US20210243687A1 - Processing Method for Security Algorithm and Terminal - Google Patents

Processing Method for Security Algorithm and Terminal Download PDF

Info

Publication number
US20210243687A1
US20210243687A1 US17/235,668 US202117235668A US2021243687A1 US 20210243687 A1 US20210243687 A1 US 20210243687A1 US 202117235668 A US202117235668 A US 202117235668A US 2021243687 A1 US2021243687 A1 US 2021243687A1
Authority
US
United States
Prior art keywords
terminal
rrc connection
target cell
security algorithm
establishment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US17/235,668
Inventor
Shukun Wang
Ning Yang
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Assigned to GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP., LTD. reassignment GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP., LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: WANG, SHUKUN, YANG, NING
Publication of US20210243687A1 publication Critical patent/US20210243687A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/106Packet or message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/037Protecting confidentiality, e.g. by encryption of the control plane, e.g. signalling traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
    • H04W36/0038Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/16Discovering, processing access restriction or access information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/20Selecting an access point
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/19Connection re-establishment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/20Manipulation of established connections
    • H04W76/27Transitions between radio resource control [RRC] states
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0055Transmission or use of information for re-establishing the radio link
    • H04W36/0079Transmission or use of information for re-establishing the radio link in case of hand-off failure or rejection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/24Reselection being triggered by specific parameters
    • H04W36/30Reselection being triggered by specific parameters by measured or perceived connection quality data
    • H04W36/305Handover due to radio link failure
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W56/00Synchronisation arrangements

Definitions

  • Implementations of the present disclosure relate to the technical field of mobile communications, and in particular, to a processing method for a security algorithm and a terminal.
  • a terminal transmits an RRC connection re-establishment request message to a target cell, and a network side transmits an RRC connection re-establishment message to the terminal.
  • the RRC connection re-establishment message has been subjected to integrity protection.
  • An algorithm for the integrity protection is an integrity-protection algorithm of an original cell before the terminal performs RRC connection re-establishment. If the target cell does not support the integrity-protection algorithm of the original cell, a target base station transmits an RRC connection establishment message to the terminal to fall back, which results in RRC connection re-establishment failure.
  • Implementations of the present disclosure provide a processing method for a security algorithm and a terminal.
  • a processing method for a security algorithm includes the following.
  • a terminal performs cell search and selects a cell supporting a security algorithm as a target cell from found cells, where the security algorithm is used by the terminal before RRC connection re-establishment or RRC connection recovery.
  • the terminal performs an RRC connection re-establishment procedure or an RRC connection recovery procedure between the terminal and the target cell.
  • a processing method for a security algorithm includes the following.
  • a terminal performs cell search and selects a target cell.
  • the terminal transmits an RRC connection re-establishment request message to the target cell.
  • the terminal receives an RRC connection re-establishment message from the target cell, and determines whether the RRC connection re-establishment message carries configuration information of a security algorithm supported by the target cell.
  • the terminal transmits an RRC connection re-establishment completion message to the target cell via the security algorithm supported by the target cell, in response to the RRC connection re-establishment message carrying the configuration information of the security algorithm supported by the target cell.
  • a terminal provided in an implementation of the present disclosure includes a processor and a memory.
  • the memory stores at least one computer program which, when executed by the processor, causes the processor to execute the abovementioned processing method for a security algorithm.
  • FIG. 1 is a schematic diagram illustrating a communication system architecture according to an implementation of the present disclosure.
  • FIG. 2 is a schematic flow chart illustrating a processing method for a security algorithm according to an implementation of the present disclosure.
  • FIG. 3 is a schematic flow chart illustrating a processing method for a security algorithm according to an implementation of the present disclosure.
  • FIG. 4 is a schematic structural diagram illustrating a processing apparatus for a security algorithm according to an implementation of the present disclosure.
  • FIG. 5 is a schematic structural diagram illustrating a processing apparatus for a security algorithm according to an implementation of the present disclosure.
  • FIG. 6 is a schematic structural diagram illustrating a communication device according to an implementation of the present disclosure.
  • FIG. 7 is a schematic structural diagram illustrating a chip according to an implementation of the present disclosure.
  • FIG. 8 is a schematic block diagram illustrating a communication system according to an implementation of the present disclosure.
  • GSM global system of mobile communication
  • CDMA code division multiple access
  • WCDMA wideband code division multiple access
  • GPRS general packet radio service
  • LTE long term evolution
  • FDD frequency division duplex
  • TDD time division duplex
  • UMTS universal mobile telecommunication system
  • WiMAX worldwide interoperability for microwave access
  • the communication system 100 may include a network device 110 .
  • the network device 110 can communicate with a terminal 120 (or called a communication terminal or a terminal).
  • the network device 110 can provide communication coverage for a specific geographic area and communicate with terminals in the coverage area.
  • the network device 110 may be a base transceiver station (BTS) in the GSM or CDMA system, a base station (NodeB, NB) in the WCDMA system, an evolutional base station (evolutional node B, eNB or eNodeB) in the LTE system, or a wireless controller in a cloud radio access network (CRAN).
  • BTS base transceiver station
  • NodeB, NB base station
  • evolutional node B evolutional node B
  • eNB evolutional node B
  • eNodeB evolutional node B
  • the network device 110 may be a mobile switch center, a relay station, an access point, a vehicle-mounted device, a wearable device, a hub, a switch, a network bridge, a router, a network device in the 5G network, a network device in a future evolution public land mobile network (PLMN), or the like
  • PLMN public land mobile network
  • the communication system 100 further includes at least one terminal 120 in the coverage area of the network device 110 .
  • the “terminal” used herein may include but is not limited to a device coupled via a wired line, and/or other data connection/network, and/or a wireless interface, and/or a device communicating with another terminal device to receive/transmit communication signals, and/or an Internet of Things (IoT) device.
  • Examples of the wired line may include, but are not limited to, a public switched telephone network (PSTN), a digital subscriber line (DSL), a digital cable, and a direct connection cable.
  • Examples of the wireless interface may include, but are not limited to, a wireless interface for a cellular network, a WLAN, a digital television network (such as a digital video broadcasting-handheld (DVB-H) network), a satellite network, and an amplitude modulation-frequency modulation (AM-FM) broadcast transmitter.
  • a terminal configured to communicate via the wireless interface may be called a “wireless communication terminal”, a “wireless terminal”, or a “mobile terminal”.
  • Examples of a mobile terminal may include, but are not limited to, a satellite or cellular telephone, a personal communication system (PCS) terminal integrated with functions of cellular radio telephone, data processing, fax, and data communication, a personal digital assistant (PDA) equipped with radio telephone, pager, Internet/Intranet access, web browsing, a notebook, a calendar, and/or a global positioning system (GPS) receiver, and a conventional laptop and/or a handheld receiver or other electronic devices equipped with a radio telephone transceiver.
  • PCS personal communication system
  • PDA personal digital assistant
  • GPS global positioning system
  • the terminal may refer to an access terminal, user equipment (UE), a user unit, a user station, a mobile station, a remote station, a remote terminal, a mobile device, a user terminal, a terminal, a wireless communication device, a user agent, or a user device.
  • the access terminal may be a cellular phone, a cordless phone, a session initiation protocol (SIP) phone, a wireless local loop (WLL) station, a PDA, a handheld device with a wireless communication function, a computing device or other processing devices coupled with wireless modems, a vehicle-mounted device, a wearable device, a terminal device in the 5G network or the future evolution PLMN, or the like.
  • the terminals 120 may communication with each other through device to device (D2D) communication.
  • D2D device to device
  • the 5G system or 5G network may also be referred to as a new radio (NR) system or an NR network.
  • NR new radio
  • FIG. 1 illustrates a network device and two terminals.
  • the communication system 100 may include multiple network devices, and in a coverage area of each network device, there can be other numbers of terminals, which is not limited herein.
  • the communication system 100 may further include a network controller, a mobility management entity (MME), or other network entities, which is not limited herein.
  • MME mobility management entity
  • a device with a communication function can be called a communication device.
  • the communication system 100 illustrated in FIG. 1 is taken as an example.
  • the communication devices may include the network device 110 and the terminal 120 that have a communication function.
  • the network device 110 and the terminal 120 may be the devices described above, which is not repeated herein.
  • the communication devices may further include other devices in the communication system 100 , such as the network controller, the MME, or other network entities, which is not limited herein.
  • system and “network” in the specification are often used interchangeably in the specification.
  • the term “and/or” in the specification is only a description of an association relationship of associated objects, which means that there may be three relationships, for example, A and/or B, which may mean that: A exists alone, A and B both exist, and B exists alone.
  • the character “/” in the specification generally means that an object before “/” and an object after “/” are in an “or” relationship.
  • 3GPP 3rd generation partnership project
  • eMBB enhanced mobile broadband
  • URLLC ultra reliability and low latency communication
  • mMTC massive machine type communication
  • the technical solutions of the implementations of the present disclosure are mainly applied to a 5G mobile communication system.
  • the technical solutions of the implementations of the present disclosure are not limited to the 5G mobile communication system, and can also be applied to other types of mobile communication systems.
  • the following describes the main application scenarios in the 5G mobile communication system.
  • eMBB aims at that users can obtain multimedia content, services and data, and service requirements of eMBB are growing rapidly. Since eMBB may be deployed in different scenarios, such as indoors, urban areas, rural areas, etc., service capabilities and requirements of eMBB in different scenarios are also quite different, so services need to be analyzed in combination with specific deployment scenarios.
  • URLLC scenario typical applications of URLLC include: industrial automation, power automation, telemedicine operations, traffic safety assurance, etc.
  • mMTC scenario typical characteristics of mMTC include: high connection density, small data volume, delay-insensitive services, low-cost and long service life of modules, etc.
  • NR An air interface of the 5G mobile communication technology is called NR.
  • complete NR coverage is difficult to achieve. Therefore, typical network coverage is a combination of LTE coverage and NR coverage.
  • a large amount of LTE deployment is below 6 GHz, and there are a small number of spectrums that are below 6 GHz and can be used for 5G. Therefore, NR needs to study spectrum applications above 6 GHz.
  • high frequency band coverage is limited and signal fading is fast.
  • a tight interworking mode between LTE and NR is proposed.
  • NR cells can also be deployed independently.
  • FIG. 2 is a schematic flow chart illustrating a processing method for a security algorithm according to an implementation of the present disclosure. As illustrated in FIG. 2 , the processing method for the security algorithm includes the following.
  • a terminal performs cell search, and selects, from found cells, a cell supporting a first security algorithm as a target cell, where the first security algorithm is a security algorithm used by the terminal before radio resource control (RRC) connection re-establishment or RRC connection recovery.
  • RRC radio resource control
  • the terminal may be any device capable of communicating with a network, such as a mobile phone, a tablet computer, a vehicle-mounted terminal, a notebook, etc.
  • the terminal in RRC connection status encounters a radio link failure (RLF), an integrity-protection verification failure, an RRC connection reconfiguration release, or a handover failure
  • RLF radio link failure
  • the terminal performs the cell search and initiates an RRC connection re-establishment procedure or RRC connection recovery procedure in an appropriate cell.
  • the terminal obtains a security algorithm list supported by the cell, and the security algorithm list contains at least one security algorithm supported by the cell.
  • a cell can broadcast a security algorithm list of access stratum (AS) supported by the cell, and for each of the at least one cell, the terminal obtains the security algorithm list supported by the cell from a system broadcast message of the cell.
  • AS access stratum
  • the terminal performs the cell search, a cell that supports the first security algorithm is selected as the target cell from the found cells, where the first security algorithm is the security algorithm used by the terminal before the RRC connection re-establishment or the RRC connection recovery.
  • the security algorithm used by the terminal before the RRC connection re-establishment or RRC connection recovery is security algorithm 1 of cell A (original cell).
  • the terminal performs the cell search. Three cells found by the cell are respectively cell 1 , cell 2 , and cell 3 , where cell 1 and cell 2 support security algorithm 1 , and cell 3 does not support security algorithm 1 .
  • a security algorithm list supported by each cell can be obtained from a system broadcast message of each cell.
  • the terminal selects an appropriate cell from cell 1 and cell 2 , for example, cell 1 with the highest signal quality is selected as the target cell.
  • the target cell refers to a target cell for the RRC connection re-establishment or RRC connection recovery.
  • the terminal transmits an RRC connection re-establishment request message to the target cell.
  • the terminal transmits the RRC connection re-establishment request message to the target cell through signaling radio bearer 0 (SRB0).
  • SRB0 signaling radio bearer 0
  • the target cell Upon reception of the RRC connection re-establishment request message, the target cell obtains UE context of the terminal from the original cell, restores SRB1, and updates a secret key.
  • the terminal receives an RRC connection re-establishment message from the target cell, where the RRC connection re-establishment message has been subjected to integrity protection performed with the first security algorithm and the secret key updated by the target cell.
  • the target cell transmits the RRC connection re-establishment message to the terminal.
  • the RRC connection re-establishment message is carried on SRB1 and has been subjected to the integrity protection.
  • the RRC connection re-establishment message carries first next hop chaining count (NCC) information (i.e., key index information), and the first NCC information is used by the terminal to update the secret key. Since the target cell supports the first security algorithm used by the terminal before the RRC connection re-establishment, the integrity protection on the RRC connection re-establishment message can be performed with the first security algorithm.
  • NCC next hop chaining count
  • the terminal transmits an RRC connection re-establishment completion message to the target cell.
  • the terminal upon reception of the RRC connection re-establishment message from the target cell, updates the secret key according to the first NCC information in the RRC connection re-establishment message, and transmits the RRC connection re-establishment completion message to the target cell.
  • the terminal performs integrity protection and encryption on the RRC connection re-establishment completion message with the first security algorithm and the secret key updated by the terminal.
  • the terminal transmits an RRC connection recovery request message to the target cell.
  • the terminal transmits the RRC connection recovery request message to the target cell through SRB0.
  • the target cell Upon reception of the RRC connection recovery request message, the target cell obtains UE context of the terminal from the original cell, restores SRB1, and updates a secret key.
  • the terminal receives an RRC connection recovery message from the target cell, where the RRC connection recovery message has been subjected to integrity protection and encryption performed with the first security algorithm and the secret key updated by the target cell.
  • the target cell transmits the RRC connection recovery message to the terminal.
  • the RRC connection recovery message is carried on SRB1 and has been subjected to the integrity protection and encryption.
  • the RRC connection recovery message carries second NCC information (i.e., key index information), and the second NCC information is used by the terminal to update the secret key. Since the target cell supports the first security algorithm used by the terminal before the RRC connection recovery, the integrity protection and encryption on the RRC connection recovery message can be performed with the first security algorithm and the secret key updated by the target cell.
  • the terminal transmits an RRC connection recovery completion message to the target cell.
  • the terminal upon reception of the RRC connection recovery message from the target cell, updates the secret key according to second NCC information in the RRC connection recovery message, and transmits the RRC connection recovery completion message to the target cell.
  • the terminal performs integrity protection and encryption on the RRC connection recovery completion message with the first security algorithm and the secret key updated by the terminal.
  • the terminal selects the cell that supports the security algorithm used by the terminal before the RRC connection re-establishment or the RRC connection recovery to serve as the target cell for the RRC connection re-establishment or RRC connection recovery, thereby avoiding falling back of RRC connection establishment and ensuring successful RRC connection re-establishment or successful RRC connection recovery, and thus RRC connection can be restored as soon as possible, and service interruption delay can be shortened.
  • FIG. 3 is a schematic flow chart illustrating a processing method for a security algorithm according to an implementation of the present disclosure. As illustrated in FIG. 3 , the processing method for the security algorithm includes the following.
  • a terminal performs cell search and selects a target cell from found cells.
  • the terminal may be any device capable of communicating with a network, such as a mobile phone, a tablet computer, a vehicle-mounted terminal, a notebook, etc.
  • the terminal if the terminal in RRC connection status encounters an RLF, an integrity-protection verification failure, an RRC connection reconfiguration release, or a handover failure, the terminal performs the cell search and initiates an RRC connection re-establishment procedure in an appropriate cell (i.e., the target cell).
  • the terminal transmits an RRC connection re-establishment request message to the target cell.
  • the terminal transmits the RRC connection re-establishment request message to the target cell through SRB0.
  • the target cell Upon reception of the RRC connection re-establishment request message, the target cell obtains UE context of the terminal from the original cell, restores SRB1, obtains configuration information of a first security algorithm used by the terminal before RRC connection re-establishment, and updates a secret key.
  • the terminal receives an RRC connection re-establishment message from the target cell and determines whether the RRC connection re-establishment message carries configuration information of a second security algorithm.
  • the target cell transmits the RRC connection re-establishment message to the terminal.
  • the RRC connection re-establishment message is carried on SRB1 and has been subjected to integrity protection.
  • the RRC connection re-establishment message carries first NCC information (i.e., secret index information), and the first NCC information is used by the terminal to update the secret key.
  • a security algorithm list supported by the target cell contains at least one security algorithm. If the security algorithm list contains the first security algorithm, it indicates that the target cell supports the first security algorithm. If the security algorithm list does not contain the first security algorithm, it indicates that the target cell does not support the first security algorithm. The following will describe the technical solution of the present disclosure in detail with reference to a condition where the target cell supports the first security algorithm and a condition where the target cell does not support the first security algorithm.
  • the target cell If the target cell does not support the first security algorithm, the target cell makes the RRC connection re-establishment message carry the configuration information of the second security algorithm.
  • the first security algorithm is a security algorithm used by the terminal before the RRC connection re-establishment
  • the second security algorithm is a security algorithm supported by the target cell.
  • the target cell if the target cell does not support the security algorithm (i.e., the first security algorithm of the original cell) used by the terminal before the RRC connection re-establishment, the target cell changes to use the second security algorithm (i.e., the second security algorithm of the target cell).
  • the security algorithm i.e., the first security algorithm of the original cell
  • the target cell supports the first security algorithm.
  • the target cell If the target cell supports the first security algorithm, the target cell makes the RRC connection re-establishment message not carry the configuration information of the second security algorithm or carry the configuration information of the second security algorithm.
  • the first security algorithm is the security algorithm used by the terminal before the RRC connection re-establishment
  • the second security algorithm is the security algorithm supported by the target cell.
  • the target cell if the target cell supports the security algorithm (i.e., the first security algorithm of the original cell) used by the terminal before the RRC connection re-establishment, the target cell can choose to not perform security algorithm change or can choose to perform the security algorithm change. If the target cell selects to perform the security algorithm change, the target cell changes to use the second security algorithm supported by the target cell.
  • the security algorithm i.e., the first security algorithm of the original cell
  • the target cell determines to use the second security algorithm, the target cell makes the RRC connection re-establishment message carry the configuration information of the second security algorithm. Furthermore, if the RRC connection re-establishment message carries the configuration information of the second security algorithm, it indicates that the RRC connection re-establishment message has been subjected to the integrity protection performed with the second security algorithm and the secret key updated by the target cell.
  • the terminal transmits an RRC connection re-establishment completion message to the target cell via the second security algorithm.
  • the RRC connection re-establishment message carries the first NCC information
  • the first NCC information is used by the terminal to update the secret key.
  • the terminal Upon reception of the RRC connection re-establishment message from the target cell, the terminal updates the secret key according to the first NCC information in the RRC connection re-establishment message, and transmits the RRC connection re-establishment completion message to the target cell. If the RRC connection re-establishment message carries the configuration information of the second security algorithm, the terminal performs integrity protection and security on the RRC connection re-establishment completion message with the second security algorithm and the secret key updated by the terminal.
  • the terminal transmits the RRC connection re-establishment completion message to the target cell via the first security algorithm, and the first security algorithm is the security algorithm used by the terminal before the RRC connection re-establishment.
  • the RRC connection re-establishment message carries the first NCC information, and the first NCC information is used by the terminal to update the secret key.
  • the terminal Upon reception of the RRC connection re-establishment message from the target cell, the terminal updates the secret key according to the first NCC information in the RRC connection re-establishment message, and transmits the RRC connection re-establishment completion message to the target cell. If the RRC connection re-establishment message does not carry the configuration information of the second security algorithm, the terminal performs the integrity protection and encryption on the RRC connection re-establishment completion message with the first security algorithm and the secret key updated by the terminal.
  • the security algorithm used by the terminal before the RRC connection re-establishment is security algorithm A (that is, security algorithm A of the original cell).
  • the terminal initiates an RRC connection re-establishment procedure in response to an RRC connection re-establishment event.
  • the terminal performs the cell search.
  • the terminal transmits the RRC connection re-establishment request message to the target cell.
  • the target cell obtains from the original cell UE context of the terminal and security algorithm A used by the terminal.
  • the target cell determines whether the target cell supports security algorithm A.
  • the target cell does not support security algorithm A, the target cell changes to use security algorithm B rather than security algorithm A, where security algorithm B is a security algorithm supported by the target cell. If the target cell supports security algorithm A, the target cell can change to use security algorithm B rather than security algorithm A, or choose not to perform security algorithm change (that is, still use security algorithm A). If the target cell changes to use security algorithm B rather than security algorithm A, the target cell makes the RRC connection re-establishment message transmitted to the terminal carry configuration information of security algorithm B, and performs the integrity protection on the RRC connection re-establishment message with security algorithm B and the secret key updated by the target cell.
  • the target cell makes the RRC connection re-establishment message transmitted to the terminal not carry configuration information of a security algorithm, and performs the integrity protection on the RRC connection re-establishment message with the secret key updated by the target cell and security algorithm A.
  • the terminal uses security algorithm B and the secret key updated by the terminal to perform integrity protection verification on the RRC connection re-establishment message. If the verification passes, the terminal uses security algorithm B and the secret key updated by the terminal, and then replies to the target cell with the RRC connection re-establishment completion message.
  • the terminal performs encryption and integrity protection on the RRC connection re-establishment completion message with security algorithm B and the secret key updated by the terminal.
  • the terminal uses security algorithm A and the secret key updated by the terminal to perform the integrity protection verification on the RRC connection re-establishment message, and further uses security algorithm A to reply to the target cell with the RRC connection re-establishment completion message. That is, the encryption and integrity protection on the RRC connection re-establishment completion message are performed with security algorithm A and the secret key updated by the terminal.
  • the network side determines whether to perform security algorithm change for the RRC connection re-establishment according to the security algorithm currently configured by the terminal and a security algorithm support ability of the network side, so as to prevent RRC connection establishment from falling back and ensure successful RRC connection re-establishment, and thus RRC connection can be restored as soon as possible, and service interruption delay can be shortened.
  • FIG. 4 is a schematic structural diagram illustrating a processing apparatus for a security algorithm according to an implementation of the present disclosure. As illustrated in FIG. 4 , the apparatus includes a searching unit 401 and an RRC unit 402 .
  • the searching unit 401 is configured to perform cell search and select a cell supporting a first security algorithm as a target cell from found cells, where the first security algorithm is a security algorithm used by a terminal before RRC connection re-establishment or RRC connection recovery.
  • the RRC unit 402 is configured to perform an RRC connection re-establishment procedure or an RRC connection recovery procedure between the terminal and the target cell.
  • the apparatus further includes an obtaining unit 403 configured to obtain, for each of at least one cell, a security algorithm list supported by the cell from a system broadcast message of the cell, where the security algorithm list contains at least one security algorithm support by the cell.
  • the RRC unit 402 is configured to transmit an RRC connection re-establishment request message to the target cell, and receive an RRC connection re-establishment message from the target cell, where the RRC connection re-establishment message has been subjected to integrity protection performed with the first security algorithm and a secret key updated by the target cell.
  • the RRC unit 402 is further configured to transmit an RRC connection re-establishment completion message to the target cell.
  • the RRC connection re-establishment message carries first NCC information, where the first NCC information is used by the terminal to update a secret key. Integrity protection and encryption on the RRC connection re-establishment completion message are performed with the first security algorithm and a secret key updated by the terminal.
  • the RRC unit 402 is configured to transmit an RRC connection recovery request message to the target cell, and receive an RRC connection recovery message from the target cell, where the RRC connection recovery message has been subjected to integrity protection and encryption performed with the first security algorithm and the secret key updated by the target cell.
  • the RRC unit 402 is further configured to transmit an RRC connection recovery completion message to the target cell.
  • the RRC connection recovery message carries second NCC information, where the second NCC information is used by the terminal to update the secret key. Integrity protection and encryption on the RRC connection recovery completion message is performed with the first security algorithm and the secret key updated by the terminal.
  • FIG. 5 is a schematic structural diagram illustrating a processing apparatus for a security algorithm according to an implementation of the present disclosure. As illustrated in FIG. 5 , the apparatus includes a searching unit 501 and an RRC unit 502 .
  • the searching unit 501 is configured to perform cell search and select a target cell.
  • the RRC unit 502 is configured to transmit an RRC connection re-establishment request message to the target cell, receive an RRC connection re-establishment message from the target cell, determine whether the RRC connection re-establishment message carries configuration information of a second security algorithm, and transmit an RRC connection re-establishment completion message to the target cell via the second security algorithm, in response to the RRC connection re-establishment message carrying the configuration information of the second security algorithm.
  • the target cell in case that the target cell does not support the first security algorithm, the target cell makes the RRC connection re-establishment message carry the configuration information of the second security algorithm.
  • the first security algorithm is a security algorithm used by the terminal before RRC connection re-establishment
  • the second security algorithm is a security algorithm supported by the target cell.
  • the target cell in case that the target cell supports the first security algorithm, the target cell makes the RRC connection re-establishment message not carry the configuration information of the second security algorithm or carry the configuration information of the second security algorithm.
  • the first security algorithm is the security algorithm used by the terminal before the RRC connection re-establishment
  • the second security algorithm is the security algorithm supported by the target cell.
  • the RRC connection re-establishment message in case that the RRC connection re-establishment message carries the configuration information of the second security algorithm, it indicates that the RRC connection re-establishment message has been subjected to integrity protection performed with the second security algorithm and a secret key updated by the target cell.
  • the RRC connection re-establishment message carries first NCC information, where the first NCC information is used by the terminal to update a secret key. Integrity protection and encryption on the RRC connection re-establishment completion message are performed with the second security algorithm and the secret key updated by the terminal, in response to the RRC connection re-establishment message carrying the configuration information of the second security algorithm.
  • the RRC unit 502 is configured to transmit the RRC connection re-establishment completion message to the target cell via the first security algorithm, in response to the RRC connection re-establishment message not carrying the configuration information of the second security algorithm, where the first security algorithm is the security algorithm used by the terminal before the RRC connection re-establishment.
  • the RRC connection re-establishment message carries the first NCC information, where the first NCC information is used by the terminal to update the secret key.
  • the integrity protection and encryption on the RRC connection re-establishment completion message are performed with the first security algorithm and the secret key updated by the terminal, in response to the RRC connection re-establishment message not carrying the configuration information of the second security algorithm.
  • FIG. 6 is a schematic structural view illustrating a communication device 600 according to an implementation of the present disclosure.
  • the communication device 600 may be a terminal.
  • the communication device 600 illustrated in FIG. 6 includes a processor 610 .
  • the processor 610 can invoke and run at least one computer program in a memory to implement the method in the implementation of the present disclosure.
  • the communication device 600 further includes a memory 620 .
  • the processor 610 can invoke and run the computer program in the memory 620 to implement the method in the implementation of the present disclosure.
  • the memory 620 may be a single device independent of the processor 610 , and may also be integrated in the processor 610 .
  • the communication device 600 may further include a transceiver 630 .
  • the processor 610 can control the transceiver 630 to communication with other devices, for example, to transmit information or data to the other devices or receive information or data from the other devices.
  • the transceiver 630 may include a transmitter and a receiver.
  • the transceiver 630 may further include one or more antennas.
  • the communication device 600 may be the network device in the implementations of the present disclosure, and the communication device 600 can implement corresponding procedures realized by the network device in the methods in the implementations of the present disclosure, which will not be repeated herein for simplicity.
  • the communication device 600 may be the mobile terminal/terminal in the implementations of the present disclosure, and the communication device 600 can implement corresponding procedures realized by the mobile terminal/terminal in the implementations of the present disclosure, which will not be repeated herein for simplicity.
  • FIG. 7 is a schematic structural diagram illustrating a chip according to an implementation of the present disclosure.
  • the chip 700 illustrated in FIG. 7 includes a processor 710 .
  • the processor 710 can invoke and run at least one computer program stored in a memory to implement the methods in the implementation of the present disclosure.
  • the chip 700 further includes a memory 720 .
  • the processor 710 can invoke and run at least one computer program stored in the memory 720 to implement the methods in the implementations of the present disclosure.
  • the memory 720 may be a single device independent of the processor 710 , and may also be integrated in the processor 710 .
  • the chip 700 may further include an input interface 730 .
  • the processor 710 can control the input interface 730 to communication with other devices or chips, for example, to receive information or data from the other devices or chips.
  • the chip 700 may further include an output interface 740 .
  • the processor 710 can control the output interface 740 to communication with other devices or chips, for example, to output information or data to the other devices or chips.
  • the chip can be applied to the network device in the implementations of the present disclosure, and the chip can implement corresponding procedures realized by the network device in the methods in the implementations of the present disclosure, which will not be repeated herein for simplicity.
  • the chip can be applied to the mobile terminal/terminal in the implementations of the present disclosure, and the chip can implement corresponding procedures realized by the mobile terminal/terminal in the methods in the implementations of the present disclosure, which will not be repeated herein for simplicity.
  • the chip referred in the implementation of the present disclosure may also be referred to as a system-level chip, a system chip, a chip system, a system-on chip, or the like.
  • FIG. 8 is a schematic block diagram illustrating a communication system 900 according to an implementation of the present disclosure. As illustrated in FIG. 8 , the communication system 900 includes a terminal device 910 and a network device 920 .
  • the terminal device 910 can be used to implement corresponding functions realized by the terminal in the above method, and the network device 920 can be used to implement corresponding functions realized by the network device in the above method, which will not be repeated herein for simplicity.
  • the processor in the implementation of the present disclosure may be an integrated circuit chip with signal processing capability.
  • the steps of the foregoing method implementations can be completed by hardware integrated logic circuits in the processor or instructions in the form of software.
  • the above-mentioned processor may be a general-purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programming logic devices, discrete gates or transistor logic devices, or discrete hardware components.
  • DSP digital signal processor
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • the methods, steps, and logical block diagrams disclosed in the implementations of the present disclosure can be implemented or executed.
  • the general-purpose processor may be a microprocessor or the processor may also be any conventional processor or the like.
  • the steps of the methods disclosed in the implementations of the present disclosure can be directly executed and completed by a hardware decoding processor, or executed and completed by a combination of hardware and software modules in the decoding processor.
  • the software modules can be located in a mature storage medium in the field such as a random access memory, a flash memory, a read-only memory, a programmable read-only memory, an electrically erasable programmable memory, or a register.
  • the storage medium is located in the memory, and the processor reads information in the memory and completes the steps of the above methods in combination with its hardware.
  • the memory may be a volatile memory or a non-volatile memory, and may also include both the volatile memory and non-volatile memory.
  • the non-volatile memory may be a read-only memory (ROM), a programmable read-only memory (PROM), an erasable programmable read-only memory (EPROM), an electrically erasable programmable read-only memory (EEPROM), or a flash memory.
  • the volatile memory may be a random access memory (RAM) and used for external high-speed cache.
  • various random access memories can be used, for example, a static random access memory (SRAM), a dynamic random access memory (DRAM), a synchronous dynamic random access memory (SDRAM), a double data rate synchronous dynamic random access memory (DDR SDRAM), an enhanced synchronous dynamic random access memory (ESDRAM), a synclink dynamic random access memory (SLDRAM), and a direct rambus random access memory (DR RAM).
  • SRAM static random access memory
  • DRAM dynamic random access memory
  • SDRAM synchronous dynamic random access memory
  • DDR SDRAM double data rate synchronous dynamic random access memory
  • ESDRAM enhanced synchronous dynamic random access memory
  • SLDRAM synclink dynamic random access memory
  • DR RAM direct rambus random access memory
  • the above memories are exemplary but not used for limitation.
  • the memory in the implementation of the present disclosure may also be an SRAM, a DRAM, an SDRAM, a DDR SDRAM, an ESDRAM, an SLDRAM, and a DR RAM. That is, the memory described in the implementation of the present disclosure is intended to include but is not limited to these and any other suitable types of memories.
  • Implementations of the present disclosure further provide a computer-readable storage medium configured to store at least one computer program.
  • the computer-readable storage medium can be applied to the network device in the implementations of the present disclosure, and the computer program enables a computer to execute corresponding procedures realized by the network device in the above methods in the implementations of the present disclosure, which will not be repeated herein for simplicity.
  • the computer-readable storage medium can be applied to the mobile terminal/terminal in the implementations of the present disclosure, and the computer program enables the computer to execute corresponding procedures realized by the mobile terminal/terminal in the above methods in the implementations of the present disclosure, which will not be repeated herein for simplicity.
  • Implementations of the present disclosure further provide a computer program product which includes at least one computer program instruction.
  • the computer program product can be applied to the network device in the implementations of the present disclosure, and the computer program instruction enables the computer to execute corresponding procedures realized by the network device in the above methods in the implementations of the present disclosure, which will not be repeated herein for simplicity.
  • the computer program product can be applied to the mobile terminal/terminal in the implementations of the present disclosure, and the computer program instruction enables the computer to execute corresponding procedures realized by the mobile terminal/terminal in the above methods in the implementations of the present disclosure, which will not be repeated herein for simplicity.
  • Implementations of the present disclosure further provide a computer program.
  • the computer program can be applied to the network device in the implementations of the present disclosure, and the computer program, when run in the computer, enables the computer to execute corresponding procedures realized by the network device in the above methods in the implementations of the present disclosure, which will not be repeated herein for simplicity.
  • the computer program can be applied to the mobile terminal/terminal in the implementations of the present disclosure, and the computer program, when run in the computer, enables the computer to execute corresponding procedures realized by the mobile terminal/terminal in the above methods in the implementations of the present disclosure, which will not be repeated herein for simplicity.
  • the systems, apparatuses, and methods disclosed in implementations herein may also be implemented in various other manners.
  • the above apparatus implementations are merely illustrative, e.g., the division of units is only a division of logical functions, and there may exist other manners of division in practice, e.g., multiple units or assemblies may be combined or may be integrated into another system, or some features may be ignored or skipped.
  • the coupling or direct coupling or communication connection as illustrated or discussed may be an indirect coupling or communication connection through some interfaces, devices or units, and may be electrical coupling, mechanical coupling, or the like.
  • Separated units as illustrated may or may not be physically separated.
  • Components or parts displayed as units may or may not be physical units, and may reside at one location or may be distributed to multiple networked units. Some of or all the units may be selectively adopted according to practical needs to achieve objectives of the solutions of the present disclosure.
  • the functional units in the various implementations of the present disclosure may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the integrated units are implemented as software functional units and sold or used as standalone products, they may be stored in a computer readable storage medium.
  • the computer software products can be stored in a storage medium and may include multiple instructions that, when executed, can cause a computing device, e.g., a personal computer, a server, a network device, etc., to execute some of or all operations of the methods described in various implementations of the present disclosure.
  • the above storage medium may include various kinds of media that can store program codes, such as a universal serial bus (USB) flash disk, a mobile hard drive, an ROM, an RAM, an RAM, a magnetic disk, or an optical disk.
  • USB universal serial bus

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Implementations of the present disclosure provide a processing method and apparatus for a security algorithm and a terminal. The method includes the following. A terminal performs cell search and selects a cell supporting a security algorithm as a target cell from found cells, where the security algorithm is used by the terminal before RRC connection re-establishment or RRC connection recovery. The terminal performs an RRC connection re-establishment procedure or an RRC connection recovery procedure between the terminal and the target cell.

Description

    CROSS-REFERENCE TO RELATED APPLICATION(S)
  • This application is a continuation of International Application No. PCT/CN2018/111511, filed on Oct. 23, 2018, the entire disclosure of which is hereby incorporated by reference.
    • TECHNICAL FIELD
  • Implementations of the present disclosure relate to the technical field of mobile communications, and in particular, to a processing method for a security algorithm and a terminal.
    • BACKGROUND
  • In a radio resource control (RRC) connection re-establishment procedure, a terminal transmits an RRC connection re-establishment request message to a target cell, and a network side transmits an RRC connection re-establishment message to the terminal. The RRC connection re-establishment message has been subjected to integrity protection. An algorithm for the integrity protection is an integrity-protection algorithm of an original cell before the terminal performs RRC connection re-establishment. If the target cell does not support the integrity-protection algorithm of the original cell, a target base station transmits an RRC connection establishment message to the terminal to fall back, which results in RRC connection re-establishment failure.
    • SUMMARY
  • Implementations of the present disclosure provide a processing method for a security algorithm and a terminal.
  • A processing method for a security algorithm provided in an implementation of the present disclosure includes the following. A terminal performs cell search and selects a cell supporting a security algorithm as a target cell from found cells, where the security algorithm is used by the terminal before RRC connection re-establishment or RRC connection recovery. The terminal performs an RRC connection re-establishment procedure or an RRC connection recovery procedure between the terminal and the target cell.
  • A processing method for a security algorithm provided in an implementation of the present disclosure includes the following. A terminal performs cell search and selects a target cell. The terminal transmits an RRC connection re-establishment request message to the target cell. The terminal receives an RRC connection re-establishment message from the target cell, and determines whether the RRC connection re-establishment message carries configuration information of a security algorithm supported by the target cell. The terminal transmits an RRC connection re-establishment completion message to the target cell via the security algorithm supported by the target cell, in response to the RRC connection re-establishment message carrying the configuration information of the security algorithm supported by the target cell.
  • A terminal provided in an implementation of the present disclosure includes a processor and a memory. The memory stores at least one computer program which, when executed by the processor, causes the processor to execute the abovementioned processing method for a security algorithm.
    • BRIEF DESCRIPTION OF DRAWINGS
  • The accompanying drawings described herein are used to provide a further understanding of the present disclosure and constitute a part of the present disclosure. The exemplary implementations and descriptions of the present disclosure are used to explain the present disclosure, and do not constitute an improper limitation of the present disclosure. The accompanying drawings are as follows.
  • FIG. 1 is a schematic diagram illustrating a communication system architecture according to an implementation of the present disclosure.
  • FIG. 2 is a schematic flow chart illustrating a processing method for a security algorithm according to an implementation of the present disclosure.
  • FIG. 3 is a schematic flow chart illustrating a processing method for a security algorithm according to an implementation of the present disclosure.
  • FIG. 4 is a schematic structural diagram illustrating a processing apparatus for a security algorithm according to an implementation of the present disclosure.
  • FIG. 5 is a schematic structural diagram illustrating a processing apparatus for a security algorithm according to an implementation of the present disclosure.
  • FIG. 6 is a schematic structural diagram illustrating a communication device according to an implementation of the present disclosure.
  • FIG. 7 is a schematic structural diagram illustrating a chip according to an implementation of the present disclosure.
  • FIG. 8 is a schematic block diagram illustrating a communication system according to an implementation of the present disclosure.
    •  DETAILED DESCRIPTION
  • The technical solutions in implementations of the present disclosure will be described in the following with reference to the accompanying drawings in the implementations of the present disclosure. Apparently, the described implementations are merely a part of rather than all the implementations of the present disclosure. All other implementations obtained by those of ordinary skill in the art based on the implementations of the present disclosure without creative efforts are within the scope of the present disclosure.
  • The technical solutions in the implementations of the present disclosure can be applied to various communication systems, such as a global system of mobile communication (GSM), a code division multiple access (CDMA) system, a wideband code division multiple access (WCDMA) system, general packet radio service (GPRS), a long term evolution (LTE) system, an LTE frequency division duplex (FDD) system, an LTE time division duplex (TDD) system, a universal mobile telecommunication system (UMTS), a worldwide interoperability for microwave access (WiMAX) communication system, a fifth generation (5G) system, or the like.
  • For example, a communication system 100 in an implementation of the present disclosure is illustrated in FIG. 1. The communication system 100 may include a network device 110. The network device 110 can communicate with a terminal 120 (or called a communication terminal or a terminal). The network device 110 can provide communication coverage for a specific geographic area and communicate with terminals in the coverage area. In an implementation, the network device 110 may be a base transceiver station (BTS) in the GSM or CDMA system, a base station (NodeB, NB) in the WCDMA system, an evolutional base station (evolutional node B, eNB or eNodeB) in the LTE system, or a wireless controller in a cloud radio access network (CRAN). In an implementation, the network device 110 may be a mobile switch center, a relay station, an access point, a vehicle-mounted device, a wearable device, a hub, a switch, a network bridge, a router, a network device in the 5G network, a network device in a future evolution public land mobile network (PLMN), or the like
  • The communication system 100 further includes at least one terminal 120 in the coverage area of the network device 110. The “terminal” used herein may include but is not limited to a device coupled via a wired line, and/or other data connection/network, and/or a wireless interface, and/or a device communicating with another terminal device to receive/transmit communication signals, and/or an Internet of Things (IoT) device. Examples of the wired line may include, but are not limited to, a public switched telephone network (PSTN), a digital subscriber line (DSL), a digital cable, and a direct connection cable. Examples of the wireless interface may include, but are not limited to, a wireless interface for a cellular network, a WLAN, a digital television network (such as a digital video broadcasting-handheld (DVB-H) network), a satellite network, and an amplitude modulation-frequency modulation (AM-FM) broadcast transmitter. A terminal configured to communicate via the wireless interface may be called a “wireless communication terminal”, a “wireless terminal”, or a “mobile terminal”. Examples of a mobile terminal may include, but are not limited to, a satellite or cellular telephone, a personal communication system (PCS) terminal integrated with functions of cellular radio telephone, data processing, fax, and data communication, a personal digital assistant (PDA) equipped with radio telephone, pager, Internet/Intranet access, web browsing, a notebook, a calendar, and/or a global positioning system (GPS) receiver, and a conventional laptop and/or a handheld receiver or other electronic devices equipped with a radio telephone transceiver. The terminal may refer to an access terminal, user equipment (UE), a user unit, a user station, a mobile station, a remote station, a remote terminal, a mobile device, a user terminal, a terminal, a wireless communication device, a user agent, or a user device. The access terminal may be a cellular phone, a cordless phone, a session initiation protocol (SIP) phone, a wireless local loop (WLL) station, a PDA, a handheld device with a wireless communication function, a computing device or other processing devices coupled with wireless modems, a vehicle-mounted device, a wearable device, a terminal device in the 5G network or the future evolution PLMN, or the like.
  • In an implementation, the terminals 120 may communication with each other through device to device (D2D) communication.
  • In an implementation, the 5G system or 5G network may also be referred to as a new radio (NR) system or an NR network.
  • As an example, FIG. 1 illustrates a network device and two terminals. In an implementation, the communication system 100 may include multiple network devices, and in a coverage area of each network device, there can be other numbers of terminals, which is not limited herein.
  • In an implementation, the communication system 100 may further include a network controller, a mobility management entity (MME), or other network entities, which is not limited herein.
  • It is to be understood that in the implementation of the present disclosure, in a network/system, a device with a communication function can be called a communication device. The communication system 100 illustrated in FIG. 1 is taken as an example. The communication devices may include the network device 110 and the terminal 120 that have a communication function. The network device 110 and the terminal 120 may be the devices described above, which is not repeated herein. The communication devices may further include other devices in the communication system 100, such as the network controller, the MME, or other network entities, which is not limited herein.
  • It is to be understood that the terms “system” and “network” in the specification are often used interchangeably in the specification. The term “and/or” in the specification is only a description of an association relationship of associated objects, which means that there may be three relationships, for example, A and/or B, which may mean that: A exists alone, A and B both exist, and B exists alone. In addition, the character “/” in the specification generally means that an object before “/” and an object after “/” are in an “or” relationship.
  • In order to meet people's pursuit of speed, delay, high-speed mobility, and energy efficiency of services, as well as diversity and complexity of services in future life, the 3rd generation partnership project (3GPP) international organization for standards developed 5G mobile communication technology.
  • Main application scenarios of 5G are: enhanced mobile broadband (eMBB), ultra reliability and low latency communication (URLLC), massive machine type communication (mMTC).
  • The technical solutions of the implementations of the present disclosure are mainly applied to a 5G mobile communication system. Of course, the technical solutions of the implementations of the present disclosure are not limited to the 5G mobile communication system, and can also be applied to other types of mobile communication systems. The following describes the main application scenarios in the 5G mobile communication system.
  • 1) eMBB scenario: eMBB aims at that users can obtain multimedia content, services and data, and service requirements of eMBB are growing rapidly. Since eMBB may be deployed in different scenarios, such as indoors, urban areas, rural areas, etc., service capabilities and requirements of eMBB in different scenarios are also quite different, so services need to be analyzed in combination with specific deployment scenarios.
  • 2) URLLC scenario: typical applications of URLLC include: industrial automation, power automation, telemedicine operations, traffic safety assurance, etc.
  • 3) mMTC scenario: typical characteristics of mMTC include: high connection density, small data volume, delay-insensitive services, low-cost and long service life of modules, etc.
  • An air interface of the 5G mobile communication technology is called NR. In the early deployment of NR, complete NR coverage is difficult to achieve. Therefore, typical network coverage is a combination of LTE coverage and NR coverage. Moreover, a large amount of LTE deployment is below 6 GHz, and there are a small number of spectrums that are below 6 GHz and can be used for 5G. Therefore, NR needs to study spectrum applications above 6 GHz. However, high frequency band coverage is limited and signal fading is fast. In addition, in order to protect early investment of mobile operators in LTE, a tight interworking mode between LTE and NR is proposed. Of course, NR cells can also be deployed independently.
  • FIG. 2 is a schematic flow chart illustrating a processing method for a security algorithm according to an implementation of the present disclosure. As illustrated in FIG. 2, the processing method for the security algorithm includes the following.
  • At block 201, a terminal performs cell search, and selects, from found cells, a cell supporting a first security algorithm as a target cell, where the first security algorithm is a security algorithm used by the terminal before radio resource control (RRC) connection re-establishment or RRC connection recovery.
  • In an implementation of the present disclosure, the terminal may be any device capable of communicating with a network, such as a mobile phone, a tablet computer, a vehicle-mounted terminal, a notebook, etc.
  • In an implementation of the present disclosure, if the terminal in RRC connection status encounters a radio link failure (RLF), an integrity-protection verification failure, an RRC connection reconfiguration release, or a handover failure, the terminal performs the cell search and initiates an RRC connection re-establishment procedure or RRC connection recovery procedure in an appropriate cell.
  • In an implementation of the present disclosure, for each of at least one cell, the terminal obtains a security algorithm list supported by the cell, and the security algorithm list contains at least one security algorithm supported by the cell. In an implementation, a cell can broadcast a security algorithm list of access stratum (AS) supported by the cell, and for each of the at least one cell, the terminal obtains the security algorithm list supported by the cell from a system broadcast message of the cell. When the terminal performs the cell search, a cell that supports the first security algorithm is selected as the target cell from the found cells, where the first security algorithm is the security algorithm used by the terminal before the RRC connection re-establishment or the RRC connection recovery.
  • For example, the security algorithm used by the terminal before the RRC connection re-establishment or RRC connection recovery is security algorithm 1 of cell A (original cell). In response to an RRC connection re-establishment event or RRC connection recovery event, the terminal performs the cell search. Three cells found by the cell are respectively cell 1, cell 2, and cell 3, where cell 1 and cell 2 support security algorithm 1, and cell 3 does not support security algorithm 1. A security algorithm list supported by each cell can be obtained from a system broadcast message of each cell. The terminal selects an appropriate cell from cell 1 and cell 2, for example, cell 1 with the highest signal quality is selected as the target cell. Herein, the target cell refers to a target cell for the RRC connection re-establishment or RRC connection recovery.
  • At block 202, perform the RRC connection re-establishment procedure or RRC connection recovery procedure between the terminal and the target cell.
  • The technical solution of the implementation of the present disclosure will be described in detail below in conjunction with the RRC connection re-establishment procedure and the RRC connection recovery procedure.
  • First Solution: RRC Connection Re-Establishment Procedure
  • 1) The terminal transmits an RRC connection re-establishment request message to the target cell.
  • In an implementation, the terminal transmits the RRC connection re-establishment request message to the target cell through signaling radio bearer 0 (SRB0). Upon reception of the RRC connection re-establishment request message, the target cell obtains UE context of the terminal from the original cell, restores SRB1, and updates a secret key.
  • 2) The terminal receives an RRC connection re-establishment message from the target cell, where the RRC connection re-establishment message has been subjected to integrity protection performed with the first security algorithm and the secret key updated by the target cell.
  • In an implementation, the target cell transmits the RRC connection re-establishment message to the terminal. The RRC connection re-establishment message is carried on SRB1 and has been subjected to the integrity protection. The RRC connection re-establishment message carries first next hop chaining count (NCC) information (i.e., key index information), and the first NCC information is used by the terminal to update the secret key. Since the target cell supports the first security algorithm used by the terminal before the RRC connection re-establishment, the integrity protection on the RRC connection re-establishment message can be performed with the first security algorithm.
  • 3) The terminal transmits an RRC connection re-establishment completion message to the target cell.
  • In an implementation, upon reception of the RRC connection re-establishment message from the target cell, the terminal updates the secret key according to the first NCC information in the RRC connection re-establishment message, and transmits the RRC connection re-establishment completion message to the target cell. The terminal performs integrity protection and encryption on the RRC connection re-establishment completion message with the first security algorithm and the secret key updated by the terminal.
  • Second Solution: RRC Connection Recovery Procedure
  • 1) The terminal transmits an RRC connection recovery request message to the target cell.
  • In an implementation, the terminal transmits the RRC connection recovery request message to the target cell through SRB0. Upon reception of the RRC connection recovery request message, the target cell obtains UE context of the terminal from the original cell, restores SRB1, and updates a secret key.
  • 2) The terminal receives an RRC connection recovery message from the target cell, where the RRC connection recovery message has been subjected to integrity protection and encryption performed with the first security algorithm and the secret key updated by the target cell.
  • In an implementation, the target cell transmits the RRC connection recovery message to the terminal. The RRC connection recovery message is carried on SRB1 and has been subjected to the integrity protection and encryption. The RRC connection recovery message carries second NCC information (i.e., key index information), and the second NCC information is used by the terminal to update the secret key. Since the target cell supports the first security algorithm used by the terminal before the RRC connection recovery, the integrity protection and encryption on the RRC connection recovery message can be performed with the first security algorithm and the secret key updated by the target cell.
  • 3) The terminal transmits an RRC connection recovery completion message to the target cell.
  • In an implementation, upon reception of the RRC connection recovery message from the target cell, the terminal updates the secret key according to second NCC information in the RRC connection recovery message, and transmits the RRC connection recovery completion message to the target cell. The terminal performs integrity protection and encryption on the RRC connection recovery completion message with the first security algorithm and the secret key updated by the terminal.
  • According to the implementation, in the RRC connection re-establishment procedure or the RRC connection recovery procedure, the terminal selects the cell that supports the security algorithm used by the terminal before the RRC connection re-establishment or the RRC connection recovery to serve as the target cell for the RRC connection re-establishment or RRC connection recovery, thereby avoiding falling back of RRC connection establishment and ensuring successful RRC connection re-establishment or successful RRC connection recovery, and thus RRC connection can be restored as soon as possible, and service interruption delay can be shortened.
  • FIG. 3 is a schematic flow chart illustrating a processing method for a security algorithm according to an implementation of the present disclosure. As illustrated in FIG. 3, the processing method for the security algorithm includes the following.
  • At block 301, a terminal performs cell search and selects a target cell from found cells.
  • In an implementation of the present disclosure, the terminal may be any device capable of communicating with a network, such as a mobile phone, a tablet computer, a vehicle-mounted terminal, a notebook, etc.
  • In an implementation of the present disclosure, if the terminal in RRC connection status encounters an RLF, an integrity-protection verification failure, an RRC connection reconfiguration release, or a handover failure, the terminal performs the cell search and initiates an RRC connection re-establishment procedure in an appropriate cell (i.e., the target cell).
  • At block 302, the terminal transmits an RRC connection re-establishment request message to the target cell.
  • In an implementation, the terminal transmits the RRC connection re-establishment request message to the target cell through SRB0. Upon reception of the RRC connection re-establishment request message, the target cell obtains UE context of the terminal from the original cell, restores SRB1, obtains configuration information of a first security algorithm used by the terminal before RRC connection re-establishment, and updates a secret key.
  • At block 303, the terminal receives an RRC connection re-establishment message from the target cell and determines whether the RRC connection re-establishment message carries configuration information of a second security algorithm.
  • In an implementation, the target cell transmits the RRC connection re-establishment message to the terminal. The RRC connection re-establishment message is carried on SRB1 and has been subjected to integrity protection. The RRC connection re-establishment message carries first NCC information (i.e., secret index information), and the first NCC information is used by the terminal to update the secret key.
  • In an implementation of the present disclosure, a security algorithm list supported by the target cell contains at least one security algorithm. If the security algorithm list contains the first security algorithm, it indicates that the target cell supports the first security algorithm. If the security algorithm list does not contain the first security algorithm, it indicates that the target cell does not support the first security algorithm. The following will describe the technical solution of the present disclosure in detail with reference to a condition where the target cell supports the first security algorithm and a condition where the target cell does not support the first security algorithm.
  • 1) The target cell does not support the first security algorithm.
  • If the target cell does not support the first security algorithm, the target cell makes the RRC connection re-establishment message carry the configuration information of the second security algorithm. The first security algorithm is a security algorithm used by the terminal before the RRC connection re-establishment, and the second security algorithm is a security algorithm supported by the target cell.
  • Herein, if the target cell does not support the security algorithm (i.e., the first security algorithm of the original cell) used by the terminal before the RRC connection re-establishment, the target cell changes to use the second security algorithm (i.e., the second security algorithm of the target cell).
  • 2) The target cell supports the first security algorithm.
  • If the target cell supports the first security algorithm, the target cell makes the RRC connection re-establishment message not carry the configuration information of the second security algorithm or carry the configuration information of the second security algorithm. The first security algorithm is the security algorithm used by the terminal before the RRC connection re-establishment, and the second security algorithm is the security algorithm supported by the target cell.
  • Herein, if the target cell supports the security algorithm (i.e., the first security algorithm of the original cell) used by the terminal before the RRC connection re-establishment, the target cell can choose to not perform security algorithm change or can choose to perform the security algorithm change. If the target cell selects to perform the security algorithm change, the target cell changes to use the second security algorithm supported by the target cell.
  • In an implementation of the present disclosure, if the target cell determines to use the second security algorithm, the target cell makes the RRC connection re-establishment message carry the configuration information of the second security algorithm. Furthermore, if the RRC connection re-establishment message carries the configuration information of the second security algorithm, it indicates that the RRC connection re-establishment message has been subjected to the integrity protection performed with the second security algorithm and the secret key updated by the target cell.
  • At block 304, in response to the RRC connection re-establishment message carrying the configuration information of the second security algorithm, the terminal transmits an RRC connection re-establishment completion message to the target cell via the second security algorithm.
  • In an implementation of the present disclosure, the RRC connection re-establishment message carries the first NCC information, and the first NCC information is used by the terminal to update the secret key. Upon reception of the RRC connection re-establishment message from the target cell, the terminal updates the secret key according to the first NCC information in the RRC connection re-establishment message, and transmits the RRC connection re-establishment completion message to the target cell. If the RRC connection re-establishment message carries the configuration information of the second security algorithm, the terminal performs integrity protection and security on the RRC connection re-establishment completion message with the second security algorithm and the secret key updated by the terminal.
  • In an implementation of the present disclosure, if the RRC connection re-establishment message does not carry the configuration information of the second security algorithm, the terminal transmits the RRC connection re-establishment completion message to the target cell via the first security algorithm, and the first security algorithm is the security algorithm used by the terminal before the RRC connection re-establishment. The RRC connection re-establishment message carries the first NCC information, and the first NCC information is used by the terminal to update the secret key. Upon reception of the RRC connection re-establishment message from the target cell, the terminal updates the secret key according to the first NCC information in the RRC connection re-establishment message, and transmits the RRC connection re-establishment completion message to the target cell. If the RRC connection re-establishment message does not carry the configuration information of the second security algorithm, the terminal performs the integrity protection and encryption on the RRC connection re-establishment completion message with the first security algorithm and the secret key updated by the terminal.
  • For example, the security algorithm used by the terminal before the RRC connection re-establishment is security algorithm A (that is, security algorithm A of the original cell). The terminal initiates an RRC connection re-establishment procedure in response to an RRC connection re-establishment event. In the implementation, the terminal performs the cell search. In response to finding the target cell, the terminal transmits the RRC connection re-establishment request message to the target cell. Upon reception of the RRC connection re-establishment request message, the target cell obtains from the original cell UE context of the terminal and security algorithm A used by the terminal. The target cell determines whether the target cell supports security algorithm A. If the target cell does not support security algorithm A, the target cell changes to use security algorithm B rather than security algorithm A, where security algorithm B is a security algorithm supported by the target cell. If the target cell supports security algorithm A, the target cell can change to use security algorithm B rather than security algorithm A, or choose not to perform security algorithm change (that is, still use security algorithm A). If the target cell changes to use security algorithm B rather than security algorithm A, the target cell makes the RRC connection re-establishment message transmitted to the terminal carry configuration information of security algorithm B, and performs the integrity protection on the RRC connection re-establishment message with security algorithm B and the secret key updated by the target cell. If the target cell does not perform the security algorithm change, the target cell makes the RRC connection re-establishment message transmitted to the terminal not carry configuration information of a security algorithm, and performs the integrity protection on the RRC connection re-establishment message with the secret key updated by the target cell and security algorithm A. Upon reception of the RRC connection re-establishment message, in case that the RRC connection re-establishment message carries the configuration information of security algorithm B, the terminal uses security algorithm B and the secret key updated by the terminal to perform integrity protection verification on the RRC connection re-establishment message. If the verification passes, the terminal uses security algorithm B and the secret key updated by the terminal, and then replies to the target cell with the RRC connection re-establishment completion message. The terminal performs encryption and integrity protection on the RRC connection re-establishment completion message with security algorithm B and the secret key updated by the terminal. In case that the RRC connection re-establishment message does not carry configuration information of a security algorithm, the terminal uses security algorithm A and the secret key updated by the terminal to perform the integrity protection verification on the RRC connection re-establishment message, and further uses security algorithm A to reply to the target cell with the RRC connection re-establishment completion message. That is, the encryption and integrity protection on the RRC connection re-establishment completion message are performed with security algorithm A and the secret key updated by the terminal.
  • According to the implementation, the network side (i.e., the target cell) determines whether to perform security algorithm change for the RRC connection re-establishment according to the security algorithm currently configured by the terminal and a security algorithm support ability of the network side, so as to prevent RRC connection establishment from falling back and ensure successful RRC connection re-establishment, and thus RRC connection can be restored as soon as possible, and service interruption delay can be shortened.
  • FIG. 4 is a schematic structural diagram illustrating a processing apparatus for a security algorithm according to an implementation of the present disclosure. As illustrated in FIG. 4, the apparatus includes a searching unit 401 and an RRC unit 402.
  • The searching unit 401 is configured to perform cell search and select a cell supporting a first security algorithm as a target cell from found cells, where the first security algorithm is a security algorithm used by a terminal before RRC connection re-establishment or RRC connection recovery.
  • The RRC unit 402 is configured to perform an RRC connection re-establishment procedure or an RRC connection recovery procedure between the terminal and the target cell.
  • In an implementation, the apparatus further includes an obtaining unit 403 configured to obtain, for each of at least one cell, a security algorithm list supported by the cell from a system broadcast message of the cell, where the security algorithm list contains at least one security algorithm support by the cell.
  • In an implementation, the RRC unit 402 is configured to transmit an RRC connection re-establishment request message to the target cell, and receive an RRC connection re-establishment message from the target cell, where the RRC connection re-establishment message has been subjected to integrity protection performed with the first security algorithm and a secret key updated by the target cell. The RRC unit 402 is further configured to transmit an RRC connection re-establishment completion message to the target cell.
  • In an implementation, the RRC connection re-establishment message carries first NCC information, where the first NCC information is used by the terminal to update a secret key. Integrity protection and encryption on the RRC connection re-establishment completion message are performed with the first security algorithm and a secret key updated by the terminal.
  • In an implementation, the RRC unit 402 is configured to transmit an RRC connection recovery request message to the target cell, and receive an RRC connection recovery message from the target cell, where the RRC connection recovery message has been subjected to integrity protection and encryption performed with the first security algorithm and the secret key updated by the target cell. The RRC unit 402 is further configured to transmit an RRC connection recovery completion message to the target cell.
  • In an implementation, the RRC connection recovery message carries second NCC information, where the second NCC information is used by the terminal to update the secret key. Integrity protection and encryption on the RRC connection recovery completion message is performed with the first security algorithm and the secret key updated by the terminal.
  • Those skilled in the art should understand that relevant description of the aforementioned processing apparatus for a security algorithm in the implementation of the present disclosure can be understood with reference to relevant description of the processing method for a security algorithm in the implementation of the present disclosure.
  • FIG. 5 is a schematic structural diagram illustrating a processing apparatus for a security algorithm according to an implementation of the present disclosure. As illustrated in FIG. 5, the apparatus includes a searching unit 501 and an RRC unit 502.
  • The searching unit 501 is configured to perform cell search and select a target cell.
  • The RRC unit 502 is configured to transmit an RRC connection re-establishment request message to the target cell, receive an RRC connection re-establishment message from the target cell, determine whether the RRC connection re-establishment message carries configuration information of a second security algorithm, and transmit an RRC connection re-establishment completion message to the target cell via the second security algorithm, in response to the RRC connection re-establishment message carrying the configuration information of the second security algorithm.
  • In an implementation, in case that the target cell does not support the first security algorithm, the target cell makes the RRC connection re-establishment message carry the configuration information of the second security algorithm. The first security algorithm is a security algorithm used by the terminal before RRC connection re-establishment, and the second security algorithm is a security algorithm supported by the target cell.
  • In an implementation, in case that the target cell supports the first security algorithm, the target cell makes the RRC connection re-establishment message not carry the configuration information of the second security algorithm or carry the configuration information of the second security algorithm. The first security algorithm is the security algorithm used by the terminal before the RRC connection re-establishment, and the second security algorithm is the security algorithm supported by the target cell.
  • In an implementation, in case that the RRC connection re-establishment message carries the configuration information of the second security algorithm, it indicates that the RRC connection re-establishment message has been subjected to integrity protection performed with the second security algorithm and a secret key updated by the target cell.
  • In an implementation, the RRC connection re-establishment message carries first NCC information, where the first NCC information is used by the terminal to update a secret key. Integrity protection and encryption on the RRC connection re-establishment completion message are performed with the second security algorithm and the secret key updated by the terminal, in response to the RRC connection re-establishment message carrying the configuration information of the second security algorithm.
  • In an implementation, the RRC unit 502 is configured to transmit the RRC connection re-establishment completion message to the target cell via the first security algorithm, in response to the RRC connection re-establishment message not carrying the configuration information of the second security algorithm, where the first security algorithm is the security algorithm used by the terminal before the RRC connection re-establishment.
  • In an implementation, the RRC connection re-establishment message carries the first NCC information, where the first NCC information is used by the terminal to update the secret key. The integrity protection and encryption on the RRC connection re-establishment completion message are performed with the first security algorithm and the secret key updated by the terminal, in response to the RRC connection re-establishment message not carrying the configuration information of the second security algorithm.
  • Those skilled in the art should understand that relevant description of the aforementioned processing apparatus for a security algorithm in the implementation of the present disclosure can be understood with reference to relevant description of the processing method for a security algorithm in the implementation of the present disclosure.
  • FIG. 6 is a schematic structural view illustrating a communication device 600 according to an implementation of the present disclosure. The communication device 600 may be a terminal. The communication device 600 illustrated in FIG. 6 includes a processor 610. The processor 610 can invoke and run at least one computer program in a memory to implement the method in the implementation of the present disclosure.
  • In an implementation, as illustrated in FIG. 6, the communication device 600 further includes a memory 620. The processor 610 can invoke and run the computer program in the memory 620 to implement the method in the implementation of the present disclosure.
  • The memory 620 may be a single device independent of the processor 610, and may also be integrated in the processor 610.
  • In an implementation, as illustrated in FIG. 6, the communication device 600 may further include a transceiver 630. The processor 610 can control the transceiver 630 to communication with other devices, for example, to transmit information or data to the other devices or receive information or data from the other devices.
  • In an implementation, the transceiver 630 may include a transmitter and a receiver. The transceiver 630 may further include one or more antennas.
  • The communication device 600 may be the network device in the implementations of the present disclosure, and the communication device 600 can implement corresponding procedures realized by the network device in the methods in the implementations of the present disclosure, which will not be repeated herein for simplicity.
  • The communication device 600 may be the mobile terminal/terminal in the implementations of the present disclosure, and the communication device 600 can implement corresponding procedures realized by the mobile terminal/terminal in the implementations of the present disclosure, which will not be repeated herein for simplicity.
  • FIG. 7 is a schematic structural diagram illustrating a chip according to an implementation of the present disclosure. The chip 700 illustrated in FIG. 7 includes a processor 710. The processor 710 can invoke and run at least one computer program stored in a memory to implement the methods in the implementation of the present disclosure.
  • In an implementation, as illustrated in FIG. 7, the chip 700 further includes a memory 720. The processor 710 can invoke and run at least one computer program stored in the memory 720 to implement the methods in the implementations of the present disclosure.
  • The memory 720 may be a single device independent of the processor 710, and may also be integrated in the processor 710.
  • In an implementation, the chip 700 may further include an input interface 730. The processor 710 can control the input interface 730 to communication with other devices or chips, for example, to receive information or data from the other devices or chips.
  • In an implementation, the chip 700 may further include an output interface 740. The processor 710 can control the output interface 740 to communication with other devices or chips, for example, to output information or data to the other devices or chips.
  • The chip can be applied to the network device in the implementations of the present disclosure, and the chip can implement corresponding procedures realized by the network device in the methods in the implementations of the present disclosure, which will not be repeated herein for simplicity.
  • The chip can be applied to the mobile terminal/terminal in the implementations of the present disclosure, and the chip can implement corresponding procedures realized by the mobile terminal/terminal in the methods in the implementations of the present disclosure, which will not be repeated herein for simplicity.
  • It is to be understood that the chip referred in the implementation of the present disclosure may also be referred to as a system-level chip, a system chip, a chip system, a system-on chip, or the like.
  • FIG. 8 is a schematic block diagram illustrating a communication system 900 according to an implementation of the present disclosure. As illustrated in FIG. 8, the communication system 900 includes a terminal device 910 and a network device 920.
  • The terminal device 910 can be used to implement corresponding functions realized by the terminal in the above method, and the network device 920 can be used to implement corresponding functions realized by the network device in the above method, which will not be repeated herein for simplicity.
  • It is to be understood that the processor in the implementation of the present disclosure may be an integrated circuit chip with signal processing capability. In the implementation process, the steps of the foregoing method implementations can be completed by hardware integrated logic circuits in the processor or instructions in the form of software. The above-mentioned processor may be a general-purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programming logic devices, discrete gates or transistor logic devices, or discrete hardware components. The methods, steps, and logical block diagrams disclosed in the implementations of the present disclosure can be implemented or executed. The general-purpose processor may be a microprocessor or the processor may also be any conventional processor or the like. The steps of the methods disclosed in the implementations of the present disclosure can be directly executed and completed by a hardware decoding processor, or executed and completed by a combination of hardware and software modules in the decoding processor. The software modules can be located in a mature storage medium in the field such as a random access memory, a flash memory, a read-only memory, a programmable read-only memory, an electrically erasable programmable memory, or a register. The storage medium is located in the memory, and the processor reads information in the memory and completes the steps of the above methods in combination with its hardware.
  • It can be understood that the memory may be a volatile memory or a non-volatile memory, and may also include both the volatile memory and non-volatile memory. The non-volatile memory may be a read-only memory (ROM), a programmable read-only memory (PROM), an erasable programmable read-only memory (EPROM), an electrically erasable programmable read-only memory (EEPROM), or a flash memory. The volatile memory may be a random access memory (RAM) and used for external high-speed cache. By way of examples rather than limitation, various random access memories can be used, for example, a static random access memory (SRAM), a dynamic random access memory (DRAM), a synchronous dynamic random access memory (SDRAM), a double data rate synchronous dynamic random access memory (DDR SDRAM), an enhanced synchronous dynamic random access memory (ESDRAM), a synclink dynamic random access memory (SLDRAM), and a direct rambus random access memory (DR RAM). It is to be noted that the memory described in the system and method in this specification is intended to include but is not limited to these and any other suitable types of memories.
  • It is to be noted that the above memories are exemplary but not used for limitation. For example, the memory in the implementation of the present disclosure may also be an SRAM, a DRAM, an SDRAM, a DDR SDRAM, an ESDRAM, an SLDRAM, and a DR RAM. That is, the memory described in the implementation of the present disclosure is intended to include but is not limited to these and any other suitable types of memories.
  • Implementations of the present disclosure further provide a computer-readable storage medium configured to store at least one computer program.
  • In an implementation, the computer-readable storage medium can be applied to the network device in the implementations of the present disclosure, and the computer program enables a computer to execute corresponding procedures realized by the network device in the above methods in the implementations of the present disclosure, which will not be repeated herein for simplicity.
  • In an implementation, the computer-readable storage medium can be applied to the mobile terminal/terminal in the implementations of the present disclosure, and the computer program enables the computer to execute corresponding procedures realized by the mobile terminal/terminal in the above methods in the implementations of the present disclosure, which will not be repeated herein for simplicity.
  • Implementations of the present disclosure further provide a computer program product which includes at least one computer program instruction.
  • In an implementation, the computer program product can be applied to the network device in the implementations of the present disclosure, and the computer program instruction enables the computer to execute corresponding procedures realized by the network device in the above methods in the implementations of the present disclosure, which will not be repeated herein for simplicity.
  • In an implementation, the computer program product can be applied to the mobile terminal/terminal in the implementations of the present disclosure, and the computer program instruction enables the computer to execute corresponding procedures realized by the mobile terminal/terminal in the above methods in the implementations of the present disclosure, which will not be repeated herein for simplicity.
  • Implementations of the present disclosure further provide a computer program.
  • In an implementation, the computer program can be applied to the network device in the implementations of the present disclosure, and the computer program, when run in the computer, enables the computer to execute corresponding procedures realized by the network device in the above methods in the implementations of the present disclosure, which will not be repeated herein for simplicity.
  • In an implementation, the computer program can be applied to the mobile terminal/terminal in the implementations of the present disclosure, and the computer program, when run in the computer, enables the computer to execute corresponding procedures realized by the mobile terminal/terminal in the above methods in the implementations of the present disclosure, which will not be repeated herein for simplicity.
  • Those of ordinary skill in the art will appreciate that units and algorithmic operations of various examples described in connection with the implementations herein can be implemented by electronic hardware or by a combination of computer software and electronic hardware. Whether these functions are performed by means of hardware or software depends on the application and the design constraints of the associated technical solution. Those skilled in the art may use different methods with regard to each particular application to implement the described functionality, but such methods should not be regarded as lying beyond the scope of the disclosure.
  • It will be evident to those skilled in the art that, for the sake of convenience and simplicity, in terms of the working processes of the foregoing systems, apparatuses, and units, reference can be made to the corresponding processes of the above method implementations, which will not be repeated herein.
  • According to the several implementations provided in the present disclosure, it will be appreciated that the systems, apparatuses, and methods disclosed in implementations herein may also be implemented in various other manners. For example, the above apparatus implementations are merely illustrative, e.g., the division of units is only a division of logical functions, and there may exist other manners of division in practice, e.g., multiple units or assemblies may be combined or may be integrated into another system, or some features may be ignored or skipped. In other respects, the coupling or direct coupling or communication connection as illustrated or discussed may be an indirect coupling or communication connection through some interfaces, devices or units, and may be electrical coupling, mechanical coupling, or the like.
  • Separated units as illustrated may or may not be physically separated. Components or parts displayed as units may or may not be physical units, and may reside at one location or may be distributed to multiple networked units. Some of or all the units may be selectively adopted according to practical needs to achieve objectives of the solutions of the present disclosure.
  • In addition, the functional units in the various implementations of the present disclosure may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • If the integrated units are implemented as software functional units and sold or used as standalone products, they may be stored in a computer readable storage medium. Based on such an understanding, the essential technical solution, or the portion that contributes to the relate art, or part of the technical solution of the present disclosure may be embodied as software products. The computer software products can be stored in a storage medium and may include multiple instructions that, when executed, can cause a computing device, e.g., a personal computer, a server, a network device, etc., to execute some of or all operations of the methods described in various implementations of the present disclosure. The above storage medium may include various kinds of media that can store program codes, such as a universal serial bus (USB) flash disk, a mobile hard drive, an ROM, an RAM, an RAM, a magnetic disk, or an optical disk.
  • The above are only specific implementations of the present disclosure, and the protection scope of the present disclosure is not limited to this. Any person skilled in the art can easily think of changes or substitutions within the technical scope disclosed in the present disclosure, and these changes or substitutions shall fall within the protection scope of the present disclosure. Therefore, the protection scope of the present disclosure shall be subject to the protection scope of the claims.

Claims (20)

What is claimed is:
1. A method for processing a security algorithm, comprising:
performing, by a terminal, cell search, and selecting, by the terminal, a cell supporting a security algorithm as a target cell from found cells, wherein the security algorithm is used by the terminal before radio resource control (RRC) connection re-establishment or RRC connection recovery; and
performing, by the terminal, an RRC connection re-establishment procedure or an RRC connection recovery procedure between the terminal and the target cell.
2. The method of claim 1, further comprising:
for each of at least one cell, obtaining, by the terminal, a security algorithm list supported by the cell from a system broadcast message of the cell, wherein the security algorithm list contains at least one security algorithm support by the cell.
3. The method of claim 1, wherein performing, by the terminal, the RRC connection re-establishment procedure between the terminal and the target cell comprises:
transmitting, by the terminal, an RRC connection re-establishment request message to the target cell;
receiving, by the terminal, an RRC connection re-establishment message from the target cell, wherein the RRC connection re-establishment message has been subjected to integrity protection performed with the security algorithm and a secret key updated by the target cell; and
transmitting, by the terminal, an RRC connection re-establishment completion message to the target cell.
4. The method of claim 3, wherein
the RRC connection re-establishment message carries next hop chaining count (NCC) information, wherein the NCC information is used by the terminal to update a secret key;
the method further comprises:
performing, by the terminal, integrity protection and encryption on the RRC connection re-establishment completion message with the security algorithm and the secret key updated by the terminal.
5. The method of claim 1, wherein performing, by the terminal, the RRC connection recovery procedure between the terminal and the target cell comprises:
transmitting, by the terminal, an RRC connection recovery request message to the target cell;
receiving, by the terminal, an RRC connection recovery message from the target cell, wherein the RRC connection recovery message has been subjected to integrity protection and encryption performed with the security algorithm and a secret key updated by the target cell; and
transmitting, by the terminal, an RRC connection recovery completion message to the target cell.
6. The method of claim 5, wherein
the RRC connection recovery message carries NCC information, wherein the NCC information is used by the terminal to update a secret key;
the method further comprises:
performing, by the terminal, integrity protection and encryption on the RRC connection recovery completion message with the security algorithm and the secret key updated by the terminal.
7. A method for processing a security algorithm, comprising:
performing, by a terminal, cell search, and selecting, by the terminal, a target cell from found cells;
transmitting, by the terminal, a radio resource control (RRC) connection re-establishment request message to the target cell;
receiving, by the terminal, an RRC connection re-establishment message from the target cell, and determining, by the terminal, whether the RRC connection re-establishment message carries configuration information of a security algorithm supported by the target cell; and
transmitting, by the terminal, an RRC connection re-establishment completion message to the target cell via the security algorithm supported by the target cell, in response to the RRC connection re-establishment message carrying the configuration information of the security algorithm supported by the target cell.
8. The method of claim 7, wherein
the RRC connection re-establishment message carrying the configuration information of the security algorithm supported by the target cell is indicative of that a security algorithm used by the terminal before RRC connection re-establishment is not supported by the target cell.
9. The method of claim 7, wherein
the RRC connection re-establishment message not carrying the configuration information of the security algorithm supported by the target cell or carrying the configuration information of the security algorithm supported by the target cell is indicative of that a security algorithm used by the terminal before RRC connection re-establishment is supported by the target cell.
10. The method of claim 7, wherein
the RRC connection re-establishment message has been subjected to integrity protection performed with the security algorithm supported by the target cell and a secret key updated by the target cell, on condition that the RRC connection re-establishment message carries the configuration information of the security algorithm supported by the target cell.
11. The method of claim 7, wherein
the RRC connection re-establishment message carries next hop chaining count (NCC) information, wherein the NCC information is used by the terminal to update a secret key;
the method further comprises:
performing, by the terminal, integrity protection and encryption on the RRC connection re-establishment completion message with the security algorithm supported by the target cell and the secret key updated by the terminal, in response to the RRC connection re-establishment message carrying the configuration information of the security algorithm supported by the target cell.
12. The method of claim 7, further comprising:
transmitting, by the terminal, the RRC connection re-establishment completion message to the target cell via a security algorithm used by the terminal before RRC connection re-establishment, in response to the RRC connection re-establishment message not carrying the configuration information of the security algorithm supported by the target cell.
13. The method of claim 12, wherein
the RRC connection re-establishment message carries NCC information, wherein the NCC information is used by the terminal to update a secret key; and
the method further comprises:
performing, by the terminal, integrity protection and encryption on the RRC connection re-establishment completion message with the security algorithm used by the terminal before the RRC connection re-establishment and the secret key updated by the terminal, in response to the RRC connection re-establishment message not carrying the configuration information of the security algorithm supported by the target cell.
14. A terminal comprising:
at least one processor; and
a memory storing computer programs which, when executed by the at least one processor, cause the at least one processor to:
perform cell search and select a cell supporting a security algorithm as a target cell from found cells, wherein the security algorithm is used by the terminal before radio resource control (RRC) connection re-establishment or RRC connection recovery; and
perform an RRC connection re-establishment procedure or an RRC connection recovery procedure between the terminal and the target cell.
15. The terminal of claim 14, wherein the computer programs further cause the at least one processor to:
obtain, for each of at least one cell, a security algorithm list supported by the cell from a system broadcast message of the cell, wherein the security algorithm list contains at least one security algorithm support by the cell.
16. The terminal of claim 14, wherein the computer programs causing the at least one processor to perform the RRC connection re-establishment procedure between the terminal and the target cell cause the at least one processor to:
transmit an RRC connection re-establishment request message to the target cell;
receive an RRC connection re-establishment message from the target cell, wherein the RRC connection re-establishment message has been subjected to integrity protection performed with the security algorithm and a secret key updated by the target cell; and
transmit an RRC connection re-establishment completion message to the target cell.
17. The terminal of claim 16, wherein
the RRC connection re-establishment message carries next hop chaining count (NCC) information, wherein the NCC information is used by the terminal to update a secret key;
the computer programs further cause the at least one processor to:
perform integrity protection and encryption on the RRC connection re-establishment completion message with the security algorithm and the secret key updated by the terminal.
18. The terminal of claim 14, wherein the computer programs causing the at least one processor to perform the RRC connection recovery procedure between the terminal and the target cell cause the at least one processor to:
transmit an RRC connection recovery request message to the target cell;
receive an RRC connection recovery message from the target cell, wherein the RRC connection recovery message has been subjected to integrity protection and encryption performed with the security algorithm and a secret key updated by the target cell; and
transmit an RRC connection recovery completion message to the target cell.
19. The terminal of claim 18, wherein
the RRC connection recovery message carries NCC information, wherein the NCC information is used by the terminal to update a secret key;
the computer programs further cause the at least one processor to:
perform integrity protection and encryption on the RRC connection recovery completion message with the security algorithm and the secret key updated by the terminal.
20. The terminal of claim 14, wherein the target cell has the highest signal quality among the found cells.
US17/235,668 2018-10-23 2021-04-20 Processing Method for Security Algorithm and Terminal Abandoned US20210243687A1 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2018/111511 WO2020082247A1 (en) 2018-10-23 2018-10-23 Processing method for security algorithm, device and terminal

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/111511 Continuation WO2020082247A1 (en) 2018-10-23 2018-10-23 Processing method for security algorithm, device and terminal

Publications (1)

Publication Number Publication Date
US20210243687A1 true US20210243687A1 (en) 2021-08-05

Family

ID=70330266

Family Applications (2)

Application Number Title Priority Date Filing Date
US17/235,668 Abandoned US20210243687A1 (en) 2018-10-23 2021-04-20 Processing Method for Security Algorithm and Terminal
US17/472,092 Active 2039-08-27 US11917529B2 (en) 2018-10-23 2021-09-10 Systems and methods for identifying false alarms from ghost cells arriving from LTE-SSS detection with half-frame combining

Family Applications After (1)

Application Number Title Priority Date Filing Date
US17/472,092 Active 2039-08-27 US11917529B2 (en) 2018-10-23 2021-09-10 Systems and methods for identifying false alarms from ghost cells arriving from LTE-SSS detection with half-frame combining

Country Status (5)

Country Link
US (2) US20210243687A1 (en)
EP (1) EP3869865A4 (en)
JP (1) JP2022510556A (en)
CN (1) CN112889317A (en)
WO (1) WO2020082247A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7160114B2 (en) 2018-12-12 2022-10-25 富士通株式会社 Terminal device, wireless communication device, wireless communication system and wireless communication method
CN113329460B (en) * 2021-05-10 2023-03-31 Oppo广东移动通信有限公司 Cell selection method, device and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170171903A1 (en) * 2015-12-14 2017-06-15 Qualcomm Incorporated Radio link failure (rlf) failover in a multi-connectivity environment
US20190174571A1 (en) * 2016-08-10 2019-06-06 Idac Holdings, Inc. Light connectivity and autonomous mobility

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009020789A2 (en) * 2007-08-03 2009-02-12 Interdigital Patent Holdings, Inc. Security procedure and apparatus for handover in a 3gpp long term evolution system
CN101686513B (en) * 2008-09-26 2013-02-13 电信科学技术研究院 Cell switching method, system and device
CN101754414B (en) * 2008-12-16 2012-04-25 华为技术有限公司 Method and device for RRC connection reestablishment
CN101702818B (en) * 2009-11-02 2012-12-12 上海华为技术有限公司 Method, system and device of algorithm negotiation in radio link control connection re-establishment
CN102137400B (en) * 2010-01-23 2015-04-01 中兴通讯股份有限公司 Safety treatment method and system when re-establishing RRC (radio resource control) connection
EP2952027B1 (en) * 2013-01-30 2017-03-29 Telefonaktiebolaget LM Ericsson (publ) Security activation for dual connectivity
CN107409028B (en) * 2015-03-12 2023-05-16 华为技术有限公司 Transmitting apparatus, receiving apparatus and method thereof
US20170295551A1 (en) * 2016-04-06 2017-10-12 Qualcomm Incorporated Cell synchronization signals
CN109792347B (en) * 2016-09-26 2022-08-09 三星电子株式会社 Method and apparatus for communication in next generation mobile communication system
WO2018083151A1 (en) * 2016-11-07 2018-05-11 Telefonaktiebolaget Lm Ericsson (Publ) Handling radio link failure in a narrow bandwidth internet of things control plane
US11012186B2 (en) * 2017-01-06 2021-05-18 Idac Holdings, Inc. Error check-based synchronization and broadcast channel
CN107959984A (en) * 2018-01-22 2018-04-24 创新维度科技(北京)有限公司 RRC connection reconstructions method, base station and user terminal in Internet of Things

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170171903A1 (en) * 2015-12-14 2017-06-15 Qualcomm Incorporated Radio link failure (rlf) failover in a multi-connectivity environment
US20190174571A1 (en) * 2016-08-10 2019-06-06 Idac Holdings, Inc. Light connectivity and autonomous mobility

Also Published As

Publication number Publication date
EP3869865A4 (en) 2022-03-16
JP2022510556A (en) 2022-01-27
US11917529B2 (en) 2024-02-27
US20230109423A1 (en) 2023-04-06
EP3869865A1 (en) 2021-08-25
CN112889317A (en) 2021-06-01
WO2020082247A1 (en) 2020-04-30

Similar Documents

Publication Publication Date Title
US20200351977A1 (en) Information transmission method and apparatus, and communication device
US11950305B2 (en) Information configuration method and terminal
US11856634B2 (en) Method and device for controlling mobility of terminal, and terminal
US20220053392A1 (en) Switching Method and Apparatus, and Communication Device
JP7179092B2 (en) Adjacent cell relationship maintenance method and device, network equipment
WO2019242419A1 (en) Bwp switching method and apparatus, and terminal device
CN112586046A (en) Method and device for coordinating measurement configuration, network equipment and terminal
US20210092612A1 (en) Method and device for controlling security function
US20210243687A1 (en) Processing Method for Security Algorithm and Terminal
CN112703770B (en) RRC connection reestablishment method and device and network equipment
US11653407B2 (en) Information transmission method and apparatus, and terminal and network device
US20230337111A1 (en) Terminal device and network device
US20230189135A1 (en) Cell access selection method, terminal device, and network device
WO2020000174A1 (en) Core network selection method and apparatus, terminal device and network device
US20230403642A1 (en) Method for obtaining slice information and terminal device
US20220182895A1 (en) Wireless communication method and apparatus, and network device

Legal Events

Date Code Title Description
AS Assignment

Owner name: GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP., LTD., CHINA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:WANG, SHUKUN;YANG, NING;REEL/FRAME:055982/0438

Effective date: 20210115

STPP Information on status: patent application and granting procedure in general

Free format text: APPLICATION DISPATCHED FROM PREEXAM, NOT YET DOCKETED

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION