CN116939736A - Communication method and device - Google Patents
Communication method and device Download PDFInfo
- Publication number
- CN116939736A CN116939736A CN202210340065.5A CN202210340065A CN116939736A CN 116939736 A CN116939736 A CN 116939736A CN 202210340065 A CN202210340065 A CN 202210340065A CN 116939736 A CN116939736 A CN 116939736A
- Authority
- CN
- China
- Prior art keywords
- ncc
- access network
- terminal
- integrity check
- integrity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 235
- 238000000034 method Methods 0.000 title claims abstract description 130
- 238000012545 processing Methods 0.000 claims description 50
- 238000005259 measurement Methods 0.000 claims description 24
- 238000004590 computer program Methods 0.000 claims description 18
- 238000010295 mobile communication Methods 0.000 claims description 16
- 238000012795 verification Methods 0.000 claims description 13
- 230000001360 synchronised effect Effects 0.000 abstract description 28
- 230000001960 triggered effect Effects 0.000 abstract description 5
- 230000006870 function Effects 0.000 description 35
- 238000013461 design Methods 0.000 description 30
- 230000000694 effects Effects 0.000 description 26
- 230000004044 response Effects 0.000 description 14
- 238000007726 management method Methods 0.000 description 12
- 238000010586 diagram Methods 0.000 description 10
- 102100023705 C-C motif chemokine 14 Human genes 0.000 description 9
- 101100382874 Homo sapiens CCL14 gene Proteins 0.000 description 9
- 230000008569 process Effects 0.000 description 8
- 102100023702 C-C motif chemokine 13 Human genes 0.000 description 6
- 101100382872 Homo sapiens CCL13 gene Proteins 0.000 description 6
- 230000011664 signaling Effects 0.000 description 6
- 230000000712 assembly Effects 0.000 description 5
- 238000000429 assembly Methods 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 5
- 238000004422 calculation algorithm Methods 0.000 description 4
- 238000009795 derivation Methods 0.000 description 4
- 102100023700 C-C motif chemokine 16 Human genes 0.000 description 3
- 101100059553 Caenorhabditis elegans cdk-1 gene Proteins 0.000 description 3
- 101100382876 Homo sapiens CCL16 gene Proteins 0.000 description 3
- GVQYIMKPSDOTAH-UHFFFAOYSA-N NCC 1 Natural products CC1=C(C=C)C(=O)NC1CC1=C(C)C(CCC(O)=O)=C(C2C=3NC(CC4=C(C(C)=C(C=O)N4)CCOC(=O)CC(O)=O)=C(C)C=3C(=O)C2C(O)=O)N1 GVQYIMKPSDOTAH-UHFFFAOYSA-N 0.000 description 3
- 230000004913 activation Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000004927 fusion Effects 0.000 description 3
- 230000003068 static effect Effects 0.000 description 3
- 238000003491 array Methods 0.000 description 2
- 230000003190 augmentative effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 230000001413 cellular effect Effects 0.000 description 2
- 238000013523 data management Methods 0.000 description 2
- 235000019800 disodium phosphate Nutrition 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 230000002401 inhibitory effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000000670 limiting effect Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000036961 partial effect Effects 0.000 description 1
- 229920001690 polydopamine Polymers 0.000 description 1
- 230000002829 reductive effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000007306 turnover Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/0005—Control or signalling for completing the hand-off
- H04W36/0055—Transmission or use of information for re-establishing the radio link
- H04W36/0079—Transmission or use of information for re-establishing the radio link in case of hand-off failure or rejection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/0005—Control or signalling for completing the hand-off
- H04W36/0011—Control or signalling for completing the hand-off for data sessions of end-to-end connection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/14—Reselecting a network or an air interface
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The application provides a communication method and a device, belongs to the technical field of communication, and can prevent subsequent switching from still failing under the condition of continuous and repeated switching failure. In the method, if the integrity check of the information to be subjected to the integrity check fails according to the first NCC and the preset second NCC, the terminal is not synchronous with the NCC at the network side. Therefore, by releasing the link of the terminal on the corresponding access network equipment, the terminal can be triggered to subsequently re-access the network so as to reset the NCC, realize synchronization and avoid subsequent switching failure.
Description
Technical Field
The present application relates to the field of communications, and in particular, to a communication method and apparatus.
Background
Currently, in an area where a New Radio (NR) network and a long term evolution (long term evolution, LTE) network are commonly covered, a terminal may be handed over from the LTE network to the NR network, i.e., from the 4th generation (4th generation,4G) network to the 5th generation (5th generation,5G) network.
If the terminal fails to switch, the terminal may re-establish a radio resource control (radio resource control, RRC) connection with the network side to avoid service interruption. However, if the continuous multiple handovers fail, the terminal may fail to succeed in the subsequent handover. How to successfully switch is a characteristic problem of current industry research.
Disclosure of Invention
The embodiment of the application provides a communication method and a communication device, which are used for avoiding that the subsequent switching still fails under the condition of continuous switching failure for a plurality of times.
In order to achieve the above purpose, the application adopts the following technical scheme:
in a first aspect, a communication method is provided. The method comprises the following steps: a handover command message is received from a first access network device, the handover command message carrying information that needs to be checked for integrity, and a first next hop chain calculates NCC. In this way, according to the first NCC and the preset second NCC, the integrity check is performed on the information, so that in the case of failure of the integrity check, the link of the terminal on the first access network device is released.
According to the method of the first aspect, if the integrity check of the information to be checked for integrity fails according to the first NCC and the preset second NCC, it indicates that the terminal is not synchronized with the NCC on the network side. Therefore, by releasing the link of the terminal on the corresponding access network equipment, the terminal can be triggered to subsequently re-access the network so as to reset the NCC, realize synchronization and avoid subsequent switching failure.
In one possible design, performing an integrity check on information to be integrity checked according to the first NCC and a preset second NCC includes: the first next-hop parameter NH is determined from the first NCC and the second NCC, e.g. the difference between the two. And then, according to the first NH, performing integrity check on the information. For example, the terminal derives a key (denoted as key 2) for integrity check from the first NH. At this time, since the terminal is not synchronized with the NCC on the network side, the key 2 derived by the terminal is not identical to the key (denoted as key 1) for integrity protection derived by the network side. Performing an integrity check on this information using key 2, on the basis that this information is integrity protected by key 1, obviously fails the check. That is, although the terminal does not know that the terminal is not synchronous with the NCC on the network side in advance, according to the verification failure, or from the perspective of the verification result, the terminal can know that the terminal is not synchronous with the NCC on the network side, thereby triggering the terminal to release the link, and avoiding that the subsequent handover still fails.
Optionally, the method of the first aspect may further include: according to the first NH, deducting preset times to obtain second NH; and executing the integrity check on the information needing to be subjected to the integrity check according to the second NH. Under the condition that the terminal is not synchronous with NCC of the network side, namely the key 2 deduced by the terminal is not synchronous with the key 1 deduced by the network side, the terminal can autonomously deduce NH to try to obtain the same key as the network side to finish verification, and service continuity is guaranteed as much as possible. If the verification fails after the NH is deduced, the continuity of the service can not be guaranteed, the link of the terminal can be triggered to be released, and the follow-up handover is prevented from failing.
Further, the preset times are greater than or equal to 8 times. The difference between the NCC value turned over on the air interface and the NCC value stored locally at the network side is usually greater than or equal to 8. Thus, the preset times are greater than or equal to 8 times, so that the possibility of obtaining the same NH as that of the network side can be improved, and the possibility of successful switching is improved.
In a possible design, after releasing the link of the terminal on the first access network device, the method in the first aspect may further include: and sending a Radio Resource Control (RRC) connection establishment request message to the second access network device. The RRC connection establishment request message is used to request the terminal to establish connection with the second access network device, so as to reset NCC, realize synchronization, and avoid subsequent handover failure.
In one possible design, the handover command message comprises an evolved mobile communication system terrestrial radio access network mobility command message.
In one possible design, the information that needs to be integrity checked is a non-access stratum NAS container.
It can be seen that the integrity check can be achieved by multiplexing existing signaling and cells to reduce the complexity of the scheme.
In a second aspect, a communication method is provided. The method comprises the following steps: and receiving a switching command message from the first access network device, wherein the switching command message is used for indicating that the terminal needs to be switched to the third access network device. Wherein the handover command message carries information that needs to be checked for integrity, and a first NCC. And performing integrity check on the information according to the first NH, determining a second NH according to the first NH and performing integrity check on the information according to the second NH in the case that the integrity check fails. And sending a first message to the third access network equipment under the condition that the integrity check is successful. The first NH is determined according to the first NCC and a preset second NCC, and the first message is used for requesting the terminal to switch to the third access network equipment.
According to the method of the second aspect, if the integrity check of the information to be integrity checked fails according to the first NH, it indicates that the terminal is not synchronized with the NCC on the network side, that is, the first NH on the terminal side is not synchronized with the NH on the network side. Therefore, the terminal can automatically deduce NH to try to obtain the same NH as that of the network side, such as second NH, so that verification is completed, subsequent switching success is ensured, and service continuity is ensured.
In one possible embodiment, determining the second NH from the first NCC and the second NCC includes: and deducing preset times according to the first NH to obtain second NH.
Optionally, the preset number of times is greater than or equal to 8 times.
In one possible design, the handover command message comprises an evolved mobile communication system terrestrial radio access network mobility command message.
In one possible design, the information that needs to be checked for integrity is a NAS container.
Further, the other technical effects of the communication method described in the second aspect may refer to the technical effects of the communication method described in the first aspect, and are not described herein.
In a third aspect, a communication method is provided. The method comprises the following steps: a handover command message is received from an access network device. Wherein the handover command message carries information for integrity check, and the first NCC. In this way, according to the first NCC and the preset second NCC, the integrity check is performed on the information, and in case of failure of the integrity check, the terminal is prevented from sending the measurement report. The measurement report is used for triggering the access network equipment to switch the terminal.
According to the method of the third aspect, if the integrity check of the information to be checked for integrity fails according to the first NCC and the preset second NCC, it indicates that the terminal is not synchronized with the NCC on the network side. In this case, if the handover is continued to be initiated, the handover must fail. Therefore, the subsequent access network equipment can be prevented from continuously initiating the handover by preventing the terminal from sending the measurement report, so that the subsequent handover still fails.
In one possible design, performing an integrity check on information to be integrity checked according to the first NCC and a preset second NCC includes: and determining a first NH according to the first NCC and the second NCC, and performing integrity check on the information according to the first NH.
Optionally, before preventing the terminal from sending the measurement report, the method of the third aspect may further include: and deducing preset times according to the first NH to obtain second NH, and executing integrity check on the information needing to be subjected to the integrity check according to the second NH.
Further, the preset times are greater than or equal to 8 times.
In one possible design, the handover command message comprises an evolved mobile communication system terrestrial radio access network mobility command message.
In one possible design, the information that needs to be checked for integrity is a NAS container.
Further, the other technical effects of the communication method described in the third aspect may refer to the technical effects of the communication method described in the first aspect, and are not described herein.
In a fourth aspect, a communication device is provided. The communication device includes: means for performing the communication method of the first aspect, such as a transceiver module and a processing module.
The transceiver module is configured to receive a handover command message from a first access network device, where the handover command message carries information that needs to be checked for integrity and a first NCC. And the processing module is used for executing the integrity check on the information according to the first NCC and the preset second NCC, and releasing the link of the communication device on the first access network equipment in the case of failure of the integrity check.
In a possible embodiment, the processing module is further configured to determine the first NH according to the first NCC and the second NCC; and according to the first NH, performing integrity check on the information needing to be subjected to the integrity check.
Optionally, the processing module is further configured to derive a second NH from the first NH by a preset number of times, and perform integrity check on the information to be integrity checked according to the second NH.
Further, the preset times are greater than or equal to 8 times.
In a possible design, the transceiver module is further configured to send an RRC connection setup request message to the second access network device after the processing module releases the link of the communication apparatus according to the fourth aspect on the first access network device. The RRC connection establishment request message is used to request the communication apparatus to establish a connection with the second access network device.
In one possible design, the handover command message comprises an evolved mobile communication system terrestrial radio access network mobility command message.
In one possible design, the information that needs to be checked for integrity is a NAS container.
Alternatively, the transceiver module may include a transmitting module and a receiving module. The sending module is used for realizing the sending function of the communication device according to the fourth aspect, and the receiving module is used for realizing the receiving function of the communication device according to the fourth aspect.
Optionally, the communication device according to the fourth aspect may further include a storage module, where the storage module stores a program or instructions. The processing module, when executing the program or instructions, enables the communication device to perform the communication method of the first aspect.
The communication device according to the fourth aspect may be a terminal, a chip (system) or other components or assemblies that may be disposed in the terminal, or a device including the terminal, which is not limited in the present application.
Further, the technical effects of the communication apparatus according to the fourth aspect may refer to the technical effects of the communication method according to the first aspect, and will not be described herein.
In a fifth aspect, a communication device is provided. The communication device includes: the means for performing the communication method of the second aspect, such as the transceiver module and the processing module.
The transceiver module is configured to receive a handover command message from the first access network device. The handover command message is used for indicating that the communication apparatus in the fifth aspect needs to be handed over to the third access network device, where the handover command message carries information that needs to be checked for integrity and the first NCC. And the processing module is used for executing the integrity check on the information according to the first NH. Wherein the first NH is determined according to the first NCC and a preset second NCC. And the processing module is also used for determining a second NH according to the first NH and executing the integrity check on the information according to the second NH under the condition that the integrity check fails. And the processing module is further used for controlling the transceiver module to send the first message to the third access network equipment under the condition that the integrity check is successful. Wherein the first message is for the communication apparatus to request a handover to a third access network device.
Optionally, the processing module is further configured to derive the preset number of times to obtain the second NH according to the first NH.
Further, the preset times are greater than or equal to 8 times.
In one possible design, the handover command message comprises an evolved mobile communication system terrestrial radio access network mobility command message.
In one possible design, the information that needs to be checked for integrity is a NAS container.
Alternatively, the transceiver module may include a transmitting module and a receiving module. Wherein, the sending module is used for realizing the sending function of the communication device according to the fifth aspect, and the receiving module is used for realizing the receiving function of the communication device according to the fifth aspect.
Optionally, the communication device according to the fifth aspect may further include a storage module, where the storage module stores a program or instructions. The processing module, when executing the program or instructions, causes the communication device to perform the communication method described in the second aspect.
The communication device according to the fifth aspect may be a terminal, a chip (system) or other parts or components that may be provided in the terminal, or a device including the terminal, which is not limited in the present application.
Further, the technical effects of the communication apparatus according to the fifth aspect may refer to the technical effects of the communication method according to the second aspect, and will not be described herein.
In a sixth aspect, a communication device is provided. The communication device includes: means for performing the communication method according to the third aspect, such as a transceiver module and a processing module.
The receiving and transmitting module is used for receiving a switching command message from the access network equipment. Wherein the handover command message carries information that needs to be checked for integrity and the first NCC. And the processing module is used for executing the integrity check on the information needing to be subjected to the integrity check according to the first NCC and the preset second NCC, and preventing the communication device in the sixth aspect from sending the measurement report under the condition that the integrity check fails. Wherein the measurement report is used to trigger the access network device to switch the communication device.
In a possible design, the processing module is further configured to determine a first NH according to the first NCC and the second NCC, and perform an integrity check on the information to be integrity checked according to the first NH.
Optionally, the processing module is further configured to derive a second NH according to the first NH and deduce a preset number of times, and perform integrity check on information to be integrity checked according to the second NH, before preventing the communication device according to the sixth aspect from sending the measurement report.
Further, the preset times are greater than or equal to 8 times.
In one possible design, the handover command message comprises an evolved mobile communication system terrestrial radio access network mobility command message.
In one possible design, the information that needs to be checked for integrity is a NAS container.
Alternatively, the transceiver module may include a transmitting module and a receiving module. The transmitting module is configured to implement a transmitting function of the communication device according to the sixth aspect, and the receiving module is configured to implement a receiving function of the communication device according to the sixth aspect.
Optionally, the communication device according to the sixth aspect may further include a storage module, where the storage module stores a program or instructions. The processing module, when executing the program or instructions, enables the communication device to perform the communication method according to the third aspect.
The communication device according to the sixth aspect may be a terminal, a chip (system) or other components or assemblies that may be disposed in the terminal, or a device including the terminal, which is not limited in the present application.
Further, the technical effects of the communication apparatus according to the sixth aspect may refer to the technical effects of the communication method according to the third aspect, and will not be described herein.
In a seventh aspect, a communication device is provided. The communication device includes: a processor for performing the communication method according to any one of the possible implementation manners of the first aspect to the third aspect.
In one possible configuration, the communication device according to the seventh aspect may further comprise a transceiver. The transceiver may be a transceiver circuit or an interface circuit. The transceiver may be for use in a communication device according to the seventh aspect to communicate with other communication devices.
In one possible configuration, the communication device according to the seventh aspect may further comprise a memory. The memory may be integral with the processor or may be separate. The memory may be used for storing computer programs and/or data related to the communication method according to any one of the first to third aspects.
In the present application, the communication apparatus according to the seventh aspect may be the terminal according to any one of the first to third aspects, or a chip (system) or other part or component that may be provided in the terminal, or an apparatus including the terminal.
In addition, the technical effects of the communication device according to the seventh aspect may refer to the technical effects of the communication method according to any implementation manner of the first aspect to the third aspect, which are not described herein.
In an eighth aspect, a communication device is provided. The communication device includes: a processor coupled to the memory, the processor being configured to execute a computer program stored in the memory to cause the communication device to perform the communication method according to any one of the possible implementation manners of the first to third aspects.
In one possible configuration, the communication device according to the eighth aspect may further comprise a transceiver. The transceiver may be a transceiver circuit or an interface circuit. The transceiver may be for use in a communication device according to the eighth aspect to communicate with other communication devices.
In the present application, the communication apparatus according to the eighth aspect may be the terminal according to any one of the first to third aspects, or a chip (system) or other part or component that may be provided in the terminal, or an apparatus including the terminal.
In addition, the technical effects of the communication device according to the eighth aspect may refer to the technical effects of the communication method according to any implementation manner of the first aspect to the third aspect, which are not described herein.
In a ninth aspect, there is provided a communication apparatus comprising: a processor and a memory; the memory is configured to store a computer program which, when executed by the processor, causes the communication apparatus to perform the communication method according to any one of the implementation manners of the first to third aspects.
In one possible configuration, the communication device according to the ninth aspect may further comprise a transceiver. The transceiver may be a transceiver circuit or an interface circuit. The transceiver may be for use in a communication device according to the ninth aspect to communicate with other communication devices.
In the present application, the communication apparatus according to the ninth aspect may be the terminal according to any one of the first to third aspects, or a chip (system) or other part or component that may be provided in the terminal, or an apparatus including the terminal.
Further, the technical effects of the communication apparatus according to the ninth aspect may refer to the technical effects of the communication method according to any implementation manner of the first to third aspects, and are not described herein.
In a tenth aspect, there is provided a communication apparatus comprising: a processor; the processor is configured to execute the communication method according to any one of the implementation manners of the first to third aspects according to a computer program after being coupled to the memory and reading the computer program in the memory.
In one possible configuration, the communication device according to the tenth aspect may further comprise a transceiver. The transceiver may be a transceiver circuit or an interface circuit. The transceiver may be for use in a communications device according to the tenth aspect to communicate with other communications devices.
In the present application, the communication apparatus according to the tenth aspect may be the terminal according to any one of the first to third aspects, or a chip (system) or other part or component that may be provided in the terminal, or an apparatus including the terminal.
Further, the technical effects of the communication apparatus according to the tenth aspect may refer to the technical effects of the communication method according to any implementation manner of the first to third aspects, and are not described herein.
In an eleventh aspect, a communication system is provided. The communication system includes: one or more terminals according to any one of the first to third aspects.
In a twelfth aspect, there is provided a computer-readable storage medium comprising: computer programs or instructions; the computer program or instructions, when run on a computer, cause the computer to perform the communication method as described in any one of the possible implementations of the first to third aspects.
