WO2012000435A1 - Method and apparatus for transmitting integrity protection parameter - Google Patents

Method and apparatus for transmitting integrity protection parameter Download PDF

Info

Publication number
WO2012000435A1
WO2012000435A1 PCT/CN2011/076563 CN2011076563W WO2012000435A1 WO 2012000435 A1 WO2012000435 A1 WO 2012000435A1 CN 2011076563 W CN2011076563 W CN 2011076563W WO 2012000435 A1 WO2012000435 A1 WO 2012000435A1
Authority
WO
WIPO (PCT)
Prior art keywords
rnc
mode information
security mode
message
change security
Prior art date
Application number
PCT/CN2011/076563
Other languages
French (fr)
Chinese (zh)
Inventor
王登辉
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2012000435A1 publication Critical patent/WO2012000435A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/106Packet or message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/108Source integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/02Data link layer protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/12Access point controller devices

Definitions

  • the present invention relates to the field of mobile communications, and in particular, to a method and apparatus for transmitting integrity protection parameters. Background technique
  • Hard handover refers to the form of handover that first disconnects the original cell and then contacts the new base station within a specified time. Among them, it can be a switch between different cells in an RNC (Radio Network Controller), or it can be a switch across RNCs. A hard handoff across RNC is called relocation (RELOCATION).
  • RNC Radio Network Controller
  • RELOCATION relocation
  • the message cell carries the Hyper Frame Number (HFN) of the SPON (Signaling Radio Bearer) and the Radio Resource Control Message Sequence Number (RRC SN). .
  • HFN Hyper Frame Number
  • RRC SN Radio Resource Control Message Sequence Number
  • COUNT-I is the parameter of the integrity protection f algorithm of the air interface signaling message. Integrity protection f The algorithm allows the receiver to verify that the signaling data was illegally modified after it was sent.
  • Figure 1A shows the composition of COUNT-I.
  • the upper 28 bits of COUNT-I are used for HFN and the lower 4 bits are used for RRC SN. Among them, the upstream and downstream COUNT-I are calculated separately.
  • the SRNC Source Radio Network Controller
  • the TRNC Target Radio Network Controller
  • TRNC Target Radio Network Controller
  • TRNC returns a relocation response message to the core network.
  • the core network sends a relocation command message to the SRNC.
  • the SRNC sends an air interface reconfiguration message to the terminal, and the air interface reconfiguration is performed.
  • the downstream COUNT-I in the interest is incremented by one with respect to the downstream COUNT-I transmitted to the TRNC.
  • the terminal sends a radio resource reconfiguration complete message to the TRNC after the reconfiguration is completed.
  • the TRNC sends a relocation probe message and a relocation complete message to the core network to complete the relocation process. If the voice service is established after the SRNC sends the relocation request message to the core network, the SRNC interacts with the terminal (Non-Access Stratum) message, for example, the SRNC sends a heavy message to the core network. After the positioning request message, the core network sends a connection (CONNECT) message to the SRNC, and the SRNC forwards the connection message to the terminal. Both the SRNC and the downstream COUNT-I of the terminal will increase, which is greater than the downstream COUNT-I transmitted to the TRNC.
  • the terminal Non-Access Stratum
  • CONNECT connection
  • the terminal After the relocation succeeds, the terminal sends a connection response message to the core network through the TRNC, and the core network sends a ringing message to the terminal through the TRNC.
  • the downlink COUNT-I carried by the TRNC in the downlink message is equal to the downlink COUNT-L saved by the terminal. Therefore, the terminal discards the received message, causing the voice service transmission to fail.
  • the embodiment of the invention provides a method and a device for transmitting an integrity protection parameter, which are used for realizing the transmission of the integrity protection parameter COUNT-I in the relocation process, and improving the TRNC and the COUNT-I saved by the terminal after the RNC switching. consistency.
  • the present invention provides a method for transmitting an integrity protection parameter, the method comprising the following steps: After receiving a radio resource reconfiguration complete message sent by a terminal, the first RNC (Radio Network Controller) sends a change security mode to the second RNC. The information request message, requesting to obtain the integrity protection parameter COUNT-I corresponding to the terminal; wherein the first RNC is the target RNC, and the second RNC is the source RNC;
  • the first RNC Radio Network Controller
  • the first RNC updates the local COUNT-I according to the COUNT-I carried in the change security mode information response message returned by the second RNC.
  • the step of the first RNC sending a change security mode information request message to the second RNC includes: sending, by the first RNC, a change security mode to the second RNC through the IUR interface Information request message; the change security mode information request message is included in a private message body of the IUR interface.
  • the method further includes: after the first RNC sends the change security mode information request message to the second RNC, the first RNC starts the timer and enters a state of waiting for response.
  • the foregoing method further includes: the first RNC continues to transmit the message according to the local COUNT-I after the timer expires.
  • the step of updating the local COUNT-I according to the integrity protection parameter COUNT-I carried in the received response message by the first RNC includes: the COUNT- carried in the received change security mode information response message by the first RNC. I compares with the local COUNT-I. If the two are inconsistent, the larger value of the COUNT-I and the local COUNT-I carried in the change security mode information response message is saved.
  • the step of the first RNC sending a change security mode information request message to the second RNC includes: sending, by the first RNC, a relocation detection message and relocation to the core network after receiving the radio resource reconfiguration complete message sent by the terminal The message is completed, and a change security mode information request message is sent to the second RNC after sending the relocation probe message or the relocation complete message.
  • the present invention provides a method of transmitting an integrity protection parameter, the method comprising the steps of:
  • the second RNC After sending the air interface reconfiguration message, the second RNC receives the change security mode information request message sent by the first RNC;
  • the second RNC generates a change security mode information response message, and returns a change security mode information response message to the first RNC; the response message includes a current integrity protection parameter COUNT-I.
  • the step of the second RNC returning the change security mode information response message to the first RNC includes: returning, by the second RNC, a change security mode information response message to the first RNC through the IUR interface; the change security mode information response message Private elimination contained in the IUR interface In the body.
  • the present invention also provides a Radio Network Controller (RNC), the radio network controller comprising:
  • a first transceiver unit configured to send a change security mode information request message to other RNCs, and receive a change security mode information response message;
  • a comparing unit configured to update the local COUNT-I according to the integrity protection parameter COUNT-I carried in the received change security mode information response message.
  • the first transceiver unit includes an IUR interface, and the first transceiver unit is further configured to send a change security mode information request message to the SRNC through the IUR interface.
  • the above apparatus further includes: a timer for timing.
  • the first transceiver unit is further configured to: continue to transmit the message according to the local COUNT-I after the timer expires.
  • the comparing unit is further configured to: compare the COUNT-I carried in the received change security mode information response message with the local COUNT-I, and if the two are inconsistent, save the change security mode information response message. The larger of the COUNT-I carried and the local COUNT-I.
  • the first transceiver unit is further configured to: after sending the relocation detection message or the relocation complete message to the core network, send a change security mode information request message to the other RNC.
  • the first transceiver unit is further configured to: receive a change security mode information request message sent by the second RNC, and return a change security mode information response message to the other RNC; the response message includes an integrity protection parameter C0UNT- L
  • the first transceiver unit is further configured to: return a change security mode information response message to the other RNCs through the IUR interface.
  • the present invention also provides a radio network controller (RNC), where the radio network controller includes: a second transceiver unit, configured to receive a change security mode information request message sent by another RNC, and return a change security mode information response message to other RNCs;
  • RNC radio network controller
  • a generating unit configured to generate a change security mode information response message after receiving the change security mode information request message sent by the other RNC; the response message includes an integrity protection parameter COUNT-I.
  • the second transceiver unit is further configured to: return a change security mode information response message to other RNCs through the IUR interface.
  • the TRNC sends a change security mode information request message to the SRNC after receiving the radio resource reconfiguration complete message sent by the terminal; the SRNC receives the request message, and returns a change security mode information response message to the TRNC, where The response message contains the latest integrity protection parameter COUNT-I; TRNC updates the local COUNT-I according to the COUNT-I carried in the received response message.
  • the present invention can correctly transmit the integrity protection parameter COUNT-I, thereby improving the consistency of the integrity protection parameter COUNT-I held by the TRNC and the terminal when switching between RNCs.
  • Figure 1A is a schematic diagram of the composition of the integrity protection parameter COUNT-I;
  • FIG. 1B is a schematic diagram of dropping NAS messages caused by cross-RC handover
  • FIG. 2 is a main structural diagram of a communication system according to an embodiment of the present invention.
  • 3A is a detailed structural diagram of a TRNC according to an embodiment of the present invention.
  • FIG. 3B is a schematic diagram of content of a change security mode information request message according to an embodiment of the present invention
  • FIG. 3C is a schematic diagram of content of a change security mode information response message according to an embodiment of the present invention
  • FIG. 4 is a detailed structural diagram of a SRNC according to an embodiment of the present invention
  • FIG. 5 is a flowchart of a main method for transmitting a integrity protection parameter COUNT-I on the TRNC side according to an embodiment of the present invention
  • FIG. 6 is a main diagram of the SRNC side transmission integrity protection parameter COUNT-I according to an embodiment of the present invention. Method flow chart;
  • FIG. 7 is a flowchart of a detailed method for transmitting an integrity protection parameter COUNT-I when forwarding a message through an IUR interface according to an embodiment of the present invention
  • FIG. 8 is a flowchart of a detailed method for transmitting the integrity protection parameter COUNT-I of the TRNC side according to an embodiment of the present invention.
  • Figure 9 is a flow chart showing the detailed method of transmitting the integrity protection parameter COUNT-I on the SRNC side in the embodiment of the present invention. detailed description
  • the TRNC sends a change security mode information request message to the SRNC after receiving the radio resource reconfiguration complete message sent by the terminal; the SRNC receives the request message, and returns a change security mode information response message to the TRNC, where The response message contains the latest integrity protection parameter COUNT-I; TRNC updates the local COUNT-I according to the COUNT-I carried in the received response message.
  • the integrity protection parameter COUNT-I is correctly transmitted during the relocation process, and the consistency of the integrity protection parameter COUNT-I saved by the TRNC and the terminal when the RNC is switched is improved.
  • the communication system in this embodiment includes TRNC 201 and SRNC 202.
  • the TRNC 201 is configured to send a Changed Security Mode Info Req message to the SRNC 202.
  • the TRNC 201 sends a change security mode information request message to the SRNC 202 to obtain the current integrity protection parameter COUNT-I information, and according to The obtained integrity protection parameter COUNT-I updates the local integrity protection parameter COUNT-I.
  • the TRNC 201 is further configured to: after receiving the relocation request message forwarded by the core network, send a relocation response message to the core network, and send a relocation detection message to the core network after receiving the radio resource reconfiguration complete message sent by the terminal, and The location completion message.
  • SRNC 202 is used to send change security mode information responses to TRNC 201 (Changed Security Mode Info Rsp ) Message.
  • the SRNC 202 is configured to, after receiving the change security mode information request message sent by the TRNC 201, return a change security mode information response message to the TRNC 201, where the response message includes an integrity protection parameter COUNT-I, especially a downlink COUNT-I. If a connection such as a voice service occurs during the relocation process, the COUNT-I may be changed by transmitting the NAS message, so the latest COUNT-I is sent to the TRNC 201 by changing the security mode information response message.
  • COUNT-I integrity protection parameter
  • the SRNC 202 is further configured to send a relocation request message to the core network when the relocation needs to be performed, receive a relocation command message sent by the core network in the relocation process, and send the relocation command message sent by the core network to the terminal after receiving the relocation command message sent by the core network.
  • the air interface reconfigures the message, and then enters the state of waiting for the IU release command of the core network, and receives the change security mode information request message sent by the TRNC 201 during the waiting process.
  • the RNC When the RNC is the TRNC 201, the RNC includes a first transceiver unit 2011, a first storage unit 2012, a timer 2013, and a comparison unit 2014. See Figure 3A.
  • the first transceiver unit 2011 is configured to receive and send a message.
  • the first transceiver unit 2011 is specifically configured to send a change security mode information request message to the SRNC 202.
  • the preferred first transceiver unit 2011 includes an IUR interface, and uses a private message of an IUR interface (an interface directly connected between two RNCs).
  • the (Private Message) structure transmits a change security mode information request message so as not to affect the existing communication protocol, and the message content is as shown in FIG. 3B.
  • receiving the change security mode information response message returned by the SRNC 202 preferably transmitting the change security mode information response message by using the private message structure of the IUR interface, and the message content is as shown in FIG. 3C.
  • the identifier may be set for the terminal.
  • the instance number of the terminal on the SRNC 202 side is represented by srnc-U-RNTI, and the first transceiver unit 2011 is set to pass through the IUR interface.
  • the cell type of the request message sent by the SRNC 202 is Changed Security Mode Info Req, indicating that the integrity protection parameter COUNT-I information is requested to obtain the integrity protection parameter COUNT-I that may change due to the delivery of the NAS message.
  • the first transceiver unit 2011 is further configured to receive a relocation request message forwarded by the core network, and the receiving terminal sends the message through the Uu interface. The sent radio resource reconfiguration complete message.
  • the first transceiver unit 2011 is further configured to receive a relocation request message forwarded by the core network, and send a relocation response message to the core network, receive a radio resource reconfiguration complete message sent by the terminal, and send a relocation complete to the core network (RELOCATION COMPLETE).
  • the message completes the relocation process, and sends a relocation probe message to the core network to request switching of the user plane data.
  • the first transceiver unit 2011 may send the change security mode information request message at any time.
  • the change security mode information request message may be sent after receiving the radio resource reconfiguration complete message sent by the terminal.
  • the change may be sent to the core network.
  • a change security mode information request message is sent to obtain the latest COUNT-I.
  • the first transceiver unit 2011 may further send the change security mode information request message multiple times after receiving the radio resource reconfiguration complete message sent by the terminal, so as to obtain the latest COUNT-I.
  • the first storage unit 2012 is used to store the uplink and downlink integrity protection parameters COUNT-L, wherein the first storage unit 2012 may not be located in the TRNC 201, and may be an external storage, or other type of storage device.
  • Timer 2013 is used for timing.
  • the timer 2013 is specifically configured to: after the first transceiver unit 2011 sends the change security mode information request message through the IUR interface, start timing, and cause the RNC to enter a state of waiting for the SRNC 202 to return a change security mode information response message, and wait for the SRNC 202 to return.
  • the security mode information response message is changed to obtain the latest integrity protection parameter COUNT-L. If the timer 2013 times out and has not received the response message returned by the SRNC 202, the RNC is caused to jump out and wait for the SRNC 202 to return the change security mode information response message. Status, comparison unit 2014 does not have to update the integrity protection parameter COUNT-L
  • the comparing unit 2014 is configured to determine whether the received change security mode information response message includes the integrity protection parameter COUNT-L. When the determination result is yes, continue to determine whether the COUNT-I is valid, that is, whether the format is correct, and the COUNT- Whether I has a total of 32 bits, whether the high 28 bits are HFN and the lower 4 bits are RRC SNs to complete the judgment process. When the judgment result is yes, it will change The integrity protection parameter COUNT-I carried in the security mode information response message is compared with the integrity protection parameter COUNT-I stored in the first storage unit 2012. If the two are inconsistent, the larger of the two is saved.
  • the first transceiver unit 2011 does not receive the change security mode information response message sent by the SRNC 202 through the IUR interface after the timer 2013 expires, or the received change security mode information response message does not include a valid integrity protection parameter.
  • the COUNT-I information, or the received message type of the response message is not Changed Security Mode Info Rsp, or the received security mode information response message contains the integrity protection parameter COUNT-I less than or equal to the first storage unit 2012 In the integrity protection parameter COUNT-I saved, it is not necessary to update the integrity protection parameter COUNT-I.
  • the RNC when the RNC is the SRNC 202, the RNC includes a second transceiving unit 2021 and a generating unit 2022, and may further include a releasing unit 2023.
  • the second transceiver unit 2021 is configured to receive and send a message.
  • the second transceiver unit 2021 is configured to receive a change security mode information request message sent by the TRNC 201 by using an internal IUR interface, where the request message is included in a private message body of the IUR interface.
  • the second transceiver unit 2021 After receiving the request message, the second transceiver unit 2021 returns a change security mode information response message to the TRNC 201 through the IUR interface, where the response message is included in the private message body of the IUR interface.
  • the second transceiver unit 2021 is further configured to send a relocation request message to the core network at the beginning of the relocation process, forward the request message to the TRNC 201 through the core network, receive the relocation command sent by the core network, and send the air interface reconfiguration to the terminal. (Radio Bearer Reconfiguration) message.
  • the SRNC 202 enters a state of waiting for the IU release command of the core network, and receives the change security mode information request message sent by the TRNC 201 during the waiting process. If the SRNC 202 is not in the state of waiting for the IU release command of the core network, the change security mode information request message is not processed and the discarding process is performed.
  • the release unit 2023 releases the resource of the terminal on the SRNC 202 side after receiving the release command.
  • the generating unit 2022 is configured to generate a change security mode information response message after the second transceiver unit 2021 receives the change security mode information request message sent by the TRNC 201.
  • the response message includes an integrity protection parameter COUNT-I 0
  • the releasing unit 2023 is configured to release the resources of the terminal on the SRNC 202 side after the second transceiving unit 2021 receives the IU release command sent by the core network.
  • the resource may be a radio resource control (RRC) connection or the like.
  • an embodiment of the present invention introduces a method of transmitting integrity protection parameters from the TRNC 201 side.
  • the main method of the TRNC 201 side transmitting the integrity protection parameter COUNT-I is as follows: Step 501: After receiving the radio resource reconfiguration complete message sent by the terminal, the TRNC 201 sends a change security mode information request message to the SRNC 202, requesting to obtain the The integrity protection parameter COUNT-I corresponding to the terminal.
  • the TRNC 201 may also send a change security mode information request message to the SRNC 202 after sending the relocation probe message to the core network or after sending the relocation complete message to the core network, where the control plane and the user plane data have been After the configuration is about to be completed, the core network has stopped or is about to stop transmitting messages to the SRNC 202, and the COUNT-I on the SRNC 202 side is less likely to change, so that the TRNC 201 obtains the latest COUNT-I.
  • Step 502 The TRNC 201 updates the local COUNT-I according to the COUNT-I carried in the received change security mode information response message.
  • the embodiment of the present invention introduces a method of transmitting the integrity protection parameter COUNT-I from the SRNC 202 side.
  • SRNC 202 side pass integrity protection parameters COUNT-I's main method The flow is as follows:
  • Step 601 After transmitting the air interface reconfiguration message, the SRNC 202 receives the change security mode information request message sent by the TRNC 201.
  • Step 601 The SRNC 202 returns a change security mode information response message to the TRNC 201.
  • the response message includes the current integrity protection parameter COUNT-L
  • the embodiment of the present invention implements a method for transmitting the parameter COUNT-I of the integrity protection algorithm f in the security mode by forwarding a message.
  • the message can be forwarded through the IUR interface. See Figure 7.
  • Step 701 After transmitting the relocation detection message to the core network, the TRNC 201 sends a change security mode information request message to the SRNC 202 through the IUR interface.
  • the request message is included in the private message of the IUR interface.
  • Step 702 The SRNC 202 returns a change security mode information response message through the IUR interface.
  • the response message includes the current integrity protection parameter COUNT-L.
  • the response message is included in the private message body of the IUR interface.
  • Step 703 The TRNC 201 determines whether the integrity protection parameter COUNT-I carried in the received message is greater than the local COUNT-I. When the result of the determination is yes, proceed to step 704, otherwise proceed to step 705.
  • Step 704 The TRNC 201 updates the locally saved integrity protection parameter COUNT-L, where the TRNC 201 compares the integrity protection parameter COUNT-I carried in the received message with the integrity protection parameter COUNT- saved in the first storage unit 2013. Comparing I, if the two are inconsistent, save the larger of the two. If the change security mode information response message received by the TRNC 201 does not contain a valid integrity protection parameter COUNT-I message, or the cell type of the received response message is not Changed Security Mode Info Rs, or the received change security If the integrity protection parameter COUNT-I contained in the mode information response message is less than or equal to the integrity protection parameter COUNT-I held in the TRNC 201, it is not necessary to update the integrity protection parameter COUNT-I.
  • Step 705 The TRNC 201 returns a relocation complete message to the core network to complete the relocation process.
  • an embodiment of the present invention introduces a method of transmitting an integrity protection parameter COUNT-I from the TRNC 201 side.
  • the detailed method flow for passing the integrity protection parameters on the TRNC 201 side is as follows: The terminal sends a message of completion of radio resource reconfiguration to the TRNC 201 through the Uu interface, and the TRNC 201 sends a relocation detection message to the core network.
  • Step 801 After transmitting the relocation detection message to the core network, the TRNC 201 sends a change security mode information request message to the SRNC 202 through the IUR interface.
  • the change security mode information request message is included in the private message of the IUR interface.
  • Step 802 The TRNC 201 starts the timer 2014 and enters a state waiting for a response to wait for the SRNC 202 to return a change security mode information response message.
  • Step 803 The TRNC 201 receives the change security mode information response message before the timer 2014 times out.
  • the response message is received by the TRNC 201 through the IUR interface, and the response message is included in the private message body of the IUR interface.
  • the TRNC 201 parses the private message body to obtain the integrity protection parameter COUNT-I information in the change security mode information response message.
  • Step 804 The TRNC 201 determines whether the received change security mode information response message includes an integrity protection parameter. COUNT-L When the determination result is yes, proceed to step 805, otherwise proceed to step 807.
  • Step 805 The TRNC 201 determines whether the integrity protection parameter COUNT-I included in the received response message is greater than the local COUNT-I. When the answer is yes, proceed to step 806, otherwise continue to step 807.
  • Step 806 The TRNC 201 updates the integrity protection parameter COUNT-I 0 stored in the local, wherein the comparison unit 2015 compares the integrity protection parameter COUNT-I carried in the response message received by the first transceiver unit 2011 with the first storage unit 2013. The saved integrity protection parameter COUNT-I is compared, if the two are inconsistent, the larger of the two is saved.
  • the TRNC 201 does not receive the change security mode information response message after the timer 2014 times out, or the received change security mode information response message does not contain a valid integrity protection parameter COUNT-I message, or the received response
  • the cell type of the message is not Changed Security Mode Info Rsp, or the integrity protection parameter COUNT-I contained in the received change security mode information response message is less than or equal to the integrity protection parameter COUNT-I saved in TRNC 201, and it is not necessary to update the integrity protection parameter COUNT- I.
  • Step 807 The TRNC 201 returns a relocation complete message to the core network to complete the relocation process.
  • an embodiment of the present invention introduces a method of transmitting an integrity protection parameter COUNT-I from the SRNC 202 side.
  • the detailed method flow for passing the integrity protection parameters on the SRNC 202 side is as follows:
  • the SRNC 202 receives the relocation command sent by the core network, and successfully sends the air interface reconfiguration message to the terminal, and enters the state of waiting for the IU release command of the core network.
  • Step 901 The SRNC 202 receives the change security mode information request message sent by the TRNC 201 through the IUR interface.
  • the request message is included in the private message body of the IUR interface.
  • Step 902 The SRNC 202 returns a change security mode information response message to the TRNC 201 via the IUR interface.
  • the response message includes the current integrity protection parameter COUNT-I information.
  • the change security mode information response message is included in the private message body of the IUR interface.
  • the srnc-U-RNTI is set to the instance number of the terminal on the SRNC 202 side, and the cell type of the sent response message is changed to Changed Security Mode Info Rsp, indicating that the sent message carries the integrity protection parameter COUNT-I.
  • the change security mode information request message is not processed and the discarding process is performed.
  • Step 903 The SRNC 202 receives the IU release command sent by the core network.
  • Step 904 The SRNC 202 releases the resources of the terminal on the SRNC 202 side.
  • the resource may be an RRC connection or the like.
  • the TRNC 201 sends a change security mode information request message to the SRNC 202 after receiving the radio resource reconfiguration complete message sent by the terminal; the SRNC 202 receives the request message, and returns a change security mode request message response to the TRNC 201.
  • Message where the response The message contains the current integrity protection parameter COUNT-I; TRNC 201 updates the local COUNT-I according to the COUNT-I carried in the received response message.
  • the integrity protection parameter COUNT-I is correctly transmitted in the relocation process, and the consistency of the integrity protection parameter COUNT-I saved by the TRNC 201 and the terminal when the RNC is switched is not limited, and the number of NAS messages is not limited, nor is it Therefore, the problem of discarding the NAS message occurs, so that the receiver can correctly complete the verification of whether the signaling data is illegally modified during the sending process by using the integrity protection algorithm f9, and avoid the failure of the integrity protection parameter COUNT-I.
  • the correct transmission causes the signaling to be discarded, which in turn affects the establishment and transmission of services.
  • the TRNC may send the change security mode information request message at any time. For example, the change security mode information request message may be sent after receiving the radio resource reconfiguration complete message sent by the terminal.
  • the relocation detection may be sent to the core network.
  • the change security mode information request message is sent.
  • the control plane and the user plane data are all configured or will be configured, and the core network may have stopped transmitting the message to the SRNC, and the COUNT- on the SRNC side I is less likely to change again.
  • the mode information response message can be located in the private message of the IUR interface, which facilitates the extension of the message without affecting the existing communication protocol.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method and an apparatus for transmitting an integrity protection parameter are provided. The method includes: after receiving a radio resource reconfiguration accomplishment message transmitted by a terminal, a first Radio Network Controller (RNC) transmits a changed security mode information request message to a second RNC to request the integrity protection parameter COUNT-I corresponding to the terminal; during the relocation process, the first RNC is the target RNC (TRNC) and the second RNC is the source RNC; the first RNC updates the local COUNT-I according to the COUNT-I carried in the received changed security mode information response message returned by the second RNC. With the present invention, the integrity protection parameter COUNT-I can be transmitted correctly during the relocation process, and thereby the consistency between the integrity protection parameter COUNT-I stored in the TRNC and that stored in the terminal in the cross-RNC handoff situation is improved.

Description

一种传递完整性保护参数的方法及装置 技术领域  Method and device for transmitting integrity protection parameters
本发明涉及移动通信领域, 尤其涉及一种传递完整性保护参数的方法 及装置。 背景技术  The present invention relates to the field of mobile communications, and in particular, to a method and apparatus for transmitting integrity protection parameters. Background technique
硬切换是指在一指定时间内, 先中断与原小区的联系, 再与新基站 取得联系的切换形式。 其中, 可以是在一个 RNC ( Radio Network Controller, 无线网络控制器) 内不同小区间的切换, 也可以是跨 RNC 的 切换。 跨 RNC的硬切换称为重定位( RELOCATION )。  Hard handover refers to the form of handover that first disconnects the original cell and then contacts the new base station within a specified time. Among them, it can be a switch between different cells in an RNC (Radio Network Controller), or it can be a switch across RNCs. A hard handoff across RNC is called relocation (RELOCATION).
在上下行传输过程中, 消息信元携带 SRB ( Signaling Radio Bearer, 信 令无线承载)的超级帧序号( Hyper Frame Number, HFN )和无线资源控制 消息序号 ( Radio Resource Control message Sequence Number, RRC SN )。 HFN和 RRC SN按照高低位组成了完整性保护参数 COUNT-I (计数器)。 COUNT-I是进行空口信令消息的完整性保护 f 算法的入参。完整性保护 f 算法使接收方可以校验信令数据在发送方发出后是否被非法修改。  During the uplink and downlink transmission, the message cell carries the Hyper Frame Number (HFN) of the SPON (Signaling Radio Bearer) and the Radio Resource Control Message Sequence Number (RRC SN). . The HFN and RRC SN form the integrity protection parameter COUNT-I (counter) according to the high and low bits. COUNT-I is the parameter of the integrity protection f algorithm of the air interface signaling message. Integrity protection f The algorithm allows the receiver to verify that the signaling data was illegally modified after it was sent.
图 1A所示为 COUNT-I的组成示意图。 COUNT-I的高 28位用于 HFN, 低 4位用于 RRC SN。 其中, 上行和下行的 COUNT-I分别计算。  Figure 1A shows the composition of COUNT-I. The upper 28 bits of COUNT-I are used for HFN and the lower 4 bits are used for RRC SN. Among them, the upstream and downstream COUNT-I are calculated separately.
如图 1B所示, SRNC ( Source Radio Network Controller, 源无线网络控 制器)向核心网发送重定位请求消息( RELOCATION REQUIRED ) , 其中, 该请求消息中携带上行和下行的完整性保护参数 COUNT-I。 核心网向 TRNC ( Target Radio Network Controller, 目标无线网络控制器)转发该重 定位请求消息。 TRNC向核心网返回重定位响应消息。 核心网向 SRNC发 送重定位命令消息。 SRNC向终端发送空口重配置消息,此时空口重配置消 息中的下行 COUNT-I相对于传输给 TRNC的下行 COUNT-I加 1。 终端在 重配置完成后向 TRNC发送无线资源重配完成消息。 TRNC向核心网发送 重定位探测消息和重定位完成消息, 完成重定位流程。 如果在 SRNC向核 心网发送重定位请求消息之后建立语音业务, 则在建立语音业务过程中, SRNC与终端交互 NAS ( Non- Access Stratum,非接入层)消息,例如, SRNC 向核心网发送重定位请求消息之后, 核心网向 SRNC 发送了连接 ( CONNECT ) 消息, SRNC把该连接消息转发给终端。 SRNC和终端的下 行 COUNT-I均会增加, 大于传输给 TRNC的下行 COUNT-I。 重定位成功 后, 终端通过 TRNC向核心网发送连接响应消息, 核心网再通过 TRNC向 终端发送振铃消息,此时 TRNC在下行消息中携带的下行 COUNT-I最多等 于终端保存的下行 COUNT-L 因此, 终端会丟弃收到的消息, 导致语音业 务传输失败。 发明内容 As shown in FIG. 1B, the SRNC (Source Radio Network Controller) sends a relocation request message (RELOCATION REQUIRED) to the core network, where the request message carries the uplink and downlink integrity protection parameters COUNT-I. . The core network forwards the relocation request message to the TRNC (Target Radio Network Controller). TRNC returns a relocation response message to the core network. The core network sends a relocation command message to the SRNC. The SRNC sends an air interface reconfiguration message to the terminal, and the air interface reconfiguration is performed. The downstream COUNT-I in the interest is incremented by one with respect to the downstream COUNT-I transmitted to the TRNC. The terminal sends a radio resource reconfiguration complete message to the TRNC after the reconfiguration is completed. The TRNC sends a relocation probe message and a relocation complete message to the core network to complete the relocation process. If the voice service is established after the SRNC sends the relocation request message to the core network, the SRNC interacts with the terminal (Non-Access Stratum) message, for example, the SRNC sends a heavy message to the core network. After the positioning request message, the core network sends a connection (CONNECT) message to the SRNC, and the SRNC forwards the connection message to the terminal. Both the SRNC and the downstream COUNT-I of the terminal will increase, which is greater than the downstream COUNT-I transmitted to the TRNC. After the relocation succeeds, the terminal sends a connection response message to the core network through the TRNC, and the core network sends a ringing message to the terminal through the TRNC. At this time, the downlink COUNT-I carried by the TRNC in the downlink message is equal to the downlink COUNT-L saved by the terminal. Therefore, the terminal discards the received message, causing the voice service transmission to fail. Summary of the invention
本发明实施例提供一种传递完整性保护参数的方法及装置, 用于实现 在重定位过程中完整性保护参数 COUNT-I 的传递, 提高跨 RNC 切换后 TRNC和终端所保存的 COUNT-I的一致性。  The embodiment of the invention provides a method and a device for transmitting an integrity protection parameter, which are used for realizing the transmission of the integrity protection parameter COUNT-I in the relocation process, and improving the TRNC and the COUNT-I saved by the terminal after the RNC switching. consistency.
本发明提供一种传递完整性保护参数的方法, 该方法包括以下步骤: 第一 RNC (无线网络控制器)在收到终端发送的无线资源重配完成消 息后, 向第二 RNC发送变化安全模式信息请求消息, 请求获得该终端对应 的完整性保护参数 COUNT-I;其中,所述第一 RNC为目标 RNC,第二 RNC 为源 RNC;  The present invention provides a method for transmitting an integrity protection parameter, the method comprising the following steps: After receiving a radio resource reconfiguration complete message sent by a terminal, the first RNC (Radio Network Controller) sends a change security mode to the second RNC. The information request message, requesting to obtain the integrity protection parameter COUNT-I corresponding to the terminal; wherein the first RNC is the target RNC, and the second RNC is the source RNC;
第一 RNC根据接收的第二 RNC返回的变化安全模式信息响应消息中 携带的 COUNT-I , 更新本地的 COUNT-I。  The first RNC updates the local COUNT-I according to the COUNT-I carried in the change security mode information response message returned by the second RNC.
上述方法中, 所述第一 RNC向第二 RNC发送变化安全模式信息请求 消息的步骤包括: 第一 RNC通过 IUR接口向第二 RNC发送变化安全模式 信息请求消息; 所述变化安全模式信息请求消息包含在 IUR接口的私有消 息体内。 In the above method, the step of the first RNC sending a change security mode information request message to the second RNC includes: sending, by the first RNC, a change security mode to the second RNC through the IUR interface Information request message; the change security mode information request message is included in a private message body of the IUR interface.
进一步地, 上述方法还包括: 在第一 RNC向第二 RNC发送变化安全 模式信息请求消息之后, 第一 RNC开启定时器, 进入等待响应的状态中。  Further, the method further includes: after the first RNC sends the change security mode information request message to the second RNC, the first RNC starts the timer and enters a state of waiting for response.
进一步地, 上述方法还包括: 第一 RNC 在定时器超时后根据本地的 COUNT-I继续传输消息。  Further, the foregoing method further includes: the first RNC continues to transmit the message according to the local COUNT-I after the timer expires.
进一步地, 所述第一 RNC根据接收的响应消息中携带的完整性保护参 数 COUNT-I, 更新本地的 COUNT-I步骤包括: 第一 RNC将接收的变化安 全模式信息响应消息中携带的 COUNT-I与本地的 COUNT-I进行比较, 如 果二者不一致, 保存所述变化安全模式信息响应消息中携带的 COUNT-I和 本地的 COUNT-I中的较大值。  Further, the step of updating the local COUNT-I according to the integrity protection parameter COUNT-I carried in the received response message by the first RNC includes: the COUNT- carried in the received change security mode information response message by the first RNC. I compares with the local COUNT-I. If the two are inconsistent, the larger value of the COUNT-I and the local COUNT-I carried in the change security mode information response message is saved.
进一步地, 所述第一 RNC向第二 RNC发送变化安全模式信息请求消 息的步骤包括: 第一 RNC在收到终端发送的无线资源重配完成消息后向核 心网发送重定位探测消息和重定位完成消息, 并在发送重定位探测消息或 重定位完成消息后向第二 RNC发送变化安全模式信息请求消息。  Further, the step of the first RNC sending a change security mode information request message to the second RNC includes: sending, by the first RNC, a relocation detection message and relocation to the core network after receiving the radio resource reconfiguration complete message sent by the terminal The message is completed, and a change security mode information request message is sent to the second RNC after sending the relocation probe message or the relocation complete message.
此外, 本发明提供一种传递完整性保护参数的方法, 该方法包括以下 步骤:  Furthermore, the present invention provides a method of transmitting an integrity protection parameter, the method comprising the steps of:
第二 RNC在发送空口重配置消息后, 接收第一 RNC发送的变化安全 模式信息请求消息;  After sending the air interface reconfiguration message, the second RNC receives the change security mode information request message sent by the first RNC;
第二 RNC生成变化安全模式信息响应消息, 并向第一 RNC返回变化 安全模式信息响应消息; 所述响应消息中包含当前的完整性保护参数 COUNT-I。  The second RNC generates a change security mode information response message, and returns a change security mode information response message to the first RNC; the response message includes a current integrity protection parameter COUNT-I.
上述方法中, 所述第二 RNC向第一 RNC返回变化安全模式信息响应 消息的步骤包括: 第二 RNC通过 IUR接口向第一 RNC返回变化安全模式 信息响应消息; 所述变化安全模式信息响应消息包含在 IUR接口的私有消 息体内。 In the above method, the step of the second RNC returning the change security mode information response message to the first RNC includes: returning, by the second RNC, a change security mode information response message to the first RNC through the IUR interface; the change security mode information response message Private elimination contained in the IUR interface In the body.
相应地, 本发明还提供一种无线网络控制器 ( RNC ), 该无线网络控制 器包括:  Accordingly, the present invention also provides a Radio Network Controller (RNC), the radio network controller comprising:
第一收发单元, 用于向其它 RNC发送变化安全模式信息请求消息, 及 接收变化安全模式信息响应消息;  a first transceiver unit, configured to send a change security mode information request message to other RNCs, and receive a change security mode information response message;
比较单元, 用于根据接收的变化安全模式信息响应消息中携带的完整 性保护参数 COUNT-I , 更新本地的 COUNT-I。  And a comparing unit, configured to update the local COUNT-I according to the integrity protection parameter COUNT-I carried in the received change security mode information response message.
上述装置中, 所述第一收发单元包括 IUR接口; 第一收发单元进一步 用于通过 IUR接口向 SRNC发送变化安全模式信息请求消息。  In the above device, the first transceiver unit includes an IUR interface, and the first transceiver unit is further configured to send a change security mode information request message to the SRNC through the IUR interface.
进一步地, 上述装置还包括: 定时器, 用于计时。  Further, the above apparatus further includes: a timer for timing.
进一步地, 所述第一收发单元进一步用于: 在定时器超时后根据本地 的 COUNT-I继续传输消息。  Further, the first transceiver unit is further configured to: continue to transmit the message according to the local COUNT-I after the timer expires.
进一步地, 所述比较单元进一步用于: 将接收的变化安全模式信息响 应消息中携带的 COUNT-I与本地的 COUNT-I进行比较, 如果二者不一致, 保存所述变化安全模式信息响应消息中携带的 COUNT-I 和本地的 COUNT-I中的较大值。  Further, the comparing unit is further configured to: compare the COUNT-I carried in the received change security mode information response message with the local COUNT-I, and if the two are inconsistent, save the change security mode information response message. The larger of the COUNT-I carried and the local COUNT-I.
进一步地, 所述第一收发单元进一步用于: 在向核心网发送重定位探 测消息或重定位完成消息后,向其它 RNC发送变化安全模式信息请求消息。  Further, the first transceiver unit is further configured to: after sending the relocation detection message or the relocation complete message to the core network, send a change security mode information request message to the other RNC.
进一步地, 所述第一收发单元还用于: 接收第二 RNC发送的变化安全 模式信息请求消息, 及向其它 RNC返回变化安全模式信息响应消息; 所述 响应消息中包含完整性保护参数 C0UNT-L  Further, the first transceiver unit is further configured to: receive a change security mode information request message sent by the second RNC, and return a change security mode information response message to the other RNC; the response message includes an integrity protection parameter C0UNT- L
进一步地, 所述第一收发单元进一步用于: 通过 IUR接口向其它 RNC 返回变化安全模式信息响应消息。  Further, the first transceiver unit is further configured to: return a change security mode information response message to the other RNCs through the IUR interface.
此外, 本发明还提供一种无线网络控制器(RNC ), 该无线网络控制器 包括: 第二收发单元,用于接收其它 RNC发送的变化安全模式信息请求消息, 及向其它 RNC返回变化安全模式信息响应消息; In addition, the present invention also provides a radio network controller (RNC), where the radio network controller includes: a second transceiver unit, configured to receive a change security mode information request message sent by another RNC, and return a change security mode information response message to other RNCs;
生成单元, 用于在接收到其它 RNC发送的变化安全模式信息请求消息 之后生成变化安全模式信息响应消息; 所述响应消息中包含完整性保护参 数 COUNT-I。  And a generating unit, configured to generate a change security mode information response message after receiving the change security mode information request message sent by the other RNC; the response message includes an integrity protection parameter COUNT-I.
上述装置中,所述第二收发单元进一步用于:通过 IUR接口向其它 RNC 返回变化安全模式信息响应消息。  In the above device, the second transceiver unit is further configured to: return a change security mode information response message to other RNCs through the IUR interface.
本发明实施例中, TRNC 在收到终端发送的无线资源重配完成消息后 向 SRNC发送变化安全模式信息请求消息; SRNC接收该请求消息, 并向 TRNC返回变化安全模式信息响应消息, 其中, 该响应消息中包含最新的 完整性保护参数 COUNT-I; TRNC根据接收的响应消息中携带的 COUNT-I , 更新本地的 COUNT-I。 这样, 在重定位过程中, 本发明能够实现正确传递 完整性保护参数 COUNT-I, 从而提高跨 RNC切换时 TRNC和终端所保存 的完整性保护参数 COUNT-I的一致性。 附图说明  In the embodiment of the present invention, the TRNC sends a change security mode information request message to the SRNC after receiving the radio resource reconfiguration complete message sent by the terminal; the SRNC receives the request message, and returns a change security mode information response message to the TRNC, where The response message contains the latest integrity protection parameter COUNT-I; TRNC updates the local COUNT-I according to the COUNT-I carried in the received response message. Thus, in the relocation process, the present invention can correctly transmit the integrity protection parameter COUNT-I, thereby improving the consistency of the integrity protection parameter COUNT-I held by the TRNC and the terminal when switching between RNCs. DRAWINGS
图 1A为完整性保护参数 COUNT-I的组成示意图;  Figure 1A is a schematic diagram of the composition of the integrity protection parameter COUNT-I;
图 1B为发生跨 RNC切换导致 NAS消息丟弃示意图;  FIG. 1B is a schematic diagram of dropping NAS messages caused by cross-RC handover;
图 2为本发明实施例中通信系统主要结构图;  2 is a main structural diagram of a communication system according to an embodiment of the present invention;
图 3A为本发明实施例中 TRNC详细结构图;  3A is a detailed structural diagram of a TRNC according to an embodiment of the present invention;
图 3B为本发明实施例中变化安全模式信息请求消息内容示意图; 图 3C为本发明实施例中变化安全模式信息响应消息内容示意图; 图 4为本发明实施例中 SRNC详细结构图;  3B is a schematic diagram of content of a change security mode information request message according to an embodiment of the present invention; FIG. 3C is a schematic diagram of content of a change security mode information response message according to an embodiment of the present invention; FIG. 4 is a detailed structural diagram of a SRNC according to an embodiment of the present invention;
图 5为本发明实施例中 TRNC侧传递完整性保护参数 COUNT-I的主要 方法流程图;  5 is a flowchart of a main method for transmitting a integrity protection parameter COUNT-I on the TRNC side according to an embodiment of the present invention;
图 6为本发明实施例中 SRNC侧传递完整性保护参数 COUNT-I的主要 方法流程图; FIG. 6 is a main diagram of the SRNC side transmission integrity protection parameter COUNT-I according to an embodiment of the present invention; Method flow chart;
图 7为本发明实施例中通过 IUR接口转发消息时传递完整性保护参数 COUNT-I的详细方法流程图;  7 is a flowchart of a detailed method for transmitting an integrity protection parameter COUNT-I when forwarding a message through an IUR interface according to an embodiment of the present invention;
图 8为本发明实施例中 TRNC侧传递完整性保护参数 COUNT-I的详细 方法流程图;  FIG. 8 is a flowchart of a detailed method for transmitting the integrity protection parameter COUNT-I of the TRNC side according to an embodiment of the present invention; FIG.
图 9为本发明实施例中 SRNC侧传递完整性保护参数 COUNT-I的详细 方法流程图。 具体实施方式  Figure 9 is a flow chart showing the detailed method of transmitting the integrity protection parameter COUNT-I on the SRNC side in the embodiment of the present invention. detailed description
本发明实施例中, TRNC 在收到终端发送的无线资源重配完成消息后 向 SRNC发送变化安全模式信息请求消息; SRNC接收该请求消息, 并向 TRNC返回变化安全模式信息响应消息, 其中, 该响应消息中包含最新的 完整性保护参数 COUNT-I; TRNC根据接收的响应消息中携带的 COUNT-I , 更新本地的 COUNT-I。 实现了在重定位过程中正确传递完整性保护参数 COUNT-I, 提高跨 RNC 切换时 TRNC 和终端所保存的完整性保护参数 COUNT-I的一致性。  In the embodiment of the present invention, the TRNC sends a change security mode information request message to the SRNC after receiving the radio resource reconfiguration complete message sent by the terminal; the SRNC receives the request message, and returns a change security mode information response message to the TRNC, where The response message contains the latest integrity protection parameter COUNT-I; TRNC updates the local COUNT-I according to the COUNT-I carried in the received response message. The integrity protection parameter COUNT-I is correctly transmitted during the relocation process, and the consistency of the integrity protection parameter COUNT-I saved by the TRNC and the terminal when the RNC is switched is improved.
参见图 2 , 本实施例中通信系统包括 TRNC 201和 SRNC 202。  Referring to Fig. 2, the communication system in this embodiment includes TRNC 201 and SRNC 202.
TRNC 201 用于向 SRNC 202发送变化安全模式信息请求(Changed Security Mode Info Req ) 消息。 在发生 RNC重定位流程中, TRNC 201在 收到终端发送的无线资源重配完成消息后,向 SRNC 202发送变化安全模式 信息请求消息, 以获取当前的完整性保护参数 COUNT-I信息, 并根据获得 的完整性保护参数 COUNT-I,更新本地的完整性保护参数 COUNT-I。 TRNC 201 还用于在收到核心网转发的重定位请求消息后向核心网发送重定位响 应消息, 及在收到终端发送的无线资源重配完成消息之后向核心网发送重 定位探测消息和重定位完成消息。  The TRNC 201 is configured to send a Changed Security Mode Info Req message to the SRNC 202. In the RNC relocation process, after receiving the radio resource reconfiguration complete message sent by the terminal, the TRNC 201 sends a change security mode information request message to the SRNC 202 to obtain the current integrity protection parameter COUNT-I information, and according to The obtained integrity protection parameter COUNT-I updates the local integrity protection parameter COUNT-I. The TRNC 201 is further configured to: after receiving the relocation request message forwarded by the core network, send a relocation response message to the core network, and send a relocation detection message to the core network after receiving the radio resource reconfiguration complete message sent by the terminal, and The location completion message.
SRNC 202 用于向 TRNC 201 发送变化安全模式信息响应 (Changed Security Mode Info Rsp ) 消息。 SRNC 202用于在接收到 TRNC 201发送的 变化安全模式信息请求消息后, 向 TRNC 201返回变化安全模式信息响应 消息,该响应消息中包含完整性保护参数 COUNT-I,尤其是下行 COUNT-I, 如果在重定位过程中发生语音业务等业务的连接, 可能因传输 NAS消息而 使 COUNT-I 发生改变, 因此通过变化安全模式信息响应消息将最新的 COUNT-I发送给 TRNC 201。 SRNC 202还用于在需要进行重定位时向核心 网发送重定位请求消息, 在重定位过程中接收核心网发送的重定位命令消 息, 及在接收核心网发送的重定位命令消息后向终端发送空口重配置消息, 之后进入等待核心网的 IU释放命令的状态, 在等待过程中接收 TRNC 201 发送的变化安全模式信息请求消息。 SRNC 202 is used to send change security mode information responses to TRNC 201 (Changed Security Mode Info Rsp ) Message. The SRNC 202 is configured to, after receiving the change security mode information request message sent by the TRNC 201, return a change security mode information response message to the TRNC 201, where the response message includes an integrity protection parameter COUNT-I, especially a downlink COUNT-I. If a connection such as a voice service occurs during the relocation process, the COUNT-I may be changed by transmitting the NAS message, so the latest COUNT-I is sent to the TRNC 201 by changing the security mode information response message. The SRNC 202 is further configured to send a relocation request message to the core network when the relocation needs to be performed, receive a relocation command message sent by the core network in the relocation process, and send the relocation command message sent by the core network to the terminal after receiving the relocation command message sent by the core network. The air interface reconfigures the message, and then enters the state of waiting for the IU release command of the core network, and receives the change security mode information request message sent by the TRNC 201 during the waiting process.
当 RNC作为 TRNC 201时, RNC包括第一收发单元 2011、 第一存储 单元 2012、 定时器 2013及比较单元 2014。 参见图 3A所示。  When the RNC is the TRNC 201, the RNC includes a first transceiver unit 2011, a first storage unit 2012, a timer 2013, and a comparison unit 2014. See Figure 3A.
第一收发单元 2011用于接收及发送消息。 第一收发单元 2011具体用 于向 SRNC 202发送变化安全模式信息请求消息,较佳的第一收发单元 2011 包括 IUR接口, 釆用 IUR接口 (两个 RNC之间直接物理连接的接口) 的 私有消息( Private Message )结构传输变化安全模式信息请求消息, 以便不 影响现有通信协议, 消息内容如图 3B所示。 及接收 SRNC 202返回的变化 安全模式信息响应消息, 较佳的釆用 IUR接口的私有消息结构传输变化安 全模式信息响应消息, 消息内容如图 3C所示。 在变化安全模式信息请求消 息和变化安全模式信息响应消息中, 可以为终端设置标识, 例如, 通过 srnc-U-RNTI表示终端在 SRNC 202侧的实例号, 设置第一收发单元 2011 通过 IUR接口向 SRNC 202发送的请求消息的信元类型为 Changed Security Mode Info Req , 表示请求获取完整性保护参数 COUNT-I信息, 以获取可能 由于传递 NAS消息而发生变化的完整性保护参数 COUNT-I。第一收发单元 2011还用于接收核心网转发的重定位请求消息, 及接收终端通过 Uu 口发 送的无线资源重配完成消息。 第一收发单元 2011还用于接收核心网转发的 重定位请求消息, 及向核心网发送重定位响应消息, 接收终端发送的无线 资源重配完成消息,向核心网发送重定位完成( RELOCATION COMPLETE ) 消息, 完成重定位过程, 及向核心网发送重定位探测消息, 请求用户面数 据的切换。 第一收发单元 2011可以在任何时刻发送变化安全模式信息请求 消息, 例如可以在收到终端发送的无线资源重配完成消息后发送变化安全 模式信息请求消息, 较佳的, 可以在向核心网发送重定位探测消息后, 或 者在向核心网发送重定位完成消息后, 发送变化安全模式信息请求消息, 以便获得最新的 COUNT-I。第一收发单元 2011还可以在收到终端发送的无 线资源重配完成消息后多次发送变化安全模式信息请求消息, 以便获得最 新的 COUNT-I。 The first transceiver unit 2011 is configured to receive and send a message. The first transceiver unit 2011 is specifically configured to send a change security mode information request message to the SRNC 202. The preferred first transceiver unit 2011 includes an IUR interface, and uses a private message of an IUR interface (an interface directly connected between two RNCs). The (Private Message) structure transmits a change security mode information request message so as not to affect the existing communication protocol, and the message content is as shown in FIG. 3B. And receiving the change security mode information response message returned by the SRNC 202, preferably transmitting the change security mode information response message by using the private message structure of the IUR interface, and the message content is as shown in FIG. 3C. In the change security mode information request message and the change security mode information response message, the identifier may be set for the terminal. For example, the instance number of the terminal on the SRNC 202 side is represented by srnc-U-RNTI, and the first transceiver unit 2011 is set to pass through the IUR interface. The cell type of the request message sent by the SRNC 202 is Changed Security Mode Info Req, indicating that the integrity protection parameter COUNT-I information is requested to obtain the integrity protection parameter COUNT-I that may change due to the delivery of the NAS message. The first transceiver unit 2011 is further configured to receive a relocation request message forwarded by the core network, and the receiving terminal sends the message through the Uu interface. The sent radio resource reconfiguration complete message. The first transceiver unit 2011 is further configured to receive a relocation request message forwarded by the core network, and send a relocation response message to the core network, receive a radio resource reconfiguration complete message sent by the terminal, and send a relocation complete to the core network (RELOCATION COMPLETE). The message completes the relocation process, and sends a relocation probe message to the core network to request switching of the user plane data. The first transceiver unit 2011 may send the change security mode information request message at any time. For example, the change security mode information request message may be sent after receiving the radio resource reconfiguration complete message sent by the terminal. Preferably, the change may be sent to the core network. After relocating the probe message, or after transmitting the relocation complete message to the core network, a change security mode information request message is sent to obtain the latest COUNT-I. The first transceiver unit 2011 may further send the change security mode information request message multiple times after receiving the radio resource reconfiguration complete message sent by the terminal, so as to obtain the latest COUNT-I.
第一存储单元 2012用于存储上行及下行完整性保护参数 COUNT-L其 中, 第一存储单元 2012也可以不位于 TRNC 201内, 可以是外部存储器, 或其它类型的存储设备。  The first storage unit 2012 is used to store the uplink and downlink integrity protection parameters COUNT-L, wherein the first storage unit 2012 may not be located in the TRNC 201, and may be an external storage, or other type of storage device.
定时器 2013用于计时。 定时器 2013具体用于, 在第一收发单元 2011 通过 IUR接口发送变化安全模式信息请求消息后, 启动计时, 并使 RNC进 入等待 SRNC 202返回变化安全模式信息响应消息的状态,计时等待 SRNC 202 返回变化安全模式信息响应消息, 以获取最新的完整性保护参数 COUNT-L 如果定时器 2013超时且还未收到 SRNC 202返回的响应消息 , 则使 RNC跳出等待 SRNC 202返回变化安全模式信息响应消息的状态, 比 较单元 2014也不必更新完整性保护参数 COUNT-L  Timer 2013 is used for timing. The timer 2013 is specifically configured to: after the first transceiver unit 2011 sends the change security mode information request message through the IUR interface, start timing, and cause the RNC to enter a state of waiting for the SRNC 202 to return a change security mode information response message, and wait for the SRNC 202 to return. The security mode information response message is changed to obtain the latest integrity protection parameter COUNT-L. If the timer 2013 times out and has not received the response message returned by the SRNC 202, the RNC is caused to jump out and wait for the SRNC 202 to return the change security mode information response message. Status, comparison unit 2014 does not have to update the integrity protection parameter COUNT-L
比较单元 2014用于判断接收到的变化安全模式信息响应消息中是否包 含完整性保护参数 COUNT-L 当判断结果为是时, 继续判断 COUNT-I是否 有效, 即格式是否正确, 可以通过检查 COUNT-I是否共 32位, 是否高 28 位为 HFN、 低 4位为 RRC SN来完成判断过程。 当判断结果为是时, 将变 化安全模式信息响应消息中携带的完整性保护参数 COUNT-I与第一存储单 元 2012中保存的完整性保护参数 COUNT-I相比较, 如果二者不一致, 则 保存两者中的较大值。 如果第一收发单元 2011在定时器 2013超时后也未 收到 SRNC 202通过 IUR接口发送的变化安全模式信息响应消息, 或者接 收到的变化安全模式信息响应消息中并不包含有效的完整性保护参数 COUNT-I 信息, 或者收到的响应消息的信元类型不是 Changed Security Mode Info Rsp, 或者收到的变化安全模式信息响应消息中包含的完整性保 护参数 COUNT-I小于或等于第一存储单元 2012中保存的完整性保护参数 COUNT-I , 则不必更新完整性保护参数 COUNT-I。 The comparing unit 2014 is configured to determine whether the received change security mode information response message includes the integrity protection parameter COUNT-L. When the determination result is yes, continue to determine whether the COUNT-I is valid, that is, whether the format is correct, and the COUNT- Whether I has a total of 32 bits, whether the high 28 bits are HFN and the lower 4 bits are RRC SNs to complete the judgment process. When the judgment result is yes, it will change The integrity protection parameter COUNT-I carried in the security mode information response message is compared with the integrity protection parameter COUNT-I stored in the first storage unit 2012. If the two are inconsistent, the larger of the two is saved. If the first transceiver unit 2011 does not receive the change security mode information response message sent by the SRNC 202 through the IUR interface after the timer 2013 expires, or the received change security mode information response message does not include a valid integrity protection parameter. The COUNT-I information, or the received message type of the response message is not Changed Security Mode Info Rsp, or the received security mode information response message contains the integrity protection parameter COUNT-I less than or equal to the first storage unit 2012 In the integrity protection parameter COUNT-I saved, it is not necessary to update the integrity protection parameter COUNT-I.
参见图 4, 当 RNC作为 SRNC 202时, RNC包括第二收发单元 2021 和生成单元 2022, 还可以包括释放单元 2023。  Referring to FIG. 4, when the RNC is the SRNC 202, the RNC includes a second transceiving unit 2021 and a generating unit 2022, and may further include a releasing unit 2023.
第二收发单元 2021用于接收及发送消息。 第二收发单元 2021用于通 过自身内部的 IUR接口接收 TRNC201发送的变化安全模式信息请求消息, 其中, 该请求消息包含在 IUR接口的私有消息体内。接收到该请求消息后, 第二收发单元 2021通过 IUR接口向 TRNC 201返回变化安全模式信息响应 消息, 其中, 该响应消息包含在 IUR接口的私有消息体内。 第二收发单元 2021还用于在重定位过程开始时向核心网发送重定位请求消息, 通过核心 网将该请求消息转发给 TRNC201 , 接收核心网发送的重定位命令, 及向终 端发送空口重配置 ( Radio Bearer Reconfiguration ) 消息。 其中, 第二收 发单元 2021发送空口重配置消息后, SRNC 202会进入等待核心网的 IU释 放命令的状态中, 在等待过程中接收 TRNC 201发送的变化安全模式信息 请求消息。 如果 SRNC 202不是在等待核心网的 IU释放命令的状态中, 则 不处理变化安全模式信息请求消息, 做丟弃处理。 在重定位流程结束后接 收核心网发送的 IU释放命令,在接收到该释放命令后,指示释放单元 2023 释放终端在 SRNC 202侧的资源。 生成单元 2022用于在第二收发单元 2021接收到 TRNC 201发送的变 化安全模式信息请求消息后生成变化安全模式信息响应消息。 其中, 该响 应消息中包含完整性保护参数 COUNT-I 0 The second transceiver unit 2021 is configured to receive and send a message. The second transceiver unit 2021 is configured to receive a change security mode information request message sent by the TRNC 201 by using an internal IUR interface, where the request message is included in a private message body of the IUR interface. After receiving the request message, the second transceiver unit 2021 returns a change security mode information response message to the TRNC 201 through the IUR interface, where the response message is included in the private message body of the IUR interface. The second transceiver unit 2021 is further configured to send a relocation request message to the core network at the beginning of the relocation process, forward the request message to the TRNC 201 through the core network, receive the relocation command sent by the core network, and send the air interface reconfiguration to the terminal. (Radio Bearer Reconfiguration) message. After the second transceiver unit 2021 sends the air interface reconfiguration message, the SRNC 202 enters a state of waiting for the IU release command of the core network, and receives the change security mode information request message sent by the TRNC 201 during the waiting process. If the SRNC 202 is not in the state of waiting for the IU release command of the core network, the change security mode information request message is not processed and the discarding process is performed. After receiving the release command, the release unit 2023 releases the resource of the terminal on the SRNC 202 side after receiving the release command. The generating unit 2022 is configured to generate a change security mode information response message after the second transceiver unit 2021 receives the change security mode information request message sent by the TRNC 201. Wherein, the response message includes an integrity protection parameter COUNT-I 0
释放单元 2023用于在第二收发单元 2021接收到核心网发送的 IU释放 命令后, 释放终端在 SRNC 202侧的资源。 其中, 资源可以是无线资源控制 ( RRC )连接等。  The releasing unit 2023 is configured to release the resources of the terminal on the SRNC 202 side after the second transceiving unit 2021 receives the IU release command sent by the core network. The resource may be a radio resource control (RRC) connection or the like.
下面通过实现流程来介绍传递完整性保护参数的方法。  The following describes the method of passing the integrity protection parameters through the implementation process.
参见图 5 ,本发明实施例从 TRNC 201侧介绍传递完整性保护参数的方 法。 TRNC 201侧传递完整性保护参数 COUNT-I的主要方法流程如下: 步骤 501 : TRNC 201在收到终端发送的无线资源重配完成消息后, 向 SRNC 202发送变化安全模式信息请求消息,请求获得该终端对应的完整性 保护参数 COUNT-I。  Referring to Figure 5, an embodiment of the present invention introduces a method of transmitting integrity protection parameters from the TRNC 201 side. The main method of the TRNC 201 side transmitting the integrity protection parameter COUNT-I is as follows: Step 501: After receiving the radio resource reconfiguration complete message sent by the terminal, the TRNC 201 sends a change security mode information request message to the SRNC 202, requesting to obtain the The integrity protection parameter COUNT-I corresponding to the terminal.
较佳的, TRNC 201也可以在向核心网发送重定位探测消息之后或者在 向核心网发送重定位完成消息后,向 SRNC 202发送变化安全模式信息请求 消息, 此时控制面及用户面数据已配置或即将配置完成, 核心网已停止或 即将停止向 SRNC 202传送消息, SRNC 202侧的 COUNT-I发生变化的可 能性较小, 以便于 TRNC 201获得最新的 COUNT-I。  Preferably, the TRNC 201 may also send a change security mode information request message to the SRNC 202 after sending the relocation probe message to the core network or after sending the relocation complete message to the core network, where the control plane and the user plane data have been After the configuration is about to be completed, the core network has stopped or is about to stop transmitting messages to the SRNC 202, and the COUNT-I on the SRNC 202 side is less likely to change, so that the TRNC 201 obtains the latest COUNT-I.
步骤 502: TRNC 201根据接收的变化安全模式信息响应消息中携带的 COUNT-I, 更新本地的 COUNT-I。  Step 502: The TRNC 201 updates the local COUNT-I according to the COUNT-I carried in the received change security mode information response message.
参见图 6 , 本发明实施例从 SRNC 202 侧介绍传递完整性保护参数 COUNT-I的方法。 SRNC 202侧传递完整性保护参数 COUNT-I的主要方法 流程如下:  Referring to Figure 6, the embodiment of the present invention introduces a method of transmitting the integrity protection parameter COUNT-I from the SRNC 202 side. SRNC 202 side pass integrity protection parameters COUNT-I's main method The flow is as follows:
步骤 601: SRNC 202在发送空口重配置消息后, 接收 TRNC 201发送 的变化安全模式信息请求消息。  Step 601: After transmitting the air interface reconfiguration message, the SRNC 202 receives the change security mode information request message sent by the TRNC 201.
步骤 601 : SRNC 202向 TRNC201返回变化安全模式信息响应消息。 所述响应消息中包含当前的完整性保护参数 COUNT-L Step 601: The SRNC 202 returns a change security mode information response message to the TRNC 201. The response message includes the current integrity protection parameter COUNT-L
本发明实施例通过转发消息来实现传送安全模式中完整性保护算法 f 的入参 COUNT-I的方法。 其中, 可以通过 IUR接口转发消息。 参见图 7所 示。  The embodiment of the present invention implements a method for transmitting the parameter COUNT-I of the integrity protection algorithm f in the security mode by forwarding a message. Among them, the message can be forwarded through the IUR interface. See Figure 7.
步骤 701: TRNC 201在向核心网发送重定位探测消息后, 通过 IUR接 口向 SRNC 202发送变化安全模式信息请求消息。其中,该请求消息包含在 IUR接口的私有消息体内。  Step 701: After transmitting the relocation detection message to the core network, the TRNC 201 sends a change security mode information request message to the SRNC 202 through the IUR interface. The request message is included in the private message of the IUR interface.
步骤 702: SRNC 202通过 IUR接口返回变化安全模式信息响应消息。 其中, 该响应消息中包含当前的完整性保护参数 COUNT-L 该响应消息包 含在 IUR接口的私有消息体内。  Step 702: The SRNC 202 returns a change security mode information response message through the IUR interface. The response message includes the current integrity protection parameter COUNT-L. The response message is included in the private message body of the IUR interface.
步骤 703 : TRNC 201 判断收到的消息中携带的完整性保护参数 COUNT-I是否大于本地的 COUNT-I。 当判断结果为是时, 继续步骤 704, 否则继续步骤 705。  Step 703: The TRNC 201 determines whether the integrity protection parameter COUNT-I carried in the received message is greater than the local COUNT-I. When the result of the determination is yes, proceed to step 704, otherwise proceed to step 705.
步骤 704: TRNC 201更新本地保存的完整性保护参数 COUNT-L 其中, TRNC 201将收到的消息中携带的完整性保护参数 COUNT-I与 第一存储单元 2013中保存的完整性保护参数 COUNT-I相比较, 如果二者 不一致, 则保存两者中的较大值。 如果 TRNC 201接收到的变化安全模式 信息响应消息中并不包含有效的完整性保护参数 COUNT-I消息, 或者收到 的响应消息的信元类型不是 Changed Security Mode Info Rs ,或者收到的变 化安全模式信息响应消息中包含的完整性保护参数 COUNT-I 小于或等于 TRNC 201 中保存的完整性保护参数 COUNT-I, 则不必更新完整性保护参 数 COUNT-I。  Step 704: The TRNC 201 updates the locally saved integrity protection parameter COUNT-L, where the TRNC 201 compares the integrity protection parameter COUNT-I carried in the received message with the integrity protection parameter COUNT- saved in the first storage unit 2013. Comparing I, if the two are inconsistent, save the larger of the two. If the change security mode information response message received by the TRNC 201 does not contain a valid integrity protection parameter COUNT-I message, or the cell type of the received response message is not Changed Security Mode Info Rs, or the received change security If the integrity protection parameter COUNT-I contained in the mode information response message is less than or equal to the integrity protection parameter COUNT-I held in the TRNC 201, it is not necessary to update the integrity protection parameter COUNT-I.
步骤 705: TRNC 201向核心网回复重定位完成消息, 完成重定位过程。 参见图 8 , 本发明实施例从 TRNC 201 侧介绍传递完整性保护参数 COUNT-I的方法。 TRNC 201侧传递完整性保护参数的详细方法流程如下: 终端通过 Uu口向 TRNC 201发送无线资源重配完成的消息, TRNC 201 向核心网发送重定位探测消息。 Step 705: The TRNC 201 returns a relocation complete message to the core network to complete the relocation process. Referring to Figure 8, an embodiment of the present invention introduces a method of transmitting an integrity protection parameter COUNT-I from the TRNC 201 side. The detailed method flow for passing the integrity protection parameters on the TRNC 201 side is as follows: The terminal sends a message of completion of radio resource reconfiguration to the TRNC 201 through the Uu interface, and the TRNC 201 sends a relocation detection message to the core network.
步骤 801: TRNC 201在向核心网发送重定位探测消息后, 通过 IUR接 口向 SRNC 202发送变化安全模式信息请求消息。其中, 变化安全模式信息 请求消息包含在 IUR接口的私有消息中。  Step 801: After transmitting the relocation detection message to the core network, the TRNC 201 sends a change security mode information request message to the SRNC 202 through the IUR interface. The change security mode information request message is included in the private message of the IUR interface.
步骤 802: TRNC 201启动定时器 2014, 进入等待响应的状态, 以等待 SRNC 202返回变化安全模式信息响应消息。  Step 802: The TRNC 201 starts the timer 2014 and enters a state waiting for a response to wait for the SRNC 202 to return a change security mode information response message.
步骤 803: 在定时器 2014超时前, TRNC 201接收变化安全模式信息 响应消息。 继续步骤 804。 其中, 该响应消息是 TRNC 201通过 IUR接口接 收的,该响应消息包含在 IUR接口的私有消息体内。 TRNC 201对私有消息 体解析, 获得该变化安全模式信息响应消息中的完整性保护参数 COUNT-I 信息。  Step 803: The TRNC 201 receives the change security mode information response message before the timer 2014 times out. Continue with step 804. The response message is received by the TRNC 201 through the IUR interface, and the response message is included in the private message body of the IUR interface. The TRNC 201 parses the private message body to obtain the integrity protection parameter COUNT-I information in the change security mode information response message.
步骤 804: TRNC 201判断收到的变化安全模式信息响应消息中是否包 含完整性保护参数 COUNT-L 当判断结果为是时, 继续步骤 805 , 否则继 续步骤 807。  Step 804: The TRNC 201 determines whether the received change security mode information response message includes an integrity protection parameter. COUNT-L When the determination result is yes, proceed to step 805, otherwise proceed to step 807.
步骤 805: TRNC 201 判断收到的响应消息中包含的完整性保护参数 COUNT-I是否大于本地的 COUNT-I。 当判断结果为是时, 继续步骤 806, 否则继续步骤 807。  Step 805: The TRNC 201 determines whether the integrity protection parameter COUNT-I included in the received response message is greater than the local COUNT-I. When the answer is yes, proceed to step 806, otherwise continue to step 807.
步骤 806: TRNC 201更新保存在本地的完整性保护参数 COUNT-I 0 其中, 比较单元 2015将第一收发单元 2011接收的响应消息中携带的 完整性保护参数 COUNT-I与第一存储单元 2013中保存的完整性保护参数 COUNT-I相比较, 如果二者不一致, 则保存两者中的较大值。 Step 806: The TRNC 201 updates the integrity protection parameter COUNT-I 0 stored in the local, wherein the comparison unit 2015 compares the integrity protection parameter COUNT-I carried in the response message received by the first transceiver unit 2011 with the first storage unit 2013. The saved integrity protection parameter COUNT-I is compared, if the two are inconsistent, the larger of the two is saved.
如果 TRNC 201在定时器 2014超时后也未收到变化安全模式信息响应 消息, 或者接收到的变化安全模式信息响应消息中并不包含有效的完整性 保护参数 COUNT-I 消息, 或者收到的响应消息的信元类型不是 Changed Security Mode Info Rsp,或者收到的变化安全模式信息响应消息中包含的完 整性保护参数 COUNT-I小于或等于 TRNC 201 中保存的完整性保护参数 COUNT-I , 则不必更新完整性保护参数 COUNT-I , 继续步骤 807。 If the TRNC 201 does not receive the change security mode information response message after the timer 2014 times out, or the received change security mode information response message does not contain a valid integrity protection parameter COUNT-I message, or the received response The cell type of the message is not Changed Security Mode Info Rsp, or the integrity protection parameter COUNT-I contained in the received change security mode information response message is less than or equal to the integrity protection parameter COUNT-I saved in TRNC 201, and it is not necessary to update the integrity protection parameter COUNT- I. Continue to step 807.
步骤 807: TRNC 201向核心网回复重定位完成消息,完成重定位过程。 参见图 9 , 本发明实施例从 SRNC 202 侧介绍传递完整性保护参数 COUNT-I的方法。 SRNC 202侧传递完整性保护参数的详细方法流程如下: Step 807: The TRNC 201 returns a relocation complete message to the core network to complete the relocation process. Referring to FIG. 9, an embodiment of the present invention introduces a method of transmitting an integrity protection parameter COUNT-I from the SRNC 202 side. The detailed method flow for passing the integrity protection parameters on the SRNC 202 side is as follows:
SRNC 202收到核心网发送的重定位命令,并向终端成功发送空口重配 置消息, 进入等待核心网的 IU释放命令的状态。 The SRNC 202 receives the relocation command sent by the core network, and successfully sends the air interface reconfiguration message to the terminal, and enters the state of waiting for the IU release command of the core network.
步骤 901: SRNC 202接收 TRNC 201通过 IUR接口发送的变化安全模 式信息请求消息。 其中, 该请求消息包含在 IUR接口的私有消息体内。  Step 901: The SRNC 202 receives the change security mode information request message sent by the TRNC 201 through the IUR interface. The request message is included in the private message body of the IUR interface.
步骤 902: SRNC 202通过 IUR接口向 TRNC 201返回变化安全模式信 息响应消息。 其中, 该响应消息中包含当前的完整性保护参数 COUNT-I信 息。  Step 902: The SRNC 202 returns a change security mode information response message to the TRNC 201 via the IUR interface. The response message includes the current integrity protection parameter COUNT-I information.
该变化安全模式信息响应消息包含在 IUR接口的私有消息体内。其中, 设置 srnc-U-RNTI为终端在 SRNC 202侧的实例号,设置发送的响应消息的 信元类型为 Changed Security Mode Info Rsp,表示发送的消息携带有完整性 保护参数 COUNT-I。  The change security mode information response message is included in the private message body of the IUR interface. The srnc-U-RNTI is set to the instance number of the terminal on the SRNC 202 side, and the cell type of the sent response message is changed to Changed Security Mode Info Rsp, indicating that the sent message carries the integrity protection parameter COUNT-I.
如果 SRNC 202不是在等待核心网的 IU释放命令的等待状态中, 则不 处理变化安全模式信息请求消息, 做丟弃处理。  If the SRNC 202 is not waiting in the waiting state of the IU release command of the core network, the change security mode information request message is not processed and the discarding process is performed.
步骤 903: SRNC 202接收核心网发送的 IU释放命令。  Step 903: The SRNC 202 receives the IU release command sent by the core network.
步骤 904: SRNC 202释放终端在 SRNC 202侧的资源。 其中, 资源可 以是 RRC连接等。  Step 904: The SRNC 202 releases the resources of the terminal on the SRNC 202 side. The resource may be an RRC connection or the like.
本发明实施例中, TRNC 201在收到终端发送的无线资源重配完成消息 后向 SRNC 202发送变化安全模式信息请求消息; SRNC 202接收该请求消 息, 并向 TRNC 201返回变化安全模式请求消息响应消息, 其中, 该响应 消息中包含当前的完整性保护参数 COUNT-I; TRNC 201根据接收的响应 消息中携带的 COUNT-I , 更新本地的 COUNT-I。 实现了在重定位过程中正 确传递完整性保护参数 COUNT-I,提高跨 RNC切换时 TRNC 201和终端所 保存的完整性保护参数 COUNT-I的一致性, 不必限制 NAS消息的数量, 也不会因此而出现丟弃 NAS消息的问题, 从而使接收方能够用完整性保护 算法 f9正确完成对信令数据在发送过程中是否被非法修改的校验, 避免因 完整性保护参数 COUNT-I未能正确传递而使信令丟弃, 进而影响业务的建 立和传输。 并且 TRNC可以在任何时刻发送变化安全模式信息请求消息, 例如可以在收到终端发送的无线资源重配完成消息后发送变化安全模式信 息请求消息, 较佳的, 可以在向核心网发送重定位探测消息后或向核心网 发送重定位完成消息后发送变化安全模式信息请求消息, 此时控制面及用 户面数据均已或即将配置完成, 核心网可能已停止向 SRNC 传送消息, SRNC侧的 COUNT-I再发生变化的可能性较小, 获取之后因 SRNC与终端 继续交互而导致 COUNT-I 又发生改变的可能性较小, 以便获得最新的 COUNT-I 0 且变化安全模式信息请求消息及变化安全模式信息响应消息均 可位于 IUR接口的私有消息体内, 便于消息的扩展, 且不影响现有通信协 议。以上均保证在跨 RNC的切换过程中不会发生掉话,确保终端主叫成功, 及业务流程的正常进行。 存储介质。 本发明的精神和范围。 这样, 倘若本发明的这些修改和变型属于本发明权 利要求及其等同技术的范围之内, 则本发明也意图包含这些改动和变型在 内。 In the embodiment of the present invention, the TRNC 201 sends a change security mode information request message to the SRNC 202 after receiving the radio resource reconfiguration complete message sent by the terminal; the SRNC 202 receives the request message, and returns a change security mode request message response to the TRNC 201. Message, where the response The message contains the current integrity protection parameter COUNT-I; TRNC 201 updates the local COUNT-I according to the COUNT-I carried in the received response message. The integrity protection parameter COUNT-I is correctly transmitted in the relocation process, and the consistency of the integrity protection parameter COUNT-I saved by the TRNC 201 and the terminal when the RNC is switched is not limited, and the number of NAS messages is not limited, nor is it Therefore, the problem of discarding the NAS message occurs, so that the receiver can correctly complete the verification of whether the signaling data is illegally modified during the sending process by using the integrity protection algorithm f9, and avoid the failure of the integrity protection parameter COUNT-I. The correct transmission causes the signaling to be discarded, which in turn affects the establishment and transmission of services. And the TRNC may send the change security mode information request message at any time. For example, the change security mode information request message may be sent after receiving the radio resource reconfiguration complete message sent by the terminal. Preferably, the relocation detection may be sent to the core network. After the message or after sending the relocation complete message to the core network, the change security mode information request message is sent. At this time, the control plane and the user plane data are all configured or will be configured, and the core network may have stopped transmitting the message to the SRNC, and the COUNT- on the SRNC side I is less likely to change again. After the acquisition, the possibility that the COUNT-I changes again due to the continued interaction between the SRNC and the terminal is less, in order to obtain the latest COUNT-I 0 and change the security mode information request message and change security. The mode information response message can be located in the private message of the IUR interface, which facilitates the extension of the message without affecting the existing communication protocol. All of the above ensure that no call drop occurs during the handover process across the RNC, ensuring that the terminal caller is successful and the service flow is normal. Storage medium. The spirit and scope of the invention. Thus, it is intended that the present invention cover the modifications and the modifications of the invention

Claims

权利要求书 Claim
1、 一种传递完整性保护参数的方法, 其特征在于, 该方法包括: 第一 RNC 无线网络控制器在收到终端发送的无线资源重配完成消息 后, 向第二 RNC发送变化安全模式信息请求消息, 请求获得该终端对应的 完整性保护参数 COUNT-I; 其中, 在重定位过程中, 所述第一 RNC为目标 RNC, 第二 RNC为源 RNC; A method for transmitting an integrity protection parameter, the method comprising: the first RNC, after receiving the radio resource reconfiguration complete message sent by the terminal, the radio network controller sends the change security mode information to the second RNC. a request message, requesting to obtain an integrity protection parameter COUNT-I corresponding to the terminal; wherein, in the relocation process, the first RNC is a target RNC, and the second RNC is a source RNC;
第一 RNC根据接收的第二 RNC返回的变化安全模式信息响应消息中 携带的 COUNT-I , 更新本地的 COUNT-I。  The first RNC updates the local COUNT-I according to the COUNT-I carried in the change security mode information response message returned by the second RNC.
2、如权利要求 1所述的方法,其特征在于,所述第一 RNC向第二 RNC 发送变化安全模式信息请求消息的步骤包括:  The method of claim 1, wherein the step of the first RNC transmitting a change security mode information request message to the second RNC comprises:
第一 RNC通过 IUR接口向第二 RNC发送变化安全模式信息请求消息; 所述变化安全模式信息请求消息包含在 IUR接口的私有消息体内。  The first RNC sends a change security mode information request message to the second RNC through the IUR interface; the change security mode information request message is included in the private message body of the IUR interface.
3、 如权利要求 1或 2所述的方法, 其特征在于, 该方法还包括: 所述第一 RNC向第二 RNC发送变化安全模式信息请求消息之后, 第 一 RNC开启定时器, 进入等待响应的状态中。  The method according to claim 1 or 2, wherein the method further comprises: after the first RNC sends a change security mode information request message to the second RNC, the first RNC starts a timer, and waits for a response. In the state.
4、 如权利要求 3所述的方法, 其特征在于, 该方法还包括: 所述第一 RNC在定时器超时后根据本地的 COUNT-I继续传输消息。  The method according to claim 3, wherein the method further comprises: the first RNC continuing to transmit the message according to the local COUNT-I after the timer expires.
5、 如权利要求 1或 2所述的方法, 其特征在于, 所述第一 RNC更新 本地的 COUNT-I步骤包括:  The method according to claim 1 or 2, wherein the step of updating the local COUNT-I by the first RNC comprises:
第一 RNC将接收的变化安全模式信息响应消息中携带的 COUNT-I与 本地的 COUNT-I进行比较, 如果二者不一致, 保存所述变化安全模式信息 响应消息中携带的 COUNT-I和本地的 COUNT-I中的较大值。  The first RNC compares the COUNT-I carried in the received change security mode information response message with the local COUNT-I, and if the two are inconsistent, saves the COUNT-I and the local carried in the change security mode information response message. The larger value in COUNT-I.
6、 如权利要求 1或 2所述的方法, 其特征在于, 所述第一 RNC向第 二 RNC发送变化安全模式信息请求消息的步骤包括: 第一 RNC在收到终端发送的无线资源重配完成消息后向核心网发送重 定位探测消息和重定位完成消息, 并在发送重定位探测消息或重定位完成 消息后向第二 RNC发送变化安全模式信息请求消息。 The method according to claim 1 or 2, wherein the step of the first RNC transmitting a change security mode information request message to the second RNC comprises: After receiving the radio resource reconfiguration complete message sent by the terminal, the first RNC sends a relocation detection message and a relocation complete message to the core network, and sends the change security to the second RNC after sending the relocation detection message or the relocation complete message. Mode information request message.
7、 一种传递完整性保护参数的方法, 其特征在于, 该方法包括: 第二 RNC在发送空口重配置消息后, 接收第一 RNC发送的变化安全 模式信息请求消息;  A method for transmitting an integrity protection parameter, the method comprising: after receiving an air interface reconfiguration message, the second RNC receives a change security mode information request message sent by the first RNC;
第二 RNC生成变化安全模式信息响应消息, 并向第一 RNC返回所述 变化安全模式信息响应消息; 所述响应消息中包含当前的完整性保护参数 COUNT-L  The second RNC generates a change security mode information response message, and returns the change security mode information response message to the first RNC; the response message includes the current integrity protection parameter COUNT-L
8、如权利要求 7所述的方法,其特征在于,所述第二 RNC向第一 RNC 返回变化安全模式信息响应消息的步骤包括:  The method of claim 7, wherein the step of the second RNC returning the change security mode information response message to the first RNC comprises:
第二 RNC通过 IUR接口向第一 RNC返回变化安全模式信息响应消息; 所述变化安全模式信息响应消息包含在 IUR接口的私有消息体内。  The second RNC returns a change security mode information response message to the first RNC through the IUR interface; the change security mode information response message is included in the private message body of the IUR interface.
9、 一种无线网络控制器 RNC, 其特征在于, 该 RNC包括:  9. A radio network controller RNC, characterized in that the RNC comprises:
第一收发单元, 用于向其它 RNC发送变化安全模式信息请求消息, 及 接收变化安全模式信息响应消息;  a first transceiver unit, configured to send a change security mode information request message to other RNCs, and receive a change security mode information response message;
比较单元, 用于根据接收的变化安全模式信息响应消息中携带的完整 性保护参数 COUNT-I , 更新本地的 COUNT-I。  And a comparing unit, configured to update the local COUNT-I according to the integrity protection parameter COUNT-I carried in the received change security mode information response message.
10、 如权利要求 9所述的无线网络控制器, 其特征在于, 所述第一收 发单元包括 IUR接口; 第一收发单元进一步用于通过 IUR接口向 SRNC发 送变化安全模式信息请求消息。  The radio network controller according to claim 9, wherein the first transceiver unit comprises an IUR interface; the first transceiver unit is further configured to send a change security mode information request message to the SRNC through the IUR interface.
11、 如权利要求 9或 10所述的无线网络控制器, 其特征在于, 该 RNC 还包括: 定时器, 用于计时。  The radio network controller according to claim 9 or 10, wherein the RNC further comprises: a timer for timing.
12、 如权利要求 11所述的无线网络控制器, 其特征在于, 所述第一收 发单元进一步用于: 在定时器超时后根据本地的 COUNT-I继续传输消息。 The radio network controller according to claim 11, wherein the first transceiver unit is further configured to: continue to transmit a message according to the local COUNT-I after the timer expires.
13、 如权利要求 9或 10所述的无线网络控制器, 其特征在于, 所述比 较单元进一步用于: 将接收的变化安全模式信息响应消息中携带的 COUNT-I与本地的 COUNT-I进行比较,如果二者不一致,保存所述变化安 全模式信息响应消息中携带的 COUNT-I和本地的 COUNT-I中的较大值。 The radio network controller according to claim 9 or 10, wherein the comparing unit is further configured to: perform COUNT-I carried in the received change security mode information response message with the local COUNT-I For comparison, if the two are inconsistent, the larger value of COUNT-I and local COUNT-I carried in the change security mode information response message is saved.
14、 如权利要求 9或 10所述的无线网络控制器, 其特征在于, 所述第 一收发单元进一步用于: 在向核心网发送重定位探测消息或重定位完成消 息后, 向其它 RNC发送变化安全模式信息请求消息。  The radio network controller according to claim 9 or 10, wherein the first transceiver unit is further configured to: send a relocation probe message or a relocation complete message to the core network, and send the message to the other RNC. Change the security mode information request message.
15、 如权利要求 9所述的无线网络控制器, 其特征在于, 所述第一收 发单元还用于: 接收第二 RNC发送的变化安全模式信息请求消息, 及向其 它 RNC返回变化安全模式信息响应消息; 所述响应消息中包含完整性保护 参数 COUNT-I。  The radio network controller according to claim 9, wherein the first transceiver unit is further configured to: receive a change security mode information request message sent by the second RNC, and return the change security mode information to the other RNC. a response message; the response message includes an integrity protection parameter COUNT-I.
16、 如权利要求 15所述的无线网络控制器, 其特征在于, 所述第一收 发单元进一步用于:通过 IUR接口向其它 RNC返回变化安全模式信息响应 消息。  The radio network controller according to claim 15, wherein the first transceiver unit is further configured to: return a change security mode information response message to other RNCs through the IUR interface.
17、 一种无线网络控制器, 其特征在于, 该无线网络控制器包括: 第二收发单元,用于接收其它 RNC发送的变化安全模式信息请求消息, 及向其它 RNC返回变化安全模式信息响应消息;  A radio network controller, the radio network controller, comprising: a second transceiver unit, configured to receive a change security mode information request message sent by another RNC, and return a change security mode information response message to another RNC. ;
生成单元, 用于在接收到其它 RNC发送的变化安全模式信息请求消息 之后生成变化安全模式信息响应消息; 所述响应消息中包含完整性保护参 数 COUNT-I。  And a generating unit, configured to generate a change security mode information response message after receiving the change security mode information request message sent by the other RNC; the response message includes an integrity protection parameter COUNT-I.
18、 如权利要求 17所述的无线网络控制器, 其特征在于, 所述第二收 发单元通过 IUR接口向其它 RNC返回变化安全模式信息响应消息。  The radio network controller according to claim 17, wherein the second transceiver unit returns a change security mode information response message to other RNCs through the IUR interface.
PCT/CN2011/076563 2010-06-30 2011-06-29 Method and apparatus for transmitting integrity protection parameter WO2012000435A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010216143.8 2010-06-30
CN2010102161438A CN102316455A (en) 2010-06-30 2010-06-30 Method and device for transmitting completeness protection parameters

Publications (1)

Publication Number Publication Date
WO2012000435A1 true WO2012000435A1 (en) 2012-01-05

Family

ID=45401399

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/076563 WO2012000435A1 (en) 2010-06-30 2011-06-29 Method and apparatus for transmitting integrity protection parameter

Country Status (2)

Country Link
CN (1) CN102316455A (en)
WO (1) WO2012000435A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103297971B (en) * 2012-02-29 2016-06-22 鼎桥通信技术有限公司 Completeness protection method in a kind of communication system and system
CN104469745B (en) * 2014-11-26 2018-05-01 大唐移动通信设备有限公司 The application process and device of a kind of integrity protection parameter
CN108668281B (en) * 2017-03-31 2021-07-09 华为技术有限公司 Communication method, related equipment and system
CN110536415B (en) * 2018-05-23 2020-11-20 大唐移动通信设备有限公司 NAS message processing method, cluster terminal and cluster core network
WO2024073924A1 (en) * 2022-11-17 2024-04-11 Lenovo (Beijing) Ltd. Methods and apparatus of determining integrity of positioning estimates

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20050082177A (en) * 2004-02-18 2005-08-23 삼성전자주식회사 Method for determining reference power of power balancing in mobile communication system
CN101202936A (en) * 2006-12-11 2008-06-18 大唐移动通信设备有限公司 Method, system realizing RRC signal order integrality protection referring to SRNS relocation and wireless network controller
CN101388829A (en) * 2007-09-10 2009-03-18 大唐移动通信设备有限公司 Signaling for reposition and data ciphering method, system and radio network controller
CN101715188A (en) * 2010-01-14 2010-05-26 中兴通讯股份有限公司 Updating method and updating system of air interface key

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100581288C (en) * 2006-04-17 2010-01-13 大唐移动通信设备有限公司 Method for ensuring the compatible integrity parameters from both the receiving and sending parties
CN100544489C (en) * 2006-07-21 2009-09-23 普天信息技术研究院 A kind of method for relocating service wireless network subsystem

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20050082177A (en) * 2004-02-18 2005-08-23 삼성전자주식회사 Method for determining reference power of power balancing in mobile communication system
CN101202936A (en) * 2006-12-11 2008-06-18 大唐移动通信设备有限公司 Method, system realizing RRC signal order integrality protection referring to SRNS relocation and wireless network controller
CN101388829A (en) * 2007-09-10 2009-03-18 大唐移动通信设备有限公司 Signaling for reposition and data ciphering method, system and radio network controller
CN101715188A (en) * 2010-01-14 2010-05-26 中兴通讯股份有限公司 Updating method and updating system of air interface key

Also Published As

Publication number Publication date
CN102316455A (en) 2012-01-11

Similar Documents

Publication Publication Date Title
CN109802809B (en) Network access method, terminal equipment and network equipment
WO2014198133A1 (en) Resource allocation method and device for data radio bearer (drb)
AU2017424739B2 (en) Switching method, access network device and terminal device
TW200812409A (en) Method and system for performing handover in a wireless communication system
WO2017166247A1 (en) Communication method, network-side device, and user terminal
WO2011006440A1 (en) Method and device for switching
WO2017132965A1 (en) Data transmission system, method, and device
US9510255B2 (en) Network handover method and apparatus
WO2009155835A1 (en) Method, apparatus and system of key derivation
TW201108785A (en) Method and apparatus for handling inter-RAT handover
WO2011088787A1 (en) Method and device for handover in access point network
TW200850017A (en) RRC messages and procedures
WO2011116547A1 (en) Method and device for configuring radio resources during handover
WO2012109987A1 (en) Connection establishment method and device
WO2012000435A1 (en) Method and apparatus for transmitting integrity protection parameter
WO2013107218A1 (en) Uu interface reconfiguration method and device
WO2011020296A1 (en) Method, system and equipment of implementing data forwarding during switching process of user equipment
TW200926852A (en) Handover method and apparatus in a wireless telecommunications network
KR20050089686A (en) A service flow management method for active bs set in mobile broadband wireless access system
JP5655138B2 (en) S1 handover method, S1 handover data transmission method, and mobile communication system
US20230156587A1 (en) Transmission Configuration Method and Device
WO2012024916A1 (en) Signaling trace method and device
TWI531257B (en) Wireless communication system and authentication method thereof
WO2014206179A1 (en) Method, terminal, base station and system, and storage medium for implementing automatic neighbor relation establishment
TWI397293B (en) Mobile station security mode method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11800180

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11800180

Country of ref document: EP

Kind code of ref document: A1