CN109644354A - A kind of integrity verification method, the network equipment, UE and computer storage medium - Google Patents

A kind of integrity verification method, the network equipment, UE and computer storage medium Download PDF

Info

Publication number
CN109644354A
CN109644354A CN201880002951.9A CN201880002951A CN109644354A CN 109644354 A CN109644354 A CN 109644354A CN 201880002951 A CN201880002951 A CN 201880002951A CN 109644354 A CN109644354 A CN 109644354A
Authority
CN
China
Prior art keywords
integrity protection
network equipment
verifying
configuration information
ssb
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201880002951.9A
Other languages
Chinese (zh)
Other versions
CN109644354B (en
Inventor
杨宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Publication of CN109644354A publication Critical patent/CN109644354A/en
Application granted granted Critical
Publication of CN109644354B publication Critical patent/CN109644354B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/02Arrangements for optimising operational condition
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/106Packet or message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/19Connection re-establishment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/20Manipulation of established connections
    • H04W76/27Transitions between radio resource control [RRC] states

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a kind of integrity verification method, the network equipment, user equipment (UE) and computer storage mediums, and wherein method includes: the integrity protection verifying configuration information for the RRC recovery request message for being configured to verifying user equipment UE initiation;Based on the configuration information of integrity protection verifying, integrity protection verifying is carried out to the RRC recovery request message that the UE is sent.

Description

A kind of integrity verification method, the network equipment, UE and computer storage medium
Technical field
The present invention relates to technical field of information processing more particularly to a kind of integrity verification method, the network equipment, Yong Hushe Standby (UE) and computer storage medium.
Background technique
When UE is in RRC_INACTIVE state, network side can configure the paging domain of RAN to UE, when UE is in the paging zone Notice network side is not had to when moving in domain, it then follows mobile sexual behaviour under idle, i.e. cell select gravity treatment principle.When UE is moved out When the paging domain of RAN configuration, UE can be triggered and restore the paging domain that RRC is connected and reacquired RAN configuration.
In the prior art, the integrity protection verifying of RRC Resume request recovery request message (MSG3) is in original Base station is performed, than as shown in Figure 1, i.e. serving BS will be in the RRC Resume request message that received ShortMAC-I and UE context id information, which is issued, is willing to base station, and former base station carries out integrity protection verifying, if integrality is protected Shield is verified, then former base station forwards the AS context of the UE to serving BS, and serving BS is allowed to restore the upper and lower of UE Text and then recovery RRC connection.But if the integrity protection authentication failed of RRC Resume request message, former base station Safe context is not sent, but the signaling of Xn interface still wants existing.For attempting to destroy network side if there is false UE, RRC Resume request message is ceaselessly sent to base station, then base station can ceaselessly attempt to obtain the safety of vacation UE or more Text even results in network paralysis so that network consumption excess resource handles meaningless processing.
Summary of the invention
In order to solve the above technical problems, the embodiment of the invention provides a kind of integrity verification method, the network equipment, users Equipment (UE) and computer storage medium.
The embodiment of the invention provides a kind of integrity verification methods, are applied to first network equipment, which comprises
It is configured to the integrity protection verifying configuration information of the RRC recovery request message of verifying user equipment UE initiation;
Based on the configuration information of integrity protection verifying, the RRC recovery request message that the UE is sent has been carried out Whole property protection verifying.
The embodiment of the present invention provides a kind of integrity verification method, is applied to second network equipment, which comprises
When the former serving BS as UE and when saving the context of the UE, enter inactive shape discharging the UE Before state, is sent to first network equipment and verify configuration about the integrity protection of the verifying UE RRC recovery request message initiated Information.
The embodiment of the present invention provides a kind of integrity verification method, is applied to UE, which comprises
RRC recovery request message is sent to first network equipment.
The embodiment of the invention provides a kind of first network equipment, comprising:
First communication unit is configured to the integrity protection of the RRC recovery request message of verifying user equipment UE initiation Verify configuration information;
First processing units ask the RRC recovery that the UE is sent based on the configuration information of integrity protection verifying Message is asked to carry out integrity protection verifying.
The embodiment of the present invention provides a kind of second network equipment, comprising:
The second processing unit when the former serving BS as UE and when saving the context of the UE, is discharging the UE Into before unactivated state, is sent by the second communication unit to first network equipment and restored about the verifying UE RRC initiated The integrity protection of request message verifies configuration information;
Second communication unit sends the integrity protection to first network equipment and verifies configuration information.
The embodiment of the present invention provides a kind of UE, comprising:
Third communication unit sends RRC recovery request message to first network equipment.
A kind of network equipment provided in an embodiment of the present invention, comprising: processor and for store can transport on a processor The memory of capable computer program,
Wherein, the step of processor is for executing preceding method when running the computer program.
A kind of UE provided in an embodiment of the present invention, comprising: processor and by store can run on a processor based on The memory of calculation machine program,
Wherein, the step of processor is for executing preceding method when running the computer program.
A kind of computer storage medium provided in an embodiment of the present invention, the computer storage medium is stored with computer can It executes instruction, the computer executable instructions are performed realization aforementioned method steps.
The technical solution of the embodiment of the present invention, it will be able to be protected by being pre-configured with RRC connection recovery request message integrity The configuration information for protecting verifying, allows first network equipment to carry out integrity protection verifying;In this way, just can reduce the first net Network equipment carries out the transmission of data brought by Signalling exchange especially between serving BS and anchor base station, especially can be avoided and be There is the scene of vacation UE attacking network in system.
Detailed description of the invention
Fig. 1 is the processing flow schematic diagram that RRC restores connection;
Fig. 2 is a kind of schematic network structure;
Fig. 3 is integrity verification method of embodiment of the present invention flow diagram 1;
Fig. 4 is integrity verification method of embodiment of the present invention flow diagram 2;
Fig. 5 is integrity verification method of embodiment of the present invention flow diagram 3;
Fig. 6 is integrity verification method of embodiment of the present invention flow diagram 4;
Fig. 7 is that first network of embodiment of the present invention equipment forms structural schematic diagram;
Fig. 8 is second network equipment of embodiment of the present invention composed structure schematic diagram;
Fig. 9 is UE of embodiment of the present invention composed structure schematic diagram;
Figure 10 is a kind of hardware structure schematic diagram of the embodiment of the present invention.
Specific embodiment
The characteristics of in order to more fully hereinafter understand the embodiment of the present invention and technology contents, with reference to the accompanying drawing to this hair The realization of bright embodiment is described in detail, appended attached drawing purposes of discussion only for reference, is not used to limit the embodiment of the present invention.
With reference to Fig. 2 description communication system that wherein UE according to the present invention is communicated with the network equipment.
Different air interface and/or physical layer can be used in such communication system.For example, used by communication system Air interface includes such as frequency division multiple access (FDMA), time division multiple acess (TDMA), CDMA (CDMA) and universal mobile communications system System (UMTS) (particularly, long term evolution (LTE)), global system for mobile communications (GSM) etc..As non-limiting example, under The description in face is related to cdma communication system, but such introduction is equally applicable to other types of system.
With reference to Fig. 2, cdma wireless communication system may include multiple UE100, multiple network equipments, such as the base station in figure (BS) 270, base station controller (BSC) 275 and mobile switching centre (MSC) 280 etc..MSC280 is configured to hand over public telephone Switching network (PSTN) 290 forms interface.MSC280 is also structured to and can be couple to base station 270 via back haul link BSC275 forms interface.Back haul link can be constructed according to any in several known interfaces, and the interface includes example Such as E1/T1, ATM, IP, PPP, frame relay, HDSL, ADSL or xDSL.It will be appreciated that system can wrap as shown in Figure 2 Include multiple BSC2750.
In Fig. 2, multiple satellites 300 are further depicted, it is understood that, can use any number of satellite is had Location information.As a typical operation of wireless communication system, BS270 receives the reverse link from various UE100 Signal.UE100 usually participates in call, information receiving and transmitting and other types of communication.The received each reverse link of certain base station 270 Signal is handled in specific BS270.The data of acquisition are forwarded to relevant BSC275.BSC provides call resource point Match and the mobile management function of the coordination including the soft switching process between BS270.BSC275 also routes the data received To MSC280, the additional route service for forming interface with PSTN290 is provided.Similarly, PSTN290 and MSC280 shape At interface, MSC and BSC275 form interface, and BSC275 controls BS270 correspondingly to send forward link signals to UE100。
Embodiment one,
The embodiment of the invention provides a kind of integrity verification methods, are applied to first network equipment, as shown in figure 3, packet It includes:
Step 301: being configured to the integrity protection verifying of the RRC recovery request message of verifying user equipment (UE) initiation Configuration information;
Step 302: the configuration information based on integrity protection verifying disappears to the RRC recovery request that the UE is sent Breath carries out integrity protection verifying.
First network equipment described in the present embodiment, can be currently to provide the base station of service for UE.
There may be following two to handle scene for the present embodiment, is respectively described below:
Scene 1,
A serving BS (second network equipment) before the first network equipment can also get in advance UE is sent Integrity protection verify configuration information, specifically include:
Receive the integrity protection verifying for the RRC recovery request message initiated about verifying UE that second network equipment is sent Configuration information;Wherein, second network equipment is the former serving BS for servicing the UE, and when second network equipment exists The UE is discharged into before inactive state, and the RRC recovery request that Xiang Suoshu first network equipment sends for verifying UE initiation disappears The integrity protection of breath verifies configuration information.
It also will do it following processing in the second network equipment side: (that is, to adjacent base station before sending configuration information Send about before the integrity protection verifying configuration information for verifying the RRC Resume request message that UE is initiated), it is described Second network equipment calculates corresponding KgNB* (key) and corresponding according to the frequency domain SSB configuration information of adjacent area shortMAC-I。
The integrity protection verifies configuration information, including at least one of: at least one short MAC-I, UE context Identify I-RNTI.
If Target cell is the wideband carrier that a frequency domain includes multiple SSBs.The then integrality Protection verifying configuration information includes the corresponding ShortMAC-I of each SSB and corresponding SSB identification information.
That is, when there are multiple SSB, the integrity protection verifies configuration information, further includes: described the The identification information of SSB corresponding at least one SSB that the Target cell frequency domain range of one network device management includes;And And at least one described short MAC-I, it is corresponding with the identification information of at least one SSB.
Configuration processing is completed in aforementioned network side, and then the UE will do it RRC recovery request, is initiating RRC to target Before Resume request message, UE is according to ARFCN and the PCI information more new key of current SSB and calculates ShortMAC-I.
Correspondingly, the configuration information that the first network equipment side group is verified in the integrity protection, sends out the UE The RRC recovery request message come carries out integrity protection verifying, further includes:
Receive the RRC recovery request message that the UE is sent;
When integrity protection verifying configuration information corresponding there are the UE, based on matching for integrity protection verifying Confidence breath carries out integrity protection verifying to the RRC recovery request message that the UE is sent;
Alternatively,
When integrity protection verifying configuration information corresponding there is no the UE, the corresponding anchor base station of the UE is addressed, So that the anchor base station, which is executed, carries out integrity protection verifying to RRC recovery request message.
That is, UE initiates RRC Resume request message to some base station, if there are this UE pairs for the base station The integrity protection verifying configuration information answered, then execute the integrity protection verifying of RRC Resume request message.Otherwise Anchor gNB is addressed, anchor gNB is allowed to execute the integrity protection verifying of RRC Resume request message.
According to UE identification information entrained in the RRC recovery request message, the short MAC-I of storage is found;Based on institute It states short MAC-I and carries out integrity protection verifying;When the authentication succeeds, it is the UE addressing target network equipment, carries out the UE Context obtains;When failing the authentication, refuse the UE.
That is, if current base station can execute the integrity protection verifying of RRC Resume request message, The addressing target base station if being proved to be successful carries out UE context and asks for, otherwise directly refuses UE.
This scene can wherein illustrate that anchor base station can be the source base station of UE connection with further reference to Fig. 4,5 in Fig. 4, T-gNB can be understood as the current serving BS of UE;Integrity protection is obtained by Xn interface between anchor base station and serving BS Verify configuration information;Then, anchor base station sends RRC connection release message or RRC suspending message to UE;UE resides in target GNB retains RRC connection.UE is at least based on the information such as C-RNTI, source PCI and Target Cell Identifier and calculates short MAC-I;UE to Target BS sends RRC connection recovery request message, wherein at least includes (ShortMAC-I and I-RNTI);Target BS Short MAC-I is found based on the I-RNTI in RRC connection recovery request message, then target BS has been carried out according to short MAC-I Whole property verification protection;If current base station i.e. target BS can execute the integrality of RRC Resume request message Protection verifying, the addressing target base station if being proved to be successful carry out UE context and ask for, otherwise directly refuse UE.
Illustrated in Fig. 5,1, anchor base station (second network equipment namely in the present embodiment) key is calculated first, And each SSB corresponds to a key, then determines ARFCN and PCI;Based on the corresponding KRRCint of each SSB, with And old security algorithm is calculated the corresponding ShortMAC-I of each SSB, that is, ShortMAC-I-1 shown in figure, ShortMAC-I-2,ShortMAC-I-3;
2, it is corresponding to send each SSB to target BS (the first network equipment namely in the present embodiment) for anchor base station Key, ShortMAC-I and I-RNTI;
3, before UE sends RRC recovery request, UE can determine that its persistent district is SSB2;And key is calculated KgNB*, and ARFCN and PCI is extracted from SSB2, KRRCint is then obtained, is calculated based on the information and old safety got ShortMAC-I is calculated in method;
4, target BS is looked for when receiving the RRC recovery request that UE is sent based on the I-RNTI in RRC recovery request To corresponding ShortMAC-I, security verification is then carried out.
Scene 2,
A serving BS (second network equipment) before the first network equipment can also get in advance UE is sent Integrity protection verify configuration information, specifically include:
Receive the integrity protection verifying for the RRC recovery request message initiated about verifying UE that second network equipment is sent Configuration information;Wherein, second network equipment is the former serving BS for servicing the UE, and when second network equipment exists The UE is discharged into before inactive state, and the RRC recovery request that Xiang Suoshu first network equipment sends for verifying UE initiation disappears The integrity protection of breath verifies configuration information.
It also will do it following processing in the second network equipment side: (that is, to adjacent base station before sending configuration information Send about before the integrity protection verifying configuration information for verifying the RRC Resume request message that UE is initiated), it is described Second network equipment calculates corresponding KgNB* according to the frequency domain SSB configuration information of adjacent area.
The integrity protection verifies configuration information, including at least one of: at least one key, UE Context identifier I-RNTI, security algorithm, the PCI of former serving BS, former serving BS C-RNTI.
If include multiple SSB, can also include:
SSB corresponding at least one SSB that the Target cell frequency domain range of the first network equipment management includes Identification information;Also, at least one described key, it is corresponding with the identification information of at least one SSB.
The integrity protection verifying configuration information includes KgNB*, and the safety of UE Context identifier I-RNTI, storage are calculated Method, the PCI and C-RNTI of former side.If Target cell is the wideband that a frequency domain includes multiple SSBs carrier.Then the integrity protection verifying configuration information includes each SSB corresponding KgNB* and corresponding SSB mark letter Breath.
Configuration processing is completed in aforementioned network side, and then the UE will do it RRC recovery request, is initiating RRC to target Before Resume request message, UE is according to ARFCN and the PCI information more new key of current SSB and calculates ShortMAC-I.
Correspondingly, the configuration information that the first network equipment side group is verified in the integrity protection, sends out the UE The RRC recovery request message come carries out integrity protection verifying, further includes:
Receive the RRC recovery request message that the UE is sent;
When integrity protection verifying configuration information corresponding there are the UE, based on matching for integrity protection verifying Confidence breath carries out integrity protection verifying to the RRC recovery request message that the UE is sent;
Alternatively,
When integrity protection verifying configuration information corresponding there is no the UE, the corresponding anchor base station of the UE is addressed, So that the anchor base station, which is executed, carries out integrity protection verifying to RRC recovery request message.
That is, UE initiates RRC Resume request message to some base station, if there are this UE pairs for the base station The integrity protection verifying configuration information answered, then execute the integrity protection verifying of RRC Resume request message.Otherwise Anchor gNB is addressed, anchor gNB is allowed to execute the integrity protection verifying of RRC Resume request message.
According to identification information entrained in the RRC recovery request message, the key of storage is found;At least based on described Short MAC-I is calculated in key and the security algorithm;Integrity protection is carried out based on the short MAC-I being calculated to test Card;When the authentication succeeds, it is the UE addressing target network equipment, carries out the UE context and obtain;When failing the authentication, it refuses The exhausted UE.
That is, target BS information according to entrained by RRC resume request message, finds storage Then KgNB* calculates shortMAC-I.If the integrality that current base station can execute RRC Resume request message is protected Shield verifying, the addressing target base station if being proved to be successful carry out UE context and ask for, otherwise directly refuse UE.
This scene can wherein illustrate that anchor base station can be the source base station of UE connection with further reference to Fig. 4,6 in Fig. 4, T-gNB can be understood as the current serving BS of UE;Integrity protection is obtained by Xn interface between anchor base station and serving BS Verify configuration information;Then, anchor base station sends RRC connection release message or RRC suspending message to UE;UE resides in target GNB retains RRC connection.UE is at least based on the information such as C-RNTI, source PCI and Target Cell Identifier and calculates short MAC-I;UE to Target BS sends RRC connection recovery request message, wherein at least includes (ShortMAC-I and I-RNTI);Target BS Short MAC-I is found based on the I-RNTI in RRC connection recovery request message, then target BS has been carried out according to short MAC-I Whole property verification protection;If current base station i.e. target BS can execute the integrality of RRC Resume request message Protection verifying, the addressing target base station if being proved to be successful carry out UE context and ask for, otherwise directly refuse UE.
Illustrated in Fig. 6,1, anchor base station (second network equipment namely in the present embodiment) key is calculated first, And each SSB corresponds to a key, ARFCN and PCI;
2, it is corresponding to send each SSB to target BS (the first network equipment namely in the present embodiment) for anchor base station Key, I-RNTI, source PCI and source C-RNTI and security algorithm;
3, before UE sends RRC recovery request, UE can determine that its persistent district is SSB2;And key is calculated KgNB*, and ARFCN and PCI is extracted from SSB2, KRRCint is then obtained, is calculated based on the information and old safety got ShortMAC-I is calculated in method;
4, ShortMAC-I is first calculated when receiving the RRC recovery request that UE is sent in target BS, then into Row security verification.
As it can be seen that by using above scheme, it will be able to by being pre-configured with RRC connection recovery request message integrity protection The configuration information of verifying allows first network equipment to carry out integrity protection verifying;In this way, just can reduce first network Equipment carries out the transmission of data brought by Signalling exchange especially between serving BS and anchor base station, especially can be avoided system The middle scene that there is vacation UE attacking network.
Embodiment two,
The embodiment of the invention provides a kind of integrity verification methods, are applied to second network equipment, comprising: when as UE Former serving BS and when saving the context of the UE, before discharging the UE and entering unactivated state, to first network Equipment, which is sent, verifies configuration information about the integrity protection of the verifying UE RRC recovery request message initiated.
Second network equipment described in the present embodiment, can be currently be the corresponding former serving BS of UE.Wherein, described One network equipment and cell are it in whole base stations in RAN notification area and its at least partly base station in cell and cell One base station and cell.Or it can be understood as the Current Serving BTS that first network equipment is UE;The first network equipment pipe Some cell of reason is the Target cell of UE.
There may also be following two to handle scene for the present embodiment, is respectively described below:
Scene 1,
(that is, sending the RRC Resume initiated about verifying UE to adjacent base station before sending configuration information Before the integrity protection verifying configuration information of request message), second network equipment is matched according to the frequency domain SSB of adjacent area Confidence breath calculates corresponding KgNB* (key) and corresponding shortMAC-I.
The integrity protection verifies configuration information, including at least one of: at least one short MAC-I, UE context Identify I-RNTI.
If Target cell is the wideband carrier that a frequency domain includes multiple SSBs.The then integrality Protection verifying configuration information includes the corresponding ShortMAC-I of each SSB and corresponding SSB identification information.
That is, the integrity protection verifies configuration information, further includes: target is small when there are multiple SSB The identification information of SSB corresponding at least one SSB that area's frequency domain range includes;Also, at least one described short MAC-I, It is corresponding with the identification information of at least one SSB.
Configuration processing is completed in aforementioned network side, and then the UE will do it RRC recovery request, is initiating RRC to target Before Resume request message, UE is according to ARFCN and the PCI information more new key of current SSB and calculates ShortMAC-I.
Scene 2,
It also will do it following processing in the second network equipment side: (that is, to adjacent base station before sending configuration information Send about before the integrity protection verifying configuration information for verifying the RRC Resume request message that UE is initiated), it is described Second network equipment calculates the corresponding key of at least one SSB according to the frequency domain SSB configuration information of adjacent area.
The integrity protection verifies configuration information, including at least one of: at least one key, UE Context identifier I-RNTI, security algorithm, the PCI of former serving BS, former serving BS C-RNTI.
If include multiple SSB, can also include:
SSB corresponding at least one SSB that the Target cell frequency domain range of the first network equipment management includes Identification information;Also, at least one described key, it is corresponding with the identification information of at least one SSB.
The integrity protection verifying configuration information includes KgNB*, and the safety of UE Context identifier I-RNTI, storage are calculated Method, the PCI and C-RNTI of former side.If Target cell is the wideband that a frequency domain includes multiple SSBs carrier.Then the integrity protection verifying configuration information includes each SSB corresponding KgNB* and corresponding SSB mark letter Breath.
Configuration processing is completed in aforementioned network side, and then the UE will do it RRC recovery request, is initiating RRC to target Before Resume request message, UE is according to ARFCN and the PCI information more new key of current SSB and calculates ShortMAC-I.
As it can be seen that by using above scheme, it will be able to by being pre-configured with RRC connection recovery request message integrity protection The configuration information of verifying allows first network equipment to carry out integrity protection verifying;In this way, just can reduce first network Equipment carries out the transmission of data brought by Signalling exchange especially between serving BS and anchor base station, especially can be avoided system The middle scene that there is vacation UE attacking network.
Embodiment three,
The embodiment of the invention provides a kind of integrity verification methods, are applied to UE, which comprises
RRC recovery request message is sent to first network equipment.
First network equipment described in the present embodiment, can be currently to provide the base station of service for UE.
The UE will do it RRC recovery request, to target initiate RRC Resume request message before, UE according to Simultaneously short MAC-I is calculated in the ARFCN and PCI information of current SSB, more new key.
Correspondingly, the configuration information that the first network equipment side group is verified in the integrity protection, sends out the UE The RRC recovery request message come carries out integrity protection verifying.
It is to be appreciated that scheme provided in this embodiment equally may refer to the scene of the description of earlier figures 4,5,6, and The scheme of previous embodiment description performs corresponding processing, and is only not discussed here.
As it can be seen that by using above scheme, it will be able to by being pre-configured with RRC connection recovery request message integrity protection The configuration information of verifying allows first network equipment to carry out integrity protection verifying;In this way, just can reduce first network Equipment carries out the transmission of data brought by Signalling exchange especially between serving BS and anchor base station, especially can be avoided system The middle scene that there is vacation UE attacking network.
Example IV,
The embodiment of the invention provides a kind of first network equipment, as shown in fig. 7, comprises:
First communication unit 71, the integrality for being configured to the RRC recovery request message of verifying user equipment UE initiation are protected Shield verifying configuration information;
First processing units 72 restore the RRC that the UE is sent based on the configuration information of integrity protection verifying Request message carries out integrity protection verifying.
First network equipment described in the present embodiment, can be currently to provide the base station of service for UE.
There may be following two to handle scene for the present embodiment, is respectively described below:
Scene 1,
First communication unit 71 receives the RRC recovery request initiated about verifying UE that second network equipment is sent The integrity protection of message verifies configuration information;Wherein, second network equipment is the former serving BS for servicing the UE, and When second network equipment is before discharging the UE and entering inactive state, Xiang Suoshu first network equipment is sent for verifying UE The integrity protection of the RRC recovery request message of initiation verifies configuration information.
The integrity protection verifies configuration information, including at least one of: at least one short MAC-I, UE context Identify I-RNTI.
If Target cell is the wideband carrier that a frequency domain includes multiple SSBs.The then integrality Protection verifying configuration information includes the corresponding ShortMAC-I of each SSB and corresponding SSB identification information.
That is, when there are multiple SSB, the integrity protection verifies configuration information, further includes: described the The identification information of SSB corresponding at least one SSB that the Target cell frequency domain range of one network device management includes;And And at least one described short MAC-I, it is corresponding with the identification information of at least one SSB.
Configuration processing is completed in aforementioned network side, and then the UE will do it RRC recovery request, is initiating RRC to target Before Resume request message, UE is according to ARFCN and the PCI information more new key of current SSB and calculates ShortMAC-I.
Correspondingly, first communication unit 71, receives the RRC recovery request message that the UE is sent;
First processing units 72, when integrity protection verifying configuration information corresponding there are the UE, based on described complete The configuration information of whole property protection verifying carries out integrity protection verifying to the RRC recovery request message that the UE is sent;When not depositing In the corresponding integrity protection verifying configuration information of the UE, the corresponding anchor base station of the UE is addressed, so that the anchor base station It executes and integrity protection verifying is carried out to RRC recovery request message.
That is, UE initiates RRC Resume request message to some base station, if there are this UE pairs for the base station The integrity protection verifying configuration information answered, then execute the integrity protection verifying of RRC Resume request message.Otherwise Anchor gNB is addressed, anchor gNB is allowed to execute the integrity protection verifying of RRC Resume request message.
First processing units 72 find storage according to UE identification information entrained in the RRC recovery request message Short MAC-I;Integrity protection verifying is carried out based on the short MAC-I;When the authentication succeeds, it is set for the UE addressing target network It is standby, it carries out the UE context and obtains;When failing the authentication, refuse the UE.
That is, if current base station can execute the integrity protection verifying of RRC Resume request message, The addressing target base station if being proved to be successful carries out UE context and asks for, otherwise directly refuses UE.
Scene 2,
First communication unit 71 receives the RRC recovery request initiated about verifying UE that second network equipment is sent The integrity protection of message verifies configuration information;Wherein, second network equipment is the former serving BS for servicing the UE, and When second network equipment is before discharging the UE and entering inactive state, Xiang Suoshu first network equipment is sent for verifying UE The integrity protection of the RRC recovery request message of initiation verifies configuration information.
The integrity protection verifies configuration information, including at least one of: at least one key, UE Context identifier I-RNTI, security algorithm, the PCI of former serving BS, former serving BS C-RNTI.
It can also include: the Target cell intermediate frequency of the first network equipment management if include multiple SSB The identification information of SSB corresponding at least one SSB that domain range includes;Also, at least one described key, with it is described at least The identification information of one SSB is corresponding.
The integrity protection verifying configuration information includes KgNB*, and the safety of UE Context identifier I-RNTI, storage are calculated Method, the PCI and C-RNTI of former side.If Target cell is the wideband that a frequency domain includes multiple SSBs carrier.Then the integrity protection verifying configuration information includes each SSB corresponding KgNB* and corresponding SSB mark letter Breath.
Configuration processing is completed in aforementioned network side, and then the UE will do it RRC recovery request, is initiating RRC to target Before Resume request message, UE is according to ARFCN and the PCI information more new key of current SSB and calculates ShortMAC-I.
Correspondingly, first communication unit 71, receives the RRC recovery request message that the UE is sent;
First processing units 72, when integrity protection verifying configuration information corresponding there are the UE, based on described complete The configuration information of whole property protection verifying carries out integrity protection verifying to the RRC recovery request message that the UE is sent;When not depositing In the corresponding integrity protection verifying configuration information of the UE, the corresponding anchor base station of the UE is addressed, so that the anchor base station It executes and integrity protection verifying is carried out to RRC recovery request message.
That is, UE initiates RRC Resume request message to some base station, if there are this UE pairs for the base station The integrity protection verifying configuration information answered, then execute the integrity protection verifying of RRC Resume request message.Otherwise Anchor gNB is addressed, anchor gNB is allowed to execute the integrity protection verifying of RRC Resume request message.
First processing units 72 find the close of storage according to identification information entrained in the RRC recovery request message Key;Short MAC-I is at least calculated based on the key and the security algorithm;Based on the short MAC-I being calculated into The verifying of row integrity protection;When the authentication succeeds, it is the UE addressing target network equipment, carries out the UE context and obtain; When failing the authentication, refuse the UE.
That is, target BS information according to entrained by RRC resume request message, finds storage Then KgNB* calculates shortMAC-I.If the integrality that current base station can execute RRC Resume request message is protected Shield verifying, the addressing target base station if being proved to be successful carry out UE context and ask for, otherwise directly refuse UE.
As it can be seen that by using above scheme, it will be able to by being pre-configured with RRC connection recovery request message integrity protection The configuration information of verifying allows first network equipment to carry out integrity protection verifying;In this way, just can reduce first network Equipment carries out the transmission of data brought by Signalling exchange especially between serving BS and anchor base station, especially can be avoided system The middle scene that there is vacation UE attacking network.
Embodiment five,
The embodiment of the invention provides a kind of second network equipments, as shown in Figure 8, comprising: the second processing unit 81, as For UE former serving BS and when saving the context of the UE, before discharging the UE and entering unactivated state, by the Two communication units are sent to first network equipment matches about the integrity protection verifying of the verifying UE RRC recovery request message initiated Confidence breath;
Second communication unit 82 sends the integrity protection to first network equipment and verifies configuration information.
Second network equipment described in the present embodiment, can be currently be the corresponding former serving BS of UE.Wherein, described One network equipment and cell are it in whole base stations in RAN notification area and its at least partly base station in cell and cell One base station and cell.Or it can be understood as the Current Serving BTS that first network equipment is UE;The first network equipment pipe Some cell of reason is the Target cell of UE.
There may also be following two to handle scene for the present embodiment, is respectively described below:
Scene 1,
(that is, sending the RRC Resume initiated about verifying UE to adjacent base station before sending configuration information Before the integrity protection verifying configuration information of request message), the second processing unit matches confidence according to the frequency domain SSB of adjacent area Breath calculates corresponding KgNB* (key) and corresponding shortMAC-I.
The integrity protection verifies configuration information, including at least one of: at least one short MAC-I, UE context Identify I-RNTI.
If Target cell is the wideband carrier that a frequency domain includes multiple SSBs.The then integrality Protection verifying configuration information includes the corresponding ShortMAC-I of each SSB and corresponding SSB identification information.
That is, the integrity protection verifies configuration information, further includes: target is small when there are multiple SSB The identification information of SSB corresponding at least one SSB that area's frequency domain range includes;Also, at least one described short MAC-I, It is corresponding with the identification information of at least one SSB.
Configuration processing is completed in aforementioned network side, and then the UE will do it RRC recovery request, is initiating RRC to target Before Resume request message, UE is according to ARFCN and the PCI information more new key of current SSB and calculates ShortMAC-I.
Scene 2,
It also will do it following processing in the second network equipment side: (that is, to adjacent base station before sending configuration information Send about before the integrity protection verifying configuration information for verifying the RRC Resume request message that UE is initiated), it is described The second processing unit calculates the corresponding key of at least one SSB according to the frequency domain SSB configuration information of adjacent area.
The integrity protection verifies configuration information, including at least one of: at least one key, UE Context identifier I-RNTI, security algorithm, the PCI of former serving BS, former serving BS C-RNTI.
If include multiple SSB, can also include:
SSB corresponding at least one SSB that the Target cell frequency domain range of the first network equipment management includes Identification information;Also, at least one described key, it is corresponding with the identification information of at least one SSB.
The integrity protection verifying configuration information includes KgNB*, and the safety of UE Context identifier I-RNTI, storage are calculated Method, the PCI and C-RNTI of former side.If Target cell is the wideband that a frequency domain includes multiple SSBs carrier.Then the integrity protection verifying configuration information includes each SSB corresponding KgNB* and corresponding SSB mark letter Breath.
Configuration processing is completed in aforementioned network side, and then the UE will do it RRC recovery request, is initiating RRC to target Before Resume request message, UE is according to ARFCN and the PCI information more new key of current SSB and calculates ShortMAC-I.
As it can be seen that by using above scheme, it will be able to by being pre-configured with RRC connection recovery request message integrity protection The configuration information of verifying allows first network equipment to carry out integrity protection verifying;In this way, just can reduce first network Equipment carries out the transmission of data brought by Signalling exchange especially between serving BS and anchor base station, especially can be avoided system The middle scene that there is vacation UE attacking network.
Embodiment six,
The embodiment of the invention provides a kind of UE, include: as shown in Figure 9
Third communication unit 91 sends RRC recovery request message to first network equipment.
Third processing unit 92, according to the ARFCN and PCI information of current SSB, simultaneously short MAC- is calculated in more new key I。
Correspondingly, the configuration information that the first network equipment side group is verified in the integrity protection, sends out the UE The RRC recovery request message come carries out integrity protection verifying.
It is to be appreciated that scheme provided in this embodiment equally may refer to the scene of the description of earlier figures 4,5,6, and The scheme of previous embodiment description performs corresponding processing, and is only not discussed here.
As it can be seen that by using above scheme, it will be able to by being pre-configured with RRC connection recovery request message integrity protection The configuration information of verifying allows first network equipment to carry out integrity protection verifying;In this way, just can reduce first network Equipment carries out the transmission of data brought by Signalling exchange especially between serving BS and anchor base station, especially can be avoided system The middle scene that there is vacation UE attacking network.
The embodiment of the invention also provides a kind of network equipment or the hardware structure composeds of UE, as shown in Figure 10, packet It includes: at least one processor 1001, memory 1002, at least one network interface 1003.Various components pass through bus system 1004 are coupled.It is understood that bus system 1004 is for realizing the connection communication between these components.Bus system 1004 It further include power bus, control bus and status signal bus in addition in addition to including data/address bus.But illustrate in order to clear See, various buses are all designated as bus system 1004 in Figure 100.
It is appreciated that the memory 1002 in the embodiment of the present invention can be volatile memory or non-volatile memories Device, or may include both volatile and non-volatile memories.
In some embodiments, memory 1002 stores following element, executable modules or data structures, or Their subset of person or their superset:
Operating system 10021 and application program 10022.
Wherein, the processor 1001 is configured that the method step for being capable of handling one to three any embodiment of previous embodiment Suddenly, it is not discussed here.
A kind of computer storage medium provided in an embodiment of the present invention, the computer storage medium is stored with computer can It executes instruction, the computer executable instructions are performed the method step for implementing one to three any embodiment of previous embodiment Suddenly.
If above-mentioned apparatus of the embodiment of the present invention is realized in the form of software function module and is sold as independent product Or it in use, also can store in a computer readable storage medium.Based on this understanding, the embodiment of the present invention Substantially the part that contributes to existing technology can be embodied in the form of software products technical solution in other words, the meter Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be a People's computer, server or network equipment etc.) execute all or part of each embodiment the method for the present invention.And it is preceding The storage medium stated includes: USB flash disk, mobile hard disk, read-only memory (ROM, Read Only Memory), magnetic or disk etc. The various media that can store program code.It is combined in this way, the embodiment of the present invention is not limited to any specific hardware and software.
Correspondingly, the embodiment of the present invention also provides a kind of computer storage medium, wherein it is stored with computer program, the meter Calculation machine program is configured to execute the data dispatching method of the embodiment of the present invention.
Although for illustrative purposes, the preferred embodiment of the present invention has been disclosed, those skilled in the art will recognize It is various improve, increase and replace be also it is possible, therefore, the scope of the present invention should be not limited to the above embodiments.

Claims (39)

1. a kind of integrity verification method is applied to first network equipment, which comprises
It is configured to the integrity protection verifying configuration information of the RRC recovery request message of verifying user equipment UE initiation;
Based on the configuration information of integrity protection verifying, integrality is carried out to the RRC recovery request message that the UE is sent Protection verifying.
2. according to the method described in claim 1, wherein, the integrity protection verifies configuration information, including it is following at least it One: at least one short MAC-I, UE Context identifier I-RNTI.
3. according to the method described in claim 2, wherein, the integrity protection verifies configuration information, further includes: described first The identification information of SSB corresponding at least one SSB that the Target cell frequency domain range of network device management includes;
Also, at least one described short MAC-I, it is corresponding with the identification information of at least one SSB.
4. according to the method described in claim 1, wherein, the integrity protection verifies configuration information, including it is following at least it One: at least one key, UE Context identifier I-RNTI, security algorithm, the PCI of former serving BS, former serving BS C- RNTI。
5. according to the method described in claim 4, wherein, the integrity protection verifies configuration information, further includes:
The mark of SSB corresponding at least one SSB that the Target cell frequency domain range of the first network equipment management includes Know information;
Also, at least one described key, it is corresponding with the identification information of at least one SSB.
6. method according to claim 1-5, wherein the RRC recovery for being configured to verifying UE initiation is asked The integrity protection of message is asked to verify configuration information, comprising:
Receive the integrity protection verifying configuration for the RRC recovery request message initiated about verifying UE that second network equipment is sent Information;Wherein, second network equipment is the former serving BS for servicing the UE, and when second network equipment is discharging Before the UE enters inactive state, Xiang Suoshu first network equipment sends the RRC recovery request message for verifying UE initiation Integrity protection verifies configuration information.
7. method according to claim 1-5, wherein the configuration information based on integrity protection verifying, Integrity protection verifying is carried out to the RRC recovery request message that the UE is sent, further includes:
Receive the RRC recovery request message that the UE is sent;
When integrity protection verifying configuration information corresponding there are the UE, confidence is matched based on integrity protection verifying Breath carries out integrity protection verifying to the RRC recovery request message that the UE is sent;
When integrity protection verifying configuration information corresponding there is no the UE, the corresponding anchor base station of the UE is addressed, so that The anchor base station, which is executed, carries out integrity protection verifying to RRC recovery request message.
8. method according to claim 1-3, wherein the RRC recovery request message sent to the UE Carry out integrity protection verifying, further includes:
According to UE identification information entrained in the RRC recovery request message, the short MAC-I of storage is found;
Integrity protection verifying is carried out based on the short MAC-I;
When the authentication succeeds, it is the UE addressing target network equipment, carries out the UE context and obtain;
When failing the authentication, refuse the UE.
9. according to claim 1,4 or 5 described in any item methods, wherein the RRC recovery request sent to the UE disappears Breath carries out integrity protection verifying, further includes:
According to identification information entrained in the RRC recovery request message, the key of storage is found;
Short MAC-I is at least calculated based on the key and the security algorithm;
Integrity protection verifying is carried out based on the short MAC-I being calculated;
When the authentication succeeds, it is the UE addressing target network equipment, carries out the UE context and obtain;
When failing the authentication, refuse the UE.
10. a kind of integrity verification method is applied to second network equipment, which comprises
When the former serving BS as UE and when saving the context of the UE, discharge the UE enter unactivated state it Before, it is sent to first network equipment and verifies configuration information about the integrity protection of the verifying UE RRC recovery request message initiated.
11. according to the method described in claim 10, wherein, the first network equipment and cell are in RAN notification area Base station and the cell of at least partly base station and one of cell in whole base stations and its cell.
12. according to the method for claim 11, wherein the integrity protection verifies configuration information, including it is following at least One of: at least one short MAC-I, UE Context identifier I-RNTI.
13. according to the method for claim 12, wherein the integrity protection verifies configuration information, further includes: described the The identification information of SSB corresponding at least one SSB that the Target cell frequency domain range of one network device management includes;
Also, at least one described short MAC-I, it is corresponding with the identification information of at least one SSB.
14. according to the method for claim 11, wherein the integrity protection verifies configuration information, including it is following at least One of: at least one key, UE Context identifier I-RNTI, security algorithm, the PCI of former serving BS, former serving BS C- RNTI。
15. according to the method for claim 14, wherein the integrity protection verifies configuration information, further includes:
The mark of SSB corresponding at least one SSB that the Target cell frequency domain range of the first network equipment management includes Know information;
Also, at least one described key, it is corresponding with the identification information of at least one SSB.
16. the described in any item methods of 0-15 according to claim 1 are sent to first network equipment about verifying UE initiation Before the integrity protection verifying configuration information of RRC recovery request message, the method also includes:
The corresponding key of at least one SSB and corresponding short MAC-I are calculated according to the frequency domain SSB configuration information of adjacent area;
Or
The corresponding key of at least one SSB is calculated according to the frequency domain SSB configuration information of adjacent area.
17. a kind of integrity verification method is applied to UE, which comprises
RRC recovery request message is sent to first network equipment.
18. according to the method for claim 17, wherein it is described to first network equipment send RRC recovery request message it Before, the method also includes:
According to the ARFCN and PCI information of current SSB, simultaneously short MAC-I is calculated in more new key.
19. a kind of first network equipment, comprising:
First communication unit is configured to the integrity protection verifying of the RRC recovery request message of verifying user equipment UE initiation Configuration information;
First processing units disappear to the RRC recovery request that the UE is sent based on the configuration information of integrity protection verifying Breath carries out integrity protection verifying.
20. first network equipment according to claim 19, wherein the integrity protection verifies configuration information, including At least one of: at least one short MAC-I, UE Context identifier I-RNTI.
21. first network equipment according to claim 20, wherein the integrity protection verifies configuration information, also wraps It includes: the mark of SSB corresponding at least one SSB that the Target cell frequency domain range of the first network equipment management includes Information;
Also, at least one described short MAC-I, it is corresponding with the identification information of at least one SSB.
22. first network equipment according to claim 19, wherein the integrity protection verifies configuration information, including At least one of: at least one key, UE Context identifier I-RNTI, security algorithm, the PCI of former serving BS, former service The C-RNTI of base station.
23. first network equipment according to claim 22, wherein the integrity protection verifies configuration information, also wraps It includes:
The mark of SSB corresponding at least one SSB that the Target cell frequency domain range of the first network equipment management includes Know information;
Also, at least one described key, it is corresponding with the identification information of at least one SSB.
24. the described in any item first network equipment of 9-23 according to claim 1, wherein first communication unit receives the The integrity protection for the RRC recovery request message initiated about verifying UE that two network equipments are sent verifies configuration information;Wherein, Second network equipment is the former serving BS for servicing the UE, and when second network equipment is discharging the UE entrance Before inactive state, Xiang Suoshu first network equipment sends the integrity protection of the RRC recovery request message for verifying UE initiation Verify configuration information.
25. the described in any item first network equipment of 9-23 according to claim 1, wherein first communication unit receives institute State the RRC recovery request message that UE is sent;
First processing units are protected when integrity protection verifying configuration information corresponding there are the UE based on the integrality The configuration information for protecting verifying carries out integrity protection verifying to the RRC recovery request message that the UE is sent;
When integrity protection verifying configuration information corresponding there is no the UE, the corresponding anchor base station of the UE is addressed, so that The anchor base station, which is executed, carries out integrity protection verifying to RRC recovery request message.
26. the described in any item first network equipment of 9-21 according to claim 1, wherein the first processing units, according to institute UE identification information entrained in RRC recovery request message is stated, the short MAC-I of storage is found;It has been carried out based on the short MAC-I Whole property protection verifying;When the authentication succeeds, it is the UE addressing target network equipment, carries out the UE context and obtain;When testing When card failure, refuse the UE.
27. the described in any item first network equipment in 9,22 or 23 according to claim 1, wherein the first processing units, root According to identification information entrained in the RRC recovery request message, the key of storage is found;At least based on the key and described Short MAC-I is calculated in security algorithm;Integrity protection verifying is carried out based on the short MAC-I being calculated;When verifying at It is the UE addressing target network equipment when function, carries out the UE context and obtain;When failing the authentication, refuse the UE.
28. a kind of second network equipment, comprising:
The second processing unit when the former serving BS as UE and when saving the context of the UE, enters discharging the UE Before unactivated state, the RRC recovery request initiated about verifying UE is sent to first network equipment by the second communication unit The integrity protection of message verifies configuration information;
Second communication unit sends the integrity protection to first network equipment and verifies configuration information.
29. second network equipment according to claim 28, wherein the first network equipment and cell notify for RAN Base station and the cell of whole base stations in region and its at least partly base station in cell and one of cell.
30. second network equipment according to claim 29, wherein the integrity protection verifies configuration information, including At least one of: at least one short MAC-I, UE Context identifier I-RNTI.
31. second network equipment according to claim 30, wherein the integrity protection verifies configuration information, also wraps It includes: the mark of SSB corresponding at least one SSB that the Target cell frequency domain range of the first network equipment management includes Information;
Also, at least one described short MAC-I, it is corresponding with the identification information of at least one SSB.
32. second network equipment according to claim 29, wherein the integrity protection verifies configuration information, including At least one of: at least one key, UE Context identifier I-RNTI, security algorithm, the PCI of former serving BS, former service The C-RNTI of base station.
33. second network equipment according to claim 32, wherein the integrity protection verifies configuration information, also wraps It includes:
The mark of SSB corresponding at least one SSB that the Target cell frequency domain range of the first network equipment management includes Know information;
Also, at least one described key, it is corresponding with the identification information of at least one SSB.
34. according to described in any item second network equipments of claim 28-33, the second processing unit, according to the frequency domain of adjacent area SSB configuration information calculates the corresponding key of at least one SSB and corresponding short MAC-I;
Or
The corresponding key of at least one SSB is calculated according to the frequency domain SSB configuration information of adjacent area.
35. a kind of UE, comprising:
Third communication unit sends RRC recovery request message to first network equipment.
36. UE according to claim 35, wherein the UE further include:
Third processing unit, according to the ARFCN and PCI information of current SSB, simultaneously short MAC-I is calculated in more new key.
37. a kind of network equipment, comprising: processor and the storage for storing the computer program that can be run on a processor Device,
Wherein, the processor is for when running the computer program, perform claim to require any one of 1-16 the method Step.
38. a kind of UE, comprising: processor and the memory for storing the computer program that can be run on a processor,
Wherein, the processor is for the step of when running the computer program, perform claim requires 17 or 18 the method.
39. a kind of computer storage medium, the computer storage medium is stored with computer executable instructions, the computer Executable instruction, which is performed, realizes the described in any item method and steps of claim 1-18.
CN201880002951.9A 2018-03-20 2018-03-20 Integrity verification method, network equipment, UE and computer storage medium Active CN109644354B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2018/079684 WO2019178755A1 (en) 2018-03-20 2018-03-20 Method for integrity validation, network device, ue, and computer storage medium

Publications (2)

Publication Number Publication Date
CN109644354A true CN109644354A (en) 2019-04-16
CN109644354B CN109644354B (en) 2021-10-26

Family

ID=66060201

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201880002951.9A Active CN109644354B (en) 2018-03-20 2018-03-20 Integrity verification method, network equipment, UE and computer storage medium

Country Status (2)

Country Link
CN (1) CN109644354B (en)
WO (1) WO2019178755A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111510924A (en) * 2018-02-23 2020-08-07 Oppo广东移动通信有限公司 Method and device for determining security algorithm and computer storage medium
WO2021088471A1 (en) * 2019-11-08 2021-05-14 华为技术有限公司 Connection resume method and apparatus
WO2022206362A1 (en) * 2021-04-02 2022-10-06 华为技术有限公司 Communication method and apparatus

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116074005A (en) * 2021-10-29 2023-05-05 华为技术有限公司 Secure communication method and related equipment
WO2023083691A1 (en) * 2021-11-10 2023-05-19 Telefonaktiebolaget Lm Ericsson (Publ) Generating an authentication token

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101848536A (en) * 2010-04-28 2010-09-29 新邮通信设备有限公司 Radio resource control connection reestablishment method and base station
US20110077010A1 (en) * 2009-09-29 2011-03-31 Samsung Electronics Co. Ltd. Method for processing radio link failure report and method for adjusting mobile parameter
CN102238542A (en) * 2010-04-20 2011-11-09 中兴通讯股份有限公司 Method and system for reestablishing radio resource control (RRC) of user equipment (UE) under relay node (RN)
CN102487507A (en) * 2010-12-01 2012-06-06 中兴通讯股份有限公司 Method and system for realizing integrality protection

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015018074A1 (en) * 2013-08-09 2015-02-12 Nokia Solutions And Networks Oy Methods and apparatus
WO2017123048A1 (en) * 2016-01-14 2017-07-20 Lg Electronics Inc. Method for connecting with network at ue in wireless communication system and apparatus therefor
CN107294723A (en) * 2016-03-31 2017-10-24 中兴通讯股份有限公司 The generation of message integrity authentication information and verification method, device and checking system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110077010A1 (en) * 2009-09-29 2011-03-31 Samsung Electronics Co. Ltd. Method for processing radio link failure report and method for adjusting mobile parameter
CN102238542A (en) * 2010-04-20 2011-11-09 中兴通讯股份有限公司 Method and system for reestablishing radio resource control (RRC) of user equipment (UE) under relay node (RN)
CN101848536A (en) * 2010-04-28 2010-09-29 新邮通信设备有限公司 Radio resource control connection reestablishment method and base station
CN102487507A (en) * 2010-12-01 2012-06-06 中兴通讯股份有限公司 Method and system for realizing integrality protection

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ERICSSON: "《3GPP TSG-SA WG3 Meeting #82 S3-160157》", 5 February 2016 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111510924A (en) * 2018-02-23 2020-08-07 Oppo广东移动通信有限公司 Method and device for determining security algorithm and computer storage medium
CN111510924B (en) * 2018-02-23 2021-10-01 Oppo广东移动通信有限公司 Method and device for determining security algorithm and computer storage medium
US11252566B2 (en) 2018-02-23 2022-02-15 Guangdong Oppo Mobile Telecommunications Corp., Ltd. Method and device for determining security algorithm, and computer storage medium
US11882450B2 (en) 2018-02-23 2024-01-23 Guangdong Oppo Mobile Telecommunications Corp., Ltd. Method and device for determining security algorithm, and computer storage medium
WO2021088471A1 (en) * 2019-11-08 2021-05-14 华为技术有限公司 Connection resume method and apparatus
WO2022206362A1 (en) * 2021-04-02 2022-10-06 华为技术有限公司 Communication method and apparatus

Also Published As

Publication number Publication date
CN109644354B (en) 2021-10-26
WO2019178755A1 (en) 2019-09-26

Similar Documents

Publication Publication Date Title
CN109644354A (en) A kind of integrity verification method, the network equipment, UE and computer storage medium
US10284540B2 (en) Secure method for MTC device triggering
US8798667B2 (en) Mobile communication method, mobile station and radio base station
CN102025685A (en) Authentication processing method and device
US10917789B2 (en) Radio link recovery for user equipment
CN108696872A (en) A kind of reorientation method and device
US20220124568A1 (en) Managing mcg fast recovery
CN101686463B (en) Method for protecting ability of user terminal, device and system
CN102223632A (en) Synchronization method and system for access layer security algorithm
WO2019233444A1 (en) Method and device for enhancing ue identifier security and computer storage medium
CN109792661B (en) CSFB (Circuit switched Fall Back) fall result detection method and device and computer storage medium
WO2018103655A1 (en) Method of accessing network apparatus, terminal apparatus thereof, and network apparatus
CN101867931B (en) Device and method for realizing non access stratum in wireless communication system
CN108124511B (en) CSFB (Circuit switched Fall Back) result detection method and device and storage medium
AU2024200711A1 (en) Managing security keys in a communication system
CN101184323B (en) Direct signaling connection rebuilding method
US9642113B2 (en) Paging procedure in a control node
CN104469745B (en) The application process and device of a kind of integrity protection parameter
CN108307373A (en) A kind of signal processing method and device
CN103858485A (en) Radio resource control connection reestablishment method, device and network system
CN108235826B (en) CSFB (Circuit switched Fall Back) fall result detection method and device and computer storage medium
WO2022067815A1 (en) Communication method and apparatus, and device
CN101835150B (en) Method, device and system for updating shared enciphered data
CN101018351A (en) Method for transferring the short data with the competitive channel
CN102638793A (en) Methods and device for authentication processing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant