CN113396637A - Communication method, device and system - Google Patents
Communication method, device and system Download PDFInfo
- Publication number
- CN113396637A CN113396637A CN201980082128.8A CN201980082128A CN113396637A CN 113396637 A CN113396637 A CN 113396637A CN 201980082128 A CN201980082128 A CN 201980082128A CN 113396637 A CN113396637 A CN 113396637A
- Authority
- CN
- China
- Prior art keywords
- message
- rrc
- terminal
- rrc connection
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
Abstract
The embodiment of the application discloses a communication method, which is applied to a terminal or an electronic device in the terminal and comprises the following steps: sending a Radio Resource Control (RRC) establishment request message, wherein the RRC establishment request message is used for requesting access network equipment to establish RRC connection; receiving an RRC release message, wherein the RRC release message is used for indicating a terminal to release RRC connection; and when receiving the preset first message within a first time period after receiving the RRC release message, maintaining the RRC connection. The embodiment of the application also provides a corresponding communication device. In the technical scheme, the terminal judges whether the RRC release message received before is credible by judging whether the preset first message is received within the first time length or not in the RRC connection establishment process, so that malicious attack equipment can be prevented from attacking successfully in a mode of sending the RRC release message, and the safe communication of the terminal is ensured.
Description
The present application relates to the field of communications, and in particular, to a method, an apparatus, and a system for communication.
With the development of access network technology, the 3rd generation partnership project (3 GPP) technical specification was made, and the 3GPP technical specification is used to realize smooth transition from the second generation network to the third generation network, and ensure backward compatibility of future technologies (e.g. fifth generation network), support easy network establishment and roaming and compatibility between systems. In view of information security, when a User Equipment (UE) and a Radio Access Network (RAN) device or a UE and a core network device communicate with each other, a message received from or sent to an opposite end should be processed securely to prevent malicious equipment from being attacked. If the interactive message during communication between the UE and the RAN device needs to be processed safely, the UE needs to activate the security mode after establishing Radio Resource Control (RRC) connection or re-establishing RRC connection with the RAN device.
According to 3GPP technical specification TS 38.331V15.5.0, the security mode may not be activated by the UE and the RAN device during the RRC connection establishment or re-establishment. Therefore, the malicious attack device can monitor the interaction message between the UE and the RAN device in the process, and masquerade that the RAN device sends an RRC release message to the UE by using the time gap when the security mode is not activated, the UE cannot perform security verification on the RRC release message by using the security mode, and only can default that the RRC release message is sent by the RAN device, so that the UE mistakenly releases RRC connection with the RAN device according to the RRC release message, which causes that the communication service between the UE and the RAN device cannot be performed normally, and the attack behavior of the malicious attack device is successful.
Disclosure of Invention
The embodiment of the application provides a communication method, device and system, which are used for preventing successful attack of malicious attack equipment on terminal equipment by sending an RRC release message when a security mode is not activated in the process of RRC connection establishment and RRC connection reestablishment of the terminal equipment.
In view of this, a first aspect of the embodiments of the present application provides a communication method, including:
sending an RRC establishment request message, wherein the RRC establishment request message is used for requesting the access network equipment to establish RRC connection;
receiving an RRC release message, wherein the RRC release message is used for indicating a terminal to release RRC connection;
and when receiving the preset first message within a first time period after receiving the RRC release message, maintaining the RRC connection.
As can be seen from the first aspect, after receiving the RRC release message, the RRC connection is maintained when a preset first message is received within a first duration. If the RRC release message is sent by the access network device according to the normal message interaction logic in the initial RRC connection establishment process, the access network device does not send the first message to the terminal after sending the RRC release message. Therefore, if the terminal receives the preset first message within the first time period, the terminal indicates that the RRC release message received before is not sent by the access network device but sent by the malicious attack device, so that the RRC connection is not released according to the RRC release message but maintained, thereby preventing the malicious attack device from attacking the terminal in a manner of sending the RRC release message during the initial establishment of the RRC connection, improving the security of the connection between the terminal and the access network device, and ensuring the secure communication of the terminal.
Optionally, with reference to the first aspect, in a first possible implementation manner, the preset first message is used to request the terminal to establish a secure communication mechanism with the access network device or the core network device.
Optionally, with reference to the first aspect or the first possible implementation manner of the first aspect, in a second possible implementation manner, the preset first message includes an authentication request message, where the authentication request message is used to request the terminal to perform mutual authentication with the core network device, so as to ensure secure communication between the terminal and the core network device.
Optionally, with reference to the first aspect or the first possible implementation manner of the first aspect, in a third possible implementation manner, the preset first message includes a non-access stratum (NAS) security establishment request message, where the NAS security mode command message is used to request the terminal to establish NAS security connection with the core network device, so that on the basis that the terminal and the core network device perform mutual authentication, security of communication between the terminal and the core network device is further improved.
Optionally, with reference to the first aspect or the first possible implementation manner of the first aspect, in a fourth possible implementation manner, the first message includes a security mode command message, where the security mode command message is used to request the terminal to activate a security mode, so that the RRC connection enters a security connection state, thereby ensuring secure communication between the terminal and the access network device.
Optionally, with reference to the first aspect and any one of the first to the fourth possible implementation manners of the first aspect, in a fifth possible implementation manner, the RRC release message includes an RRC connection release information element, and the RRC connection release information element carries redirection carrier information.
Optionally, with reference to the fifth possible implementation manner of the first aspect, in a sixth possible implementation manner, the terminal is in a Long Term Evolution (LTE) or LTE-advanced (LTE-a) communication system.
Optionally, with reference to the first aspect and any one of the first to fourth possible implementation manners of the first aspect, in a seventh possible implementation manner, the RRC release message is in an inactive security state, the terminal is in a New Radio (NR) communication system, and the RRC release message does not include an RRC connection release cell that carries information of the redirected carrier.
Optionally, with reference to the fourth possible implementation manner of the first aspect, in an eighth possible implementation manner, the method further includes: and when the security mode command message is received within the first time period and passes the security verification, activating the security mode, and enabling the RRC connection to enter a security connection state.
Optionally, with reference to the first aspect or the first possible implementation manner of the first aspect, in a ninth possible implementation manner, before receiving the RRC release message, the method further includes:
sending an RRC reestablishment request message, wherein the RRC reestablishment request message is used for requesting the access network equipment to reestablish RRC connection;
as can be seen from the ninth possible implementation manner of the first aspect, it is assumed that, in the process of re-establishing the RRC connection between the terminal device and the access network device, according to the normal message interaction logic, after the access network device sends the RRC release message, the first message is not sent to the terminal device any more. Therefore, if the terminal device receives the preset first message within the first time period, it indicates that the RRC release message received before is not sent by the access network device but sent by the malicious attack device, so that the terminal device does not release the RRC connection according to the RRC release message but keeps the RRC connection, thereby preventing the malicious attack device from attacking the terminal device by sending the RRC release message in the process of reestablishing the RRC connection, improving the security of the connection between the terminal device and the access network device, and ensuring that the communication service between the terminal device and the access network device can be performed normally.
Optionally, with reference to the ninth possible implementation manner of the first aspect, in a tenth possible implementation manner, the preset first message includes an RRC setup message.
Optionally, with reference to the ninth possible implementation manner of the first aspect, in an eleventh possible implementation manner, the preset first message is an RRC reestablishment message;
the method further comprises the following steps: and when the RRC reestablishment message is received within the first time period and passes the security verification, activating a security mode to enable the RRC connection to enter a security connection state.
A second aspect of the present application provides a communication apparatus configured to perform a method of communication in the first aspect or any one of the possible implementation manners of the first aspect. In particular, the communication device may comprise means for performing the method of the first aspect or any one of the possible implementations of the first aspect.
A third aspect of the present application provides a communication device, which includes a processor coupled with a memory, the memory being configured to store instructions, the processor being configured to execute the instructions stored in the memory, and execution of the instructions stored in the memory causes the processor to perform the method of the first aspect or any one of the possible implementations of the first aspect. Optionally, the communication device further comprises the memory.
A fourth aspect of the present application provides a terminal, where the terminal includes a processor, a memory, and a transceiver, where the transceiver is configured to receive and transmit data, the memory stores a program code, and the processor executes a method of communication in the first aspect or any one of possible implementation manners of the first aspect when calling the program code in the memory.
A fifth aspect of the present application provides a computer-readable storage medium having stored therein instructions, which, when executed on a computer, cause the computer to perform the method of communication in the first aspect or any one of the possible implementations of the first aspect.
A sixth aspect of the present application provides a communication system, where the communication system includes the above terminal, and the communication system further includes the above access network device and core network device.
In the technical scheme provided by the embodiment of the application, in the process of initially establishing or reestablishing the RRC connection between the terminal and the access network equipment, after the terminal sends an RRC establishment request message, an RRC release message is received, wherein the RRC release message is used for indicating the terminal to release the RRC connection; and when the terminal receives a preset first message within a first time length after receiving the RRC release message, maintaining the RRC connection. It is assumed that, in the process of initially establishing or reestablishing the RRC connection, according to the normal message interaction logic, after the access network device sends the RRC release message, the access network device does not send the first message to the terminal any more. Therefore, if the terminal receives the preset first message within the first time period after receiving the RRC release message, it indicates that the previously received RRC release message is not sent by the access network device but sent by the malicious attack device, so that the RRC connection is not released according to the RRC release message. The method can prevent malicious attack equipment from successfully attacking the terminal by sending the RRC release message, thereby improving the safety of the connection between the terminal and the access network equipment and ensuring the communication safety of the terminal.
Fig. 1 is a schematic structural diagram of a communication system according to an embodiment of the present application;
fig. 2 is a flowchart illustrating a method of communication according to an embodiment of the present application;
fig. 3 is an interaction diagram of signaling for initially establishing an RRC connection and a security mode activation procedure according to an embodiment of the present application;
fig. 4 is a flowchart illustrating a method of communication according to an embodiment of the present application;
fig. 5 is an interaction diagram of signaling for initially establishing an RRC connection and an authentication procedure according to an embodiment of the present application;
fig. 6 is an interaction diagram of a signaling for reestablishing an RRC connection procedure according to an embodiment of the present application;
fig. 7 is an interaction diagram of a signaling for reestablishing an RRC connection procedure according to an embodiment of the present application;
fig. 8 is a flowchart illustrating a method of communication according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of a communication device provided in an embodiment of the present application;
fig. 10 is a schematic structural diagram of a communication device provided in an embodiment of the present application;
fig. 11 is a schematic structural diagram of a terminal provided in an embodiment of the present application.
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The terms "first," "second," "third," and the like in the description and in the claims of the present application and in the above-described drawings (if any) are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are, for example, capable of operation in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Fig. 1 is a schematic structural diagram of a communication system provided in an embodiment of the present application, and a technical solution in the embodiment of the present application may be applied to the communication system shown in fig. 1, where the communication system includes a malicious attack device, an access network device, a terminal device, and optionally, a core network device. The access network device may provide access network services to a cell covered by the access network device, and when the terminal device is located in the cell covered by the access network device, an RRC connection may be established with the access network device, so as to access an operator network through the access network device to use the network services provided by a corresponding operator. The access network equipment is connected with the terminal equipment, and can receive data of the terminal equipment and send the data to the core network equipment, and also can receive data sent by the core network equipment and forward the data to the terminal equipment. The malicious attack device is generally a device such as a pseudo base station which can threaten the communication security of the terminal device. In this scenario, the malicious attack device may pretend to be the access network device to send an RRC release message to the terminal device by using a vulnerability of which the security mode is not activated when the terminal device and the access network device establish an RRC connection or reestablish the RRC connection, so that the terminal device releases the RRC connection between the terminal device and the access network device according to the RRC release message, thereby achieving an attack purpose that the terminal device cannot normally access the operator network.
It should be understood that the technical solution of the embodiment of the present application may be applied to a Long Term Evolution (LTE) architecture, and may also be applied to a Universal Mobile Telecommunications System (UMTS) terrestrial radio access network (UTRAN) architecture, or a radio access network (GSM EDGE radio access network, GERAN) architecture of a global system for mobile communication (GSM)/enhanced data rate GSM evolution (enhanced data rate for GSM evolution, EDGE) system. In the UTRAN architecture or/GERAN architecture, the function of the Mobility Management Entity (MME) is performed by serving General Packet Radio Service (GPRS) support node (SGSN), and the function of Serving Gateway (SGW) \ public data network gateway (PGW) is performed by Gateway GPRS Support Node (GGSN). The technical solution of the embodiment of the present application may also be applied to other communication systems, for example, a Public Land Mobile Network (PLMN) system, the 5th generation mobile communication technology (5G) communication system, or a communication system after 5G, and the like, which is not limited in the embodiment of the present application.
The access network device related in this embodiment may also be referred to as a Radio Access Network (RAN) device. The access network equipment is connected with the terminal equipment and used for receiving the data of the terminal equipment and sending the data to the core network equipment. The access network device corresponds to different devices in different communication systems, for example, a base station and a base station controller in a second generation mobile communication technology (2G) system, a base station and a Radio Network Controller (RNC) in a third generation mobile communication technology (3G) system, an evolved node B (eNB) in a fourth generation mobile communication technology (4G) system, and an access network device (e.g., next generation node B (gbb, gbb)) in a New Radio (NR) system in a 5G system.
In the embodiment of the present application, the communication method provided in the embodiment of the present application may be executed by the terminal device, or may be executed by a chip or a circuit inside the terminal device. The terminal device may be a device that includes a wireless transceiving function and can cooperate with the network device to provide a communication service for a user. In particular, a terminal device may refer to a User Equipment (UE), an access terminal, a subscriber unit, a subscriber station, a mobile station, a remote terminal, a mobile device, a user terminal, a wireless communication device, a user agent, or a user equipment. For example, the terminal device may be a cellular phone, a cordless phone, a Session Initiation Protocol (SIP) phone, a Wireless Local Loop (WLL) station, a Personal Digital Assistant (PDA), a handheld device with a wireless communication function, a computing device or other processing device connected to a wireless modem, a vehicle-mounted device, a wearable device, a terminal device in a 5G network or a network behind 5G, and the like, which is not limited in this embodiment of the application. Description of terminal device: in the present application, all that can perform data communication with the access network device can be regarded as terminal devices, and the present application will be introduced by UE in a general sense.
In order to solve the problem that in an existing access network architecture, a malicious attack device for initially establishing an RRC connection between a terminal device and an access network device attacks the terminal device by sending an RRC release message to the terminal device through a gap in which a security mode between the terminal device and the access network device is not activated. The following description will be made in detail by taking as an example a method in which a terminal device performs communication in the embodiments of the present application. It should be understood that the method for communication in the embodiment of the present application may also be executed by a chip in a terminal device, and is not limited herein. The following description will be given taking as an example a method in which a terminal device performs communication in the embodiments of the present application.
Fig. 2 is a flowchart illustrating a communication method according to an embodiment of the present application.
As shown in fig. 2, the method for communication in the embodiment of the present application may include:
201. the terminal equipment sends an RRC establishment request (RRCSetuprequest) message.
In this embodiment, when the terminal device needs to access the operator network, it needs to establish an RRC connection with the access network device of the cell where the terminal device is located, so as to access the operator network through the access network device. According to the 3GPP technical specification TS 38.331V15.5.0, the terminal device first sends an RRC establishment request message to the corresponding access network device, where the RRC establishment request message is used to request the access network device to establish an RRC connection, and then the terminal device and the access network device may complete initial establishment of the RRC connection according to an interaction procedure specified in the 3GPP technical specification TS 38.331 V15.5.0. After the terminal device and the access network device initially establish the RRC connection, the terminal device and the access network device also need to perform a security establishment procedure, that is, the terminal device activates a security mode according to a security mode command message sent by the access network device, so that the RRC connection between the terminal device and the access network device enters a security connection state.
In the process of initially establishing RRC connection and performing security activation, the terminal device not only has an interaction with the access network device, but also has an interaction with the core network device, and the interaction process among the terminal device, the access network device, and the core network device is as shown in fig. 3.
Referring to fig. 3, before the security mode is activated, the process of initially establishing the RRC connection between the terminal device and the access network device specifically includes: the terminal equipment sends an RRC establishment request message to the access network equipment, wherein the RRC establishment request message is used for requesting the access network equipment to establish RRC connection with the terminal equipment. After receiving the RRC establishment request message sent by the terminal device, the access network device sends an RRC establishment message (RRCSetup) to the terminal device in response to the RRC establishment request message, where the RRC establishment message is used to indicate that the terminal device can establish an RRC connection. After the terminal device completes the establishment of the RRC connection, an RRC setup complete (rrcsetcomplete) message is sent to the access network device, so that the access network device confirms that the establishment of the RRC connection is completed, thereby completing the initial establishment of the RRC connection.
After the terminal device establishes the RRC connection, an RRC establishment completion message is sent to the access network device, where the message carries registration information of the terminal device, the access network device sends an Initial UE message (Initial UE message) to the core network device, where the message carries the registration information of the terminal device, and the core network device sends a downlink NAS transmission message to the access network device, so that the access network device forwards an Authentication request (Authentication request) message carried in the downlink NAS transmission message to the terminal device through a downlink information forwarding (dlinformation transfer) message, where the Authentication request message is used to request the terminal device and the core network device to perform mutual Authentication. After receiving the Authentication request message, the terminal device sends an Authentication response (Authentication response) message to the access network device through an uplink information transfer (ULInformationTransfer) message, so that the access network device forwards the Authentication response message to the core network device through an uplink NAS transmission message, and indicates that the core network device can perform mutual Authentication with the terminal device. And then, the core network equipment and the terminal equipment continue to transmit the messages by the method of forwarding the messages by the access network equipment, and the downlink NAS transmission messages, the uplink NAS transmission messages, the downlink information forwarding messages or the uplink information forwarding messages are still used as carriers of interactive contents between the core network equipment and the terminal equipment.
And after the terminal equipment receives the authentication request message and carries out safety verification on the authentication message according to the protocol, if the authentication message passes the safety verification, the terminal equipment sends an authentication response message to the core network equipment to inform the core network equipment and the terminal equipment of carrying out mutual authentication, namely mutual authentication. After the Authentication of the two parties is passed, the core network device forwards an NAS Security Mode Command (NAS Security Mode Command) message to the terminal device through the access network device, the message is used for requesting the terminal device to establish NAS Security connection with the core network device, and if the Authentication is not passed, an Authentication Failure (Authentication Failure) message is sent to the terminal device. After the terminal equipment establishes the NAS safe connection, the interactive message between the terminal equipment and the core network equipment is encrypted by the NAS, so that the connection safety between the terminal equipment and the core network equipment is ensured. And after the NAS safe connection is established, establishing a safe mode between the terminal equipment and the access network equipment.
The access network device sends a Security Mode Command (Security Mode Command) message to the terminal device to request the terminal device to activate the Security Mode. The terminal equipment responds to the security mode command message, activates the security mode to enable the initially established RRC connection to enter a security connection state, and sends a security mode completion message to the access network equipment to indicate that the security mode of the access network equipment is activated, so that the security establishment process between the terminal equipment and the access network equipment is completed, and then the terminal equipment and the access network equipment can communicate through the security connection to prevent malicious attack equipment from monitoring the interactive message.
202. The terminal device receives an RRC release (rrcreelease) message.
Under normal conditions, when the access network device needs to interrupt the RRC connection with the terminal device, the access network device sends an RRC release message to the terminal device, where the RRC release message is used to instruct the terminal device to release the RRC connection.
It should be noted that, in different communication systems, the content of the RRC release message may be different. In the LTE or LTE-a communication system, according to a corresponding 3GPP technical specification, for example, 3GPP technical specification TS 36.331, the RRC release message includes an RRC connection release cell, and the RRC connection release cell carries redirection carrier information (redirection carrier info). When the terminal equipment is in an LTE or LTE-A communication mode, after the terminal equipment receives an RRC release message carrying redirected carrier information, the terminal equipment does not immediately release RRC connection, but accesses to a specified cell according to the redirected carrier information, and then releases the RRC connection established in the original cell. However, in the NR communication system, according to a corresponding 3GPP technical specification, for example, 3GPP technical specification TS 38.331, in a process of initially establishing an RRC connection or reestablishing an RRC connection, a security mode of a terminal device is not activated, so that an RRC release message in this process is in an inactivated security state, and an RRC release message sent by an access network device to the terminal device does not carry information of a redirected carrier. In theory, after receiving the RRC release message, the terminal device in the NR communication system should directly release the RRC connection and switch from the connected state to the idle state. In a possible case, due to the adoption of the non-independent networking in the NR communication architecture, the terminal device may access the core network of the NR communication scheme through the access network device of the LTE or LTE-a communication scheme, and therefore the RRC release message sent by the terminal device after receiving the access network device may carry the information of the redirected carrier. In this case, the terminal device should ignore the redirection carrier information in the RRC release message, directly release the RRC connection, and enter the idle state.
In this embodiment, it is assumed that the terminal device is in an NR communication system, and after receiving the RRC release message, the terminal device should release the RRC connection originally, but when sending the RRC establishment request message to the access network device, the malicious attack device may monitor the RRC establishment request message, so as to pretend that the access network device sends the RRC release message to the terminal device, and because the security mode is not activated between the terminal device and the access network device, the terminal device cannot perform security verification on the received RRC release message using the security mode, that is, the terminal device cannot determine whether the received RRC release message is sent by the access network device. If the RRC release message received by the terminal equipment is sent by the malicious attack equipment, the terminal equipment releases the RRC connection according to the RRC release message, so that the attack behavior of the malicious attack equipment is successful.
In this embodiment, after the terminal device receives the RRC release message, the terminal device may have a delay time of an RRC release operation, and the terminal device may not process the received RRC release message temporarily, and determine a source of the received RRC release message according to a further action of the access network device within the delay time, so as to determine whether to release the RRC connection with the access network device according to the first RRC release message.
203. And when the terminal equipment receives the preset first message within the first time after receiving the RRC release message, the terminal equipment keeps RRC connection.
It is assumed that, in the process of initially establishing the RRC connection by the terminal device, according to the normal message interaction logic, if the access network device sends the RRC release message, the first message is not sent to the terminal. Therefore, if the terminal device receives the preset first message within the first time period after receiving the RRC release message, it indicates that the previously received RRC release message is not sent by the access network device but sent by the malicious attack device, so the terminal device needs to ignore the RRC release message and maintain the RRC connection.
In this embodiment, in the process of initially establishing an RRC connection between a terminal device and an access network device, after the terminal device sends an RRC establishment request message, an RRC release message is received, where the RRC release message is used to instruct the terminal device to release the RRC connection; the RRC connection is maintained when the terminal equipment receives the preset first message within the first time after the RRC release message is received, so that the malicious attack equipment is prevented from attacking the terminal equipment in a mode of sending the RRC release message successfully in the process of initially establishing the RRC connection, the connection safety between the terminal equipment and the access network equipment is improved, and the normal operation of communication service between the terminal equipment and the access network equipment is ensured.
Optionally, in this embodiment, the preset first message is used to request the terminal device to establish a secure communication mechanism with the access network device or the core network device on the basis of the RRC connection, where the secure communication mechanism is a mechanism for ensuring communication security between the terminal device and the access network device or the core network device. For example, when the initial establishment of RRC connection is required to be completed between the terminal device and the access network device according to the 3GPP technical specification TS 38.331V15.5.0, the access network device may send an authentication request message and an NAS security mode command message to the terminal device in sequence according to the flow shown in fig. 3, thereby establishing NAS security connection and ensuring the communication security between the terminal device and the core network device. And then, the access network equipment sends a security mode command message to the terminal equipment to indicate the terminal equipment to activate the security mode, so that the RRC connection enters a security connection state, and the communication security between the terminal equipment and the access network equipment is ensured. In the normal interaction logic, if the access network device sends an RRC release message to the terminal device in the process of initially establishing the RRC connection, the access network device does not send the first message to the terminal device in the subsequent process. Since the first message instructs the terminal device to establish a corresponding secure communication mechanism on the basis of the RRC connection, which is contradictory to the RRC release message instructing the terminal device to release the RRC connection. Therefore, if the terminal device receives the preset first message within the first time period after receiving the RRC release message, it indicates that the RRC release message previously received by the terminal device is not authentic, and the terminal device does not release the RRC connection according to the RRC release message, so as to prevent successful attack of the malicious attack device.
Optionally, the preset first message may be an authentication request message, as described above, where the authentication request message is used to request the terminal device to perform mutual authentication with the core network device, which is a precondition for the terminal device to establish a secure communication mechanism with the core network device.
Optionally, the preset first message may be an NAS security mode command message, and after receiving the NAS security mode command message, the terminal device may establish an NAS security connection with the core network device, thereby completing establishment of a security communication mechanism with the core network device.
Optionally, the preset first message may be a security mode command message, where the security mode command message instructs the terminal device to activate a security mode, so that the RRC connection enters a security connection state, thereby completing establishment of a secure communication mechanism with the access network device.
Optionally, this embodiment may further include:
204. when the terminal device receives the security mode command message within the first time period and the security mode command message passes integrity security verification (hereinafter referred to as "security verification"), the terminal device activates a security mode to enable the RRC connection to enter a security connection state.
In this embodiment, after receiving the security mode command message, the terminal device may perform security verification on the security mode command message through an integrity protection algorithm carried in the security mode command message and a key configured by the terminal device itself, and when the security mode command message passes the security verification, the terminal device activates the security mode, so that the RRC connection after the initial establishment is completed enters a security connection state. When communication is carried out between the terminal equipment and the access network equipment, except data interaction on a public channel, other data interaction is carried out through RRC connection in a safe connection state, malicious attack equipment is prevented from monitoring interaction messages between the terminal equipment and the access network equipment, malicious messages sent to the terminal equipment by the malicious attack equipment can also be identified, and therefore the behavior that the malicious attack equipment attacks the terminal equipment by utilizing RRC release messages can be prevented.
In a specific embodiment, the preset first message may be an authentication request message, or may also be an NAS security mode command message, or may also be a security mode command message. In the process of establishing RRC connection and activating security mode, the terminal device may receive RRC release messages multiple times at different stages, for example, the terminal device receives RRC release messages before receiving authentication request messages, may receive RRC release messages after receiving authentication request messages and before receiving NAS security mode command messages, and may receive RRC release messages after receiving NAS security mode command messages and before receiving security mode command messages. Therefore, in a specific embodiment, the terminal device receives the RRC release message before receiving the authentication request message forwarded by the access network device, and the terminal device may determine whether to release the RRC connection according to the RRC release message by waiting for the reception of the authentication request message forwarded by the access network device for the first time period. When the terminal device receives the RRC release message again, the terminal device may determine whether to release the RRC connection according to the RRC release message received again by waiting for receiving the NAS security mode command message or the security mode command message forwarded by the access network device within the second duration. The following description is made with reference to the embodiment of fig. 4.
Fig. 4 is a flowchart illustrating a communication method according to an embodiment of the present application.
As shown in fig. 4, this embodiment may include:
401. the terminal device sends an RRC setup request message.
Step 401 is similar to step 201 described above, and the specific content can be understood in conjunction with the content of step 201 described above.
402. The terminal device receives the first RRC release message.
In this embodiment, the first RRC release message is received by the terminal device during RRC establishment and before the terminal device receives an authentication request message forwarded by the access network device for the core network device, and the first RRC release message is used to instruct the terminal device to release RRC connection. Because the security mode is not activated between the terminal device and the access network device, the terminal device cannot perform security verification on the received first RRC release message using the security mode, that is, the terminal device cannot determine whether the received first RRC release message is sent by the access network device. If the first RRC release message received by the terminal device is sent by the malicious attack device, the terminal device releases the RRC connection according to the first RRC release message, so that the attack behavior of the malicious attack device is successful.
In this embodiment, after receiving the first RRC release message, the terminal device has a delay time of an RRC release operation, and the terminal device does not temporarily process the received first RRC release message, and determines a source of the received first RRC release message according to an authentication message forwarding action of the access network device within the delay time, so as to determine whether to release an RRC connection with the access network device according to the first RRC release message.
403. And the terminal equipment keeps RRC connection when receiving the authentication request message within a first time length after receiving the first RRC release message.
In this embodiment, the authentication request message is used to request the terminal device and the core network device to perform mutual authentication. After the authentication request message passes the security verification of the terminal equipment, the core network equipment authenticates the terminal equipment according to the authentication response message sent by the terminal equipment, and after the authentication passes, the terminal equipment can establish NAS security connection with the core network equipment according to the NAS security mode command message of the core network equipment, so that the interaction security between the terminal equipment and the core network equipment is ensured.
And when the terminal equipment receives the authentication request message forwarded by the access network equipment within the first time period, maintaining the RRC connection. According to the normal message interaction logic, if the first RRC release message is sent by the access network device, the access network device should not forward the authentication request message sent by the core network device to the terminal device any more after sending the first RRC release message, so that the terminal device receives the authentication request message within the first time period, which indicates that the first RRC release message received before is not sent by the access network device but sent by the malicious attack device, and therefore the RRC connection is not released according to the first RRC release message. The method can prevent malicious attack equipment from using the mode of sending the RRC release message to attack the terminal equipment before the terminal equipment activates the security mode, and does not need to set overlong waiting time to wait for receiving the security mode command message, thereby avoiding overlong execution delay of the RRC release message sent by the access network equipment.
404. The terminal device receives the second RRC release message.
In this embodiment, after receiving the first RRC release message, the terminal device does not perform an RRC release operation according to the first RRC release message when receiving the authentication message within the first time period. After that, since the terminal device is still in a state of not activating the security mode, it is still possible for the malicious attack device to send an RRC release message to the terminal device. The second RRC release message may be sent by a malicious attack device or an access network device.
405. And the terminal equipment keeps RRC connection when receiving the NAS safety mode command message or the safety mode command message within a first time length after receiving the second RRC release message.
In this embodiment, the terminal device waits for receiving the NAS security mode command message or the security mode command message within a first duration after receiving the second RRC release message.
And when the terminal equipment receives the NAS safety mode command message or the safety mode command message within the first time period, maintaining the RRC connection. Because according to normal message interaction logic after the terminal device receives the authentication request message and before the terminal device receives the security mode command message, if the second RRC release message is sent by the access network device, the access network device sends the second RRC release message, and then the NAS security mode command message or the security mode command message is not sent to the terminal device, so that the terminal device receives the NAS security mode command message or the security mode command message within the first time period, which indicates that the second RRC release message received before is not sent by the access network device but sent by the malicious attack device, and therefore the RRC connection is not released according to the second RRC release message. The method can prevent malicious attack equipment from attacking the terminal equipment in a mode of sending the RRC release message for multiple times in the process of initially establishing the RRC connection and before the subsequent security mode establishing process is completed, thereby improving the security of the connection between the terminal equipment and the access network equipment and ensuring that the communication service between the terminal equipment and the access network equipment can be normally carried out.
406. And when the terminal equipment receives the safety mode command message within the first time period and the safety mode command message passes the safety verification, the terminal equipment activates the safety mode so as to enable the RRC connection to enter a safety connection state.
In this embodiment, step 406 is similar to step 204 described above, and the details can be understood in conjunction with step 204 described above.
In a specific embodiment, the preset first message may be any one of an authentication request message, a NAS security mode command message, or a security mode command message, and as shown in fig. 3, the authentication request message, the NAS security mode command message, and the security mode command message are received sequentially in the signaling interaction process, so the first time duration should be set to be a time duration sufficient for waiting for a security mode command message that is sequentially behind the above three messages. And the time when the terminal device receives the RRC release message may be located in different interaction stages in the process of initially establishing the RRC connection, so the first duration may be set according to the stage where the time when the RRC release message is received is located, and the following three cases will be described in detail with reference to the interaction diagram of the communication process signaling shown in fig. 5.
In case 1, the time when the terminal device receives the RRC release message is between the two steps of the terminal device sending the RRC establishment request message and the terminal device receiving the RRC establishment message.
As an embodiment, when the time when the terminal device receives the RRC release message is between two steps of the terminal device sending the RRC establishment request message and the terminal device receiving the RRC establishment message in the interaction flow shown in fig. 3, the present solution may utilize a big data statistics technique to perform statistics on the time required for receiving the security mode command message after the terminal device sends the RRC establishment request message to the terminal device in the process of initially establishing the RRC connection and the initial RRC connection is completed, and determine an appropriate time for being used as the first time according to the statistics data, so as to ensure that the terminal device is likely to receive the authentication request message, the NAS security mode command message, and the security mode command message in the first time. When receiving the RRC release message, the terminal device may perform timing according to a first time length according to a timer configured by the terminal device or a module having a timing function, and if the terminal device receives at least one of the authentication request message, the NAS security mode command message, and the security mode command message within the first time length, the terminal device does not perform RRC release according to the previously received RRC release message. And if the first duration is reached and the terminal equipment does not receive at least one of the authentication request message, the NAS security mode command message and the security mode command message, the terminal equipment normally performs RRC release according to the first RRC release message.
Case 2, the terminal device is located between the steps of the terminal device receiving the RRC setup message and the terminal device sending the RRC setup complete message at the time of receiving the RRC release message.
As an embodiment, when the time when the terminal device receives the RRC release message is between two steps of the terminal device receiving the RRC setup message and the terminal device sending the RRC setup complete message in the interaction flow shown in fig. 3, the technical solution may utilize a big data statistics technique to count a time length required for receiving the security mode command message after the terminal device receives the RRC setup message in the initial RRC connection setup process and completes the initial RRC connection setup, and determine, according to the statistical data, a time length different from the time length determined in case 1 to be used as the first time length, so as to ensure that the terminal device is likely to receive the authentication request message, the NAS security mode command message, and the security mode command message in the first time length as much as possible, and also avoid too long message processing delay due to too long setting of the first time length. Similarly, when receiving the RRC release message, the terminal device may perform timing according to a first time length corresponding to the condition 2 according to a timer configured by the terminal device or a module having a timing function, and if the terminal device receives at least one of the authentication request message, the NAS security mode command message, and the security mode command message within the first time length, the terminal device does not perform RRC release according to the previously received RRC release message. And if the first duration is reached and the terminal equipment does not receive at least one of the authentication request message, the NAS security mode command message and the security mode command message, the terminal equipment normally performs RRC release according to the RRC release message.
Case 3, the time when the terminal device receives the RRC release message is between the two steps of the terminal device sending the RRC setup complete message and the terminal device receiving the security mode command message.
As an embodiment, when the time when the terminal device receives the RRC release message is between the two steps of the terminal device sending the RRC establishment complete message and the terminal device receiving the security mode command message in the interaction flow shown in fig. 3, the technical solution may utilize big data statistics technology, counting the time length required for the terminal equipment to receive the security mode command message after the terminal equipment sends an RRC connection completion message to the initial RRC connection establishment completion in the initial RRC connection establishment process, and determines a time length different from the time lengths determined in case 1 and case 2 as a first time length based on the statistical data, therefore, the terminal equipment is ensured to possibly receive the authentication request message, the NAS security mode command message and the security mode command message in the first time length as much as possible, and the phenomenon that the message processing delay is overlarge due to the overlong first time length can be avoided. Similarly, when receiving the RRC release message, the terminal device may perform timing according to a first time duration corresponding to the condition 3 according to a timer configured by the terminal device or a module having a timing function, and if the terminal device receives at least one of the authentication request message, the NAS security mode command message, and the security mode command message within the first time duration, the terminal device does not perform RRC release according to the previously received RRC release message. And if the first duration is reached and the terminal equipment does not receive at least one of the authentication request message, the NAS security mode command message and the security mode command message, the terminal equipment normally performs RRC release according to the RRC release message.
It should be understood that the authentication request message in fig. 5 is forwarded by the access network device from the core network device to the terminal device, and the authentication response message is forwarded by the terminal device to the core network device through the access network device.
In the embodiment, the malicious attack equipment can be prevented from attacking the terminal equipment in a mode of sending the RRC release message for multiple times in the process of initially establishing the RRC connection and before the subsequent security mode establishment process is completed, the security of the connection between the terminal equipment and the access network equipment is improved, and the normal operation of communication services between the terminal equipment and the access network equipment is ensured. The setting of the first time length is adjusted correspondingly according to different RRC release message receiving scenes, so that the setting of the first time length is more accurate, the terminal equipment can be ensured to have enough waiting time for receiving at least one of the authentication request message, the NAS security mode command message and the security mode command message within the first time length, and the phenomenon that the waiting time is too long to cause too long time delay of message processing can be avoided.
Since the security mode is in an inactive state during RRC connection re-establishment, the malicious attack device may easily monitor an RRC reestablishment request message sent by the terminal device, and send an RRC release message to the terminal device before the terminal device receives the RRC reestablishment message or the RRC reestablishment message, so as to break the RRC connection between the terminal device and the access network device.
In order to solve the problem that malicious attack equipment attacks by sending an RRC release message to terminal equipment by using an inactive gap of a security mode between the terminal equipment and access network equipment in the process of reestablishing RRC connection between the terminal equipment and the access network equipment, the embodiment of the application also provides another communication method. The details will be described below.
Fig. 8 is a flowchart illustrating a communication method according to an embodiment of the present application.
As shown in fig. 8, the method for communication in the embodiment of the present application may include:
801. the terminal device sends an RRC setup request message.
Step 801 is similar to step 201 described above, and the detailed contents can be understood in conjunction with the contents of step 201 described above.
802. The terminal equipment sends an RRC reestablishment request message.
Under the condition that the terminal devices complete initial establishment of RRC connection and activation of security mode, when some abnormal conditions occur in the terminal devices, the terminal devices need to re-establish RRC connection with the access network device, and the interaction process is as shown in fig. 6 or fig. 7. According to the specification of the 3GPP technical specification TS 38.331V15.5.0, when an RRC connection is reestablished, the security mode is in an inactive state, and the specific process of reestablishing the RRC connection is as follows: the terminal equipment sends an RRC reestablishment request message to the access network equipment, wherein the RRC reestablishment request message is used for requesting the access network equipment and the terminal equipment to reestablish the previously established RRC connection. The RRC reestablishment request message is not encrypted securely, the access network device may locally search and verify a context corresponding to the terminal device, and if the context cannot be searched or verified, the access network device sends an RRC reestablishment message to the terminal device to instruct the terminal device to establish a new RRC connection, as shown in fig. 6. This procedure is similar to the initial establishment RRC procedure. If the access network device finds and verifies the context corresponding to the terminal device, an RRC reestablishment message is sent to the terminal device to instruct the terminal device to reestablish the previously established RRC connection without establishing a new RRC connection, as shown in fig. 7. And the RRC reestablishment message carries a key derivation parameter, the terminal device can derive a key according to the parameter, and thus perform security verification on the RRC reestablishment message by using the derived key, and when the security verification is passed, the terminal device activates a security mode.
In this embodiment, according to the specification of the 3GPP technical specification TS 38.331V15.5.0, when the terminal device needs to reestablish the RRC connection with the access network device due to an abnormal condition, the terminal device may send an RRC reestablishment request message (rrcreestablshmentionrequest) to the corresponding access network device, where the RRC reestablishment request message is used to request the access network device to reestablish the RRC connection, and then the terminal device and the access network device complete reestablishment of the RRC connection.
803. The terminal device receives the RRC release message.
In this embodiment, after receiving the RRC release message, the terminal device should originally release the RRC connection according to the 3GPP technical specification, but when sending the RRC reestablishment request message to the access network device, the terminal device may monitor the RRC reestablishment request message, so that it is disguised that the access network device sends the RRC release message to the terminal device, and because the security mode between the terminal device and the access network device is in an inactive state during the RRC reestablishment process, the terminal device cannot perform security verification on the received RRC release message using the security mode, that is, the terminal device cannot determine whether the received RRC release message is sent by the access network device. If the RRC release message received by the terminal equipment is sent by the malicious attack equipment, the terminal equipment releases the RRC connection according to the RRC release message, so that the attack behavior of the malicious attack equipment is successful.
In this embodiment, after receiving the RRC release message, the terminal device has a delay time of an RRC release operation, and the terminal device does not temporarily process the received RRC release message, and determines a source of the received RRC release message according to an action of the access network device within the delay time, so as to determine whether to release the RRC connection with the access network device according to the RRC release message.
804. And when the terminal equipment receives the preset first message within the first time after receiving the RRC release message, the terminal equipment keeps RRC connection.
In this embodiment, the preset first message is a message for instructing the terminal device to reestablish the RRC connection. Optionally, the preset first message may be the RRC setup message or an RRC reestablishment (rrcreestablshment) message. As shown in fig. 6 and 7, after the terminal device receives the RRC setup message and establishes a new RRC connection according to the RRC setup message, the terminal device sends an RRC setup complete message to the access network device, and after the terminal device receives the RRC reestablishment message and reestablishes an RRC connection according to the RRC reestablishment message, the terminal device sends an RRC reestablishment complete (rrcreestablstrimpementcomplete) message to the access network device. In the normal interaction logic, if the access network device sends the RRC release message to the terminal device in the process of reestablishing the RRC connection, the access network device does not send the RRC establishment message or the RRC reestablishment message to the terminal device, so that when the terminal device receives the RRC establishment message or the RRC reestablishment message within the first time period, it indicates that the RRC release message received by the terminal device is not authentic, and therefore the terminal device maintains the RRC connection to prevent successful attack of malicious attack devices.
Optionally, this embodiment may further include:
805. and when the preset first message is an RRC reestablishment message and the RRC reestablishment message passes the security verification, the terminal equipment activates a security mode so that the RRC connection enters a security connection state.
In this embodiment, after receiving the RRC reestablishment message, the terminal device may derive a key through a key derivation parameter carried in the RRC reestablishment message, so as to perform security verification on the RRC reestablishment message by using the derived key. And when the RRC reestablishment message passes the security verification, the terminal equipment activates a security mode so that the RRC connection after the reestablishment is finished enters a security connection state. And then when the terminal equipment communicates with the access network equipment, the terminal equipment communicates through the RRC connection in the safe connection state, so that the malicious attack equipment is prevented from monitoring the interactive message between the terminal equipment and the access network equipment, and the malicious message sent to the terminal equipment by the malicious attack equipment can also be identified.
In this embodiment, in the process of reestablishing the RRC connection between the terminal device and the access network device, after the terminal device sends an RRC reestablishment request message, it receives an RRC release message; and when the terminal equipment receives a preset first message within a first time period after receiving the RRC release message, the RRC connection is maintained. In the process of reestablishing the RRC connection, according to the normal message interaction logic, after the access network device sends the RRC release message, the access network device does not send the first message to the terminal device any more, and the terminal device does not reestablish the RRC connection according to the preset first message. Therefore, if the terminal device receives the preset first message within the first time period after receiving the RRC release message, which indicates that the access network device instructs the terminal device to perform RRC reestablishment normally, the previously received RRC release message is not sent by the access network device, but sent by the malicious attack device, so that the terminal device does not release the RRC connection according to the RRC release message. The method can prevent malicious attack equipment from attacking the terminal equipment in a mode of sending the RRC release message in the process of reestablishing the RRC connection, thereby improving the safety of the connection between the terminal equipment and the access network equipment and ensuring that the communication service between the terminal equipment and the access network equipment can be normally carried out.
Optionally, in this embodiment, because there are two possible situations in the RRC reestablishment process, that is, the terminal device may receive the RRC establishment message or the RRC reestablishment message after sending the RRC reestablishment request message, and the waiting time durations of the two messages may be different, in the technical solution, the waiting time durations of the two messages may be counted in a big data counting manner, and one waiting time duration compatible with the two messages is selected as the first time duration according to the counted data, so as to avoid that the terminal device makes an erroneous decision, and the RRC connection release operation is erroneously performed according to the RRC release message, which results in successful attack of the malicious attack device.
The above describes a method of communication in the embodiment of the present application, and the following describes a communication apparatus provided in the embodiment of the present application.
The communication device 90 provided by the embodiment of the present application can be applied inside a terminal, which can be a chip or a circuit inside the terminal.
Referring to fig. 9, the communication device 90 may include:
a sending unit 901, configured to send an RRC establishment request message, where the RRC establishment request message is used to request an access network device to establish an RRC connection;
a receiving unit 902, configured to receive an RRC release message, where the RRC release message is used to instruct a terminal to release an RRC connection;
a processing unit 903, configured to maintain the RRC connection when a preset first message is received within a first time period after the RRC release message is received.
In one possible design, the preset first message is used to request the terminal to establish a secure communication mechanism with the access network device or the core network device based on the RRC connection.
In a possible design, the preset first message may be an authentication request message, where the authentication request message is used to request the terminal to perform mutual authentication with the core network device.
In one possible design, the preset first message may be a NAS security mode command message, where the NAS security mode command message is used to request the terminal to establish a NAS security connection with the core network device.
In one possible design, the preset first message may be a security mode command message, which is used to request the terminal to activate a security mode so that the RRC connection enters a security connected state.
In one possible design, the RRC release message includes an RRC connection release cell, where the RRC connection release cell carries information of the redirected carrier, and the terminal device is in an LTE or LTE-a communication system at this time.
In a possible design, the RRC release message is in an inactive security state, that is, the RRC release message is not subjected to security processing in a security mode, and the terminal is in an NR communication system at this time, and the RRC release message does not include an RRC connection release cell carrying information of the redirected carrier.
In one possible design, the processing unit 903 is further configured to activate a security mode to enable the RRC connection to enter a security connected state when the security mode command message is received within the first time period and the security mode command message passes security authentication.
In a possible design, the sending unit 901 is further configured to send an RRC reestablishment request message before the receiving unit 902 receives the RRC release message, where the RRC reestablishment request message is used to request the access network device to reestablish the RRC connection.
In one possible design, the preset first message further includes an RRC setup message.
In one possible design, the preset first message may include an RRC reestablishment message, and the processing unit 903 is further configured to:
and when the RRC reestablishment message is received within the first time period and passes the security verification, activating a security mode, and enabling the RRC connection to enter a security connection state.
It should be understood that the processing unit 903 in the embodiments of the present application may be implemented by a processor or a processor-related circuit component, and the transmitting unit 901 and the receiving unit 902 may be implemented by a transceiver or a transceiver-related circuit component.
As shown in fig. 10, the embodiment of the present application further provides a communication device 100 applied inside a terminal, where the communication device 100 includes a processor 1001, a memory 1002 and a transceiver 1003, where the memory 1002 stores instructions or programs, and the processor 1001 is configured to execute the instructions or programs stored in the memory 1002. When the instructions or programs stored in the memory 1002 are executed, the processor 1001 is configured to perform the operations performed by the processing unit 903 in the above embodiments, and the transceiver 1003 is configured to perform the operations performed by the transmitting unit 901 and the receiving unit 902 in the above embodiments.
It should be understood that the communication device 90 or the communication device 100 according to the embodiment of the present application may correspond to a chip or a circuit inside the terminal device in the method embodiment shown in fig. 2, fig. 4 or fig. 8. Moreover, the operations and/or functions of the modules in the communication apparatus 90 or the communication apparatus 100 are respectively for implementing the corresponding flows in the method embodiments shown in fig. 2, fig. 4, or fig. 8, and are not described herein again for brevity.
As shown in fig. 11, an embodiment of the present application further provides a terminal 110, where the terminal 110 includes:
a processor 1101, a memory 1102 and a transceiver 1103, the processor 1101, the memory 1102 and the transceiver 1103 being connected by a bus;
the transceiver 1103 may be under the control of the processor 1101, for receiving and transmitting data;
the memory 1102 stores program codes therein, and the processor 1101 executes the program codes in the memory 1102 to implement the operations performed by the terminal device in the embodiments shown in fig. 2, fig. 4 or fig. 8.
As another form of the present embodiment, there is provided a computer-readable storage medium having stored thereon instructions that, when executed, perform the method of the terminal device in the above-described method embodiment.
As another form of the present embodiment, there is provided a computer program product containing instructions that, when executed, perform the method of the terminal device in the above-described method embodiments.
It should be understood that the processor mentioned in the embodiments of the present invention may be a Central Processing Unit (CPU), and may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
It will also be appreciated that the memory referred to in this embodiment of the invention may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The non-volatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an electrically Erasable EPROM (EEPROM), or a flash memory. Volatile memory can be Random Access Memory (RAM), which acts as external cache memory. By way of example, but not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic Random Access Memory (SDRAM), double data rate SDRAM, enhanced SDRAM, SLDRAM, Synchronous Link DRAM (SLDRAM), and direct rambus RAM (DR RAM).
It should be noted that when the processor is a general-purpose processor, a DSP, an ASIC, an FPGA or other programmable logic device, a discrete gate or transistor logic device, or a discrete hardware component, the memory (memory module) is integrated in the processor.
It should be noted that the memory described herein is intended to comprise, without being limited to, these and any other suitable types of memory.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.
Claims (27)
- A communication method is applied to a terminal or an electronic device inside the terminal, and comprises the following steps:sending a Radio Resource Control (RRC) establishment request message, wherein the RRC establishment request message is used for requesting access network equipment to establish RRC connection;receiving an RRC release message, wherein the RRC release message is used for indicating the terminal to release the RRC connection;and when receiving a preset first message within a first time period after receiving the RRC release message, maintaining the RRC connection.
- The method of claim 1, wherein the preset first message is used to request the terminal to establish a secure communication mechanism with the access network device or the core network device.
- The method according to claim 1 or 2, wherein the preset first message comprises an authentication request message, and the authentication request message is used for requesting the terminal to perform mutual authentication with a core network device.
- The method according to claim 1 or 2, wherein the preset first message comprises a non-access stratum NAS security mode command message, and the NAS security mode command message is used for requesting the terminal to establish NAS security connection with a core network device.
- The method according to claim 1 or 2, wherein the preset first message comprises a security mode command message, the security mode command message is used for requesting the terminal to activate a security mode, and the RRC connection enters a security connected state.
- The method of any of claims 1-5, wherein the RRC release message comprises an RRC connection release information element, and wherein the RRC connection release information element carries redirection carrier information.
- The method of claim 6, wherein the terminal is in a Long Term Evolution (LTE) or LTE-A advanced communication standard.
- The method according to any of claims 1-5, wherein said RRC release message is in an inactive security state and said terminal is in a new wireless NR communication mode.
- The method of claim 5, further comprising:and when the security mode command message is received within the first time period and passes security verification, activating a security mode, and enabling the RRC connection to enter a security connection state.
- The method according to claim 1 or 2, wherein prior to said receiving the RRC release message, the method further comprises:and sending an RRC reestablishment request message, wherein the RRC reestablishment request message is used for requesting the access network equipment to reestablish RRC connection.
- The method of claim 10, wherein the preset first message comprises an RRC setup message.
- The method of claim 10, wherein the preset first message comprises an RRC reestablishment message, and wherein the method further comprises:and when the RRC reestablishment message is received within the first time period and passes the security verification, activating a security mode, and enabling the RRC connection to enter a security connection state.
- A communication apparatus for use in a terminal, comprising:a sending unit, configured to send a radio resource control RRC establishment request message, where the RRC establishment request message is used to request an access network device to establish RRC connection;a receiving unit, configured to receive an RRC release message, where the RRC release message is used to instruct the terminal to release the RRC connection;and the processing unit is used for keeping the RRC connection when receiving a preset first message within a first time period after receiving the RRC release message.
- The apparatus according to claim 13, wherein the preset first message is used to request the terminal to establish a secure communication mechanism with the access network device or core network device based on the RRC connection.
- The communication apparatus according to claim 13 or 14, wherein the preset first message comprises an authentication request message, and the authentication request message is used for requesting the terminal to perform mutual authentication with a core network device.
- The apparatus according to claim 13 or 14, wherein the preset first message comprises a non-access stratum NAS security mode command message, and the NAS security mode command message is used to request the terminal to establish a NAS security connection with a core network device.
- A communication apparatus according to claim 13 or 14, wherein the preset first message comprises a security mode command message, the security mode command message is used to request the terminal to activate a security mode, and the RRC connection enters a security connected state.
- The communications apparatus of any of claims 13-17, wherein the RRC release message comprises an RRC connection release information element, and wherein the RRC connection release information element carries redirection carrier information.
- The apparatus according to claim 18, wherein the terminal is in long term evolution LTE or LTE-a advanced communication standard.
- The communications apparatus as claimed in any of claims 13-17, wherein the RRC release message is in an inactive security state, and the terminal is in a new wireless NR communication system.
- The communications apparatus of claim 17, wherein the processing unit is further configured to:and when the security mode command message is received within the first time period and passes security verification, activating a security mode, and enabling the RRC connection to enter a security connection state.
- The communication device according to claim 13 or 14,the sending unit is further configured to send an RRC reestablishment request message before the receiving unit receives the RRC release message, where the RRC reestablishment request message is used to request the access network device to reestablish the RRC connection.
- The communications apparatus of claim 22, wherein the preset first message comprises an RRC setup message.
- The communications apparatus as claimed in claim 22, wherein the preset first message comprises an RRC reestablishment message;the processing unit is further to:and when the RRC reestablishment message is received within the first time period and passes the security verification, activating a security mode, and enabling the RRC connection to enter a security connection state.
- A terminal, comprising:a processor, a memory, and a transceiver;the transceiver is used for receiving and transmitting data;the memory has program code stored therein, which when called by the processor performs the method of any of claims 1 to 12.
- A computer-readable storage medium comprising instructions that, when executed on a computer, cause the computer to perform the method of any of claims 1 to 12.
- A computer program product comprising instructions which, when run on a computer, cause the computer to perform the method of any one of claims 1 to 12.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2019/099602 WO2021022515A1 (en) | 2019-08-07 | 2019-08-07 | Communication method, apparatus, and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113396637A true CN113396637A (en) | 2021-09-14 |
| CN113396637B CN113396637B (en) | 2022-12-13 |
Family
ID=74503695
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201980082128.8A Active CN113396637B (en) | 2019-08-07 | 2019-08-07 | Communication method, device and system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN113396637B (en) |
| WO (1) | WO2021022515A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115065998A (en) * | 2021-12-22 | 2022-09-16 | 荣耀终端有限公司 | Call processing method and device |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103781193A (en) * | 2012-10-24 | 2014-05-07 | 华为技术有限公司 | Wireless link release method, controller and terminal |
| US20140269637A1 (en) * | 2013-03-15 | 2014-09-18 | Qualcomm Incorporated | Detecting missing rrc connection release message |
| US20150003361A1 (en) * | 2012-01-30 | 2015-01-01 | Alcatel Lucent | Providing information on a mobile terminal to a radio resource management entity of a wireless communication network |
| CN106937317A (en) * | 2015-12-31 | 2017-07-07 | 联发科技股份有限公司 | Communicator and the restoration methods of safe mode command failure |
| CN108632815A (en) * | 2017-03-24 | 2018-10-09 | 华为技术有限公司 | Communication means and equipment |
| CN109474932A (en) * | 2017-09-08 | 2019-03-15 | 华为技术有限公司 | A kind of identification of pseudo-base station and defence method and terminal |
| CN109842881A (en) * | 2017-09-15 | 2019-06-04 | 华为技术有限公司 | Communication means, relevant device and system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103313420B (en) * | 2012-03-15 | 2018-07-06 | 中兴通讯股份有限公司 | A kind of method, access network device and terminal for discharging terminal links |
-
2019
- 2019-08-07 CN CN201980082128.8A patent/CN113396637B/en active Active
- 2019-08-07 WO PCT/CN2019/099602 patent/WO2021022515A1/en active Application Filing
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150003361A1 (en) * | 2012-01-30 | 2015-01-01 | Alcatel Lucent | Providing information on a mobile terminal to a radio resource management entity of a wireless communication network |
| CN103781193A (en) * | 2012-10-24 | 2014-05-07 | 华为技术有限公司 | Wireless link release method, controller and terminal |
| US20140269637A1 (en) * | 2013-03-15 | 2014-09-18 | Qualcomm Incorporated | Detecting missing rrc connection release message |
| CN106937317A (en) * | 2015-12-31 | 2017-07-07 | 联发科技股份有限公司 | Communicator and the restoration methods of safe mode command failure |
| CN108632815A (en) * | 2017-03-24 | 2018-10-09 | 华为技术有限公司 | Communication means and equipment |
| CN109474932A (en) * | 2017-09-08 | 2019-03-15 | 华为技术有限公司 | A kind of identification of pseudo-base station and defence method and terminal |
| CN109842881A (en) * | 2017-09-15 | 2019-06-04 | 华为技术有限公司 | Communication means, relevant device and system |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115065998A (en) * | 2021-12-22 | 2022-09-16 | 荣耀终端有限公司 | Call processing method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2021022515A1 (en) | 2021-02-11 |
| CN113396637B (en) | 2022-12-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3576443B1 (en) | Communication method and device | |
| US11653199B2 (en) | Multi-RAT access stratum security | |
| US11419160B2 (en) | Network access method, terminal device, and network device | |
| AU2017258596B2 (en) | Enhanced non-access stratum security | |
| EP3531731B1 (en) | Computer readable medium and apparatus for authentication | |
| CN110999523A (en) | Method and user equipment for reconnecting a radio resource control connection with a radio access network node | |
| US11799916B2 (en) | Handling radio link failure in a narrow bandwidth internet of things control plane | |
| US11889301B2 (en) | Security verification when resuming an RRC connection | |
| US20220345883A1 (en) | Security key updates in dual connectivity | |
| CN113396637B (en) | Communication method, device and system | |
| WO2022205344A1 (en) | Method and apparatus for handling arrival of non-small data transmission | |
| WO2022151239A1 (en) | Method and apparatus for data transmission processing | |
| JP2022553618A (en) | Wireless communication method and terminal device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |