605225B (en) | Safety processing method and related equipment | |
| CN109922474B (en) | Method for triggering network authentication and related equipment | |
| US8995664B2 (en) | Security in wireless communication system and device | |
| WO2018227638A1 (en) | Communication method and apparatus | |
| US20230254695A1 (en) | Method and apparatus for network security | |
| WO2020056433A2 (en) | SECURE COMMUNICATION OF RADIO RESOURCE CONTROL (RRC) REQUEST OVER SIGNAL RADIO BEARER ZERO (SRBo) | |
| WO2017132962A1 (en) | Security parameter transmission method and related device | |
| US9002324B2 (en) | Mobile communication method and mobile management node | |
| EP3410635B1 (en) | Method and device for radio bearer security configuration | |
| US11546887B2 (en) | Information transmission method and apparatus, and computer storage medium | |
| US20220015030A1 (en) | Data Transmission Method and Apparatus | |
| US20230370292A1 (en) | Session establishment method and apparatus, access network device and storage medium | |
| CN112788795B (en) | Connection recovery method and device | |
| WO2015106387A1 (en) | Key verification method, base station, user device and core network element | |
| CN114208240B (en) | Data transmission method, device and system | |
| WO2021026875A1 (en) | Data transmission method and apparatus | |
| WO2020042040A1 (en) | Method and device for early transmission of downlink data | |
| CN115250469A (en) | Communication method and related device | |
| CN112672339A (en) | Terminal capability information notification method, terminal and base station |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |