CN108243144A - AS safety mode process optimization method in a kind of LTE system - Google Patents
AS safety mode process optimization method in a kind of LTE system Download PDFInfo
- Publication number
- CN108243144A CN108243144A CN201611207413.2A CN201611207413A CN108243144A CN 108243144 A CN108243144 A CN 108243144A CN 201611207413 A CN201611207413 A CN 201611207413A CN 108243144 A CN108243144 A CN 108243144A
- Authority
- CN
- China
- Prior art keywords
- sdu
- target
- pdcp layers
- base station
- sent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/06—Notations for structuring of protocol data, e.g. abstract syntax notation one [ASN.1]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W80/00—Wireless network protocols or protocol adaptations to wireless operation
- H04W80/02—Data link layer protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/08—Access point devices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention discloses AS safety mode process optimization method, this method in a kind of LTE system and includes:After the corresponding target SDU of Security Mode Command message that the PDCP layers of base station are sent in the rrc layer for receiving base station, increase presupposed information in the MAC I domains of target SDU, it obtains first object SDU and is sent to target UE, so that the corresponding second target SDU of target UE feedback security Pattern completion message;For the PDCP layers of base station after the SDU for receiving target UE transmissions, the MAC I domain informations based on the SDU determine whether the SDU is the second target SDU, realize the optimization of AS safety mode process.MAC I domain information of the PDCP layers of base station of the present invention based on SDU, determine whether the SDU that UE is sent is that safe mode completes the corresponding SDU of message, avoid due to misrecognition lead to problems such as message abandon and cannot be decrypted in time source codec is caused to fail caused by call loss.
Description
Technical field
The present invention relates to fields of communication technology, and in particular to AS safety mode process optimization method in a kind of LTE system.
Background technology
For LTE (Long Term Evolution, long term evolution) system it is safe the characteristics of, AS (Access
Stratum, access layer) it needs to carry out safe mode command activation and safeguard protection.In AS security mode command procedures, base station
(eNodeB) and user equipment (User Equipment, UE) both ends negotiate AS algorithms and calculate AS tegrity protection keys and
Encryption key, and start integrity protection and encryption.Integrity protection may insure message content that receiving terminal receives not by
Third party distorts, and the message content that encipherment protection can send sender changes thus cannot be by addition to intended recipient
Third party knows the real content to be expressed of message.
In LTE system chain of command agreement stack, the UU protocol stacks of the interface between UE and eNodeB are divided into physical layer
(Layer1, L1), medium access control (Medium Access Control, MAC) layer, wireless spread-spectrum technology (Radio Link
Control, RLC) layer and Packet Data Convergence Protocol (Packet Data Convergence Protocol, PDCP) layer, nothing
Line resources control (Radio Resource Control, RRC) layer.It is assisted according to 3GPP TS 36.331 and 3GPP TS 36.323
View requirement, the RRC information of control plane are needed to carry out ASN.1 encoding and decoding, be performed in rrc layer, and rrc layer carries out ASN.1 and compiles solution at present
UU mouthfuls, S1 mouthfuls of (eNodeB and core net CN are generally carried out using the third party software of outsourcing or independent software module during code
Between interface) and X2 mouthfuls of (interface between eNodeB) all control plane message encoding and decoding.But the integrality of RRC information
Protection and encryption and decryption are in PDCP layers of execution.
AS safety mode process is initiated by eNodeB, and the description of chapters and sections is activated according to 36.331 protocol securities of 3GPP TS,
Fig. 2 shows AS safety mode process, include the following steps 1~step 3:
Step 1:The rrc layer of eNodeB is selected according to UE security capabilities and the algorithm list itself supported according to priority
The Encryption Algorithm and protection algorithm integrallty of AS, assembling safe mode command (Security Mode Command) message to
UE is sent, and the AS Encryption Algorithm and protection algorithm integrallty of eNodeB selections are included in this message.The PDCP layers of eNodeB are right
This message carries out integrity protection, is added at service data unit (Service Data Unit, SDU) end of message
MAC-I (Message authentication code for data Integrity, the message as data integrity protection
Authentication code) domain, and start to start the encipherment protection of down direction RRC information.
Step 2:The rrc layer of UE parses the message after receiving Security Mode Command message, is selected according to eNodeB
The Encryption Algorithm and protection algorithm integrallty selected calculate AS tegrity protection keys and encryption key, notify the PDCP layers of UE
Completeness check is carried out to this message, after verification passes through, the rrc layer of PDCP layers of notice UE verifies successfully and opens downlink safety
Property.Rrc layer returns to safe mode to eNodeB and completes (Security Mode Complete) message, and PDCP layers to this message
Integrity protection is carried out, in the SDU ends of message addition MAC-I domains, and using the RRC keys notified and corresponding algorithm to subsequent
Uplink and downlink RRC information carry out integrity protection and encipherment protection.
Step 3:PDCP layers of notice verifies that its is complete after the rrc layer of eNodeB receives Security Mode Complete message
Whole property, if be proved to be successful, rrc layer notifies that PDCP layers start to carry out integrity protection and decryption processing to subsequent upstream signaling.
Described in 36.323 agreements of 3GPP TS:Due to two Security Mode of the rrc layer of activation integrity protection
Command and Security Mode Complete message needs to carry out integrity protection, but need before integrity protection is carried out
Rrc layer is wanted to perform whether ASN.1 Decoding Analysis outbound message is Security Mode Command and Security Mode
Complete message.I.e. the decoding of message is completed in rrc layer, but completeness check is completed at PDCP layers, and PDCP layers are not known conjunction
It is suitable to start completeness check, rrc layer notice is completely dependent on, therefore, the activation of AS safety mode process needs rrc layer and PDCP layers
Carrying out multiple interacting message could complete.
Radio bearer in LTE system can be divided into Data Radio Bearer (Data Radio Bearer, DRB) and signaling
Wireless carrier (Signalling Radio Bearer, SRB), the Physical Downlink Shared Channel that DRB is distributed by eNodeB for it
(Physical Downlink Shared Channel, PDSCH) is carried.There is three classes SRB in LTE system:SRB0, SRB1 and
SRB2 is described as follows:
SRB0 carries RRC information, is mapped to common control channel (Common Control Channel, CCCH).
SRB1 carries RRC information, can also carry NAS message, be mapped to dedicated control channel (Dedicated Control
Channel, DCCH).
SRB2 carries NAS message, is mapped to DCCH channels.
When the RRC connections of UE are not set up, RRC signaling is carried by SRB0;When SRB2 is not set up, NAS signaling is carried by SRB1.
Rrc layer carries out generally using the third party software of outsourcing or independent software module during ASN.1 encoding and decoding at present
It is decoded.If complete ASN.1 decodings library is transplanted to layer 2 (Layer 2, L2) protocol stack module, code segment increase and
Operational efficiency is low.In the realization of eNodeB in order to avoid rrc layer and PDCP layers multiple interaction and avoid calling ASN.1 decodings
Library, it is believed that after SRB1 downlinks send Security Mode Command message, a piece of news that uplink SRB1 is received is
Security Mode Complete message.But during existing network operation, scene 1 and scene 2 repeatedly occur leads to eNodeB
Erroneous judgement.
Scene 1:When UE carries out tracing section updating (Tracking Area Update, TAU) process, in UE to core net
When CN sends TAU_CMP message, eNodeB sends Security Mode Command message to UE, and TAU_ is received in eNodeB
During CMP message, TAU_CMP message is mistakenly considered as Security Mode Complete message, but the agreement number of TAU_CMP message
It is abandoned according to MAC-I is not carried in unit (Protocol Data Unit, PDU) by PDCP layers, leads to TAU procedure failures.I.e.
The Security Mode Command message of eNodeB and the TAU_CMP message of UE mutually brush past and eNodeB are caused to judge by accident.
Scene 2:When UE access is to network, to reduce access delay, the foundation of safety mode process and SRB2 and DRB
Process is substantially what is be carried out at the same time, and eNodeB first sends the message initiated safety mode process of Security Mode Command, with
RRCConnectionReconfiguration message is sent afterwards to carry out establishing SRB2 and DRB.Message flow is as follows:
In base station side, PDCP layers carry out Security Mode Command message integrity protection, right
RRCConnectionReconfiguration message carries out integrity protection and encipherment protection.In UE sides, PDCP layers first receive
Security Mode Command message and be submitted to rrc layer carry out ASN.1 decodings when, PDCP layers receive again
RRCConnectionReconfiguration message, but due to rrc layer at this time fail to give notice PDCP layers carry out integrity protection and
RRCConnectionReconfiguration message is not decrypted for PDCP layers and is just submitted to rrc layer, caused by encryption/decryption parameter
RRC correctly ASN.1 decodings cannot abandon the message.Lead to call drop, influence Key Performance Indicator (Key Performance
Indicators, KPI) and user's perception.
By above description it is found that eNodeB and UE is when carrying out safety mode process, due to eNodeB's or UE
PDCP layers are not know when to receive Security Mode Command and Security Mode Complete message, need
Rrc layer carries out ASN.1 decodings and knows, notifies that PDCP layers carry out security verification and encryption, is needed between protocol layer interactive a plurality of
Message is mutually notified.
Therefore, the realization of the agreement description of the prior art, has the disadvantages that:
1st, efficiency is low, starts safety mode process, needs rrc layer and PDCP layers of interaction message multiple.In large capacity base station
Or calling busy, overhead increase, stabilization of equipment performance reduce.
2nd, due to carrying out ASN.1 decodings, after downlink sends out Security Mode Command message, uplink in rrc layer
It can not determine when to receive Security Mode Complete message, NAS message is caused not carry MAC-I and lost by PDCP layers
It abandons, causes call loss.
3rd, it due to carrying out ASN.1 decodings in rrc layer, receives in downlink and exists including Security Mode Command message
During interior multiple messages, message after Security Mode Command can be caused since PDCP layers are not decrypted and lead to rrc layer
Decoding failure, causes call loss.
Invention content
In view of the above problems, the present invention proposes the one kind for overcoming the above problem or solving the above problems at least partly
AS safety mode process optimization method in LTE system.
In a first aspect, the present invention proposes AS safety mode process optimization methods in a kind of LTE system, including:
PDCP layers of safety sent in the radio resource control RRC layer for receiving base station of Packet Data Convergence Protocol of base station
After the corresponding target service data cell S DU of Mode Command Message, increase presupposed information in the MAC-I domains of the target SDU,
Obtain first object SDU;
The first object SDU is sent to target UE UE by the PDCP layers of base station, so that the target UE is fed back
Safe mode completes the corresponding second target SDU of message;
The PDCP layers of base station are after the SDU that the target UE is sent is received, the MAC-I domain informations based on the SDU, determine
Whether the SDU is the second target SDU, realizes the optimization of access layer AS safety mode process.
Optionally, the MAC-I domain informations based on the SDU determine whether the SDU is the second target SDU, packet
It includes:
The PDCP layers of base station judge whether the MAC-I domain informations of the SDU are empty or zero;
If the MAC-I domain informations of the SDU are neither also not zero for sky, the PDCP layers of base station judge that the SDU is described the
Two target SDU.
Optionally, the PDCP layers of the base station judge the SDU after the second target SDU, to further include:
The PDCP layers of base station extract the Encryption Algorithm carried in the second target SDU and protection algorithm integrallty;
The PDCP layers of base station are based on the protection algorithm integrallty and completeness check are carried out to the second target SDU, and
After verifying successfully, the second target SDU is sent to the rrc layer of base station.
Optionally, it is described the second target SDU is sent to the rrc layer of base station after, further include:
The PDCP layers of base station carry out completeness check, and in school based on the protection algorithm integrallty to the SDU received
It tests and successfully the SDU is decrypted based on the Encryption Algorithm afterwards;
SDU after decryption is sent to the rrc layer of base station by the PDCP layers of base station.
Optionally, the PDCP layers of the base station extract the Encryption Algorithm carried in the second target SDU and integrality is protected
Algorithm is protected, including:
Value of the PDCP layers of base station based on the bit13 to bit15 in the corresponding bit sequences of the second target SDU, really
Determine protection algorithm integrallty;And based on the value of bit17 to bit19, determine Encryption Algorithm;
Wherein, the bit sequence is by bit0, and totally 20 bits are formed by bit1 ..., bit19.
Optionally, if the MAC-I domain informations of the SDU are sky or zero, which is sent to base station by the PDCP layers of base station
Rrc layer.
Second aspect, the present invention also propose AS safety mode process optimization method in a kind of LTE system, including:
UE is after the SDU for receiving target BS transmission, MAC-I domain information of the PDCP layers based on the SDU of the UE, really
Whether the fixed SDU is the corresponding first object SDU of Security Mode Command message;
If it is determined that the SDU is the first object SDU, then the first object SDU is sent to by the PDCP layers of the UE
The rrc layer of the UE, so that after the corresponding target SDU of rrc layer feedback security Pattern completion message of the UE;
After the target SDU that the PDCP layers of the UE are sent in the rrc layer for receiving the UE, the target SDU's
MAC-I increases presupposed information in domain, obtains the second target SDU;
The second target SDU is sent to the target BS by the PDCP layers of the UE, realizes the safe moulds of access layer AS
Formula process optimization.
Optionally, it before the first object SDU is sent to the rrc layer of the UE by the PDCP layers of the UE, further includes:
The PDCP layers of the UE extract the Encryption Algorithm carried in the first object SDU and protection algorithm integrallty;
The PDCP layers of the UE are based on the protection algorithm integrallty and carry out completeness check to the first object SDU;
Correspondingly, the first object SDU is sent to the rrc layer of the UE by the PDCP layers of the UE, including:
The PDCP layers of the UE are sent to institute after being verified successfully to the first object SDU, by the first object SDU
State the rrc layer of UE.
Optionally, it is described the first object SDU is sent to the rrc layer of the UE after, further include:
The PDCP layers of the UE carry out the SDU that receives completeness check based on the protection algorithm integrallty, and
The SDU is decrypted based on the Encryption Algorithm after verifying successfully;
SDU after decryption is sent to the rrc layer of base station by the PDCP layers of the UE.
Optionally, however, it is determined that the SDU is for the first object SDU, then the PDCP layers of the UE are by the first object
SDU is sent to the rrc layer of the UE.
The third aspect, the present invention also propose AS safety mode process optimization method in a kind of LTE system, including:
After the corresponding target SDU of Security Mode Command message that the PDCP layers of base station are sent in the rrc layer for receiving base station,
Increase presupposed information in the MAC-I domains of the target SDU, obtain first object SDU;
The first object SDU is sent to target UE by the PDCP layers of base station, so that the target UE feedback security patterns
Complete the corresponding second target SDU of message;
The PDCP layers of base station are after the SDU that the target UE is sent is received, based on the corresponding bit sequences of the SDU, really
Whether the fixed SDU is the second target SDU, realizes the optimization of access layer AS safety mode process.
Optionally, it is described based on the corresponding bit sequences of the SDU, it determines whether the SDU is the second target SDU, wraps
It includes:
The PDCP layers of base station judge whether bit1 to bit4 is 0110 in the corresponding bit sequences of the SDU;The bit sequence
It arranges by bit0, bit1 ..., totally 20 bits are formed bit19;
If 0110, then the PDCP layers judgement of the base station SDU is the second target SDU.
Optionally, the PDCP layers of the base station judge the SDU after the second target SDU, to further include:
The PDCP layers of base station extract the Encryption Algorithm carried in the second target SDU and protection algorithm integrallty;
The PDCP layers of base station are based on the protection algorithm integrallty and completeness check are carried out to the second target SDU, and
After verifying successfully, the second target SDU is sent to the rrc layer of base station.
Optionally, it is described the second target SDU is sent to the rrc layer of base station after, further include:
The PDCP layers of base station carry out completeness check, and in school based on the protection algorithm integrallty to the SDU received
It tests and successfully the SDU is decrypted based on the Encryption Algorithm afterwards;
SDU after decryption is sent to the rrc layer of base station by the PDCP layers of base station.
Optionally, the PDCP layers of the base station extract the Encryption Algorithm carried in the second target SDU and integrality is protected
Algorithm is protected, including:
Value of the PDCP layers of base station based on the bit13 to bit15 in the corresponding bit sequences of the second target SDU, really
Determine protection algorithm integrallty;And based on the value of bit17 to bit19, determine Encryption Algorithm.
Optionally, if bit1 to bit4 is not 0110 in the corresponding bit sequences of the SDU, the PDCP layers of base station should
SDU is sent to the rrc layer of base station.
Fourth aspect, the present invention also propose AS safety mode process optimization method in a kind of LTE system, including:
For UE after the SDU for receiving target BS transmission, the PDCP layers of the UE are based on the corresponding bit sequences of the SDU,
Determine whether the SDU is the corresponding first object SDU of Security Mode Command message;
If it is determined that the SDU is the first object SDU, then the first object SDU is sent to by the PDCP layers of the UE
The rrc layer of the UE, so that after the corresponding target SDU of rrc layer feedback security Pattern completion message of the UE;
After the target SDU that the PDCP layers of the UE are sent in the rrc layer for receiving the UE, the target SDU's
MAC-I increases presupposed information in domain, obtains the second target SDU;
The second target SDU is sent to the target BS by the PDCP layers of the UE, realizes the safe moulds of access layer AS
Formula process optimization.
Optionally, it before the first object SDU is sent to the rrc layer of the UE by the PDCP layers of the UE, further includes:
The PDCP layers of the UE extract the Encryption Algorithm carried in the first object SDU and protection algorithm integrallty;
The PDCP layers of the UE are based on the protection algorithm integrallty and carry out completeness check to the first object SDU;
Correspondingly, the first object SDU is sent to the rrc layer of the UE by the PDCP layers of the UE, including:
The PDCP layers of the UE are sent to institute after being verified successfully to the first object SDU, by the first object SDU
State the rrc layer of UE.
Optionally, it is described the first object SDU is sent to the rrc layer of the UE after, further include:
The PDCP layers of the UE carry out the SDU that receives completeness check based on the protection algorithm integrallty, and
The SDU is decrypted based on the Encryption Algorithm after verifying successfully;
SDU after decryption is sent to the rrc layer of base station by the PDCP layers of the UE.
Optionally, however, it is determined that the SDU is for the first object SDU, then the PDCP layers of the UE are by the first object
SDU is sent to the rrc layer of the UE.
Compared with the prior art, AS safety mode process optimization methods, the PDCP of base station in LTE system proposed by the present invention
MAC-I domain information of the layer based on the UE SDU sent, to determine whether the SDU that UE is sent is that safe mode completion message is corresponding
SDU, whether the SDU for overcoming the PDCP layer None- identifieds UE transmissions of base station in the prior art is that safe mode completes message correspondence
SDU, avoid due to misrecognition lead to problems such as message abandon and cannot be decrypted in time causes source codec unsuccessfully to cause
Call loss.
Further, AS safety mode process optimization methods in LTE system proposed by the present invention, the PDCP layers of UE are based on base
Stand send SDU MAC-I domain informations, come determine base station send SDU whether be the corresponding SDU of Security Mode Command message,
Whether the SDU for overcoming the PDCP layer None- identifieds base station transmission of UE in the prior art is that Security Mode Command message is corresponding
SDU is avoided caused by misrecognition leads to problems such as message abandon and cannot be decrypted in time source codec is caused to fail
Call loss.
Further, AS safety mode process optimization methods in LTE system proposed by the present invention, the PDCP layers of base station are based on
The corresponding bit sequences of SDU that UE is sent, to determine whether the SDU that UE is sent is that safe mode completes the corresponding SDU of message, gram
Whether the SDU for having taken the PDCP layer None- identifieds UE transmissions of base station in the prior art is that safe mode completes the corresponding SDU of message,
Avoid due to misrecognition lead to problems such as message abandon and cannot be decrypted in time source codec is caused to fail caused by call loss.
Further, AS safety mode process optimization methods in LTE system proposed by the present invention, the PDCP layers of UE are based on base
Stand send the corresponding bit sequences of SDU, come determine base station send SDU whether be the corresponding SDU of Security Mode Command message,
Whether the SDU for overcoming the PDCP layer None- identifieds base station transmission of UE in the prior art is that Security Mode Command message is corresponding
SDU is avoided caused by misrecognition leads to problems such as message abandon and cannot be decrypted in time source codec is caused to fail
Call loss.
Description of the drawings
Fig. 1 is LTE system control plane protocol stack structure schematic diagram in the prior art;
Fig. 2 is access layer AS safety mode process schematic diagram in the prior art;
Fig. 3 is AS safety mode process optimization method flow charts in a kind of LTE system that first embodiment of the invention provides;
Fig. 4 is AS safety mode process optimization method flow charts in a kind of LTE system that second embodiment of the invention provides;
Fig. 5 is AS safety mode process optimization method flow charts in a kind of LTE system that third embodiment of the invention provides;
Fig. 6 is AS safety mode process optimization method flow charts in a kind of LTE system that fourth embodiment of the invention provides;
Fig. 7 is a kind of AS safety mode process schematic diagram provided in an embodiment of the present invention.
Specific embodiment
Purpose, technical scheme and advantage to make the embodiment of the present invention are clearer, below in conjunction with the embodiment of the present invention
In attached drawing, the technical solution in the embodiment of the present invention is explicitly described, it is clear that described embodiment be the present invention
Part of the embodiment, instead of all the embodiments.
It should be noted that herein, " first " and " second " is used merely to distinguish identical title, without
It is the relationship or sequence implied between these titles.
For the description of LTE system AS safety mode process activation, the key point of the flow is that PDCP layers are learned in time
Security Mode the two message of Command and Security Mode Complete and security configuration parameter.
According to 36.331 agreements of 3GPP TS, Security Mode Command message is first progress of downlink SRB1
Integrity protection but not encrypted message, Security Mode Complete message are first progress integralities of SRB1 uplinks
Protection but not encrypted message.
According to 36.323 agreements of 3GPP TS, when message does not carry out integrity protection, exist in the PDU of SRB
MAC-I domains, but it is filled with full 0.
Therefore, in UE sides, PDCP layers when receiving the first non-zero message in MAC-I domains, are then regarded as the message
Security Mode Command message while notice rrc layer is decoded, starts to cache the message of downlink, waits for RRC
The processing of subsequent message is carried out after layer decoder result and the parameter of progress integrity protection again.For 2 problem of scene,
RRCConnectionReconfiguration message is buffered, and decryption and integrality school are proceeded by after waiting for rrc layer notice
It tests.
In eNodeB sides, after Security Mode Command message is sent out, first MAC-I is received at PDCP layers
During the non-zero message in domain, then the message is regarded as into Security Mode Complete message, integrality is carried out to this message
Rrc layer is submitted to after verification, completeness check is carried out to subsequent message and decryption processing is submitted to rrc layer again.Go out for scene 1
The problem of existing, TAU_CMP message does not carry MAC-I, and the PDCP layers of eNodeB can directly be submitted to rrc layer, avoid disappearing this
Breath abandons.
Based on above-mentioned analysis, as shown in figure 3, the present embodiment discloses AS safety mode process optimization side in a kind of LTE system
Method, it may include following steps 301~303 and the unshowned steps 300 and 300 ' in the prior art of Fig. 3:
300th, the rrc layer of base station according to the security capabilities of the target UE got in advance (Safe CAPacity,
SCAP) and the target UE support optimization algorithm list (Prioritization Algorithm List, PAL), selection
The target Encryption Algorithm and target integrity protection algorism that access layer AS is used.
300 ', the rrc layer of base station is based on the target Encryption Algorithm and target integrity protection algorism, assembles safe mode
The corresponding target SDU of command messages.
301st, PDCP layers of the Packet Data Convergence Protocol of base station is sent in the radio resource control RRC layer for receiving base station
After the corresponding target service data cell S DU of Security Mode Command message, increase in the MAC-I domains of the target SDU default
Information obtains first object SDU.
302nd, the first object SDU is sent to target UE UE by the PDCP layers of base station, so that the target UE
The corresponding second target SDU of feedback security Pattern completion message.
303rd, the PDCP layers of base station are after the SDU that the target UE is sent is received, the MAC-I domain informations based on the SDU,
It determines whether the SDU is the second target SDU, realizes the optimization of access layer AS safety mode process.
It should be noted that the present embodiment only gives the step of optimization of AS safety mode process is related to, remaining step can
Referring to AS safety mode process in the prior art, the present embodiment repeats no more.
Compared with prior art, AS safety mode process optimization methods in the LTE system that the present embodiment proposes, the PDCP of base station
MAC-I domain information of the layer based on the UE SDU sent, to determine whether the SDU that UE is sent is that safe mode completion message is corresponding
SDU, whether the SDU for overcoming the PDCP layer None- identifieds UE transmissions of base station in the prior art is that safe mode completes message correspondence
SDU, avoid due to misrecognition lead to problems such as message abandon and cannot be decrypted in time causes source codec unsuccessfully to cause
Call loss.
In a specific example, the MAC-I domain informations based on the SDU described in step 303, determine the SDU whether be
The second target SDU, including:
The PDCP layers of base station judge whether the MAC-I domain informations of the SDU are empty or zero;If the MAC-I domain informations of the SDU are neither
It is also not zero for sky, then the PDCP layers of base station judge that the SDU is the second target SDU.
In a specific example, if the MAC-I domain informations of the SDU are empty or zero, the PDCP of base station in step 303
The SDU is sent to the rrc layer of base station by layer, and non-dropped.
In a specific example, the PDCP layers of base station described in step 303 judge that the SDU is the second target SDU
Afterwards, the unshowned steps 304 of Fig. 3 and 305 are further included:
304th, the PDCP layers of base station extract the Encryption Algorithm carried in the second target SDU and protection algorithm integrallty.
305th, the PDCP layers of base station are based on the protection algorithm integrallty and carry out integrality school to the second target SDU
It tests, and after verifying successfully, the second target SDU is sent to the rrc layer of base station.
In a specific example, the PDCP layers of base station described in step 304 extract what is carried in the second target SDU
Encryption Algorithm and protection algorithm integrallty, including:
Value of the PDCP layers of base station based on the bit13 to bit15 in the corresponding bit sequences of the second target SDU, really
Determine protection algorithm integrallty;And based on the value of bit17 to bit19, determine Encryption Algorithm;Wherein, the bit sequence is by bit0,
Bit1 ..., totally 20 bits are formed bit19.
In a specific example, after the second target SDU is sent to the rrc layer of base station described in step 305, also
Including the unshowned steps 306 of Fig. 3 and 307:
306th, the PDCP layers of base station carry out completeness check based on the protection algorithm integrallty to the SDU received, and
The SDU is decrypted based on the Encryption Algorithm after verifying successfully.
307th, the SDU after decryption is sent to the rrc layer of base station by the PDCP layers of base station.
Based on above-mentioned Fig. 3 each embodiments being related to it is found that AS safety mode process in LTE system disclosed in above-described embodiment
Optimization method, using base station as executive agent describe, the PDCP layers in base station, by UE transmission SDU MAC-I domain informations whether be
It is empty or zero for SecurityModeComplete message to determine whether carry out Row control, it avoids causing to disappear due to misrecognition
Breath, which is abandoned and cannot be decrypted in time, leads to problems such as source codec fail caused call loss.
Further, AS safety mode process optimization methods, the PDCP in base station in LTE system disclosed in above-described embodiment
Layer, according to the corresponding bit sequences of the SDU of SecurityModeComplete message, parses SecurityModeComplete
Encryption Algorithm and protection algorithm integrallty in message carry out Row control, avoid message being caused to abandon and not due to misrecognition
Can be decrypted in time leads to problems such as source codec fail caused call loss.
Based on the inventive concept identical with each embodiment that above-mentioned Fig. 3 is related to, as shown in figure 4, the present embodiment discloses one kind
AS safety mode process optimization method in LTE system, this method include the following steps 401 to 404 using UE as executive agent:
401st, UE is after the SDU for receiving target BS transmission, MAC-I domain letter of the PDCP layers based on the SDU of the UE
Breath, determines whether the SDU is the corresponding first object SDU of Security Mode Command message;
402nd, if it is determined that the SDU is the first object SDU, then the PDCP layers of the UE send out the first object SDU
The rrc layer of the UE is sent to, so that after the corresponding target SDU of rrc layer feedback security Pattern completion message of the UE;
403rd, after the target SDU that the PDCP layers of the UE are sent in the rrc layer for receiving the UE, in the target SDU
MAC-I domains in increase presupposed information, obtain the second target SDU;
404th, the second target SDU is sent to the target BS by the PDCP layers of the UE, realizes access layer AS peaces
Syntype process optimization.
It should be noted that the present embodiment only gives the step of optimization of AS safety mode process is related to, remaining step can
Referring to AS safety mode process in the prior art, the present embodiment repeats no more.
Compared with prior art, AS safety mode process optimization methods in the LTE system that the present embodiment proposes, the PDCP layers of UE
MAC-I domain informations based on the SDU that base station is sent, to determine whether the SDU that base station is sent is that Security Mode Command message corresponds to
SDU, overcome UE in the prior art PDCP layer None- identifieds base station send SDU whether be Security Mode Command message pair
The SDU answered is avoided leading to message discarding due to misrecognition and cannot be decrypted in time is caused source codec unsuccessfully to draw
The call loss risen.
In a specific example, in step 402 if it is determined that the SDU is for the first object SDU, then the UE
The PDCP layers of rrc layer that the first object SDU is sent to the UE, and non-dropped.
In a specific example, the first object SDU is sent to the UE by the PDCP layers of UE described in step 402
Rrc layer before, ' and 402 " that further include unshowned step 402 in Fig. 4:
402 ', the PDCP layers of the UE extract the Encryption Algorithm carried in the first object SDU and integrity protection is calculated
Method;
402 ", the PDCP layers of the UE are based on the protection algorithm integrallty and carry out integrality to the first object SDU
Verification;
Correspondingly, the first object SDU is sent to the rrc layer of the UE by the PDCP layers of UE described in step 402, packet
It includes:
The PDCP layers of the UE are sent to institute after being verified successfully to the first object SDU, by the first object SDU
State the rrc layer of UE.
The PDCP layers of in a specific example, the step 402 ' UE extract what is carried in the first object SDU
Encryption Algorithm and protection algorithm integrallty, including:
Value of the PDCP layers of the UE based on the bit13 to bit15 in the corresponding bit sequences of the first object SDU,
Determine protection algorithm integrallty;And based on the value of bit17 to bit19, determine Encryption Algorithm;Wherein, the bit sequence by
Bit0, bit1 ..., totally 20 bits are formed bit19.
In a specific example, after the first object SDU is sent to the rrc layer of the UE described in step 402,
Further include the unshowned steps 403 of Fig. 4 ' and 403 ":
403 ', the PDCP layers of the UE carry out completeness check based on the protection algorithm integrallty to the SDU received,
And the SDU is decrypted based on the Encryption Algorithm after verifying successfully;
403 ", the SDU after decryption is sent to the rrc layer of base station by the PDCP layers of the UE.
Based on above-mentioned Fig. 4 each embodiments being related to it is found that AS safety mode process in LTE system disclosed in above-described embodiment
Optimization method is described by executive agent of UE, and in the PDCP layers of UE, whether the MAC-I domain informations for the SDU that base station is sent are empty
Or zero for SecurityModeCommand message to determine whether carry out Row control, avoids leading to message due to misrecognition
Abandoning and cannot being decrypted in time leads to problems such as source codec fail caused call loss.
Further, AS safety mode process optimization methods in LTE system disclosed in above-described embodiment, in the PDCP of UE
Layer, according to the corresponding bit sequences of the SDU of SecurityModeCommand message, parses SecurityModeCommand and disappears
Encryption Algorithm and protection algorithm integrallty in breath carry out Row control, avoid message being caused to abandon and cannot due to misrecognition
Being decrypted in time leads to problems such as source codec fail caused call loss.
According to 36.331 agreements of 3GPP TS, code requirement X.691 middle non-alignment Packed Encoding Rules (Unaligned
Packet Edcoding Rules, U-PER) coded format the ASN.1 RRC informations described are encoded.Therefore, PDCP
Layer directly can perform Security Mode Command and Security Mode according to the PER coding rules of ASN.1
The ASN.1 decodings of the two message of Complete, are not longer notified about rrc layer and this two message are decoded, reduce agreement interlayer
Interaction, improve equipment operating efficiency, ensure security process come into force in time at PDCP layers.
During specific implementation, bit offsets are carried out to the SDU on PDCP layers of SRB1 according to the protocol version of UE, in uplink
ENodeB sides only judge type of message, in downlink UE sides, after judging type of message, identify the integrity protection used and encryption
Algorithm.
In 36.331 agreements of 3GPP TS, uplink SecurityModeComplete and SecurityModeFailure
The two message are defined as follows underscore part in code:
According to the ASN.1 coding rules of PER, UL-DCCH-MessageType is CHOICE types, adds up to 2 kinds of selections,
It is indicated with 1 bit.First item c1 is wherein selected, therefore, bit0 is 0 (since 0).C1 is CHOICE types, is amounted to
There are 16 kinds of selections, be indicated with 4 bits, wherein:SecurityModeComplete is the 5th (since 0), therefore
Bit1 to bit4 is 0101;SecurityModeFailure is the 6th (since 0), therefore bit1 to bit4 is 0110.
Therefore, the PDCP layers of eNodeB sides when receiving upstream message, judge the bit2 to bit4 of SDU, if value is 5,
For SecurityModeComplete message, completeness check is proceeded by, and the message to subsequently receiving carries out integrality school
It tests and possible encryption.If value is 6, it is SecurityModeFailure message, does not restart completeness check.
Dashed part in the following code of downlink securityModeCommand message definitions:
According to the ASN.1 coding rules of PER, DL-DCCH-Message is CHOICE types, 2 kinds of selections is added up to, with 1
A bit is indicated.First item c1 is wherein selected, therefore, bit0 is 0 (since 0).C1 is CHOICE types, adds up to 16
Kind selection, is indicated with 4 bits, wherein:SecurityModeCommand is the 6th (since 0), therefore bit1 is extremely
Bit4 is 0110.
SecurityModeCommand is defined as follows:
Wherein, dashed part:RRC-TransactionIdentifier represents (Bit5 to Bit6) using 2 bit.
RRC-TransactionIdentifier is defined as follows:
RRC-TransactionIdentifier::=INTEGER (0..3).
Wherein, criticalExtensions is CHOICE types, adds up to 2 kinds of selections, is indicated with 1 bit
(bit7).Wherein selection first item c1, c1 are CHOICE types, add up to 4 kinds of selections, are indicated that (bit8 is extremely with 2 bits
bit9)。
Wherein, SecurityModeCommand-r8-Ies is defined as follows:
As it can be seen that SecurityModeCommand-r8-Ies there are OPTIONAL options, 1 bit (bit10) is occupied.Wherein,
SecurityConfigSMC is defined as follows:
As it can be seen that SecurityConfigSMC occupies 1bit extension bits (bit11).Wherein,
SecurityAlgorithmConfig is defined as follows:
Wherein, cipheringAlgorithm uses 4 bit, integrityProtAlgorithm to use 4 bit,
Middle extension flag is 0.(bit12 is extension flag position, and bit13 starts 3 bit as Encryption Algorithm, and bit16 is extension flag position,
Bit17 starts 3 bit as protection algorithm integrallty).
Such as:Downlink securityModeCommand message is filled in as follows, is encoded to:0x300x03 0x20, wherein the 3rd
Rear 4 bit of a byte are filling Pad, and coding occupies 3 bytes.
Therefore, the PDCP layers of UE sides when receiving downstream message, judge the bit2 to bit4 of SDU, if value is 6, are
SecurityModeCommand message needs to continue to parse Encryption Algorithm (bit13 to bit15) and integrality in message and calculates
Method (bit17 to bit19) according to algorithm computation key, proceeds by completeness check, and the message to subsequently receiving has carried out
Whole property verification and possible encryption.
Based on above-mentioned analysis, as shown in figure 5, the present embodiment discloses AS safety mode process optimization side in a kind of LTE system
Method, it may include following steps 501~503 and the unshowned steps 500 and 500 ' in the prior art of Fig. 5:
500th, the rrc layer of base station according to the security capabilities of the target UE got in advance (Safe CAPacity,
SCAP) and the target UE support optimization algorithm list (Prioritization Algorithm List, PAL), selection
The target Encryption Algorithm and target integrity protection algorism that access layer AS is used.
500 ', the rrc layer of base station is based on the target Encryption Algorithm and target integrity protection algorism, assembles safe mode
The corresponding target SDU of command messages.
501st, PDCP layers of the Packet Data Convergence Protocol of base station is sent in the radio resource control RRC layer for receiving base station
After the corresponding target service data cell S DU of Security Mode Command message, increase in the MAC-I domains of the target SDU default
Information obtains first object SDU.
502nd, the first object SDU is sent to target UE UE by the PDCP layers of base station, so that the target UE
The corresponding second target SDU of feedback security Pattern completion message.
503rd, the PDCP layers of base station are after the SDU that the target UE is sent is received, based on the corresponding bit sequences of the SDU
Row, determine whether the SDU is the second target SDU, realize the optimization of access layer AS safety mode process.
It should be noted that the present embodiment only gives the step of optimization of AS safety mode process is related to, remaining step can
Referring to AS safety mode process in the prior art, the present embodiment repeats no more.
Compared with prior art, AS safety mode process optimization methods in the LTE system that the present embodiment proposes, the PDCP of base station
The corresponding bit sequences of SDU that layer is sent based on UE, to determine whether the SDU that UE is sent is that safe mode completion message is corresponding
SDU, whether the SDU for overcoming the PDCP layer None- identifieds UE transmissions of base station in the prior art is that safe mode completes message correspondence
SDU, avoid due to misrecognition lead to problems such as message abandon and cannot be decrypted in time causes source codec unsuccessfully to cause
Call loss.
In a specific example, based on the corresponding bit sequences of the SDU described in step 503, determine the SDU whether be
The second target SDU, including:
The PDCP layers of base station judge whether bit1 to bit4 is 0110 in the corresponding bit sequences of the SDU;The bit sequence
It arranges by bit0, bit1 ..., totally 20 bits are formed bit19;If 0110, then the PDCP layers of base station judge the SDU for described the
Two target SDU.
In a specific example, if bit1 to bit4 is not in the corresponding bit sequences of the SDU in step 503
0110, then the SDU is sent to the rrc layer of base station by the PDCP layers of base station, and non-dropped.
In a specific example, the PDCP layers of base station described in step 503 judge that the SDU is the second target SDU
Afterwards, the unshowned steps 504 of Fig. 3 and 505 are further included:
504th, the PDCP layers of base station extract the Encryption Algorithm carried in the second target SDU and protection algorithm integrallty.
505th, the PDCP layers of base station are based on the protection algorithm integrallty and carry out integrality school to the second target SDU
It tests, and after verifying successfully, the second target SDU is sent to the rrc layer of base station.
In a specific example, the PDCP layers of base station described in step 504 extract what is carried in the second target SDU
Encryption Algorithm and protection algorithm integrallty, including:
Value of the PDCP layers of base station based on the bit13 to bit15 in the corresponding bit sequences of the second target SDU, really
Determine protection algorithm integrallty;And based on the value of bit17 to bit19, determine Encryption Algorithm;Wherein, the bit sequence is by bit0,
Bit1 ..., totally 20 bits are formed bit19.
In a specific example, after the second target SDU is sent to the rrc layer of base station described in step 505, also
Including the unshowned steps 506 of Fig. 3 and 507:
506th, the PDCP layers of base station carry out completeness check based on the protection algorithm integrallty to the SDU received, and
The SDU is decrypted based on the Encryption Algorithm after verifying successfully.
507th, the SDU after decryption is sent to the rrc layer of base station by the PDCP layers of base station.
Based on above-mentioned Fig. 5 each embodiments being related to it is found that AS safety mode process in LTE system disclosed in above-described embodiment
Optimization method is described by executive agent of base station, and according to the ASN.1 coding rules of PER, the PDCP layers in base station are sent out based on UE
The corresponding bit sequences of SDU that send are avoided to determine whether carry out Row control for SecurityModeComplete message
Due to misrecognition lead to problems such as message abandon and cannot be decrypted in time source codec is caused to fail caused by call loss.
Further, AS safety mode process optimization methods, the PDCP in base station in LTE system disclosed in above-described embodiment
Layer, according to the corresponding bit sequences of the SDU of SecurityModeComplete message, parses SecurityModeComplete
Encryption Algorithm and protection algorithm integrallty in message carry out Row control, avoid message being caused to abandon and not due to misrecognition
Can be decrypted in time leads to problems such as source codec fail caused call loss.
Based on the inventive concept identical with each embodiment that above-mentioned Fig. 5 is related to, as shown in fig. 6, the present embodiment discloses one kind
AS safety mode process optimization method in LTE system, this method include the following steps 601 to 604 using UE as executive agent:
601st, for UE after the SDU for receiving target BS transmission, the PDCP layers of the UE are based on the corresponding bit sequences of the SDU
Row, determine whether the SDU is the corresponding first object SDU of Security Mode Command message;
602nd, if it is determined that the SDU is the first object SDU, then the PDCP layers of the UE send out the first object SDU
The rrc layer of the UE is sent to, so that after the corresponding target SDU of rrc layer feedback security Pattern completion message of the UE;
603rd, after the target SDU that the PDCP layers of the UE are sent in the rrc layer for receiving the UE, in the target SDU
MAC-I domains in increase presupposed information, obtain the second target SDU;
604th, the second target SDU is sent to the target BS by the PDCP layers of the UE, realizes access layer AS peaces
Syntype process optimization.
It should be noted that the present embodiment only gives the step of optimization of AS safety mode process is related to, remaining step can
Referring to AS safety mode process in the prior art, the present embodiment repeats no more.
Compared with prior art, AS safety mode process optimization methods in the LTE system that the present embodiment proposes, the PDCP layers of UE
Based on the corresponding bit sequences of SDU that base station is sent, to determine whether the SDU that base station is sent is that Security Mode Command message corresponds to
SDU, overcome UE in the prior art PDCP layer None- identifieds base station send SDU whether be Security Mode Command message pair
The SDU answered is avoided leading to message discarding due to misrecognition and cannot be decrypted in time is caused source codec unsuccessfully to draw
The call loss risen.
In a specific example, in step 602 if it is determined that the SDU is for the first object SDU, then the UE
The PDCP layers of rrc layer that the first object SDU is sent to the UE, and non-dropped.
In a specific example, the first object SDU is sent to the UE by the PDCP layers of UE described in step 602
Rrc layer before, ' and 602 " that further include unshowned step 602 in Fig. 6:
602 ', the PDCP layers of the UE extract the Encryption Algorithm carried in the first object SDU and integrity protection is calculated
Method;
602 ", the PDCP layers of the UE are based on the protection algorithm integrallty and carry out integrality to the first object SDU
Verification;
Correspondingly, the first object SDU is sent to the rrc layer of the UE by the PDCP layers of UE described in step 602, packet
It includes:
The PDCP layers of the UE are sent to institute after being verified successfully to the first object SDU, by the first object SDU
State the rrc layer of UE.
The PDCP layers of in a specific example, the step 602 ' UE extract what is carried in the first object SDU
Encryption Algorithm and protection algorithm integrallty, including:
Value of the PDCP layers of the UE based on the bit13 to bit15 in the corresponding bit sequences of the first object SDU,
Determine protection algorithm integrallty;And based on the value of bit17 to bit19, determine Encryption Algorithm;Wherein, the bit sequence by
Bit0, bit1 ..., totally 20 bits are formed bit19.
In a specific example, after the first object SDU is sent to the rrc layer of the UE described in step 602,
Further include the unshowned steps 603 of Fig. 4 ' and 603 ":
603 ', the PDCP layers of the UE carry out completeness check based on the protection algorithm integrallty to the SDU received,
And the SDU is decrypted based on the Encryption Algorithm after verifying successfully;
603 ", the SDU after decryption is sent to the rrc layer of base station by the PDCP layers of the UE.
Based on above-mentioned Fig. 6 each embodiments being related to it is found that AS safety mode process in LTE system disclosed in above-described embodiment
Optimization method is described by executive agent of UE, according to the ASN.1 coding rules of PER, in the PDCP layers of UE, is sent based on base station
The corresponding bit sequences of SDU to determine whether carry out Row control for SecurityModeCommand message, avoid due to
Misrecognition, which leads to problems such as message abandon and cannot be decrypted in time, causes source codec to fail caused call loss.
Further, AS safety mode process optimization methods in LTE system disclosed in above-described embodiment, in the PDCP of UE
Layer, according to the corresponding bit sequences of the SDU of SecurityModeCommand message, parses SecurityModeCommand and disappears
Encryption Algorithm and protection algorithm integrallty in breath carry out Row control, avoid message being caused to abandon and cannot due to misrecognition
Being decrypted in time leads to problems such as source codec fail caused call loss.
Based on each embodiment that above-mentioned Fig. 5 and Fig. 6 are related to, Fig. 7 shows that a kind of AS safety mode process Signalling exchange shows
It is intended to, including step 1~step 3, is described as follows:
Step 1:The rrc layer of eNodeB is selected according to UE security capabilities and the algorithm list itself supported according to priority
AS layers of Encryption Algorithm and protection algorithm integrallty, assembling safe mode Security Mode Command message are sent out to UE
It send, the AS layer Encryption Algorithm and protection algorithm integrallty of eNodeB selections is included in this message.The PDCP layers of eNodeB are to this
Message carries out integrity protection, in message SDU ends addition MAC-I domains, and starts to start the encryption of down direction RRC information
Protection.
Step 2:The PDCP layers of UE are received after the SDU that bottom is submitted, after removing PDCP protocol layer heads, according to downlink SDU
After middle bit1 to bit4 determines whether safe mode Security Mode Command message for 0110, according in downlink SDU
Bit13 to bit15 and bit17 to bit19 determines that integrity protection and Encryption Algorithm calculate AS layers of tegrity protection key
And encryption key, and completeness check is carried out to this message, after verification passes through, notify the rrc layer of UE and open downlink peace
Quan Xing.Rrc layer returns to AS layers of safe mode command and completes Security Mode Complete message.UE carries out this message
Uplink safety is opened after eNodeB is issued after integrity protection.
Step 3:The PDCP layers of eNodeB are received after the SDU that bottom is submitted, after removing PDCP protocol layer heads, according to uplink
Bit1 to bit4 determines whether safe mode SecurityModeComplete message for 0110 and verifies that it is complete in SDU
Property, if be proved to be successful, eNodeB opens uplink safety.
Based on above-mentioned steps 1~3, it is known that, for 1 problem of scene of appearance, the PDCP layers of eNodeB are according to bit
Offset parsing the non-SecurityModeComplete of the message, can directly be submitted to rrc layer, avoid by the message (such as
TAU_CMP message) it abandons.For 2 problem of scene, the PDCP of UE identifies Security Mode Command message
Afterwards, the Encryption Algorithm and protection algorithm integrallty of use are further identified, to what is received
RRCConnectionReconfiguration message is directly decrypted and completeness check and reports the rrc layer message.
Each embodiment that 3~Fig. 5 of complex chart is related to, it is known that, compared to the prior art,
(1) embodiment of the present invention avoids judging by accident and handles call loss caused by mistake, improves KPI and user perceives.
The processing mode of the prior art:
In the prior art, PDCP None- identifieds go out Security Mode Command and SecurityModeComplete
Message causes UE and eNodeB that can abandon message, call flow is caused unsuccessfully to cause call loss.
The processing mode of the embodiment of the present invention:
By PDCP layers identify Security Mode Command and SecurityModeComplete message, UE or
Person eNodeB will not abandon message, ensure that call flow correctly carries out.
(2) lifting means of embodiment of the present invention operational efficiency reduces unnecessary agreement interlayer interaction and software distribution.
The processing mode of the prior art:
The RRC information of control plane needs to carry out ASN1 encoding and decoding, and the integrity protection and encryption and decryption of RRC information are in PDCP
Layer performs, since the parameter configuration for carrying out integrity protection and encryption and decryption needs in Security Mode Command message
PDCP layers are notified after rrc layer parsing, and therefore, two the protocol layers PDCP and RLC of UE or eNodeB is ensure correct activation peace
Full configuration, needs repeatedly to carry out agreement interlayer interacting message, and if complete ASN decodings library is transplanted to L2 protocol stack moulds
Block, code segment increases and operational efficiency is low, software distribution module redundancy.
The processing mode of the embodiment of the present invention:
Efficient identification type of message and security parameter are matched in a manner that the SDU received to SRB1 carries out bit offset comparison
It puts.Simplify the interaction of agreement interlayer, reduce soft distribution redundancy, promote software operation efficiency.It reduces by two message and hands in downlink UE sides
Mutually, a piece of news interaction is reduced in uplink eNodeB sides.
It will be appreciated by those of skill in the art that although some embodiments described herein include being wrapped in other embodiments
The certain features rather than other feature included, but the combination of the feature of different embodiment mean in the scope of the present invention it
It is interior and form different embodiments.
It will be understood by those skilled in the art that each step in embodiment can with hardware realization or at one or
The software module run on the multiple processors of person is realized or is realized with combination thereof.Those skilled in the art should manage
Solution, can realize according to embodiments of the present invention one using microprocessor or digital signal processor (DSP) in practice
The some or all functions of a little or whole components.The present invention is also implemented as performing method as described herein
Some or all equipment or program of device (for example, computer program and computer program product).
Although being described in conjunction with the accompanying embodiments of the present invention, those skilled in the art can not depart from this hair
Various modifications and variations are made in the case of bright spirit and scope, such modifications and variations are each fallen within by appended claims
Within limited range.
Claims (20)
1. a kind of AS safety mode process optimization method in LTE system, which is characterized in that including:
PDCP layers of safe mode sent in the radio resource control RRC layer for receiving base station of Packet Data Convergence Protocol of base station
After the corresponding target service data cell S DU of command messages, increase presupposed information in the MAC-I domains of the target SDU, obtain
First object SDU;
The first object SDU is sent to target UE UE by the PDCP layers of base station, so that the target UE feedback securities
The corresponding second target SDU of Pattern completion message;
The PDCP layers of base station are after the SDU that the target UE is sent is received, the MAC-I domain informations based on the SDU, and determining should
Whether SDU is the second target SDU, realizes the optimization of access layer AS safety mode process.
2. according to the method described in claim 1, it is characterized in that, the MAC-I domain informations based on the SDU, determine the SDU
Whether it is the second target SDU, including:
The PDCP layers of base station judge whether the MAC-I domain informations of the SDU are empty or zero;
If the MAC-I domain informations of the SDU are neither also not zero for sky, the PDCP layers of base station judge that the SDU is second mesh
Mark SDU.
3. according to the method described in claim 2, it is characterized in that, the PDCP layers of the base station judge that the SDU is described second
After target SDU, further include:
The PDCP layers of base station extract the Encryption Algorithm carried in the second target SDU and protection algorithm integrallty;
The PDCP layers of base station are based on the protection algorithm integrallty and carry out completeness check to the second target SDU, and in school
After testing successfully, the second target SDU is sent to the rrc layer of base station.
4. the according to the method described in claim 3, it is characterized in that, RRC that the second target SDU is sent to base station
After layer, further include:
The PDCP layers of base station carry out the SDU that receives completeness check based on the protection algorithm integrallty, and verification into
The SDU is decrypted based on the Encryption Algorithm after work(;
SDU after decryption is sent to the rrc layer of base station by the PDCP layers of base station.
5. according to the method described in claim 3, it is characterized in that, the PDCP layers of the base station extract the second target SDU
The Encryption Algorithm and protection algorithm integrallty of middle carrying, including:
Value of the PDCP layers of base station based on the bit13 to bit15 in the corresponding bit sequences of the second target SDU, has determined
Whole property protection algorism;And based on the value of bit17 to bit19, determine Encryption Algorithm;
Wherein, the bit sequence is by bit0, and totally 20 bits are formed by bit1 ..., bit19.
6. if according to the method described in claim 2, it is characterized in that, the MAC-I domain informations of the SDU are empty or zero, base station
PDCP layers the SDU is sent to the rrc layer of base station.
7. a kind of AS safety mode process optimization method in LTE system, which is characterized in that including:
UE is after the SDU for receiving target BS transmission, MAC-I domain information of the PDCP layers based on the SDU of the UE, and determining should
Whether SDU is the corresponding first object SDU of Security Mode Command message;
If it is determined that the SDU is the first object SDU, then the first object SDU is sent to described by the PDCP layers of the UE
The rrc layer of UE, so that after the corresponding target SDU of rrc layer feedback security Pattern completion message of the UE;
After the target SDU that the PDCP layers of the UE are sent in the rrc layer for receiving the UE, in the MAC-I domains of the target SDU
Middle increase presupposed information obtains the second target SDU;
The second target SDU is sent to the target BS by the PDCP layers of the UE, realizes access layer AS safe mode mistakes
Cheng Youhua.
8. the method according to the description of claim 7 is characterized in that the PDCP layers of the UE send the first object SDU
To before the rrc layer of the UE, further include:
The PDCP layers of the UE extract the Encryption Algorithm carried in the first object SDU and protection algorithm integrallty;
The PDCP layers of the UE are based on the protection algorithm integrallty and carry out completeness check to the first object SDU;
Correspondingly, the first object SDU is sent to the rrc layer of the UE by the PDCP layers of the UE, including:
The PDCP layers of the UE are sent to the UE after being verified successfully to the first object SDU, by the first object SDU
Rrc layer.
9. according to the method described in claim 8, it is characterized in that, described be sent to the UE's by the first object SDU
After rrc layer, further include:
The PDCP layers of the UE carry out completeness check, and verifying based on the protection algorithm integrallty to the SDU received
The SDU is decrypted based on the Encryption Algorithm after success;
SDU after decryption is sent to the rrc layer of base station by the PDCP layers of the UE.
10. method according to claim 7, which is characterized in that if it is determined that the SDU is not the first object SDU, then it is described
The first object SDU is sent to the rrc layer of the UE by the PDCP layers of UE.
11. a kind of AS safety mode process optimization method in LTE system, which is characterized in that including:
After the corresponding target SDU of Security Mode Command message that the PDCP layers of base station are sent in the rrc layer for receiving base station, in institute
Stating in the MAC-I domains of target SDU increases presupposed information, obtains first object SDU;
The first object SDU is sent to target UE by the PDCP layers of base station, so that the target UE feedback security Pattern completions
The corresponding second target SDU of message;
The PDCP layers of base station are after the SDU that the target UE is sent is received, and based on the corresponding bit sequences of the SDU, determining should
Whether SDU is the second target SDU, realizes the optimization of access layer AS safety mode process.
12. according to the method for claim 11, which is characterized in that described based on the corresponding bit sequences of the SDU, determining should
Whether SDU is the second target SDU, including:
The PDCP layers of base station judge whether bit1 to bit4 is 0110 in the corresponding bit sequences of the SDU;The bit sequence by
Bit0, bit1 ..., totally 20 bits are formed bit19;
If 0110, then the PDCP layers judgement of the base station SDU is the second target SDU.
13. according to the method for claim 12, which is characterized in that the PDCP layers of the base station judge that the SDU is described the
After two target SDU, further include:
The PDCP layers of base station extract the Encryption Algorithm carried in the second target SDU and protection algorithm integrallty;
The PDCP layers of base station are based on the protection algorithm integrallty and carry out completeness check to the second target SDU, and in school
After testing successfully, the second target SDU is sent to the rrc layer of base station.
14. according to the method for claim 13, which is characterized in that described that the second target SDU is sent to base station
After rrc layer, further include:
The PDCP layers of base station carry out the SDU that receives completeness check based on the protection algorithm integrallty, and verification into
The SDU is decrypted based on the Encryption Algorithm after work(;
SDU after decryption is sent to the rrc layer of base station by the PDCP layers of base station.
15. according to the method for claim 13, which is characterized in that the PDCP layers of the base station extract second target
The Encryption Algorithm and protection algorithm integrallty carried in SDU, including:
Value of the PDCP layers of base station based on the bit13 to bit15 in the corresponding bit sequences of the second target SDU, has determined
Whole property protection algorism;And based on the value of bit17 to bit19, determine Encryption Algorithm.
16. according to the method for claim 12, which is characterized in that if bit1 to bit4 in the corresponding bit sequences of the SDU
It is not 0110, then the SDU is sent to the rrc layer of base station by the PDCP layers of base station.
17. a kind of AS safety mode process optimization method in LTE system, which is characterized in that including:
For UE after the SDU for receiving target BS transmission, the PDCP layers of the UE are based on the corresponding bit sequences of the SDU, determine
Whether the SDU is the corresponding first object SDU of Security Mode Command message;
If it is determined that the SDU is the first object SDU, then the first object SDU is sent to described by the PDCP layers of the UE
The rrc layer of UE, so that after the corresponding target SDU of rrc layer feedback security Pattern completion message of the UE;
After the target SDU that the PDCP layers of the UE are sent in the rrc layer for receiving the UE, in the MAC-I domains of the target SDU
Middle increase presupposed information obtains the second target SDU;
The second target SDU is sent to the target BS by the PDCP layers of the UE, realizes access layer AS safe mode mistakes
Cheng Youhua.
18. according to the method for claim 17, which is characterized in that the PDCP layers of the UE send out the first object SDU
It is sent to before the rrc layer of the UE, further includes:
The PDCP layers of the UE extract the Encryption Algorithm carried in the first object SDU and protection algorithm integrallty;
The PDCP layers of the UE are based on the protection algorithm integrallty and carry out completeness check to the first object SDU;
Correspondingly, the first object SDU is sent to the rrc layer of the UE by the PDCP layers of the UE, including:
The PDCP layers of the UE are sent to the UE after being verified successfully to the first object SDU, by the first object SDU
Rrc layer.
19. according to the method for claim 18, which is characterized in that described that the first object SDU is sent to the UE
Rrc layer after, further include:
The PDCP layers of the UE carry out completeness check, and verifying based on the protection algorithm integrallty to the SDU received
The SDU is decrypted based on the Encryption Algorithm after success;
SDU after decryption is sent to the rrc layer of base station by the PDCP layers of the UE.
20. according to claim 17 the method, which is characterized in that if it is determined that the SDU is for the first object SDU, then institute
The first object SDU is sent to the rrc layer of the UE by the PDCP layers for stating UE.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611207413.2A CN108243144B (en) | 2016-12-23 | 2016-12-23 | Method for optimizing AS security mode process in L TE system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611207413.2A CN108243144B (en) | 2016-12-23 | 2016-12-23 | Method for optimizing AS security mode process in L TE system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108243144A true CN108243144A (en) | 2018-07-03 |
CN108243144B CN108243144B (en) | 2020-07-28 |
Family
ID=62703570
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611207413.2A Active CN108243144B (en) | 2016-12-23 | 2016-12-23 | Method for optimizing AS security mode process in L TE system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108243144B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20200169887A1 (en) * | 2017-06-16 | 2020-05-28 | Telefonaktiebolaget Lm Ericsson (Publ) | Systems and methods for the handling of data radio bearer integrity protection failure in nr |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1937487A (en) * | 2005-09-22 | 2007-03-28 | 北京三星通信技术研究有限公司 | LTE authentication and encryption method |
CN101742500A (en) * | 2010-01-21 | 2010-06-16 | 中兴通讯股份有限公司 | Method and system for deriving air interface secret key |
CN102625300A (en) * | 2011-01-28 | 2012-08-01 | 华为技术有限公司 | Generation method and device for key |
WO2016118298A1 (en) * | 2015-01-20 | 2016-07-28 | Sprint Communications Company L.P. | Computer system hardware validation for virtual communication network elements |
-
2016
- 2016-12-23 CN CN201611207413.2A patent/CN108243144B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1937487A (en) * | 2005-09-22 | 2007-03-28 | 北京三星通信技术研究有限公司 | LTE authentication and encryption method |
CN101742500A (en) * | 2010-01-21 | 2010-06-16 | 中兴通讯股份有限公司 | Method and system for deriving air interface secret key |
CN102625300A (en) * | 2011-01-28 | 2012-08-01 | 华为技术有限公司 | Generation method and device for key |
WO2016118298A1 (en) * | 2015-01-20 | 2016-07-28 | Sprint Communications Company L.P. | Computer system hardware validation for virtual communication network elements |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20200169887A1 (en) * | 2017-06-16 | 2020-05-28 | Telefonaktiebolaget Lm Ericsson (Publ) | Systems and methods for the handling of data radio bearer integrity protection failure in nr |
US11997738B2 (en) * | 2017-06-16 | 2024-05-28 | Telefonaktiebolaget Lm Ericsson (Publ) | Systems and methods for the handling of data radio bearer integrity protection failure in NR |
Also Published As
Publication number | Publication date |
---|---|
CN108243144B (en) | 2020-07-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101583231B1 (en) | Methods and apparatuses for enabling non-access stratum(nas) security in lte mobile units | |
US8743905B2 (en) | Method and apparatus for bundling and ciphering data | |
EP1855499A2 (en) | Method and apparatus for setting ciphering activation time in a wireless communications system | |
CN112738804B (en) | Safety protection method and device | |
EP2628328B1 (en) | Dynamic content-based ciphering on a control channel | |
CN109155704A (en) | The triggering of short delay Fast retransmission | |
CN102857920A (en) | Processing method and device for downlink signal messages by terminal side of LTE (long term evolution) system | |
JP5739006B2 (en) | Method and apparatus for sending and receiving secure and non-secure data | |
CN110995750B (en) | Terminal device | |
KR20080037582A (en) | Method and apparatus for handling protocol error in a wireless communications system | |
US11722890B2 (en) | Methods and systems for deriving cu-up security keys for disaggregated gNB architecture | |
TWI452887B (en) | Method and apparatus for performing ciphering in a wireless communications system | |
WO2010069249A1 (en) | Method, device and user equipment for false alarm verification | |
CN108243144A (en) | AS safety mode process optimization method in a kind of LTE system | |
CN110636507A (en) | Communication method and device | |
KR20080039322A (en) | Method and apparatus for handling protocol error in a wireless communications system | |
CN112654046A (en) | Method and device for registration | |
US8631313B2 (en) | Method of error detection for wireless transmission | |
US11363461B2 (en) | Method for managing security key of mobile communication system, and apparatus therefor | |
CN116420413A (en) | Unequal protection of data streams | |
CN109698817B (en) | Data processing method and device | |
CN115866588B (en) | Safe activation message concurrency method | |
KR20080053230A (en) | Method and apparatus for handling reordering in a wireless communications system | |
CN109412760B (en) | Uplink feedback method, device and computer readable storage medium | |
WO2024087038A1 (en) | Communication method and communication apparatus |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |