CN108243144A - AS safety mode process optimization method in a kind of LTE system - Google Patents

AS safety mode process optimization method in a kind of LTE system Download PDF

Info

Publication number
CN108243144A
CN108243144A CN201611207413.2A CN201611207413A CN108243144A CN 108243144 A CN108243144 A CN 108243144A CN 201611207413 A CN201611207413 A CN 201611207413A CN 108243144 A CN108243144 A CN 108243144A
Authority
CN
China
Prior art keywords
sdu
target
pdcp layers
base station
sent
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611207413.2A
Other languages
Chinese (zh)
Other versions
CN108243144B (en
Inventor
程岳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Datang Mobile Communications Equipment Co Ltd
Original Assignee
Datang Mobile Communications Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Datang Mobile Communications Equipment Co Ltd filed Critical Datang Mobile Communications Equipment Co Ltd
Priority to CN201611207413.2A priority Critical patent/CN108243144B/en
Publication of CN108243144A publication Critical patent/CN108243144A/en
Application granted granted Critical
Publication of CN108243144B publication Critical patent/CN108243144B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/06Notations for structuring of protocol data, e.g. abstract syntax notation one [ASN.1]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/02Data link layer protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/08Access point devices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention discloses AS safety mode process optimization method, this method in a kind of LTE system and includes:After the corresponding target SDU of Security Mode Command message that the PDCP layers of base station are sent in the rrc layer for receiving base station, increase presupposed information in the MAC I domains of target SDU, it obtains first object SDU and is sent to target UE, so that the corresponding second target SDU of target UE feedback security Pattern completion message;For the PDCP layers of base station after the SDU for receiving target UE transmissions, the MAC I domain informations based on the SDU determine whether the SDU is the second target SDU, realize the optimization of AS safety mode process.MAC I domain information of the PDCP layers of base station of the present invention based on SDU, determine whether the SDU that UE is sent is that safe mode completes the corresponding SDU of message, avoid due to misrecognition lead to problems such as message abandon and cannot be decrypted in time source codec is caused to fail caused by call loss.

Description

AS safety mode process optimization method in a kind of LTE system
Technical field
The present invention relates to fields of communication technology, and in particular to AS safety mode process optimization method in a kind of LTE system.
Background technology
For LTE (Long Term Evolution, long term evolution) system it is safe the characteristics of, AS (Access Stratum, access layer) it needs to carry out safe mode command activation and safeguard protection.In AS security mode command procedures, base station (eNodeB) and user equipment (User Equipment, UE) both ends negotiate AS algorithms and calculate AS tegrity protection keys and Encryption key, and start integrity protection and encryption.Integrity protection may insure message content that receiving terminal receives not by Third party distorts, and the message content that encipherment protection can send sender changes thus cannot be by addition to intended recipient Third party knows the real content to be expressed of message.
In LTE system chain of command agreement stack, the UU protocol stacks of the interface between UE and eNodeB are divided into physical layer (Layer1, L1), medium access control (Medium Access Control, MAC) layer, wireless spread-spectrum technology (Radio Link Control, RLC) layer and Packet Data Convergence Protocol (Packet Data Convergence Protocol, PDCP) layer, nothing Line resources control (Radio Resource Control, RRC) layer.It is assisted according to 3GPP TS 36.331 and 3GPP TS 36.323 View requirement, the RRC information of control plane are needed to carry out ASN.1 encoding and decoding, be performed in rrc layer, and rrc layer carries out ASN.1 and compiles solution at present UU mouthfuls, S1 mouthfuls of (eNodeB and core net CN are generally carried out using the third party software of outsourcing or independent software module during code Between interface) and X2 mouthfuls of (interface between eNodeB) all control plane message encoding and decoding.But the integrality of RRC information Protection and encryption and decryption are in PDCP layers of execution.
AS safety mode process is initiated by eNodeB, and the description of chapters and sections is activated according to 36.331 protocol securities of 3GPP TS, Fig. 2 shows AS safety mode process, include the following steps 1~step 3:
Step 1:The rrc layer of eNodeB is selected according to UE security capabilities and the algorithm list itself supported according to priority The Encryption Algorithm and protection algorithm integrallty of AS, assembling safe mode command (Security Mode Command) message to UE is sent, and the AS Encryption Algorithm and protection algorithm integrallty of eNodeB selections are included in this message.The PDCP layers of eNodeB are right This message carries out integrity protection, is added at service data unit (Service Data Unit, SDU) end of message MAC-I (Message authentication code for data Integrity, the message as data integrity protection Authentication code) domain, and start to start the encipherment protection of down direction RRC information.
Step 2:The rrc layer of UE parses the message after receiving Security Mode Command message, is selected according to eNodeB The Encryption Algorithm and protection algorithm integrallty selected calculate AS tegrity protection keys and encryption key, notify the PDCP layers of UE Completeness check is carried out to this message, after verification passes through, the rrc layer of PDCP layers of notice UE verifies successfully and opens downlink safety Property.Rrc layer returns to safe mode to eNodeB and completes (Security Mode Complete) message, and PDCP layers to this message Integrity protection is carried out, in the SDU ends of message addition MAC-I domains, and using the RRC keys notified and corresponding algorithm to subsequent Uplink and downlink RRC information carry out integrity protection and encipherment protection.
Step 3:PDCP layers of notice verifies that its is complete after the rrc layer of eNodeB receives Security Mode Complete message Whole property, if be proved to be successful, rrc layer notifies that PDCP layers start to carry out integrity protection and decryption processing to subsequent upstream signaling.
Described in 36.323 agreements of 3GPP TS:Due to two Security Mode of the rrc layer of activation integrity protection Command and Security Mode Complete message needs to carry out integrity protection, but need before integrity protection is carried out Rrc layer is wanted to perform whether ASN.1 Decoding Analysis outbound message is Security Mode Command and Security Mode Complete message.I.e. the decoding of message is completed in rrc layer, but completeness check is completed at PDCP layers, and PDCP layers are not known conjunction It is suitable to start completeness check, rrc layer notice is completely dependent on, therefore, the activation of AS safety mode process needs rrc layer and PDCP layers Carrying out multiple interacting message could complete.
Radio bearer in LTE system can be divided into Data Radio Bearer (Data Radio Bearer, DRB) and signaling Wireless carrier (Signalling Radio Bearer, SRB), the Physical Downlink Shared Channel that DRB is distributed by eNodeB for it (Physical Downlink Shared Channel, PDSCH) is carried.There is three classes SRB in LTE system:SRB0, SRB1 and SRB2 is described as follows:
SRB0 carries RRC information, is mapped to common control channel (Common Control Channel, CCCH).
SRB1 carries RRC information, can also carry NAS message, be mapped to dedicated control channel (Dedicated Control Channel, DCCH).
SRB2 carries NAS message, is mapped to DCCH channels.
When the RRC connections of UE are not set up, RRC signaling is carried by SRB0;When SRB2 is not set up, NAS signaling is carried by SRB1.
Rrc layer carries out generally using the third party software of outsourcing or independent software module during ASN.1 encoding and decoding at present It is decoded.If complete ASN.1 decodings library is transplanted to layer 2 (Layer 2, L2) protocol stack module, code segment increase and Operational efficiency is low.In the realization of eNodeB in order to avoid rrc layer and PDCP layers multiple interaction and avoid calling ASN.1 decodings Library, it is believed that after SRB1 downlinks send Security Mode Command message, a piece of news that uplink SRB1 is received is Security Mode Complete message.But during existing network operation, scene 1 and scene 2 repeatedly occur leads to eNodeB Erroneous judgement.
Scene 1:When UE carries out tracing section updating (Tracking Area Update, TAU) process, in UE to core net When CN sends TAU_CMP message, eNodeB sends Security Mode Command message to UE, and TAU_ is received in eNodeB During CMP message, TAU_CMP message is mistakenly considered as Security Mode Complete message, but the agreement number of TAU_CMP message It is abandoned according to MAC-I is not carried in unit (Protocol Data Unit, PDU) by PDCP layers, leads to TAU procedure failures.I.e. The Security Mode Command message of eNodeB and the TAU_CMP message of UE mutually brush past and eNodeB are caused to judge by accident.
Scene 2:When UE access is to network, to reduce access delay, the foundation of safety mode process and SRB2 and DRB Process is substantially what is be carried out at the same time, and eNodeB first sends the message initiated safety mode process of Security Mode Command, with RRCConnectionReconfiguration message is sent afterwards to carry out establishing SRB2 and DRB.Message flow is as follows:
In base station side, PDCP layers carry out Security Mode Command message integrity protection, right RRCConnectionReconfiguration message carries out integrity protection and encipherment protection.In UE sides, PDCP layers first receive Security Mode Command message and be submitted to rrc layer carry out ASN.1 decodings when, PDCP layers receive again RRCConnectionReconfiguration message, but due to rrc layer at this time fail to give notice PDCP layers carry out integrity protection and RRCConnectionReconfiguration message is not decrypted for PDCP layers and is just submitted to rrc layer, caused by encryption/decryption parameter RRC correctly ASN.1 decodings cannot abandon the message.Lead to call drop, influence Key Performance Indicator (Key Performance Indicators, KPI) and user's perception.
By above description it is found that eNodeB and UE is when carrying out safety mode process, due to eNodeB's or UE PDCP layers are not know when to receive Security Mode Command and Security Mode Complete message, need Rrc layer carries out ASN.1 decodings and knows, notifies that PDCP layers carry out security verification and encryption, is needed between protocol layer interactive a plurality of Message is mutually notified.
Therefore, the realization of the agreement description of the prior art, has the disadvantages that:
1st, efficiency is low, starts safety mode process, needs rrc layer and PDCP layers of interaction message multiple.In large capacity base station Or calling busy, overhead increase, stabilization of equipment performance reduce.
2nd, due to carrying out ASN.1 decodings, after downlink sends out Security Mode Command message, uplink in rrc layer It can not determine when to receive Security Mode Complete message, NAS message is caused not carry MAC-I and lost by PDCP layers It abandons, causes call loss.
3rd, it due to carrying out ASN.1 decodings in rrc layer, receives in downlink and exists including Security Mode Command message During interior multiple messages, message after Security Mode Command can be caused since PDCP layers are not decrypted and lead to rrc layer Decoding failure, causes call loss.
Invention content
In view of the above problems, the present invention proposes the one kind for overcoming the above problem or solving the above problems at least partly AS safety mode process optimization method in LTE system.
In a first aspect, the present invention proposes AS safety mode process optimization methods in a kind of LTE system, including:
PDCP layers of safety sent in the radio resource control RRC layer for receiving base station of Packet Data Convergence Protocol of base station After the corresponding target service data cell S DU of Mode Command Message, increase presupposed information in the MAC-I domains of the target SDU, Obtain first object SDU;
The first object SDU is sent to target UE UE by the PDCP layers of base station, so that the target UE is fed back Safe mode completes the corresponding second target SDU of message;
The PDCP layers of base station are after the SDU that the target UE is sent is received, the MAC-I domain informations based on the SDU, determine Whether the SDU is the second target SDU, realizes the optimization of access layer AS safety mode process.
Optionally, the MAC-I domain informations based on the SDU determine whether the SDU is the second target SDU, packet It includes:
The PDCP layers of base station judge whether the MAC-I domain informations of the SDU are empty or zero;
If the MAC-I domain informations of the SDU are neither also not zero for sky, the PDCP layers of base station judge that the SDU is described the Two target SDU.
Optionally, the PDCP layers of the base station judge the SDU after the second target SDU, to further include:
The PDCP layers of base station extract the Encryption Algorithm carried in the second target SDU and protection algorithm integrallty;
The PDCP layers of base station are based on the protection algorithm integrallty and completeness check are carried out to the second target SDU, and After verifying successfully, the second target SDU is sent to the rrc layer of base station.
Optionally, it is described the second target SDU is sent to the rrc layer of base station after, further include:
The PDCP layers of base station carry out completeness check, and in school based on the protection algorithm integrallty to the SDU received It tests and successfully the SDU is decrypted based on the Encryption Algorithm afterwards;
SDU after decryption is sent to the rrc layer of base station by the PDCP layers of base station.
Optionally, the PDCP layers of the base station extract the Encryption Algorithm carried in the second target SDU and integrality is protected Algorithm is protected, including:
Value of the PDCP layers of base station based on the bit13 to bit15 in the corresponding bit sequences of the second target SDU, really Determine protection algorithm integrallty;And based on the value of bit17 to bit19, determine Encryption Algorithm;
Wherein, the bit sequence is by bit0, and totally 20 bits are formed by bit1 ..., bit19.
Optionally, if the MAC-I domain informations of the SDU are sky or zero, which is sent to base station by the PDCP layers of base station Rrc layer.
Second aspect, the present invention also propose AS safety mode process optimization method in a kind of LTE system, including:
UE is after the SDU for receiving target BS transmission, MAC-I domain information of the PDCP layers based on the SDU of the UE, really Whether the fixed SDU is the corresponding first object SDU of Security Mode Command message;
If it is determined that the SDU is the first object SDU, then the first object SDU is sent to by the PDCP layers of the UE The rrc layer of the UE, so that after the corresponding target SDU of rrc layer feedback security Pattern completion message of the UE;
After the target SDU that the PDCP layers of the UE are sent in the rrc layer for receiving the UE, the target SDU's MAC-I increases presupposed information in domain, obtains the second target SDU;
The second target SDU is sent to the target BS by the PDCP layers of the UE, realizes the safe moulds of access layer AS Formula process optimization.
Optionally, it before the first object SDU is sent to the rrc layer of the UE by the PDCP layers of the UE, further includes:
The PDCP layers of the UE extract the Encryption Algorithm carried in the first object SDU and protection algorithm integrallty;
The PDCP layers of the UE are based on the protection algorithm integrallty and carry out completeness check to the first object SDU;
Correspondingly, the first object SDU is sent to the rrc layer of the UE by the PDCP layers of the UE, including:
The PDCP layers of the UE are sent to institute after being verified successfully to the first object SDU, by the first object SDU State the rrc layer of UE.
Optionally, it is described the first object SDU is sent to the rrc layer of the UE after, further include:
The PDCP layers of the UE carry out the SDU that receives completeness check based on the protection algorithm integrallty, and The SDU is decrypted based on the Encryption Algorithm after verifying successfully;
SDU after decryption is sent to the rrc layer of base station by the PDCP layers of the UE.
Optionally, however, it is determined that the SDU is for the first object SDU, then the PDCP layers of the UE are by the first object SDU is sent to the rrc layer of the UE.
The third aspect, the present invention also propose AS safety mode process optimization method in a kind of LTE system, including:
After the corresponding target SDU of Security Mode Command message that the PDCP layers of base station are sent in the rrc layer for receiving base station, Increase presupposed information in the MAC-I domains of the target SDU, obtain first object SDU;
The first object SDU is sent to target UE by the PDCP layers of base station, so that the target UE feedback security patterns Complete the corresponding second target SDU of message;
The PDCP layers of base station are after the SDU that the target UE is sent is received, based on the corresponding bit sequences of the SDU, really Whether the fixed SDU is the second target SDU, realizes the optimization of access layer AS safety mode process.
Optionally, it is described based on the corresponding bit sequences of the SDU, it determines whether the SDU is the second target SDU, wraps It includes:
The PDCP layers of base station judge whether bit1 to bit4 is 0110 in the corresponding bit sequences of the SDU;The bit sequence It arranges by bit0, bit1 ..., totally 20 bits are formed bit19;
If 0110, then the PDCP layers judgement of the base station SDU is the second target SDU.
Optionally, the PDCP layers of the base station judge the SDU after the second target SDU, to further include:
The PDCP layers of base station extract the Encryption Algorithm carried in the second target SDU and protection algorithm integrallty;
The PDCP layers of base station are based on the protection algorithm integrallty and completeness check are carried out to the second target SDU, and After verifying successfully, the second target SDU is sent to the rrc layer of base station.
Optionally, it is described the second target SDU is sent to the rrc layer of base station after, further include:
The PDCP layers of base station carry out completeness check, and in school based on the protection algorithm integrallty to the SDU received It tests and successfully the SDU is decrypted based on the Encryption Algorithm afterwards;
SDU after decryption is sent to the rrc layer of base station by the PDCP layers of base station.
Optionally, the PDCP layers of the base station extract the Encryption Algorithm carried in the second target SDU and integrality is protected Algorithm is protected, including:
Value of the PDCP layers of base station based on the bit13 to bit15 in the corresponding bit sequences of the second target SDU, really Determine protection algorithm integrallty;And based on the value of bit17 to bit19, determine Encryption Algorithm.
Optionally, if bit1 to bit4 is not 0110 in the corresponding bit sequences of the SDU, the PDCP layers of base station should SDU is sent to the rrc layer of base station.
Fourth aspect, the present invention also propose AS safety mode process optimization method in a kind of LTE system, including:
For UE after the SDU for receiving target BS transmission, the PDCP layers of the UE are based on the corresponding bit sequences of the SDU, Determine whether the SDU is the corresponding first object SDU of Security Mode Command message;
If it is determined that the SDU is the first object SDU, then the first object SDU is sent to by the PDCP layers of the UE The rrc layer of the UE, so that after the corresponding target SDU of rrc layer feedback security Pattern completion message of the UE;
After the target SDU that the PDCP layers of the UE are sent in the rrc layer for receiving the UE, the target SDU's MAC-I increases presupposed information in domain, obtains the second target SDU;
The second target SDU is sent to the target BS by the PDCP layers of the UE, realizes the safe moulds of access layer AS Formula process optimization.
Optionally, it before the first object SDU is sent to the rrc layer of the UE by the PDCP layers of the UE, further includes:
The PDCP layers of the UE extract the Encryption Algorithm carried in the first object SDU and protection algorithm integrallty;
The PDCP layers of the UE are based on the protection algorithm integrallty and carry out completeness check to the first object SDU;
Correspondingly, the first object SDU is sent to the rrc layer of the UE by the PDCP layers of the UE, including:
The PDCP layers of the UE are sent to institute after being verified successfully to the first object SDU, by the first object SDU State the rrc layer of UE.
Optionally, it is described the first object SDU is sent to the rrc layer of the UE after, further include:
The PDCP layers of the UE carry out the SDU that receives completeness check based on the protection algorithm integrallty, and The SDU is decrypted based on the Encryption Algorithm after verifying successfully;
SDU after decryption is sent to the rrc layer of base station by the PDCP layers of the UE.
Optionally, however, it is determined that the SDU is for the first object SDU, then the PDCP layers of the UE are by the first object SDU is sent to the rrc layer of the UE.
Compared with the prior art, AS safety mode process optimization methods, the PDCP of base station in LTE system proposed by the present invention MAC-I domain information of the layer based on the UE SDU sent, to determine whether the SDU that UE is sent is that safe mode completion message is corresponding SDU, whether the SDU for overcoming the PDCP layer None- identifieds UE transmissions of base station in the prior art is that safe mode completes message correspondence SDU, avoid due to misrecognition lead to problems such as message abandon and cannot be decrypted in time causes source codec unsuccessfully to cause Call loss.
Further, AS safety mode process optimization methods in LTE system proposed by the present invention, the PDCP layers of UE are based on base Stand send SDU MAC-I domain informations, come determine base station send SDU whether be the corresponding SDU of Security Mode Command message, Whether the SDU for overcoming the PDCP layer None- identifieds base station transmission of UE in the prior art is that Security Mode Command message is corresponding SDU is avoided caused by misrecognition leads to problems such as message abandon and cannot be decrypted in time source codec is caused to fail Call loss.
Further, AS safety mode process optimization methods in LTE system proposed by the present invention, the PDCP layers of base station are based on The corresponding bit sequences of SDU that UE is sent, to determine whether the SDU that UE is sent is that safe mode completes the corresponding SDU of message, gram Whether the SDU for having taken the PDCP layer None- identifieds UE transmissions of base station in the prior art is that safe mode completes the corresponding SDU of message, Avoid due to misrecognition lead to problems such as message abandon and cannot be decrypted in time source codec is caused to fail caused by call loss.
Further, AS safety mode process optimization methods in LTE system proposed by the present invention, the PDCP layers of UE are based on base Stand send the corresponding bit sequences of SDU, come determine base station send SDU whether be the corresponding SDU of Security Mode Command message, Whether the SDU for overcoming the PDCP layer None- identifieds base station transmission of UE in the prior art is that Security Mode Command message is corresponding SDU is avoided caused by misrecognition leads to problems such as message abandon and cannot be decrypted in time source codec is caused to fail Call loss.
Description of the drawings
Fig. 1 is LTE system control plane protocol stack structure schematic diagram in the prior art;
Fig. 2 is access layer AS safety mode process schematic diagram in the prior art;
Fig. 3 is AS safety mode process optimization method flow charts in a kind of LTE system that first embodiment of the invention provides;
Fig. 4 is AS safety mode process optimization method flow charts in a kind of LTE system that second embodiment of the invention provides;
Fig. 5 is AS safety mode process optimization method flow charts in a kind of LTE system that third embodiment of the invention provides;
Fig. 6 is AS safety mode process optimization method flow charts in a kind of LTE system that fourth embodiment of the invention provides;
Fig. 7 is a kind of AS safety mode process schematic diagram provided in an embodiment of the present invention.
Specific embodiment
Purpose, technical scheme and advantage to make the embodiment of the present invention are clearer, below in conjunction with the embodiment of the present invention In attached drawing, the technical solution in the embodiment of the present invention is explicitly described, it is clear that described embodiment be the present invention Part of the embodiment, instead of all the embodiments.
It should be noted that herein, " first " and " second " is used merely to distinguish identical title, without It is the relationship or sequence implied between these titles.
For the description of LTE system AS safety mode process activation, the key point of the flow is that PDCP layers are learned in time Security Mode the two message of Command and Security Mode Complete and security configuration parameter.
According to 36.331 agreements of 3GPP TS, Security Mode Command message is first progress of downlink SRB1 Integrity protection but not encrypted message, Security Mode Complete message are first progress integralities of SRB1 uplinks Protection but not encrypted message.
According to 36.323 agreements of 3GPP TS, when message does not carry out integrity protection, exist in the PDU of SRB MAC-I domains, but it is filled with full 0.
Therefore, in UE sides, PDCP layers when receiving the first non-zero message in MAC-I domains, are then regarded as the message Security Mode Command message while notice rrc layer is decoded, starts to cache the message of downlink, waits for RRC The processing of subsequent message is carried out after layer decoder result and the parameter of progress integrity protection again.For 2 problem of scene, RRCConnectionReconfiguration message is buffered, and decryption and integrality school are proceeded by after waiting for rrc layer notice It tests.
In eNodeB sides, after Security Mode Command message is sent out, first MAC-I is received at PDCP layers During the non-zero message in domain, then the message is regarded as into Security Mode Complete message, integrality is carried out to this message Rrc layer is submitted to after verification, completeness check is carried out to subsequent message and decryption processing is submitted to rrc layer again.Go out for scene 1 The problem of existing, TAU_CMP message does not carry MAC-I, and the PDCP layers of eNodeB can directly be submitted to rrc layer, avoid disappearing this Breath abandons.
Based on above-mentioned analysis, as shown in figure 3, the present embodiment discloses AS safety mode process optimization side in a kind of LTE system Method, it may include following steps 301~303 and the unshowned steps 300 and 300 ' in the prior art of Fig. 3:
300th, the rrc layer of base station according to the security capabilities of the target UE got in advance (Safe CAPacity, SCAP) and the target UE support optimization algorithm list (Prioritization Algorithm List, PAL), selection The target Encryption Algorithm and target integrity protection algorism that access layer AS is used.
300 ', the rrc layer of base station is based on the target Encryption Algorithm and target integrity protection algorism, assembles safe mode The corresponding target SDU of command messages.
301st, PDCP layers of the Packet Data Convergence Protocol of base station is sent in the radio resource control RRC layer for receiving base station After the corresponding target service data cell S DU of Security Mode Command message, increase in the MAC-I domains of the target SDU default Information obtains first object SDU.
302nd, the first object SDU is sent to target UE UE by the PDCP layers of base station, so that the target UE The corresponding second target SDU of feedback security Pattern completion message.
303rd, the PDCP layers of base station are after the SDU that the target UE is sent is received, the MAC-I domain informations based on the SDU, It determines whether the SDU is the second target SDU, realizes the optimization of access layer AS safety mode process.
It should be noted that the present embodiment only gives the step of optimization of AS safety mode process is related to, remaining step can Referring to AS safety mode process in the prior art, the present embodiment repeats no more.
Compared with prior art, AS safety mode process optimization methods in the LTE system that the present embodiment proposes, the PDCP of base station MAC-I domain information of the layer based on the UE SDU sent, to determine whether the SDU that UE is sent is that safe mode completion message is corresponding SDU, whether the SDU for overcoming the PDCP layer None- identifieds UE transmissions of base station in the prior art is that safe mode completes message correspondence SDU, avoid due to misrecognition lead to problems such as message abandon and cannot be decrypted in time causes source codec unsuccessfully to cause Call loss.
In a specific example, the MAC-I domain informations based on the SDU described in step 303, determine the SDU whether be The second target SDU, including:
The PDCP layers of base station judge whether the MAC-I domain informations of the SDU are empty or zero;If the MAC-I domain informations of the SDU are neither It is also not zero for sky, then the PDCP layers of base station judge that the SDU is the second target SDU.
In a specific example, if the MAC-I domain informations of the SDU are empty or zero, the PDCP of base station in step 303 The SDU is sent to the rrc layer of base station by layer, and non-dropped.
In a specific example, the PDCP layers of base station described in step 303 judge that the SDU is the second target SDU Afterwards, the unshowned steps 304 of Fig. 3 and 305 are further included:
304th, the PDCP layers of base station extract the Encryption Algorithm carried in the second target SDU and protection algorithm integrallty.
305th, the PDCP layers of base station are based on the protection algorithm integrallty and carry out integrality school to the second target SDU It tests, and after verifying successfully, the second target SDU is sent to the rrc layer of base station.
In a specific example, the PDCP layers of base station described in step 304 extract what is carried in the second target SDU Encryption Algorithm and protection algorithm integrallty, including:
Value of the PDCP layers of base station based on the bit13 to bit15 in the corresponding bit sequences of the second target SDU, really Determine protection algorithm integrallty;And based on the value of bit17 to bit19, determine Encryption Algorithm;Wherein, the bit sequence is by bit0, Bit1 ..., totally 20 bits are formed bit19.
In a specific example, after the second target SDU is sent to the rrc layer of base station described in step 305, also Including the unshowned steps 306 of Fig. 3 and 307:
306th, the PDCP layers of base station carry out completeness check based on the protection algorithm integrallty to the SDU received, and The SDU is decrypted based on the Encryption Algorithm after verifying successfully.
307th, the SDU after decryption is sent to the rrc layer of base station by the PDCP layers of base station.
Based on above-mentioned Fig. 3 each embodiments being related to it is found that AS safety mode process in LTE system disclosed in above-described embodiment Optimization method, using base station as executive agent describe, the PDCP layers in base station, by UE transmission SDU MAC-I domain informations whether be It is empty or zero for SecurityModeComplete message to determine whether carry out Row control, it avoids causing to disappear due to misrecognition Breath, which is abandoned and cannot be decrypted in time, leads to problems such as source codec fail caused call loss.
Further, AS safety mode process optimization methods, the PDCP in base station in LTE system disclosed in above-described embodiment Layer, according to the corresponding bit sequences of the SDU of SecurityModeComplete message, parses SecurityModeComplete Encryption Algorithm and protection algorithm integrallty in message carry out Row control, avoid message being caused to abandon and not due to misrecognition Can be decrypted in time leads to problems such as source codec fail caused call loss.
Based on the inventive concept identical with each embodiment that above-mentioned Fig. 3 is related to, as shown in figure 4, the present embodiment discloses one kind AS safety mode process optimization method in LTE system, this method include the following steps 401 to 404 using UE as executive agent:
401st, UE is after the SDU for receiving target BS transmission, MAC-I domain letter of the PDCP layers based on the SDU of the UE Breath, determines whether the SDU is the corresponding first object SDU of Security Mode Command message;
402nd, if it is determined that the SDU is the first object SDU, then the PDCP layers of the UE send out the first object SDU The rrc layer of the UE is sent to, so that after the corresponding target SDU of rrc layer feedback security Pattern completion message of the UE;
403rd, after the target SDU that the PDCP layers of the UE are sent in the rrc layer for receiving the UE, in the target SDU MAC-I domains in increase presupposed information, obtain the second target SDU;
404th, the second target SDU is sent to the target BS by the PDCP layers of the UE, realizes access layer AS peaces Syntype process optimization.
It should be noted that the present embodiment only gives the step of optimization of AS safety mode process is related to, remaining step can Referring to AS safety mode process in the prior art, the present embodiment repeats no more.
Compared with prior art, AS safety mode process optimization methods in the LTE system that the present embodiment proposes, the PDCP layers of UE MAC-I domain informations based on the SDU that base station is sent, to determine whether the SDU that base station is sent is that Security Mode Command message corresponds to SDU, overcome UE in the prior art PDCP layer None- identifieds base station send SDU whether be Security Mode Command message pair The SDU answered is avoided leading to message discarding due to misrecognition and cannot be decrypted in time is caused source codec unsuccessfully to draw The call loss risen.
In a specific example, in step 402 if it is determined that the SDU is for the first object SDU, then the UE The PDCP layers of rrc layer that the first object SDU is sent to the UE, and non-dropped.
In a specific example, the first object SDU is sent to the UE by the PDCP layers of UE described in step 402 Rrc layer before, ' and 402 " that further include unshowned step 402 in Fig. 4:
402 ', the PDCP layers of the UE extract the Encryption Algorithm carried in the first object SDU and integrity protection is calculated Method;
402 ", the PDCP layers of the UE are based on the protection algorithm integrallty and carry out integrality to the first object SDU Verification;
Correspondingly, the first object SDU is sent to the rrc layer of the UE by the PDCP layers of UE described in step 402, packet It includes:
The PDCP layers of the UE are sent to institute after being verified successfully to the first object SDU, by the first object SDU State the rrc layer of UE.
The PDCP layers of in a specific example, the step 402 ' UE extract what is carried in the first object SDU Encryption Algorithm and protection algorithm integrallty, including:
Value of the PDCP layers of the UE based on the bit13 to bit15 in the corresponding bit sequences of the first object SDU, Determine protection algorithm integrallty;And based on the value of bit17 to bit19, determine Encryption Algorithm;Wherein, the bit sequence by Bit0, bit1 ..., totally 20 bits are formed bit19.
In a specific example, after the first object SDU is sent to the rrc layer of the UE described in step 402, Further include the unshowned steps 403 of Fig. 4 ' and 403 ":
403 ', the PDCP layers of the UE carry out completeness check based on the protection algorithm integrallty to the SDU received, And the SDU is decrypted based on the Encryption Algorithm after verifying successfully;
403 ", the SDU after decryption is sent to the rrc layer of base station by the PDCP layers of the UE.
Based on above-mentioned Fig. 4 each embodiments being related to it is found that AS safety mode process in LTE system disclosed in above-described embodiment Optimization method is described by executive agent of UE, and in the PDCP layers of UE, whether the MAC-I domain informations for the SDU that base station is sent are empty Or zero for SecurityModeCommand message to determine whether carry out Row control, avoids leading to message due to misrecognition Abandoning and cannot being decrypted in time leads to problems such as source codec fail caused call loss.
Further, AS safety mode process optimization methods in LTE system disclosed in above-described embodiment, in the PDCP of UE Layer, according to the corresponding bit sequences of the SDU of SecurityModeCommand message, parses SecurityModeCommand and disappears Encryption Algorithm and protection algorithm integrallty in breath carry out Row control, avoid message being caused to abandon and cannot due to misrecognition Being decrypted in time leads to problems such as source codec fail caused call loss.
According to 36.331 agreements of 3GPP TS, code requirement X.691 middle non-alignment Packed Encoding Rules (Unaligned Packet Edcoding Rules, U-PER) coded format the ASN.1 RRC informations described are encoded.Therefore, PDCP Layer directly can perform Security Mode Command and Security Mode according to the PER coding rules of ASN.1 The ASN.1 decodings of the two message of Complete, are not longer notified about rrc layer and this two message are decoded, reduce agreement interlayer Interaction, improve equipment operating efficiency, ensure security process come into force in time at PDCP layers.
During specific implementation, bit offsets are carried out to the SDU on PDCP layers of SRB1 according to the protocol version of UE, in uplink ENodeB sides only judge type of message, in downlink UE sides, after judging type of message, identify the integrity protection used and encryption Algorithm.
In 36.331 agreements of 3GPP TS, uplink SecurityModeComplete and SecurityModeFailure The two message are defined as follows underscore part in code:
According to the ASN.1 coding rules of PER, UL-DCCH-MessageType is CHOICE types, adds up to 2 kinds of selections, It is indicated with 1 bit.First item c1 is wherein selected, therefore, bit0 is 0 (since 0).C1 is CHOICE types, is amounted to There are 16 kinds of selections, be indicated with 4 bits, wherein:SecurityModeComplete is the 5th (since 0), therefore Bit1 to bit4 is 0101;SecurityModeFailure is the 6th (since 0), therefore bit1 to bit4 is 0110.
Therefore, the PDCP layers of eNodeB sides when receiving upstream message, judge the bit2 to bit4 of SDU, if value is 5, For SecurityModeComplete message, completeness check is proceeded by, and the message to subsequently receiving carries out integrality school It tests and possible encryption.If value is 6, it is SecurityModeFailure message, does not restart completeness check.
Dashed part in the following code of downlink securityModeCommand message definitions:
According to the ASN.1 coding rules of PER, DL-DCCH-Message is CHOICE types, 2 kinds of selections is added up to, with 1 A bit is indicated.First item c1 is wherein selected, therefore, bit0 is 0 (since 0).C1 is CHOICE types, adds up to 16 Kind selection, is indicated with 4 bits, wherein:SecurityModeCommand is the 6th (since 0), therefore bit1 is extremely Bit4 is 0110.
SecurityModeCommand is defined as follows:
Wherein, dashed part:RRC-TransactionIdentifier represents (Bit5 to Bit6) using 2 bit. RRC-TransactionIdentifier is defined as follows:
RRC-TransactionIdentifier::=INTEGER (0..3).
Wherein, criticalExtensions is CHOICE types, adds up to 2 kinds of selections, is indicated with 1 bit (bit7).Wherein selection first item c1, c1 are CHOICE types, add up to 4 kinds of selections, are indicated that (bit8 is extremely with 2 bits bit9)。
Wherein, SecurityModeCommand-r8-Ies is defined as follows:
As it can be seen that SecurityModeCommand-r8-Ies there are OPTIONAL options, 1 bit (bit10) is occupied.Wherein, SecurityConfigSMC is defined as follows:
As it can be seen that SecurityConfigSMC occupies 1bit extension bits (bit11).Wherein, SecurityAlgorithmConfig is defined as follows:
Wherein, cipheringAlgorithm uses 4 bit, integrityProtAlgorithm to use 4 bit, Middle extension flag is 0.(bit12 is extension flag position, and bit13 starts 3 bit as Encryption Algorithm, and bit16 is extension flag position, Bit17 starts 3 bit as protection algorithm integrallty).
Such as:Downlink securityModeCommand message is filled in as follows, is encoded to:0x300x03 0x20, wherein the 3rd Rear 4 bit of a byte are filling Pad, and coding occupies 3 bytes.
Therefore, the PDCP layers of UE sides when receiving downstream message, judge the bit2 to bit4 of SDU, if value is 6, are SecurityModeCommand message needs to continue to parse Encryption Algorithm (bit13 to bit15) and integrality in message and calculates Method (bit17 to bit19) according to algorithm computation key, proceeds by completeness check, and the message to subsequently receiving has carried out Whole property verification and possible encryption.
Based on above-mentioned analysis, as shown in figure 5, the present embodiment discloses AS safety mode process optimization side in a kind of LTE system Method, it may include following steps 501~503 and the unshowned steps 500 and 500 ' in the prior art of Fig. 5:
500th, the rrc layer of base station according to the security capabilities of the target UE got in advance (Safe CAPacity, SCAP) and the target UE support optimization algorithm list (Prioritization Algorithm List, PAL), selection The target Encryption Algorithm and target integrity protection algorism that access layer AS is used.
500 ', the rrc layer of base station is based on the target Encryption Algorithm and target integrity protection algorism, assembles safe mode The corresponding target SDU of command messages.
501st, PDCP layers of the Packet Data Convergence Protocol of base station is sent in the radio resource control RRC layer for receiving base station After the corresponding target service data cell S DU of Security Mode Command message, increase in the MAC-I domains of the target SDU default Information obtains first object SDU.
502nd, the first object SDU is sent to target UE UE by the PDCP layers of base station, so that the target UE The corresponding second target SDU of feedback security Pattern completion message.
503rd, the PDCP layers of base station are after the SDU that the target UE is sent is received, based on the corresponding bit sequences of the SDU Row, determine whether the SDU is the second target SDU, realize the optimization of access layer AS safety mode process.
It should be noted that the present embodiment only gives the step of optimization of AS safety mode process is related to, remaining step can Referring to AS safety mode process in the prior art, the present embodiment repeats no more.
Compared with prior art, AS safety mode process optimization methods in the LTE system that the present embodiment proposes, the PDCP of base station The corresponding bit sequences of SDU that layer is sent based on UE, to determine whether the SDU that UE is sent is that safe mode completion message is corresponding SDU, whether the SDU for overcoming the PDCP layer None- identifieds UE transmissions of base station in the prior art is that safe mode completes message correspondence SDU, avoid due to misrecognition lead to problems such as message abandon and cannot be decrypted in time causes source codec unsuccessfully to cause Call loss.
In a specific example, based on the corresponding bit sequences of the SDU described in step 503, determine the SDU whether be The second target SDU, including:
The PDCP layers of base station judge whether bit1 to bit4 is 0110 in the corresponding bit sequences of the SDU;The bit sequence It arranges by bit0, bit1 ..., totally 20 bits are formed bit19;If 0110, then the PDCP layers of base station judge the SDU for described the Two target SDU.
In a specific example, if bit1 to bit4 is not in the corresponding bit sequences of the SDU in step 503 0110, then the SDU is sent to the rrc layer of base station by the PDCP layers of base station, and non-dropped.
In a specific example, the PDCP layers of base station described in step 503 judge that the SDU is the second target SDU Afterwards, the unshowned steps 504 of Fig. 3 and 505 are further included:
504th, the PDCP layers of base station extract the Encryption Algorithm carried in the second target SDU and protection algorithm integrallty.
505th, the PDCP layers of base station are based on the protection algorithm integrallty and carry out integrality school to the second target SDU It tests, and after verifying successfully, the second target SDU is sent to the rrc layer of base station.
In a specific example, the PDCP layers of base station described in step 504 extract what is carried in the second target SDU Encryption Algorithm and protection algorithm integrallty, including:
Value of the PDCP layers of base station based on the bit13 to bit15 in the corresponding bit sequences of the second target SDU, really Determine protection algorithm integrallty;And based on the value of bit17 to bit19, determine Encryption Algorithm;Wherein, the bit sequence is by bit0, Bit1 ..., totally 20 bits are formed bit19.
In a specific example, after the second target SDU is sent to the rrc layer of base station described in step 505, also Including the unshowned steps 506 of Fig. 3 and 507:
506th, the PDCP layers of base station carry out completeness check based on the protection algorithm integrallty to the SDU received, and The SDU is decrypted based on the Encryption Algorithm after verifying successfully.
507th, the SDU after decryption is sent to the rrc layer of base station by the PDCP layers of base station.
Based on above-mentioned Fig. 5 each embodiments being related to it is found that AS safety mode process in LTE system disclosed in above-described embodiment Optimization method is described by executive agent of base station, and according to the ASN.1 coding rules of PER, the PDCP layers in base station are sent out based on UE The corresponding bit sequences of SDU that send are avoided to determine whether carry out Row control for SecurityModeComplete message Due to misrecognition lead to problems such as message abandon and cannot be decrypted in time source codec is caused to fail caused by call loss.
Further, AS safety mode process optimization methods, the PDCP in base station in LTE system disclosed in above-described embodiment Layer, according to the corresponding bit sequences of the SDU of SecurityModeComplete message, parses SecurityModeComplete Encryption Algorithm and protection algorithm integrallty in message carry out Row control, avoid message being caused to abandon and not due to misrecognition Can be decrypted in time leads to problems such as source codec fail caused call loss.
Based on the inventive concept identical with each embodiment that above-mentioned Fig. 5 is related to, as shown in fig. 6, the present embodiment discloses one kind AS safety mode process optimization method in LTE system, this method include the following steps 601 to 604 using UE as executive agent:
601st, for UE after the SDU for receiving target BS transmission, the PDCP layers of the UE are based on the corresponding bit sequences of the SDU Row, determine whether the SDU is the corresponding first object SDU of Security Mode Command message;
602nd, if it is determined that the SDU is the first object SDU, then the PDCP layers of the UE send out the first object SDU The rrc layer of the UE is sent to, so that after the corresponding target SDU of rrc layer feedback security Pattern completion message of the UE;
603rd, after the target SDU that the PDCP layers of the UE are sent in the rrc layer for receiving the UE, in the target SDU MAC-I domains in increase presupposed information, obtain the second target SDU;
604th, the second target SDU is sent to the target BS by the PDCP layers of the UE, realizes access layer AS peaces Syntype process optimization.
It should be noted that the present embodiment only gives the step of optimization of AS safety mode process is related to, remaining step can Referring to AS safety mode process in the prior art, the present embodiment repeats no more.
Compared with prior art, AS safety mode process optimization methods in the LTE system that the present embodiment proposes, the PDCP layers of UE Based on the corresponding bit sequences of SDU that base station is sent, to determine whether the SDU that base station is sent is that Security Mode Command message corresponds to SDU, overcome UE in the prior art PDCP layer None- identifieds base station send SDU whether be Security Mode Command message pair The SDU answered is avoided leading to message discarding due to misrecognition and cannot be decrypted in time is caused source codec unsuccessfully to draw The call loss risen.
In a specific example, in step 602 if it is determined that the SDU is for the first object SDU, then the UE The PDCP layers of rrc layer that the first object SDU is sent to the UE, and non-dropped.
In a specific example, the first object SDU is sent to the UE by the PDCP layers of UE described in step 602 Rrc layer before, ' and 602 " that further include unshowned step 602 in Fig. 6:
602 ', the PDCP layers of the UE extract the Encryption Algorithm carried in the first object SDU and integrity protection is calculated Method;
602 ", the PDCP layers of the UE are based on the protection algorithm integrallty and carry out integrality to the first object SDU Verification;
Correspondingly, the first object SDU is sent to the rrc layer of the UE by the PDCP layers of UE described in step 602, packet It includes:
The PDCP layers of the UE are sent to institute after being verified successfully to the first object SDU, by the first object SDU State the rrc layer of UE.
The PDCP layers of in a specific example, the step 602 ' UE extract what is carried in the first object SDU Encryption Algorithm and protection algorithm integrallty, including:
Value of the PDCP layers of the UE based on the bit13 to bit15 in the corresponding bit sequences of the first object SDU, Determine protection algorithm integrallty;And based on the value of bit17 to bit19, determine Encryption Algorithm;Wherein, the bit sequence by Bit0, bit1 ..., totally 20 bits are formed bit19.
In a specific example, after the first object SDU is sent to the rrc layer of the UE described in step 602, Further include the unshowned steps 603 of Fig. 4 ' and 603 ":
603 ', the PDCP layers of the UE carry out completeness check based on the protection algorithm integrallty to the SDU received, And the SDU is decrypted based on the Encryption Algorithm after verifying successfully;
603 ", the SDU after decryption is sent to the rrc layer of base station by the PDCP layers of the UE.
Based on above-mentioned Fig. 6 each embodiments being related to it is found that AS safety mode process in LTE system disclosed in above-described embodiment Optimization method is described by executive agent of UE, according to the ASN.1 coding rules of PER, in the PDCP layers of UE, is sent based on base station The corresponding bit sequences of SDU to determine whether carry out Row control for SecurityModeCommand message, avoid due to Misrecognition, which leads to problems such as message abandon and cannot be decrypted in time, causes source codec to fail caused call loss.
Further, AS safety mode process optimization methods in LTE system disclosed in above-described embodiment, in the PDCP of UE Layer, according to the corresponding bit sequences of the SDU of SecurityModeCommand message, parses SecurityModeCommand and disappears Encryption Algorithm and protection algorithm integrallty in breath carry out Row control, avoid message being caused to abandon and cannot due to misrecognition Being decrypted in time leads to problems such as source codec fail caused call loss.
Based on each embodiment that above-mentioned Fig. 5 and Fig. 6 are related to, Fig. 7 shows that a kind of AS safety mode process Signalling exchange shows It is intended to, including step 1~step 3, is described as follows:
Step 1:The rrc layer of eNodeB is selected according to UE security capabilities and the algorithm list itself supported according to priority AS layers of Encryption Algorithm and protection algorithm integrallty, assembling safe mode Security Mode Command message are sent out to UE It send, the AS layer Encryption Algorithm and protection algorithm integrallty of eNodeB selections is included in this message.The PDCP layers of eNodeB are to this Message carries out integrity protection, in message SDU ends addition MAC-I domains, and starts to start the encryption of down direction RRC information Protection.
Step 2:The PDCP layers of UE are received after the SDU that bottom is submitted, after removing PDCP protocol layer heads, according to downlink SDU After middle bit1 to bit4 determines whether safe mode Security Mode Command message for 0110, according in downlink SDU Bit13 to bit15 and bit17 to bit19 determines that integrity protection and Encryption Algorithm calculate AS layers of tegrity protection key And encryption key, and completeness check is carried out to this message, after verification passes through, notify the rrc layer of UE and open downlink peace Quan Xing.Rrc layer returns to AS layers of safe mode command and completes Security Mode Complete message.UE carries out this message Uplink safety is opened after eNodeB is issued after integrity protection.
Step 3:The PDCP layers of eNodeB are received after the SDU that bottom is submitted, after removing PDCP protocol layer heads, according to uplink Bit1 to bit4 determines whether safe mode SecurityModeComplete message for 0110 and verifies that it is complete in SDU Property, if be proved to be successful, eNodeB opens uplink safety.
Based on above-mentioned steps 1~3, it is known that, for 1 problem of scene of appearance, the PDCP layers of eNodeB are according to bit Offset parsing the non-SecurityModeComplete of the message, can directly be submitted to rrc layer, avoid by the message (such as TAU_CMP message) it abandons.For 2 problem of scene, the PDCP of UE identifies Security Mode Command message Afterwards, the Encryption Algorithm and protection algorithm integrallty of use are further identified, to what is received RRCConnectionReconfiguration message is directly decrypted and completeness check and reports the rrc layer message.
Each embodiment that 3~Fig. 5 of complex chart is related to, it is known that, compared to the prior art,
(1) embodiment of the present invention avoids judging by accident and handles call loss caused by mistake, improves KPI and user perceives.
The processing mode of the prior art:
In the prior art, PDCP None- identifieds go out Security Mode Command and SecurityModeComplete Message causes UE and eNodeB that can abandon message, call flow is caused unsuccessfully to cause call loss.
The processing mode of the embodiment of the present invention:
By PDCP layers identify Security Mode Command and SecurityModeComplete message, UE or Person eNodeB will not abandon message, ensure that call flow correctly carries out.
(2) lifting means of embodiment of the present invention operational efficiency reduces unnecessary agreement interlayer interaction and software distribution.
The processing mode of the prior art:
The RRC information of control plane needs to carry out ASN1 encoding and decoding, and the integrity protection and encryption and decryption of RRC information are in PDCP Layer performs, since the parameter configuration for carrying out integrity protection and encryption and decryption needs in Security Mode Command message PDCP layers are notified after rrc layer parsing, and therefore, two the protocol layers PDCP and RLC of UE or eNodeB is ensure correct activation peace Full configuration, needs repeatedly to carry out agreement interlayer interacting message, and if complete ASN decodings library is transplanted to L2 protocol stack moulds Block, code segment increases and operational efficiency is low, software distribution module redundancy.
The processing mode of the embodiment of the present invention:
Efficient identification type of message and security parameter are matched in a manner that the SDU received to SRB1 carries out bit offset comparison It puts.Simplify the interaction of agreement interlayer, reduce soft distribution redundancy, promote software operation efficiency.It reduces by two message and hands in downlink UE sides Mutually, a piece of news interaction is reduced in uplink eNodeB sides.
It will be appreciated by those of skill in the art that although some embodiments described herein include being wrapped in other embodiments The certain features rather than other feature included, but the combination of the feature of different embodiment mean in the scope of the present invention it It is interior and form different embodiments.
It will be understood by those skilled in the art that each step in embodiment can with hardware realization or at one or The software module run on the multiple processors of person is realized or is realized with combination thereof.Those skilled in the art should manage Solution, can realize according to embodiments of the present invention one using microprocessor or digital signal processor (DSP) in practice The some or all functions of a little or whole components.The present invention is also implemented as performing method as described herein Some or all equipment or program of device (for example, computer program and computer program product).
Although being described in conjunction with the accompanying embodiments of the present invention, those skilled in the art can not depart from this hair Various modifications and variations are made in the case of bright spirit and scope, such modifications and variations are each fallen within by appended claims Within limited range.

Claims (20)

1. a kind of AS safety mode process optimization method in LTE system, which is characterized in that including:
PDCP layers of safe mode sent in the radio resource control RRC layer for receiving base station of Packet Data Convergence Protocol of base station After the corresponding target service data cell S DU of command messages, increase presupposed information in the MAC-I domains of the target SDU, obtain First object SDU;
The first object SDU is sent to target UE UE by the PDCP layers of base station, so that the target UE feedback securities The corresponding second target SDU of Pattern completion message;
The PDCP layers of base station are after the SDU that the target UE is sent is received, the MAC-I domain informations based on the SDU, and determining should Whether SDU is the second target SDU, realizes the optimization of access layer AS safety mode process.
2. according to the method described in claim 1, it is characterized in that, the MAC-I domain informations based on the SDU, determine the SDU Whether it is the second target SDU, including:
The PDCP layers of base station judge whether the MAC-I domain informations of the SDU are empty or zero;
If the MAC-I domain informations of the SDU are neither also not zero for sky, the PDCP layers of base station judge that the SDU is second mesh Mark SDU.
3. according to the method described in claim 2, it is characterized in that, the PDCP layers of the base station judge that the SDU is described second After target SDU, further include:
The PDCP layers of base station extract the Encryption Algorithm carried in the second target SDU and protection algorithm integrallty;
The PDCP layers of base station are based on the protection algorithm integrallty and carry out completeness check to the second target SDU, and in school After testing successfully, the second target SDU is sent to the rrc layer of base station.
4. the according to the method described in claim 3, it is characterized in that, RRC that the second target SDU is sent to base station After layer, further include:
The PDCP layers of base station carry out the SDU that receives completeness check based on the protection algorithm integrallty, and verification into The SDU is decrypted based on the Encryption Algorithm after work(;
SDU after decryption is sent to the rrc layer of base station by the PDCP layers of base station.
5. according to the method described in claim 3, it is characterized in that, the PDCP layers of the base station extract the second target SDU The Encryption Algorithm and protection algorithm integrallty of middle carrying, including:
Value of the PDCP layers of base station based on the bit13 to bit15 in the corresponding bit sequences of the second target SDU, has determined Whole property protection algorism;And based on the value of bit17 to bit19, determine Encryption Algorithm;
Wherein, the bit sequence is by bit0, and totally 20 bits are formed by bit1 ..., bit19.
6. if according to the method described in claim 2, it is characterized in that, the MAC-I domain informations of the SDU are empty or zero, base station PDCP layers the SDU is sent to the rrc layer of base station.
7. a kind of AS safety mode process optimization method in LTE system, which is characterized in that including:
UE is after the SDU for receiving target BS transmission, MAC-I domain information of the PDCP layers based on the SDU of the UE, and determining should Whether SDU is the corresponding first object SDU of Security Mode Command message;
If it is determined that the SDU is the first object SDU, then the first object SDU is sent to described by the PDCP layers of the UE The rrc layer of UE, so that after the corresponding target SDU of rrc layer feedback security Pattern completion message of the UE;
After the target SDU that the PDCP layers of the UE are sent in the rrc layer for receiving the UE, in the MAC-I domains of the target SDU Middle increase presupposed information obtains the second target SDU;
The second target SDU is sent to the target BS by the PDCP layers of the UE, realizes access layer AS safe mode mistakes Cheng Youhua.
8. the method according to the description of claim 7 is characterized in that the PDCP layers of the UE send the first object SDU To before the rrc layer of the UE, further include:
The PDCP layers of the UE extract the Encryption Algorithm carried in the first object SDU and protection algorithm integrallty;
The PDCP layers of the UE are based on the protection algorithm integrallty and carry out completeness check to the first object SDU;
Correspondingly, the first object SDU is sent to the rrc layer of the UE by the PDCP layers of the UE, including:
The PDCP layers of the UE are sent to the UE after being verified successfully to the first object SDU, by the first object SDU Rrc layer.
9. according to the method described in claim 8, it is characterized in that, described be sent to the UE's by the first object SDU After rrc layer, further include:
The PDCP layers of the UE carry out completeness check, and verifying based on the protection algorithm integrallty to the SDU received The SDU is decrypted based on the Encryption Algorithm after success;
SDU after decryption is sent to the rrc layer of base station by the PDCP layers of the UE.
10. method according to claim 7, which is characterized in that if it is determined that the SDU is not the first object SDU, then it is described The first object SDU is sent to the rrc layer of the UE by the PDCP layers of UE.
11. a kind of AS safety mode process optimization method in LTE system, which is characterized in that including:
After the corresponding target SDU of Security Mode Command message that the PDCP layers of base station are sent in the rrc layer for receiving base station, in institute Stating in the MAC-I domains of target SDU increases presupposed information, obtains first object SDU;
The first object SDU is sent to target UE by the PDCP layers of base station, so that the target UE feedback security Pattern completions The corresponding second target SDU of message;
The PDCP layers of base station are after the SDU that the target UE is sent is received, and based on the corresponding bit sequences of the SDU, determining should Whether SDU is the second target SDU, realizes the optimization of access layer AS safety mode process.
12. according to the method for claim 11, which is characterized in that described based on the corresponding bit sequences of the SDU, determining should Whether SDU is the second target SDU, including:
The PDCP layers of base station judge whether bit1 to bit4 is 0110 in the corresponding bit sequences of the SDU;The bit sequence by Bit0, bit1 ..., totally 20 bits are formed bit19;
If 0110, then the PDCP layers judgement of the base station SDU is the second target SDU.
13. according to the method for claim 12, which is characterized in that the PDCP layers of the base station judge that the SDU is described the After two target SDU, further include:
The PDCP layers of base station extract the Encryption Algorithm carried in the second target SDU and protection algorithm integrallty;
The PDCP layers of base station are based on the protection algorithm integrallty and carry out completeness check to the second target SDU, and in school After testing successfully, the second target SDU is sent to the rrc layer of base station.
14. according to the method for claim 13, which is characterized in that described that the second target SDU is sent to base station After rrc layer, further include:
The PDCP layers of base station carry out the SDU that receives completeness check based on the protection algorithm integrallty, and verification into The SDU is decrypted based on the Encryption Algorithm after work(;
SDU after decryption is sent to the rrc layer of base station by the PDCP layers of base station.
15. according to the method for claim 13, which is characterized in that the PDCP layers of the base station extract second target The Encryption Algorithm and protection algorithm integrallty carried in SDU, including:
Value of the PDCP layers of base station based on the bit13 to bit15 in the corresponding bit sequences of the second target SDU, has determined Whole property protection algorism;And based on the value of bit17 to bit19, determine Encryption Algorithm.
16. according to the method for claim 12, which is characterized in that if bit1 to bit4 in the corresponding bit sequences of the SDU It is not 0110, then the SDU is sent to the rrc layer of base station by the PDCP layers of base station.
17. a kind of AS safety mode process optimization method in LTE system, which is characterized in that including:
For UE after the SDU for receiving target BS transmission, the PDCP layers of the UE are based on the corresponding bit sequences of the SDU, determine Whether the SDU is the corresponding first object SDU of Security Mode Command message;
If it is determined that the SDU is the first object SDU, then the first object SDU is sent to described by the PDCP layers of the UE The rrc layer of UE, so that after the corresponding target SDU of rrc layer feedback security Pattern completion message of the UE;
After the target SDU that the PDCP layers of the UE are sent in the rrc layer for receiving the UE, in the MAC-I domains of the target SDU Middle increase presupposed information obtains the second target SDU;
The second target SDU is sent to the target BS by the PDCP layers of the UE, realizes access layer AS safe mode mistakes Cheng Youhua.
18. according to the method for claim 17, which is characterized in that the PDCP layers of the UE send out the first object SDU It is sent to before the rrc layer of the UE, further includes:
The PDCP layers of the UE extract the Encryption Algorithm carried in the first object SDU and protection algorithm integrallty;
The PDCP layers of the UE are based on the protection algorithm integrallty and carry out completeness check to the first object SDU;
Correspondingly, the first object SDU is sent to the rrc layer of the UE by the PDCP layers of the UE, including:
The PDCP layers of the UE are sent to the UE after being verified successfully to the first object SDU, by the first object SDU Rrc layer.
19. according to the method for claim 18, which is characterized in that described that the first object SDU is sent to the UE Rrc layer after, further include:
The PDCP layers of the UE carry out completeness check, and verifying based on the protection algorithm integrallty to the SDU received The SDU is decrypted based on the Encryption Algorithm after success;
SDU after decryption is sent to the rrc layer of base station by the PDCP layers of the UE.
20. according to claim 17 the method, which is characterized in that if it is determined that the SDU is for the first object SDU, then institute The first object SDU is sent to the rrc layer of the UE by the PDCP layers for stating UE.
CN201611207413.2A 2016-12-23 2016-12-23 Method for optimizing AS security mode process in L TE system Active CN108243144B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611207413.2A CN108243144B (en) 2016-12-23 2016-12-23 Method for optimizing AS security mode process in L TE system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611207413.2A CN108243144B (en) 2016-12-23 2016-12-23 Method for optimizing AS security mode process in L TE system

Publications (2)

Publication Number Publication Date
CN108243144A true CN108243144A (en) 2018-07-03
CN108243144B CN108243144B (en) 2020-07-28

Family

ID=62703570

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611207413.2A Active CN108243144B (en) 2016-12-23 2016-12-23 Method for optimizing AS security mode process in L TE system

Country Status (1)

Country Link
CN (1) CN108243144B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200169887A1 (en) * 2017-06-16 2020-05-28 Telefonaktiebolaget Lm Ericsson (Publ) Systems and methods for the handling of data radio bearer integrity protection failure in nr

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1937487A (en) * 2005-09-22 2007-03-28 北京三星通信技术研究有限公司 LTE authentication and encryption method
CN101742500A (en) * 2010-01-21 2010-06-16 中兴通讯股份有限公司 Method and system for deriving air interface secret key
CN102625300A (en) * 2011-01-28 2012-08-01 华为技术有限公司 Generation method and device for key
WO2016118298A1 (en) * 2015-01-20 2016-07-28 Sprint Communications Company L.P. Computer system hardware validation for virtual communication network elements

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1937487A (en) * 2005-09-22 2007-03-28 北京三星通信技术研究有限公司 LTE authentication and encryption method
CN101742500A (en) * 2010-01-21 2010-06-16 中兴通讯股份有限公司 Method and system for deriving air interface secret key
CN102625300A (en) * 2011-01-28 2012-08-01 华为技术有限公司 Generation method and device for key
WO2016118298A1 (en) * 2015-01-20 2016-07-28 Sprint Communications Company L.P. Computer system hardware validation for virtual communication network elements

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200169887A1 (en) * 2017-06-16 2020-05-28 Telefonaktiebolaget Lm Ericsson (Publ) Systems and methods for the handling of data radio bearer integrity protection failure in nr
US11997738B2 (en) * 2017-06-16 2024-05-28 Telefonaktiebolaget Lm Ericsson (Publ) Systems and methods for the handling of data radio bearer integrity protection failure in NR

Also Published As

Publication number Publication date
CN108243144B (en) 2020-07-28

Similar Documents

Publication Publication Date Title
KR101583231B1 (en) Methods and apparatuses for enabling non-access stratum(nas) security in lte mobile units
US8743905B2 (en) Method and apparatus for bundling and ciphering data
EP1855499A2 (en) Method and apparatus for setting ciphering activation time in a wireless communications system
CN112738804B (en) Safety protection method and device
EP2628328B1 (en) Dynamic content-based ciphering on a control channel
CN109155704A (en) The triggering of short delay Fast retransmission
CN102857920A (en) Processing method and device for downlink signal messages by terminal side of LTE (long term evolution) system
JP5739006B2 (en) Method and apparatus for sending and receiving secure and non-secure data
CN110995750B (en) Terminal device
KR20080037582A (en) Method and apparatus for handling protocol error in a wireless communications system
US11722890B2 (en) Methods and systems for deriving cu-up security keys for disaggregated gNB architecture
TWI452887B (en) Method and apparatus for performing ciphering in a wireless communications system
WO2010069249A1 (en) Method, device and user equipment for false alarm verification
CN108243144A (en) AS safety mode process optimization method in a kind of LTE system
CN110636507A (en) Communication method and device
KR20080039322A (en) Method and apparatus for handling protocol error in a wireless communications system
CN112654046A (en) Method and device for registration
US8631313B2 (en) Method of error detection for wireless transmission
US11363461B2 (en) Method for managing security key of mobile communication system, and apparatus therefor
CN116420413A (en) Unequal protection of data streams
CN109698817B (en) Data processing method and device
CN115866588B (en) Safe activation message concurrency method
KR20080053230A (en) Method and apparatus for handling reordering in a wireless communications system
CN109412760B (en) Uplink feedback method, device and computer readable storage medium
WO2024087038A1 (en) Communication method and communication apparatus

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant