CN110710241A - Integrity checking method, network equipment, terminal equipment and computer storage medium - Google Patents

Integrity checking method, network equipment, terminal equipment and computer storage medium Download PDF

Info

Publication number
CN110710241A
CN110710241A CN201880036992.XA CN201880036992A CN110710241A CN 110710241 A CN110710241 A CN 110710241A CN 201880036992 A CN201880036992 A CN 201880036992A CN 110710241 A CN110710241 A CN 110710241A
Authority
CN
China
Prior art keywords
context
msg3
terminal equipment
terminal device
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201880036992.XA
Other languages
Chinese (zh)
Inventor
唐海
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Publication of CN110710241A publication Critical patent/CN110710241A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses an integrity checking method, a network device, a terminal device and a computer storage medium, comprising the following steps: receiving an MSG3 message which is sent by a terminal device and contains an RRC connection recovery request; acquiring a context identifier of the terminal equipment and/or an identifier of target network equipment from the MSG3 and/or by decoding a PUSCH where the MSG3 is located; and acquiring the context of the terminal equipment from the target network equipment.

Description

Integrity checking method, network equipment, terminal equipment and computer storage medium Technical Field
The present invention relates to the field of information processing technologies, and in particular, to an integrity verification method, a network device, a terminal device, and a computer storage medium.
Background
In a 5G network environment, a new RRC state, that is, an RRC _ INACTIVE state, is defined for the purpose of reducing air interface signaling, quickly recovering radio connection, and quickly recovering data service. When the terminal device is in the RRC _ INACTIVE state, the network side configures a paging area of the RAN, which may be one cell or multiple cells, to the UE through dedicated signaling. When the UE moves in the area, the network side is not informed, and the mobility behavior under idle, namely the cell selection and reselection principle, is followed. When the UE moves out of the paging area configured by the RAN, the UE is triggered to recover RRC connection and reacquire the paging area configured by the RAN. When downlink data arrives at the UE, the gNB maintaining the connection between the RAN and the CN for the UE triggers all cells in the RAN paging area to send paging messages to the UE, so that the UE in INACTIVCE state can recover the RRC connection to receive data.
In the MSG3 in the random access procedure, that is, the RRC connectionresumerrequest message carries the AS context id information of the UE, the security information Short MAC-I, and the cause value, there is a risk that a false base station falsely sends the MSG3 message or other messages for the UE to cause a network attack in consideration of the possibility of existence of a security attack, and security protection needs to be performed on the message carrying the UE identification information and the cause value information.
Disclosure of Invention
In order to solve the above technical problems, embodiments of the present invention provide an integrity verification method, a network device, a terminal device, and a computer storage medium.
The embodiment of the invention provides an integrity protection method, which is applied to first network equipment and comprises the following steps:
receiving an MSG3 message which is sent by a terminal device and contains an RRC connection recovery request;
acquiring a context identifier of the terminal equipment and/or an identifier of target network equipment from the MSG3 and/or by decoding a PUSCH where the MSG3 is located;
and acquiring the context of the terminal equipment from the target network equipment.
The embodiment of the invention provides an integrity protection method, which is applied to terminal equipment and comprises the following steps:
sending an MSG3 message containing an RRC connection recovery request to a network side; and the RRC connection recovery request carries a context identifier of the terminal equipment.
The embodiment of the invention provides a first network device, and the method comprises the following steps:
a first communication unit, which receives the MSG3 message containing RRC connection recovery request sent by the terminal device; acquiring the context of the terminal equipment from the target network equipment;
and the first processing unit is used for acquiring the context identifier of the terminal equipment and/or the identifier of the target network equipment from the MSG3 and/or by decoding the PUSCH where the MSG3 is located.
An embodiment of the present invention provides a terminal device, where the terminal device includes:
the second communication unit sends an MSG3 message containing an RRC connection recovery request to the network side; and the RRC connection recovery request carries a context identifier of the terminal equipment.
A first network device provided in an embodiment of the present invention includes: a processor and a memory for storing a computer program capable of running on the processor,
wherein the processor is configured to perform the steps of the aforementioned method when running the computer program.
The terminal device provided by the embodiment of the invention comprises: a processor and a memory for storing a computer program capable of running on the processor,
wherein the processor is configured to perform the steps of the aforementioned method when running the computer program.
Embodiments of the present invention provide a computer storage medium, which stores computer-executable instructions, and when executed, implement the foregoing method steps.
According to the technical scheme of the embodiment of the invention, the context identifier of the terminal equipment can be sent to the network side in an MAC CE mode or carried by scrambling PUSCH (physical uplink shared channel), so that the network equipment can identify the target base station corresponding to the terminal equipment and search the context from the target base station. Therefore, when the current cell managed by the network equipment accessed by the terminal equipment has no terminal equipment context, the context can be obtained from the target base station according to the terminal equipment context identifier, and the reliability of the network accessed by the terminal equipment is improved.
Drawings
Fig. 1 is a schematic flowchart of an integrity verification method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a network architecture;
fig. 3 is a schematic diagram of a first network device according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a structure of a terminal device according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a hardware architecture according to an embodiment of the present invention.
Detailed Description
So that the manner in which the features and aspects of the embodiments of the present invention can be understood in detail, a more particular description of the embodiments of the invention, briefly summarized above, may be had by reference to the embodiments, some of which are illustrated in the appended drawings.
The first embodiment,
An embodiment of the present invention provides an integrity protection method, which is applied to a first network device, and as shown in fig. 1, the method includes:
step 101: receiving an MSG3 message which is sent by a terminal device and contains an RRC connection recovery request;
step 102: acquiring a context identifier of the terminal equipment and/or an identifier of target network equipment from the MSG3 and/or by decoding a PUSCH where the MSG3 is located;
step 103: and acquiring the context of the terminal equipment from the target network equipment.
In this embodiment, the first network device may be understood as a current serving base station of the terminal device, for example, as shown in fig. 2, the terminal device is a User Equipment (UE) in the drawing, the current UE is in a coverage of the serving base station, that is, a serving gNB, and the target network device may be understood as an Anchor base station (Anchor gNB) that stores a context of the terminal device.
In step 103, the obtaining the context of the terminal device from the target network device may specifically include the following two implementation manners:
in a first way,
Sending TB data containing the terminal equipment context identifier to the target network equipment;
when the target network equipment determines that the integrity check is successful, acquiring the context of the terminal equipment from the target network equipment, and recovering the context of the terminal equipment;
and when the target network equipment determines that the integrity check fails, acquiring an instruction for rejecting the terminal equipment from the target network equipment, and rejecting the request for recovering the context of the terminal equipment.
Specifically, the first network device may forward the TB data to the target base station (i.e., the target network device) when the context of the terminal device needs to be acquired; the target base station decodes the TB data to obtain the UE AS context id, then finds out the UE context, restores the SRB1 according to the UE AS context, and performs decoding and integrity verification and/or decryption;
accordingly, if the integrity verification of the target network device (i.e., the target base station) is successful, the context of the UE is sent to the serving base station. The serving base station restores the context of the UE; if the integrity protection verification fails, the serving base station is notified to reject the UE.
The second way,
Acquiring the terminal equipment context from the target network equipment based on the terminal equipment context identification; decoding and integrity checking are carried out on TB data containing the terminal equipment context identifier; when the integrity check is successful, determining to recover the context of the terminal equipment; and when the integrity check fails, determining to reject the terminal equipment context recovery request.
Specifically, a first network device (i.e., serving base station) asks a target base station for a UE context through a UE AS context id; the first network device (i.e., the serving base station) restores the context of the UE. The TB data is then decoded and integrity verified, and/or decrypted.
Accordingly, if the integrity verification is successful, the first network device (i.e., the serving base station) restores the context of the UE; if the integrity protection verification fails, the UE is rejected.
On the basis of the foregoing solution, the present embodiment further performs the following descriptions of various scenarios on how to obtain the context identifier of the terminal device:
scenario 1, when the UE initiates RRC connection recovery, the UE uses the key of the original AS context to perform integrity protection, and determines to send the result to the network side on SRB 1. Accordingly, the specific operations at the network side may include:
the MSG3 message containing the RRC connection recovery request sent by the receiving terminal device includes:
handing the RRC connection resume request to the MAC layer of SRB 0; decoding by the MAC layer to determine that the TB data is data of SRB 1.
The obtaining of the context identifier of the terminal device and/or the identifier of the target network device from the MSG3 and/or by decoding the PUSCH where the MSG3 is located includes:
receiving an RRC connection recovery request sent by the terminal equipment in MSG3, and acquiring the MAC CE carrying the context identifier of the terminal equipment from the MSG 3; and obtaining the context identifier of the terminal equipment by decoding the MAC CE, and determining the identifier of the target network equipment.
Further, the UE firstly performs a contention random access procedure, sends an RRC connection recovery request message to the network side in MSG3, and adds a MAC CE of the UE AS context id in MSG 3. At this time, the PUSCH is scrambled by using the temporary C-RNTI allocated in the RAR in the MSG 2.
On the basis of the foregoing processing on the terminal device side, the network side may further perform the following processing: a temporary C-RNTI is allocated to the terminal device in a random access response, RAR, in MSG 2. Correspondingly, the MSG3 message containing the RRC connection recovery request sent by the receiving terminal device further includes: and descrambling the RRC connection recovery request sent by the terminal equipment in the MSG3 on the PUSCH based on the temporary C-RNTI.
That is, the network side descrambles the data through the temporary C-RNTI on the PUSCH, then submits the UE to the MAC layer of SRB0, MAC decodes to find that the TB data is data on SRB1, and decodes the UE AS context id, and finds the target network device according to the UE AS context id.
Scene 2,
Broadcasting a leader sequence to the terminal equipment through system broadcasting or stipulating a full-network unique leader sequence by a protocol;
wherein the preamble sequence is used for MSG3 to send SRB1 messages.
That is, the network side allocates a dedicated preamble to the terminal device (i.e., UE), where the preamble may be unique in the whole network or unique in a cell, and broadcasts the reserved preamble in the system broadcast. The preamble is used to indicate the UE-initiated RRC connection recovery request, sent using SRB1, and/or using integrity protection, and/or using ciphering, etc.
If the UE resumes RRC connection and sends with SRB1, and/or integrity protection, and/or ciphering. The UE transmits the dedicated preamble.
After receiving the dedicated preamble, the UE responds to the RAR, specifically, the network side sends a random access response to the terminal device, where the random access response at least carries an uplink scheduling resource and a temporary C-RNTI.
The UE sends an RRC connection recovery request according to the uplink scheduling resources in the RAR; and the network side receives the MSG3 message which is sent by the terminal equipment through the PUSCH and contains the RRC connection recovery request.
Further, the PUSCH on which the terminal device (i.e., UE) sends the message may be scrambled with the gNB ID portion of the UE as context ID, or C-RNTI within the RAR, or UE context ID scrambling, etc.
Correspondingly, when the PUSCH is scrambled for a base station identifier part based on a terminal device context identifier, the identifier of the target network device is obtained through blind solution, and the carried terminal device context identifier is obtained based on MSG3 decoding;
when the PUSCH is scrambled based on the terminal context identifier, acquiring the terminal equipment context identifier through blind solution, and determining the identifier of a target base station (target network equipment);
that is, if the gNB ID of the UE as context ID is scrambled or the UE as context ID is scrambled, the network side obtains the identifier of the target base station through blind solution.
And when the PUSCH is scrambled based on the temporary C-RNTI, acquiring the carried context identifier of the terminal equipment based on MSG3 decoding, and determining the identifier of a target base station.
Namely, the terminal equipment scrambles by using the C-RNTI in the RAR, and at the moment, the MSG3 carries the UE context id MAC CE. And finding the target base station.
Therefore, by adopting the scheme, the context identifier of the terminal equipment can be sent to the network side in an MAC CE mode or carried by scrambling PUSCH (physical uplink shared channel), so that the network equipment can identify the target base station corresponding to the terminal equipment and search the context from the target base station. Therefore, when the current cell managed by the network equipment accessed by the terminal equipment has no terminal equipment context, the context can be obtained from the target base station according to the terminal equipment context identifier, and the reliability of the network access of the terminal equipment and the system processing efficiency are improved.
Example II,
The embodiment of the invention provides an integrity protection method, which is applied to terminal equipment and comprises the following steps:
sending an MSG3 message containing an RRC connection recovery request to a network side; and the RRC connection recovery request carries a context identifier of the terminal equipment.
In this embodiment, the first network device may be understood as a current serving base station of the terminal device, for example, as shown in fig. 2, the terminal device is a User Equipment (UE) in the drawing, the current UE is in a coverage of the serving base station, that is, a serving gNB, and the target network device may be understood as an Anchor base station (Anchor gNB) that stores a context of the terminal device.
The present embodiment provides the following two scenarios for sending an RRC connection resume request:
scene 1,
The sending of the MSG3 message containing the RRC connection recovery request to the network side includes:
resume UE AS context and SRB 1;
using a key and a security algorithm in the UE AS context to perform integrity protection and/or encryption on the RRC connection recovery request message;
and sending an RRC connection recovery request in the MSG3, and acquiring the MAC CE carrying the context identifier of the terminal equipment in the MSG 3.
The terminal equipment firstly carries out a competition random access process, transmits an RRC connection recovery request message to a network side in the MSG3, and adds an MAC CE of the UE AS context id in the MSG 3. At this time, the temporary C-RNTI allocated by the network side is acquired from the random access response RAR in the MSG 2. Specifically, the RRC connection recovery request sent in MSG3 on PUSCH is scrambled based on the temporary C-RNTI. That is, the terminal device scrambles the PUSCH by using the temporary C-RNTI allocated in the RAR in the MSG 2.
On the basis of the foregoing processing on the terminal device side, the network side may further perform the following processing: a temporary C-RNTI is allocated to the terminal device in a random access response, RAR, in MSG 2. Correspondingly, the MSG3 message containing the RRC connection recovery request sent by the receiving terminal device further includes: and descrambling the RRC connection recovery request sent by the terminal equipment in the MSG3 on the PUSCH based on the temporary C-RNTI.
That is, the network side descrambles the data through the temporary C-RNTI on the PUSCH, then submits the UE to the MAC layer of SRB0, MAC decodes to find that the TB data is data on SRB1, and decodes the UE AS context id, and finds the target network device according to the UE AS context id.
Scene 2,
Acquiring a leader sequence distributed by a network side through system broadcasting or specifying a unique leader sequence of the whole network by a protocol; wherein the preamble sequence is used for MSG3 to send SRB1 messages.
That is, the network side allocates a dedicated preamble to the terminal device (i.e., UE), where the preamble may be unique in the whole network or unique in a cell, and broadcasts the reserved preamble in the system broadcast. The preamble is used to indicate the UE-initiated RRC connection recovery request, sent using SRB1, and/or using integrity protection, and/or using ciphering, etc.
If the UE resumes RRC connection and sends with SRB1, and/or integrity protection, and/or ciphering. The UE transmits the dedicated preamble.
After receiving the special preamble, the UE receives a random access response sent by a network side; at least obtaining uplink scheduling resources and a temporary C-RNTI in the random access response; and sending an RRC connection recovery request based on the PUSCH corresponding to the uplink scheduling resource. Specifically, the network side sends a random access response to the terminal device, and the random access response at least carries uplink scheduling resources and the temporary C-RNTI.
Scrambling is carried out on the basis of a base station identification part of a context identification of the terminal equipment, or on the basis of the context identification of the terminal equipment or on the basis of a C-RNTI (radio network temporary identifier); correspondingly, the network side receives the MSG3 message which is sent by the terminal equipment through the PUSCH and contains the RRC connection recovery request.
Further, the PUSCH on which the terminal device (i.e., UE) sends the message may be scrambled with the gNB ID portion of the UE as context ID, or C-RNTI within the RAR, or UE context ID scrambling, etc.
Correspondingly, when the PUSCH is scrambled for a base station identifier part based on a terminal device context identifier, the identifier of the target network device is obtained through blind solution, and the carried terminal device context identifier is obtained based on MSG3 decoding;
when the PUSCH is scrambled based on the terminal context identifier, acquiring the terminal equipment context identifier through blind solution, and determining the identifier of a target base station (target network equipment);
that is, if the gNB ID of the UE as context ID is scrambled or the UE as context ID is scrambled, the network side obtains the identifier of the target base station through blind solution.
And when the PUSCH is scrambled based on the temporary C-RNTI, acquiring the carried context identifier of the terminal equipment based on MSG3 decoding, and determining the identifier of a target base station.
Namely, the terminal equipment scrambles by using the C-RNTI in the RAR, and at the moment, the MSG3 carries the UE context id MAC CE. And finding the target base station.
Therefore, by adopting the scheme, the context identifier of the terminal equipment can be sent to the network side in an MAC CE mode or carried by scrambling PUSCH (physical uplink shared channel), so that the network equipment can identify the target base station corresponding to the terminal equipment and search the context from the target base station. Therefore, when the current cell managed by the network equipment accessed by the terminal equipment has no terminal equipment context, the context can be obtained from the target base station according to the terminal equipment context identifier, and the reliability of the network access of the terminal equipment and the system processing efficiency are improved.
Example III,
An embodiment of the present invention provides a first network device, as shown in fig. 3, including:
a first communication unit 31, receiving an MSG3 message containing an RRC connection recovery request from a terminal device; acquiring the context of the terminal equipment from the target network equipment;
the first processing unit 32 obtains the context identifier of the terminal device and/or the identifier of the target network device from the MSG3 and/or by decoding the PUSCH in which the MSG3 is located.
In this embodiment, the first network device may be understood as a current serving base station of the terminal device, for example, as shown in fig. 2, the terminal device is a User Equipment (UE) in the drawing, the current UE is in a coverage of the serving base station, that is, a serving gNB, and the target network device may be understood as an Anchor base station (Anchor gNB) that stores a context of the terminal device.
The obtaining of the context of the terminal device from the target network device may specifically include the following two implementation manners:
in a first way,
The first communication unit 31 is configured to send TB data including the terminal device context identifier to the target network device;
when the target network equipment determines that the integrity check is successful, acquiring the context of the terminal equipment from the target network equipment, and recovering the context of the terminal equipment;
and when the target network equipment determines that the integrity check fails, acquiring an instruction for rejecting the terminal equipment from the target network equipment, and rejecting the request for recovering the context of the terminal equipment.
Specifically, the first network device may forward the TB data to the target base station (i.e., the target network device) when the context of the terminal device needs to be acquired; the target base station decodes the TB data to obtain the UE AS context id, then finds out the UE context, restores the SRB1 according to the UE AS context, and performs decoding and integrity verification and/or decryption;
accordingly, if the integrity verification of the target network device (i.e., the target base station) is successful, the context of the UE is sent to the serving base station. The serving base station restores the context of the UE; if the integrity protection verification fails, the serving base station is notified to reject the UE.
The second way,
A first communication unit 31, configured to acquire the terminal device context from the target network device based on the terminal device context identifier; the first processing unit 32, which decodes and integrity checks TB data containing the terminal device context identifier; when the integrity check is successful, determining to recover the context of the terminal equipment; and when the integrity check fails, determining to reject the terminal equipment context recovery request.
Specifically, a first network device (i.e., serving base station) asks a target base station for a UE context through a UE AS context id; the first network device (i.e., the serving base station) restores the context of the UE. The TB data is then decoded and integrity verified, and/or decrypted.
Accordingly, if the integrity verification is successful, the first network device (i.e., the serving base station) restores the context of the UE; if the integrity protection verification fails, the UE is rejected.
On the basis of the foregoing solution, the present embodiment further performs the following descriptions of various scenarios on how to obtain the context identifier of the terminal device:
scenario 1, when the UE initiates RRC connection recovery, the UE uses the key of the original AS context to perform integrity protection, and determines to send the result to the network side on SRB 1. Accordingly, the specific operations at the network side may include:
a first communication unit 31 that gives the RRC connection resumption request to a MAC layer of the SRB 0; decoding by the MAC layer to determine that the TB data is data of SRB 1.
The first processing unit is configured to receive an RRC connection recovery request sent by the terminal device in MSG3, and obtain, from MSG3, an MAC CE carrying a context identifier of the terminal device; and obtaining the context identifier of the terminal equipment by decoding the MAC CE, and determining the identifier of the target network equipment.
Further, the UE firstly performs a contention random access procedure, sends an RRC connection recovery request message to the network side in MSG3, and adds a MAC CE of the UE AS context id in MSG 3. At this time, the PUSCH is scrambled by using the temporary C-RNTI allocated in the RAR in the MSG 2.
On the basis of the foregoing processing on the terminal device side, the network side may further perform the following processing: the first communication unit 31 allocates a temporary C-RNTI to the terminal device in a random access response, RAR, in MSG 2. Correspondingly, the MSG3 message containing the RRC connection recovery request sent by the receiving terminal device further includes: the first processing unit 32 descrambles the RRC connection recovery request sent by the terminal device in the MSG3 on the PUSCH based on the temporary C-RNTI.
That is, the network side descrambles the data through the temporary C-RNTI on the PUSCH, then submits the UE to the MAC layer of SRB0, MAC decodes to find that the TB data is data on SRB1, and decodes the UE AS context id, and finds the target network device according to the UE AS context id.
Scene 2,
A first communication unit 31, which broadcasts a preamble sequence to the terminal device by system broadcast, or defines a full-network unique preamble sequence by a protocol;
wherein the preamble sequence is used for MSG3 to send SRB1 messages.
That is, the network side allocates a dedicated preamble to the terminal device (i.e., UE), where the preamble may be unique in the whole network or unique in a cell, and broadcasts the reserved preamble in the system broadcast. The preamble is used to indicate the UE-initiated RRC connection recovery request, sent using SRB1, and/or using integrity protection, and/or using ciphering, etc.
If the UE resumes RRC connection and sends with SRB1, and/or integrity protection, and/or ciphering. The UE transmits the dedicated preamble.
After receiving the dedicated preamble, the UE responds to the RAR, specifically, the first communication unit 31 sends a random access response to the terminal device, where the random access response at least carries an uplink scheduling resource and a temporary C-RNTI.
The UE sends an RRC connection recovery request according to the uplink scheduling resources in the RAR; and the network side receives the MSG3 message which is sent by the terminal equipment through the PUSCH and contains the RRC connection recovery request.
Further, the PUSCH on which the terminal device (i.e., UE) sends the message may be scrambled with the gNB ID portion of the UE as context ID, or C-RNTI within the RAR, or UE context ID scrambling, etc.
Correspondingly, when the PUSCH is scrambled for a base station identifier based on a terminal device context identifier, the first processing unit obtains the identifier of the target network device through blind solution, and obtains the carried terminal device context identifier based on MSG3 decoding;
when the PUSCH is scrambled based on the terminal context identifier, acquiring the terminal equipment context identifier through blind solution, and determining the identifier of a target base station (target network equipment);
that is, if the gNB ID of the UE as context ID is scrambled or the UE as context ID is scrambled, the network side obtains the identifier of the target base station through blind solution.
And when the PUSCH is scrambled based on the temporary C-RNTI, acquiring the carried context identifier of the terminal equipment based on MSG3 decoding, and determining the identifier of a target base station.
Namely, the terminal equipment scrambles by using the C-RNTI in the RAR, and at the moment, the MSG3 carries the UE context id MAC CE. And finding the target base station.
Therefore, by adopting the scheme, the context identifier of the terminal equipment can be sent to the network side in an MAC CE mode or carried by scrambling PUSCH (physical uplink shared channel), so that the network equipment can identify the target base station corresponding to the terminal equipment and search the context from the target base station. Therefore, when the current cell managed by the network equipment accessed by the terminal equipment has no terminal equipment context, the context can be obtained from the target base station according to the terminal equipment context identifier, and the reliability of the network access of the terminal equipment and the system processing efficiency are improved.
Example four,
An embodiment of the present invention provides a terminal device, as shown in fig. 4, including:
a second communication unit 41, configured to send an MSG3 message including an RRC connection recovery request to the network side; and the RRC connection recovery request carries a context identifier of the terminal equipment.
In this embodiment, the first network device may be understood as a current serving base station of the terminal device, for example, as shown in fig. 2, the terminal device is a User Equipment (UE) in the drawing, the current UE is in a coverage of the serving base station, that is, a serving gNB, and the target network device may be understood as an Anchor base station (Anchor gNB) that stores a context of the terminal device.
The present embodiment provides the following two scenarios for sending an RRC connection resume request:
scene 1,
The terminal device further includes:
a second processing unit 42, restoring UE AS context and SRB 1; using a key and a security algorithm in the UE AS context to perform integrity protection and/or encryption on the RRC connection recovery request message;
the second communication unit 41 sends an RRC connection recovery request in the MSG3, and acquires the MAC CE carrying the context identifier of the terminal device in the MSG 3.
The terminal equipment firstly carries out a competition random access process, transmits an RRC connection recovery request message to a network side in the MSG3, and adds an MAC CE of the UE AS context id in the MSG 3. At this time, the temporary C-RNTI allocated by the network side is acquired from the random access response RAR in the MSG 2. Specifically, the RRC connection recovery request sent in MSG3 on PUSCH is scrambled based on the temporary C-RNTI. That is, the terminal device scrambles the PUSCH by using the temporary C-RNTI allocated in the RAR in the MSG 2.
On the basis of the foregoing processing on the terminal device side, the network side may further perform the following processing: a temporary C-RNTI is allocated to the terminal device in a random access response, RAR, in MSG 2. Correspondingly, the MSG3 message containing the RRC connection recovery request sent by the receiving terminal device further includes: and descrambling the RRC connection recovery request sent by the terminal equipment in the MSG3 on the PUSCH based on the temporary C-RNTI.
That is, the network side descrambles the data through the temporary C-RNTI on the PUSCH, then submits the UE to the MAC layer of SRB0, MAC decodes to find that the TB data is data on SRB1, and decodes the UE AS context id, and finds the target network device according to the UE AS context id.
Scene 2,
The second communication unit 41 obtains a leader sequence allocated by a network side through system broadcasting or a protocol-specified full-network unique leader sequence; wherein the preamble sequence is used for MSG3 to send SRB1 messages.
That is, the network side allocates a dedicated preamble to the terminal device (i.e., UE), where the preamble may be unique in the whole network or unique in a cell, and broadcasts the reserved preamble in the system broadcast. The preamble is used to indicate the UE-initiated RRC connection recovery request, sent using SRB1, and/or using integrity protection, and/or using ciphering, etc.
If the UE resumes RRC connection and sends with SRB1, and/or integrity protection, and/or ciphering. The UE transmits the dedicated preamble.
After the UE receives the dedicated preamble, the second communication unit 41 receives a random access response sent by the network side; at least obtaining uplink scheduling resources and a temporary C-RNTI in the random access response; and sending an RRC connection recovery request based on the PUSCH corresponding to the uplink scheduling resource. Specifically, the network side sends a random access response to the terminal device, and the random access response at least carries uplink scheduling resources and the temporary C-RNTI.
The second processing unit is used for scrambling based on a base station identification part of a context identification of the terminal equipment, or based on the context identification of the terminal equipment or based on the PUSCH; correspondingly, the network side receives the MSG3 message which is sent by the terminal equipment through the PUSCH and contains the RRC connection recovery request.
Further, the PUSCH on which the terminal device (i.e., UE) sends the message may be scrambled with the gNB ID portion of the UE as context ID, or C-RNTI within the RAR, or UE context ID scrambling, etc.
Correspondingly, when the PUSCH is scrambled for a base station identifier part based on a terminal device context identifier, the identifier of the target network device is obtained through blind solution, and the carried terminal device context identifier is obtained based on MSG3 decoding;
when the PUSCH is scrambled based on the terminal context identifier, acquiring the terminal equipment context identifier through blind solution, and determining the identifier of a target base station (target network equipment);
that is, if the gNB ID of the UE as context ID is scrambled or the UE as context ID is scrambled, the network side obtains the identifier of the target base station through blind solution.
And when the PUSCH is scrambled based on the temporary C-RNTI, acquiring the carried context identifier of the terminal equipment based on MSG3 decoding, and determining the identifier of a target base station.
Namely, the terminal equipment scrambles by using the C-RNTI in the RAR, and at the moment, the MSG3 carries the UE context id MAC CE. And finding the target base station.
Therefore, by adopting the scheme, the context identifier of the terminal equipment can be sent to the network side in an MAC CE mode or carried by scrambling PUSCH (physical uplink shared channel), so that the network equipment can identify the target base station corresponding to the terminal equipment and search the context from the target base station. Therefore, when the current cell managed by the network equipment accessed by the terminal equipment has no terminal equipment context, the context can be obtained from the target base station according to the terminal equipment context identifier, and the reliability of the network access of the terminal equipment and the system processing efficiency are improved.
An embodiment of the present invention further provides a hardware composition architecture of a network device or a terminal device, as shown in fig. 5, including: at least one processor 51, a memory 52, at least one network interface 53. The various components are coupled together by a bus system 54. It will be appreciated that the bus system 54 is used to enable communications among the components. The bus system 54 includes a power bus, a control bus, and a status signal bus in addition to the data bus. For clarity of illustration, however, the various buses are labeled as bus system 54 in fig. 5.
It will be appreciated that the memory 52 in embodiments of the invention may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory.
In some embodiments, memory 52 stores the following elements, executable modules or data structures, or a subset thereof, or an expanded set thereof:
an operating system 521 and application programs 522.
Wherein the processor 51 is configured to: the method steps of the first or second embodiment can be processed, and are not described herein again.
In an embodiment of the present invention, a computer storage medium is provided, where computer-executable instructions are stored, and when executed, the computer-executable instructions implement the method steps of the first or second embodiment.
The device according to the embodiment of the present invention may also be stored in a computer-readable storage medium if it is implemented in the form of a software functional module and sold or used as an independent product. Based on such understanding, the technical solutions of the embodiments of the present invention may be essentially implemented or a part contributing to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read Only Memory (ROM), a magnetic disk, or an optical disk. Thus, embodiments of the invention are not limited to any specific combination of hardware and software.
Correspondingly, the embodiment of the present invention further provides a computer storage medium, in which a computer program is stored, and the computer program is configured to execute the data scheduling method of the embodiment of the present invention.
Although the preferred embodiments of the present invention have been disclosed for illustrative purposes, those skilled in the art will appreciate that various modifications, additions and substitutions are possible, and the scope of the invention should not be limited to the embodiments described above.

Claims (43)

  1. An integrity protection method applied to a first network device, the method comprising:
    receiving an MSG3 message which is sent by a terminal device and contains an RRC connection recovery request;
    acquiring a context identifier of the terminal equipment and/or an identifier of target network equipment from the MSG3 and/or by decoding a PUSCH where the MSG3 is located;
    and acquiring the context of the terminal equipment from the target network equipment.
  2. The method of claim 1, wherein the obtaining the terminal device context from the target network device comprises:
    sending TB data containing the terminal equipment context identifier to the target network equipment;
    and when the target network equipment determines that the integrity check is successful, acquiring the context of the terminal equipment from the target network equipment, and recovering the context of the terminal equipment.
  3. The method of claim 2, wherein the method further comprises:
    and when the target network equipment determines that the integrity check fails, acquiring an instruction for rejecting the terminal equipment from the target network equipment, and rejecting the request for recovering the context of the terminal equipment.
  4. The method of claim 1, wherein the obtaining the terminal device context from the target network device comprises:
    acquiring the terminal equipment context from the target network equipment based on the terminal equipment context identification;
    decoding and integrity checking are carried out on TB data containing the terminal equipment context identifier;
    and when the integrity check is successful, determining to restore the context of the terminal equipment.
  5. The method of claim 4, wherein the method further comprises:
    and when the integrity check fails, determining to reject the terminal equipment context recovery request.
  6. The method according to any of claims 1-5, wherein the receiving of the MSG3 message containing the RRC connection recovery request from the terminal device comprises:
    handing the RRC connection resume request to the MAC layer of SRB 0;
    decoding by the MAC layer to determine that the TB data is data of SRB 1.
  7. The method of claim 6, wherein the obtaining of the terminal device context identifier and/or the target network device identifier from the MSG3 and/or by decoding the PUSCH with MSG3 comprises:
    receiving an RRC connection recovery request sent by the terminal equipment in MSG3, and acquiring the MAC CE carrying the context identifier of the terminal equipment from the MSG 3;
    and obtaining the context identifier of the terminal equipment by decoding the MAC CE, and determining the identifier of the target network equipment.
  8. The method of claim 7, wherein the method further comprises:
    a temporary C-RNTI is allocated to the terminal device in a random access response, RAR, in MSG 2.
  9. The method of claim 8, wherein the receiving the MSG3 message containing the RRC connection recovery request from the terminal device further comprises:
    and descrambling the RRC connection recovery request sent by the terminal equipment in the MSG3 on the PUSCH based on the temporary C-RNTI.
  10. The method of any of claims 1-5, wherein the method further comprises:
    broadcasting a leader sequence to the terminal equipment through system broadcasting or stipulating a full-network unique leader sequence by a protocol;
    wherein the preamble sequence is used for MSG3 to send SRB1 messages.
  11. The method of claim 10, wherein the method further comprises:
    and sending a random access response to the terminal equipment, wherein the random access response at least carries uplink scheduling resources and the temporary C-RNTI.
  12. The method of claim 10, wherein the receiving the MSG3 message containing the RRC connection recovery request from the terminal device comprises:
    and receiving the MSG3 message which is sent by the terminal equipment through the PUSCH and contains the RRC connection recovery request.
  13. The method of claim 12, wherein the base method further comprises:
    when the PUSCH is scrambled for a base station identification part based on the context identification of the terminal equipment, acquiring the identification of the target network equipment through blind solution, and acquiring the carried context identification of the terminal equipment based on MSG3 decoding;
    when the PUSCH is scrambled based on the terminal context identifier, acquiring the terminal equipment context identifier through blind solution, and determining the identifier of target network equipment;
    when the PUSCH is scrambled based on the temporary C-RNTI, the carried context identifier of the terminal equipment is obtained based on MSG3 decoding, and the identifier of target network equipment is determined; the MSG3 carries the MAC CE of the terminal device context identifier.
  14. An integrity protection method is applied to terminal equipment, and the method comprises the following steps:
    sending an MSG3 message containing an RRC connection recovery request to a network side; and the RRC connection recovery request carries a context identifier of the terminal equipment.
  15. The method of claim 14, wherein the sending the MSG3 message containing the RRC connection recovery request to the network side comprises:
    resume UE AS context and SRB 1;
    using a key and a security algorithm in the UE AS context to perform integrity protection and/or encryption on the RRC connection recovery request message;
    and sending an RRC connection recovery request in the MSG3, and acquiring the MAC CE carrying the context identifier of the terminal equipment in the MSG 3.
  16. The method of claim 15, wherein the method further comprises:
    and acquiring the temporary C-RNTI allocated by the network side from a random access response RAR in the MSG 2.
  17. The method of claim 16, wherein the method further comprises:
    the RRC connection recovery request sent in MSG3 on PUSCH is scrambled based on the temporary C-RNTI.
  18. The method of claim 14, wherein the method further comprises:
    acquiring a leader sequence distributed by a network side through system broadcasting or specifying a unique leader sequence of the whole network by a protocol;
    wherein the preamble sequence is used for MSG3 to send SRB1 messages.
  19. The method of claim 18, wherein the method further comprises:
    receiving a random access response sent by a network side;
    at least obtaining uplink scheduling resources and a temporary C-RNTI in the random access response;
    and sending an RRC connection recovery request based on the PUSCH corresponding to the uplink scheduling resource.
  20. The method of claim 19, wherein the method further comprises:
    and scrambling is carried out on the basis of a base station identification part of the context identification of the terminal equipment, or on the basis of the context identification of the terminal equipment or on the basis of the C-RNTI (radio network temporary identifier).
  21. A first network device, the method comprising:
    a first communication unit, which receives the MSG3 message containing RRC connection recovery request sent by the terminal device; acquiring the context of the terminal equipment from the target network equipment;
    and the first processing unit is used for acquiring the context identifier of the terminal equipment and/or the identifier of the target network equipment from the MSG3 and/or by decoding the PUSCH where the MSG3 is located.
  22. The first network device of claim 21, wherein the first communication unit is configured to send TB data including the terminal device context identifier to the target network device; and when the target network equipment determines that the integrity check is successful, acquiring the context of the terminal equipment from the target network equipment, and recovering the context of the terminal equipment.
  23. The first network device of claim 22, wherein the first communication unit, when the target network device determines that integrity check fails, obtains an indication from the target network device to reject the terminal device and rejects the terminal device resume context request.
  24. The first network device of claim 21, wherein the first communication unit obtains the terminal device context from the target network device based on the terminal device context identifier;
    the first processing unit is used for decoding and integrity checking the TB data containing the context identifier of the terminal equipment; and when the integrity check is successful, determining to restore the context of the terminal equipment.
  25. The first network device of claim 24, wherein the first processing unit determines to reject the terminal device recovery context request when the integrity check fails.
  26. The first network device of any of claims 21-25, wherein the first communication unit is to hand the RRC connection resume request to a MAC layer of an SRB 0;
    decoding by the MAC layer to determine that the TB data is data of SRB 1.
  27. The first network device of claim 26, wherein the first processing unit receives an RRC connection recovery request sent by the terminal device in MSG3, and obtains a MAC CE carrying the context identifier of the terminal device from the MSG 3; and obtaining the context identifier of the terminal equipment by decoding the MAC CE, and determining the identifier of the target network equipment.
  28. The first network device of claim 27, wherein the first communication unit allocates a temporary C-RNTI to the terminal device in a random access response, RAR, in MSG 2.
  29. The first network device of claim 28, wherein the first processing unit is configured to descramble an RRC connection recovery request sent by the terminal device in MSG3 on PUSCH based on a temporary C-RNTI.
  30. The first network device of any of claims 21-25, wherein the first communication unit is configured to broadcast a preamble sequence to the terminal device via system broadcast, or a protocol specifying a network-wide unique preamble sequence;
    wherein the preamble sequence is used for MSG3 to send SRB1 messages.
  31. The first network device of claim 30, wherein the first communication unit sends a random access response to the terminal device, and the random access response at least carries uplink scheduling resources and a temporary C-RNTI.
  32. The first network device of claim 30, wherein the first communication unit is configured to receive an MSG3 message containing an RRC connection recovery request sent by a terminal device over a PUSCH.
  33. The first network device of claim 32, wherein the first processing unit,
    when the PUSCH is scrambled for a base station identification part based on the context identification of the terminal equipment, acquiring the identification of the target network equipment through blind solution, and acquiring the carried context identification of the terminal equipment based on MSG3 decoding;
    when the PUSCH is scrambled based on the terminal context identifier, acquiring the terminal equipment context identifier through blind solution, and determining the identifier of target network equipment;
    and when the PUSCH is scrambled based on the temporary C-RNTI, acquiring the carried context identifier of the terminal equipment based on MSG3 decoding, and determining the identifier of target network equipment.
    The MSG3 carries the MAC CE of the terminal device context identifier;
  34. a terminal device, the terminal device comprising:
    the second communication unit sends an MSG3 message containing an RRC connection recovery request to the network side; and the RRC connection recovery request carries a context identifier of the terminal equipment.
  35. The terminal device of claim 34, wherein the terminal device further comprises:
    a second processing unit to restore UE AS context and SRB 1; using a key and a security algorithm in the UE AS context to perform integrity protection and/or encryption on the RRC connection recovery request message;
    the second communication unit sends an RRC connection recovery request in MSG3, and obtains the MAC CE carrying the context identifier of the terminal device in MSG 3.
  36. The terminal device according to claim 35, wherein the second communication unit is configured to obtain the network-side allocated temporary C-RNTI from a random access response, RAR, in MSG 2.
  37. The terminal device of claim 36, wherein the second communication unit scrambles the RRC connection recovery request transmitted in MSG3 on PUSCH based on a temporary C-RNTI.
  38. The terminal device of claim 34, wherein the second communication unit obtains a network-side allocated preamble sequence through system broadcast, or a protocol-specified network-wide unique preamble sequence;
    wherein the preamble sequence is used for MSG3 to send SRB1 messages.
  39. The terminal device of claim 38, wherein the second communication unit receives a random access response sent by a network side;
    at least obtaining uplink scheduling resources and a temporary C-RNTI in the random access response;
    and sending an RRC connection recovery request based on the PUSCH corresponding to the uplink scheduling resource.
  40. The terminal device of claim 39, wherein the terminal device further comprises:
    and the second processing unit is used for scrambling based on the base station identification part of the context identification of the terminal equipment, or based on the context identification of the terminal equipment or based on the PUSCH or based on the C-RNTI.
  41. A first network device, comprising: a processor and a memory for storing a computer program capable of running on the processor,
    wherein the processor is adapted to perform the steps of the method of any one of claims 1-13 when running the computer program.
  42. A terminal device, comprising: a processor and a memory for storing a computer program capable of running on the processor,
    wherein the processor is adapted to perform the steps of the method of any one of claims 14-20 when running the computer program.
  43. A computer storage medium having computer-executable instructions stored thereon that, when executed, perform the steps of the method of any one of claims 1-20.
CN201880036992.XA 2018-02-23 2018-02-23 Integrity checking method, network equipment, terminal equipment and computer storage medium Pending CN110710241A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2018/077057 WO2019161545A1 (en) 2018-02-23 2018-02-23 Integrity verification method, network device, terminal device and computer storage medium

Publications (1)

Publication Number Publication Date
CN110710241A true CN110710241A (en) 2020-01-17

Family

ID=67686621

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201880036992.XA Pending CN110710241A (en) 2018-02-23 2018-02-23 Integrity checking method, network equipment, terminal equipment and computer storage medium

Country Status (2)

Country Link
CN (1) CN110710241A (en)
WO (1) WO2019161545A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1875598A (en) * 2003-10-13 2006-12-06 诺基亚公司 Apparatuses and method for authentication in heterogeneuous IP networks
CN101610504A (en) * 2008-06-18 2009-12-23 上海华为技术有限公司 Insert, obtain the method and apparatus of customer equipment context and customer equipment identification
CN104735627A (en) * 2013-12-23 2015-06-24 北京信威通信技术股份有限公司 Trunking service attribute reporting and receiving method, device and system
WO2017085621A1 (en) * 2015-11-17 2017-05-26 Telefonaktiebolaget Lm Ericsson (Publ) Ue identifier in rrc resume
CN106993335A (en) * 2016-01-21 2017-07-28 中兴通讯股份有限公司 Lead code sending, receiving method, device, user equipment and base station
CN107409370A (en) * 2014-12-23 2017-11-28 Idac控股公司 Delay in LTE system reduces

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101848536B (en) * 2010-04-28 2012-09-05 新邮通信设备有限公司 Radio resource control connection reestablishment method and base station
EP3412060B1 (en) * 2016-02-05 2021-01-27 Telefonaktiebolaget LM Ericsson (PUBL) Devices and method for flexible user equipment identification
CN107124741A (en) * 2016-02-24 2017-09-01 大唐移动通信设备有限公司 A kind of method and device of RRC connection re-establishments
US10623164B2 (en) * 2016-03-23 2020-04-14 Sony Corporation Telecommunications apparatus and methods
CN107318176B (en) * 2016-04-26 2022-12-20 中兴通讯股份有限公司 Recovery identifier obtaining and sending method and device, UE and access network equipment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1875598A (en) * 2003-10-13 2006-12-06 诺基亚公司 Apparatuses and method for authentication in heterogeneuous IP networks
CN101610504A (en) * 2008-06-18 2009-12-23 上海华为技术有限公司 Insert, obtain the method and apparatus of customer equipment context and customer equipment identification
CN104735627A (en) * 2013-12-23 2015-06-24 北京信威通信技术股份有限公司 Trunking service attribute reporting and receiving method, device and system
CN107409370A (en) * 2014-12-23 2017-11-28 Idac控股公司 Delay in LTE system reduces
WO2017085621A1 (en) * 2015-11-17 2017-05-26 Telefonaktiebolaget Lm Ericsson (Publ) Ue identifier in rrc resume
CN106993335A (en) * 2016-01-21 2017-07-28 中兴通讯股份有限公司 Lead code sending, receiving method, device, user equipment and base station

Also Published As

Publication number Publication date
WO2019161545A1 (en) 2019-08-29

Similar Documents

Publication Publication Date Title
CN108271125B (en) Data transmitting method, data receiving method and device
EP3242498B1 (en) Method and apparatus for authentication
US8274938B2 (en) Method and system for coordinating protocol stack entities to share single radio resource
CN112040567B (en) Method and device for recovering RRC connection and computer storage medium
EP3596985B1 (en) Method and apparatus for protection of privacy in paging of user equipment
CN108293259B (en) NAS message processing and cell list updating method and equipment
CN109644354B (en) Integrity verification method, network equipment, UE and computer storage medium
WO2014186964A1 (en) Method, device, and system for data transmission
CN109391905B (en) Paging method and device, readable storage medium, base station and user equipment
Pratas et al. Massive machine-type communication (mMTC) access with integrated authentication
EP3799461B1 (en) Network validity verification method and device and computer storage medium
WO2018082689A1 (en) Method and apparatus for selecting and accessing network, and computer storage medium
CN109548094B (en) Connection recovery method and device and computer storage medium
US11546887B2 (en) Information transmission method and apparatus, and computer storage medium
CN108924831B (en) Terminal verification method and device
US10154369B2 (en) Deterrence of user equipment device location tracking
CN108605363A (en) Idle state uplink information sending method, device and system
CN112166645B (en) Method and device for improving paging reliability and computer storage medium
CN110710241A (en) Integrity checking method, network equipment, terminal equipment and computer storage medium
US20220015030A1 (en) Data Transmission Method and Apparatus
CN109644338B (en) Method and device for obtaining secret key and computer storage medium
CN113259966B (en) Optimized allocation method and device for new equipment identifier in mobile communication
CN112954674B (en) Remote data security encryption method and system
CN111226494B (en) Indication method, acquisition method, user equipment and base station of context identification
CN110741662B (en) Method for adjusting length of temporary identifier of user equipment, user equipment and network equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200117