Embodiment
Hereinafter also describe in conjunction with the embodiments the present invention in detail with reference to accompanying drawing.Need to prove that in the situation of not conflicting, embodiment and the feature among the embodiment among the application can make up mutually.
Fig. 1 is the flow chart according to the method that rebulids connection of the embodiment of the invention.As shown in Figure 1, the method comprises:
Step S102, UE was switched to the failure of the second base station by the first base station after, the second base station received the connection re-establishment that comes from described UE and finishes message;
Step S104, the second base station is finished message to the connection re-establishment that receives and is carried out first safety detection;
Step S106, in the unsanctioned situation of safety detection first, described the second base station uses the security parameter of described the first base station that message is finished in described connection re-establishment again to carry out safety detection;
Step S108 after safety detection is passed through again, sets up described the second base station and is connected the connection of UE.
By above-mentioned processing procedure, because UE is switched to the failure of the second base station by the first base station after, connection re-establishment is finished message first in the obstructed situation of safety detection, utilized the security parameter of the first base station that the technological means that message detects is again finished in connection re-establishment, therefore, can solve message safety is finished in connection re-establishment being detected and the problem such as not pass through of causing owing to the security parameter of source station and Target Station is inconsistent, thereby improve the success rate that UE re-establishes the connection.
In order to make UE and the second base station after connecting, improve the mutual efficient of subsequent message, after step S108, namely set up described the second base station and be connected after the connection of UE, can also comprise following processing procedure: the second base station sends reconfiguration message to described UE, wherein, reconfiguration message is used for the security parameter of the second base station is disposed to UE; The second base station is carried out safety detection according to the security parameter of the second base station to the message that comes from UE.
In step S104, the second base station is finished message to the connection re-establishment that receives and carried out first safety detection, comprising: the second base station utilizes the security parameter of the second base station that message is finished in connection re-establishment to carry out first safety detection.
The mode that above-mentioned the second base station obtains the security parameter of the first base station has multiple, for example can in the second base station, dispose in advance, in a preferred embodiment of the present invention, can also obtain in the following manner: before UE switches to the second base station by the first base station, the second base station receives the handover request message that comes from the first base station, wherein, this handover request message carries the security parameter of the first base station.
The type of above-mentioned security parameter can include but not limited to: integrity protection and cryptographic algorithm parameter.
The above-mentioned method that rebulids connection can be applied to one of following handoff procedure: handoff procedure between X2 handoff procedure, S1 handoff procedure, wireless access type RAT.
A kind of system that rebulids connection also is provided in the present embodiment, has been used for realizing above-described embodiment and preferred implementation, carried out repeating no more of explanation, the below describes relating to module in this device.As used below, the combination of software and/or the hardware of predetermined function can be realized in term " module ".Although the described device of following examples is preferably realized with software, hardware, perhaps the realization of the combination of software and hardware also may and be conceived.Fig. 2 is the structured flowchart according to the system that rebulids connection of the embodiment of the invention.As shown in Figure 2, this system comprises: the first base station 20 and the second base station 22, and wherein, the second base station 22 comprises:
Receiver module 220 is connected to detection module 222, is used for receiving the connection re-establishment that comes from described UE and finishing message UE24 is switched to the failure of the second base station by the first base station after;
Detection module 222, be connected to connect and set up module 224, be used for that message is finished in the connection re-establishment that receives and carry out first safety detection, and in the unsanctioned situation of safety detection first, use the security parameter of the first base station 20 that message is finished in connection re-establishment and again carry out safety detection;
Connect and set up module 224, be used for after safety detection is passed through again, setting up the connection of being connected with UE in the second base station 22.
Preferably, as shown in Figure 3, above-mentioned the second base station 22 can also comprise: sending module 226, be used for sending reconfiguration message to UE24, and wherein, this reconfiguration message is used for the security parameter of the second base station 22 is disposed to UE24; Above-mentioned detection module 222 also is used for according to the security parameter of the second base station the message that comes from described UE being carried out safety detection.
Above-mentioned receiver module 220 also is used for receiving the handover request message that comes from the first base station 20, and wherein, this handover request message carries the security parameter of the first base station 20.
Above-mentioned security parameter comprises: integrity protection and cryptographic algorithm parameter.
Said system can be applied to one of following handoff procedure: handoff procedure between X2 handoff procedure, S1 handoff procedure, wireless access type RAT.
Need to prove that " first " " second " in above-described embodiment distinguish the base station only for sake of convenience, do not consist of the restriction to the base station.And the first base station can show as source base station (or being called the source station) in the specific implementation in above-described embodiment, and the second base station can show as target BS (or being called Target Station) in the specific implementation.
In order to understand better above-described embodiment, describe in detail below in conjunction with specific embodiment.The main thought of following examples is, when RRC that Target Station receives UE re-establish finish message after, at first use the integrity protection of Target Station and cryptographic algorithm to carry out guarantor and encryption detection, if detect successfully, then UEC this time RRC re-establish successfully; If detect unsuccessful, the complete guarantor of Target Station use source station and cryptographic algorithm are finished message to the RRC reprovision and are detected, Target Station is initiated RRC reprovision flow process afterwards, the security parameters such as complete guarantor's algorithm of Target Station and cryptographic algorithm are disposed to UE, after utilizing this reprovision flow process to finish configuration to UE, UE and Target Station are brought into use complete guarantor and the cryptographic algorithm of Target Station configuration.UE carries out the success rate that RRC re-establishes at Target Station when having improved handoff failure by such mode.
Embodiment one
Present embodiment occurs in the X2 handoff procedure re-establishes in the flow process of Target Station side and describes as example.Concrete scheme is as follows:
The first step: UE is by measurement report (MEASUREMENT REPORT) information reporting measurement result.
Second step: source eNodeB base station to determine need to initiate to switch, and sends handover request (HANDOVER REQUEST) message to target eNode B, has carried complete guarantor algorithm and the cryptographic algorithm parameter of UE in the source station in this message.
The 3rd step: the success of target eNode B distributing radio resource also sends switching request response (HANDOVER REQUEST ACKNOWLEDGE) message to source eNodeB.
The 4th step: the source station sends RRC and reshuffles (CONNECTION RECONFIGURATION) message to UE, has carried target eNode B in the message and has disposed Radio Resource to UE.
After the 5th step: UE receives RRC and reshuffles (CONNECTION RECONFIGURATION) message, carry out the reprovision action, because a variety of causes causes the reprovision failure, UE rolls back to source eNodeB configuration data, and simultaneously UE decision-making is initiated RRC at Target Station and re-established process.
The 6th step: UE sends RRC connection reconstruction request (CONNECTION REESTABLISHMENT REQUEST) message to target eNode B.
The 7th step: the target eNode B station sends RRC connection reconstruction (CONNECTION REESTABLISHMENT) message to UE.
The 8th step: UE sends the RRC connection re-establishment and finishes (CONNECTION REESTABLISHMENT) COMPLETE) message is to target eNode B, and what the use of (CONNECTION REESTABLISHMENT COMPLETE) message was finished in UE transmission RRC connection re-establishment is complete guarantor and the cryptographic algorithm of source station.
The 9th step: target eNode B need to be finished to the RRC connection re-establishment (CONNECTION REESTABLISHMENT COMPLETE) message and be encrypted and complete guarantor's algorithm detection, Target Station at first uses complete guarantor and the cryptographic algorithm of target to detect, if detect unsuccessfully, what expression UE used is complete guarantor and the cryptographic algorithm of source eNodeB, complete guarantor and cryptographic algorithm process safety detection that the UE that then the source station band is come in the target eNode B use second step uses at source eNodeB, detection is passed through, and UE re-establishes successfully at the RRC of target eNode B side.
The tenth step: target eNode B sends RRC and connects and reshuffle (CONNECTION RECONFIGURATION) message to UE, and complete guarantor and the cryptographic algorithm of target eNode B disposed to UE.
The 11 step: UE receive RRC connect reshuffle (CONNECTION RECONFIGURATION) message after, receive the configuration of new complete guarantor and cryptographic algorithm, and send RRC and connect to reshuffle and finish (CONNECTION RECONFIGURATION COMPLETE) to the target eNode B station, so far the follow-up message of UE and Target Station is used the complete guarantor's algorithm of Target Station and cryptographic algorithm.
Embodiment two
Present embodiment re-establishes the target eNode B flow process in the S1 switching flow and describes as example, and in the present embodiment, Mobility Management Entity (Mobile Management Entity is called for short MME) is constant.Specific as follows:
The first step: UE is by measurement report (MEASUREMENT REPORT) information reporting measurement result.
Second step: source eNodeB base station to determine need to initiate to switch, and sends HANDOVER REQUIRED message to source MME, has carried complete guarantor algorithm and the cryptographic algorithm parameter of UE in the source station in this message.
The 3rd step: source MME sends handover request (HANDOVER REQUEST) message to target eNode B.
The 4th step: the success of target eNode B distributing radio resource also sends handover request (HANDOVER REQUEST) ACKNOWLEDGE message to source eNodeB.
The 5th step: source MME sends HANDOVER COMMAND message to source eNodeB.
The 6th step: source eNodeB sends RRC and connects and reshuffle (CONNECTION RECONFIGURATION) message to UE, has carried target eNode B in the message and has disposed Radio Resource to UE.
The 7th step: UE receive RRC connect reshuffle (CONNECTION RECONFIGURATION) message after, carry out the reprovision action, because a variety of causes causes the reprovision failure, UE rolls back to source eNodeB configuration data, and simultaneously UE decision-making is initiated RRC at Target Station and re-established process.
The 8th step: UE sends RRC connection reconstruction request (CONNECTION REESTABLISHMENT REQUEST) message to target eNode B.
The 9th step: target eNode B sends RRC connection reconstruction (CONNECTION REESTABLISHMENT) message to UE.
The tenth step: UE sends the RRC connection re-establishment and finishes (CONNECTIONREESTABLISHMENTCOMPLETE) message to target eNode B, and what the use of (CONNECTION REESTABLISHMENT COMPLETE) message was finished in UE transmission RRC connection re-establishment is complete guarantor and the cryptographic algorithm of source station.
The 11 step: target eNode B need to be encrypted with complete guarantor's algorithm RRC connection reconstruction (CONNECTION REESTABLISHMENT) COMPLETE message and detect, Target Station at first uses complete guarantor and the cryptographic algorithm of target to detect, if detect unsuccessfully, what expression UE used is complete guarantor and the cryptographic algorithm of source eNodeB, complete guarantor and cryptographic algorithm process safety detection that the UE that then the source station band is come in the target eNode B use second step uses at source eNodeB, detection is passed through, and UE re-establishes successfully at the RRC of target eNode B side.
The 12 step: target eNode B sends RRC and reshuffles (CONNECTION RECONFIGURATION) message to UE, and complete guarantor and the cryptographic algorithm of target eNode B disposed to UE.
After the 13 step: UE receives RRC and reshuffles (CONNECTION RECONFIGURATION) message, receive the configuration of new complete guarantor and cryptographic algorithm, and send RRC and connect to reshuffle and finish (CONNECTION RECONFIGURATION COMPLETE) to the target eNode B station, so far the follow-up message of UE and Target Station is used the complete guarantor's algorithm of Target Station and cryptographic algorithm.
Embodiment three
Present embodiment describes as example to re-establish the target eNode B flow process during S1 switches (MME change) flow process.Specific as follows:
The first step: UE is by measurement report (MEASUREMENT REPORT) information reporting measurement result.
Second step: source eNodeB base station to determine need to initiate to switch, and sends handover request (HANDOVER REQUIRED) message to source MME, has carried complete guarantor algorithm and the cryptographic algorithm parameter of UE in the source station in this message.
The 3rd step: source MME sends forward direction reconfiguration request (FORWARD RELOCATION REQUEST) message to target MME.
The 4th step: target MME sends handover request (HANDOVER REQUEST) message to target eNode B.
The 5th step: the success of target eNode B distributing radio resource also sends switching request response (HANDOVER REQUESTACKNOWLEDGE) message to target MME.
The 6th step: target MME sends forward direction and reshuffles response (FORWARD RELOCATION RESPONSE) message to source MME.
The 7th step: source MME sends switching command (HANDOVER COMMAND) message to source eNodeB.
The 8th step: source eNodeB sends RRC and connects and reshuffle (CONNECTION RECONFIGURATION) message to UE, has carried target eNode B in the message and has disposed Radio Resource to UE.
The 9th step: UE receive RRC connect reshuffle (CONNECTION RECONFIGURATION) message after, carry out the reprovision action, because a variety of causes causes the reprovision failure, UE rolls back to source eNodeB configuration data, and simultaneously UE decision-making is initiated RRC at Target Station and re-established process.
The tenth step: UE sends RRC connection reconstruction request (CONNECTION REESTABLISHMENT REQUEST) message to target eNode B.
The 11 step: target eNode B sends RRC connection reconstruction (CONNECTION REESTABLISHMENT) message to UE.
The 12 step: UE sends the RRC connection re-establishment and finishes (CONNECTIONREESTABLISHMENTCOMPLETE) message to target eNode B, and what the use of (CONNECTION REESTABLISHMENT COMPLETE) message was finished in UE transmission RRC connection re-establishment is complete guarantor and the cryptographic algorithm of source station.
The 13 step: target eNode B need to be finished to the RRC connection re-establishment (CONNECTION REESTABLISHMENT COMPLETE) message and be encrypted and complete guarantor's algorithm detection, Target Station at first uses complete guarantor and the cryptographic algorithm of target to detect, if detect unsuccessfully, what expression UE used is complete guarantor and the cryptographic algorithm of source eNodeB, complete guarantor and cryptographic algorithm process safety detection that the UE that then the source station band is come in the target eNode B use second step uses at source eNodeB, detection is passed through, and UE re-establishes successfully at the RRC of target eNode B side.
The 14 step: target eNode B sends RRC and connects and reshuffle (CONNECTION RECONFIGURATION) message to UE, and complete guarantor and the cryptographic algorithm of target eNode B disposed to UE.
The 15 step: UE receive RRC connect reshuffle (CONNECTION RECONFIGURATION) message after, receive the configuration of new complete guarantor and cryptographic algorithm, and send RRC and connect to reshuffle and finish (CONNECTION RECONFIGURATION COMPLETE) to the target eNode B station, so far the follow-up message of UE and Target Station is used the complete guarantor's algorithm of Target Station and cryptographic algorithm.
Embodiment four
To re-establish the Target RNC flow process in UMTS Terrestrial radio access network (UMTS Terrestrial Radio Access Network is referred to as the UTRAN) flow process be that example is said to present embodiment to switch to from land radio access web (EvoIved UMTS is referred to as E-UTRAN) between RAT.Specific as follows:
The first step: UE is by measurement report (MEASUREMENT REPORT) information reporting measurement result.
Second step: source eNodeB base station to determine need to initiate to switch, and sends handover request (HANDOVER REQUIRED) message to source MME, has carried complete guarantor algorithm and the cryptographic algorithm parameter of UE in the source station in this message.
The 3rd step: source MME sends forward direction reconfiguration request (FORWARD RELOCATION REQUEST) message to target SGSN.
The 4th step: destination service GPRS Support Node (Serving GPRS Supporting Node is referred to as SGSN) sends reconfiguration request (RELOCATION REQUEST) message to Target RNC.
The 5th step: the success of Target RNC distributing radio resource also sends reconfiguration request response (RELOCATION REQUEST ACKNOWLEDGE) message to target SGSN.
The 6th step: target SGSN sends forward direction and reshuffles response (FORWARD RELOCATION RESPONSE) message to source MME.
The 7th step: source MME switching command (HANDOVER COMMAND) message is to source eNodeB.
The 8th step: source eNodeB sends RRC and reshuffles (CONNECTION RECONFIGURATION) message to UE, has carried target eNode B in the message and has disposed Radio Resource to UE.
After the 9th step: UE receives RRC and reshuffles (CONNECTION RECONFIGURATION) message, carry out the reprovision action, because a variety of causes causes the reprovision failure, UE rolls back to source eNodeB configuration data, and simultaneously UE decision-making is initiated RRC at Target Station and re-established process.
The tenth step: UE sends RRC connection reconstruction request (CONNECTION REESTABLISHMENT REQUEST) message to Target RNC.
The 11 step: Target RNC sends RRC connection reconstruction (CONNECTION REESTABLISHMENT) message to UE.
The 12 step: UE sends the RRC connection re-establishment and finishes (CONNECTIONREESTABLISHMENTCOMPLETE) message to Target RNC, and what the use of (CONNECTIONREESTABLISHMENTCOMPLETE) message was finished in UE transmission RRC connection re-establishment is complete guarantor and the cryptographic algorithm of source station.
The 13 step: Target RNC need to be finished to the RRC connection reconstruction (CONNECTIONREESTABLISHMENT COMPLETE) message and is encrypted and complete guarantor's algorithm detection, Target Station at first uses complete guarantor and the cryptographic algorithm of target to detect, if detect unsuccessfully, what expression UE used is complete guarantor and the cryptographic algorithm of source eNodeB, complete guarantor and cryptographic algorithm process safety detection that the UE that then the source station band is come in the Target RNC use second step uses at source eNodeB, detection is passed through, and UE re-establishes successfully at the RRC of target eNode B side.
The 14 step: Target RNC sends RRC and reshuffles (CONNECTION RECONFIGURATION) message to UE, and complete guarantor and the cryptographic algorithm of Target RNC disposed to UE.
After the 15 step: UE receives RRC and reshuffles (CONNECTION RECONFIGURATION) message, receive the configuration of new complete guarantor and cryptographic algorithm, and send RRC and connect to reshuffle and finish (CONNECTIONRECONFIGURATIONCOMPLETE) to the Target RNC station, so far the follow-up message of UE and Target RNC is used the complete guarantor's algorithm of Target Station and cryptographic algorithm.
Embodiment five
Present embodiment re-establishes the target eNode B flow process and describes as example to switch to from UTRAN between RAT the EUTRAN flow process, specific as follows:
The first step: UE arrives source RNC by measurement report (MEASUREMENT REPORT) information reporting measurement result.
Second step: RNC decision-making in source needs to initiate to switch, and sends and reshuffles (RELOCATION REQUIRED) message to source SGSN, has carried complete guarantor algorithm and the cryptographic algorithm parameter of UE in the source station in this message.
The 3rd step: source SGSN sends forward direction reconfiguration request (FORWARD RELOCATION REQUEST) message to target MME.
The 4th step: target MME sends handover request (HANDOVER REQUEST) message to target eNode B.
The 5th step: the success of target eNode B distributing radio resource also sends switching request response (HANDOVER REQUESTACKNOWLEDGE) message to target MME.
The 6th step: target MME sends forward direction response (FORWARD RESPONSE) message to source SGSN.
The 7th step: source SGSN sends reconfigure command RELOCATION COMMAND message to source RNC.
The 8th step: source RNC sends RRC and reshuffles (CONNECTION RECONFIGURATION) message to UE, has carried target eNode B in the message and has disposed Radio Resource to UE.
After the 9th step: UE receives RRC and reshuffles (CONNECTION RECONFIGURATION) message, carry out the reprovision action, because a variety of causes causes the reprovision failure, UE rolls back to source RNC configuration data, and simultaneously UE decision-making is initiated RRC at Target Station and re-established process.
The tenth step: UE sends RRC and rebuilds request (CONNECTION REESTABLISHMENT REQUEST) message to target eNode B.
The 11 step: target eNode B sends RRC connection reconstruction (CONNECTION REESTABLISHMENT) message to UE.
The 12 step: UE sends the RRC connection re-establishment and finishes (CONNECTION REESTABLISHMENTCOMPLETE) message to target eNode B, and what the use of (CONNECTIONREESTABLISHMENTCOMPLETE) message was finished in UE transmission RRC connection re-establishment is complete guarantor and the cryptographic algorithm of source RNC.
The 13 step: target eNode B need to be finished to the RRC connection re-establishment (CONNECTION REESTABLISHMENT COMPLETE) message and be encrypted and complete guarantor's algorithm detection, Target Station at first uses complete guarantor and the cryptographic algorithm of target to detect, if detect unsuccessfully, what expression UE used is complete guarantor and the cryptographic algorithm of source RNC, complete guarantor and cryptographic algorithm process safety detection that the UE that then the source station band is come in the target eNode B use second step uses at source eNodeB, detection is passed through, and UE re-establishes successfully at the RRC of target eNode B side.
The 14 step: target eNode B sends RRC and reshuffles (CONNECTION RECONFIGURATION) message to UE, and complete guarantor and the cryptographic algorithm of target eNode B disposed to UE.
After the 15 step: UE receives RRC and reshuffles (CONNECTION RECONFIGURATION) message, receive the configuration of new complete guarantor and cryptographic algorithm, and send RRC and connect and reshuffle (CONNECTION RECONFIGURATION COMPLETE) to the target eNode B station, so far the follow-up message of UE and target eNode B is used the complete guarantor's algorithm of Target Station and cryptographic algorithm.
In another embodiment, also provide a kind of software, this software be used for to be carried out the technical scheme that above-described embodiment and preferred implementation are described.
In another embodiment, also provide a kind of storage medium, stored above-mentioned software in this storage medium, this storage medium includes but not limited to: CD, floppy disk, hard disk, scratch pad memory etc.
Obviously, those skilled in the art should be understood that, above-mentioned each module of the present invention or each step can realize with general calculation element, they can concentrate on the single calculation element, perhaps be distributed on the network that a plurality of calculation elements form, alternatively, they can be realized with the executable program code of calculation element, thereby, they can be stored in the storage device and be carried out by calculation element, and in some cases, can carry out step shown or that describe with the order that is different from herein, perhaps they are made into respectively each integrated circuit modules, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize.Like this, the present invention is not restricted to any specific hardware and software combination.
Be the preferred embodiments of the present invention only below, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any modification of doing, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.