In a thirteenth aspect, a computer program product is provided, comprising a computer program or instructions which, when run on a computer, cause the computer to perform the communication method according to any one of the possible implementations of the first to third aspects.
Drawings
FIG. 1 is a schematic diagram of an exemplary diagram of a fused architecture of FIGS. 4G-5G;
FIG. 2 is a flow chart of key derivation;
FIG. 3 is a flow chart of a handover from 4G to 5G;
fig. 4 is a schematic flow chart of RRC re-establishment;
FIG. 5 is a flow chart illustrating a handover failure;
FIG. 6 is a second flow chart of a handover failure;
fig. 7 is a schematic diagram of a communication system according to an embodiment of the present application;
fig. 8 is a schematic flow chart of a communication method according to an embodiment of the present application;
fig. 9 is a second schematic flow chart of a communication method according to an embodiment of the present application;
fig. 10 is a flowchart of a communication method according to an embodiment of the present application;
fig. 11 is a schematic structural diagram of a communication device according to an embodiment of the present application;
fig. 12 is a schematic diagram of a second structure of a communication device according to an embodiment of the present application.
Detailed Description
The technical terms according to the embodiments of the present application will be described first.
1. Converged architecture for 4th generation (4th generation,4G) mobile communication system-5 th generation (5th generation,5G) mobile communication system:
fig. 1 is an exemplary diagram of a 4G-5G fusion architecture provided in the present application, where, as shown in fig. 1, the 4G-5G fusion architecture mainly includes: a terminal, an evolved node B (eNB), a next generation eNB (ng-eNB), a mobility management entity (mobility management entity, MME), a next generation node B (next generation node B, gNB), an access mobility management function (access and mobility management function, AMF) network element, a home subscriber server (home subscriber server, HSS) +a unified data management (unified data management, UDM) network element, and the like.
The terminal may be a terminal having a wireless transmitting/receiving function, or may be a chip or a chip system provided in the terminal. The terminal may also be referred to as a User Equipment (UE), an access terminal, a subscriber unit (subscriber unit), a subscriber station, a Mobile Station (MS), a remote station, a remote terminal, a mobile device, a user terminal, a wireless communication device, a user agent, or a user device. The terminals in embodiments of the present application may be mobile phones (mobile phones), cellular phones (cellular phones), smart phones (smart phones), tablet computers (pads), wireless data cards, personal digital assistants (personal digital assistant, PDAs), wireless modems (modems), handheld devices (handsets), laptop computers (lap computers), machine type communication (machine type communication, MTC) terminals, computers with wireless transceiving functions, virtual Reality (VR) terminals, augmented reality (augmented reality, AR) terminals, wireless terminals in industrial control (industrial control), wireless terminals in unmanned aerial vehicle (self driving), wireless terminals in smart grid (smart grid), wireless terminals in transportation security (transportation safety), wireless terminals in smart city (smart city), wireless terminals in smart home (smart home), roadside units with functions, RSU, etc. The terminal of the present application may also be an in-vehicle module, an in-vehicle part, an in-vehicle chip, or an in-vehicle unit built in a vehicle as one or more parts or units.
The eNB may be an eNodeB. The eNB and the ng-eNB may be collectively referred to as an evolved universal mobile telecommunications system (universal mobile telecommunications system, UMTS) terrestrial radio access network (evolved UMTS terrestrial radio access network, E-UTRAN) device. The E-UTRAN device is mainly used for providing network access functions for terminals in a specific area, such as a network signal coverage area of the E-UTRAN device, so that the terminals can be accessed and attached to the 4G network through the E-UTRAN device.
The MME is mainly responsible for mobility management of a terminal (e.g., a terminal accessing an eNB), storing a context of the terminal (e.g., an identity of the terminal, a mobility management state, a user security parameter, etc.), bearer (bearer) management, etc. And, the MME may also be responsible for processing non-access stratum (NAS) signaling, such as attach request (attach request) message, location update request (update location request) message, service request (service request) message, and packet data network connection request (PDN connectivity request) message, etc., to ensure NAS signaling security.
The gNB may also be a gNodeB or a next generation radio access network (next generation radio access network, NG-RAN) device. Similar to enbs, the gNB is typically mainly used to provide network access functions for terminals in a specific area, such as the network signal coverage area of the gNB, so that the terminals can access and attach to the 5G network through the gNB.
The AMF network element is mainly responsible for access and mobility management of the terminal, such as registration management, reachability management and mobility management of the terminal, paging management, access authentication, encryption and integrity protection of authorized non-access layer signaling, and the like.
The above hss+udm refers to a function of integrating an HSS in a UDM network element, or a function of integrating a UDM network element in an HSS.
The terminal may access packet core evolution (evolved packet core, EPC), such as access MME, through an eNB or ng-eNB. The terminal may access a 5G core network (5 GC), such as an AMF network element, only through the ng-eNB. Alternatively, the terminal may access the 5GC only through the gNB. Alternatively, the terminal may also access the 5GC by means of dual-connectivity (DC). For example, the data plane of the terminal accesses 5GC through ng-eNB, and the control plane of the terminal accesses 5GC through gNB. Or the data surface of the terminal is accessed to 5GC through gNB, and the control surface of the terminal is accessed to 5GC through ng-eNB.
It is noted that the above enbs or gnbs may also be collectively referred to as radio access network (radio access network, RAN) devices, or access network devices. Of course, the RAN device may also include other forms of devices, such as Access Points (APs) in a wireless fidelity (wireless fidelity, wiFi) system, wireless relay nodes, wireless backhaul nodes, various forms of macro base stations, micro base stations (also referred to as small stations), relay stations, access points, wearable devices, vehicle devices, and so on.
2. And (3) key deduction:
to ensure that data transmission can be performed securely between the terminal and the network side, e.g. between the terminal and the MME. The terminal and the network side are required to execute key deduction, so that the safety of data transmission is ensured. The key deduction process of the network side is specifically described below, and the terminal side can refer to and understand the key deduction process and will not be described again.
Fig. 2 is a schematic flow chart of key derivation, as shown in fig. 2, if the value of the next hop chain calculation (network hop chaining count, NCC) is not changed, the eNB performs horizontal derivation. If the NCC value changes, the MME performs vertical deduction. Whether the value of the NCC changes may depend on the state of the terminal, e.g. the terminal needs to switch, the value of the NCC is updated with 1.
Horizontal deduction:
taking NCC with a value of 0 (NCC 0) as an example, eNB can be based on the key K ASME And a non-access stratum (NAS) uplink count value (NAS uplink count), deducing an initial (initial) key KeNB. The initial key KeNB is denoted NH0 as an initial next-hop parameter (next hop paramete, NH). This NH0 is associated with NCC0 as a pair { NH, NCC }. If horizontal deduction is to be performed, the eNB may deduct the key KeNB2 from an initial key KeNB (denoted as key KeNB 1), a physical cell identity (physical cell identifier, PCI) of a cell (cell) where the terminal is currently camping, and an E-UTRA absolute frequency point number (E-UTRA absolute radio frequency channel number, EARFCN), such as EARFCN (EARFCN-DL) of a downlink (downlink), and the key KeNB2 may be used to deduct a key for data integrity protection and encryption. If horizontal deduction is continued, the eNB may deduct a key KeNB3 according to the key KeNB2, the PCI of the cell in which the terminal is currently camping, and the E-UTRA absolute frequency number, and the key KeNB3 may be used to deduct a new key for data integrity protection and encryption. And so on.
It can be seen that, on the basis of unchanged NCC value, the key KeNB can be iteratively updated through horizontal deduction, so that the key for protecting and encrypting the data integrity is iteratively updated, and the communication safety is ensured.
And (3) vertical deduction:
if the NCC value is updated, self-increasing from 0 to 1 (denoted NCC 1), the MME performs a vertical deduction to depend on the key K ASME And an initial key KeNB (i.e., NH 0), a new NH (denoted NH 1) is deduced. NH1 is associated with NCC1 as a new pair { NH, NCC } for the MME to perform horizontal deduction on the basis of NCC 1. If the NCC value continues to update, self-increasing from 1 to 2 (denoted NCC 2), then the MME continues to perform vertical deduction to depend on the key K ASME And NH1, new NH (noted NH 2) is deduced. NH2 is associated with NCC2 as a new pair { NH, NCC }, for MME to perform horizontal deduction on NCC2 basis. And so on.
It can be seen that vertical deductions are used to update NH to get NH related to updated NCC for subsequent horizontal deduction use. In addition, the number of vertical deductions can be determined by the difference between the NCC value before and after updating. For example, if the NCC value is updated from 0 to 1, i.e., the difference is 1, the MME may perform 1 vertical deduction to obtain NH1 related to NCC 1. If the NCC value is updated from 0 to 2, i.e., the difference is 2, then the MME may perform 2 vertical deductions to obtain NH2 associated with NCC 2. If the NCC value is updated from 2 to 3, i.e., the difference is 1, the MME may perform 1 vertical deduction to obtain NH3 associated with NCC 3.
3. Handover (handover):
the handover refers to that the RAN device may handover the terminal to a cell of a RAN device with better signal strength (e.g., a neighbor RAN device) when it senses that the signal strength of the terminal in its own cell is gradually weakened. The handover may be an EPC to 5GC handover (EPC HO >5 GC), also referred to as a 4G to 5G handover. And the eNB switches the UE to the gNB/ng-eNB through the MME and the AMF network element.
Fig. 3 is a schematic flow chart of switching from 4G to 5G according to the present application, as shown in fig. 3, the flow chart includes:
s301, the UE connects to EPC through eNB.
The UE may access the eNB through an initial access, and complete the attachment through the eNB access to the EPC.
S302, the eNB determines that the UE needs to be switched.
As the UE moves, for example, the UE moves gradually away from the eNB, the eNB may perceive that the signal strength of the UE gradually decreases. When the signal strength of the UE is reduced to a certain extent, the eNB determines that the UE needs to be switched to a base station with better signal strength, so that a base station with better signal strength, for example, a gNB/ng-eNB, can be selected from the candidate base stations.
S303, the eNB sends a handover required (handover required) message to the MME. Correspondingly, the MME receives a handover required message from the eNB.
The handover required message is used to request handover of the UE to the corresponding gNB/ng-eNB. The handover required message may include: tracking area code (tracking area code, TAC) for pointing to an AMF network element, e.g. an AMF network element serving the gNB/ng-eNB. The MME knows that the UE needs to be switched to the gNB/ng-eNB, so that the NCC value stored locally by the MME is updated by 1 to obtain updated NCC, and vertical deduction is performed according to the updated NCC to obtain updated NH. The updated NCC is associated with the updated NH as an updated pair { NH, NCC }.
S304, the MME sends a relocation request (relocation request) message to the AMF network element. Accordingly, the AMF network element receives the relocation request message from the MME.
The relocation request message is used to request handover of the UE to the corresponding gNB/ng-eNB. The relocation request message may include: the identity of the gNB/ng-eNB and the EPS security context of the UE. The EPS security context of the UE mainly includes: EPS security capability, security algorithm of EPS NAS and secret key K ASME And an updated pair of { NH, NCC }. The EPS security capability may be used to indicate whether the UE supports ciphering and integrity protection, among other things. The security algorithms of EPS NAS are used to indicate algorithms supported by encryption and integrity protection. In this way, the AMF network element may construct a 5G security context for the UE according to the EPS security context for the UE.
S305, the AMF network element generates a NAS container (container).
Wherein the NAS container may carry an updated NCC therein. For example, the NAS container is 10 bytes in length, and the 5 th to 7 th bits of the 8 th byte can be used(bit) represents the updated NCC, i.e. 3 bits are used to represent the updated NCC. For example, 3 bits may represent NCC0-NCC7, i.e., represent NCC values ranging from 0-7 for a total of 8 values. The NAS container may be integrity protected for subsequent integrity checks. For example, the AMF network element may rely on the key K ASME And updated NH, deduction key K AMF ' use the key K AMF ' integrity protection of NAS containers.
S306, the AMF network element sends a handover request (handover request) message to the gNB/ng-eNB. Correspondingly, the gNB/ng-eNB receives a handover request message from the AMF network element.
The switching request message is used for requesting to switch the UE to the gNB/ng-eNB.
S307, gNB/ng-eNB sends a handover request acknowledgement (handover request ACK) message to the AMF network element. Correspondingly, the AMF network element receives a handover request acknowledgement message from the gNB/ng-eNB.
The switching request confirmation message is used for indicating the gNB/ng-eNB to allow the UE to switch. Or, the handover request confirm message is used to indicate that the gNB/ng-eNB does not allow the UE to handover.
S308, the AMF network element sends a relocation response (relocation response) message to the MME. Correspondingly, the MME receives a relocation response message from the AMF network element.
In the case that the gNB/ng-eNB allows the UE to switch, the relocation response message can be used for indicating that the UE can switch to the gNB/ng-eNB, and the relocation response message carries the NAS container protected by the integrity. Alternatively, in the case where the gNB/ng-eNB does not allow the UE to handover, the relocation response message may be used to indicate that the UE cannot handover to the gNB/ng-eNB.
S309, the MME sends a handover failure (handover preparation failure) message to the eNB. Correspondingly, the eNB receives a handover failure message from the MME.
In the case that the relocation response message in S608 is used to indicate that the gNB/ng-eNB does not allow the UE to switch, the MME may send a handover failure message to the eNB to indicate a handover failure, that is, a handover failure that is not perceived by the UE, and the handover procedure ends.
S310, the MME sends a handover command message to the eNB. Accordingly, the eNB receives the handover command message from the MME.
In the case where the relocation response message in S608 is used to instruct the gNB/ng-eNB to allow the UE to switch, the MME may send a switch command message to the eNB to instruct the UE to switch to the gNB/ng-eNB. The handover command message carries the above-mentioned integrity-protected NAS container. That is, the MME may obtain the integrity-protected NAS container from the relocation response message, encapsulate it into a handover command message, and then send the handover command message to the eNB.
S311, the eNB sends a handover command message to the UE. Accordingly, the UE receives a handover command message from the eNB.
The handover command message carries an evolved mobile communication system terrestrial radio access network mobility command (mobility from EUTRA command) message. If the UE is handed over to the gNB, the evolved mobile system terrestrial radio access network mobility command message carries a radio resource control (radio resource control, RRC) reconfiguration (RRC reconfiguration) message carrying the integrity protected NAS container described above. If the UE is handed over to the ng-eNB, the evolved mobile system terrestrial radio access network mobility command message carries an RRC connection reconfiguration (RRC connection reconfiguration) message carrying the integrity protected NAS container described above.
S312, the UE performs integrity check.
The UE may obtain an updated NCC from the integrity-protected NAS container, so as to perform vertical deduction for a corresponding number of times according to a difference between the updated NCC and an NCC that is locally pre-stored by the UE, to obtain an updated NH. In this way, the UE can store the key K in advance according to the NH and the UE local ASME Deducing the key K AMF ' and uses the key K AMF ' the integrity of the integrity protected NAS container is verified. If the integrity check passes, the UE may switch to the gNB/ng-eNB. Otherwise, if the integrity check is not passed, the handover fails, or the UE perceives the handover lossAnd (3) failure, thereby triggering and executing the RRC connection reestablishment procedure, the specific implementation principle can refer to the following related description in fig. 4, and will not be repeated.
S313, the UE sends a handover complete (handover complete) message to the gNB/ng-eNB. Correspondingly, the gNB/ng-eNB receives a switching completion message of the UE.
In case the integrity check passes, the UE will attempt to access the gNB/ng-eNB. If the UE successfully accesses the gNB/ng-eNB, the UE sends a switching completion message to the gNB/ng-eNB to indicate that the switching is completed. If the UE fails to access the gNB/ng-eNB, the switching fails, namely the UE perceives the switching failure. At this time, the UE does not send a handover complete message, and triggers to execute the RRC connection reestablishment procedure, and the specific implementation principle may also refer to the following description related to fig. 4, which is not repeated.
S314, the gNB/ng-eNB sends a handover notification (handover notification) message to the AMF network element. Correspondingly, the AMF network element receives a handover notification message from the gNB/ng-eNB.
The gNB/ng-eNB can send a switching notification message to the AMF network element according to the switching completion message to indicate that switching is completed. The AMF network element may send a relocation complete notification (relocation complete notification) message to the MME to indicate that the handover is complete, or that the handover is successful, thereby triggering the MME to release the UE's context. Of course, in case of handover failure, the UE does not send a handover complete message, nor does the gNB/ng-eNB switch a notification message, and the AMF network element does not send a relocation complete notification message. In this way, the MME may determine that the handover failed based on a timeout (e.g., exceeding the handover protection time) without receiving the relocation complete notification message, still preserving the context of the UE.
It will be appreciated that S309 and S310-S314 are optional steps, and that S309 is performed if the gNB/ng-eNB does not allow the UE to handover, and S310-S314 is performed if the gNB/ng-eNB allows the UE to handover.
4. RRC reestablishment procedure:
LTE defines an RRC reestablishment procedure in case of handover failure to enable the UE to reestablish an RRC connection with the eNB, avoiding service interruption. The following is a detailed description.
Fig. 4 is a schematic diagram of a RRC reestablishment procedure according to the present application, as shown in fig. 4, where the procedure includes:
S401, the UE performs cell selection.
In case of triggering RRC re-establishment, the UE may perform cell selection to select to re-establish the RRC connection with a suitable cell, e.g. a cell with a high signal strength.
S402, the UE sends an RRC connection reestablishment request (RRC connection reestablishment request) message to the target eNB. Accordingly, the target eNB receives an RRC connection reestablishment request message from the UE.
The RRC connection re-establishment request message is used to request re-establishment of the RRC connection with the target eNB. The RRC connection reestablishment request message mainly carries an identifier of the UE, such as a radio network temporary identifier (cell radio network temporary identifier, C-RNTI), a physical cell identifier (physical cell ID), a truncated (short) integrity message authentication code (message authentication code for integrity, MAC-I), and a reestablishment cause value.
S403, the target eNB sends a UE context request (retrieve UE context request) message to the source eNB. Accordingly, the source eNB receives the UE context request message from the target eNB.
The target eNB may determine whether the target eNB and the source eNB are the same eNB according to the identity of the UE. If the target eNB and the source eNB are different eNBs, the target eNB sends a UE context request message to the source eNB to request the UE context. Otherwise, if the target eNB is the same eNB as the source eNB, S402-S403 are not performed.
S404, the source eNB sends a UE context response (retrieve UE context response) message to the target eNB. Accordingly, the target eNB receives the UE context response message from the source eNB.
The source eNB may send a UE context response message to the target eNB according to the UE context request message, where the UE context response message carries the context of the UE.
S405, the target eNB sends an RRC connection re-establishment (RRC connection reestablishment) message to the UE. Accordingly, the UE receives an RRC connection reestablishment message from the target eNB.
The RRC connection reestablishment message may be used to instruct the target eNB to allow the RRC connection to be reestablished with the UE. For example, the target eNB may verify whether the short MAC-I matches the token (token). The token may be determined by the target eNB according to the context of the UE. If the short MAC-I is not matched with the token, the verification fails, the process is ended, and the RRC connection cannot be reestablished. If the short MAC-I matches the token, the verification is passed, and the target eNB may follow a pair of { NH, NCC } associated with the key KeNB in the context of the UE, for example, using these { NH, NCC } to continue the deduction, and the specific implementation principle may refer to the description related to the above 2 and the key deduction, which is not repeated.
S406, the UE sends an RRC connection reestablishment complete (RRC connection reestablishment complete) message to the target eNB. Accordingly, the target eNB receives an RRC connection reestablishment complete message from the UE.
The RRC connection reestablishment complete message may be used to indicate that RRC connection reestablishment is complete. On this basis, the UE may also follow a pair of { NH, NCC } associated with the key KeNB in the UE's context, and continue to derive the same key as the target eNB using these { NH, NCC }. Thus, the RRC connection reestablishment is completed, and the UE and the target eNB both derive the same key, and can use the key to derive keys for encryption and integrity protection, so as to ensure communication security.
5. Multiple handover failures:
wherein, multiple handover failures may result in failure of subsequent handover. The following is a detailed description.
Case 1, ue perceives handover failure.
Fig. 5 is a flow chart illustrating handover failure in the case where the UE senses handover failure. As shown in fig. 5, in the initial state, the UE and the network side (e.g., MME) understand in agreement, NH0 of both are initial keys KeNB, and NCC0 (indicating that the value of NCC is 0, the same applies hereinafter), that is, NCC synchronization. Through safe activation, the MME updates NCC0 into NCC1, and updates NH0 into NH1, and NH1 is obtained by vertically deducting 1 time according to the key KeNB. At this time, the UE side is still NCC0, and NH0 is not updated. If a handover occurs, or the 1 st handover is initiated, the UE is consistent with the understanding at the network side. For example, the network side updates NCC1 to NCC2, updates NH1 to NH2, and vertically derives NH2 from the key KeNB 2 times. The network side sends NCC2 to the UE through the air interface, and the information of integrity protection through NH2, and the specific implementation principle may refer to the related description in S308-S310, which is not repeated. Correspondingly, the UE can update NCC0 to NCC2 to realize the synchronization with NCC of the network side, and update NH0 to NH2 to finish the integrity check of the information. Then, if the handover fails, for example, the UE fails to attempt to access the gNB/ng-eNB, the NCC at the network side does not make a backoff, but is still NCC2, but the NCC at the UE side needs to backoff to NCC0. The next 5 hand-offs fail and so on.
Case 2, ue does not perceive a handover failure.
Fig. 6 is a flow chart illustrating handover failure in the case where the UE senses handover failure. As shown in fig. 6, in the initial state, the UE and the network side (e.g., MME) understand in agreement, NH0 of both are initial keys KeNB, and NCC0 (indicating that the value of NCC is 0, the same applies hereinafter), that is, NCC synchronization. Through safe activation, the MME updates NCC0 into NCC1, and updates NH0 into NH1, and NH1 is obtained by vertically deducting 1 time according to the key KeNB. At this time, the UE side is still NCC0, and NH0 is not updated. If the switching occurs or the 1 st switching is started, the network side updates NCC1 to NCC2, updates NH1 to NH2, and the NH2 is obtained by vertically deducting 2 times according to the key KeNB. And if the switching fails, for example, the gNB/ng-eNB does not allow the UE to switch, the MME sends a switching failure message to the eNB, and the NCC at the network side does not make a rollback and is still NCC2. The next 5 hand-offs fail and so on.
For the case 1 and the case 2, when the 7 th handover is started, the network side updates NCC7 to NCC8, updates NH7 to NH8, and derives NH8 vertically from the key KeNB 8 times. At this time, if the gNB/ng-eNB allows the UE to switch, the network side can synchronize NCC to the UE through an air interface. But since the NCC has only 3 bits overhead on the air interface, i.e. only 0-7 can be transmitted on the air interface. In this case, the NCC value may be flipped over the air interface, for example, the NCC value on the air interface is obtained by modulo (mod 8) the NCC value on the network side, and is flipped from NCC8 to NCC0. And then, the network side sends NCC0 and information for integrity protection through NH8 to the UE through an air interface. Correspondingly, the UE performs integrity check on the information by using NH0 according to NCC0, so that the check fails, resulting in handover failure. That is, since the 7 th handover starts, the UE is not synchronized with the NCC at the network side because the NCC toggles over the air, and the subsequent handover fails. For example, in the 8 th handover, the network side is NCC9, and the UE side is NCC1. In the 9 th handover, the network side is NCC10, the UE side is NCC2, and so on. In addition, although the switching failure can trigger the RRC reestablishment procedure, the RRC reestablishment procedure is mainly used to ensure the safe alignment of the UE and the target eNB, the UE is still not synchronous with the NCC at the network side, the subsequent switching still fails, the problem that the repeated switching fails and is repeatedly reestablished so as not to escape occurs, and the continuity of the service is affected.
It should be noted that, after the NCC value is greater than or equal to 8 due to the successive handover failures, the network side may also maintain the NCC in a roll-over manner, but the NH may still be determined according to the actual NCC value. For example, successive handover failures result in an update of NCC from NCC0 to NCC8. At this time, the network side turns NCC8 to NCC0, but the network side derives NH8 from actual NCC8. In this case, the UE is synchronized with the NCC on the network side, but this synchronization may be considered as a false synchronization, and the actual NCC and NH are not synchronized, and the handover may still fail.
It should be noted that the above cases 1 and 2 may be combined, i.e. some handover failed UEs may be perceived, while others are not, but eventually still result in that from the 7 th handover, the UE is not synchronized with the NCC on the network side. In the above cases 1 and 2, the update of NCC0 is taken as an example, but the update of NCC may be started by any value from NCC0 to NCC7 without limitation. For example, NCC is updated from NCC5, with NCC5 and NH0 being a pair { NH, NCC }. NCC5 is continuously increased for 7 times, and the network side adopts turnover maintenance to be NCC4. In this case, the network side and the UE understand that the difference values before and after the NCC value update are consistent (the difference values are all 7), that is, NCC4 does not flip over the air, so that NH of the estimated values is NH12. However, when NCC4 is further added 1 time to NCC5, the network side and the UE do not understand the difference value before and after updating the NCC value (the difference value determined by the network side is 8, and the difference value determined by the UE is 0), that is, the NCC5 obtained by deduction is turned over the air, so that the NH of the network side and the NH of the UE are inconsistent (the network side is NH13, and the UE is NH 5). In other words, no matter which of NCC0 to NCC7 is the initial value of NCC, the successive self-increases of the value for 8 times may cause the NCC to flip over the air.
In summary, aiming at the technical problems, the embodiment of the application provides the following technical scheme to avoid the follow-up handover still failure under the condition of continuous repeated handover failure. The technical scheme of the application will be described below with reference to the accompanying drawings.
The technical solution of the embodiment of the present application may be applied to various communication systems, such as a wireless fidelity (wireless fidelity, wiFi) system, a vehicle-to-object (vehicle to everything, V2X) communication system, an inter-device (D2D) communication system, a vehicle networking communication system, 4G, such as LTE, worldwide interoperability for microwave access (worldwide interoperability for microwave access, wiMAX) communication system, 5G, such as NR, and future communication systems, such as sixth generation (6th generation,6G) mobile communication system, and the like.
The present application will present various aspects, embodiments, or features about a system that may include a plurality of devices, components, modules, etc. It is to be understood and appreciated that the various systems may include additional devices, components, modules, etc. and/or may not include all of the devices, components, modules etc. discussed in connection with the figures. Furthermore, combinations of these schemes may also be used.
In addition, in the embodiments of the present application, words such as "exemplary," "for example," and the like are used to indicate an example, instance, or illustration. Any embodiment or design described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, the term use of an example is intended to present concepts in a concrete fashion.
In the embodiment of the present application, "information", "signal", "message", "channel", and "signaling" may be used in a mixed manner, and it should be noted that the meaning of the expression is matched when the distinction is not emphasized. "of", "corresponding" and "corresponding" are sometimes used in combination, and it should be noted that the meanings to be expressed are matched when the distinction is not emphasized. Furthermore, references to "/" in this disclosure may be used to indicate an "or" relationship.
The network architecture and the service scenario described in the embodiments of the present application are for more clearly describing the technical solution of the embodiments of the present application, and do not constitute a limitation on the technical solution provided by the embodiments of the present application, and those skilled in the art can know that, with the evolution of the network architecture and the appearance of the new service scenario, the technical solution provided by the embodiments of the present application is applicable to similar technical problems.
To facilitate understanding of the embodiments of the present application, a communication system suitable for use in the embodiments of the present application will be described in detail with reference to the communication system shown in fig. 7. Fig. 7 is a schematic diagram of a communication system to which the communication method according to the embodiment of the present application is applicable.
As shown in fig. 7, the communication system may be applicable to the above-mentioned 4G-5G convergence architecture, and mainly includes: a terminal and an access network device. The related functions of the terminal and the access network device may refer to related descriptions in the above "1, 4G-5G fusion architecture", and will not be described again. In the communication system of the embodiment of the application, if the terminal fails to perform integrity check on the information from the access network equipment, the link of the terminal on the corresponding access network equipment is released, or NH is automatically deduced to attempt synchronization with the network side, or reporting of a measurement report is prevented, and subsequent handover is avoided to still fail.
It is convenient to understand that, in the following, referring to fig. 8 to fig. 10, an interaction procedure between a terminal and an access network device will be specifically described through a method embodiment.
The communication method provided by the embodiment of the application can be applied to the communication system and applied to various scenes. Different flows of the communication method may be performed by different devices/network elements in different scenarios, as described in detail below.
Scene 1:
fig. 8 is a schematic flow chart of a communication method according to an embodiment of the present application. The communication method is mainly suitable for communication between the terminal and the first access network equipment. In scenario 1, if the terminal fails to perform integrity check on the information from the access network device, the link of the terminal on the first access network device is released to avoid that the subsequent handover still fails.
Specifically, as shown in fig. 8, the flow of the communication method is as follows:
s801, a handover command message is received from a first access network device.
The terminal (e.g. UE) and the first access network device (e.g. eNB) may participate in the handover procedure described in fig. 3, and the specific implementation principle of the handover procedure may also refer to the related description and will not be repeated. The handover command message (see S310-S311) is used to indicate that the terminal needs to be handed over to a third access network device, i.e. a target access network device (e.g. a gNB/ng-eNB). The handover command message carries information that needs to be checked for integrity and the first NCC. The information that needs to be integrity checked may be a NAS container, such as an integrity protected NAS container. For example, the NAS container may be protected by a key for integrity protection (denoted as Key 1), such as Key K AMF ' integrity protection is provided. Key 1 may be based on key K ASME And obtaining updated NH deduction. The first NCC is an NCC that is flipped over the air, unlike an NCC that is stored locally at the network side (e.g., MME). The first NCC may be carried in a NAS container. For example, the NAS container is 10 bytes in length, and the first NCC may be represented using bits 5-7 in byte 8.
The handover command message may include, among other things, an evolved mobile communication system terrestrial radio access network mobility command message (denoted mobility command message). For example, if the target access network device in the handover procedure is a gNB, the mobility command message carries an RRC reconfiguration message carrying the information that needs to be checked for integrity. If the target access network equipment in the switching process is ng-eNB, the mobility command message carries RRC connection reconfiguration message which carries the information needing to be checked for integrity. It can be seen that the integrity check can be achieved by multiplexing existing signaling and cells to reduce the complexity of the scheme.
In addition, the specific implementation principle of S801 may refer to the related description in S305-S311, and will not be repeated.
S802, executing integrity check on the information needing to be integrity checked according to the first NCC and the preset second NCC
The terminal may obtain a first NCC from the NAS container to determine a first NH from the first NCC and the second NCC. For example, the terminal may perform a corresponding number of vertical deductions according to a difference between the first NCC and the second NCC, to obtain the first NH. The second NCC is an NCC that is locally pre-stored by the terminal, such as NCC0. The terminal may perform integrity check on the information to be integrity checked according to the first NH. For example, the terminal can store the key K in advance according to the first NH and the terminal local ASME Deducing a key for integrity checking (denoted key 2), e.g. key K AMF '. The terminal then uses the key 2 to perform integrity checking on the information that needs to be integrity checked.
In addition, the specific implementation principle of S802 may also refer to the related description in S312, which is not repeated.
S803, under the condition that the integrity check fails, releasing the link of the terminal on the first access network equipment.
At this time, since the terminal is not synchronized with the NCC at the network side, the key 2 derived by the terminal is not identical to the key 1 derived at the network side. Performing an integrity check on this information using key 2, on the basis that this information is integrity protected by key 1, obviously fails the check. That is, although the terminal does not know that the terminal is not synchronous with the NCC on the network side in advance, according to the verification failure, or from the perspective of the verification result, the terminal can know that the terminal is not synchronous with the NCC on the network side, so as to trigger the terminal to release the link of the terminal on the first access network device and re-access the network, so as to reset the NCC, realize synchronization, and avoid the follow-up handover still failure. The method that the terminal releases the link of the terminal on the first access network device may be understood that the terminal releases the context of the terminal on the first access network device, for example, the full context or a partial context, which is not limited specifically.
Optionally, in combination with scenario 1, in a first possible implementation, before S802, the communication method may further include: and deducing preset times to obtain second NH according to the first NH, and executing integrity check on the information needing to be subjected to the integrity check according to the second NH.
The terminal may perform vertical deduction for a preset number of times based on the first NH to obtain the second NH. The terminal may continue to derive a key for integrity protection (denoted as key 3) based on the second NH to perform integrity checking based on the information of key 3 that needs to be integrity checked. At this time, if the key 3 is the same as the key 1, the integrity check is successful, and the terminal may attempt to switch to the target access network device. If key 3 is not identical to key 1, the integrity check fails, triggering execution S802. That is, in the case that the terminal is not synchronized with the NCC on the network side, that is, the key 2 derived by the terminal is not synchronized with the key 1 derived by the network side, the terminal may autonomously derive NH to attempt to obtain the same key as the network side to complete verification, so as to ensure continuity of the service as much as possible. If the verification fails after the NH is deduced, the continuity of the service can not be guaranteed, the link of the terminal can be triggered to be released, and the follow-up handover is prevented from failing.
Further, the preset number of times may be greater than or equal to 8 times, such as a positive integer multiple of 8. The difference between the NCC value turned over on the air interface and the NCC value stored locally at the network side is usually greater than or equal to 8, for example, the difference is also a positive integer multiple of 8. Thus, the preset times are more than or equal to 8 times, the possibility of obtaining the same NH as the network side can be improved, and the possibility of successful switching is improved.
It should be noted that if the preset number of times of deductions is considered to be one-round deductions, the terminal may perform multiple rounds of deductions on the basis, or the preset number of rounds of deductions, for example, perform 2 rounds, 3 rounds or 4 rounds of deductions, and use NH obtained by each round of deductions to perform integrity check. If the integrity check is passed by using the NH obtained by a certain round of deduction, the terminal may attempt to switch to the target access network device. If the NH obtained by using a certain round of deduction does not pass the integrity check, continuing to use the NH obtained by using the next round of deduction to carry out the integrity check until the number of deductions reaches the preset number of rounds.
Optionally, in combination with scenario 1, in a second possible implementation, after S802, the communication method may further include: and sending an RRC connection establishment request message to the second access network equipment.
The second access network device and the first access network device may be the same device or different devices, which is not specifically limited. The RRC connection setup request message may be used to request the terminal to establish a connection with the second access network device. For example, in the case of a service, the NAS layer of the terminal may send an RRC connection setup request message to the second access network device through a service (service) procedure, so that the terminal accesses the second access network device and establishes an RRC connection. Alternatively, in the absence of traffic, the NAS layer of the terminal may send an RRC connection setup request message to the second access network device through a tracking area update (tracking area updating, TAU) procedure, so that the terminal accesses the second access network device and establishes an RRC connection. At this time, after the connection between the terminal and the second access network device is established successfully, the network side executes an initial security activation procedure to activate security, thereby triggering the terminal and the network side to both be based on the key K ASME The key KeNB is regenerated. The key KeNB is used as an initial NH, e.g. NH0. To associate with this initial NH, the NCC also needs to be reset to the initial NCC, e.g., NCC0. Thus, the initial NH is associated with the initial NCC as a pair { NH, NCC } for subsequent horizontal or vertical deductions. Therefore, the terminal and the NCC at the network side realize synchronization, and the follow-up handover is prevented from still failing.
In summary, according to the related description of scenario 1, if the integrity check of the information to be checked for integrity fails according to the first NCC and the preset second NCC, it indicates that the terminal is not synchronized with the NCC on the network side. Therefore, by releasing the link of the terminal on the corresponding access network equipment, the terminal can be triggered to subsequently re-access the network so as to reset the NCC, realize synchronization and avoid subsequent switching failure.
Scene 2:
fig. 9 is a schematic flow chart of a communication method according to an embodiment of the present application. The communication method is mainly suitable for communication between the terminal and the first access network equipment. In scenario 2, if the terminal fails to perform integrity check on the information from the access network device, the NH is self-deduced to attempt synchronization with the network side, so as to avoid that the subsequent handover still fails.
Specifically, as shown in fig. 9, the flow of the communication method is as follows:
s901, a handover command message from a first access network device is received.
S902, in the step of performing integrity check on the information to be integrity checked according to the first NH.
The specific implementation principle of S901-S902 is similar to that of S801-S802, and will be understood with reference to the above, and will not be repeated.
S903, in the case of failure of integrity check, determining a second NH according to the first NH, and executing integrity check on the information to be subjected to integrity check according to the second NH.
The first NH is determined from the first NCC and a preset second NCC. For example, the terminal may perform vertical deduction for corresponding times according to the difference between the first NCC and the second NCC to obtain the first NH, and the specific implementation principle may refer to the description related to "2 and key deduction" above, which is not repeated. Based on this, the terminal may derive a preset number of times according to the first NH, for example, perform vertical derivation for the preset number of times, to obtain the second NH. The preset number of times may be greater than or equal to 8 times, such as a positive integer multiple of 8.
In addition, the specific implementation principle of S903 is similar to the first possible implementation scheme, and reference is made to understanding, and thus a description is omitted.
And S904, sending a first message to the third access network equipment under the condition that the integrity check is successful.
The first message may be for the terminal to request a handover to the third access network device. For example, the first message may be an RRC connection reconfiguration complete (RRC connection reconfiguration completet) message, or any other possible message, which is not particularly limited.
It should be noted that the deduction of the second NH in case of failure in performing the integrity check is only one example and is not limiting. For example, the terminal may derive the second NH by default to use the first NH and the second NH, respectively, for integrity checking.
In summary, according to the description related to scenario 2, if the integrity check of the information to be checked for integrity fails according to the first NH, it indicates that the terminal is not synchronized with the NCC on the network side, that is, the first NH on the terminal side is not synchronized with the NH on the network side. In this way, the terminal can deduce the NH to try to obtain the same NH as the network side, such as the second NH, so as to complete verification, ensure the success of subsequent switching and ensure the continuity of the service.
Scene 3:
fig. 10 is a schematic flow chart of a communication method according to an embodiment of the present application. The communication method is mainly suitable for communication between the terminal and the first access network equipment. In scenario 3, if the terminal fails to perform integrity check on the information from the access network device, reporting of the measurement report is suppressed, so as to avoid that the subsequent handover still fails.
Specifically, as shown in fig. 10, the flow of the communication method is as follows:
s1001, a handover command message from the access network device is received.
S1002, according to the first NCC and the preset second NCC, carrying out integrity check on information needing to be subjected to the integrity check.
The specific implementation principles of S1001-S1002 are similar to those of S801-S802, and will be understood with reference to the foregoing, and will not be repeated.
S1003, under the condition that the integrity check fails, the terminal is prevented from sending a measurement report.
The specific implementation principle of the integrity check failure may refer to the description related to S803, and will not be described herein.
The measurement report may be used to trigger the access network device to handover the terminal. For example, the measurement report may be a B1 measurement report or a B2 measurement report. The terminal prevents the terminal from sending the measurement report, and can avoid the access network equipment from switching the terminal, thereby avoiding the follow-up switching from continuing to fail.
Optionally, in combination with scenario 3, in a third possible implementation, before S1002, the communication method may further include: and deducing preset times to obtain second NH according to the first NH, and executing integrity check on the information needing to be subjected to the integrity check according to the second NH.
The specific implementation principle of the third possible implementation manner is similar to that of the first possible implementation manner, and reference is made to understanding, and details are not repeated.
In summary, according to the related description of scenario 3, if the integrity check of the information to be checked for integrity fails according to the first NCC and the preset second NCC, it indicates that the terminal is not synchronized with the NCC on the network side. In this case, if the handover is continued to be initiated, the handover must fail. Therefore, the follow-up access network equipment can be prevented from continuously initiating the switching by inhibiting the terminal from sending the measurement report, so that the follow-up switching still fails and the service is kept as available as possible.
The communication method provided by the embodiment of the application is described in detail above with reference to fig. 8 to 10. A communication apparatus for performing the communication method provided by the embodiment of the present application is described in detail below with reference to fig. 11 to 12.
Fig. 11 is a schematic structural diagram of a communication device according to an embodiment of the present application. As shown in fig. 11, the communication apparatus 1100 includes: a transceiver module 1101 and a processing module 1102. For convenience of explanation, fig. 11 shows only major components of the communication apparatus.
In one embodiment, the communication apparatus 1100 may be adapted to the communication system shown in fig. 7, to perform the functions of a terminal in the communication method shown in fig. 8.
The transceiver module 1101 is configured to receive a handover command message from a first access network device, where the handover command message carries information that needs to be checked for integrity and a first NCC. A processing module 1102, configured to perform an integrity check on the information according to the first NCC and the preset second NCC, and further configured to release the link of the communication apparatus 1100 on the first access network device if the integrity check fails.
In a possible design, the processing module 1102 is further configured to determine a first NH according to the first NCC and the second NCC; and according to the first NH, performing integrity check on the information needing to be subjected to the integrity check.
Optionally, the processing module 1102 is further configured to derive a second NH from the first NH by a preset number of times, and perform integrity check on the information to be integrity checked according to the second NH.
Further, the preset times are greater than or equal to 8 times.
In a possible design, the transceiver module 1101 is further configured to send an RRC connection setup request message to the second access network device after the processing module 1102 releases the link of the communication apparatus 1100 on the first access network device. The RRC connection setup request message is used to request the communication apparatus 1100 to establish a connection with the second access network device.
In one possible design, the handover command message comprises an evolved mobile communication system terrestrial radio access network mobility command message.
In one possible design, the information that needs to be checked for integrity is a NAS container.
Alternatively, the transceiver module 1101 may include a transmitting module (not shown in fig. 11) and a receiving module (not shown in fig. 11). The transmitting module is configured to implement a transmitting function of the communication device 1100, and the receiving module is configured to implement a receiving function of the communication device 1100.
Optionally, the communication device 1100 may further include a storage module (not shown in fig. 11) storing a program or instructions. The processing module 1102, when executing the program or instructions, enables the communication device 1100 to perform the functions of a terminal in the communication method shown in fig. 8.
The communication device 1100 may be a terminal, a chip (system) or other components or assemblies that may be provided in the terminal, or a device including the terminal, which is not limited by the present application.
In addition, the technical effects of the communication apparatus 1100 may refer to the technical effects of the communication method shown in fig. 8, and will not be described herein.
In another embodiment, the communication apparatus 1100 may be adapted to the communication system shown in fig. 7, and perform the functions of the terminal in the communication method shown in fig. 9.
Wherein the transceiver module 1101 is configured to receive a handover command message from the first access network device. The handover command message is used to indicate that the communication apparatus 1100 needs to be handed over to the third access network device, where the handover command message carries information that needs to be checked for integrity and the first NCC. A processing module 1102 is configured to perform an integrity check on the information according to the first NH. Wherein the first NH is determined according to the first NCC and a preset second NCC. The processing module 1102 is further configured to determine, in case the integrity check fails, a second NH according to the first NH, and perform the integrity check on the information according to the second NH. And a processing module 1102, further configured to control the transceiver module 1101 to send the first message to the third access network device if the integrity check is successful. Wherein the first message is for the communication apparatus to request a handover to a third access network device.
Optionally, the processing module 1102 is further configured to derive a second NH according to the first NH and the preset number of times.
Further, the preset times are greater than or equal to 8 times.
In one possible design, the handover command message comprises an evolved mobile communication system terrestrial radio access network mobility command message.
In one possible design, the information that needs to be checked for integrity is a NAS container.
Alternatively, the transceiver module 1101 may include a transmitting module (not shown in fig. 11) and a receiving module (not shown in fig. 11). The transmitting module is configured to implement a transmitting function of the communication device 1100, and the receiving module is configured to implement a receiving function of the communication device 1100.
Optionally, the communication device 1100 may further include a storage module (not shown in fig. 11) storing a program or instructions. The processing module 1102, when executing the program or instructions, enables the communication device 1100 to perform the functions of a terminal in the communication method shown in fig. 9.
The communication device 1100 may be a terminal, a chip (system) or other components or assemblies that may be provided in the terminal, or a device including the terminal, which is not limited by the present application.
In addition, the technical effects of the communication apparatus 1100 may refer to the technical effects of the communication method shown in fig. 9, and will not be described herein.
In yet another embodiment, the communication apparatus 1100 may be adapted to the communication system shown in fig. 7 to perform the functions of a terminal in the communication method shown in fig. 10.
The transceiver module 1101 is configured to receive a handover command message from an access network device, where the handover command message carries information that needs to be checked for integrity, and a first NCC. A processing module 1102, configured to inhibit, in a case where the integrity check fails to be performed on the information to be integrity checked according to the first NCC and the preset second NCC, the communication device 1100 from sending a measurement report. The measurement report is used to trigger the access network device to switch the communication apparatus 1100.
In a possible design, the transceiver module 1101 is configured to receive a handover command message from an access network device. Wherein the handover command message carries information that needs to be checked for integrity and the first NCC. A processing module 1102, configured to perform integrity check on the information to be integrity checked according to the first NCC and the preset second NCC, and prevent the communication device 1100 from sending a measurement report if the integrity check fails. Wherein the measurement report is used to trigger the access network device to switch the communication apparatus 1100.
In a possible design, the processing module 1102 is further configured to determine a first NH according to the first NCC and the second NCC, and perform an integrity check on the information to be integrity checked according to the first NH.
Optionally, the processing module 1102 is further configured to derive a second NH from the first NH according to a preset number of times, and perform integrity check on information to be integrity checked according to the second NH, before preventing the communication device 1100 from sending the measurement report.
Further, the preset times are greater than or equal to 8 times.
In one possible design, the handover command message comprises an evolved mobile communication system terrestrial radio access network mobility command message.
In one possible design, the information that needs to be checked for integrity is a NAS container.
Alternatively, the transceiver module 1101 may include a transmitting module (not shown in fig. 11) and a receiving module (not shown in fig. 11). The transmitting module is configured to implement a transmitting function of the communication device 1100, and the receiving module is configured to implement a receiving function of the communication device 1100.
Optionally, the communication device 1100 may further include a storage module (not shown in fig. 11) storing a program or instructions. The processing module 1102, when executing the program or instructions, enables the communication device 1100 to perform the functions of a terminal in the communication method shown in fig. 10.
The communication device 1100 may be a terminal, a chip (system) or other components or assemblies that may be provided in the terminal, or a device including the terminal, which is not limited by the present application.
In addition, the technical effects of the communication apparatus 1100 may refer to the technical effects of the communication method shown in fig. 10, and will not be described herein.
Fig. 12 is a schematic diagram of a second structure of a communication device according to an embodiment of the present application. The communication device may be a terminal, or may be a chip (system) or other part or component that may be provided in the terminal. As shown in fig. 12, the communication apparatus 1200 may include a processor 1201. Optionally, the communication device 1200 may further comprise a memory 1202 and/or a transceiver 1203. Wherein the processor 1201 is coupled to the memory 1202 and the transceiver 1203, e.g. may be connected by a communication bus.
The following describes each constituent element of the communication apparatus 1200 in detail with reference to fig. 12:
the processor 1201 is a control center of the communication apparatus 1200, and may be one processor or a collective term of a plurality of processing elements. For example, processor 1201 is one or more central processing units (central processing unit, CPU), but may also be an integrated circuit specific (application specific integrated circuit, ASIC), or one or more integrated circuits configured to implement embodiments of the present application, such as: one or more microprocessors (digital signal processor, DSPs), or one or more field programmable gate arrays (field programmable gate array, FPGAs).
Alternatively, the processor 1201 may perform various functions of the communication apparatus 1200, such as performing the communication methods shown in fig. 8-10 described above, by running or executing a software program stored in the memory 1202 and invoking data stored in the memory 1202.
In a particular implementation, the processor 1201 may include one or more CPUs, such as CPU0 and CPU1 shown in fig. 12, as one embodiment.
In a specific implementation, as an embodiment, the communication apparatus 1200 may also include a plurality of processors, such as the processor 1201 and the processor 1204 shown in fig. 12. Each of these processors may be a single-core processor (single-CPU) or a multi-core processor (multi-CPU). A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).
The memory 1202 is configured to store a software program for executing the solution of the present application, and is controlled to execute by the processor 1201, and the specific implementation may refer to the above method embodiment, which is not described herein again.
Alternatively, memory 1202 may be, but is not limited to, read-only memory (ROM) or other type of static storage device that can store static information and instructions, random access memory (random access memory, RAM) or other type of dynamic storage device that can store information and instructions, but may also be electrically erasable programmable read-only memory (electrically erasable programmable read-only memory, EEPROM), compact disc read-only memory (compact disc read-only memory) or other optical disk storage, optical disk storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. The memory 1202 may be integrated with the processor 1201 or may exist separately and be coupled to the processor 1201 through an interface circuit (not shown in fig. 12) of the communication apparatus 1200, which is not specifically limited by the embodiments of the present application.
A transceiver 1203 for communicating with other communication devices. For example, the communication apparatus 1200 is a terminal, and the transceiver 1203 may be configured to communicate with a network device or another terminal device. As another example, the communication apparatus 1200 is a network device, and the transceiver 1203 may be configured to communicate with a terminal or another network device.
Alternatively, the transceiver 1203 may include a receiver and a transmitter (not separately shown in fig. 12). The receiver is used for realizing the receiving function, and the transmitter is used for realizing the transmitting function.
Alternatively, transceiver 1203 may be integrated with processor 1201 or may exist separately and be coupled to processor 1201 through interface circuitry (not shown in fig. 12) of communication device 1200, as embodiments of the application are not specifically limited.
It should be noted that the structure of the communication device 1200 shown in fig. 12 is not limited to the communication device, and an actual communication device may include more or less components than those shown, or may combine some components, or may be different in arrangement of components.
In addition, the technical effects of the communication apparatus 1200 may refer to the technical effects of the communication method described in the above method embodiments, and will not be described herein.
The embodiment of the application provides a communication system. The communication system includes: one or more of the terminals shown in fig. 8-10.
It should be appreciated that the processor in embodiments of the application may be a central processing unit (central processing unit, CPU), which may also be other general purpose processors, digital signal processors (digital signal processor, DSP), application specific integrated circuits (application specific integrated circuit, ASIC), off-the-shelf programmable gate arrays (field programmable gate array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
It should also be appreciated that the memory in embodiments of the present application may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The nonvolatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an electrically Erasable EPROM (EEPROM), or a flash memory. The volatile memory may be random access memory (random access memory, RAM) which acts as an external cache. By way of example but not limitation, many forms of random access memory (random access memory, RAM) are available, such as Static RAM (SRAM), dynamic Random Access Memory (DRAM), synchronous Dynamic Random Access Memory (SDRAM), double data rate synchronous dynamic random access memory (DDR SDRAM), enhanced Synchronous Dynamic Random Access Memory (ESDRAM), synchronous Link DRAM (SLDRAM), and direct memory bus RAM (DR RAM).
The above embodiments may be implemented in whole or in part by software, hardware (e.g., circuitry), firmware, or any other combination. When implemented in software, the above-described embodiments may be implemented in whole or in part in the form of a computer program product. The computer program product comprises one or more computer instructions or computer programs. When the computer instructions or computer program are loaded or executed on a computer, the processes or functions described in accordance with embodiments of the present application are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center by wired (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains one or more sets of available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium. The semiconductor medium may be a solid state disk.
It should be understood that the term "and/or" is merely an association relationship describing the associated object, and means that three relationships may exist, for example, a and/or B may mean: there are three cases, a alone, a and B together, and B alone, wherein a, B may be singular or plural. In addition, the character "/" herein generally indicates that the associated object is an "or" relationship, but may also indicate an "and/or" relationship, and may be understood by referring to the context.
In the present application, "at least one" means one or more, and "a plurality" means two or more. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b, or c may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or plural.
It should be understood that, in various embodiments of the present application, the sequence numbers of the foregoing processes do not mean the order of execution, and the order of execution of the processes should be determined by the functions and internal logic thereof, and should not constitute any limitation on the implementation process of the embodiments of the present application.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.
In the several embodiments provided by the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (30)
1. A method of communication, the method comprising:
receiving a switching command message from first access network equipment, wherein the switching command message carries information needing to be checked for integrity, and calculating NCC by a first next hop chain;
according to the first NCC and a preset second NCC, carrying out integrity check on the information;
and releasing the link of the terminal on the first access network equipment under the condition that the integrity check fails.
2. The method of claim 1, wherein the performing an integrity check on the information according to the first NCC and a preset second NCC comprises:
determining a first next-hop parameter NH according to the first NCC and the second NCC;
and executing integrity check on the information according to the first NH.
3. The method of claim 2, wherein said performing an integrity check on said information based on said first NH comprises:
according to the first NH, deducting preset times to obtain second NH;
and executing integrity check on the information according to the second NH.
4. A method according to claim 3, wherein the preset number of times is greater than or equal to 8.
5. The method according to any of claims 1-4, wherein after the releasing the link of the terminal on the first access network device, the method further comprises:
and sending a Radio Resource Control (RRC) connection establishment request message to a second access network device, wherein the RRC connection establishment request message is used for requesting the terminal to establish connection with the second access network device.
6. The method according to any of claims 1-5, wherein the handover command message comprises an evolved mobile communication system terrestrial radio access network mobility command message.
7. The method according to any of claims 1-6, wherein the information to be integrity checked is a non-access stratum NAS container.
8. A method of communication, the method comprising:
receiving a switching command message from first access network equipment, wherein the switching command message is used for indicating that a terminal needs to be switched to third access network equipment, and the switching command message carries information needing to be checked by integrity and a first NCC;
performing integrity verification on the information according to a first NH, wherein the first NH is determined according to the first NCC and a preset second NCC;
in case of failure of the integrity check, determining a second NH according to the first NH, and executing the integrity check on the information according to the second NH;
and under the condition that the integrity check is successful, sending a first message to the third access network device, wherein the first message is used for the terminal to request switching to the third access network device.
9. The method of claim 8, wherein the determining a second NH from the first NH comprises:
and deducing preset times according to the first NH to obtain the second NH.
10. The method of claim 9, wherein the preset number of times is greater than or equal to 8.
11. A method of communication, the method comprising:
receiving a switching command message from access network equipment, wherein the switching command message carries information needing to be checked for integrity and a first NCC;
according to the first NCC and a preset second NCC, carrying out integrity check on the information;
and under the condition that the integrity check fails, preventing the terminal from sending a measurement report, wherein the measurement report is used for triggering the access network equipment to switch the terminal.
12. The method of claim 11, wherein the performing integrity checking of the information based on the first NCC and a preset second NCC comprises:
determining a first NH from the first NCC and the second NCC;
and executing integrity check on the information according to the first NH.
13. The method of claim 12, wherein prior to the preventing the terminal from sending the measurement report, the method further comprises:
according to the first NH, deducting preset times to obtain second NH;
and executing integrity check on the information according to the second NH.
14. The method of claim 13, wherein the preset number of times is greater than or equal to 8.
15. A communication device, the device comprising:
a receiving module, configured to receive a handover command message from a first access network device, where the handover command message carries information that needs to be checked for integrity, and a first NCC;
and the processing module is used for executing the integrity check on the information according to the first NCC and the preset second NCC, and releasing the link of the communication device on the first access network equipment under the condition that the integrity check fails.
16. The apparatus of claim 15, wherein the processing module is further configured to determine a first NH based on the first NCC and the second NCC, and perform an integrity check on the information based on the first NH.
17. The apparatus of claim 16, wherein the processing module is further configured to derive a second NH from the first NH by a preset number of times, and perform an integrity check on the information based on the second NH.
18. The apparatus of claim 17, wherein the preset number of times is greater than or equal to 8.
19. The apparatus according to any of claims 15-18, wherein the transceiver module is further configured to send an RRC connection setup request message to a second access network device after the processing module releases the link of the communication apparatus on the first access network device, wherein the RRC connection setup request message is configured to request the communication apparatus to establish a connection with the second access network device.
20. The apparatus according to any of claims 15-19, wherein the handover command message comprises an evolved mobile communication system terrestrial radio access network mobility command message.
21. The apparatus according to any of claims 15-20, wherein the information to be integrity checked is a NAS container.
22. A communication device, the device comprising:
a transceiver module, configured to receive a handover command message from a first access network device, where the handover command message is used to indicate that the communication apparatus needs to be handed over to a third access network device, and the handover command message carries information that needs to be checked for integrity, and a first NCC;
the processing module is used for executing integrity check on the information according to first NH, wherein the first NH is determined according to the first NCC and a preset second NCC;
the processing module is further used for determining second NH according to the first NH and executing integrity check on the information according to the second NH under the condition that the integrity check fails;
and the processing module is further configured to control the transceiver module to send a first message to the third access network device when the integrity check is successful, where the first message is used by the communication device to request switching to the third access network device.
23. The apparatus of claim 22, wherein the processing module is further configured to derive the second NH based on the first NH and a preset number of deductions.
24. The apparatus of claim 23, wherein the preset number of times is greater than or equal to 8.
25. A communication device, the device comprising: a module for performing the method of any one of claims 11-14.
26. A communication device, the communication device comprising: a processor; wherein,,
the processor configured to perform the communication method of any of claims 1-14.
27. A communication device, the communication device comprising: a processor and a memory; the memory is configured to store computer instructions that, when executed by the processor, cause the communication device to perform the communication method of any of claims 1-14.
28. A communication system, the communication system comprising: at least one communication device according to any of claims 15-25.
29. A computer-readable storage medium, characterized in that the computer-readable storage medium comprises a computer program or instructions which, when run on a computer, cause the computer to perform the communication method according to any one of claims 1-14.
30. A computer program product, the computer program product comprising: computer program or instructions which, when run on a computer, cause the computer to perform the communication method according to any of claims 1-14.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210340065.5A CN116939736A (en) | 2022-04-01 | 2022-04-01 | Communication method and device |
| PCT/CN2023/083077 WO2023185582A1 (en) | 2022-04-01 | 2023-03-22 | Communication method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210340065.5A CN116939736A (en) | 2022-04-01 | 2022-04-01 | Communication method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116939736A true CN116939736A (en) | 2023-10-24 |
Family
ID=88199180
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210340065.5A Pending CN116939736A (en) | 2022-04-01 | 2022-04-01 | Communication method and device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN116939736A (en) |
| WO (1) | WO2023185582A1 (en) |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013166637A1 (en) * | 2012-05-07 | 2013-11-14 | Telefonaktiebolaget L M Ericsson (Publ) | Base station and method in relay node mobility |
| CN111417117B (en) * | 2019-04-29 | 2021-03-02 | 华为技术有限公司 | Switching processing method and device |
-
2022
- 2022-04-01 CN CN202210340065.5A patent/CN116939736A/en active Pending
-
2023
- 2023-03-22 WO PCT/CN2023/083077 patent/WO2023185582A1/en unknown
Also Published As
| Publication number | Publication date |
|---|---|
| WO2023185582A1 (en) | 2023-10-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11653199B2 (en) | Multi-RAT access stratum security | |
| US10958631B2 (en) | Method and system for providing security from a radio access network | |
| US11064356B2 (en) | Security framework for MSG3 and MSG4 in early data transmission | |
| US10849181B2 (en) | NR RRC connection setup optimisation | |
| CN109803259B (en) | Method and device for requesting to recover connection | |
| EP2583497B1 (en) | Methods and apparatuses facilitating synchronization of security configurations | |
| US8526617B2 (en) | Method of handling security configuration in wireless communications system and related communication device | |
| KR101833654B1 (en) | Method and system for providing security from a radio access network | |
| CN109803456B (en) | Method and device for requesting to recover connection | |
| WO2023186028A1 (en) | Communication method and apparatus | |
| CN108307539B (en) | Link reconstruction method, first base station, second base station, user equipment and device | |
| CN116939736A (en) | Communication method and device | |
| US20150312892A1 (en) | Methods for device-to-device connection re-establishment and related user equipments and radio access node | |
| KR20200084002A (en) | Information transmission method, network device and terminal device | |
| WO2023185960A1 (en) | Communication method and apparatus | |
| CN113329521A (en) | Communication method, communication device and communication system | |
| CN112400335A (en) | Method and computing device for performing data integrity protection | |
| WO2014169568A1 (en) | Security context handling method and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication |