WO2018171703A1 - 通信方法与设备 - Google Patents

通信方法与设备 Download PDF

Info

Publication number
WO2018171703A1
WO2018171703A1 PCT/CN2018/080129 CN2018080129W WO2018171703A1 WO 2018171703 A1 WO2018171703 A1 WO 2018171703A1 CN 2018080129 W CN2018080129 W CN 2018080129W WO 2018171703 A1 WO2018171703 A1 WO 2018171703A1
Authority
WO
WIPO (PCT)
Prior art keywords
network device
information
terminal device
network
security key
Prior art date
Application number
PCT/CN2018/080129
Other languages
English (en)
French (fr)
Inventor
柴丽
张戬
李秉肇
权威
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to MX2019011218A priority Critical patent/MX2019011218A/es
Priority to EP18771326.8A priority patent/EP3576443B1/en
Priority to KR1020197026893A priority patent/KR20190117653A/ko
Priority to EP20195014.4A priority patent/EP3813400A1/en
Publication of WO2018171703A1 publication Critical patent/WO2018171703A1/zh
Priority to US16/579,368 priority patent/US11304054B2/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
    • H04W36/0038Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/037Protecting confidentiality, e.g. by encryption of the control plane, e.g. signalling traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/20Manipulation of established connections
    • H04W76/25Maintenance of established connections
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/20Manipulation of established connections
    • H04W76/27Transitions between radio resource control [RRC] states
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor

Definitions

  • the present application relates to the field of communications and, more particularly, to a communication method and apparatus.
  • the inactive state of the terminal device means that the terminal device disconnects the RRC connection with the Radio Access Network (RAN) device, but retains the state of the context of the terminal device.
  • the uplink data may be sent to the new RAN device (which may also be referred to as the switched RAN device) based on the context of the previously reserved terminal device.
  • the present application provides a communication method and device, which can effectively improve the security of communication between a terminal device and a network device in an inactive state.
  • a communication method comprising:
  • the terminal device Receiving, by the terminal device, a security key, the terminal device is in a state of disconnecting the radio resource control RRC connection with the first network device, and retaining a state of the context information of the terminal device in the first network device;
  • the terminal device Transmitting, by the terminal device, a first message to the second network device, where the first message includes an identifier of the terminal device, and the encrypted uplink data and/or signaling, the encrypted uplink data and/or the information
  • the encryption is encrypted using the security key, the second network device being different from the first network device.
  • the terminal device in the inactive state uses the security key to encrypt when communicating with the network device, which can improve the security of the communication.
  • the security key includes a key saved in the context information.
  • the terminal device in the inactive state communicates with the new network device
  • the key stored in the context information of the network device that last resided is used for encryption, which can be improved under the premise of less overhead.
  • the security of communication between new network devices is used for encryption, which can be improved under the premise of less overhead.
  • the security key is different from a key used by the terminal device to communicate with the first network device.
  • the terminal device in the inactive state uses different keys for communication for different network devices, which can effectively improve the security of communication.
  • the terminal device obtains a security key, including: the terminal device obtaining the security key according to the identifier information of the second network device,
  • the identification information of the second network device includes cell information of the second network device and/or frequency information of the second network device.
  • the security key is generated according to the identification information of the network device, and is encrypted by using the security key when communicating with the network device, so that the security of the communication can be effectively improved.
  • the terminal device obtains a security key, including: the terminal device saves according to the identifier information of the second network device and the context information.
  • the security key is obtained by the key, and the identifier information of the second network device includes the cell information of the second network device and/or the frequency information of the second network device.
  • the security key is generated according to the key saved in the initial context information of the terminal device and the identification information of the new network device, and is encrypted by using the security key when communicating with the network device, so that the communication security can be effectively improved. Sex.
  • the communication method further includes: the terminal device obtaining security information configured by the first network device for the terminal device;
  • the terminal device obtains a security key, including:
  • the terminal device obtains the security key according to the security information and the identifier information of the second network device, where the identifier information of the second network device includes the cell information and/or the location of the second network device. Decoding the frequency information of the second network device; or
  • the terminal device obtains the security key according to the security information and the identifier information of the first network device, where the identifier information of the first network device includes cell information of the first network device and/or Or frequency information of the first network device.
  • the security key is generated according to the key information stored in the initial context information of the terminal device according to the identification information of the network device, and is encrypted by using the security key when communicating with the network device, so that the security of the communication can be effectively improved.
  • the obtaining, by the terminal device, the security key comprises: the terminal device further obtaining the security key by using any one of the following information:
  • the value of the counter carried in the context information the value of the counter obtained from the first network device, the value of the counter carried in the system message of the first network device, and the value of the system predefined counter.
  • the first message further includes an integrity message verification code MAC-I or a short integrity message verification code short-MAC-I.
  • the present application can implement integrity protection of data transmission between the terminal device and the second network device.
  • the identifier of the terminal device is an identifier configured by the first network device in the inactive state, or the terminal device The identifier of the first network device is configured by the terminal device in a connected state.
  • the first message includes the uplink data
  • the communications method further includes:
  • the system message of the second network device is obtained, where the system message includes pre-configured parameter information of the user plane corresponding to the at least one service;
  • the terminal device determines the uplink data according to the service corresponding to the pre-configured parameter information.
  • the pre-configuration parameter information includes at least one of the following information: packet data convergence protocol (PDCP) information, radio link layer control protocol (RLC) information, and media. Access control MAC information, or physical layer PHY information.
  • PDCP packet data convergence protocol
  • RLC radio link layer control protocol
  • media Access control MAC information, or physical layer PHY information.
  • the terminal device does not need to establish an RRC connection with the second network device, and may send the data of the at least one service to the second network device according to the pre-configured parameter information, thereby improving the inactive terminal device and the The efficiency of data transmission by network devices.
  • the first message is sent by a user plane data packet.
  • the communication method further includes: the terminal device obtaining, according to pre-configured resource information included in a system message of the second network device, An uplink resource of the second network device; or the terminal device obtains an uplink resource of the second network device by using a random access procedure.
  • the first message further includes the identifier information of the first network device, so that the second network device passes the first network
  • the device sends the uplink data and/or the signaling to the core network, where the identifier information of the first network device includes cell information of the first network device and/or the first network device Device information, the signaling is non-access stratum signaling.
  • the second network device forwards uplink data and/or signaling of the terminal device to the core network through the first network device that the terminal device once camped on, which can improve communication efficiency and also save cost.
  • the first message is sent by using RRC signaling.
  • the communication method further includes: the terminal device receiving a response message sent by the second network device, where the response message includes the following information At least one of: the identifier of the terminal device, whether to update the indication information of the context information, whether to enter the indication information of the RRC connected state, whether to keep the indication information in the inactive state, the new security information, the wireless access network area
  • the update information enters the indication information of the RRC connected state, keeps the indication information in the inactive state, and enters the indication information of the RRC idle state.
  • a communication method comprising:
  • the terminal device Receiving, by the second network device, the first message sent by the terminal device, where the first message includes an identifier of the terminal device, and the encrypted uplink data and/or signaling, the encrypted uplink data and/or signaling Encrypted using a security key, the terminal device is in a state of disconnecting the RRC connection with the radio resource control of the first network device, and retaining the state of the context information of the terminal device in the first network device, the first The network device is different from the second network device;
  • the second network device parses the uplink data and/or signaling according to the information of the security key.
  • the terminal device in the inactive state uses the security key to encrypt when communicating with the network device, which can improve the security of the communication.
  • the security key includes a key saved in the context information.
  • the terminal device in the inactive state communicates with the new network device
  • the key stored in the context information of the network device that last resided is used for encryption, which can be improved under the premise of less overhead.
  • the security of communication between new network devices is used for encryption, which can be improved under the premise of less overhead.
  • the security key is different from a key used by the terminal device to communicate with the first network device.
  • the terminal device in the inactive state uses different keys for communication for different network devices, which can effectively improve the security of communication.
  • the security key is determined according to the identifier information of the second network device, and the identifier information of the second network device includes the The cell information of the second network device and/or the frequency information of the second network device.
  • the security key is generated according to the identification information of the network device, and is encrypted by using the security key when communicating with the network device, so that the security of the communication can be effectively improved.
  • the terminal device obtains a security key, including: the terminal device saves according to the identifier information of the second network device and the context information.
  • the security key is obtained by the key, and the identifier information of the second network device includes the cell information of the second network device and/or the frequency information of the second network device.
  • the security key is generated according to the key saved in the initial context information of the terminal device and the identification information of the new network device, and is encrypted by using the security key when communicating with the network device, so that the communication security can be effectively improved. Sex.
  • the security key is based on the identifier information of the second network device and the security information configured by the first network device for the terminal device Determining, the identifier information of the second network device includes cell information of the second network device and/or frequency information of the second network device; or
  • the security key is determined according to the identification information of the first network device and the security information, and the identifier information of the first network device includes cell information of the first network device and/or the first Frequency information of network devices.
  • the security key is generated according to the key information stored in the initial context information of the terminal device according to the identification information of the network device, and is encrypted by using the security key when communicating with the network device, so that the security of the communication can be effectively improved.
  • the determining the information of the security key further includes any one of the following information: a value of a counter saved in the context information, the terminal The value of the counter obtained by the device from the first network device, the value of the counter carried in the system message of the first network device, and the value of the system predefined counter.
  • the first message further includes an integrity message verification code MAC-I or a short integrity message verification code short-MAC-I.
  • the present application can implement integrity protection of data transmission between the terminal device and the second network device.
  • the first message includes the uplink data
  • the system message of the second network device includes a pre-configuration of a user plane corresponding to the at least one service Parameter information, so that the terminal device determines the uplink data according to the service corresponding to the pre-configured parameter information.
  • the pre-configuration parameter information includes at least one of the following information: packet data convergence protocol PDCP information, radio link layer control protocol RLC information, media Access control MAC information, or physical layer PHY information.
  • the terminal device does not need to establish an RRC connection with the second network device, and may send the data of the at least one service to the second network device according to the pre-configured parameter information, thereby improving the inactive terminal device and the The efficiency of data transmission by network devices.
  • the first message is sent by a user plane data packet.
  • the first message further includes the identifier information of the first network device, and the identifier information of the first network device includes the first network Cell information of the device and/or device information of the first network device;
  • the communication method further includes:
  • the second network device Sending, by the second network device, the uplink data and/or the signaling to the first network device according to the identifier information of the first network device, so that the first network device sends the uplink data
  • the signaling is sent to the core network, and the signaling is non-access stratum signaling.
  • the second network device forwards uplink data and/or signaling of the terminal device to the core network through the first network device that the terminal device once camped on, which can improve communication efficiency and also save cost.
  • the first message includes the uplink data
  • the communications method further includes:
  • the second network device obtains the context information
  • the second network device establishes a communication path with the core network according to the context information
  • the second network device sends the uplink data to the core network according to the communication path.
  • the second network device forwards the uplink data of the terminal device to the core network according to the context information of the terminal device, thereby improving communication efficiency.
  • the second network device obtains the context information, including:
  • the second network device obtains the context information according to the context information notification message sent by the first network device.
  • the second network device requests the context information from the first network device.
  • the communications method further includes:
  • the second network device obtains a new next hop chain counter NCC information from the core network
  • the new security key is newly determined, and the security of the data transmission can be further improved.
  • the communications method further includes:
  • the communications method further includes:
  • the identifier of the terminal device updates the indication information of the context information, whether to enter the indication information of the RRC connected state, whether to keep the indication information in the inactive state, the new security information, the update information of the wireless access network area,
  • the indication information that enters the RRC connected state keeps the indication information in the inactive state, and enters the indication information of the RRC idle state.
  • a third aspect provides a terminal device, where the terminal device is configured to perform the communication method in any of the foregoing first aspect or the first aspect of the first aspect.
  • the terminal device may comprise means for performing the communication method of the first aspect or any of the possible implementations of the first aspect.
  • a fourth aspect provides a terminal device, the terminal device comprising a memory and a processor for storing instructions for executing instructions stored in the memory, and performing execution of the instructions stored in the memory such that the processing The method of the first aspect or any of the possible implementations of the first aspect is performed.
  • a fifth aspect provides a computer readable storage medium having stored thereon a computer program, the program being implemented by a processor to implement the method of the first aspect or any of the possible implementations of the first aspect.
  • a sixth aspect provides a network device, where the network device is configured to perform the communication method in any of the foregoing possible implementation manners of the second aspect or the second aspect.
  • the network device may comprise means for performing the communication method of the second aspect or any of the possible implementations of the second aspect.
  • a seventh aspect provides a network device, the network device comprising a memory and a processor for storing instructions for executing instructions stored by the memory, and performing execution of the instructions stored in the memory such that the processing The method of the second aspect or any of the possible implementations of the second aspect is performed.
  • An eighth aspect provides a computer readable storage medium having stored thereon a computer program, the program being executed by a processor to implement the method of any of the possible implementations of the second aspect or the second aspect.
  • the terminal device in the inactive state uses the security key to encrypt when communicating with the network device, which can improve the security of the communication.
  • FIG. 1 is a schematic structural diagram of a system according to an embodiment of the present application.
  • FIG. 2 is a schematic flowchart of a communication method provided by an embodiment of the present application.
  • FIG. 3 is another schematic flowchart of a communication method according to an embodiment of the present application.
  • FIG. 4 is still another schematic flowchart of a communication method according to an embodiment of the present application.
  • FIG. 5 is still another schematic flowchart of a communication method according to an embodiment of the present application.
  • FIG. 6 is still another schematic flowchart of a communication method according to an embodiment of the present application.
  • FIG. 7 is a schematic block diagram of a terminal device according to an embodiment of the present application.
  • FIG. 8 is another schematic block diagram of a terminal device according to an embodiment of the present application.
  • FIG. 9 is a schematic block diagram of a network device according to an embodiment of the present application.
  • FIG. 10 is another schematic block diagram of a network device according to an embodiment of the present application.
  • FIG. 11 is still another schematic block diagram of a terminal device according to an embodiment of the present application.
  • LTE Long Term Evolution
  • UMTS Terrestrial Radio Access Universal Mobile Telecommunications System
  • UTRAN Universal Mobile Telecommunications System
  • GSM Global System for Mobile Communication
  • EDGE Enhanced Data Rate for GSM Evolution
  • GSM EDGE Radio Access Network GERAN
  • SGSN Serving GPRS Support
  • GGSN Gateway GPRS support node
  • PLMN Public Land Mobile Network
  • PLMN Public Land Mobile Network
  • the embodiment of the application relates to a terminal device.
  • the terminal device may be a device that includes a wireless transceiver function and can cooperate with the network device to provide a communication service for the user.
  • the terminal device may refer to a user equipment (User Equipment, UE), an access terminal, a subscriber unit, a subscriber station, a mobile station, a mobile station, a remote station, a remote terminal, a mobile device, a user terminal, a terminal, a wireless communication device, User agent or user device.
  • UE user equipment
  • UE user equipment
  • an access terminal a subscriber unit, a subscriber station, a mobile station, a mobile station, a remote station, a remote terminal, a mobile device, a user terminal, a terminal, a wireless communication device, User agent or user device.
  • the terminal device may be a cellular phone, a cordless phone, a Session Initiation Protocol (SIP) phone, a Wireless Local Loop (WLL) station, a Personal Digital Assistant (PDA), with wireless
  • SIP Session Initiation Protocol
  • WLL Wireless Local Loop
  • PDA Personal Digital Assistant
  • the embodiment of the present application also relates to a network device.
  • the network device may be a device for communicating with the terminal device, for example, may be a base station (Base Transceiver Station, BTS) in the GSM system or CDMA, or may be a base station (NodeB, NB) in the WCDMA system, or may be An evolved base station (Evolutional Node B, eNB or eNodeB) in an LTE system, or the network device may be a relay station, an access point, an in-vehicle device, a wearable device, and a network side device in a network after a 5G network or a 5G or Network devices and the like in a future evolved PLMN network.
  • BTS Base Transceiver Station
  • NodeB NodeB
  • NB base station
  • eNodeB evolved base station
  • the network device may be a relay station, an access point, an in-vehicle device, a wearable device, and a network side device in
  • the network device involved in the embodiment of the present application may also be referred to as a Radio Access Network (RAN) device.
  • the RAN device is connected to the terminal device and is configured to receive data of the terminal device and send the data to the core network device.
  • the RAN device corresponds to different devices in different communication systems, for example, a corresponding base station and a base station controller in a 2G system, and a corresponding base station and a radio network controller (RNC) in a 3G system, correspondingly evolved in a 4G system.
  • An evolved Node B (eNB) corresponds to a 5G system in a 5G system, such as an access network device (eg, gNB, CU, DU) in a new Radio Access Technology (NR).
  • NR Radio Access Technology
  • the embodiment of the present application also relates to a Core Network (CN) device.
  • the CN device corresponds to different devices in different communication systems, for example, a Serving GPRS Support Node (SGSN) or a Gateway GPRS Support Node (GGSN) in a 3G system, in a 4G system.
  • SGSN Serving GPRS Support Node
  • GGSN Gateway GPRS Support Node
  • MME Mobility Management Entity
  • S-GW Serving GateWay
  • the 5G system corresponds to the core network related equipment (for example, NG-Core) of the 5G system.
  • RRC Radio Resource Control
  • Context information after the RAN device establishes an RRC connection with the terminal device, the RAN device allocates context information for the terminal device, and the RAN device communicates with the terminal device based on the context information information.
  • the context information information includes the identification information of the terminal device, the security context information of the terminal device, the subscription information of the terminal device, the configuration information of the radio bearer of the terminal device, the logical channel information, and the Network Slicing Info, which is included in the Network Slicing Info.
  • the value of variables, counters, and/or timers, media access control MAC variables, counters and/or timer values, and/or physical layer PHY variables, counters, and/or timer values such as COUNT of the PDCP packet, SN of the PDCP packet.
  • Inactive state (or called Suspend state, or Light connection state)
  • Suspend state or Light connection state
  • the context information is stored in both the RAN device and the terminal device, and The RRC connection between the terminal device and the RAN device is restored by a Resume message.
  • a Data Radio Bearer (DRB) for transmitting data between the terminal device and the RAN device may also be restored.
  • DRB Data Radio Bearer
  • the S1 interface of the terminal device is anchored at a base station (which may be referred to as an “anchor base station"), and then may perform cell reselection mobility in a predetermined area (eg, referred to as "RAN-based paging")
  • RAN-based paging a predetermined area
  • the "inactive state” mentioned in the embodiments of the present application is only for describing such a state, and is not limited thereto.
  • inactive state anchor base station
  • radio access network area (or RAN-based paging area) update are only for convenience of description, and are not used to limit this The scope of the application examples.
  • the identifier of the terminal device which can uniquely identify the identifier of the terminal device, and may be an identifier allocated by the RAN device for the terminal device, or may be an identifier assigned by the control plane device (CP Function) to the terminal device.
  • CP Function control plane device
  • FIG. 1 is a schematic structural diagram of a system according to an embodiment of the present application.
  • the terminal device 110 initially establishes an RRC connection with the first network device 120.
  • the first network device 120 assigns context information to the terminal device 110.
  • the terminal device communicates with the first network device 120 based on the RRC connection, such as through the first network device 120.
  • the terminal device 110 disconnects the RRC connection with the first network device 120, but retains the context information of the terminal device 110 under the first network device 120, that is, enters an inactive state.
  • the terminal device 110 moves to the second network device 130.
  • the terminal device 110 performs communication transmission with the second network device 130 based on the previously retained context information, for example, by using the first network device. 120 accesses the core network 140.
  • FIG. 2 is a schematic flowchart of a communication method 200 provided by an embodiment of the present application.
  • the terminal device, the first network device, and the second network device described in FIG. 2 may correspond to the terminal device 110, the first network device 120, and the second network device 130 illustrated in FIG. 1, respectively.
  • the method 200 includes:
  • the terminal device obtains a security key, and the terminal device is in a state of disconnecting the RRC connection with the radio resource control of the first network device, and retaining the state of the context information of the terminal device in the first network device.
  • the terminal device may determine the security key based on a key saved in the context information, and may also determine the security key in combination with other information and/or a key saved in the context information. This will be described in detail below.
  • the use of the inactive state indicates that the terminal device disconnects the RRC connection with the radio resource control of the first network device, and retains the state of the context information of the terminal device at the first network device.
  • the terminal device sends a first message to the second network device, where the first message includes an identifier of the terminal device, and the encrypted uplink data and/or signaling, where the encrypted uplink data and/or signaling is a security key. Encrypted, the second network device is different from the first network device.
  • the identifier of the terminal device may be an identifier configured by the terminal device in the inactive state of the first network device.
  • the identifier of the terminal device is an identifier configured by the first network device for the terminal device in the connected state.
  • the identity of the terminal device includes a recovery identifier (recovery ID) and/or a context identifier (context ID) of the terminal device.
  • the second network device can learn that the first message is from the terminal device according to the identifier of the terminal device carried in the first message.
  • the uplink data may be service data of the terminal device.
  • the signaling may be non-access stratum signaling or access layer signaling.
  • the access layer signaling is, for example, a RAN (Radio Access Network)-based paging area update signaling of the terminal device.
  • the terminal device moves beyond the original RAN-based paging area and enters another RAN-based paging area to which the second network device belongs. In this case, the terminal device needs to report to the second network device that the terminal device has left.
  • the original RAN-based paging area this signaling may be referred to as RAN-based paging area update signaling.
  • the terminal device does not need to notify the base station when moving in a predetermined area (for example, a RAN-based paging area), but once the RAN-based paging area is sent, it is required to report to the base station that the terminal device has left the original Based on the RAN-based paging area, this process is referred to as RAN-based paging area update (Paging Area Update).
  • the RAN-based paging area update signaling may also be a periodic RAN-based paging area update signaling of the terminal equipment.
  • the non-access stratum signaling is, for example, Tracking Area (TA) update signaling.
  • TA Tracking Area
  • the second network device obtains information of the security key by using the first network device.
  • the information of the security key may be information for generating the security key, or may be the security key itself.
  • the security key represented by the information of the security key obtained by the second network device from the first network device is the same key as the security key obtained by the terminal device.
  • the terminal device and the first network device generate the security key according to the same rules or algorithms.
  • the first network device may actively send the security key information to the second network device, or the second network device needs to request the information of the security key from the first network device.
  • the second network device parses the uplink data and/or signaling according to the information of the security key.
  • the second network device may directly or indirectly send uplink data and/or signaling to the core network.
  • the terminal device in the inactive state uses the security key encryption when communicating with the network device, which can improve the security of the communication.
  • the method 200 further includes: the first network device sends an RRC release message to the terminal device; the terminal device disconnects the radio resource control RRC connection with the first network device according to the RRC release message, but reserves the terminal.
  • the context information of the device in the first network device that is, the terminal device enters an inactive state.
  • the RRC release message may include the terminal device.
  • the RRC release message may further include one of the following information:
  • the information is used to inform the terminal device not to delete the context information of the terminal device in the first network device, and continue to save.
  • the information is used to inform the terminal device to save the validity period of the context information.
  • the terminal device may delete the context.
  • the UP configuration information refers to UP configuration information corresponding to one or more services that the terminal device does not currently establish before entering the inactive state. If the subsequent user triggers a new service, the terminal device does not need to enter the connected state, and can directly establish a new service based on the information.
  • the UP configuration information helps improve the efficiency of subsequent terminal devices to establish new services.
  • the terminal device initiates an RRC connection recovery or security information required for transmitting uplink data.
  • the security information may be independent or shared.
  • the security information may include a combination of any one or more of the following: a security algorithm, a Next-Hop Chaining Counter (NCC), used to obtain a count value (COUNT) of the security key, Or other parameters that can obtain a security key.
  • NCC Next-Hop Chaining Counter
  • Cause Value information such as high priority access, wireless access area update, called data or calling signaling.
  • the terminal device may determine the security key based on the key saved in the context information, and may also determine the security key in combination with other information and/or a key stored in the context information.
  • the security key includes a key stored in the context information.
  • the terminal device determines the key held in the context information as the security key.
  • the key stored in the context information is the key used by the terminal device to communicate with the first network device.
  • the terminal device in the inactive state uses the security key to encrypt the communication with the network device, which can improve the security of the communication.
  • the security key is different from a key used by the terminal device to communicate with the first network device.
  • the security key can be generated in the following manners.
  • the security key is determined according to the identifier information of the second network device, and the identifier information of the second network device includes the cell information of the second network device and/or the frequency information of the second network device.
  • the terminal device generates the security key according to the preset algorithm according to the identifier information of the second network device.
  • the cell information of the second network device is, for example, the cell label of the second network device or the cell identifier of the second network device
  • the frequency information of the second network device is, for example, the frequency point information of the second network device or the frequency band information of the second network device. Or both.
  • the security key is determined according to the identification information of the second network device and the key saved in the context information.
  • the terminal device generates the security key according to a preset algorithm according to the identifier information of the second network device and the key saved in the context information.
  • the security key is determined according to the identification information of the second network device and the security information configured by the first network device for the terminal device, and the identifier information of the second network device includes the cell information of the second network device. And/or frequency information of the second network device.
  • the terminal device generates the security key according to a preset algorithm according to the identifier information of the second network device and the security information allocated by the first network device to the terminal device.
  • the security information allocated by the first network device to the terminal device is, for example, the “4) security information required for the terminal device to initiate RRC connection recovery or send uplink data for the terminal device configured by the first network device.
  • the security information may be independent or shared.
  • the security information may include a combination of any one or more of the following: a security algorithm, a Next-Hop Chaining Counter (NCC), used to obtain a count value (COUNT) of the security key, Or other parameters that can obtain a security key.
  • NCC Next-Hop Chaining Counter
  • the terminal device may obtain the security information from an RRC release message sent by the first network device.
  • the security key is determined according to the identification information of the first network device and the security information allocated by the first network device to the terminal device, where the identifier information of the first network device includes the cell of the first network device. Information and/or frequency information of the first network device.
  • the security information allocated by the first network device to the terminal device is, for example, the “4) security information required for the terminal device to initiate RRC connection recovery or send uplink data for the terminal device configured by the first network device.
  • the terminal device generates the security key according to a preset algorithm according to the identifier information of the first network device and the security information allocated by the first network device to the terminal device.
  • the cell information of the first network device is, for example, the cell label of the first network device or the cell identifier of the first network device
  • the frequency information of the first network device is, for example, the frequency point information of the first network device or the frequency band information of the first network device. Or both.
  • the terminal device may further generate the security key according to a corresponding algorithm according to any one of the following information: a value of a counter saved in the context information, from the first The value of the counter acquired by the network device, the value of the counter carried in the system message of the first network device, and the value of the system predefined counter.
  • the value of the counter obtained from the first network device may be a value of a counter obtained by the terminal device from the RRC release message sent by the first network device.
  • the value of the counter referred to herein may be, for example, the value of a counter of a packet (packet).
  • the security key may be generated according to a feasible algorithm by referring to other related parameters by a system definition or a protocol.
  • the security key used by the terminal device in the inactive state to communicate with the second network device is different from the security key used by the terminal device and the first network device that resides last time, thereby The security of communication between the terminal device and the second network device can be improved.
  • the first message sent by the terminal device to the second network device further includes a message authentication code for Integrity (MAC-I) or a short integrity message verification code (short-MAC). -I).
  • MAC-I message authentication code for Integrity
  • short-MAC short integrity message verification code
  • the MAC-I or short-MAC-I may be derived by using an integrity protection algorithm according to a key stored in the context information of the terminal device.
  • the MAC-I or short-MAC-I may be derived using an integrity protection algorithm according to any of the first to fourth implementations of generating the security key.
  • the embodiment of the present application can implement integrity protection when the terminal device in the inactive state communicates with the network device.
  • the terminal device sends the first message to the second network device by using the uplink resource of the second network device.
  • the terminal device can obtain the uplink resource of the second network device in a plurality of different manners.
  • the terminal device can obtain the Grant-free resource of the second network device by using the system message of the second network device.
  • the method 200 further includes: after the terminal device moves to the cell of the second network device, obtaining a system message of the second network device, where the system message of the second network device carries the pre-configured
  • the resource information is obtained by the terminal device according to the pre-configured resource information.
  • the pre-configured resource information indicates a Grant-free resource of the second network device.
  • the Grant-free resource is used by the terminal device that moves to the inactive state in the cell of the second network device to send the packet data.
  • the terminal device may determine the Grant-free resource as the uplink resource.
  • the Grant-free resources indicated by the pre-configured resource information are divided into groups, wherein resource information of each group is used to indicate a time domain, a frequency domain location, and a corresponding signature of the group of resources (or , sequence, index (index)).
  • the group of resources indicated by the Grant-free resource information is further divided into: an initial sending group, a retransmission group, a retransmission group 2, and a retransmission m group, where m is a positive integer.
  • the terminal device When the terminal device needs to send uplink data and/or signaling, the terminal device selects resources of one of the Grant-free resources indicated by the Grant-free resource information (for example, an initial sending group), and sends uplink data and/or a letter. make.
  • the Grant-free resource information for example, an initial sending group
  • the terminal device sends the identifier and the identifier of the terminal device to the second network device, while sending the uplink data and/or the signaling to the second network device.
  • the signature is used to notify the second network device to allocate resources for the terminal device.
  • the terminal may further send any one or more of the following information to the second network device: a pre-configured parameter index number, a MAC-I, and a Buffer Status Report (BSR).
  • a pre-configured parameter index number a MAC-I
  • BSR Buffer Status Report
  • COUNT count value
  • SN sequence number
  • the terminal device if the terminal device sends uplink data and/or signaling to the second network device by using the resource of the initial sending group, the sending fails, and the terminal device may further continue to use the resource of the retransmission group.
  • the terminal device determines the Grant-free resource of the second network device as the uplink resource of the second network device, and improves the efficiency of communicating with the second network device.
  • the terminal device can obtain the uplink resource of the second network device by using a random access (RA) process.
  • RA random access
  • the method 200 further includes: after the terminal device moves to the cell of the second network device, obtaining a system message of the second network device; the terminal device initiates the RA process, and obtains the second network device. a Grant-free resource; the terminal device sends a preamble sequence to the second network device when the uplink data needs to be sent, the preamble sequence is used to notify the second network device to allocate resources for the terminal device, optionally
  • the terminal device may send the identifier of the terminal device; the terminal device receives the resource allocated by the second network device according to the preamble sequence; optionally, the terminal device sends a buffer status report to the second network device according to the resource allocated by the second network device (Buffer Status Report (BSR): The second network device sends an uplink grant resource (UL Grant) to the terminal device according to the BSR sent by the terminal device, that is, the terminal device obtains the uplink resource to the second network device.
  • BSR Buffer Status Report
  • the terminal device further sends an RRC connection request to the second network device according to the UL Grant sent by the second network device, where the RRC connection request carries the identifier of the terminal device.
  • the terminal device reads the Public Land Mobile Network (PLMN) information in the system message, and determines the wireless location of the cell of the second network device.
  • PLMN Public Land Mobile Network
  • the access technology (Radio Access Technology, RAT) type is different from the RAT type of the cell of the first network device.
  • the terminal device learns that the RAN-based paging area (PA) of the second network device is the same as the PA of the first network device by reading the system message, the terminal device does not go to the first The second network device initiates RAN-based paging area update signaling. If the terminal device learns that the RAN-based paging area (PA) of the second network device is different from the PA of the first network device, that is, the PA changes, the terminal device may The second network device initiates RAN based paging zone update signaling.
  • PA RAN-based paging area
  • the system message of the second network device further carries the pre-configured parameter information of the user plane (UP) corresponding to the service
  • the method 200 further includes: the terminal device according to the The service corresponding to the pre-configured parameter information determines the uplink data to be sent.
  • the terminal device sends uplink data to the second network device according to the service corresponding to the pre-configured parameter information.
  • the pre-configuration parameter information may further include a Packet Data Convergence Protocol (PDCP), a Radio Link Control (RLC), and a Media Access Control (MAC). ), or physical layer (PHY) configuration information and configuration index number.
  • PDCP Packet Data Convergence Protocol
  • RLC Radio Link Control
  • MAC Media Access Control
  • PHY physical layer
  • the terminal device in a scenario where the terminal device needs to add a new service and send data of a new service type, the terminal device does not need to establish an RRC connection with the second network device, and may be configured according to the pre-configured parameter. And transmitting the data of the at least one service to the second network device, so as to improve the efficiency of data transmission between the terminal device and the switched network device.
  • the system message of the second network device further carries at least one pre-configuration parameter information of the user plane corresponding to the quality of service (QoS); the method 200 further includes: The terminal device determines the uplink data to be sent according to the QoS corresponding to the pre-configured parameter information.
  • QoS quality of service
  • the terminal device does not need to establish an RRC connection with the second network device, and may send the data corresponding to the at least one QoS to the second network device according to the pre-configured parameter information, thereby improving the terminal device and the The efficiency of data transmission by network devices.
  • the terminal device obtains the uplink resource of the second network device from the first network device.
  • the RRC release message sent by the first network device to the terminal device further carries the pre-configured unlicensed uplink resource of the at least one cell, for example, the same as the first network device.
  • RAN-based PA RAN-based Paging Area
  • the terminal device may obtain the pre-configured unauthorized license of the second network device after receiving the RRC release message sent by the first network device. Upstream resources.
  • the terminal device may send the first message by using MAC layer data signaling or control signaling.
  • the terminal device transmits the first message through a MAC Protocol Data Unit (MAC PDU).
  • MAC PDU MAC Protocol Data Unit
  • the terminal device may send the first message to the second network device by using a user plane data packet.
  • the terminal device sends the first message through a User Data Packet Convergence Protocol (PDCP).
  • PDCP User Data Packet Convergence Protocol
  • the terminal device may send the first message to the second network device by using RRC signaling.
  • the first network device sends the information of the security key to the second network device, so that the second network device can subsequently parse the uplink data and/or signaling sent by the terminal device according to the security key.
  • the information of the security key sent by the first network device may be parameter information used to generate the security key, or directly the security key itself. It should be noted that the security key corresponding to the information of the security key sent by the first network device is the same key as the security key obtained by the terminal device in step 210. For example, if the terminal device in step 210 uses the key saved in the context information as the security key, the information of the security key sent by the first network device to the second network device may be the context information.
  • the terminal device If the terminal device generates the security key according to the identification information of the second network device and the key saved in the context information (corresponding to the second implementation manner of obtaining the security key described above), the first device
  • the information of the security key sent by the network device to the second network device includes the context information and indication information for indicating the identification information of the second network device (or directly the identification information itself of the second network device).
  • the second network device may send the uplink data and/or signaling sent by the terminal device to the core network indirectly or directly.
  • the first message sent by the terminal device further includes the identifier information of the first network device, where the identifier information of the first network device includes the cell information of the first network device and/or the device of the first network device.
  • the communication method 200 further includes: the second network device sending uplink data and/or signaling to the first network device according to the identifier information of the first network device, so that the first network device sends the uplink data to the core network,
  • the signaling is non-access stratum signaling.
  • this embodiment describes a scheme in which the second network device indirectly transmits uplink data and/or signaling sent by the terminal device to the core network.
  • the identifier of the terminal device may also carry the identifier information of the first network device.
  • the identifier of the terminal device is carried in the first message, so that the second network device can obtain the identifier information of the first network device.
  • the cell information of the first network device is, for example, a cell label or a cell identifier of the first network device.
  • the device information of the first network device is, for example, a device number of the first network device, a GPRS Tunneling Protocol (GTP) tunnel endpoint information, an IP address, or a MAC address.
  • GTP tunnel endpoint information includes a Transport Layer Address and a Tunnel Endpoint Identifier (TEID).
  • the second network device forwards uplink data and/or signaling of the terminal device to the core network by using the first network device that the terminal device once camped on, so that communication efficiency can be improved, and cost can also be saved.
  • the second network device sends the uplink data and/or signaling to the core network indirectly, if the terminal device sends the first message to the second network device by using the PDCP SDU, that is, the IP packet.
  • the second network device can directly forward the first message to the first network device. If the terminal device sends the first message to the second network device by using the PDCP PDU, or the RLC PDU, or the MAC PDU or the layer 1 code stream, before the second network device sends the first message to the first network device, the first The network device needs to perform configuration on the second network device for the terminal device, for example, including a user plane configuration.
  • the method 200 further includes: the second network device obtains context information; the second network device establishes a communication path with the core network according to the context information; and the second network device is configured according to the communication The path sends the uplink data and/or signaling to the core network.
  • the second network device may obtain transmission path information of the data of the terminal device from the context information.
  • this embodiment describes a scheme in which the second network device directly transmits uplink data and/or signaling sent by the terminal device to the core network.
  • the second network device is connected to the core network based on the context information, so that the uplink data of the terminal device can be forwarded to the core network without establishing an RRC connection with the terminal device.
  • the second network device may obtain the context information by using a terminal device context notification message that is sent in advance by the first network device.
  • the second network device may request the context information from the first network device after receiving the first message of the terminal device.
  • the second network device may request context information from the first network device that the terminal device once camped on.
  • the method further includes: obtaining, by the second network device, a new next hop chain counter from the core network (Next Hop) Chaining Counter (NCC) information; the second network device sends the new NCC to the terminal device, instructing the terminal device to determine a new security key by using the new NCC, and encrypting the new security key
  • NCC Next Hop Chaining Counter
  • the new security key is newly determined, and the security of the data transmission can be further improved.
  • the method further includes: determining, by the second network device, whether the context information needs to be updated.
  • the second network device determines, according to the following at least one information, whether the context information needs to be updated: a size of the uplink data of the terminal device, a sending frequency of the uplink data of the terminal device, and a load of the second network device, The number of user connections of the second network device and the uplink service information of the terminal device.
  • the protocol provides that when the size of the uplink data of the terminal device exceeds a threshold, or when the transmission frequency of the uplink data of the terminal device exceeds a threshold, or the load of the second network device exceeds a threshold, or the user of the second network device When the number of connections exceeds the threshold, or the uplink service information of the terminal device meets the preset condition, the second network device determines that the context information needs to be updated.
  • the method 200 further includes: the second network device sending a response message to the terminal device, where the response message includes an identifier of the terminal device.
  • response message is used to notify the second network device that the first message sent by the terminal device is successfully received.
  • the response message further includes at least one of the following information: whether to update the indication information of the context information, whether to enter the indication information of the RRC connected state, whether to keep the indication information in the inactive state, the new security information And the update information of the radio access network area, enter the indication information of the RRC connection state, and keep the indication information in the inactive state, and enter the indication information of the RRC idle state; the method 200 further includes: the terminal device is carried according to the response message Instructions, perform the appropriate actions.
  • the terminal device releases the previously reserved context, ready to receive a new context configured by the second network device for the terminal device.
  • the terminal device sends an RRC connection request to the second network device.
  • the response message includes indication information for indicating to remain in an inactive state, the terminal device continues to remain in an inactive state, ie, does not establish an RRC connection with the second network device.
  • the terminal device may perform the following actions:
  • the cell After being inactive, after the security information is rolled back, the cell (network device) is reselected, and the process of establishing communication with the network device is initiated again; or
  • the cell After being inactive, after the security information is rolled back, the cell (network device) is reselected and the RRC connection establishment process is entered; or
  • the cell (network device) is reselected and the RRC connection re-establishment process is entered.
  • the reason that the terminal receives the failure feedback of the second network device or does not receive the feedback may include any combination of one or more of the following factors: security verification failure, configuration not supported, function not supported, invalid configuration, timer time out.
  • FIG. 3 is another schematic flowchart of a communication method 300 according to an embodiment of the present application.
  • the first network device is represented by GNB1
  • the second network device is represented by GNB2
  • the core network device is represented by CN (Core Network).
  • GNB1 and GNB2 are only for convenience of description and are not intended to limit the scope of the embodiments of the present application.
  • the method 300 includes:
  • the GNB1 sends an RRC release message to the terminal device.
  • the RRC release message may implicitly indicate that the terminal device enters an inactive state.
  • the RRC release message carries an indication that the terminal device enters an inactive state.
  • the RRC release message may also indicate that the terminal device enters an inactive state.
  • the RRC release message directly indicates that the terminal device enters a disconnected state.
  • the RRC release message may be, for example, an RRC message, MAC signaling, or physical layer control signaling.
  • the RRC release message may be a unicast message, a multicast message or a broadcast message.
  • the terminal device releases the RRC connection with the GNB1, and retains the context information of the terminal device under the GNB1, that is, enters an inactive state (RRC inactive).
  • the uplink resource of the GNB2 can be obtained through the system message of the GNB2.
  • the random access (RA) process may be used to request GNB2 to allocate uplink resources to the terminal device.
  • the terminal device obtains a security key.
  • the security key may directly be a key saved in the context information.
  • the security key is determined according to the identification information of the GNB 2 and the key stored in the context information.
  • the security key is determined according to the identification information of the GNB2 and the security information configured by the GNB1, and the security information is, for example, that the terminal device configured by the GNB1 for the terminal device needs to initiate the RRC connection recovery or send the uplink data.
  • Safety information is, the security key is determined according to the identification information of the GNB1 and the security information configured by the GNB1.
  • the identification information of the GNB (GNB1 or GNB2) mentioned here may be cell information of the GNB or frequency information of the GNB.
  • the terminal device sends the uplink data (DATA) to the GNB2 by using the uplink resource of the GNB2, and further sends the identifier of the terminal device.
  • DATA uplink data
  • the identifier of the terminal device may be an identifier generated by the terminal device, or may be an identifier allocated by the GNB1 to the terminal device in the connected state, or may be an identifier allocated by the terminal device in the inactive state of the GNB1.
  • the terminal device may also send the MAC-I or shortMAC-I while transmitting the identifier of the terminal device and the uplink data.
  • the MAC-I or shortMAC-I may be derived in accordance with the security key.
  • the terminal device sends the uplink data to the GNB2 by using the security key, and also ensures the integrity protection of the data by sending the MAC-I, which can effectively improve the security of data transmission between the terminal device and the GNB2.
  • the GNB2 obtains the information of the security key through the GNB1.
  • the GNB2 parses the uplink data sent by the terminal device according to the information of the security key.
  • step 230 For details, refer to the description of step 230 above, and details are not described herein again.
  • the GNB2 After receiving the uplink data sent by the terminal device, the GNB2 finds that the context information is not available locally, and requests the context information from the GNB1 that the terminal device last camped on.
  • the GNB1 sends a terminal device context request response for indicating the context information to the GNB2.
  • the GNB2 obtains the context information
  • the data transmission path of the terminal device in the connected state can be obtained.
  • GNB2 can save the context information locally.
  • the GNB2 sends a path switch request to the CN according to the context information.
  • the CN sends a path switch request response to the GNB2, where the path switch request response may include a new NCC.
  • This new NCC is used to determine the new security key.
  • the GNB2 sends the uplink data sent by the terminal device to the CN.
  • the GNB2 sends a response message to the terminal device, where the response message includes the identifier of the terminal device and the new NCC sent by the CN, and may further include a MAC-I.
  • the identifier of the terminal device is used to inform the GNB2 that the uplink data sent by the terminal device is successfully received.
  • the new NCC is used to instruct the terminal device to determine a new security key based on the new NCC.
  • MAC-I is used for integrity protection.
  • the terminal device can continue to remain in an inactive state (RRC inactive).
  • the terminal device obtains a new security key encryption based on the new NCC.
  • the terminal device sends the encrypted uplink data to the GNB2 again, and also sends the identifier of the terminal device, and also sends the MAC-I, and the uplink data is encrypted by using a new security key.
  • the GNB2 forwards the uplink data sent by the terminal device to the core network.
  • the GNB 2 may send a response message to the terminal device, where the response message includes the identifier of the terminal device and the MAC-I.
  • the terminal device may perform the following actions:
  • the cell After being inactive, after the security information is rolled back, the cell (network device) is reselected, and the process of establishing communication with the network device is initiated again; or
  • the cell After being inactive, after the security information is rolled back, the cell (network device) is reselected and the RRC connection establishment process is entered; or
  • the cell (network device) is reselected and the RRC connection re-establishment process is entered.
  • the reason that the terminal receives the failure feedback of GNB2 or does not receive the feedback may include any combination of one or more of the following factors: security verification failure, configuration not supported, function not supported, invalid configuration, timer timeout.
  • the terminal device can remain in an inactive state all the time, and performs data transmission with the GNB 2 based on the context information.
  • the terminal device may also send an RRC connection recovery request to the GNB2, enter a connection state, and perform data transmission with the GNB2.
  • the data is encrypted by using the security key, which can effectively improve the security of data transmission.
  • FIG. 4 is still another schematic flowchart of a communication method 400 according to an embodiment of the present application.
  • the first network device is also represented by GNB1
  • the second network device is represented by GNB2
  • the core network device is represented by CN (Core Network).
  • GNB1 and GNB2 are only for convenience of description and are not intended to limit the scope of the embodiments of the present application.
  • the method 400 includes:
  • the GNB1 sends an RRC release message to the terminal device. Same as step 301.
  • the terminal device releases the RRC connection with the GNB1, but retains the context information, that is, enters an inactive state (RRC inactive). Same as step 302.
  • the GNB1 sends a context information notification message to the neighboring network device (including the GNB2), where the context information notification message includes context information of the terminal device.
  • the GNB2 may send a response message to the GNB1.
  • the GNB2 obtains the context information according to the context notification message sent by the GNB1, and saves the information.
  • the GNB2 obtains the context information
  • the data transmission path of the terminal device in the connected state can be obtained.
  • GNB2 may also send a response message to the GNB 1 for the context notification message.
  • step 405. After the terminal equipment moves to the cell of the GNB2, obtain the uplink resource of the GNB2. Same as step 303.
  • the terminal device obtains a security key. Same as step 304.
  • the terminal device uses the uplink resource of the GNB2 to send uplink data (DATA) to the GNB2, and also sends the identifier of the terminal device. Same as step 306.
  • DATA uplink data
  • step 403 and step 404 are performed before step 407.
  • steps 403 and 404, and steps 401 and 402 are not strictly limited.
  • the GNB2 obtains the information of the security key through the GNB1.
  • the GNB2 parses the uplink data sent by the terminal device according to the information of the security key.
  • step 230 For details, refer to the description of step 230 above, and details are not described herein again.
  • the GNB2 After receiving the uplink data sent by the terminal device, the GNB2 sends a path switch request to the CN according to the context information. Same as step 309.
  • the CN sends a path switch request response to the GNB2, where the path switch request response may include a new NCC.
  • This new NCC is used to determine the new security key. Same as step 310.
  • the GNB2 sends the uplink data sent by the terminal device to the CN. Same as step 311.
  • the GNB2 sends a response message to the terminal device, where the response message includes the identifier of the terminal device and the new NCC sent by the CN, and may further include a MAC-I. Same as step 312.
  • the identifier of the terminal device is used to inform the GNB2 that the uplink data sent by the terminal device is successfully received.
  • the new NCC is used to instruct the terminal device to determine a new security key based on the new NCC.
  • MAC-I is used for integrity protection.
  • GNB2 does not explicitly indicate, the terminal device continues to remain in an inactive state (RRC inactive).
  • the terminal device obtains a new security key encryption based on the new NCC. Same as step 313.
  • the terminal device sends the encrypted uplink data to the GNB2 again, and also sends the identifier of the terminal device, and also sends the MAC-I, and the uplink data is encrypted by using a new security key. Same as step 314.
  • the GNB2 forwards the uplink data sent by the terminal device to the core network. Same as step 315.
  • the GNB 2 may send a response message to the terminal device, where the response message includes the identifier of the terminal device and the MAC-I.
  • the terminal device may perform the following actions:
  • the cell After being inactive, after the security information is rolled back, the cell (network device) is reselected, and the process of establishing communication with the network device is initiated again; or
  • the cell After being inactive, after the security information is rolled back, the cell (network device) is reselected and the RRC connection establishment process is entered; or
  • the cell (network device) is reselected and the RRC connection re-establishment process is entered.
  • the reason that the terminal receives the failure feedback of GNB2 or does not receive the feedback may include any combination of one or more of the following factors: security verification failure, configuration not supported, function not supported, invalid configuration, timer timeout.
  • the GNB2 since the GNB2 obtains the context information by using the context information notification message sent by the GNB1 in advance (step 403 and step 404 shown in FIG. 4), After receiving the uplink data sent by the terminal device, the GNB2 can directly use the context information already saved locally to forward the uplink data to the core network, thereby effectively improving the efficiency of data transmission and effectively reducing the transmission delay.
  • the terminal device can remain in an inactive state all the time, and performs data transmission with the GNB 2 based on the context information.
  • the terminal device may also send an RRC connection recovery request to the GNB2, enter a connection state, and perform data transmission with the GNB2.
  • GNB2 forwards the uplink data of the terminal device directly to the core network.
  • a scheme in which the GNB2 forwards the uplink data of the terminal device to the core network indirectly through the GNB1 is described below with reference to FIG.
  • FIG. 5 is still another schematic flowchart of a communication method 500 according to an embodiment of the present application.
  • GNB1 is also used to indicate the first network device
  • GNB2 is used to represent the second network device. It should be understood that GNB1 and GNB2 are only for convenience of description and are not intended to limit the scope of the embodiments of the present application.
  • the method 500 includes:
  • the GNB1 sends an RRC release message to the terminal device. Same as step 301.
  • the terminal device releases the RRC connection with the GNB1, but retains the context information of the terminal device in the GNB1, that is, enters an inactive state (RRC inactive). Same as step 302.
  • the terminal device obtains a security key. Same as step 304.
  • the terminal device sends the uplink data (DATA) to the GNB2 by using the uplink resource of the GNB2, and further sends the identifier of the terminal device. Same as step 305.
  • DATA uplink data
  • the GNB2 obtains the information of the security key through the GNB1.
  • step 230 For details, refer to the description of step 230 above, and details are not described herein again.
  • the GNB2 obtains the identifier information of the GNB1, and the identifier information of the GNB1 includes the cell information of the GNB1 and/or the device information of the GNB1. For specific explanation, refer to the related description above.
  • the GNB2 sends the uplink data of the terminal device to the GNB2 according to the identifier information of the GNB1.
  • the GNB1 forwards the uplink data of the terminal device to the CN.
  • FIG. 6 is still another schematic flowchart of a communication method 600 according to an embodiment of the present application.
  • GNB1 is also used to indicate the first network device
  • GNB2 is used to represent the second network device. It should be understood that GNB1 and GNB2 are only for convenience of description and are not intended to limit the scope of the embodiments of the present application.
  • the method 600 includes:
  • the GNB1 sends an RRC release message to the terminal device. Same as step 301.
  • the terminal device releases the RRC connection with the GNB1, but retains the context information of the terminal device in the GNB1, that is, enters an inactive state (RRC inactive). Same as step 302.
  • the terminal device obtains a security key. Same as step 304.
  • the terminal device After the terminal device obtains the system message of the GNB2, the terminal device reads the PLMN information in the system message, and learns that the RAT type of the cell of the GNB2 is different from the RAT type of the cell of the GNB1, and the RAN-based paging area of the GNB2 is also known. (Paging Area, PA) is different from the PA of GNB1, that is, RAN-based paging area update occurs.
  • Paging Area, PA is different from the PA of GNB1, that is, RAN-based paging area update occurs.
  • the terminal device sends the encrypted RAN-based paging area update signaling to the GBN2 according to the uplink resource of the GNB2, and also sends the identifier of the terminal device and the MAC-I, where the RAN-based paging area update signaling is performed. Secure key encryption.
  • the inactive terminal device sends the RAN-based paging area update signaling to the GNB2 by using the security key, and also ensures the integrity protection of the data by sending the MAC-I, thereby effectively improving the security of data transmission between the terminal device and the GNB2. .
  • the GNB2 obtains the information of the security key through the GNB1.
  • step 230 For details, refer to the description of step 230 above, and details are not described herein again.
  • the GNB2 After receiving the RAN-based paging area update signaling sent by the terminal device, the GNB2 obtains the context information.
  • the GNB 2 can obtain the context information by using the method shown in FIG. 3 or FIG. 4.
  • the GNC1 requests the context information from the last resident GNB1, as shown in FIG. Step 306 and step 307.
  • the context information notification message sent by the GNB1 has been received, as shown in step 403 and step 404 in FIG.
  • the RAN-based paging area update signaling can be directly processed by using the context information already stored locally.
  • the GNB2 processes the RAN-based paging area update signaling.
  • the GNB 2 parses the RAN-based paging area update signaling based on the information of the security key.
  • the GNB2 sends a RAN-based paging area update response including the identifier of the terminal device to the terminal device.
  • the terminal device can remain in an inactive state all the time, and performs data transmission with the GNB 2 based on the context information.
  • the terminal device may also send an RRC connection recovery request to the GNB2, enter a connection state, and perform data transmission with the GNB2.
  • the terminal device in the inactive state may send the RAN-based paging area update signaling to the network device, and use the security key to encrypt, which can improve the security of the signaling transmission.
  • the communication method provided by the embodiment of the present application is described above with reference to FIG. 2 to FIG. 6.
  • the terminal device and the network device provided by the embodiment of the present application are described below with reference to FIG.
  • FIG. 7 is a schematic block diagram of a terminal device 700 according to an embodiment of the present disclosure.
  • the terminal device 700 includes:
  • the processing module 710 is configured to obtain a security key, and the terminal device is in a state of disconnecting the radio resource control RRC connection with the first network device, and retaining a state of the context information of the terminal device in the first network device;
  • the transceiver module 720 is configured to send a first message to the second network device, where the first message includes an identifier of the terminal device, and the encrypted uplink data and/or signaling, where the encrypted uplink data and/or signaling is used.
  • the second network device is different from the first network device.
  • the terminal device in the inactive state uses the security key to encrypt the communication with the network device, which can improve the security of the communication.
  • the security key includes a key stored in the context information.
  • the security key is different from the key used by the terminal device to communicate with the first network device.
  • the processing module 710 is configured to obtain a security key, including:
  • the processing module 710 is configured to obtain a security key according to the identifier information of the second network device, where the identifier information of the second network device includes the cell information of the second network device and/or the frequency information of the second network device.
  • the transceiver module 720 is further configured to obtain security information configured by the first network device for the terminal device;
  • the processing module 710 is configured to obtain a security key, including:
  • the processing module 710 is configured to obtain a security key according to the security information and the identifier information of the second network device, where the identifier information of the second network device includes the cell information of the second network device and/or the frequency information of the second network device; or
  • the processing module 710 is configured to obtain a security key according to the security information and the identifier information of the first network device, where the identifier information of the first network device includes the cell information of the first network device and/or the frequency information of the first network device. .
  • processing module 710 is further configured to obtain the security key by using any one of the following information:
  • the first message includes uplink data
  • the processing module 710 is further configured to: after the terminal device moves to the cell of the second network device, obtain a system message of the second network device, where the system message includes at least one The pre-configured parameter information of the user plane corresponding to the service; and the uplink data is determined according to the service corresponding to the pre-configured parameter information.
  • the first message is sent by the user plane data packet.
  • the first message further includes the identifier information of the first network device, so that the second network device sends uplink data and/or signaling to the core network by using the first network device, where
  • the identification information of the network device includes cell information of the first network device and/or device information of the first network device, and the signaling is non-access stratum signaling.
  • the transceiver module 720 is further configured to receive a response message sent by the second network device, where the response message includes at least one of the following information:
  • the identifier of the terminal device whether to update the indication information of the context information, whether to enter the indication information of the RRC connected state,
  • processing module 710 in the embodiment of the present application may be implemented by a processor or a processor related circuit component
  • transceiver module 720 may be implemented by a transceiver or a transceiver related circuit component.
  • the embodiment of the present application further provides a terminal device 800, which includes a processor 810, a memory 820 and a transceiver 830, wherein the memory 820 stores instructions or programs, and the processor 810 is configured to execute An instruction or program stored in the memory 820.
  • the processor 810 is configured to perform the operations performed by the processing module 710 in the above embodiment
  • the transceiver 830 is configured to perform the operations performed by the transceiver module 720 in the above embodiment.
  • the terminal device in the inactive state uses the security key to encrypt the communication with the network device, which can improve the security of the communication.
  • FIG. 9 is a schematic flowchart of a network device 900 according to an embodiment of the present disclosure.
  • the network device 900 includes:
  • the transceiver module 910 is configured to receive a first message sent by the terminal device, where the first message includes an identifier of the terminal device, and the encrypted uplink data and/or signaling, where the encrypted uplink data and/or signaling is used. Keyly encrypted, the terminal device is disconnected from the RRC connection with the radio resource control of the first network device, and retains the state of the context information of the terminal device in the first network device, the first network device being different from the network device;
  • the processing module 920 is configured to obtain information about the security key by using the first network device.
  • the processing module 920 is further configured to parse the uplink data and/or signaling according to the information of the security key.
  • the terminal device in the inactive state uses the security key to encrypt the communication with the network device, which can improve the security of the communication.
  • the security key includes a key stored in the context information.
  • the security key is different from the key used by the terminal device to communicate with the first network device.
  • the security key is determined according to the identifier information of the network device, and the identifier information of the network device includes the cell information of the network device and/or the frequency information of the network device.
  • the security key is determined according to the identifier information of the network device and the security information configured by the first network device for the terminal device, where the identifier information of the network device includes the cell information of the network device and/or the network device. Frequency information; or
  • the security key is determined according to the identification information of the first network device and the security information, and the identifier information of the first network device includes the cell information of the first network device and/or the frequency information of the first network device.
  • the information for determining the security key further includes any one of the following information:
  • the first message includes the uplink data
  • the system message of the network device includes the pre-configured parameter information of the user plane corresponding to the at least one service, so that the terminal device determines the uplink according to the service corresponding to the pre-configured parameter information. data.
  • the first message is sent by the user plane data packet.
  • the first message further includes identifier information of the first network device, where the identifier information of the first network device includes cell information of the first network device and/or device information of the first network device;
  • the transceiver module 910 is further configured to send uplink data and/or signaling to the first network device according to the identifier information of the first network device, so that the first network device sends uplink data and/or signaling to the core network, and the Let non-access stratum signaling.
  • the first message includes uplink data.
  • the processing module 920 is further configured to: obtain context information; the network device establishes a communication path with the core network according to the context information;
  • the transceiver module 910 is further configured to send uplink data to the core network according to the communication path.
  • processing module 920 is further configured to obtain context information:
  • the processing module 920 is configured to obtain the context information by using the context information sent by the first network device, or
  • the processing module 920 is configured to request context information from the first network device.
  • the processing module 920 is further configured to: obtain a new next hop chain counter NCC information from the core network;
  • the transceiver module 910 is further configured to send a new NCC to the terminal device, to instruct the terminal device to determine a new security key by using the new NCC, and encrypt the next uplink data to be sent by using the new security key.
  • the processing module 920 is further configured to determine, according to the at least one of the following information, whether the context information needs to be updated:
  • the size of the uplink data of the terminal device The size of the uplink data of the terminal device, the transmission frequency of the uplink data of the terminal device, the load of the network device, the number of user connections of the network device, and the uplink service information of the terminal device.
  • the transceiver module 910 is further configured to: send, to the terminal device, a response message for the first message, where the response message includes at least one of the following information:
  • the identifier of the terminal device whether to update the indication information of the context information, whether to enter the indication information of the RRC connected state, whether to keep the indication information in the inactive state, the new security information, and the update information of the wireless access network area.
  • processing module 920 in the embodiment of the present application may be implemented by a processor or a processor related circuit component
  • transceiver module 910 may be implemented by a transceiver or a transceiver related circuit component.
  • the embodiment of the present application further provides a network device 1000, which includes a processor 1010, a memory 1020, and a transceiver 1030.
  • the memory 1020 stores instructions or programs
  • the processor 1010 is configured to execute An instruction or program stored in the memory 1020.
  • the processor 1010 is configured to perform the operations performed by the processing module 920 in the above embodiment
  • the transceiver 1030 is configured to perform the operations performed by the transceiver module 910 in the above embodiment.
  • the terminal device in the inactive state uses the security key to encrypt the communication with the network device, which can improve the security of the communication.
  • the embodiment of the present application further provides a communication device, which may be a terminal device or a circuit.
  • the communication device can be used to perform the actions performed by the terminal device in the above method embodiments.
  • FIG. 11 shows a schematic structural diagram of a simplified terminal device.
  • the terminal device uses a mobile phone as an example.
  • the terminal device includes a processor, a memory, a radio frequency circuit, an antenna, and an input/output device.
  • the processor is mainly used for processing communication protocols and communication data, and controlling terminal devices, executing software programs, processing data of software programs, and the like.
  • Memory is primarily used to store software programs and data.
  • the RF circuit is mainly used for the conversion of the baseband signal and the RF signal and the processing of the RF signal.
  • the antenna is mainly used to transmit and receive RF signals in the form of electromagnetic waves.
  • Input and output devices such as touch screens, display screens, keyboards, etc., are primarily used to receive user input data and output data to the user. It should be noted that some types of terminal devices may not have input and output devices.
  • the processor When the data needs to be sent, the processor performs baseband processing on the data to be sent, and outputs the baseband signal to the radio frequency circuit.
  • the radio frequency circuit performs radio frequency processing on the baseband signal, and then sends the radio frequency signal to the outside through the antenna in the form of electromagnetic waves.
  • the RF circuit receives the RF signal through the antenna, converts the RF signal into a baseband signal, and outputs the baseband signal to the processor, which converts the baseband signal into data and processes the data.
  • the memory may also be referred to as a storage medium or a storage device or the like.
  • the memory may be independent of the processor, or may be integrated with the processor, which is not limited in this embodiment of the present application.
  • the antenna and the radio frequency circuit having the transceiving function can be regarded as the transceiving unit of the terminal device, and the processor having the processing function is regarded as the processing unit of the terminal device.
  • the terminal device includes a transceiver unit 1110 and a processing unit 1120.
  • the transceiver unit can also be referred to as a transceiver, a transceiver, a transceiver, and the like.
  • the processing unit may also be referred to as a processor, a processing board, a processing module, a processing device, and the like.
  • the device for implementing the receiving function in the transceiver unit 1110 can be regarded as a receiving unit, and the device for implementing the sending function in the transceiver unit 1110 is regarded as a sending unit, that is, the transceiver unit 1110 includes a receiving unit and a sending unit.
  • the transceiver unit may also be referred to as a transceiver, a transceiver, or a transceiver circuit.
  • the receiving unit may also be referred to as a receiver, a receiver, or a receiving circuit or the like.
  • the transmitting unit may also be referred to as a transmitter, a transmitter, or a transmitting circuit, and the like.
  • transceiver unit 1110 is configured to perform the sending operation and the receiving operation on the terminal device side in the foregoing method embodiment
  • processing unit 1120 is configured to perform other operations on the terminal device except the transmitting and receiving operations in the foregoing method embodiment.
  • the transceiver unit 1110 is configured to perform a sending operation on the terminal device side in step 220 in FIG. 2, and/or the transceiver unit 1110 is further configured to perform other receiving and receiving on the terminal device side in the embodiment of the present application.
  • step. The processing unit 1120 is configured to perform step 210 in FIG. 2, and/or the processing unit 1120 is further configured to perform other processing steps on the terminal device side in the embodiment of the present application.
  • the transceiver unit 1110 is configured to perform the receiving operation on the terminal device side in step 301 and step 312 in FIG. 3 or the transmitting operation on the terminal device side in step 305, and/or the transceiver unit 1120 further It is used to perform other transmitting and receiving steps on the terminal device side in the embodiment of the present application.
  • the processing unit 1120 is configured to perform step 302, step 303, and step 304 in FIG. 3, and/or the processing unit 1120 is further configured to perform other processing steps on the terminal device side in the embodiment of the present application.
  • the transceiver unit 1110 is configured to perform a receiving operation on the terminal device side in steps 401 and 412 in FIG. 4 or a transmitting operation on the terminal device side in step 407 and step 414, and/or transmit and receive.
  • the unit 1110 is further configured to perform other transmitting and receiving steps on the terminal device side in the embodiment of the present application.
  • the processing unit 1120 is configured to perform step 402, step 405, step 406, and step 413 in FIG. 4, and/or the processing unit 1120 is further configured to perform other processing steps on the terminal device side in the embodiment of the present application.
  • the transceiver unit 1110 is configured to perform a receiving operation on the terminal device side in step 501 in FIG. 5 or a transmitting operation on the terminal device side in step 505, and/or the transceiver unit 1110 is further configured to perform Other steps of transmitting and receiving on the terminal device side in this embodiment of the present application.
  • the processing unit 1120 is configured to perform step 502, step 503, and step 504 in FIG. 5, and/or the processing unit 1120 is further configured to perform other processing steps on the terminal device side in the embodiment of the present application.
  • the transceiver unit 1110 is configured to perform the receiving operation on the terminal device side in step 601 and step 610 in FIG. 6 or the transmitting operation on the terminal device side in step 606, and/or the transceiver unit 1110 further It is used to perform other transmitting and receiving steps on the terminal device side in the embodiment of the present application.
  • the processing unit 1120 is configured to perform step 602, step 603, step 604, and step 605 in FIG. 6, and/or the processing unit 1120 is further configured to perform other processing steps on the terminal device side in the embodiment of the present application.
  • the chip When the communication device is a chip, the chip includes a transceiver unit and a processing unit.
  • the transceiver unit may be an input/output circuit and a communication interface;
  • the processing unit is a processor or a microprocessor or an integrated circuit integrated on the chip.
  • processors mentioned in the embodiment of the present application may be a central processing unit (CPU), and may also be other general-purpose processors, digital signal processors (DSPs), and application specific integrated circuits ( Application Specific Integrated Circuit (ASIC), Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware component, etc.
  • the general purpose processor may be a microprocessor or the processor or any conventional processor or the like.
  • the memory referred to in the embodiments of the present application may be a volatile memory or a non-volatile memory, or may include both volatile and non-volatile memory.
  • the non-volatile memory may be a read-only memory (ROM), a programmable read only memory (PROM), an erasable programmable read only memory (Erasable PROM, EPROM), or an electric Erase programmable read only memory (EEPROM) or flash memory.
  • the volatile memory can be a Random Access Memory (RAM) that acts as an external cache.
  • RAM Random Access Memory
  • many forms of RAM are available, such as static random access memory (SRAM), dynamic random access memory (DRAM), synchronous dynamic random access memory (Synchronous DRAM). SDRAM), Double Data Rate SDRAM (DDR SDRAM), Enhanced Synchronous Dynamic Random Access Memory (ESDRAM), Synchronous Connection Dynamic Random Access Memory (Synchlink DRAM, SLDRAM) ) and direct memory bus random access memory (DR RAM).
  • processor is a general-purpose processor, DSP, ASIC, FPGA or other programmable logic device, discrete gate or transistor logic device, discrete hardware component, the memory (storage module) is integrated in the processor.
  • memories described herein are intended to comprise, without being limited to, these and any other suitable types of memory.
  • the disclosed systems, devices, and methods may be implemented in other manners.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • there may be another division manner for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not executed.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the functions may be stored in a computer readable storage medium if implemented in the form of a software functional unit and sold or used as a standalone product.
  • the technical solution of the present application which is essential or contributes to the prior art, or a part of the technical solution, may be embodied in the form of a software product, which is stored in a storage medium, including
  • the instructions are used to cause a computer device (which may be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present application.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like, which can store program codes. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本申请提供一种通信方法与设备,该通信方法包括:终端设备获得安全密钥,终端设备处于断开与第一网络设备的无线资源控制RRC连接,并且保留终端设备在第一网络设备的上下文信息的状态;终端设备向第二网络设备发送第一消息,第一消息包括终端设备的标识,以及加密后的上行数据和/或信令,加密后的上行数据和/或信令是使用安全密钥加密的,第二网络设备不同于第一网络设备。在本申请中,非激活态下的终端设备与网络设备进行通信时采用安全密钥加密,能够提高通信的安全性。

Description

通信方法与设备
本申请要求于2017年03月24日提交中国专利局、申请号为201710186514.4、申请名称为“通信方法与设备”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
技术领域
本申请涉及通信领域,并且更具体地,涉及一种通信方法与设备。
背景技术
终端设备的非激活态指的是,终端设备与无线接入网(Radio Access Network,RAN)设备断开RRC连接,但保留终端设备的上下文的状态。在非激活态下,当终端设备移动到新的RAN设备的小区时,可以基于之前保留的该终端设备的上下文,向新的RAN设备(也可称为切换后的RAN设备)发送上行数据。
当前技术中,非激活态下的终端设备与切换后的RAN设备之间的数据传输没有相应安全技术的保障。
发明内容
本申请提供一种通信方法与设备,能够有效提高非激活状态下的终端设备与网络设备进行通信的安全性。
第一方面,提供一种通信方法,所述方法包括:
终端设备获得安全密钥,所述终端设备处于断开与第一网络设备的无线资源控制RRC连接,并且保留所述终端设备在所述第一网络设备的上下文信息的状态;
所述终端设备向第二网络设备发送第一消息,所述第一消息包括所述终端设备的标识,以及加密后的上行数据和/或信令,所述加密后的上行数据和/或信令是使用所述安全密钥加密的,所述第二网络设备不同于所述第一网络设备。
在本申请中,非激活状态下的终端设备与网络设备进行通信时采用安全密钥加密,能够提高通信的安全性。
结合第一方面,在第一方面的一种可能的实现方式中,所述安全密钥包括所述上下文信息中保存的密钥。
在本申请中,非激活态的终端设备在与新的网络设备通信时,采用上一次驻留的网络设备的上下文信息中保存的密钥进行加密,在较小开销的前提下,能够提高与新的网络设备之间通信的安全性。
结合第一方面,在第一方面的一种可能的实现方式中,所述安全密钥不同于所述终端设备与所述第一网络设备进行通信所采用的密钥。
在本申请中,非激活状态下的终端设备针对不同的网络设备,通信时采用不同的密钥, 这样能够有效提高通信的安全性。
结合第一方面,在第一方面的一种可能的实现方式中,所述终端设备获得安全密钥,包括:所述终端设备根据所述第二网络设备的标识信息获得所述安全密钥,所述第二网络设备的标识信息包括所述第二网络设备的小区信息和/或所述第二网络设备的频率信息。
在本申请中,根据网络设备的标识信息生成安全密钥,在与网络设备通信时采用该安全密钥加密,这样能够有效提高通信的安全性。
结合第一方面,在第一方面的一种可能的实现方式中,所述终端设备获得安全密钥,包括:所述终端设备根据所述第二网络设备的标识信息与所述上下文信息中保存的密钥,获得所述安全密钥,所述第二网络设备的标识信息包括所述第二网络设备的小区信息和/或所述第二网络设备的频率信息。
在本申请中,根据终端设备的初始上下文信息中保存的密钥与新的网络设备的标识信息生成安全密钥,在与网络设备通信时采用该安全密钥加密,这样能够有效提高通信的安全性。
结合第一方面,在第一方面的一种可能的实现方式中,所述通信方法还包括:所述终端设备获得所述第一网络设备为所述终端设备配置的安全信息;
所述终端设备获得安全密钥,包括:
所述终端设备根据所述安全信息与所述第二网络设备的标识信息,获得所述安全密钥,所述第二网络设备的标识信息包括所述第二网络设备的小区信息和/或所述第二网络设备的频率信息;或
所述终端设备根据所述安全信息与所述第一网络设备的标识信息,获得所述安全密钥,其中,所述第一网络设备的标识信息包括所述第一网络设备的小区信息和/或所述第一网络设备的频率信息。
在本申请中,根据网络设备的标识信息与终端设备的初始上下文信息中保存的密钥生成安全密钥,在与网络设备通信时采用该安全密钥加密,这样能够有效提高通信的安全性。
结合第一方面,在第一方面的一种可能的实现方式中,所述终端设备获得安全密钥,包括:所述终端设备还使用下列信息中的任一种获得所述安全密钥:
所述上下文信息中携带的计数器的值,从所述第一网络设备获得的计数器的值,所述第一网络设备的系统消息中携带的计数器的值,系统预定义的计数器的值。
结合第一方面,在第一方面的一种可能的实现方式中,所述第一消息中还包括完整性消息验证码MAC-I或者短完整性消息验证码short-MAC-I。
本申请能够实现该终端设备与第二网络设备的数据传输的完整性保护。
结合第一方面,在第一方面的一种可能的实现方式中,所述终端设备的标识为所述第一网络设备为非激活态下的所述终端设备配置的标识,或者所述终端设备的标识为所述第一网络设备为连接态下的所述终端设备配置的标识。
结合第一方面,在第一方面的一种可能的实现方式中,所述第一消息包括所述上行数据,所述通信方法还包括:
所述终端设备移动到所述第二网络设备的小区后,获得所述第二网络设备的系统消息,所述系统消息包括至少一种业务对应的用户面的预配置参数信息;
所述终端设备根据所述预配置参数信息对应的业务,确定所述上行数据。
结合第一方面,在第一方面的一种可能的实现方式中,所述预配置参数信息包括下列信息中的至少一种:分组数据汇聚协议PDCP信息,无线链路层控制协议RLC信息,媒体接入控制MAC信息,或物理层PHY信息。
在本申请中,该终端设备无需与第二网络设备建立RRC连接,就可以根据该预配置参数信息,向第二网络设备发送该至少一种业务的数据,从而提高非激活态的终端设备与网络设备进行数据传输的效率。
结合第一方面,在第一方面的一种可能的实现方式中,所述第一消息是通过用户面数据包发送的。
结合第一方面,在第一方面的一种可能的实现方式中,所述通信方法还包括:所述终端设备根据所述第二网络设备的系统消息中包括的预配置的资源信息,获得所述第二网络设备的上行资源;或所述终端设备通过随机接入过程获得所述第二网络设备的上行资源。
结合第一方面,在第一方面的一种可能的实现方式中,所述第一消息中还包括所述第一网络设备的标识信息,以便于所述第二网络设备通过所述第一网络设备将所述上行数据和/或所述信令发送至所述核心网,其中,所述第一网络设备的标识信息包括所述第一网络设备的小区信息和/或所述第一网络设备的设备信息,所述信令为非接入层信令。
在本申请中,第二网络设备通过终端设备上一次驻留的第一网络设备向核心网转发终端设备的上行数据和/或信令,这样能够提高通信效率,同时也能够节省成本。
结合第一方面,在第一方面的一种可能的实现方式中,所述第一消息是通过RRC信令发送的。
结合第一方面,在第一方面的一种可能的实现方式中,所述通信方法还包括:所述终端设备接收所述第二网络设备发送的响应消息,所述响应消息包括以下信息中的至少一种:所述终端设备的标识,是否更新所述上下文信息的指示信息,是否进入RRC连接态的指示信息,是否保持在非激活态的指示信息,新的安全信息,无线接入网络区域的更新信息,进入RRC连接态的指示信息,保持在非激活态的指示信息,进入RRC空闲态的指示信息。
第二方面,提供一种通信方法,所述通信方法包括:
第二网络设备接收终端设备发送的第一消息,所述第一消息包括所述终端设备的标识,以及加密后的上行数据和/或信令,所述加密后的上行数据和/或信令是使用安全密钥加密的,所述终端设备处于断开与第一网络设备的无线资源控制RRC连接,并且保留所述终端设备在所述第一网络设备的上下文信息的状态,所述第一网络设备不同于所述第二网络设备;
所述第二网络设备通过所述第一网络设备获得所述安全密钥的信息;
所述第二网络设备根据所述安全密钥的信息,解析所述上行数据和/或信令。
在本申请中,非激活状态下的终端设备与网络设备进行通信时采用安全密钥加密,能够提高通信的安全性。
结合第二方面,在第二方面的一种可能的实现方式中,所述安全密钥包括所述上下文信息中保存的密钥。
在本申请中,非激活态的终端设备在与新的网络设备通信时,采用上一次驻留的网络设备的上下文信息中保存的密钥进行加密,在较小开销的前提下,能够提高与新的网络设 备之间通信的安全性。
结合第二方面,在第二方面的一种可能的实现方式中,所述安全密钥不同于所述终端设备与所述第一网络设备进行通信所采用的密钥。
在本申请中,非激活状态下的终端设备针对不同的网络设备,通信时采用不同的密钥,这样能够有效提高通信的安全性。
结合第二方面,在第二方面的一种可能的实现方式中,所述安全密钥是根据所述第二网络设备的标识信息确定的,所述第二网络设备的标识信息包括所述第二网络设备的小区信息和/或所述第二网络设备的频率信息。
在本申请中,根据网络设备的标识信息生成安全密钥,在与网络设备通信时采用该安全密钥加密,这样能够有效提高通信的安全性。
结合第二方面,在第二方面的一种可能的实现方式中,所述终端设备获得安全密钥,包括:所述终端设备根据所述第二网络设备的标识信息与所述上下文信息中保存的密钥,获得所述安全密钥,所述第二网络设备的标识信息包括所述第二网络设备的小区信息和/或所述第二网络设备的频率信息。
在本申请中,根据终端设备的初始上下文信息中保存的密钥与新的网络设备的标识信息生成安全密钥,在与网络设备通信时采用该安全密钥加密,这样能够有效提高通信的安全性。
结合第二方面,在第二方面的一种可能的实现方式中,所述安全密钥是根据所述第二网络设备的标识信息与所述第一网络设备为所述终端设备配置的安全信息确定的,所述第二网络设备的标识信息包括所述第二网络设备的小区信息和/或所述第二网络设备的频率信息;或
所述安全密钥是根据所述第一网络设备的标识信息与所述安全信息确定的,所述第一网络设备的标识信息包括所述第一网络设备的小区信息和/或所述第一网络设备的频率信息。
在本申请中,根据网络设备的标识信息与终端设备的初始上下文信息中保存的密钥生成安全密钥,在与网络设备通信时采用该安全密钥加密,这样能够有效提高通信的安全性。
结合第二方面,在第二方面的一种可能的实现方式中,确定所述安全密钥的信息还包括下列信息中的任一种:所述上下文信息中保存的计数器的值,所述终端设备从所述第一网络设备获得的计数器的值,所述第一网络设备的系统消息中携带的计数器的值,系统预定义的计数器的值。
结合第二方面,在第二方面的一种可能的实现方式中,所述第一消息中还包括完整性消息验证码MAC-I或者短完整性消息验证码short-MAC-I。
本申请能够实现该终端设备与第二网络设备的数据传输的完整性保护。
结合第二方面,在第二方面的一种可能的实现方式中,所述第一消息包括所述上行数据,所述第二网络设备的系统消息包括至少一种业务对应的用户面的预配置参数信息,以便于所述终端设备根据所述预配置参数信息对应的业务确定所述上行数据。
结合第二方面,在第二方面的一种可能的实现方式中,所述预配置参数信息包括下列信息中的至少一种:分组数据汇聚协议PDCP信息,无线链路层控制协议RLC信息,媒体接入控制MAC信息,或物理层PHY信息。
在本申请中,该终端设备无需与第二网络设备建立RRC连接,就可以根据该预配置参数信息,向第二网络设备发送该至少一种业务的数据,从而提高非激活态的终端设备与网络设备进行数据传输的效率。
结合第二方面,在第二方面的一种可能的实现方式中,所述第一消息是通过用户面数据包发送的。
结合第二方面,在第二方面的一种可能的实现方式中,所述第一消息还包括所述第一网络设备的标识信息,所述第一网络设备的标识信息包括所述第一网络设备的小区信息和/或所述第一网络设备的设备信息;
所述通信方法还包括:
所述第二网络设备根据所述第一网络设备的标识信息,向所述第一网络设备发送所述上行数据和/或所述信令,以使得所述第一网络设备将所述上行数据发送至核心网,所述信令为非接入层信令。
在本申请中,第二网络设备通过终端设备上一次驻留的第一网络设备向核心网转发终端设备的上行数据和/或信令,这样能够提高通信效率,同时也能够节省成本。
结合第二方面,在第二方面的一种可能的实现方式中,所述第一消息中包括所述上行数据,所述通信方法还包括:
所述第二网络设备获得所述上下文信息;
所述第二网络设备根据所述上下文信息,与所述核心网建立通信路径;
所述第二网络设备根据所述通信路径,向所述核心网发送所述上行数据。
在本申请中,第二网络设备根据终端设备的上下文信息,向核心网转发终端设备的上行数据,能够提高通信效率。
结合第二方面,在第二方面的一种可能的实现方式中,所述第二网络设备获得所述上下文信息,包括:
所述第二网络设备根据所述第一网络设备发送的所述上下文信息通知消息,获得所述上下文信息;或
所述第二网络设备向所述第一网络设备请求所述上下文信息。
结合第二方面,在第二方面的一种可能的实现方式中,所述通信方法还包括:
所述第二网络设备从所述核心网获得新的下一跳链式计数器NCC信息;
所述第二网络设备向所述终端设备发送所述新的NCC,用于指示所述终端设备利用所述新的NCC确定新的安全密钥,并利用所述新的安全密钥加密下一次发送的上行数据。
在本申请中,在第二网络设备与终端设备进行过至少一次数据传输后,重新确定新的安全密钥,能够进一步提高数据传输的安全性。
结合第二方面,在第二方面的一种可能的实现方式中,所述通信方法还包括:
所述第二网络设备根据下列至少一种信息确定是否需要更新所述上下文信息:所述终端设备的上行数据的大小,所述终端设备的上行数据的发送频率,所述第二网络设备的负荷,所述第二网络设备的用户连接数,所述终端设备的上行业务信息。
结合第二方面,在第二方面的一种可能的实现方式中,所述通信方法还包括:
所述第二网络设备针对所述第一消息,向所述终端设备发送响应消息,所述响应消息包括以下信息中的至少一种:
所述终端设备的标识,是否更新所述上下文信息的指示信息,是否进入RRC连接态的指示信息,是否保持在非激活态的指示信息,新的安全信息,无线接入网络区域的更新信息,进入RRC连接态的指示信息,保持在非激活态的指示信息,进入RRC空闲态的指示信息。
第三方面提供一种终端设备,所述终端设备用于执行上述第一方面或第一方面的任一可能的实现方式中的通信方法。具体地,所述终端设备可以包括用于执行第一方面或第一方面的任一可能的实现方式中的通信方法的模块。
第四方面提供一种终端设备,所述终端设备包括存储器和处理器,该存储器用于存储指令,该处理器用于执行该存储器存储的指令,并且对该存储器中存储的指令的执行使得该处理器执行第一方面或第一方面的任一可能的实现方式中的方法。
第五方面提供一种计算机可读存储介质,其上存储有计算机程序,所述程序被处理器执行时实现第一方面或第一方面的任一可能的实现方式中的方法。
第六方面提供一种网络设备,所述网络设备用于执行上述第二方面或第二方面的任一可能的实现方式中的通信方法。具体地,所述网络设备可以包括用于执行第二方面或第二方面的任一可能的实现方式中的通信方法的模块。
第七方面提供一种网络设备,所述网络设备包括存储器和处理器,该存储器用于存储指令,该处理器用于执行该存储器存储的指令,并且对该存储器中存储的指令的执行使得该处理器执行第二方面或第二方面的任一可能的实现方式中的方法。
第八方面提供一种计算机可读存储介质,其上存储有计算机程序,所述程序被处理器执行时实现第二方面或第二方面的任一可能的实现方式中的方法。
在本申请中,非激活状态下的终端设备与网络设备进行通信时采用安全密钥加密,能够提高通信的安全性。
附图说明
图1为本申请实施例的系统架构示意图。
图2为本申请实施例提供的通信方法的示意性流程图。
图3为本申请实施例提供的通信方法的另一示意性流程图。
图4为本申请实施例提供的通信方法的再一示意性流程图。
图5为本申请实施例提供的通信方法的再一示意性流程图。
图6为本申请实施例提供的通信方法的再一示意性流程图。
图7为本申请实施例提供的终端设备的示意性框图。
图8为本申请实施例提供的终端设备的另一示意性框图。
图9为本申请实施例提供的网络设备的示意性框图。
图10为本申请实施例提供的网络设备的另一示意性框图。
图11为本申请实施例提供的终端设备的再一示意性框图。
具体实施方式
下面将结合附图,对本申请中的技术方案进行描述。
应理解,本申请实施例的技术方案可以应用于长期演进(Long Term Evolution,LTE) 架构,还可以应用于通用移动通信系统(Universal Mobile Telecommunications System,UMTS)陆地无线接入网(UMTS Terrestrial Radio Access Network,UTRAN)架构,或者全球移动通信系统(Global System for Mobile Communication,GSM)/增强型数据速率GSM演进(Enhanced Data Rate for GSM Evolution,EDGE)系统的无线接入网(GSM EDGE Radio Access Network,GERAN)架构。在UTRAN架构或/GERAN架构中,MME的功能由服务通用分组无线业务(General Packet Radio Service,GPRS)支持节点(Serving GPRS Support,SGSN)完成,SGW\PGW的功能由网关GPRS支持节点(Gateway GPRS Support Node,GGSN)完成。本申请实施例的技术方案还可以应用于其他通信系统,例如公共陆地移动网络(Public Land Mobile Network,PLMN)系统,甚至未来的5G通信系统或5G之后的通信系统等,本申请实施例对此不作限定。
本申请实施例涉及终端设备。终端设备可以为包含无线收发功能、且可以与网络设备配合为用户提供通讯服务的设备。具体地,终端设备可以指用户设备(User Equipment,UE)、接入终端、用户单元、用户站、移动站、移动台、远方站、远程终端、移动设备、用户终端、终端、无线通信设备、用户代理或用户装置。例如,终端设备可以是蜂窝电话、无绳电话、会话启动协议(Session Initiation Protocol,SIP)电话、无线本地环路(Wireless Local Loop,WLL)站、个人数字处理(Personal Digital Assistant,PDA)、具有无线通信功能的手持设备、计算设备或连接到无线调制解调器的其它处理设备、车载设备、可穿戴设备,未来5G网络或5G之后的网络中的终端设备等,本申请实施例对此不作限定。
本申请实施例还涉及网络设备。网络设备可以是用于与终端设备进行通信的设备,例如,可以是GSM系统或CDMA中的基站(Base Transceiver Station,BTS),也可以是WCDMA系统中的基站(NodeB,NB),还可以是LTE系统中的演进型基站(Evolutional Node B,eNB或eNodeB),或者该网络设备可以为中继站、接入点、车载设备、可穿戴设备以及未来5G网络或5G之后的网络中的网络侧设备或未来演进的PLMN网络中的网络设备等。
本申请实施例中涉及的网络设备也可称为无线接入网(Radio Access Network,RAN)设备。RAN设备与终端设备连接,用于接收终端设备的数据并发送给核心网设备。RAN设备在不同通信系统中对应不同的设备,例如,在2G系统中对应基站与基站控制器,在3G系统中对应基站与无线网络控制器(Radio Network Controller,RNC),在4G系统中对应演进型基站(Evolutional Node B,eNB),在5G系统中对应5G系统,如新无线接入系统(New Radio Access Technology,NR)中的接入网设备(例如gNB,CU,DU)。
本申请实施例还涉及核心网(Core Network,CN)设备。CN设备在不同的通信系统中对应不同的设备,例如,在3G系统中对应服务GPRS支持节点(Serving GPRS Support Node,SGSN)或网关GPRS支持节点(Gateway GPRS Support Node,GGSN),在4G系统中对应移动管理实体(Mobility Management Entity,MME)或服务网关(Serving GateWay,S-GW),在5G系统中对应5G系统的核心网相关设备(例如NG-Core)。
为了便于理解本申请,首先在此介绍本申请的描述中会引入的几个要素:
连接(Connected)态,终端设备与无线接入网(Radio Access Network,RAN)设备之间建立了无线资源控制(Radio Resource Control,简称为“RRC”)连接。
上下文信息信息,RAN设备与终端设备建立RRC连接之后,RAN设备为终端设备分 配上下文信息,RAN设备与终端设备基于上下文信息信息进行通信。
具体地,上下文信息信息包括终端设备的标识信息、终端设备的安全上下文信息、终端设备的签约信息、终端设备的无线承载的配置信息,逻辑信道信息,以及Network Slicing Info,Network Slicing Info中包含当前终端设备在哪些Network Slicing内注册,以及每个Network Slicing内的CP Function的地址,其中,终端设备的无线承载的配置信息包括以下至少一项:分组数据汇聚协议PDCP的配置参数,无线链路层控制协议RLC的配置参数,媒体接入控制MAC的配置参数和/或物理层PHY的配置参数,分组数据汇聚协议PDCP的变量、计数器和/或定时器的取值,无线链路层控制协议RLC的变量、计数器和/或定时器的取值,媒体接入控制MAC的变量、计数器和/或定时器的取值和/或物理层PHY的变量、计数器和/或定时器的取值,比如,PDCP包的COUNT,PDCP包的SN。
非激活态(或者称为挂起(Suspend)态,或者轻连接(Light connection)态),终端设备与RAN设备之间没有RRC连接,但RAN设备和终端设备内均保存有上下文信息,并且可以通过恢复(Resume)消息恢复终端设备与RAN设备间的RRC连接,可选地,还可以恢复终端设备与RAN设备间的用于传输数据的数据无线承载(Data Radio Bearer,DRB)。该终端设备的S1接口会锚定在一个基站(可以称之为“锚点基站”),然后可以执行小区重选移动性,在一个预定的区域(如,称之为“基于RAN的寻呼区”,或“无线接入网区”)内移动时不需要通知基站,而一旦出了基于RAN的寻呼区,则需要向基站通知其位置,这个过程称为基于RAN的寻呼区更新(Paging Area Update)。本申请实施例中提及的“非激活态”只是用于描述这种状态,而非任何限定。
需要说明的是,本文中提及的以下术语:非激活态,锚点基站,无线接入网区(或基于RAN的寻呼区)更新,仅为描述方便进行的区分,并不用来限制本申请实施例的范围。
空闲(Idle)态,终端设备与RAN设备之间没有RRC连接,且终端设备与RAN设备中不再保存上下文信息。
终端设备的标识,能够唯一标识终端设备的标识,可以是由RAN设备为终端设备分配的标识,也可以为控制面设备(CP Function)为该终端设备分配的标识。
图1为本申请实施例的系统架构示意图。终端设备110初始与第一网络设备120建立RRC连接。第一网络设备120为终端设备110分配上下文信息。终端设备基于RRC连接与第一网络设备120进行通信,例如通过第一网络设备120访问核心网140。然后,终端设备110断开与第一网络设备120的RRC连接,但保留终端设备110在第一网络设备120下的上下文信息,即进入非激活态。终端设备110向第二网络设备130移动,当移动到第二网络设备130的小区内时,终端设备110基于之前保留的上下文信息,与第二网络设备130进行通信传输,例如通过第一网络设备120访问核心网140。
图2为本申请实施例提供的通信方法200的示意性流程图。图2中描述的终端设备、第一网络设备、第二网络设备可以分别对应于图1中所示的终端设备110、第一网络设备120与第二网络设备130。如图2所示,该方法200包括:
210,终端设备获得安全密钥,终端设备处于断开与第一网络设备的无线资源控制RRC连接,并且保留终端设备在第一网络设备的上下文信息的状态。
可选地,终端设备可以基于上下文信息中保存的密钥确定该安全密钥,也可以结合其他信息和/或上下文信息中保存的密钥确定该安全密钥。下文将详细描述。
为了描述的方便,下文中,使用非激活态表示终端设备断开与第一网络设备的无线资源控制RRC连接,并且保留终端设备在第一网络设备的上下文信息的状态。
220,终端设备向第二网络设备发送第一消息,第一消息包括终端设备的标识,以及加密后的上行数据和/或信令,加密后的上行数据和/或信令是使用安全密钥加密的,第二网络设备不同于第一网络设备。
终端设备的标识可以是第一网络设备为非激活态下的终端设备配置的标识。或者,终端设备的标识是第一网络设备为连接态下的终端设备配置的标识。例如,终端设备的标识包括该终端设备的恢复标识(恢复ID)和/或上下文标识(上下文ID)。
应理解,第二网络设备根据第一消息中携带的终端设备的标识,能够获知该第一消息来自于该终端设备。
具体地,该上行数据可以是该终端设备的业务数据。
具体地,该信令可以是非接入层信令或者接入层信令。其中,接入层信令例如为该终端设备的基于RAN(Radio Access Network)的寻呼区更新信令。终端设备移动超出原来的的基于RAN的寻呼区,并进入第二网络设备所属的另一个基于RAN的寻呼区,这种情况下,终端设备候需要向第二网络设备上报终端设备已经离开原来的基于RAN的寻呼区,这个信令可以称为基于RAN的寻呼区更新信令。其中,终端设备在一个预定的区域(如,基于RAN的寻呼区)内移动时不需要通知基站,而一旦出了基于RAN的寻呼区,则需要向基站上报该终端设备已经离开原来的基于RAN的寻呼区,这个过程称为基于RAN的寻呼区更新(Paging Area Update)。基于RAN的寻呼区更新信令还可以是该终端设备的周期基于RAN的寻呼区更新信令。非接入层信令例如为跟踪区(Tracking Area,TA)更新信令。
230,第二网络设备通过第一网络设备获得安全密钥的信息。
具体地,该安全密钥的信息可以是用于生成该安全密钥的信息,也可以是该安全密钥本身。
需要说明的是,第二网络设备从第一网络设备获得的安全密钥的信息所表示的安全密钥与终端设备获得的安全密钥是同一个密钥。例如,通过系统定义或者协议规定,终端设备与第一网络设备按照相同的规则或算法,生成该安全密钥。
具体地,第一网络设备可以向第二网络设备主动发送该安全密钥信息,或者,第二网络设备需要向第一网络设备请求该安全密钥的信息。
240,第二网络设备根据安全密钥的信息,解析上行数据和/或信令。
具体地,第二网络设备可以直接或间接地将上行数据和/或信令发送至核心网。
因此,在本申请实施例中,非激活状态下的终端设备与网络设备进行通信时采用安全密钥加密,能够提高通信的安全性。
具体地,在步骤210之前,该方法200还包括:第一网络设备向终端设备发送RRC释放消息;终端设备根据RRC释放消息,断开与第一网络设备的无线资源控制RRC连接,但保留终端设备在第一网络设备的上下文信息,即终端设备进入非激活态。
可选地,该RRC释放消息中可以包括终端设备的
至标识。
可选地,该RRC释放消息中还可以包括以下信息中的少一种信息:
1)终端设备上下文不删除指示。
该信息用于告知终端设备不删除终端设备在第一网络设备的上下文信息,继续保存。
2)终端设备上下文有效期时长。
该信息用于告知终端设备保存上下文信息的有效期,当该上下文的保存时长超过有效期时,终端设备可以删除该上下文。
3)终端设备后续可能建立的业务的用户面(User Plane,UP)配置信息。
该UP配置信息指的是,终端设备目前在进入非激活态之前未建立的一个或多个业务对应的UP配置信息。后续用户如果触发新业务,终端设备无需进入连接态,就可以基于该信息直接建立新业务。该UP配置信息有助于提高后续终端设备建立新业务的效率。
4)终端设备下次发起RRC连接恢复或者发送上行数据需要的安全信息。
具体地,该安全信息可以是独立的,也可以是共享的。例如,该安全信息可以包括下列信息的任一种或多种的组合:安全算法,下一跳链计数器(Next-Hop Chaining Counter,NCC),用于得到安全密钥的计数值(COUNT),或其他能够获得安全密钥的参数。
5)Cause Value原因值信息,如,高优先级接入,无线接入区域更新,被叫数据或主叫信令等。
具体地,在步骤210中,终端设备可以基于上下文信息中保存的密钥确定该安全密钥,也可以结合其他信息和/或上下文信息中保存的密钥确定该安全密钥。
可选地,在一些实施例中,该安全密钥包括上下文信息中保存的密钥。
具体地,终端设备将上下文信息中保存的密钥确定为该安全密钥。
应理解,上下文信息中保存的密钥就是终端设备与第一网络设备进行通信所采用的密钥。
在本申请实施例中,非激活状态下的终端设备与网络设备进行通信时采用安全密钥加密,能够提高通信的安全性。
可选地,在一些实施例中,该安全密钥不同于终端设备与第一网络设备进行通信所采用的密钥。
具体地,该安全密钥可以通过如下几种方式生成。
作为第一种实现方式,该安全密钥是根据第二网络设备的标识信息确定的,第二网络设备的标识信息包括第二网络设备的小区信息和/或第二网络设备的频率信息。
具体地,终端设备根据第二网络设备的标识信息,按照预设的算法,生成该安全密钥。
第二网络设备的小区信息例如为第二网络设备的小区标号或第二网络设备的小区标识,第二网络设备的频率信息例如为第二网络设备的频点信息或第二网络设备的频段信息或者二者皆有。
作为第二种实现方式,该安全密钥是根据第二网络设备的标识信息与上下文信息中保存的密钥确定的。
具体地,终端设备根据第二网络设备的标识信息与上下文信息中保存的密钥,按照预设的算法,生成该安全密钥。
作为第三种实现方式,该安全密钥是根据第二网络设备的标识信息与第一网络设备为终端设备配置的安全信息确定的,第二网络设备的标识信息包括第二网络设备的小区信息和/或第二网络设备的频率信息。
具体地,终端设备根据该第二网络设备的标识信息以及第一网络设备为该终端设备分配的安全信息,按照预设的算法,生成该安全密钥。
第一网络设备为该终端设备分配的安全信息例如为上述的第一网络设备为终端设备配置的“4)终端设备下次发起RRC连接恢复或者发送上行数据需要的安全信息”。
具体地,该安全信息可以是独立的,也可以是共享的。例如,该安全信息可以包括下列信息的任一种或多种的组合:安全算法,下一跳链计数器(Next-Hop Chaining Counter,NCC),用于得到安全密钥的计数值(COUNT),或其他能够获得安全密钥的参数。
可选地,终端设备可以从第一网络设备发送的RRC释放消息中获得该安全信息。
作为第四种实现方式,该安全密钥是根据第一网络设备的标识信息与第一网络设备为该终端设备分配的安全信息确定的,第一网络设备的标识信息包括第一网络设备的小区信息和/或第一网络设备的频率信息。第一网络设备为该终端设备分配的安全信息例如为上述的第一网络设备为终端设备配置的“4)终端设备下次发起RRC连接恢复或者发送上行数据需要的安全信息”。
具体地,该终端设备根据该第一网络设备的标识信息与第一网络设备为该终端设备分配的安全信息,按照预设的算法,生成该安全密钥。
第一网络设备的小区信息例如为第一网络设备的小区标号或第一网络设备的小区标识,第一网络设备的频率信息例如为第一网络设备的频点信息或第一网络设备的频段信息或者二者皆有。
可选地,在上述获得该安全密钥的方式中,终端设备还可以参考下列信息中的任一种,按照对应的算法,生成该安全密钥:上下文信息中保存的计数器的值,从第一网络设备获取的计数器的值,第一网络设备的系统消息中携带的计数器的值,系统预定义的计数器的值。
其中,从第一网络设备获取的计数器的值,可以是终端设备从第一网络设备发送的RRC释放消息中获得的计数器的值。
本文所涉及的计数器的值,例如可以是数据包(分组)的计数器的值。
应理解,上文描述的获得该安全密钥的实现方式仅为示例而非限定,实际操作中,可以通过系统定义或协议规定,参考其它相关参数,按照可行的算法,生成该安全密钥。
因此,在本申请实施例中,非激活态的终端设备与第二网络设备通信所采用的安全密钥不同于该终端设备与上一次驻留的第一网络设备所采用的安全密钥,从而可以提高终端设备与第二网络设备通信的安全性。
可选地,步骤220中,终端设备向第二网络设备发送的第一消息中还包括完整性消息验证码(Message Authentication Code for Integrity,MAC-I)或短完整性消息验证码(short-MAC-I)。
具体地,MAC-I或short-MAC-I可以根据终端设备的上下文信息中保存的密钥,利用完整性保护算法推演出来。或者,MAC-I或short-MAC-I可以根据上述生成安全密钥的第一种至第四种实现方式中的任一种,利用完整性保护算法推演出来。
应理解,第一消息中携带MAC-I或short-MAC-I,能够实现该第一消息的完整性保护。因此,本申请实施例能够实现非激活态下的终端设备与网络设备进行通信时的完整性保护。
具体地,在步骤220中,终端设备利用第二网络设备的上行资源向第二网络设备发送第一消息。
终端设备可以采用多种不同的方式获得第二网络设备的上行资源。
1)终端设备可以通过第二网络设备的系统消息,获得第二网络设备的免授权(Grant-free)资源。
可选地,在某些实施例中,该方法200还包括:终端设备移动到第二网络设备的小区后,获得第二网络设备的系统消息,第二网络设备的系统消息中携带预配置的资源信息;终端设备根据该预配置资源信息,获得第二网络设备的上行资源。
具体地,该预配置的资源信息指示该第二网络设备的免授权(Grant-free)资源。例如,该Grant-free资源用于移动到第二网络设备的小区内的非激活态的终端设备发送小包数据。该终端设备可以将该Grant-free资源确定为该上行资源。
可选地,该预配置的资源信息所指示的Grant-free资源分成若干组,其中,每个组的资源信息用于指示,该组资源的时域、频域位置,以及对应的签名(或者,序列、标号(index))。可选地,该Grant-free资源信息所指示的该若干组资源又分为:初始发送组,重传1组,重传2组,…和重传m组,m为正整数。
该终端设备在需要发送上行数据和/或信令时,选择该Grant-free资源信息所指示的Grant-free资源中的其中一个组(例如初始发送组)的资源,发送上行数据和/或信令。
可选地,在本实施例中,终端设备在向第二网络设备发送上行数据和/或信令的同时,还向第二网络设备发送签名与该终端设备的标识。该签名用于通知第二网络设备为终端设备分配资源。
可选地,在本实施例中,终端还可以向第二网络设备发送下列信息中的任一种或多种:预配置参数索引号,MAC-I,缓存状态报告(Buffer Status Report,BSR),PDCP包相关的计数值(COUNT)和包序号(Sequence Number,SN),以及第一网络设备的信息。
可选地,在本实施例中,如果终端设备利用初始发送组的资源向第二网络设备发送上行数据和/或信令时,发送失败,终端设备还可以使用重传组的资源继续发送。
本实施例中,该终端设备将该第二网络设备的Grant-free资源确定为第二网络设备的上行资源,能够提高与第二网络设备进行通信的效率。
2)终端设备可以通过随机接入(Radom Access,RA)过程获得第二网络设备的上行资源。
可选地,在某些实施例中,该方法200还包括:终端设备移动到第二网络设备的小区后,获得该第二网络设备的系统消息;终端设备发起RA过程,获得第二网络设备的免授权(Grant-free)资源;该终端设备在需要发送上行数据时,向第二网络设备发送前导序列,该前导序列用于通知第二网络设备为终端设备分配资源,可选地,还可以发送该终端设备的标识;终端设备接收第二网络设备发送的根据该前导序列分配的资源;可选地,终端设备根据第二网络设备分配的资源向第二网络设备发送缓存状态报告(Buffer Status Report,BSR);第二网络设备根据终端设备发送的BSR,向终端设备发送上行授权资源(UL Grant),即该终端设备获得到第二网络设备的上行资源。
具体地,该终端设备还根据第二网络设备发送的UL Grant,向第二网络设备发送RRC连接请求,该RRC连接请求中携带该终端设备的标识。
应理解,该终端设备获得到第二网络设备的系统消息后,终端设备读取该系统消息中的公共陆地移动网络(Public Land Mobile Network,PLMN)信息,确定该第二网络设备的小区的无线接入技术(Radio Access Technology,RAT)类型与第一网络设备的小区的RAT类型不同。
还应理解,如果该终端设备通过读取该系统消息,获知该第二网络设备的基于RAN的寻呼区(Paging Area,PA)与第一网络设备的PA相同,则该终端设备不向第二网络设备发起基于RAN的寻呼区更新信令。如果该终端设备通过读取该系统消息,获知该第二网络设备的基于RAN的寻呼区(Paging Area,PA)与第一网络设备的PA不同,即PA发生改变,则该终端设备可以向第二网络设备发起基于RAN的寻呼区更新信令。
可选地,在某些实施例中,第二网络设备的系统消息中还携带至少一种业务对应的用户面(User Plane,UP)的预配置参数信息,该方法200还包括:终端设备根据所述预配置参数信息对应的业务,确定将要发送的该上行数据。换句话说,在步骤220中,终端设备根据该预配置参数信息对应的业务,向第二网络设备发送上行数据。
具体地,例如,该预配置参数信息还可以包括分组数据汇聚协议(Packet Data Convergence Protocol,PDCP)、无线链路层控制协议(Radio Link Control,RLC)、媒体接入控制(Media Access Control,MAC)、或物理层(PHY)的配置信息和配置索引号。
在本实施例中,例如,在该终端设备需要添加新的业务,并发送新的业务类型的数据的场景中,该终端设备无需与第二网络设备建立RRC连接,就可以根据该预配置参数信息,向第二网络设备发送该至少一种业务的数据,从而提高终端设备与切换后的网络设备进行数据传输的效率。
可选地,在某些实施例中,第二网络设备的系统消息中还携带至少一种服务质量(Quality of Service,QoS)对应的用户面的预配置参数信息;该方法200还包括:该终端设备根据所述预配置参数信息对应的QoS,确定将要发送的该上行数据。
在本实施例中,该终端设备无需与第二网络设备建立RRC连接,就可以根据该预配置参数信息,向第二网络设备发送该至少一种QoS对应的数据,从而提高终端设备与切换后的网络设备进行数据传输的效率。
3)终端设备从第一网络设备获得第二网络设备的上行资源。
可选地,在某些实施例中,第一网络设备向终端设备发送的RRC释放消息中还携带至少一个小区的预配置的免授权的上行资源,例如,与第一网络设备同在一个基于RAN的寻呼区(RAN-based Paging Area,RAN-based PA)内的其他网络设备的小区的预配置的免授权的上行资源。假设第二网络设备与第一网络设备属于同一个基于RAN的寻呼区,则终端设备在接收到第一网络设备发送的RRC释放消息后,可以获得第二网络设备的预配置的免授权的上行资源。
可选地,在上述某些实施例中,终端设备可以通过MAC层数据信令或控制信令,发送第一消息。
例如,终端设备通过MAC层协议数据单元(MAC Protocol Data Unit,MAC PDU)发送该第一消息。
可选地,在上述某些实施例中,该终端设备可以通过用户面数据包向第二网络设备发送该第一消息。
例如,终端设备通过用户面包数据汇聚层(Packet Data Convergence Protocol,PDCP)发送该第一消息。
可选地,在上述某些实施例中,该终端设备可以通过RRC信令向第二网络设备发送该第一消息。
具体地,在步骤230中,第一网络设备向第二网络设备发送安全密钥的信息,以便于第二网络设备后续可以根据该安全密钥解析终端设备发送的上行数据和/或信令。
其中,第一网络设备发送的安全密钥的信息可以是用于生成该安全密钥的参数信息,或者直接是安全密钥本身。需要说明的是,第一网络设备发送的安全密钥的信息所对应的安全密钥与步骤210中终端设备获得的安全密钥是同一个密钥。例如,如果步骤210中终端设备将上下文信息中保存的密钥作为该安全密钥,则第一网络设备向第二网络设备发送的安全密钥的信息可以是该上下文信息。如果步骤210中,终端设备根据第二网络设备的标识信息与上下文信息中保存的密钥生成该安全密钥(对应于上文描述的获得安全密钥的第二种实现方式),则第一网络设备向第二网络设备发送的安全密钥的信息包括该上下文信息以及用于指示第二网络设备的标识信息的指示信息(或者直接是第二网络设备的标识信息本身)。
具体地,在步骤240之后,第二网络设备可以间接地或直接地将终端设备发送的上行数据和/或信令发送至核心网。
可选地,作为一个实施例,终端设备发送的第一消息还包括第一网络设备的标识信息,第一网络设备的标识信息包括第一网络设备的小区信息和/或第一网络设备的设备信息;该通信方法200还包括:第二网络设备根据第一网络设备的标识信息,向第一网络设备发送上行数据和/或信令,以使得第一网络设备将上行数据发送至核心网,信令为非接入层信令。
应理解,该实施例描述的是第二网络设备间接地将终端设备发送的上行数据和/或信令发送至核心网的方案。
可选地,作为一种实现方式,该终端设备的标识中也可以携带该第一网络设备的标识信息。这种情况下,该第一消息中携带该终端设备的标识,就能够使得第二网络设备获取到第一网络设备的标识信息。
具体地,该第一网络设备的小区信息例如为第一网络设备的小区标号或小区标识。该第一网络设备的设备信息例如为第一网络设备的设备编号、GPRS隧道协议(GPRS Tunneling Protocol,GTP)隧道端点信息、IP地址或MAC地址。其中,GTP隧道端点信息包括传输层地址(Transport Layer Address)和隧道端点标识符(Tunnel Endpoint Identifier,TEID)。
在本申请实施例中,第二网络设备通过终端设备上一次驻留的第一网络设备向核心网转发终端设备的上行数据和/或信令,这样能够提高通信效率,同时也能够节省成本。
需要说明的是,在该第二网络设备间接地向核心网发送该上行数据和/或信令的方案中,如果终端设备是通过PDCP SDU,即IP包向第二网络设备发送该第一消息,则第二网络设备可以直接将该第一消息转发至第一网络设备。如果终端设备是通过PDCP PDU,或RLC PDU,或MAC PDU或层1码流向第二网络设备发送该第一消息,则在第二网络设备向第一网络设备发送该第一消息之前,第一网络设备需要对第二网络设备进行针对该 终端设备的配置,例如包括用户面配置等。
可选地,作为一个实施例,该方法200还包括:该第二网络设备获得上下文信息;该第二网络设备根据该上下文信息,与该核心网建立通信路径;该第二网络设备根据该通信路径,向该核心网发送该上行数据和/或信令。
应理解,第二网络设备可以从上下文信息中获得终端设备的数据的传输路径信息。
应理解,该实施例描述的是第二网络设备直接地将终端设备发送的上行数据和/或信令发送至核心网的方案。
在本申请实施例中,第二网络设备基于上下文信息与核心网连接,从而可以在无需与终端设备建立RRC连接的情况下,转发终端设备的上行数据至核心网。
可选地,在一些实施例中,第二网络设备可以通过第一网络设备预先发送的终端设备上下文通知消息获得上下文信息。
可选地,在一些实施例中,第二网络设备可以在接收到该终端设备的第一消息之后向第一网络设备请求该上下文信息。
换句话说,当第二网络设备中没有保存该上下文信息时,第二网络设备可以向终端设备上一次驻留的第一网络设备请求上下文信息。
可选地,在该第二网络设备直接地向核心网发送该上行数据的实施例中,该方法还包括:该第二网络设备从该核心网获得新的下一跳链式计数器(Next Hop Chaining Counter,NCC)信息;该第二网络设备向该终端设备发送该新的NCC,用于指示该终端设备利用该新的NCC确定新的安全密钥,并利用该新的安全密钥加密下一次发送的上行数据;该终端设备根据该新的NCC与该安全密钥,生成新的安全密钥,并在后续数据传输过程中使用该新的安全密钥加密。
在本实施例中,在第二网络设备与终端设备进行过至少一次数据传输后,重新确定新的安全密钥,能够进一步提高数据传输的安全性。
可选地,在该第二网络设备直接地向核心网发送该上行数据的实施例中,该方法还包括:该第二网络设备确定是否需要更新该上下文信息。
具体地,该第二网络设备根据以下至少一种信息确定是否需要更新该上下文信息:该终端设备的上行数据的大小,该终端设备的上行数据的发送频率,该第二网络设备的负荷,该第二网络设备的用户连接数和该终端设备的上行业务信息。
例如,协议规定,当该终端设备的上行数据的大小超过阈值,或当该终端设备的上行数据的发送频率超过阈值,或该第二网络设备的负荷超过阈值,或该第二网络设备的用户连接数超过阈值,或者该终端设备的上行业务信息满足预设条件时,第二网络设备确定需要更新该上下文信息。
可选地,在一些实施例中,该方法200还包括:所述第二网络设备向所述终端设备发送响应消息,所述响应消息包括所述终端设备的标识。
应理解,该响应消息用于告知该第二网络设备成功接收到该终端设备发送的第一消息。
可选地,该响应消息还包括以下信息中的至少一种:是否更新所述上下文信息的指示信息,是否进入RRC连接态的指示信息,是否保持在非激活态的指示信息,新的安全信息,无线接入网络区域的更新信息,进入RRC连接态的指示信息,保持在非激活态的指 示信息,进入RRC空闲态的指示信息;该方法200还包括:该终端设备根据该响应消息中携带的指示信息,执行相应的操作。
例如,当该响应消息包括用于指示更新所述上下文信息的指示信息时,该终端设备释放之前保留的上下文,准备接收第二网络设备为该终端设备配置的新的上下文。当该响应消息包括用于指示进入RRC连接态的指示信息时,该终端设备向该第二网络设备发送RRC连接请求。当该响应消息包括用于指示保持在非激活态的指示信息时,该终端设备继续保持非激活态,即不与该第二网络设备建立RRC连接。
可选地,如果终端设备收到第二网络设备的该响应消息指示失败反馈,或者没收到该响应消息,终端设备可以执行如下动作:
释放保存的上下文信息,进入空闲态;或者
保持在非激活态,将安全信息回退后,重新选择小区(网络设备),再次发起与网络设备建立通信的过程;或者
保持在非激活态,将安全信息回退后,重新选择小区(网络设备),进入RRC连接建立流程;或者
需要将安全信息回退后,重新选择小区(网络设备),进入RRC连接重建立流程。
应理解,终端收到第二网络设备的失败反馈或者没收到反馈的原因可能包括以下因素的任一种或多种的组合:安全验证失败,配置不支持,功能不支持,无效配置,定时器超时。
为了便于更好地理解本申请实施例提供的通信方法,下文将结合图3至图6详细描述一些具体实施例。
图3为本申请实施例提供的通信方法300的另一示意性流程图。为了描述的方便,在图3的描述中,采用GNB1表示第一网络设备,采用GNB2表示第二网络设备,采用CN(Core Network)表示核心网设备。应理解,GNB1与GNB2仅为描述方便进行的区分,并不用来限制本申请实施例的范围。如图3所示,该方法300包括:
301,GNB1向终端设备发送RRC释放消息。
可选地,该RRC释放消息可以隐式地指示终端设备进入非激活态。例如,该RRC释放消息携带终端设备进入非激活态的指示。可选地,该RRC释放消息也可以显示地指示终端设备进入非激活态,例如,该RRC释放消息直接指示该终端设备进入非连接态。
当该RRC释放消息显示地指示终端设备进入非激活态的情形下,该RRC释放消息例如可以是RRC消息,MAC信令,或物理层控制信令。该RRC释放消息可以是单播消息,组播消息或广播消息。
302,终端设备释放与该GNB1的RRC连接,而且保留该终端设备在GNB1下的上下文信息,即进入非激活态(RRC inactive)。
303,终端设备移动到GNB2的小区后,获得GNB2的上行资源。
可选地,可以通过GNB2的系统消息,获得GNB2的上行资源。
可选地,还可以利用随机接入(Radom Access,RA)过程请求GNB2为终端设备分配上行资源。
具体描述参见上文,这里不再赘述。
304,终端设备获得安全密钥。
具体地,该安全密钥可以直接是该上下文信息中保存的密钥。或者,该安全密钥是根据GNB2的标识信息与该上下文信息中保存的密钥确定的。或者,该安全密钥是根据GNB2的标识信息与GNB1配置的安全信息确定的,该安全信息例如为上文所述的GNB1为终端设备配置的终端设备下次发起RRC连接恢复或者发送上行数据需要的安全信息。或者,该安全密钥是根据GNB1的标识信息与GNB1配置的安全信息确定的。这里提及的GNB(GNB1或GNB2)的标识信息可以是GNB的小区信息或GNB的频率信息。
305,终端设备利用GNB2的上行资源,向GNB2发送上行数据(DATA),还发送终端设备的标识。
该终端设备的标识可以是该终端设备自己生成的标识,也可以是GNB1为连接态下的该终端设备分配的标识,还可以是GNB1为非激活态下的该终端设备分配的标识。
可选地,在步骤306中,终端设备在发送终端设备的标识与上行数据的同时,还可以发送MAC-I或shortMAC-I。MAC-I或shortMAC-I可以是按照该安全密钥推演出来的。
终端设备采用安全密钥向GNB2发送上行数据,还通过发送MAC-I保证数据的完整性保护,能够有效提高终端设备与GNB2之间数据传输的安全性。
306,GNB2通过GNB1获得安全密钥的信息。GNB2根据安全密钥的信息解析终端设备发送的上行数据。
具体参见上文关于步骤230的描述,这里不再赘述。
307,GNB2接收到终端设备发送的上行数据后,发现本地没有该上下文信息,则向该终端设备上一次驻留的GNB1请求该上下文信息。
308,GNB1向GNB2发送用于指示该上下文信息的终端设备上下文请求响应。
应理解,GNB2获得该上下文信息后,可以获得终端设备在连接态下的数据传输路径。
可选地,GNB2可以在本地保存该上下文信息。
309,GNB2根据该上下文信息,向CN发送路径切换请求。
310,CN向GNB2发送路径切换请求响应,该路径切换请求响应可以包括新的NCC。
该新的NCC用于确定新的安全密钥。
311,GNB2向CN发送该终端设备发送的上行数据。
312,GNB2向终端设备发送响应消息,该响应消息中包括终端设备的标识与CN发送的新的NCC,还可以包括MAC-I。
应理解,该终端设备的标识用于告知GNB2成功接收到终端设备发送的上行数据。该新的NCC用于指示终端设备根据该新的NCC确定新的安全密钥。MAC-I用于完整性保护。
如果GNB2没有明确指示,终端设备可以继续保持在非激活态(RRC inactive)。
313,终端设备基于新的NCC获得新的安全密钥加密。
314,终端设备再次向GNB2发送加密后的上行数据,同时还发送终端设备的标识,还发送MAC-I,该上行数据采用新的安全密钥加密。
315,GNB2向核心网转发终端设备发送的上行数据。
可选地,GNB2可以向终端设备发送响应消息,该响应消息包括终端设备的标识与MAC-I。
可选地,如果终端设备收到GNB2发送的响应消息指示失败反馈,或者没收到响应消 息,终端设备可以执行如下动作:
释放保存的上下文信息,进入空闲态;或者
保持在非激活态,将安全信息回退后,重新选择小区(网络设备),再次发起与网络设备建立通信的过程;或者
保持在非激活态,将安全信息回退后,重新选择小区(网络设备),进入RRC连接建立流程;或者
需要将安全信息回退后,重新选择小区(网络设备),进入RRC连接重建立流程。
应理解,终端收到GNB2的失败反馈或者没收到反馈的原因可能包括以下因素的任一种或多种的组合:安全验证失败,配置不支持,功能不支持,无效配置,定时器超时。
在本实施中,终端设备可以一直保持在非激活态,基于该上下文信息,与GNB2进行数据传输。或者,终端设备也可以向GNB2发送RRC连接恢复请求,进入连接态,与GNB2进行数据传输。
在本实施例中,非激活态的终端设备与网络设备GNB2传输数据的过程中,采用安全密钥加密数据,能够有效提高数据传输的安全性。
图4为本申请实施例提供的通信方法400的再一示意性流程图。在图4的描述中,也采用GNB1表示第一网络设备,采用GNB2表示第二网络设备,采用CN(Core Network)表示核心网设备。应理解,GNB1与GNB2仅为描述方便进行的区分,并不用来限制本申请实施例的范围。如图4所示,该方法400包括:
401,GNB1向终端设备发送RRC释放消息。同步骤301。
402,终端设备释放与该GNB1的RRC连接,但保留该上下文信息,即进入非激活态(RRC inactive)。同步骤302。
403,GNB1向相邻网络设备(包括GNB2)发送上下文信息通知消息,上下文信息通知消息包括该终端设备的上下文信息。
可选地,GNB2接收到GNB1发送的上下文通知消息后,可以向GNB1发送响应消息。
404,GNB2根据GNB1发送的上下文通知消息,获得该上下文信息,并保存。
应理解,GNB2获得该上下文信息后,可以获得终端设备在连接态下的数据传输路径。
如图4所示,GNB2还可以向GNB1发送针对上下文通知消息的响应消息。
405,终端设备移动到GNB2的小区后,获得GNB2的上行资源。同步骤303。
406,终端设备获得安全密钥。同步骤304。
407,终端设备利用GNB2的上行资源,向GNB2发送上行数据(DATA),还发送终端设备的标识。同步骤306。
需要说明的是,在本实施例中,步骤403与步骤404在步骤407之前执行。步骤403与404,与步骤401与402,没有严格先后顺序的限制。
408,GNB2通过GNB1获得安全密钥的信息。GNB2根据安全密钥的信息解析终端设备发送的上行数据。
具体参见上文关于步骤230的描述,这里不再赘述。
409,GNB2接收到终端设备发送的上行数据后,根据该上下文信息,向CN发送路径切换请求。同步骤309。
410,CN向GNB2发送路径切换请求响应,该路径切换请求响应可以包括新的NCC。
该新的NCC用于确定新的安全密钥。同步骤310。
411,GNB2向CN发送该终端设备发送的上行数据。同步骤311。
412,GNB2向终端设备发送响应消息,该响应消息中包括终端设备的标识与CN发送的新的NCC,还可以包括MAC-I。同步骤312。
应理解,该终端设备的标识用于告知GNB2成功接收到终端设备发送的上行数据。该新的NCC用于指示终端设备根据该新的NCC确定新的安全密钥。MAC-I用于完整性保护。
如果GNB2没有明确指示,终端设备继续保持在非激活态(RRC inactive)。
413,终端设备基于新的NCC获得新的安全密钥加密。同步骤313。
414,终端设备再次向GNB2发送加密后的上行数据,同时还发送终端设备的标识,还发送MAC-I,该上行数据采用新的安全密钥加密。同步骤314。
415,GNB2向核心网转发终端设备发送的上行数据。同步骤315。
可选地,GNB2可以向终端设备发送响应消息,该响应消息包括终端设备的标识与MAC-I。
可选地,如果终端设备收到GNB2发送的响应消息指示失败反馈,或者没收到响应消息,终端设备可以执行如下动作:
释放保存的上下文信息,进入空闲态;或者
保持在非激活态,将安全信息回退后,重新选择小区(网络设备),再次发起与网络设备建立通信的过程;或者
保持在非激活态,将安全信息回退后,重新选择小区(网络设备),进入RRC连接建立流程;或者
需要将安全信息回退后,重新选择小区(网络设备),进入RRC连接重建立流程。
应理解,终端收到GNB2的失败反馈或者没收到反馈的原因可能包括以下因素的任一种或多种的组合:安全验证失败,配置不支持,功能不支持,无效配置,定时器超时。
对比图3与图4可知,在图4所示的实施例中,由于GNB2预先通过GNB1发送的该上下文信息通知消息获得了该上下文信息(如图4所示的步骤403与步骤404),因此,当GNB2接收到终端设备发送的上行数据后,就可以直接利用本地已经保存的该上下文信息,将该上行数据转发至核心网了,从而能够有效提高数据传输的效率,有效降低传输时延。
在本实施中,终端设备可以一直保持在非激活态,基于该上下文信息,与GNB2进行数据传输。或者,终端设备也可以向GNB2发送RRC连接恢复请求,进入连接态,与GNB2进行数据传输。
在图3与图4的描述中,GNB2直接向核心网转发终端设备的上行数据。下文结合图5,描述GNB2通过GNB1间接向核心网转发终端设备的上行数据的方案。
图5为本申请实施例提供的通信方法500的再一示意性流程图。在图5的描述中,也采用GNB1表示第一网络设备,采用GNB2表示第二网络设备。应理解,GNB1与GNB2仅为描述方便进行的区分,并不用来限制本申请实施例的范围。如图5所示,该方法500包括:
501,GNB1向终端设备发送RRC释放消息。同步骤301。
502,终端设备释放与该GNB1的RRC连接,但保留终端设备在GNB1的上下文信息,即进入非激活态(RRC inactive)。同步骤302。
503,终端设备移动到GNB2的小区后,获得GNB2的上行资源。同步骤303。
504,终端设备获得安全密钥。同步骤304。
505,终端设备利用GNB2的上行资源,向GNB2发送上行数据(DATA),还发送终端设备的标识。同步骤305。
506,GNB2通过GNB1获得安全密钥的信息。
具体参见上文关于步骤230的描述,这里不再赘述。
507,GNB2获得GNB1的标识信息,GNB1的标识信息包括GNB1的小区信息和/或GNB1的设备信息,具体解释参见上文相关描述。
508,GNB2根据GNB1的标识信息,向GNB2发送终端设备的上行数据。
509,GNB1向CN转发终端设备的上行数据。
图6为本申请实施例提供的通信方法600的再一示意性流程图。在图6的描述中,也采用GNB1表示第一网络设备,采用GNB2表示第二网络设备。应理解,GNB1与GNB2仅为描述方便进行的区分,并不用来限制本申请实施例的范围。如图6所示,该方法600包括:
601,GNB1向终端设备发送RRC释放消息。同步骤301。
602,终端设备释放与该GNB1的RRC连接,但保留终端设备在GNB1的上下文信息,即进入非激活态(RRC inactive)。同步骤302。
603,终端设备移动到GNB2的小区后,获得GNB2的上行资源。同步骤303。
604,终端设备获得安全密钥。同步骤304。
605,终端设备获得到GNB2的系统消息后,终端设备读取该系统消息中的PLMN信息,获知GNB2的小区的RAT类型与GNB1的小区的RAT类型不同,还获知GNB2的基于RAN的寻呼区(Paging Area,PA)与GNB1的PA不同,即发生基于RAN的寻呼区更新。
606,终端设备根据GNB2的上行资源向GBN2发送加密后的基于RAN的寻呼区更新信令,同时还发送该终端设备的标识与MAC-I,其中,该基于RAN的寻呼区更新信令采用安全密钥加密。
非激活态的终端设备采用安全密钥向GNB2发送基于RAN的寻呼区更新信令,还通过发送MAC-I保证数据的完整性保护,能够有效提高终端设备与GNB2之间数据传输的安全性。
607,GNB2通过GNB1获得安全密钥的信息。
具体参见上文关于步骤230的描述,这里不再赘述。
608,GNB2接收到终端设备发送的基于RAN的寻呼区更新信令后,获得该上下文信息。
具体地,GNB2可以采用图3或图4中所示的方法,获得该上下文信息。
例如,如果GNB2接收到终端设备发送的基于RAN的寻呼区更新信令后,发现本地没有该上下文信息,则向该终端设备上一次驻留的GNB1请求该上下文信息,如图3所示的步骤306与步骤307。
再例如,在GNB2接收到终端设备发送的基于RAN的寻呼区更新信令之前,已经收到GNB1发送的该上下文信息通知消息,如图4中所示的步骤403与步骤404。则在GNB2接收到终端设备发送的基于RAN的寻呼区更新信令后,就可以直接利用本地已经存储的该上下文信息处理该基于RAN的寻呼区更新信令了。
609,GNB2处理该基于RAN的寻呼区更新信令。
GNB2根据安全秘钥的信息解析该基于RAN的寻呼区更新信令。
610,GNB2向终端设备发送包括终端设备的标识的基于RAN的寻呼区更新响应。
在本实施中,终端设备可以一直保持在非激活态,基于该上下文信息,与GNB2进行数据传输。或者,终端设备也可以向GNB2发送RRC连接恢复请求,进入连接态,与GNB2进行数据传输。
在本实施例中,非激活态的终端设备可以向网络设备发送基于RAN的寻呼区更新信令,并采用安全密钥加密,能够提高信令传输的安全性。
上文结合图2至图6,描述了本申请实施例提供的通信方法,下面结合图7至图10描述本申请实施例提供的终端设备与网络设备。
图7为本申请实施例提供的终端设备700的示意性框图,终端设备700包括:
处理模块710,用于获得安全密钥,终端设备处于断开与第一网络设备的无线资源控制RRC连接,并且保留终端设备在第一网络设备的上下文信息的状态;
收发模块720,用于向第二网络设备发送第一消息,第一消息包括终端设备的标识,以及加密后的上行数据和/或信令,加密后的上行数据和/或信令是使用安全密钥加密的,第二网络设备不同于第一网络设备。
在本申请实施例中,非激活状态下的终端设备与网络设备进行通信时采用安全密钥加密,能够提高通信的安全性。
可选地,作为一个实施例,安全密钥包括上下文信息中保存的密钥。
可选地,作为一个实施例,安全密钥不同于终端设备与第一网络设备进行通信所采用的密钥。
可选地,作为一个实施例,处理模块710用于获得安全密钥,包括:
处理模块710用于,根据第二网络设备的标识信息获得安全密钥,第二网络设备的标识信息包括第二网络设备的小区信息和/或第二网络设备的频率信息。
可选地,作为一个实施例,收发模块720还用于,获得第一网络设备为终端设备配置的安全信息;
处理模块710用于获得安全密钥,包括:
处理模块710用于,根据安全信息与第二网络设备的标识信息,获得安全密钥,第二网络设备的标识信息包括第二网络设备的小区信息和/或第二网络设备的频率信息;或
处理模块710用于,根据安全信息与第一网络设备的标识信息,获得安全密钥,其中,第一网络设备的标识信息包括第一网络设备的小区信息和/或第一网络设备的频率信息。
可选地,作为一个实施例,处理模块710还用于,使用下列信息中的任一种获得安全密钥:
上下文信息中携带的计数器的值,
从第一网络设备获得的计数器的值,
第一网络设备的系统消息中携带的计数器的值,
系统预定义的计数器的值。
可选地,作为一个实施例,第一消息包括上行数据,处理模块710还用于,在终端设备移动到第二网络设备的小区后,获得第二网络设备的系统消息,系统消息包括至少一种业务对应的用户面的预配置参数信息;根据预配置参数信息对应的业务,确定上行数据。
可选地,作为一个实施例,第一消息是通过用户面数据包发送的。
可选地,作为一个实施例,第一消息还包括第一网络设备的标识信息,以便于第二网络设备通过第一网络设备将上行数据和/或信令发送至核心网,其中,第一网络设备的标识信息包括第一网络设备的小区信息和/或第一网络设备的设备信息,信令为非接入层信令。
可选地,作为一个实施例,收发模块720还用于,接收第二网络设备发送的响应消息,响应消息包括以下信息中的至少一种:
终端设备的标识,是否更新上下文信息的指示信息,是否进入RRC连接态的指示信息,
是否保持在非激活态的指示信息,新的安全信息,无线接入网络区域的更新信息。
应理解,本申请实施例中的处理模块710可以由处理器或处理器相关电路组件实现,收发模块720可以由收发器或收发器相关电路组件实现。
如图8所示,本申请实施例还提供一种终端设备800,该终端设备800包括处理器810,存储器820与收发器830,其中,存储器820中存储指令或程序,处理器810用于执行存储器820中存储的指令或程序。存储器820中存储的指令或程序被执行时,该处理器810用于执行上述实施例中处理模块710执行的操作,收发器830用于执行上述实施例中收发模块720执行的操作。
在本申请实施例中,非激活状态下的终端设备与网络设备进行通信时采用安全密钥加密,能够提高通信的安全性。
图9为本申请实施例提供的网络设备900的示意性流程图,该网络设备900包括:
收发模块910,用于接收终端设备发送的第一消息,第一消息包括终端设备的标识,以及加密后的上行数据和/或信令,加密后的上行数据和/或信令是使用安全密钥加密的,终端设备处于断开与第一网络设备的无线资源控制RRC连接,并且保留终端设备在第一网络设备的上下文信息的状态,第一网络设备不同于网络设备;
处理模块920,用于通过第一网络设备获得安全密钥的信息;
处理模块920还用于,根据安全密钥的信息,解析上行数据和/或信令。
在本申请实施例中,非激活状态下的终端设备与网络设备进行通信时采用安全密钥加密,能够提高通信的安全性。
可选地,作为一个实施例,安全密钥包括上下文信息中保存的密钥。
可选地,作为一个实施例,安全密钥不同于终端设备与第一网络设备进行通信所采用的密钥。
可选地,作为一个实施例,安全密钥是根据网络设备的标识信息确定的,网络设备的标识信息包括网络设备的小区信息和/或网络设备的频率信息。
可选地,作为一个实施例,安全密钥是根据网络设备的标识信息与第一网络设备为终 端设备配置的安全信息确定的,网络设备的标识信息包括网络设备的小区信息和/或网络设备的频率信息;或
安全密钥是根据第一网络设备的标识信息与安全信息确定的,第一网络设备的标识信息包括第一网络设备的小区信息和/或第一网络设备的频率信息。
可选地,作为一个实施例,确定安全密钥的信息还包括下列信息中的任一种:
上下文信息中保存的计数器的值,
终端设备从第一网络设备获得的计数器的值,
第一网络设备的系统消息中携带的计数器的值,
系统预定义的计数器的值。
可选地,作为一个实施例,第一消息包括上行数据,网络设备的系统消息包括至少一种业务对应的用户面的预配置参数信息,以便于终端设备根据预配置参数信息对应的业务确定上行数据。
可选地,作为一个实施例,第一消息是通过用户面数据包发送的。
可选地,作为一个实施例,第一消息还包括第一网络设备的标识信息,第一网络设备的标识信息包括第一网络设备的小区信息和/或第一网络设备的设备信息;
收发模块910还用于,根据第一网络设备的标识信息,向第一网络设备发送上行数据和/或信令,以使得第一网络设备将上行数据和/或信令发送至核心网,信令为非接入层信令。
可选地,作为一个实施例,第一消息中包括上行数据;
处理模块920还用于,获得上下文信息;网络设备根据上下文信息,与核心网建立通信路径;
收发模块910还用于,根据通信路径,向核心网发送上行数据。
可选地,作为一个实施例,处理模块920还用于,获得上下文信息:
处理模块920用于,通过第一网络设备发送的上下文信息通知获得上下文信息,或
处理模块920用于,向第一网络设备请求上下文信息。
可选地,作为一个实施例,处理模块920还用于,从核心网获得新的下一跳链式计数器NCC信息;
收发模块910还用于,向终端设备发送新的NCC,用于指示终端设备利用新的NCC确定新的安全密钥,并利用新的安全密钥加密下一次发送的上行数据。
可选地,作为一个实施例,处理模块920还用于,根据下列至少一种信息确定是否需要更新上下文信息:
终端设备的上行数据的大小,终端设备的上行数据的发送频率,网络设备的负荷,网络设备的用户连接数,终端设备的上行业务信息。
可选地,作为一个实施例,收发模块910还用于,针对第一消息,向终端设备发送响应消息,响应消息包括以下信息中的至少一种:
终端设备的标识,是否更新上下文信息的指示信息,是否进入RRC连接态的指示信息,是否保持在非激活态的指示信息,新的安全信息,无线接入网络区域的更新信息。
应理解,本申请实施例中的处理模块920可以由处理器或处理器相关电路组件实现,收发模块910可以由收发器或收发器相关电路组件实现。
如图10所示,本申请实施例还提供一种网络设备1000,该网络设备1000包括处理器1010,存储器1020与收发器1030,其中,存储器1020中存储指令或程序,处理器1010用于执行存储器1020中存储的指令或程序。存储器1020中存储的指令或程序被执行时,该处理器1010用于执行上述实施例中处理模块920执行的操作,收发器1030用于执行上述实施例中收发模块910执行的操作。
在本申请实施例中,非激活状态下的终端设备与网络设备进行通信时采用安全密钥加密,能够提高通信的安全性。
本申请实施例还提供一种通信装置,该通信装置可以是终端设备也可以是电路。该通信装置可以用于执行上述方法实施例中由终端设备所执行的动作。
当该通信装置为终端设备时,图11示出了一种简化的终端设备的结构示意图。便于理解和图示方便,图11中,终端设备以手机作为例子。如图11所示,终端设备包括处理器、存储器、射频电路、天线以及输入输出装置。处理器主要用于对通信协议以及通信数据进行处理,以及对终端设备进行控制,执行软件程序,处理软件程序的数据等。存储器主要用于存储软件程序和数据。射频电路主要用于基带信号与射频信号的转换以及对射频信号的处理。天线主要用于收发电磁波形式的射频信号。输入输出装置,例如触摸屏、显示屏,键盘等主要用于接收用户输入的数据以及对用户输出数据。需要说明的是,有些种类的终端设备可以不具有输入输出装置。
当需要发送数据时,处理器对待发送的数据进行基带处理后,输出基带信号至射频电路,射频电路将基带信号进行射频处理后将射频信号通过天线以电磁波的形式向外发送。当有数据发送到终端设备时,射频电路通过天线接收到射频信号,将射频信号转换为基带信号,并将基带信号输出至处理器,处理器将基带信号转换为数据并对该数据进行处理。为便于说明,图11中仅示出了一个存储器和处理器。在实际的终端设备产品中,可以存在一个或多个处理器和一个或多个存储器。存储器也可以称为存储介质或者存储设备等。存储器可以是独立于处理器设置,也可以是与处理器集成在一起,本申请实施例对此不做限制。
在本申请实施例中,可以将具有收发功能的天线和射频电路视为终端设备的收发单元,将具有处理功能的处理器视为终端设备的处理单元。如图11所示,终端设备包括收发单元1110和处理单元1120。收发单元也可以称为收发器、收发机、收发装置等。处理单元也可以称为处理器,处理单板,处理模块、处理装置等。可选的,可以将收发单元1110中用于实现接收功能的器件视为接收单元,将收发单元1110中用于实现发送功能的器件视为发送单元,即收发单元1110包括接收单元和发送单元。收发单元有时也可以称为收发机、收发器、或收发电路等。接收单元有时也可以称为接收机、接收器、或接收电路等。发送单元有时也可以称为发射机、发射器或者发射电路等。
应理解,收发单元1110用于执行上述方法实施例中终端设备侧的发送操作和接收操作,处理单元1120用于执行上述方法实施例中终端设备上除了收发操作之外的其他操作。
例如,在一种实现方式中,收发单元1110用于执行图2中的步骤220中终端设备侧的发送操作,和/或收发单元1110还用于执行本申请实施例中终端设备侧的其他收发步骤。处理单元1120,用于执行图2中的步骤210,和/或处理单元1120还用于执行本申请实施例中终端设备侧的其他处理步骤。
再例如,在另一种实现方式中,收发单元1110用于执行图3中步骤301与步骤312中终端设备侧的接收操作或步骤305中终端设备侧的发送操作,和/或收发单元1120还用于执行本申请实施例中终端设备侧的其他收发步骤。处理单元1120用于执行图3中的步骤302、步骤303、与步骤304,和/或处理单元1120还用于执行本申请实施例中终端设备侧的其他处理步骤。
又例如,在再一种实现方式中,收发单元1110用于执行图4中步骤401和步骤412中终端设备侧的接收操作或步骤407与步骤414中终端设备侧的发送操作,和/或收发单元1110还用于执行本申请实施例中终端设备侧的其他收发步骤。处理单元1120,用于执行图4中的步骤402、步骤405、步骤406和步骤413,和/或处理单元1120还用于执行本申请实施例中终端设备侧的其他处理步骤。
又例如,在再一种实现方式中,收发单元1110用于执行图5中步骤501中终端设备侧的接收操作或步骤505中终端设备侧的发送操作,和/或收发单元1110还用于执行本申请实施例中终端设备侧的其他收发步骤。处理单元1120,用于执行图5中的步骤502、步骤503和步骤504,和/或处理单元1120还用于执行本申请实施例中终端设备侧的其他处理步骤。
又例如,在再一种实现方式中,收发单元1110用于执行图6中步骤601和步骤610中终端设备侧的接收操作或步骤606中终端设备侧的发送操作,和/或收发单元1110还用于执行本申请实施例中终端设备侧的其他收发步骤。处理单元1120,用于执行图6中的步骤602、步骤603、步骤604和步骤605,和/或处理单元1120还用于执行本申请实施例中终端设备侧的其他处理步骤。
当该通信装置为芯片时,该芯片包括收发单元和处理单元。其中,收发单元可以是输入输出电路、通信接口;处理单元为该芯片上集成的处理器或者微处理器或者集成电路。
应理解,本申请实施例中提及的处理器可以是中央处理单元(Central Processing Unit,CPU),还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现成可编程门阵列(Field Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。
还应理解,本申请实施例中提及的存储器可以是易失性存储器或非易失性存储器,或可包括易失性和非易失性存储器两者。其中,非易失性存储器可以是只读存储器(Read-Only Memory,ROM)、可编程只读存储器(Programmable ROM,PROM)、可擦除可编程只读存储器(Erasable PROM,EPROM)、电可擦除可编程只读存储器(Electrically EPROM,EEPROM)或闪存。易失性存储器可以是随机存取存储器(Random Access Memory,RAM),其用作外部高速缓存。通过示例性但不是限制性说明,许多形式的RAM可用,例如静态随机存取存储器(Static RAM,SRAM)、动态随机存取存储器(Dynamic RAM,DRAM)、同步动态随机存取存储器(Synchronous DRAM,SDRAM)、双倍数据速率同步动态随机存取存储器(Double Data Rate SDRAM,DDR SDRAM)、增强型同步动态随机存取存储器(Enhanced SDRAM,ESDRAM)、同步连接动态随机存取 存储器(Synchlink DRAM,SLDRAM)和直接内存总线随机存取存储器(Direct Rambus RAM,DR RAM)。
需要说明的是,当处理器为通用处理器、DSP、ASIC、FPGA或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件时,存储器(存储模块)集成在处理器中。
应注意,本文描述的存储器旨在包括但不限于这些和任意其它适合类型的存储器。
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统、装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。
在本申请所提供的几个实施例中,应该理解到,所揭露的系统、装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。
所述功能如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。
以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应所述以权利要求的保护范围为准。

Claims (50)

  1. 一种通信方法,其特征在于,包括:
    终端设备获得安全密钥,所述终端设备处于断开与第一网络设备的无线资源控制RRC连接,并且保留所述终端设备在所述第一网络设备的上下文信息的状态;
    所述终端设备向第二网络设备发送第一消息,所述第一消息包括所述终端设备的标识,以及加密后的上行数据和/或信令,所述加密后的上行数据和/或信令是使用所述安全密钥加密的,所述第二网络设备不同于所述第一网络设备。
  2. 根据权利要求1所述的通信方法,其特征在于,所述安全密钥包括所述上下文信息中保存的密钥。
  3. 根据权利要求1所述的通信方法,其特征在于,所述安全密钥不同于所述终端设备与所述第一网络设备进行通信所采用的密钥。
  4. 根据权利要求3所述的通信方法,其特征在于,所述终端设备获得安全密钥,包括:
    所述终端设备根据所述第二网络设备的标识信息获得所述安全密钥,所述第二网络设备的标识信息包括所述第二网络设备的小区信息和/或所述第二网络设备的频率信息。
  5. 根据权利要求3所述的通信方法,其特征在于,所述通信方法还包括:所述终端设备获得所述第一网络设备为所述终端设备配置的安全信息;
    所述终端设备获得安全密钥,包括:
    所述终端设备根据所述安全信息与所述第二网络设备的标识信息,获得所述安全密钥,所述第二网络设备的标识信息包括所述第二网络设备的小区信息和/或所述第二网络设备的频率信息;或
    所述终端设备根据所述安全信息与所述第一网络设备的标识信息,获得所述安全密钥,其中,所述第一网络设备的标识信息包括所述第一网络设备的小区信息和/或所述第一网络设备的频率信息。
  6. 根据权利要求4或5所述的通信方法,其特征在于,所述终端设备获得安全密钥,包括:所述终端设备还使用下列信息中的任一种获得所述安全密钥:
    所述上下文信息中携带的计数器的值,
    从所述第一网络设备获得的计数器的值,
    所述第一网络设备的系统消息中携带的计数器的值,
    系统预定义的计数器的值。
  7. 根据权利要求1至6中任一项所述的通信方法,其特征在于,所述第一消息包括所述上行数据,所述通信方法还包括:
    所述终端设备移动到所述第二网络设备的小区后,获得所述第二网络设备的系统消息,所述系统消息包括至少一种业务对应的用户面的预配置参数信息;
    所述终端设备根据所述预配置参数信息对应的业务,确定所述上行数据。
  8. 根据权利要求7所述的通信方法,其特征在于,所述第一消息是通过用户面数据包发送的。
  9. 根据权利要求1至8中任一项所述的通信方法,其特征在于,所述第一消息中还包括所述第一网络设备的标识信息,以便于所述第二网络设备通过所述第一网络设备将所述上行数据和/或所述信令发送至所述核心网,其中,所述第一网络设备的标识信息包括所述第一网络设备的小区信息和/或所述第一网络设备的设备信息,所述信令为非接入层信令。
  10. 根据权利要求1至9中任一项所述的通信方法,其特征在于,所述通信方法还包括:所述终端设备接收所述第二网络设备发送的响应消息,所述响应消息包括以下信息中的至少一种:
    所述终端设备的标识,
    是否更新所述上下文信息的指示信息,
    是否进入RRC连接态的指示信息,
    是否保持在非激活态的指示信息,
    新的安全信息,
    无线接入网络区域的更新信息,
    进入RRC连接态的指示信息,
    保持在非激活态的指示信息,
    进入RRC空闲态的指示信息。
  11. 一种通信方法,其特征在于,包括:
    第二网络设备接收终端设备发送的第一消息,所述第一消息包括所述终端设备的标识,以及加密后的上行数据和/或信令,所述加密后的上行数据和/或信令是使用安全密钥加密的,所述终端设备处于断开与第一网络设备的无线资源控制RRC连接,并且保留所述终端设备在所述第一网络设备的上下文信息的状态,所述第一网络设备不同于所述第二网络设备;
    所述第二网络设备通过所述第一网络设备获得所述安全密钥的信息;
    所述第二网络设备根据所述安全密钥的信息,解析所述上行数据和/或信令。
  12. 根据权利要求11所述的通信方法,其特征在于,所述安全密钥包括所述上下文信息中保存的密钥。
  13. 根据权利要求11所述的通信方法,其特征在于,所述安全密钥不同于所述终端设备与所述第一网络设备进行通信所采用的密钥。
  14. 根据权利要求13所述的通信方法,其特征在于,所述安全密钥是根据所述第二网络设备的标识信息确定的,所述第二网络设备的标识信息包括所述第二网络设备的小区信息和/或所述第二网络设备的频率信息。
  15. 根据权利要求13所述的通信方法,其特征在于,所述安全密钥是根据所述第二网络设备的标识信息与所述第一网络设备为所述终端设备配置的安全信息确定的,所述第二网络设备的标识信息包括所述第二网络设备的小区信息和/或所述第二网络设备的频率信息;或
    所述安全密钥是根据所述第一网络设备的标识信息与所述安全信息确定的,所述第一网络设备的标识信息包括所述第一网络设备的小区信息和/或所述第一网络设备的频率信息。
  16. 根据权利要求15所述的通信方法,其特征在于,确定所述安全密钥的信息还包括下列信息中的任一种:所述上下文信息中保存的计数器的值,所述终端设备从所述第一网络设备获得的计数器的值,所述第一网络设备的系统消息中携带的计数器的值,系统预定义的计数器的值。
  17. 根据权利要求11至16中任一项所述的通信方法,其特征在于,所述第一消息包括所述上行数据,所述第二网络设备的系统消息包括至少一种业务对应的用户面的预配置参数信息,以便于所述终端设备根据所述预配置参数信息对应的业务确定所述上行数据。
  18. 根据权利要求17所述的通信方法,其特征在于,所述第一消息是通过用户面数据包发送的。
  19. 根据权利要求11至18中任一项所述的通信方法,其特征在于,所述第一消息还包括所述第一网络设备的标识信息,所述第一网络设备的标识信息包括所述第一网络设备的小区信息和/或所述第一网络设备的设备信息;
    所述通信方法还包括:
    所述第二网络设备根据所述第一网络设备的标识信息,向所述第一网络设备发送所述上行数据和/或所述信令,以使得所述第一网络设备将所述上行数据发送至核心网,所述信令为非接入层信令。
  20. 根据权利要求11至18中任一项所述的通信方法,其特征在于,所述第一消息中包括所述上行数据,所述通信方法还包括:
    所述第二网络设备获得所述上下文信息;
    所述第二网络设备根据所述上下文信息,与所述核心网建立通信路径;
    所述第二网络设备根据所述通信路径,向所述核心网发送所述上行数据。
  21. 根据权利要求20所述的通信方法,其特征在于,所述第二网络设备获得所述上下文信息,包括:
    所述第二网络设备根据所述第一网络设备发送的所述上下文信息通知消息,获得所述上下文信息;或
    所述第二网络设备向所述第一网络设备请求所述上下文信息。
  22. 根据权利要求20或21所述的通信方法,其特征在于,所述通信方法还包括:
    所述第二网络设备从所述核心网获得新的下一跳链式计数器NCC信息;
    所述第二网络设备向所述终端设备发送所述新的NCC,用于指示所述终端设备利用所述新的NCC确定新的安全密钥,并利用所述新的安全密钥加密下一次发送的上行数据。
  23. 根据权利要求11至22中任一项所述的通信方法,其特征在于,所述通信方法还包括:
    所述第二网络设备根据下列至少一种信息确定是否需要更新所述上下文信息:
    所述终端设备的上行数据的大小,
    所述终端设备的上行数据的发送频率,
    所述第二网络设备的负荷,
    所述第二网络设备的用户连接数,
    所述终端设备的上行业务信息。
  24. 根据权利要求11至23中任一项所述的通信方法,其特征在于,所述通信方法还 包括:
    所述第二网络设备针对所述第一消息,向所述终端设备发送响应消息,所述响应消息包括以下信息中的至少一种:
    所述终端设备的标识,
    是否更新所述上下文信息的指示信息,
    是否进入RRC连接态的指示信息,
    是否保持在非激活态的指示信息,
    新的安全信息,
    无线接入网络区域的更新信息,
    进入RRC连接态的指示信息,
    保持在非激活态的指示信息,
    进入RRC空闲态的指示信息。
  25. 一种终端设备,其特征在于,包括:
    处理模块,用于获得安全密钥,所述终端设备处于断开与第一网络设备的无线资源控制RRC连接,并且保留所述终端设备在所述第一网络设备的上下文信息的状态;
    收发模块,用于向第二网络设备发送第一消息,所述第一消息包括所述终端设备的标识,以及加密后的上行数据和/或信令,所述加密后的上行数据和/或信令是使用所述安全密钥加密的,所述第二网络设备不同于所述第一网络设备。
  26. 根据权利要求25所述的终端设备,其特征在于,所述安全密钥包括所述上下文信息中保存的密钥。
  27. 根据权利要求25所述的终端设备,其特征在于,所述安全密钥不同于所述终端设备与所述第一网络设备进行通信所采用的密钥。
  28. 根据权利要求27所述的终端设备,其特征在于,所述处理模块用于获得安全密钥,包括:
    所述处理模块用于,根据所述第二网络设备的标识信息获得所述安全密钥,所述第二网络设备的标识信息包括所述第二网络设备的小区信息和/或所述第二网络设备的频率信息。
  29. 根据权利要求27所述的终端设备,其特征在于,所述收发模块还用于,获得所述第一网络设备为所述终端设备配置的安全信息;
    所述处理模块用于获得安全密钥,包括:
    所述处理模块用于,根据所述安全信息与所述第二网络设备的标识信息,获得所述安全密钥,所述第二网络设备的标识信息包括所述第二网络设备的小区信息和/或所述第二网络设备的频率信息;或
    所述处理模块用于,根据所述安全信息与所述第一网络设备的标识信息,获得所述安全密钥,其中,所述第一网络设备的标识信息包括所述第一网络设备的小区信息和/或所述第一网络设备的频率信息。
  30. 根据权利要求28或29所述的终端设备,其特征在于,所述处理模块还用于,使用下列信息中的任一种获得所述安全密钥:
    所述上下文信息中携带的计数器的值,
    从所述第一网络设备获得的计数器的值,
    所述第一网络设备的系统消息中携带的计数器的值,
    系统预定义的计数器的值。
  31. 根据权利要求25至30中任一项所述的终端设备,其特征在于,所述第一消息包括所述上行数据,所述处理模块还用于,在所述终端设备移动到所述第二网络设备的小区后,获得所述第二网络设备的系统消息,所述系统消息包括至少一种业务对应的用户面的预配置参数信息;根据所述预配置参数信息对应的业务,确定所述上行数据。
  32. 根据权利要求31所述的终端设备,其特征在于,所述第一消息是通过用户面数据包发送的。
  33. 根据权利要求25至32中任一项所述的终端设备,其特征在于,所述第一消息还包括所述第一网络设备的标识信息,以便于所述第二网络设备通过所述第一网络设备将所述上行数据和/或所述信令发送至所述核心网,其中,所述第一网络设备的标识信息包括所述第一网络设备的小区信息和/或所述第一网络设备的设备信息,所述信令为非接入层信令。
  34. 根据权利要求25至33中任一项所述的终端设备,其特征在于,所述收发模块还用于,接收所述第二网络设备发送的响应消息,所述响应消息包括以下信息中的至少一种:
    所述终端设备的标识,
    是否更新所述上下文信息的指示信息,
    是否进入RRC连接态的指示信息,
    是否保持在非激活态的指示信息,
    新的安全信息,
    无线接入网络区域的更新信息,
    进入RRC连接态的指示信息,
    保持在非激活态的指示信息,
    进入RRC空闲态的指示信息。
  35. 一种网络设备,其特征在于,包括:
    收发模块,用于接收终端设备发送的第一消息,所述第一消息包括所述终端设备的标识,以及加密后的上行数据和/或信令,所述加密后的上行数据和/或信令是使用安全密钥加密的,所述终端设备处于断开与第一网络设备的无线资源控制RRC连接,并且保留所述终端设备在所述第一网络设备的上下文信息的状态,所述第一网络设备不同于所述网络设备;
    处理模块,用于通过所述第一网络设备获得所述安全密钥的信息;
    所述处理模块还用于,根据所述安全密钥的信息,解析所述上行数据和/或信令。
  36. 根据权利要求35所述的网络设备,其特征在于,所述安全密钥包括所述上下文信息中保存的密钥。
  37. 根据权利要求35所述的网络设备,其特征在于,所述安全密钥不同于所述终端设备与所述第一网络设备进行通信所采用的密钥。
  38. 根据权利要求37所述的网络设备,其特征在于,所述安全密钥是根据所述网络设备的标识信息确定的,所述网络设备的标识信息包括所述网络设备的小区信息和/或所 述网络设备的频率信息。
  39. 根据权利要求37所述的网络设备,其特征在于,所述安全密钥是根据所述网络设备的标识信息与所述第一网络设备为所述终端设备配置的安全信息确定的,所述网络设备的标识信息包括所述网络设备的小区信息和/或所述网络设备的频率信息;或
    所述安全密钥是根据所述第一网络设备的标识信息与所述安全信息确定的,所述第一网络设备的标识信息包括所述第一网络设备的小区信息和/或所述第一网络设备的频率信息。
  40. 根据权利要求39所述的网络设备,其特征在于,确定所述安全密钥的信息还包括下列信息中的任一种:
    所述上下文信息中保存的计数器的值,
    所述终端设备从所述第一网络设备获得的计数器的值,
    所述第一网络设备的系统消息中携带的计数器的值,
    系统预定义的计数器的值。
  41. 根据权利要求35至40中任一项所述的网络设备,其特征在于,所述第一消息包括所述上行数据,所述网络设备的系统消息包括至少一种业务对应的用户面的预配置参数信息,以便于所述终端设备根据所述预配置参数信息对应的业务确定所述上行数据。
  42. 根据权利要求41所述的网络设备,其特征在于,所述第一消息是通过用户面数据包发送的。
  43. 根据权利要求35至42中任一项所述的网络设备,其特征在于,所述第一消息还包括所述第一网络设备的标识信息,所述第一网络设备的标识信息包括所述第一网络设备的小区信息和/或所述第一网络设备的设备信息;
    所述收发模块还用于,根据所述第一网络设备的标识信息,向所述第一网络设备发送所述上行数据和/或所述信令,以使得所述第一网络设备将所述上行数据和/或所述信令发送至核心网,所述信令为非接入层信令。
  44. 根据权利要求35至42中任一项所述的网络设备,其特征在于,所述第一消息中包括所述上行数据;
    所述处理模块还用于,获得所述上下文信息;所述网络设备根据所述上下文信息,与所述核心网建立通信路径;
    所述收发模块还用于,根据所述通信路径,向所述核心网发送所述上行数据。
  45. 根据权利要求44所述的网络设备,其特征在于,所述处理模块还用于,获得所述上下文信息:
    所述处理模块用于,通过所述第一网络设备发送的所述上下文信息通知获得所述上下文信息,或
    所述处理模块用于,向所述第一网络设备请求所述上下文信息。
  46. 根据权利要求44或45所述的网络设备,其特征在于,所述处理模块还用于,从所述核心网获得新的下一跳链式计数器NCC信息;
    所述收发模块还用于,向所述终端设备发送所述新的NCC,用于指示所述终端设备利用所述新的NCC确定新的安全密钥,并利用所述新的安全密钥加密下一次发送的上行数据。
  47. 根据权利要求35至46中任一项所述的网络设备,其特征在于,所述处理模块还用于,根据下列至少一种信息确定是否需要更新所述上下文信息:
    所述终端设备的上行数据的大小,
    所述终端设备的上行数据的发送频率,
    所述网络设备的负荷,
    所述网络设备的用户连接数,
    所述终端设备的上行业务信息。
  48. 根据权利要求35至47中任一项所述的网络设备,其特征在于,所述收发模块还用于,针对所述第一消息,向所述终端设备发送响应消息,所述响应消息包括以下信息中的至少一种:
    所述终端设备的标识,
    是否更新所述上下文信息的指示信息,
    是否进入RRC连接态的指示信息,
    是否保持在非激活态的指示信息,
    新的安全信息,
    无线接入网络区域的更新信息,
    进入RRC连接态的指示信息,
    保持在非激活态的指示信息,
    进入RRC空闲态的指示信息。
  49. 一种计算机可读存储介质,其上存储有计算机程序,其特征在于,所述程序被处理器执行时实现如权利要求1至10中任一项所述的通信方法。
  50. 一种计算机可读存储介质,其上存储有计算机程序,其特征在于,所述程序被处理器执行时实现如权利要求11至24中任一项所述的通信方法。
PCT/CN2018/080129 2017-03-24 2018-03-23 通信方法与设备 WO2018171703A1 (zh)

Priority Applications (5)

Application Number Priority Date Filing Date Title
MX2019011218A MX2019011218A (es) 2017-03-24 2018-03-23 Metodo y dispositivo de comunicacion.
EP18771326.8A EP3576443B1 (en) 2017-03-24 2018-03-23 Communication method and device
KR1020197026893A KR20190117653A (ko) 2017-03-24 2018-03-23 통신 방법 및 기기
EP20195014.4A EP3813400A1 (en) 2017-03-24 2018-03-23 Communication method and device
US16/579,368 US11304054B2 (en) 2017-03-24 2019-09-23 Communication method and device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710186514.4 2017-03-24
CN201710186514.4A CN108632815B (zh) 2017-03-24 2017-03-24 通信方法与设备

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US16/579,368 Continuation US11304054B2 (en) 2017-03-24 2019-09-23 Communication method and device

Publications (1)

Publication Number Publication Date
WO2018171703A1 true WO2018171703A1 (zh) 2018-09-27

Family

ID=63584134

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/080129 WO2018171703A1 (zh) 2017-03-24 2018-03-23 通信方法与设备

Country Status (6)

Country Link
US (1) US11304054B2 (zh)
EP (2) EP3813400A1 (zh)
KR (1) KR20190117653A (zh)
CN (2) CN111182539B (zh)
MX (1) MX2019011218A (zh)
WO (1) WO2018171703A1 (zh)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113489639A (zh) * 2021-06-16 2021-10-08 杭州深渡科技有限公司 一种网关多接口的数据通信方法和系统

Families Citing this family (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114071459A (zh) * 2017-10-31 2022-02-18 华为技术有限公司 一种rrc连接恢复方法及装置
CN112514522A (zh) 2018-05-07 2021-03-16 瑞典爱立信有限公司 用于恢复时挂起不活动和挂起时恢复不活动的方法
EP3836620A4 (en) * 2018-09-19 2021-09-15 Guangdong Oppo Mobile Telecommunications Corp., Ltd. DATA TRANSMISSION PROCESS AND DEVICE, AND STORAGE MEDIA
WO2020087327A1 (zh) * 2018-10-31 2020-05-07 Oppo广东移动通信有限公司 通信方法和设备
CN111356134B (zh) * 2018-12-20 2022-07-22 华为技术有限公司 通信方法和装置
CN111385830B (zh) * 2018-12-29 2022-07-22 华为技术有限公司 通信方法和装置
CN111479335A (zh) * 2019-01-24 2020-07-31 华为技术有限公司 一种数据传输的方法和通信装置
CN111526559B (zh) * 2019-02-02 2022-05-10 华为技术有限公司 一种通信方法及装置
CN112806061B (zh) * 2019-03-29 2023-11-03 Oppo广东移动通信有限公司 一种切换处理方法、用户设备及网络设备
CN114727290A (zh) 2019-04-28 2022-07-08 华为技术有限公司 通信方法及其装置
CN112423272A (zh) * 2019-08-05 2021-02-26 华为技术有限公司 数据传输的方法和装置
WO2021022515A1 (zh) * 2019-08-07 2021-02-11 华为技术有限公司 一种通信的方法、装置及系统
WO2021035711A1 (zh) * 2019-08-30 2021-03-04 华为技术有限公司 一种数据传输方法和装置
CN110856276B (zh) * 2019-11-15 2022-03-22 展讯通信(上海)有限公司 非连接态ue的数据传输、接收方法及装置、终端、基站
CN113498221B (zh) * 2020-04-02 2024-04-26 大唐移动通信设备有限公司 非激活态ue进行状态转换方法和用户终端及网络侧设备
WO2021203439A1 (zh) * 2020-04-10 2021-10-14 Oppo广东移动通信有限公司 数据传输方法、终端设备和网络设备
EP4152818A4 (en) * 2020-05-11 2024-01-17 Beijing Xiaomi Mobile Software Co., Ltd. BASE STATION SWITCHING METHOD AND APPARATUS, COMMUNICATION DEVICE AND STORAGE MEDIUM
CN113676995A (zh) * 2020-05-14 2021-11-19 维沃移动通信有限公司 终呼处理方法及装置、终端设备和网络设备
CN114071800B (zh) * 2020-07-27 2024-04-12 上海华为技术有限公司 一种数据传输方法以及相关设备
WO2022036611A1 (zh) * 2020-08-19 2022-02-24 华为技术有限公司 一种数据传输方法及通信装置
WO2022082667A1 (zh) * 2020-10-22 2022-04-28 华为技术有限公司 一种数据安全传输的方法及装置
WO2022133682A1 (zh) * 2020-12-21 2022-06-30 Oppo广东移动通信有限公司 数据传输方法、终端设备和网络设备
CN114760712A (zh) * 2021-01-08 2022-07-15 大唐移动通信设备有限公司 数据发送处理方法、装置及处理器可读存储介质
WO2022160315A1 (zh) * 2021-01-30 2022-08-04 华为技术有限公司 通信方法及装置
CN115460579A (zh) * 2021-06-09 2022-12-09 维沃移动通信有限公司 密钥材料的处理方法、获取方法、信息传输方法及设备
CN116939505A (zh) * 2022-03-29 2023-10-24 华为技术有限公司 一种通信方法及装置
CN117675235A (zh) * 2022-08-22 2024-03-08 中国移动通信有限公司研究院 一种保密通信处理方法、第一终端及存储介质

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1964259A (zh) * 2005-11-07 2007-05-16 华为技术有限公司 一种切换过程中的密钥管理方法
CN101820622A (zh) * 2010-02-05 2010-09-01 中兴通讯股份有限公司 线通信系统中管理空口映射密钥的方法和系统

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101155411A (zh) * 2006-09-27 2008-04-02 华为技术有限公司 组播广播业务的使用控制方法及其系统
CN101166177B (zh) * 2006-10-18 2010-09-22 大唐移动通信设备有限公司 一种非接入层初始信令传送的方法及系统
CN101299666A (zh) 2008-06-16 2008-11-05 中兴通讯股份有限公司 密钥身份标识符的生成方法和系统
CN110086764B (zh) * 2013-09-11 2022-04-05 三星电子株式会社 用于使能用于enb间的传输的安全通信的方法和系统
EP3295709A4 (en) * 2015-05-13 2018-12-05 Nokia Solutions and Networks Oy Cell reselection control mechanism in multi-connectivity communication mode
CN106507486B (zh) * 2015-09-08 2020-04-28 华为技术有限公司 用于上行数据传输的方法、网络设备和终端设备
CN110383868B (zh) * 2017-01-05 2023-10-20 诺基亚技术有限公司 无线通信系统中的非活动状态安全支持
US10531388B2 (en) * 2017-02-06 2020-01-07 Qualcomm Incorporated Data transmission in inactive state
US20180234839A1 (en) * 2017-02-13 2018-08-16 Futurewei Technologies, Inc. System and Method for User Equipment Identification and Communications
KR102222830B1 (ko) * 2017-03-21 2021-03-04 삼성전자 주식회사 이동통신에서 연결 모드의 비연속 수신 모드를 지원하는 방법 및 장치

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1964259A (zh) * 2005-11-07 2007-05-16 华为技术有限公司 一种切换过程中的密钥管理方法
CN101820622A (zh) * 2010-02-05 2010-09-01 中兴通讯股份有限公司 线通信系统中管理空口映射密钥的方法和系统

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
NOKIA: "Discussion on LS R2-1700656 on small data transmission", 3GPP S3-170113, 10 February 2017 (2017-02-10), XP051217480 *
See also references of EP3576443A4

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113489639A (zh) * 2021-06-16 2021-10-08 杭州深渡科技有限公司 一种网关多接口的数据通信方法和系统
CN113489639B (zh) * 2021-06-16 2022-12-02 杭州深渡科技有限公司 一种网关多接口的数据通信方法和系统

Also Published As

Publication number Publication date
EP3576443B1 (en) 2020-10-14
EP3576443A4 (en) 2019-12-04
US11304054B2 (en) 2022-04-12
EP3813400A1 (en) 2021-04-28
US20200021978A1 (en) 2020-01-16
KR20190117653A (ko) 2019-10-16
EP3576443A1 (en) 2019-12-04
CN111182539A (zh) 2020-05-19
CN108632815A (zh) 2018-10-09
CN111182539B (zh) 2023-04-07
MX2019011218A (es) 2019-11-01
CN108632815B (zh) 2020-02-21

Similar Documents

Publication Publication Date Title
WO2018171703A1 (zh) 通信方法与设备
US11653199B2 (en) Multi-RAT access stratum security
US20180343249A1 (en) Method and apparatus for authenticating ue between heterogeneous networks in wireless communication system
US8494163B2 (en) Encryption in a wireless telecommunications
AU2009233486A1 (en) Methods, apparatuses, and computer program products for providing multi-hop cryptographic separation for handovers
US20220330018A1 (en) Security Verification when Resuming an RRC Connection
EP3408984B1 (en) Key management for ciot
CN108632022B (zh) 一种秘钥更新方法、设备及计算机可读存储介质
WO2018083320A1 (en) Handover of a device which uses another device as relay
WO2018195971A1 (zh) 获取上下文配置信息的方法、终端设备和接入网设备
US20220377541A1 (en) Key Management Method and Communication Apparatus
CN108738084B (zh) 通信方法与设备
WO2022133764A1 (en) A method for key transfer
US20240155726A1 (en) Managing data communication in a distributed base station
US20240188164A1 (en) Managing radio connections during early data commuinication via a distributed base station
WO2023009781A1 (en) Managing radio functions in the inactive state
CN118044327A (zh) 在用户设备和核心网之间传送早期数据和非早期数据
JP2022553618A (ja) 無線通信方法及び端末装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18771326

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2018771326

Country of ref document: EP

Effective date: 20190828

ENP Entry into the national phase

Ref document number: 20197026893

Country of ref document: KR

Kind code of ref document: A

ENP Entry into the national phase

Ref document number: 2019552220

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE