WO2012000435A1 - Procédé et appareil de transmission de paramètre de protection d'intégrité - Google Patents

Procédé et appareil de transmission de paramètre de protection d'intégrité Download PDF

Info

Publication number
WO2012000435A1
WO2012000435A1 PCT/CN2011/076563 CN2011076563W WO2012000435A1 WO 2012000435 A1 WO2012000435 A1 WO 2012000435A1 CN 2011076563 W CN2011076563 W CN 2011076563W WO 2012000435 A1 WO2012000435 A1 WO 2012000435A1
Authority
WO
WIPO (PCT)
Prior art keywords
rnc
mode information
security mode
message
change security
Prior art date
Application number
PCT/CN2011/076563
Other languages
English (en)
Chinese (zh)
Inventor
王登辉
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2012000435A1 publication Critical patent/WO2012000435A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/106Packet or message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/108Source integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/02Data link layer protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/12Access point controller devices

Definitions

  • the present invention relates to the field of mobile communications, and in particular, to a method and apparatus for transmitting integrity protection parameters. Background technique
  • Hard handover refers to the form of handover that first disconnects the original cell and then contacts the new base station within a specified time. Among them, it can be a switch between different cells in an RNC (Radio Network Controller), or it can be a switch across RNCs. A hard handoff across RNC is called relocation (RELOCATION).
  • RNC Radio Network Controller
  • RELOCATION relocation
  • the message cell carries the Hyper Frame Number (HFN) of the SPON (Signaling Radio Bearer) and the Radio Resource Control Message Sequence Number (RRC SN). .
  • HFN Hyper Frame Number
  • RRC SN Radio Resource Control Message Sequence Number
  • COUNT-I is the parameter of the integrity protection f algorithm of the air interface signaling message. Integrity protection f The algorithm allows the receiver to verify that the signaling data was illegally modified after it was sent.
  • Figure 1A shows the composition of COUNT-I.
  • the upper 28 bits of COUNT-I are used for HFN and the lower 4 bits are used for RRC SN. Among them, the upstream and downstream COUNT-I are calculated separately.
  • the SRNC Source Radio Network Controller
  • the TRNC Target Radio Network Controller
  • TRNC Target Radio Network Controller
  • TRNC returns a relocation response message to the core network.
  • the core network sends a relocation command message to the SRNC.
  • the SRNC sends an air interface reconfiguration message to the terminal, and the air interface reconfiguration is performed.
  • the downstream COUNT-I in the interest is incremented by one with respect to the downstream COUNT-I transmitted to the TRNC.
  • the terminal sends a radio resource reconfiguration complete message to the TRNC after the reconfiguration is completed.
  • the TRNC sends a relocation probe message and a relocation complete message to the core network to complete the relocation process. If the voice service is established after the SRNC sends the relocation request message to the core network, the SRNC interacts with the terminal (Non-Access Stratum) message, for example, the SRNC sends a heavy message to the core network. After the positioning request message, the core network sends a connection (CONNECT) message to the SRNC, and the SRNC forwards the connection message to the terminal. Both the SRNC and the downstream COUNT-I of the terminal will increase, which is greater than the downstream COUNT-I transmitted to the TRNC.
  • the terminal Non-Access Stratum
  • CONNECT connection
  • the terminal After the relocation succeeds, the terminal sends a connection response message to the core network through the TRNC, and the core network sends a ringing message to the terminal through the TRNC.
  • the downlink COUNT-I carried by the TRNC in the downlink message is equal to the downlink COUNT-L saved by the terminal. Therefore, the terminal discards the received message, causing the voice service transmission to fail.
  • the embodiment of the invention provides a method and a device for transmitting an integrity protection parameter, which are used for realizing the transmission of the integrity protection parameter COUNT-I in the relocation process, and improving the TRNC and the COUNT-I saved by the terminal after the RNC switching. consistency.
  • the present invention provides a method for transmitting an integrity protection parameter, the method comprising the following steps: After receiving a radio resource reconfiguration complete message sent by a terminal, the first RNC (Radio Network Controller) sends a change security mode to the second RNC. The information request message, requesting to obtain the integrity protection parameter COUNT-I corresponding to the terminal; wherein the first RNC is the target RNC, and the second RNC is the source RNC;
  • the first RNC Radio Network Controller
  • the first RNC updates the local COUNT-I according to the COUNT-I carried in the change security mode information response message returned by the second RNC.
  • the step of the first RNC sending a change security mode information request message to the second RNC includes: sending, by the first RNC, a change security mode to the second RNC through the IUR interface Information request message; the change security mode information request message is included in a private message body of the IUR interface.
  • the method further includes: after the first RNC sends the change security mode information request message to the second RNC, the first RNC starts the timer and enters a state of waiting for response.
  • the foregoing method further includes: the first RNC continues to transmit the message according to the local COUNT-I after the timer expires.
  • the step of updating the local COUNT-I according to the integrity protection parameter COUNT-I carried in the received response message by the first RNC includes: the COUNT- carried in the received change security mode information response message by the first RNC. I compares with the local COUNT-I. If the two are inconsistent, the larger value of the COUNT-I and the local COUNT-I carried in the change security mode information response message is saved.
  • the step of the first RNC sending a change security mode information request message to the second RNC includes: sending, by the first RNC, a relocation detection message and relocation to the core network after receiving the radio resource reconfiguration complete message sent by the terminal The message is completed, and a change security mode information request message is sent to the second RNC after sending the relocation probe message or the relocation complete message.
  • the present invention provides a method of transmitting an integrity protection parameter, the method comprising the steps of:
  • the second RNC After sending the air interface reconfiguration message, the second RNC receives the change security mode information request message sent by the first RNC;
  • the second RNC generates a change security mode information response message, and returns a change security mode information response message to the first RNC; the response message includes a current integrity protection parameter COUNT-I.
  • the step of the second RNC returning the change security mode information response message to the first RNC includes: returning, by the second RNC, a change security mode information response message to the first RNC through the IUR interface; the change security mode information response message Private elimination contained in the IUR interface In the body.
  • the present invention also provides a Radio Network Controller (RNC), the radio network controller comprising:
  • a first transceiver unit configured to send a change security mode information request message to other RNCs, and receive a change security mode information response message;
  • a comparing unit configured to update the local COUNT-I according to the integrity protection parameter COUNT-I carried in the received change security mode information response message.
  • the first transceiver unit includes an IUR interface, and the first transceiver unit is further configured to send a change security mode information request message to the SRNC through the IUR interface.
  • the above apparatus further includes: a timer for timing.
  • the first transceiver unit is further configured to: continue to transmit the message according to the local COUNT-I after the timer expires.
  • the comparing unit is further configured to: compare the COUNT-I carried in the received change security mode information response message with the local COUNT-I, and if the two are inconsistent, save the change security mode information response message. The larger of the COUNT-I carried and the local COUNT-I.
  • the first transceiver unit is further configured to: after sending the relocation detection message or the relocation complete message to the core network, send a change security mode information request message to the other RNC.
  • the first transceiver unit is further configured to: receive a change security mode information request message sent by the second RNC, and return a change security mode information response message to the other RNC; the response message includes an integrity protection parameter C0UNT- L
  • the first transceiver unit is further configured to: return a change security mode information response message to the other RNCs through the IUR interface.
  • the present invention also provides a radio network controller (RNC), where the radio network controller includes: a second transceiver unit, configured to receive a change security mode information request message sent by another RNC, and return a change security mode information response message to other RNCs;
  • RNC radio network controller
  • a generating unit configured to generate a change security mode information response message after receiving the change security mode information request message sent by the other RNC; the response message includes an integrity protection parameter COUNT-I.
  • the second transceiver unit is further configured to: return a change security mode information response message to other RNCs through the IUR interface.
  • the TRNC sends a change security mode information request message to the SRNC after receiving the radio resource reconfiguration complete message sent by the terminal; the SRNC receives the request message, and returns a change security mode information response message to the TRNC, where The response message contains the latest integrity protection parameter COUNT-I; TRNC updates the local COUNT-I according to the COUNT-I carried in the received response message.
  • the present invention can correctly transmit the integrity protection parameter COUNT-I, thereby improving the consistency of the integrity protection parameter COUNT-I held by the TRNC and the terminal when switching between RNCs.
  • Figure 1A is a schematic diagram of the composition of the integrity protection parameter COUNT-I;
  • FIG. 1B is a schematic diagram of dropping NAS messages caused by cross-RC handover
  • FIG. 2 is a main structural diagram of a communication system according to an embodiment of the present invention.
  • 3A is a detailed structural diagram of a TRNC according to an embodiment of the present invention.
  • FIG. 3B is a schematic diagram of content of a change security mode information request message according to an embodiment of the present invention
  • FIG. 3C is a schematic diagram of content of a change security mode information response message according to an embodiment of the present invention
  • FIG. 4 is a detailed structural diagram of a SRNC according to an embodiment of the present invention
  • FIG. 5 is a flowchart of a main method for transmitting a integrity protection parameter COUNT-I on the TRNC side according to an embodiment of the present invention
  • FIG. 6 is a main diagram of the SRNC side transmission integrity protection parameter COUNT-I according to an embodiment of the present invention. Method flow chart;
  • FIG. 7 is a flowchart of a detailed method for transmitting an integrity protection parameter COUNT-I when forwarding a message through an IUR interface according to an embodiment of the present invention
  • FIG. 8 is a flowchart of a detailed method for transmitting the integrity protection parameter COUNT-I of the TRNC side according to an embodiment of the present invention.
  • Figure 9 is a flow chart showing the detailed method of transmitting the integrity protection parameter COUNT-I on the SRNC side in the embodiment of the present invention. detailed description
  • the TRNC sends a change security mode information request message to the SRNC after receiving the radio resource reconfiguration complete message sent by the terminal; the SRNC receives the request message, and returns a change security mode information response message to the TRNC, where The response message contains the latest integrity protection parameter COUNT-I; TRNC updates the local COUNT-I according to the COUNT-I carried in the received response message.
  • the integrity protection parameter COUNT-I is correctly transmitted during the relocation process, and the consistency of the integrity protection parameter COUNT-I saved by the TRNC and the terminal when the RNC is switched is improved.
  • the communication system in this embodiment includes TRNC 201 and SRNC 202.
  • the TRNC 201 is configured to send a Changed Security Mode Info Req message to the SRNC 202.
  • the TRNC 201 sends a change security mode information request message to the SRNC 202 to obtain the current integrity protection parameter COUNT-I information, and according to The obtained integrity protection parameter COUNT-I updates the local integrity protection parameter COUNT-I.
  • the TRNC 201 is further configured to: after receiving the relocation request message forwarded by the core network, send a relocation response message to the core network, and send a relocation detection message to the core network after receiving the radio resource reconfiguration complete message sent by the terminal, and The location completion message.
  • SRNC 202 is used to send change security mode information responses to TRNC 201 (Changed Security Mode Info Rsp ) Message.
  • the SRNC 202 is configured to, after receiving the change security mode information request message sent by the TRNC 201, return a change security mode information response message to the TRNC 201, where the response message includes an integrity protection parameter COUNT-I, especially a downlink COUNT-I. If a connection such as a voice service occurs during the relocation process, the COUNT-I may be changed by transmitting the NAS message, so the latest COUNT-I is sent to the TRNC 201 by changing the security mode information response message.
  • COUNT-I integrity protection parameter
  • the SRNC 202 is further configured to send a relocation request message to the core network when the relocation needs to be performed, receive a relocation command message sent by the core network in the relocation process, and send the relocation command message sent by the core network to the terminal after receiving the relocation command message sent by the core network.
  • the air interface reconfigures the message, and then enters the state of waiting for the IU release command of the core network, and receives the change security mode information request message sent by the TRNC 201 during the waiting process.
  • the RNC When the RNC is the TRNC 201, the RNC includes a first transceiver unit 2011, a first storage unit 2012, a timer 2013, and a comparison unit 2014. See Figure 3A.
  • the first transceiver unit 2011 is configured to receive and send a message.
  • the first transceiver unit 2011 is specifically configured to send a change security mode information request message to the SRNC 202.
  • the preferred first transceiver unit 2011 includes an IUR interface, and uses a private message of an IUR interface (an interface directly connected between two RNCs).
  • the (Private Message) structure transmits a change security mode information request message so as not to affect the existing communication protocol, and the message content is as shown in FIG. 3B.
  • receiving the change security mode information response message returned by the SRNC 202 preferably transmitting the change security mode information response message by using the private message structure of the IUR interface, and the message content is as shown in FIG. 3C.
  • the identifier may be set for the terminal.
  • the instance number of the terminal on the SRNC 202 side is represented by srnc-U-RNTI, and the first transceiver unit 2011 is set to pass through the IUR interface.
  • the cell type of the request message sent by the SRNC 202 is Changed Security Mode Info Req, indicating that the integrity protection parameter COUNT-I information is requested to obtain the integrity protection parameter COUNT-I that may change due to the delivery of the NAS message.
  • the first transceiver unit 2011 is further configured to receive a relocation request message forwarded by the core network, and the receiving terminal sends the message through the Uu interface. The sent radio resource reconfiguration complete message.
  • the first transceiver unit 2011 is further configured to receive a relocation request message forwarded by the core network, and send a relocation response message to the core network, receive a radio resource reconfiguration complete message sent by the terminal, and send a relocation complete to the core network (RELOCATION COMPLETE).
  • the message completes the relocation process, and sends a relocation probe message to the core network to request switching of the user plane data.
  • the first transceiver unit 2011 may send the change security mode information request message at any time.
  • the change security mode information request message may be sent after receiving the radio resource reconfiguration complete message sent by the terminal.
  • the change may be sent to the core network.
  • a change security mode information request message is sent to obtain the latest COUNT-I.
  • the first transceiver unit 2011 may further send the change security mode information request message multiple times after receiving the radio resource reconfiguration complete message sent by the terminal, so as to obtain the latest COUNT-I.
  • the first storage unit 2012 is used to store the uplink and downlink integrity protection parameters COUNT-L, wherein the first storage unit 2012 may not be located in the TRNC 201, and may be an external storage, or other type of storage device.
  • Timer 2013 is used for timing.
  • the timer 2013 is specifically configured to: after the first transceiver unit 2011 sends the change security mode information request message through the IUR interface, start timing, and cause the RNC to enter a state of waiting for the SRNC 202 to return a change security mode information response message, and wait for the SRNC 202 to return.
  • the security mode information response message is changed to obtain the latest integrity protection parameter COUNT-L. If the timer 2013 times out and has not received the response message returned by the SRNC 202, the RNC is caused to jump out and wait for the SRNC 202 to return the change security mode information response message. Status, comparison unit 2014 does not have to update the integrity protection parameter COUNT-L
  • the comparing unit 2014 is configured to determine whether the received change security mode information response message includes the integrity protection parameter COUNT-L. When the determination result is yes, continue to determine whether the COUNT-I is valid, that is, whether the format is correct, and the COUNT- Whether I has a total of 32 bits, whether the high 28 bits are HFN and the lower 4 bits are RRC SNs to complete the judgment process. When the judgment result is yes, it will change The integrity protection parameter COUNT-I carried in the security mode information response message is compared with the integrity protection parameter COUNT-I stored in the first storage unit 2012. If the two are inconsistent, the larger of the two is saved.
  • the first transceiver unit 2011 does not receive the change security mode information response message sent by the SRNC 202 through the IUR interface after the timer 2013 expires, or the received change security mode information response message does not include a valid integrity protection parameter.
  • the COUNT-I information, or the received message type of the response message is not Changed Security Mode Info Rsp, or the received security mode information response message contains the integrity protection parameter COUNT-I less than or equal to the first storage unit 2012 In the integrity protection parameter COUNT-I saved, it is not necessary to update the integrity protection parameter COUNT-I.
  • the RNC when the RNC is the SRNC 202, the RNC includes a second transceiving unit 2021 and a generating unit 2022, and may further include a releasing unit 2023.
  • the second transceiver unit 2021 is configured to receive and send a message.
  • the second transceiver unit 2021 is configured to receive a change security mode information request message sent by the TRNC 201 by using an internal IUR interface, where the request message is included in a private message body of the IUR interface.
  • the second transceiver unit 2021 After receiving the request message, the second transceiver unit 2021 returns a change security mode information response message to the TRNC 201 through the IUR interface, where the response message is included in the private message body of the IUR interface.
  • the second transceiver unit 2021 is further configured to send a relocation request message to the core network at the beginning of the relocation process, forward the request message to the TRNC 201 through the core network, receive the relocation command sent by the core network, and send the air interface reconfiguration to the terminal. (Radio Bearer Reconfiguration) message.
  • the SRNC 202 enters a state of waiting for the IU release command of the core network, and receives the change security mode information request message sent by the TRNC 201 during the waiting process. If the SRNC 202 is not in the state of waiting for the IU release command of the core network, the change security mode information request message is not processed and the discarding process is performed.
  • the release unit 2023 releases the resource of the terminal on the SRNC 202 side after receiving the release command.
  • the generating unit 2022 is configured to generate a change security mode information response message after the second transceiver unit 2021 receives the change security mode information request message sent by the TRNC 201.
  • the response message includes an integrity protection parameter COUNT-I 0
  • the releasing unit 2023 is configured to release the resources of the terminal on the SRNC 202 side after the second transceiving unit 2021 receives the IU release command sent by the core network.
  • the resource may be a radio resource control (RRC) connection or the like.
  • an embodiment of the present invention introduces a method of transmitting integrity protection parameters from the TRNC 201 side.
  • the main method of the TRNC 201 side transmitting the integrity protection parameter COUNT-I is as follows: Step 501: After receiving the radio resource reconfiguration complete message sent by the terminal, the TRNC 201 sends a change security mode information request message to the SRNC 202, requesting to obtain the The integrity protection parameter COUNT-I corresponding to the terminal.
  • the TRNC 201 may also send a change security mode information request message to the SRNC 202 after sending the relocation probe message to the core network or after sending the relocation complete message to the core network, where the control plane and the user plane data have been After the configuration is about to be completed, the core network has stopped or is about to stop transmitting messages to the SRNC 202, and the COUNT-I on the SRNC 202 side is less likely to change, so that the TRNC 201 obtains the latest COUNT-I.
  • Step 502 The TRNC 201 updates the local COUNT-I according to the COUNT-I carried in the received change security mode information response message.
  • the embodiment of the present invention introduces a method of transmitting the integrity protection parameter COUNT-I from the SRNC 202 side.
  • SRNC 202 side pass integrity protection parameters COUNT-I's main method The flow is as follows:
  • Step 601 After transmitting the air interface reconfiguration message, the SRNC 202 receives the change security mode information request message sent by the TRNC 201.
  • Step 601 The SRNC 202 returns a change security mode information response message to the TRNC 201.
  • the response message includes the current integrity protection parameter COUNT-L
  • the embodiment of the present invention implements a method for transmitting the parameter COUNT-I of the integrity protection algorithm f in the security mode by forwarding a message.
  • the message can be forwarded through the IUR interface. See Figure 7.
  • Step 701 After transmitting the relocation detection message to the core network, the TRNC 201 sends a change security mode information request message to the SRNC 202 through the IUR interface.
  • the request message is included in the private message of the IUR interface.
  • Step 702 The SRNC 202 returns a change security mode information response message through the IUR interface.
  • the response message includes the current integrity protection parameter COUNT-L.
  • the response message is included in the private message body of the IUR interface.
  • Step 703 The TRNC 201 determines whether the integrity protection parameter COUNT-I carried in the received message is greater than the local COUNT-I. When the result of the determination is yes, proceed to step 704, otherwise proceed to step 705.
  • Step 704 The TRNC 201 updates the locally saved integrity protection parameter COUNT-L, where the TRNC 201 compares the integrity protection parameter COUNT-I carried in the received message with the integrity protection parameter COUNT- saved in the first storage unit 2013. Comparing I, if the two are inconsistent, save the larger of the two. If the change security mode information response message received by the TRNC 201 does not contain a valid integrity protection parameter COUNT-I message, or the cell type of the received response message is not Changed Security Mode Info Rs, or the received change security If the integrity protection parameter COUNT-I contained in the mode information response message is less than or equal to the integrity protection parameter COUNT-I held in the TRNC 201, it is not necessary to update the integrity protection parameter COUNT-I.
  • Step 705 The TRNC 201 returns a relocation complete message to the core network to complete the relocation process.
  • an embodiment of the present invention introduces a method of transmitting an integrity protection parameter COUNT-I from the TRNC 201 side.
  • the detailed method flow for passing the integrity protection parameters on the TRNC 201 side is as follows: The terminal sends a message of completion of radio resource reconfiguration to the TRNC 201 through the Uu interface, and the TRNC 201 sends a relocation detection message to the core network.
  • Step 801 After transmitting the relocation detection message to the core network, the TRNC 201 sends a change security mode information request message to the SRNC 202 through the IUR interface.
  • the change security mode information request message is included in the private message of the IUR interface.
  • Step 802 The TRNC 201 starts the timer 2014 and enters a state waiting for a response to wait for the SRNC 202 to return a change security mode information response message.
  • Step 803 The TRNC 201 receives the change security mode information response message before the timer 2014 times out.
  • the response message is received by the TRNC 201 through the IUR interface, and the response message is included in the private message body of the IUR interface.
  • the TRNC 201 parses the private message body to obtain the integrity protection parameter COUNT-I information in the change security mode information response message.
  • Step 804 The TRNC 201 determines whether the received change security mode information response message includes an integrity protection parameter. COUNT-L When the determination result is yes, proceed to step 805, otherwise proceed to step 807.
  • Step 805 The TRNC 201 determines whether the integrity protection parameter COUNT-I included in the received response message is greater than the local COUNT-I. When the answer is yes, proceed to step 806, otherwise continue to step 807.
  • Step 806 The TRNC 201 updates the integrity protection parameter COUNT-I 0 stored in the local, wherein the comparison unit 2015 compares the integrity protection parameter COUNT-I carried in the response message received by the first transceiver unit 2011 with the first storage unit 2013. The saved integrity protection parameter COUNT-I is compared, if the two are inconsistent, the larger of the two is saved.
  • the TRNC 201 does not receive the change security mode information response message after the timer 2014 times out, or the received change security mode information response message does not contain a valid integrity protection parameter COUNT-I message, or the received response
  • the cell type of the message is not Changed Security Mode Info Rsp, or the integrity protection parameter COUNT-I contained in the received change security mode information response message is less than or equal to the integrity protection parameter COUNT-I saved in TRNC 201, and it is not necessary to update the integrity protection parameter COUNT- I.
  • Step 807 The TRNC 201 returns a relocation complete message to the core network to complete the relocation process.
  • an embodiment of the present invention introduces a method of transmitting an integrity protection parameter COUNT-I from the SRNC 202 side.
  • the detailed method flow for passing the integrity protection parameters on the SRNC 202 side is as follows:
  • the SRNC 202 receives the relocation command sent by the core network, and successfully sends the air interface reconfiguration message to the terminal, and enters the state of waiting for the IU release command of the core network.
  • Step 901 The SRNC 202 receives the change security mode information request message sent by the TRNC 201 through the IUR interface.
  • the request message is included in the private message body of the IUR interface.
  • Step 902 The SRNC 202 returns a change security mode information response message to the TRNC 201 via the IUR interface.
  • the response message includes the current integrity protection parameter COUNT-I information.
  • the change security mode information response message is included in the private message body of the IUR interface.
  • the srnc-U-RNTI is set to the instance number of the terminal on the SRNC 202 side, and the cell type of the sent response message is changed to Changed Security Mode Info Rsp, indicating that the sent message carries the integrity protection parameter COUNT-I.
  • the change security mode information request message is not processed and the discarding process is performed.
  • Step 903 The SRNC 202 receives the IU release command sent by the core network.
  • Step 904 The SRNC 202 releases the resources of the terminal on the SRNC 202 side.
  • the resource may be an RRC connection or the like.
  • the TRNC 201 sends a change security mode information request message to the SRNC 202 after receiving the radio resource reconfiguration complete message sent by the terminal; the SRNC 202 receives the request message, and returns a change security mode request message response to the TRNC 201.
  • Message where the response The message contains the current integrity protection parameter COUNT-I; TRNC 201 updates the local COUNT-I according to the COUNT-I carried in the received response message.
  • the integrity protection parameter COUNT-I is correctly transmitted in the relocation process, and the consistency of the integrity protection parameter COUNT-I saved by the TRNC 201 and the terminal when the RNC is switched is not limited, and the number of NAS messages is not limited, nor is it Therefore, the problem of discarding the NAS message occurs, so that the receiver can correctly complete the verification of whether the signaling data is illegally modified during the sending process by using the integrity protection algorithm f9, and avoid the failure of the integrity protection parameter COUNT-I.
  • the correct transmission causes the signaling to be discarded, which in turn affects the establishment and transmission of services.
  • the TRNC may send the change security mode information request message at any time. For example, the change security mode information request message may be sent after receiving the radio resource reconfiguration complete message sent by the terminal.
  • the relocation detection may be sent to the core network.
  • the change security mode information request message is sent.
  • the control plane and the user plane data are all configured or will be configured, and the core network may have stopped transmitting the message to the SRNC, and the COUNT- on the SRNC side I is less likely to change again.
  • the mode information response message can be located in the private message of the IUR interface, which facilitates the extension of the message without affecting the existing communication protocol.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention porte sur un procédé et un appareil de transmission d'un paramètre de protection d'intégrité. Le procédé comprend les opérations suivantes : après avoir reçu un message d'accomplissement de reconfiguration de ressources radio envoyées par un terminal, un premier contrôleur de réseau radio (RNC) envoie un message de requête d'informations de mode de sécurité modifié à un second RNC pour demander le paramètre de protection d'intégrité COUNT-I correspondant au terminal ; durant le processus de relocalisation, le premier RNC est le RNC cible (TRNC) et le second RNC est le RNC source (SRNC) ; le premier RNC met à jour le paramètre COUNT-I local conformément au paramètre COUNT-I contenu dans le message de réponse d'informations de mode de sécurité modifié reçu envoyé par le second RNC. Grâce à la présente invention, le paramètre de protection d'intégrité COUNT-I peut être transmis correctement durant le processus de relocalisation, et ainsi, la cohérence entre le paramètre de protection d'intégrité COUNT-I stocké dans le TRNC et celui stocké dans le terminal dans la situation de transfert inter-RNC est améliorée.
PCT/CN2011/076563 2010-06-30 2011-06-29 Procédé et appareil de transmission de paramètre de protection d'intégrité WO2012000435A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010216143.8 2010-06-30
CN2010102161438A CN102316455A (zh) 2010-06-30 2010-06-30 一种传递完整性保护参数的方法及装置

Publications (1)

Publication Number Publication Date
WO2012000435A1 true WO2012000435A1 (fr) 2012-01-05

Family

ID=45401399

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/076563 WO2012000435A1 (fr) 2010-06-30 2011-06-29 Procédé et appareil de transmission de paramètre de protection d'intégrité

Country Status (2)

Country Link
CN (1) CN102316455A (fr)
WO (1) WO2012000435A1 (fr)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103297971B (zh) * 2012-02-29 2016-06-22 鼎桥通信技术有限公司 一种通信系统中的完整性保护方法和系统
CN104469745B (zh) * 2014-11-26 2018-05-01 大唐移动通信设备有限公司 一种完整性保护参数的应用方法及装置
CN108668281B (zh) 2017-03-31 2021-07-09 华为技术有限公司 一种通信方法、相关设备及系统
CN110536415B (zh) * 2018-05-23 2020-11-20 大唐移动通信设备有限公司 一种nas消息的处理方法、集群终端和集群核心网
WO2024073924A1 (fr) * 2022-11-17 2024-04-11 Lenovo (Beijing) Ltd. Procédés et appareil de détermination de l'intégrité d'estimations de positionnement

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20050082177A (ko) * 2004-02-18 2005-08-23 삼성전자주식회사 이동통신시스템에서 전력균형에 사용되는 기준전력 결정방법
CN101202936A (zh) * 2006-12-11 2008-06-18 大唐移动通信设备有限公司 涉及srns重定位的实现rrc信令完整性保护的方法、系统及无线网络控制器
CN101388829A (zh) * 2007-09-10 2009-03-18 大唐移动通信设备有限公司 重定位的信令及数据加密的方法、系统及无线网络控制器
CN101715188A (zh) * 2010-01-14 2010-05-26 中兴通讯股份有限公司 一种空口密钥的更新方法及系统

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100581288C (zh) * 2006-04-17 2010-01-13 大唐移动通信设备有限公司 一种确保收发双方完整性参数一致的方法
CN100544489C (zh) * 2006-07-21 2009-09-23 普天信息技术研究院 一种服务无线网络子系统重定位方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20050082177A (ko) * 2004-02-18 2005-08-23 삼성전자주식회사 이동통신시스템에서 전력균형에 사용되는 기준전력 결정방법
CN101202936A (zh) * 2006-12-11 2008-06-18 大唐移动通信设备有限公司 涉及srns重定位的实现rrc信令完整性保护的方法、系统及无线网络控制器
CN101388829A (zh) * 2007-09-10 2009-03-18 大唐移动通信设备有限公司 重定位的信令及数据加密的方法、系统及无线网络控制器
CN101715188A (zh) * 2010-01-14 2010-05-26 中兴通讯股份有限公司 一种空口密钥的更新方法及系统

Also Published As

Publication number Publication date
CN102316455A (zh) 2012-01-11

Similar Documents

Publication Publication Date Title
CN109802809B (zh) 网络接入的方法、终端设备和网络设备
WO2014198133A1 (fr) Procédé et dispositif d'allocation de ressources pour un support radio de données (drb)
AU2017424739B2 (en) Switching method, access network device and terminal device
TW200812409A (en) Method and system for performing handover in a wireless communication system
WO2017166247A1 (fr) Procédé de communication, dispositif sur le côté réseau, et terminal d'utilisateur
WO2011006440A1 (fr) Procédé et dispositif de commutation
WO2017132965A1 (fr) Système, procédé, et dispositif de transmission de données
US9510255B2 (en) Network handover method and apparatus
WO2009155835A1 (fr) Procédé, appareil et système de dérivation de clé
TW201108785A (en) Method and apparatus for handling inter-RAT handover
WO2011088787A1 (fr) Procédé et dispositif adaptés pour réaliser un transfert intercellulaire dans un réseau de points d'accès
TW200850017A (en) RRC messages and procedures
WO2011116547A1 (fr) Procédé et dispositif de configuration de ressources au cours d'un transfert intercellulaire
WO2012109987A1 (fr) Procédé et dispositif d'établissement de connexion
WO2012000435A1 (fr) Procédé et appareil de transmission de paramètre de protection d'intégrité
WO2013107218A1 (fr) Procédé et dispositif de reconfiguration d'interface uu
WO2011020296A1 (fr) Procédé, système et équipement de mise en œuvre de réacheminement de données durant un processus de commutation d'équipement utilisateur
TW200926852A (en) Handover method and apparatus in a wireless telecommunications network
KR20050089686A (ko) 이동 광대역 무선 접속 시스템에서 다수의 액티브기지국들을 가진 이동단말의 서비스 플로우 관리 방법
JP5655138B2 (ja) S1ハンドオーバ方法、s1ハンドオーバのデータ伝送方法及び移動通信システム
US20230156587A1 (en) Transmission Configuration Method and Device
WO2012024916A1 (fr) Procédé de trace de signalisation et dispositif associé
TWI531257B (zh) 無線通訊系統及其認證方法
WO2014206179A1 (fr) Procédé, terminal, station de base et système, et support d'informations pour la mise en œuvre de l'établissement d'une relation de voisins automatique
TWI397293B (zh) 行動台安全模式方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11800180

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11800180

Country of ref document: EP

Kind code of ref document: A1