WO2018192513A1 - Communication method and device - Google Patents

Abstract

Provided by the present application are a communication method and device, the communication method comprising: after a terminal device moves to a cell of a second network device, the terminal device determines a second encryption algorithm to be used when communicating with the second network device, the second encryption algorithm being an encryption algorithm supported by the second network device, the terminal device being in a state of saving the context information of the terminal device in a first network device and having cell re-selection mobility, and the first network device being different from the second network device; and the terminal device sends data encrypted by using the second encryption algorithm to the second network device, which may effectively avoid the problem of a network device newly accessed by the terminal device in an inactive state not being able to decrypt data sent by the terminal device.

Description

Communication method and device

The present application claims the priority of the Chinese Patent Application, the entire disclosure of which is hereby incorporated by reference.

Technical field

The present application relates to the field of communications and, more particularly, to a communication method and apparatus.

Background technique

The inactive state of the terminal device means that the terminal device disconnects the RRC connection with the Radio Access Network (RAN) device, but retains the state of the context information of the terminal device. In the inactive state, when the terminal device moves to the cell of the new RAN device, the uplink data may be sent to the new RAN device (which may also be referred to as the switched RAN device) based on the context of the previously reserved terminal device.

In the current technology, the encryption algorithm used by the terminal device to communicate with the new RAN device follows the encryption algorithm (referred to as the first encryption algorithm) used when the terminal device communicates with the previously-registered RAN device. However, the new RAN device does not necessarily support the first encryption algorithm, and if it is not supported, the data transmitted by the terminal device cannot be decrypted.

Summary of the invention

The present application provides a communication method and device, which can effectively avoid the problem that a network device newly accessed by a terminal device in an inactive state cannot decrypt data transmitted by the terminal device.

The first aspect provides a communication method, the communication method includes: after the terminal device moves to a cell of the second network device, the terminal device determines a second encryption algorithm, where the second encryption algorithm is the second network device The supported encryption algorithm, the terminal device is in a state of saving the context information of the terminal device in the first network device, and has a cell reselection mobility, the first network device being different from the second network device; The terminal device sends data encrypted by using the second encryption algorithm to the second network device.

The state in which the terminal device is located may be referred to as an inactive state. In other words, the terminal device is a terminal device that enters an inactive state. Specifically, the first network device may notify the terminal device to enter an inactive state by sending a Radio Resource Control (RRC) suspension message to the terminal device.

In the solution provided by the present application, the inactive terminal device sends the encrypted data to the new network device (ie, the second network device), and the encrypted data is encrypted using the new network device. Algorithm encrypted. In this way, it can be ensured that the data sent by the terminal device to the new network device can be decrypted by the new network device. Therefore, the solution provided by the present application can effectively avoid the problem that the network device newly accessed by the terminal device in the inactive state cannot decrypt the data sent by the terminal device, thereby improving the effectiveness of data transmission.

With reference to the first aspect, in a possible implementation manner of the first aspect, the determining, by the terminal device, the second encryption algorithm, includes: determining, by the terminal device, whether the second network device supports a first encryption algorithm, The first encryption algorithm is an encryption algorithm configured by the first network device for the terminal device; when the second network device supports the first encryption algorithm, the terminal device determines the first encryption algorithm as The second encryption algorithm.

Optionally, the first encryption algorithm is an encryption algorithm configured by the first network device for the terminal device to use when communicating with the first network device.

Optionally, the first encryption algorithm is an encryption algorithm configured by the first network device for the terminal device to be used in the state (ie, an inactive state).

Specifically, the first network device may send the first encryption algorithm to the terminal device before configuring the terminal device to enter the inactive state; or send the first encryption algorithm to the terminal device before configuring the terminal device to enter the inactive state .

The second encryption algorithm may be the same as or different from the first encryption algorithm. Specifically, when the second network device supports the first encryption algorithm, the second encryption algorithm may be directly the first encryption algorithm. When the second network device does not support the first encryption algorithm, the second encryption algorithm must be different from the first encryption algorithm.

Optionally, as an implementation manner, when the terminal device determines that the second network device does not support the first encryption algorithm, sends an RRC connection recovery request to the second network device, where the RRC connection is restored. The request includes the identifier of the terminal device; the terminal device receives an RRC connection recovery response sent by the second network device, where the RRC connection recovery response includes an encryption algorithm used to indicate that the second network device supports The second indication information; the terminal device acquires the second encryption algorithm according to the second indication information.

In the solution provided by the present application, the terminal device determines whether the second network device supports the encryption algorithm (ie, the first encryption algorithm) configured by the first network device for the terminal device, and further adopts the encryption algorithm supported by the second network device to the second The network device transmits data, so that data transmitted by the terminal device can be guaranteed to be decrypted by the second network device. Therefore, the solution provided by the present application can effectively avoid the problem that the network device newly accessed by the terminal device in the inactive state cannot decrypt the data sent by the terminal device, thereby improving the effectiveness of data transmission.

With reference to the first aspect, in a possible implementation manner of the first aspect, the determining, by the terminal device, whether the second network device supports the first encryption algorithm, includes: the terminal device receiving the second network a system broadcast message sent by the device, where the system broadcast message includes first indication information for indicating an encryption algorithm supported or not supported by the second network device, and the terminal device determines, according to the first indication information, Whether the second network device supports the first encryption algorithm.

Specifically, when it is determined that the second network device supports the first encryption algorithm according to the first indication information in the system broadcast message, directly using the first encryption algorithm to send data to the second network device. Encrypt.

Specifically, when it is determined that the second network device does not support the first encryption algorithm according to the first indication information in the system broadcast message, the second network device support may be acquired by using the first indication information. The encryption algorithm or the encryption algorithm supported by the second network device is obtained by sending an RRC connection recovery request to the second network device.

In the solution provided by the application, the second network device enables the terminal device to determine whether the second network device supports the first network device as a terminal by sending a system broadcast message indicating the encryption algorithm supported by the second network device to the terminal device. The encryption algorithm (that is, the first encryption algorithm) configured by the device, and then the data is sent to the second network device by using an encryption algorithm supported by the second network device, so that the data sent by the terminal device can be ensured by the second network device. Decrypt. Therefore, the solution provided by the present application can effectively avoid the problem that the network device newly accessed by the terminal device in the inactive state cannot decrypt the data sent by the terminal device, thereby improving the effectiveness of data transmission.

With reference to the first aspect, in a possible implementation manner of the first aspect, the communication method further includes: receiving, by the terminal device, cell encryption algorithm information sent by the first network device, where the cell encryption algorithm information is used by The information about the encryption algorithm of each cell in the management area of the first network device; the terminal device determining whether the second network device supports the first encryption algorithm, including: when the second network device When the cell is in the management area, the terminal device determines, according to the cell encryption algorithm information, whether the second network device supports the first encryption algorithm.

Optionally, the first network device may send the cell encryption algorithm information to the terminal device before or at the same time as configuring the terminal device to enter the inactive state.

Specifically, the cell encryption algorithm information is used to indicate encryption algorithm related information of each cell in the management area of the first network device. The information about the encryption algorithm of the cell may be any one or more of the following information: an encryption algorithm supported by the cell, an encryption algorithm not supported by the cell, a cell supporting the first encryption algorithm, and the cell does not support the first encryption algorithm, and the notification The encryption algorithm used by the terminal device after entering the cell. The management area may be a paging area of the first network device or an access network location tracking area. When the terminal device moves in the management area, the first network device does not need to be notified, and when the management area is moved out Need to notify the first network device.

Optionally, as an implementation manner, when the cell of the second network device to which the terminal device belongs is located in the management area, and according to the cell encryption algorithm information, determining the second network device support When the first encryption algorithm is described, the first encryption algorithm is directly determined as the second encryption algorithm, that is, in the subsequent data transmission process, the data is directly encrypted by using the first encryption algorithm.

Optionally, as an implementation manner, when the cell of the second network device to which the terminal device belongs is located in the management area, and according to the cell encryption algorithm information, determining that the second network device does not support The second encryption algorithm may be configured to obtain a second encryption algorithm supported by the second network device by sending an RRC connection recovery request to the second network device, or may obtain the second according to the cell encryption algorithm information. Encryption Algorithm.

Optionally, as an implementation manner, when the terminal device determines that the cell of the second network device that is currently in the home device is not in the management area, the encryption algorithm supported by the second network device may be obtained by: Sending an RRC connection recovery request to the second network device, where the RRC connection recovery request includes an identifier of the terminal device, and the terminal device receives an RRC connection recovery response sent by the second network device, where the RRC The connection recovery response includes second indication information for indicating an encryption algorithm supported by the second network device, and the terminal device acquires the second encryption algorithm according to the second indication information.

In the solution provided by the present application, the terminal device can determine whether the second network device supports the encryption algorithm configured by the first network device for the terminal device by knowing the cell encryption algorithm information in the management area of the first network device. The first encryption algorithm) further transmits data to the second network device by using an encryption algorithm supported by the second network device, so that data transmitted by the terminal device can be decrypted by the second network device. Therefore, the solution provided by the present application can effectively avoid the problem that the network device newly accessed by the terminal device in the inactive state cannot decrypt the data sent by the terminal device, thereby improving the effectiveness of data transmission.

With reference to the first aspect, in a possible implementation manner of the first aspect, the terminal device determines a second encryption algorithm, including:

Transmitting, by the terminal device, the first message to the second network device, where the first message includes an identifier of the terminal device, and first data encrypted by using a first encryption algorithm, where the first encryption algorithm is An encryption algorithm configured by the first network device for the terminal device; the terminal device receives an encryption algorithm update command sent by the second network device, where the encryption algorithm update command is used to indicate that the first encryption algorithm is updated And being the second encryption algorithm; the terminal device acquires the second encryption algorithm according to the encryption algorithm update command.

Optionally, the first encryption algorithm is an encryption algorithm configured by the first network device for the terminal device to use when communicating with the first network device.

Optionally, the first encryption algorithm is an encryption algorithm configured by the first network device for the terminal device to be used in the state (ie, an inactive state).

Specifically, the first network device may send the first encryption algorithm to the terminal device before configuring the terminal device to enter the inactive state; or send the first encryption algorithm to the terminal device before configuring the terminal device to enter the inactive state .

In conjunction with the first aspect, in a possible implementation manner of the first aspect, the data that is sent by the terminal device to the second network device and that is encrypted by using the second encryption algorithm is the first data.

With reference to the first aspect, in a possible implementation manner of the first aspect, before the terminal device sends the first data that is encrypted by using the second encryption algorithm to the second network device, The communication method also includes:

The terminal device receives third indication information that is sent by the second network device, where the third indication information is used to indicate that data sent by using the first encryption algorithm is retransmitted.

In the solution provided by the present application, when determining that the second network device does not support the encryption algorithm currently used by the terminal device, that is, the first encryption algorithm, the second network device notifies the terminal device to update the encryption algorithm to be supported by the second network device. The second encryption algorithm can ensure that the data sent by the terminal device can be decrypted by the second network device. Therefore, the solution provided by the present application can effectively avoid the problem that the network device newly accessed by the terminal device in the inactive state cannot decrypt the data sent by the terminal device, thereby improving the effectiveness of data transmission.

A second aspect provides a communication method, where the second network device receives data encrypted by a terminal device and is encrypted by using a second encryption algorithm, where the second encryption algorithm is supported by the second network device. An encryption algorithm, the terminal device is in a state of saving context information of the terminal device in the first network device, and has a cell reselection mobility, where the first network device is different from the second network device; The second network device decrypts the data sent by the terminal device based on the second encryption algorithm.

In the solution provided by the present application, the inactive terminal device sends the encrypted data to the new network device (ie, the second network device), and the encrypted data is encrypted using the new network device. Algorithm encrypted. In this way, it can be ensured that the data sent by the terminal device to the new network device can be decrypted by the new network device. Therefore, the solution provided by the present application can effectively avoid the problem that the network device newly accessed by the terminal device in the inactive state cannot decrypt the data sent by the terminal device, thereby improving the effectiveness of data transmission.

With reference to the second aspect, in a possible implementation manner of the second aspect, before the second network device receives the data that is sent by the terminal device and is encrypted by using the second encryption algorithm, the communication method further includes: The second network device sends a system broadcast message to the terminal device, where the system broadcast message includes first indication information for indicating an encryption algorithm supported or not supported by the second network device.

With reference to the second aspect, in a possible implementation manner of the second aspect, before the second network device receives the data that is sent by the terminal device and is encrypted by using the second encryption algorithm, the communication method further includes: Receiving, by the second network device, an RRC connection recovery request sent by the terminal device, where the RRC connection recovery request includes an identifier of the terminal device, and the second network device sends an RRC connection recovery response to the terminal device, where The RRC connection recovery response includes second indication information for indicating an encryption algorithm supported by the second network device.

With reference to the second aspect, in a possible implementation manner of the second aspect, before the second network device receives the data that is sent by the terminal device and is encrypted by using the second encryption algorithm, the communication method further includes:

Receiving, by the second network device, the first message sent by the terminal device, where the first message includes an identifier of the terminal device, and first data encrypted by using a first encryption algorithm, where the first encryption algorithm is The first network device is an encryption algorithm configured by the terminal device; the second network device requests context information of the terminal device from the first network device based on the identifier of the terminal device; The network device acquires the first encryption algorithm according to the context information; when the second network device does not support the first encryption algorithm, the second network device sends an encryption algorithm update command to the terminal device, The encryption algorithm update command is used to indicate that the first encryption algorithm is updated to the second encryption algorithm.

With reference to the second aspect, in a possible implementation manner of the second aspect, the data that is sent by the terminal device that is received by the second network device and that is encrypted by using the second encryption algorithm is the first data.

With reference to the second aspect, in a possible implementation manner of the second aspect, before the second network device receives the data that is sent by the terminal device and is encrypted by using the second encryption algorithm, the communication method further includes:

The second network device sends third indication information to the terminal device, where the third indication information is used to indicate that data sent by using the first encryption algorithm is retransmitted.

A third aspect provides a communication method, the method includes: receiving, by a terminal device, a notification message sent by a first network device, where the notification message includes an identifier of the terminal device; when the radio link is found to be failed, the terminal device Performing cell selection or cell reselection to determine a current serving cell; the terminal device sends a connection recovery request to the second network device corresponding to the current serving cell, where the connection recovery request carries the identifier of the terminal device.

Specifically, the failure of the radio link refers to a communication link failure of the terminal device and the network device.

Specifically, the current serving cell may be a coverage cell of the network device, or may be an overlay of other network devices.

Optionally, the first network device allocates an identifier of the terminal device to the terminal device when establishing a connection with the terminal device.

Optionally, when the terminal device switches to a cell of the first network device, the first network device allocates an identifier of the terminal device to the terminal device.

Specifically, the identifier of the terminal device includes an identifier for identifying the terminal device and an identifier of a network device that is previously logged. The terminal identifier is used by the terminal device to resume connection after the radio link fails, or the device identifier may also be used when the terminal device performs connection recovery in the deactivated state.

In the solution provided by the present application, the identifier of the terminal device is configured in advance by the network device, so that when the terminal device finds that the wireless link fails, the connection recovery can be performed in time based on the identifier of the terminal device.

In conjunction with the third aspect, in a possible implementation manner of the third aspect, the notification message further includes key information. The communication method further includes the terminal device generating integrity protection information using the key information, and transmitting the integrity protection information to the serving network device.

Specifically, the integrity protection information may be calculated by combining the connection information of the key information with the terminal device. Alternatively, the integrity protection information may be calculated by combining the key information with the identifier of the terminal device.

In the solution provided by the present application, the network device configures the key and the identifier of the terminal device for the terminal device in advance, so that the terminal device can perform connection recovery in time and effectively when the wireless link fails.

A fourth aspect provides a terminal device, where the terminal device is configured to perform the communication method in the foregoing first aspect or any possible implementation manner of the first aspect. In particular, the terminal device may comprise means for performing the communication method of the first aspect or any of the possible implementations of the first aspect.

A fifth aspect provides a terminal device, the terminal device comprising a memory and a processor, the memory for storing an instruction, the processor for executing the instruction stored by the memory, and the instruction stored in the memory Executing the method of causing the processor to perform the first aspect or any of the possible implementations of the first aspect.

A sixth aspect provides a computer readable storage medium having stored thereon a computer program, the program being executed by a processor to implement the method of the first aspect or any of the possible implementations of the first aspect.

The seventh aspect provides a network device, where the network device is configured to perform the communication method in any of the foregoing possible implementation manners of the second aspect or the second aspect. In particular, the network device may comprise means for performing the communication method of the second aspect or any of the possible implementations of the second aspect.

An eighth aspect provides a network device, the network device including a memory and a processor, the memory for storing instructions for executing the memory stored instructions, and for instructions stored in the memory Executing the method of causing the processor to perform the second aspect or any of the possible implementations of the second aspect.

A ninth aspect provides a computer readable storage medium having stored thereon a computer program, the program being executed by a processor to implement the method of any of the possible implementations of the second aspect or the second aspect. Species

DRAWINGS

FIG. 1 is a schematic structural diagram of an embodiment of the present invention.

FIG. 2 is a schematic flowchart of a communication method according to an embodiment of the present invention.

FIG. 3 is another schematic flowchart of a communication method according to an embodiment of the present invention.

FIG. 4 is still another schematic flowchart of a communication method according to an embodiment of the present invention.

FIG. 5 is still another schematic flowchart of a communication method according to an embodiment of the present invention.

FIG. 6 is still another schematic flowchart of a communication method according to an embodiment of the present invention.

FIG. 7 is a schematic block diagram of a terminal device according to an embodiment of the present invention.

FIG. 8 is another schematic block diagram of a terminal device according to an embodiment of the present invention.

FIG. 9 is a schematic block diagram of a network device according to an embodiment of the present invention.

FIG. 10 is another schematic block diagram of a network device according to an embodiment of the present invention.

FIG. 11 is a schematic block diagram of a communication apparatus according to an embodiment of the present application.

FIG. 12 is another schematic block diagram of a communication apparatus according to an embodiment of the present application.

FIG. 13 is still another schematic block diagram of a communication apparatus according to an embodiment of the present application.

detailed description

The technical solutions in the present application will be described below with reference to the accompanying drawings.

It should be understood that the technical solution of the embodiment of the present invention can be applied to a Long Term Evolution (LTE) architecture, and can also be applied to a Universal Mobile Telecommunications System (UMTS) terrestrial radio access network (UMTS Terrestrial Radio Access). Network, UTRAN) architecture, or Global System for Mobile Communication (GSM)/Enhanced Data Rate for GSM Evolution (EDGE) system radio access network (GSM EDGE Radio Access Network, GERAN) architecture. In the UTRAN architecture or /GERAN architecture, the function of the MME is completed by Serving GPRS Support (SGSN), and the function of SGW\PGW is supported by the gateway GPRS support node (Gateway GPRS). Support Node, GGSN) is completed. The technical solution of the embodiment of the present invention can also be applied to other communication systems, such as a Public Land Mobile Network (PLMN) system, or even a future 5G communication system or a communication system after 5G, etc. Not limited.

Embodiments of the present invention relate to a terminal device. The terminal device may be a device that includes a wireless transceiver function and can cooperate with the network device to provide a communication service for the user. Specifically, the terminal device may refer to a user equipment (User Equipment, UE), an access terminal, a subscriber unit, a subscriber station, a mobile station, a mobile station, a remote station, a remote terminal, a mobile device, a user terminal, a terminal, a wireless communication device, User agent or user device. For example, the terminal device may be a cellular phone, a cordless phone, a Session Initiation Protocol (SIP) phone, a Wireless Local Loop (WLL) station, a Personal Digital Assistant (PDA), with wireless The communication function of the handheld device, the computing device or other processing device connected to the wireless modem, the in-vehicle device, the wearable device, the terminal device in the network after the 5G network or the 5G, etc., are not limited in this embodiment of the present invention.

Embodiments of the present invention are also directed to network devices. The network device may be a device for communicating with the terminal device, for example, may be a base station (Base Transceiver Station, BTS) in the GSM system or CDMA, or may be a base station (NodeB, NB) in the WCDMA system, or may be An evolved base station (Evolutional Node B, eNB or eNodeB) in an LTE system, or the network device may be a relay station, an access point, an in-vehicle device, a wearable device, and a network side device in a network after a 5G network or a 5G or Network devices and the like in a future evolved PLMN network.

The network device involved in the embodiment of the present invention may also be referred to as a Radio Access Network (RAN) device. The RAN device is connected to the terminal device and is configured to receive data of the terminal device and send the data to the core network device. The RAN device corresponds to different devices in different communication systems, for example, a corresponding base station and a base station controller in a 2G system, and a corresponding base station and a radio network controller (RNC) in a 3G system, correspondingly evolved in a 4G system. An evolved Node B (eNB) corresponds to a 5G system in a 5G system, such as an access network device (eg, gNB, CU, DU) in a new Radio Access Technology (NR).

Embodiments of the present invention also relate to a Core Network (CN) device. The CN device corresponds to different devices in different communication systems, for example, a Serving GPRS Support Node (SGSN) or a Gateway GPRS Support Node (GGSN) in a 3G system, in a 4G system. Corresponding to the Mobility Management Entity (MME) or Serving GateWay (S-GW), the 5G system corresponds to the core network related equipment (for example, NG-Core) of the 5G system.

In order to facilitate the understanding of the present application, several elements introduced in the description of the present application are first introduced herein:

In the Connected state, a Radio Resource Control (RRC) connection is established between the terminal device and the Radio Access Network (RAN) device. When the terminal device is in the connected state, the terminal device saves its own context information, and can perform cell handover based on the RAN control.

In the idle state, there is no RRC connection between the terminal device and the RAN device, and the context information is no longer saved in the terminal device and the RAN device. When the terminal device releases its own context information when the terminal device is in an idle state, cell-based reselection can be performed.

In a third state, the terminal device saves its own context information and can perform a cell-based reselection operation. Meanwhile, the connection information of the terminal device is saved in the anchor RAN device, and the connection information of the terminal device includes the context information of the terminal device and the core network. connection. When the terminal device is in the third state, the terminal device saves the management area information configured by the anchor RAN device, and the terminal device needs to notify the anchor RAN device when moving the management area corresponding to the management area information.

The third state may also be referred to as an inactive state, a light connection state, a Suspend state, a deactivated state, a low overhead state, and the like. The management area may also be called a paging area, an access network location tracking area, and the like.

When the terminal device is in the third state, the RRC connection between the terminal device and the RAN device may be restored by using a Resume message, and optionally, the data radio bearer for transmitting data between the terminal device and the RAN device may also be restored ( Data Radio Bearer, DRB). The S1 interface of the terminal device is anchored to a RAN device (which may be referred to as an anchor RAN device), and then cell reselection mobility may be performed in a predetermined area (eg, referred to as "RAN-based paging" There is no need to notify the anchor RAN device when moving within the zone, or "radio access zone", and once the RAN-based paging zone is out, the anchor RAN device needs to be notified of its location. This process is called RAN's paging area update (Paging Area Update). The "inactive state" referred to in the embodiments of the present invention is only for describing such a state, and is not limited thereto.

It should be noted that the following terms mentioned in this document: inactive state, anchor RAN device, radio access network area (or RAN-based paging area) update, are only for convenience of description, and are not used to limit The scope of the embodiments of the present invention.

Context information, after the RAN device establishes an RRC connection with the terminal device, the RAN device allocates context information to the terminal device, and the RAN device communicates with the terminal device based on the context information.

Specifically, the context information includes identifier information of the terminal device, security context information of the terminal device, subscription information of the terminal device, configuration information of the radio bearer of the terminal device, logical channel information, and Network Slicing Info, and the current terminal is included in the Network Slicing Info. The network function of the device, and the address of the CP Function in each network Slicing, where the configuration information of the radio bearer of the terminal device includes at least one of the following: configuration parameters of the packet data convergence protocol PDCP, and radio link layer control Protocol RLC configuration parameters, media access control MAC configuration parameters and/or physical layer PHY configuration parameters, packet data convergence protocol PDCP variables, counters and/or timer values, radio link layer control protocol RLC The value of variables, counters, and/or timers, media access control MAC variables, counters and/or timer values, and/or physical layer PHY variables, counters, and/or timer values, for example, COUNT of the PDCP packet, SN of the PDCP packet.

The identifier of the terminal device indicates that the identifier of the terminal device can be uniquely identified, and may be an identifier allocated by the RAN device for the terminal device, or may be an identifier assigned by the control plane device (CP Function) to the terminal device.

FIG. 1 is a schematic structural diagram of a system according to an embodiment of the present invention. The terminal device 110 initially establishes an RRC connection with the first network device 120, that is, the terminal device 110 enters a connected state. In the connected state, the first network device 120 assigns context information to the terminal device 110. In the connected state, the terminal device communicates with the first network device 120 based on the RRC connection, such as through the first network device 120. Then, the terminal device 110 disconnects the RRC connection with the first network device 120, but retains the context information of the terminal device 110 at the first network device 120 (ie, the context information that the first network device 120 allocates for the terminal device 110), that is, the terminal. Device 110 enters an inactive state. In the inactive state, the terminal device 110 moves to the second network device 130. When moving to the cell of the second network device 130, the terminal device 110 performs communication transmission with the second network device 130 based on the previously retained context information, for example. The core network 140 is accessed by the first network device 120.

FIG. 2 is a schematic flowchart of a communication method 200 according to an embodiment of the present invention. The terminal device, the first network device, and the second network device described in FIG. 2 may correspond to the terminal device 110, the first network device 120, and the second network device 130 illustrated in FIG. 1, respectively. As shown in FIG. 2, the communication method 200 includes:

210. After the terminal device moves to the cell of the second network device, the terminal device determines a second encryption algorithm, where the second encryption algorithm is an encryption algorithm supported by the second network device, and the terminal device is in a context of saving the terminal device in the first network device. Information, and having a state of cell reselection mobility, the first network device is different from the second network device.

Specifically, the state in which the terminal device is located may be referred to as an inactive state.

The second encryption algorithm is an encryption algorithm supported by the second network device, and the second network device is capable of decrypting the data encrypted using the second encryption algorithm.

220. The terminal device sends, to the second network device, data encrypted by using the second encryption algorithm.

Specifically, the encrypted data sent by the terminal device to the second network device is encrypted by using the second encryption algorithm. The key may be a key used by the first network to be used by the terminal device. It should be understood that after the first network device configures the key for the terminal device, the key information is configured in the context information configured by the terminal device, that is, the context information of the terminal device under the first network device. The second network device may acquire the key by requesting the context information from the first network device.

It should be understood that, when the terminal device sends the data encrypted by using the second encryption algorithm to the second network device, the identifier of the terminal device is also sent, and the identifier of the terminal device is used by the second network device to identify the received Which data comes from which device.

Specifically, the identifier of the terminal device includes an identifier for identifying the terminal device. After receiving the identifier of the terminal device, the second network device can learn that the received data is from the terminal device.

Optionally, the identifier of the terminal device may include an identifier for identifying the terminal device, and may further include an identifier for identifying the first network device. After receiving the identifier of the terminal device, the second network device can learn that the received data is from the terminal device, and can also know that the network device to which the terminal device belongs before is the first network device.

Further, the identifier of the terminal device that is used to identify the terminal device may specifically be an identifier for identifying the terminal device in the first network device.

Specifically, the identifier of the terminal device may be an identifier that is allocated by the first network device to the terminal device in the connected state.

230. The second network device decrypts data sent by the terminal device based on the second encryption algorithm.

Specifically, the second network device decrypts the data by using a decryption algorithm corresponding to the encryption algorithm.

It has already been mentioned in step 220 that the data transmitted by the terminal is encrypted using a key and a second encryption algorithm. The second network device may request the first network device for context information of the terminal device, thereby acquiring the key, and then decrypting the data sent by the terminal device based on the key and the corresponding decryption algorithm.

In the embodiment of the present invention, the inactive terminal device sends the encrypted data to the new network device (ie, the second network device), and the encrypted data is encrypted by using an encryption algorithm supported by the new network device. . In this way, it can be ensured that the data transmitted by the terminal device to the new network device can be decrypted by the new network device. Therefore, the solution provided by the embodiment of the present invention can effectively avoid the problem that the network device newly accessed by the terminal device in the inactive state cannot decrypt the data sent by the terminal device, thereby improving the effectiveness of data transmission.

The terminal device in the embodiment of the present invention is a terminal device that is inactive. The process of the terminal device entering the inactive state may be: the terminal device receives an RRC suspension message sent by the first network device, where the RRC suspension message is used to indicate that the terminal device enters an inactive state; and the terminal device receives the RRC After the message is suspended, the context information of the terminal device in the first network device is saved, and the device can be moved to other network devices, and the neighboring cell can be autonomously accessed. The RRC suspension message may be an RRC release message, an RRC reconfiguration message or an RRC deactivation message.

Specifically, in step 210, optionally, the terminal device determines the second encryption algorithm, where the terminal device determines whether the second network device supports the first encryption algorithm, and the first encryption algorithm An encryption algorithm configured for the first network device as the terminal device; when the terminal device determines that the second network device supports the first encryption algorithm, determining the first encryption algorithm as the second encryption algorithm.

Optionally, the first encryption algorithm is an encryption algorithm configured by the first network device for the terminal device to use when communicating with the first network device.

Optionally, the first encryption algorithm is an encryption algorithm configured by the first network device for the terminal device to use in the state (ie, the inactive state).

Specifically, the terminal device acquires the first encryption algorithm from the first network device. Optionally, the first network device may send the first encryption algorithm to the terminal device before configuring the terminal device to enter the inactive state; or send the first encryption algorithm to the terminal device while configuring the terminal device to enter the inactive state. . For example, the first network device may carry the information of the first encryption algorithm in the RRC suspend message for configuring the terminal device to enter the inactive state; or may send the information to the terminal device before sending the RRC suspension message to the terminal device. The information of the first encryption algorithm. The information of the first encryption algorithm refers to the indication information used to indicate the first encryption algorithm, and the indication information is, for example, a number or identifier of the first encryption algorithm. For example, the system pre-defines a plurality of encryption algorithms, and assigns a unique number to each encryption algorithm. In the subsequent communication process, the number of the encryption algorithm may be used to represent the corresponding encryption algorithm.

The second encryption algorithm may be the same as or different from the first encryption algorithm. Specifically, when the second network device supports the first encryption algorithm, the second encryption algorithm may be directly the first encryption algorithm. When the second network device does not support the first encryption algorithm, the second encryption algorithm must be different from the first encryption algorithm.

The first encryption algorithm is used to indicate that the network device (that is, the first network device) that the terminal device belongs to is configured with an encryption algorithm for the terminal device, and is only used for describing the second encryption algorithm supported by the second network device. The scope of protection of the embodiments of the present invention is not limited.

Specifically, when the terminal device determines that the second network device supports the first encryption algorithm, determining the first encryption algorithm as the second encryption algorithm. That is, in step 220, the terminal device directly encrypts the data to be transmitted to the second network device using the first encryption algorithm.

Specifically, when the terminal device determines that the second network device does not support the first encryption algorithm, the second encryption algorithm may be obtained by: sending an RRC connection recovery request to the second network device, where the RRC connection recovery request is The RRC connection recovery response is sent to the terminal device, where the second network device includes an RRC connection recovery request, and the RRC connection recovery response includes an encryption algorithm used to indicate that the second network device supports The second indication information; the terminal device acquires the second encryption algorithm according to the second indication information.

Specifically, the second indication information may be, for example, a number or identifier of an encryption algorithm supported by the second network device. In other words, the terminal device can learn, according to the second indication information, which encryption algorithm is supported by the encryption algorithm supported by the second network device.

In the embodiment of the present invention, the terminal device determines an encryption algorithm supported by the second network device by determining whether the second network device supports an encryption algorithm configured by the first network device to which the terminal device belongs before, that is, the first encryption algorithm. Therefore, the encrypted data can be sent to the second network device based on an encryption algorithm supported by the second network device, so that data sent by the terminal device can be decrypted by the second network device. Therefore, the solution provided by the embodiment of the present invention can effectively avoid the problem that the network device newly accessed by the terminal device in the inactive state cannot decrypt the data sent by the terminal device, thereby improving the effectiveness of data transmission.

Specifically, the terminal device can determine whether the second network device supports the first encryption algorithm in a plurality of different manners.

Optionally, as an optional embodiment, the terminal device determines whether the second network device supports the first encryption algorithm, and the method includes: receiving, by the terminal device, a system broadcast message sent by the second network device, where the system broadcasts a message The first indication information is used to indicate an encryption algorithm supported or not supported by the second network device. The terminal device determines, according to the first indication information, whether the second network device supports the first encryption algorithm.

Specifically, the second network device sends a system broadcast message to the device in the cell, where the system broadcast message includes first indication information for indicating an encryption algorithm supported or not supported by the second network device, and is in an inactive state. After the terminal device moves to the cell of the second network device, it receives the system broadcast message of the second network device, and then, based on the first indication information, can learn which type or encryption algorithms the second network device supports. Or which one or more encryption algorithms are not supported, and then it can be known whether the second network device supports the first encryption algorithm.

Optionally, the first indication information may be a number of an encryption algorithm supported by the second network device.

For example, the system pre-defines 10 encryption algorithms, and the number of these 10 encryption algorithms is defined as 1-10. For example, if the first indication information is 1, 5, 7, the encryption algorithm supported by the second network device is an encryption algorithm numbered 1, 5, and 7. If the number of the first encryption algorithm is 1, it is known that the second network device supports the first encryption algorithm. If the number of the first encryption algorithm is 9, it is known that the second network device does not support the first encryption algorithm.

Specifically, in this embodiment, when it is determined that the second network device supports the first encryption algorithm according to the first indication information in the system broadcast message, directly using the first encryption algorithm to send to the second network device. The data is encrypted.

Specifically, in this embodiment, when it is determined that the second network device does not support the first encryption algorithm according to the first indication information in the system broadcast message, the second network device support may be acquired by using the first indication information. The encryption algorithm or the encryption algorithm supported by the second network device is obtained by sending an RRC connection recovery request to the second network device.

For example, when the first indication information indicates only one encryption algorithm supported by the second network device, the encryption algorithm indicated by the first indication information may be directly determined as the second encryption algorithm.

For example, when the first indication information indicates multiple encryption algorithms supported by the second network device, since the terminal device does not know which encryption algorithm is currently used by the second network device, in this case, the terminal device The RRC connection recovery request may be sent to the network device to learn the encryption algorithm currently used by the second network device. Specifically, the terminal device sends an RRC connection recovery request to the second network device, where the RRC connection recovery request includes an identifier of the terminal device; after receiving the RRC connection recovery request, the second network device sends an RRC connection to the terminal device. Recovering the response, the RRC connection recovery response includes second indication information for indicating an encryption algorithm currently used by the second network device, and the terminal device acquires the second encryption algorithm according to the second indication information.

Optionally, when the first indication information indicates multiple encryption algorithms supported by the second network device, although the terminal device does not know which encryption algorithm is currently used by the second network device, the first indication information indicates A plurality of encryption algorithms are encryption algorithms supported by the second network device. Therefore, the terminal device may select one of the multiple encryption algorithms to encrypt and determine the second encryption algorithm, and send the data encrypted by using the second encryption algorithm to the second network device. The indication information of the second encryption algorithm. Correspondingly, the second network device may determine, according to the indication information of the second encryption algorithm, an encryption algorithm used to decrypt data sent by the terminal device.

In order to facilitate a better understanding of the communication method provided by the embodiment of the present invention, some specific embodiments are described in detail below with reference to FIG. 3. FIG. 3 is a schematic flowchart of a communication method 300 according to an embodiment of the present invention. The communication method 300 includes:

301. The first network device sends an RRC suspension message to the terminal device.

Specifically, before receiving the RRC suspension message, the terminal device has obtained the first encryption algorithm from the first network device. Alternatively, the RRC suspend message carries information indicating the first encryption algorithm, and the terminal device learns the first encryption algorithm by using the RRC suspend message. Specifically, the RRC suspension message may be an RRC release message, an RRC deactivation message, or an RRC reconfiguration message.

Optionally, the RRC suspension message may further include an identifier of the terminal device configured by the first network device for the terminal device.

Optionally, the RRC suspension message may further include a paging area configured by the first network device for the terminal device, and the terminal device does not need to notify the first network device when moving in the paging area. This paging area can also be referred to as a management area.

302. After receiving the RRC suspension message, the terminal device enters an inactive state.

303. After the terminal device (the terminal device in the inactive state) moves to the cell of the second network device, receive a system broadcast message of the second network device, where the system broadcast message includes an encryption algorithm used to indicate that the second network device supports the encryption algorithm. Instructions.

304. The terminal device determines, according to the system broadcast message, whether the second network device supports the first encryption algorithm. If yes, go to step 305, and if no, go to step 306.

305. The terminal device sends the data encrypted by using the first encryption algorithm to the second network device.

306. The terminal device sends an RRC connection recovery request to the second network device, where the RRC connection recovery request includes an identifier of the terminal device.

307. After receiving the RRC connection recovery request, the second network device sends an RRC connection recovery response to the terminal device, where the RRC connection recovery response includes information indicating an encryption algorithm supported by the second network device.

308. After receiving the RRC connection recovery response, the terminal device determines the second encryption algorithm.

309. The terminal device sends data encrypted by using a second encryption algorithm to the second network device.

Optionally, the system broadcast message of the second network device further includes information indicating an encryption algorithm currently used by the second network device. In this case, when the terminal device determines in step 304 that the second network device does not support the first encryption algorithm, the second device may use the information in the system broadcast message to indicate the encryption algorithm currently used by the second network device. The encryption algorithm currently used by the network device is determined as the second encryption algorithm.

In the embodiment of the present invention, the second network device sends a system broadcast message indicating the encryption algorithm supported by the second network device to the terminal device, so that the terminal device can determine whether the second network device supports the first network device as the terminal device. The configured encryption algorithm (ie, the first encryption algorithm) further transmits data to the second network device by using an encryption algorithm supported by the second network device, so that data transmitted by the terminal device can be decrypted by the second network device. Therefore, the solution provided by the embodiment of the present invention can effectively avoid the problem that the network device newly accessed by the terminal device in the inactive state cannot decrypt the data sent by the terminal device, thereby improving the effectiveness of data transmission.

Optionally, in another optional embodiment, the communications method 200 further includes: receiving, by the terminal device, cell encryption algorithm information sent by the first network device, where the cell encryption algorithm information is used to indicate the first network device The information about the encryption algorithm of each cell in the management area; the terminal device determines whether the second network device supports the first encryption algorithm, and includes: when determining that the cell of the second network device that is currently in the home zone is in the management area, The terminal device determines, according to the cell encryption algorithm information, whether the second network device supports the first encryption algorithm.

Specifically, the terminal device receives the cell encryption algorithm information sent by the first network device before or at the same time as entering the inactive state. The cell encryption algorithm information is used to indicate encryption algorithm related information of each cell in the management area of the first network device.

The information about the encryption algorithm of the cell may be any one or more of the following information: an encryption algorithm supported by the cell, an encryption algorithm not supported by the cell, a cell supporting the first encryption algorithm, and the cell does not support the first encryption algorithm, and the notification The encryption algorithm used by the terminal device after entering the cell.

The management area may be a paging area of the first network device or an access network location tracking area, and the terminal device does not need to notify the first network device when moving in the management area, and needs to notify the mobile device when moving out of the management area. A network device.

Optionally, in this embodiment, when the cell of the second network device to which the terminal device belongs is located in the management area, and according to the cell encryption algorithm information, determining that the second network device supports the first encryption algorithm The first encryption algorithm is directly determined as the second encryption algorithm, that is, in the subsequent data transmission process, the data is directly encrypted using the first encryption algorithm.

Optionally, in this embodiment, when the cell of the second network device to which the terminal device belongs is located in the management area, and according to the cell encryption algorithm information, determining that the second network device does not support the first encryption In the algorithm, the second encryption algorithm supported by the second network device may be obtained by sending an RRC connection recovery request to the second network device; or the second encryption algorithm may be obtained according to the cell encryption algorithm information.

For example, the terminal device sends an RRC connection recovery request to the second network device, where the RRC connection recovery request includes an identifier of the terminal device, and the terminal device receives an RRC connection recovery response sent by the second network device, where the RRC connection resumes response. The second indication information is used to indicate an encryption algorithm supported by the second network device; the terminal device acquires the second encryption algorithm according to the second indication information.

For another example, the terminal device learns an encryption algorithm supported by a cell of the second network device that belongs to the current cell based on the cell encryption algorithm information, and then selects an encryption algorithm as the second encryption algorithm. Preferably, the information of the second encryption algorithm, for example, the number of the second encryption algorithm, may be sent to the second network device while the data encrypted by using the second encryption algorithm is sent to the second network device.

Optionally, in this embodiment, when the terminal device determines that the cell of the second network device that is currently in the home device is not in the management area, the encryption algorithm supported by the second network device may be obtained by: The second network device sends an RRC connection recovery request, where the RRC connection recovery request includes an identifier of the terminal device, and the terminal device receives an RRC connection recovery response sent by the second network device, where the RRC connection recovery response includes The second indication information of the encryption algorithm supported by the network device; the terminal device acquires the second encryption algorithm according to the second indication information.

In order to facilitate a better understanding of the communication method provided by the embodiment of the present invention, some specific embodiments are described in detail below with reference to FIG. FIG. 4 is a schematic flowchart of a communication method 400 according to an embodiment of the present invention. The communication method 400 includes:

401. The first network device sends an RRC suspension message to the terminal device, where the RRC suspension message is used to indicate that the terminal device enters an inactive state, where the RRC suspension message further includes cell encryption algorithm information, where the cell encryption algorithm information is used. Encryption algorithm related information indicating each cell in the management area of the first network device.

Specifically, the encryption algorithm related information may be any one or more of the following information: an encryption algorithm supported by the cell, an encryption algorithm not supported by the cell, a cell supporting the first encryption algorithm, and the cell does not support the first encryption algorithm, and the notification The encryption algorithm used by the terminal device after entering the cell.

Optionally, the first network device may also send the cell encryption algorithm information to the terminal device before sending the RRC suspension message.

Specifically, before receiving the RRC suspension message, the terminal device has obtained the first encryption algorithm from the first network device. Alternatively, the RRC suspend message carries information indicating the first encryption algorithm, and the terminal device learns the first encryption algorithm by using the RRC suspend message.

Optionally, the RRC suspension message may further include an identifier of the terminal device configured by the first network device for the terminal device.

Optionally, the RRC suspension message may further include a paging area (ie, the management area) configured by the first network device for the terminal device, and the terminal device does not need to notify the first network device when moving in the paging area.

Specifically, the RRC suspension message may be an RRC release message, an RRC deactivation message, or an RRC reconfiguration message.

402. After receiving the RRC suspension message, the terminal device enters an inactive state.

403. After the terminal device (inactive terminal device) moves to the cell of the second network device, determine whether the cell of the second network device that is currently in the current zone is in the management region, and if yes, go to step 404, if no, turn Go to step 406.

404. The terminal device determines, according to the cell encryption algorithm information, whether the second network device supports the first encryption algorithm. If yes, go to step 405, and if no, go to step 406.

405. The terminal device sends the data encrypted by using the first encryption algorithm to the second network device.

406. The terminal device sends an RRC connection recovery request to the second network device, where the RRC connection recovery request includes an identifier of the terminal device.

407. After receiving the RRC connection recovery request, the second network device sends an RRC connection recovery response to the terminal device, where the RRC connection recovery response includes an encryption algorithm used to indicate that the second network device supports.

408. After receiving the RRC connection recovery response, the terminal device determines the second encryption algorithm.

409. The terminal device sends data encrypted by using a second encryption algorithm to the second network device.

Optionally, in step 404, if it is determined that the second network device does not support the first encryption algorithm based on the cell encryption algorithm information, the second encryption algorithm may be determined based on the cell encryption algorithm information. Specifically, the encryption algorithm supported by the cell of the second network device that belongs to the current network is obtained by using the encryption algorithm related information of each cell included in the cell encryption algorithm information, and then an encryption algorithm is selected as the second encryption algorithm. . In this embodiment, preferably, the information of the second encryption algorithm may be sent to the second network device, for example, the second encryption, while the data encrypted by using the second encryption algorithm is sent to the second network device. The number of the algorithm.

In the embodiment of the present invention, the terminal device is configured to determine whether the second network device supports the encryption algorithm configured by the first network device for the terminal device by using the cell encryption algorithm information in the management area of the first network device. An encryption algorithm) is further configured to send data to the second network device by using an encryption algorithm supported by the second network device, so that data transmitted by the terminal device can be decrypted by the second network device. Therefore, the solution provided by the embodiment of the present invention can effectively avoid the problem that the network device newly accessed by the terminal device in the inactive state cannot decrypt the data sent by the terminal device, thereby improving the effectiveness of data transmission.

In some embodiments described above, the terminal device determines whether the second network device supports the encryption algorithm currently used by the terminal device (ie, the first encryption algorithm), and then acquires the second network device by using corresponding means according to the determination result. Supported encryption algorithms. The embodiment of the present invention is not limited thereto, and the second network device may further determine whether the second network device supports the first encryption algorithm currently used by the terminal device.

Specifically, in step 210, optionally, the terminal device determines, according to another embodiment, the second encryption algorithm, that the terminal device sends the first message to the second network device, where the first message includes the An identifier of the terminal device, and the first data encrypted by using the first encryption algorithm, where the first encryption algorithm is an encryption algorithm configured by the first network device for the terminal device; and the second network device receives the first message sent by the terminal device And requesting, by the first network device, context information of the terminal device according to the identifier of the terminal device; the second network device acquiring the first encryption algorithm according to the context information; and when the second network device determines the second When the network device does not support the first encryption algorithm, sending an encryption algorithm update command to the terminal device, where the encryption algorithm update command is used to indicate that the first encryption algorithm is updated to the second encryption algorithm; and the terminal device is configured according to the encryption algorithm. Update the command to obtain the second encryption algorithm.

Optionally, the first encryption algorithm is an encryption algorithm configured by the first network device for the terminal device to use when communicating with the first network device.

Optionally, the first encryption algorithm is an encryption algorithm configured by the first network device for the terminal device to use in the state (ie, the inactive state).

Specifically, the terminal device acquires the first encryption algorithm from the first network device. Optionally, the first network device may send the first encryption algorithm to the terminal device before configuring the terminal device to enter the inactive state; or send the first encryption algorithm to the terminal device while configuring the terminal device to enter the inactive state. . For example, the first network device may carry the information of the first encryption algorithm in the RRC suspend message for configuring the terminal device to enter the inactive state; or may send the information to the terminal device before sending the RRC suspension message to the terminal device. The information of the first encryption algorithm. The information of the first encryption algorithm refers to the indication information used to indicate the first encryption algorithm, and the indication information is, for example, a number or identifier of the first encryption algorithm. For example, the system pre-defines a plurality of encryption algorithms, and assigns a unique number to each encryption algorithm. In the subsequent communication process, the number of the encryption algorithm may be used to represent the corresponding encryption algorithm.

Specifically, after the terminal device in the inactive state moves to the cell of the second network device, if data needs to be sent, the data encrypted by using the first encryption algorithm is sent to the second network device, and the identifier of the terminal device is also sent; After receiving the encrypted data sent by the terminal device, the network device requests the first network device according to the identifier of the terminal device, and then obtains the first encryption algorithm based on the context information, if the second network device If the first encryption algorithm is not supported, the encryption algorithm update command is sent to the terminal device, where the encryption algorithm update command is used to indicate that the first encryption algorithm is updated to the second encryption algorithm, and the second encryption algorithm may be the second network. An encryption algorithm currently used by the device; the terminal device obtains the second encryption algorithm according to the encryption algorithm update command.

It should be understood that, in this embodiment, if the second network device supports the first encryption algorithm, the decryption algorithm corresponding to the first encryption algorithm may be directly used to decrypt the data sent by the terminal device, and the encryption algorithm update is not sent. Ordered.

Optionally, in this embodiment, after the terminal device acquires the second encryption algorithm according to the encryption algorithm update command, the first data encrypted by using the first encryption algorithm may be retransmitted to the second network device, that is, in step 220. The terminal device sends the data encrypted by using the second encryption algorithm to the second network device as the first data.

Preferably, in this embodiment, the second network device may further send, to the terminal device, third indication information, which is used to indicate that the first The data sent by an encryption algorithm is retransmitted; the terminal device retransmits the first data encrypted by the first encryption algorithm to the second network device according to the third indication information.

In order to facilitate a better understanding of the communication method provided by the embodiment of the present invention, some specific embodiments are described in detail below with reference to FIG. 5. FIG. 5 is a schematic flowchart of a communication method 500 according to an embodiment of the present invention. The communication method 500 includes:

501. The first network device sends an RRC suspension message to the terminal device.

Step 501 is the same as step 301. For details, refer to the above, and details are not described herein again.

502. After receiving the RRC suspension message, the terminal device enters an inactive state.

503. After the terminal device (the terminal device in the inactive state) moves to the cell of the second network device, when the data needs to be sent, the first message is sent to the second network device, where the first message includes the identifier of the terminal device, and the first The first data encrypted by an encryption algorithm.

504. After receiving the first message, the second network device sends the identifier of the terminal device to the first network device, to request context information of the terminal device.

505. After receiving the identifier of the terminal device, the first network device sends the context information of the terminal device to the second network device.

506. The second network device acquires the first encryption algorithm according to the context information of the terminal device, and determines whether the first encryption algorithm is supported. If yes, go to step 507, and if no, go to step 509.

507. The second network device sends an encryption algorithm update command to the terminal device, where the encryption algorithm update command is used to indicate that the first encryption algorithm is updated to the second encryption algorithm.

508. The terminal device sends, according to the encryption algorithm update command, the data encrypted by using the second encryption algorithm to the second network device.

Optionally, the terminal device uses the second encryption algorithm to retransmit the data encrypted by the first encryption algorithm to the second network device, for example, the first data sent in step 503.

Optionally, after step 507, or in step 507, the second network device sends data to the terminal device for indicating transmission using the first encryption algorithm before retransmission.

509. The second network device decrypts the first data sent by the terminal device by using a decryption algorithm corresponding to the first encryption algorithm.

In the embodiment of the present invention, when determining that the second network device does not support the encryption algorithm currently used by the terminal device, that is, the first encryption algorithm, the second network device notifies the terminal device to update the encryption algorithm to the second network device. The second encryption algorithm ensures that the data sent by the terminal device can be decrypted by the second network device. Therefore, the solution provided by the embodiment of the present invention can effectively avoid the problem that the network device newly accessed by the terminal device in the inactive state cannot decrypt the data sent by the terminal device, thereby improving the effectiveness of data transmission.

In summary, in the embodiment of the present invention, the inactive terminal device sends the encrypted data to the new network device (ie, the second network device), and the encrypted data is supported by using the new network device. The encryption algorithm is encrypted. In this way, it can be ensured that the data transmitted by the terminal device to the new network device can be decrypted by the new network device. Therefore, the solution provided by the embodiment of the present invention can effectively avoid the problem that the network device newly accessed by the terminal device in the inactive state cannot decrypt the data sent by the terminal device, thereby improving the effectiveness of data transmission.

As shown in FIG. 6, the embodiment of the present invention further provides a communication method 600, where the communication method 600 includes:

610. The first network device sends a notification message to the terminal device, where the notification message includes an identifier of the terminal device.

Optionally, the first network device allocates the identifier of the terminal device to the terminal device when establishing a connection with the terminal device.

Specifically, the first network device allocates an identifier of the terminal device to the terminal device, and may notify the terminal device of the identifier of the terminal device by using an RRC connection setup message. That is, the notification message is an RRC connection setup message.

Optionally, when the terminal device switches to the cell of the first network device, the first network device allocates the identifier of the terminal device to the terminal device.

Specifically, when the terminal device switches to the first network device, the first network device allocates the identifier of the terminal device to the terminal device, and notifies the terminal device of the identifier of the terminal device by using a handover command. That is, the notification message is a handover command.

Specifically, the identifier of the terminal device includes an identifier for identifying the terminal device and an identifier of the network device that is previously belonged. The terminal identifier is used by the terminal device to resume connection after the radio link fails, or the device identifier can also be used when the terminal device performs connection recovery in the deactivated state.

For example, in this embodiment, the identifier of the terminal device that is allocated by the first network device to the terminal device includes an identifier for identifying the terminal device, and an identifier for identifying the first network device. Further, the identifier for identifying the terminal device may specifically be an identifier for identifying the terminal device within the first network device.

620. The terminal device acquires an identifier of the terminal device according to the notification message sent by the network device.

630. When the terminal device finds that the radio link fails, perform cell selection or cell reselection to determine the current serving cell.

Specifically, the failure of the radio link refers to that the communication link between the terminal device and the network device is faulty. The specific triggering cause includes any one or more of the following reasons:

The quality of the communication link between the terminal device and the network device does not meet the threshold, or

The terminal device fails to decrypt the data or the integrity check fails, or

The Radio Link Control (RLC) entity of the terminal device generates a fault.

Specifically, the current serving cell may be a coverage cell of the network device, or may be an overlay of other network devices.

640. The terminal device sends a connection recovery request to the second network device corresponding to the current serving cell, where the connection recovery request carries the identifier of the terminal device.

It should be understood that the second network device in the embodiment of the present invention may be the same as the first network device, and may be different.

Specifically, the second network device may learn, according to the terminal identifier, that the network device that the terminal belongs to is the first network device, and requests the first network device for the context information of the terminal device; the first network device sends the network device to the second network device. Context information of the terminal device; the second network device restores the connection for the terminal device according to the context information of the terminal device.

Optionally, the connection recovery message further carries the reason for the connection recovery, for example, the radio link fails.

In the embodiment of the present invention, the identifier of the terminal device is configured in advance by the network device, so that when the terminal device finds that the wireless link fails, the connection recovery may be performed in time based on the identifier of the terminal device.

Optionally, as an optional embodiment, in step 610, the notification message further includes key information. The communication method 600 further includes the terminal device generating the integrity protection information using the key information and transmitting the integrity protection information to the serving network device.

Specifically, the connection recovery information of the key information and the terminal device may be combined to calculate the integrity protection information. Alternatively, the integrity protection information may be calculated by combining the key information with the identifier of the terminal device.

In the embodiment of the present invention, the network device configures the key and the identifier of the terminal device for the terminal device in advance, so that the terminal device can perform connection recovery in time and effectively when the wireless link fails.

It should be understood that the RRC connection recovery message mentioned in the embodiment of the present invention indicates a message for the terminal device and the network device to resume the connection, and the specific name of the message does not limit the protection scope of the embodiment of the present invention. Specifically, the RRC connection recovery message may also represent a message with similar functions, including but not limited to: an RRC connection activation message, an RRC connection reactivation message, or an RRC connection re-establishment message.

The communication method provided by the embodiment of the present invention is described above, and the terminal device and the network device provided by the embodiment of the present invention are described below.

FIG. 7 is a schematic block diagram of a terminal device 700 according to an embodiment of the present invention. The terminal device 700 includes:

The processing module 710 is configured to determine, after the terminal device moves to the cell of the second network device, a second encryption algorithm, where the second encryption algorithm is an encryption algorithm supported by the second network device, where the terminal device is in the terminal a state in which the device is in the context information of the first network device and has cell reselection mobility, the first network device being different from the second network device;

The transceiver module 720 is configured to send data encrypted by using the second encryption algorithm to the second network device.

In the embodiment of the present invention, the inactive terminal device sends the encrypted data to the new network device (ie, the second network device), and the encrypted data is an encryption algorithm supported by the new network device. Encrypted. In this way, it can be ensured that the data sent by the terminal device to the new network device can be decrypted by the new network device. Therefore, the embodiment of the present invention can effectively avoid the problem that the network device newly accessed by the terminal device in the inactive state cannot decrypt the data sent by the terminal device, thereby improving the effectiveness of data transmission.

Optionally, as an embodiment, the processing module 710 is configured to determine a second encryption algorithm, including:

The processing module 710 is configured to determine whether the second network device supports the first encryption algorithm, where the first encryption algorithm is an encryption algorithm configured by the first network device for the terminal device; and when the second network device supports the first When the algorithm is encrypted, the first encryption algorithm is determined as the second encryption algorithm.

Optionally, as an embodiment, the transceiver module 720 is further configured to receive a system broadcast message sent by the second network device, where the system broadcast message includes an encryption algorithm used to indicate that the second network device supports or does not support. First indication information;

The processing module 710 is configured to determine whether the second network device supports the first encryption algorithm, including:

The processing module 710 is configured to determine, according to the first indication information, whether the second network device supports the first encryption algorithm.

Optionally, as an embodiment, the transceiver module 720 is further configured to receive cell encryption algorithm information sent by the first network device, where the cell encryption algorithm information is used to indicate each cell in the management area of the first network device. Information about the encryption algorithm;

The processing module 710 is configured to determine whether the second network device supports the first encryption algorithm, including:

The processing module 710 is configured to determine, according to the cell encryption algorithm information, whether the second network device supports the first encryption algorithm when the cell of the second network device is in the management area.

Optionally, as an embodiment, the transceiver module 720 is further configured to: when the second network device does not support the first encryption algorithm, send a radio resource control RRC connection recovery request to the second network device, where the RRC connection is The recovery request includes the identifier of the terminal device;

The transceiver module 720 is further configured to receive an RRC connection recovery response that is sent by the second network device, where the RRC connection recovery response includes second indication information that is used to indicate an encryption algorithm supported by the second network device.

The processing module 710 is configured to determine a second encryption algorithm, including:

The processing module 710 is configured to acquire the second encryption algorithm according to the second indication information received by the transceiver module 720.

Optionally, as an embodiment, the system broadcast message includes the first indication information used to indicate an encryption algorithm supported by the second network device;

The processing module 710 is configured to determine a second encryption algorithm, including:

The processing module 710 is configured to: when the second network device does not support the first encryption algorithm, obtain the second encryption algorithm based on an encryption algorithm supported by the second network device indicated by the first indication information.

Optionally, in an embodiment, the transceiver module 720 is further configured to: when the cell of the second network device is not in the management area, send an RRC connection recovery request to the second network device, where the RRC connection recovery request is And including an identifier of the terminal device, and receiving an RRC connection recovery response sent by the second network device, where the RRC connection recovery response includes second indication information for indicating an encryption algorithm supported by the second network device;

The processing module 710 is configured to determine a second encryption algorithm, including:

The processing module 710 is configured to obtain the second encryption algorithm according to the second indication information.

Optionally, as an embodiment, the transceiver module 720 is further configured to send, to the second network device, a first message, where the first message includes an identifier of the terminal device, and the first encrypted by using a first encryption algorithm. Data, the first encryption algorithm is an encryption algorithm configured by the first network device for the terminal device; and an encryption algorithm update command sent by the second network device is received, where the encryption algorithm update command is used to indicate that the first encryption algorithm is updated. For the second encryption algorithm;

The processing module 710 is configured to determine a second encryption algorithm, including:

The processing module 710 is configured to acquire the second encryption algorithm according to the encryption algorithm update command.

Optionally, as an embodiment, the data that is sent by the terminal device to the second network device and encrypted by using the second encryption algorithm is the first data.

Optionally, as an embodiment, the transceiver module 720 is further configured to: before sending the first data encrypted by using the second encryption algorithm, send the third data sent by the second network device to the second network device. The indication information is used to indicate that the data sent by using the first encryption algorithm is retransmitted.

It should be understood that the processing module 710 in the embodiment of the present invention may be implemented by a processor or a processor related circuit component, and the transceiver module 720 may be implemented by a transceiver or a transceiver related circuit component.

As shown in FIG. 8, the embodiment of the present invention further provides a terminal device 800, which includes a processor 810, a memory 820 and a transceiver 830, wherein the memory 820 stores instructions or programs, and the processor 810 is configured to execute An instruction or program stored in the memory 820. When an instruction or program stored in the memory 820 is executed, the processor 810 is configured to perform the operations performed by the processing module 710 in the above embodiment, and the transceiver 830 is configured to perform the operations performed by the transceiver module 720 in the above embodiment.

It should be understood that the terminal device 700 or the terminal device 800 according to the embodiment of the present invention may correspond to the terminal device in the communication methods 200 to 500 of the embodiment of the present invention, and the operation of each module in the terminal device 700 or the terminal device 800 and/or For the sake of brevity, the functions of the respective methods in FIG. 2 to FIG. 5 are not described here.

FIG. 9 is a schematic flowchart of a network device 900 according to an embodiment of the present disclosure. The network device 900 includes:

The transceiver module 910 is configured to receive data that is sent by the terminal device and is encrypted by using a second encryption algorithm, where the second encryption algorithm is an encryption algorithm supported by the network device, where the terminal device is in the first network device Context information, and having a state of cell reselection mobility, the first network device being different from the network device;

The processing module 920 is configured to decrypt data sent by the terminal device based on the second encryption algorithm.

In the embodiment of the present invention, the inactive terminal device sends the encrypted data to the new network device (ie, the second network device), and the encrypted data is an encryption algorithm supported by the new network device. Encrypted. In this way, it can be ensured that the data sent by the terminal device to the new network device can be decrypted by the new network device. Therefore, the embodiment of the present invention can effectively avoid the problem that the network device newly accessed by the terminal device in the inactive state cannot decrypt the data sent by the terminal device, thereby improving the effectiveness of data transmission.

Optionally, as an embodiment, the transceiver module 910 is further configured to: before receiving the data encrypted by the second encryption algorithm sent by the terminal device, send a system broadcast message to the terminal device, where the system broadcast message includes First indication information indicating an encryption algorithm supported or not supported by the network device.

Optionally, as an embodiment, the transceiver module 910 is further configured to: before receiving the data encrypted by the second encryption algorithm sent by the terminal device, receive a radio resource control RRC connection recovery request sent by the terminal device, where The RRC connection recovery request includes an identifier of the terminal device;

The transceiver module 910 is further configured to send an RRC connection recovery response to the terminal device, where the RRC connection recovery response includes second indication information for indicating an encryption algorithm supported by the network device.

Optionally, as an embodiment, the transceiver module 910 is further configured to: before receiving the data encrypted by the second encryption algorithm sent by the terminal device, receive the first message sent by the terminal device, where the first message includes An identifier of the terminal device, and the first data encrypted by using the first encryption algorithm, where the first encryption algorithm is an encryption algorithm configured by the first network device for the terminal device;

The processing module 920 is further configured to request context information of the terminal device from the first network device based on the identifier of the terminal device received by the transceiver module 910;

The processing module 920 is further configured to: acquire the first encryption algorithm according to the context information;

The transceiver module 910 is further configured to: when the network device does not support the first encryption algorithm, the terminal device sends an encryption algorithm update command, where the encryption algorithm update command is used to indicate that the first encryption algorithm is updated to the second encryption algorithm.

Optionally, as an embodiment, the data that is sent by the terminal device and is encrypted by using the second encryption algorithm that is sent by the terminal device is the first data.

Optionally, as an embodiment, the transceiver module 910 is further configured to send third indication information to the terminal device before receiving the data encrypted by the second encryption algorithm sent by the terminal device, where the third indication information is used by the terminal device Retransmitting the data indicated to be transmitted using the first encryption algorithm.

It should be understood that the processing module 920 in the embodiments of the present invention may be implemented by a processor or a processor related circuit component, and the transceiver module 910 may be implemented by a transceiver or a transceiver related circuit component.

As shown in FIG. 10, an embodiment of the present invention further provides a network device 1000, which includes a processor 1010, a memory 1020, and a transceiver 1030. The memory 1020 stores instructions or programs, and the processor 1010 is configured to execute An instruction or program stored in the memory 1020. When the instructions or programs stored in the memory 1020 are executed, the processor 1010 is configured to perform the operations performed by the processing module 920 in the above embodiment, and the transceiver 1030 is configured to perform the operations performed by the transceiver module 910 in the above embodiment.

It should be understood that the network device 900 or the network device 1000 according to the embodiment of the present invention may correspond to the network device in the communication methods 200 to 500 of the embodiment of the present invention, and the operation of each module in the network device 900 or the network device 1000 and/or For the sake of brevity, the functions of the respective methods in FIG. 2 to FIG. 5 are not described here.

The embodiment of the present invention further provides a computer readable storage medium, on which a computer program is stored, and when the program is executed by the processor, the process related to the terminal device in the communication method 200 provided by the foregoing method embodiment may be implemented.

The embodiment of the present invention further provides a computer readable storage medium, on which a computer program is stored, and when the program is executed by the processor, the process related to the second network device in the communication method 200 provided by the foregoing method embodiment may be implemented.

An embodiment of the present invention further provides a terminal device, where the terminal device includes:

a transceiver module, configured to receive a notification message sent by the first network device, where the notification message includes an identifier of the terminal device;

a processing module, configured to perform cell selection or cell reselection when the radio link fails to be determined, and determine a current serving cell;

The transceiver module is further configured to send a connection recovery request to the second network device corresponding to the current serving cell, where the connection recovery request carries the identifier of the terminal device.

In the embodiment of the present invention, the identifier of the terminal device is configured in advance by the network device, so that when the terminal device finds that the wireless link fails, the connection recovery may be performed in time based on the identifier of the terminal device.

Optionally, as an embodiment, the notification message further includes key information; the processing module is further configured to: use the key information to generate integrity protection information; the transceiver module is further configured to send to the serving network device This integrity protection information.

In the embodiment of the present invention, the network device configures the key and the identifier of the terminal device for the terminal device in advance, so that the terminal device can perform connection recovery in time and effectively when the wireless link fails.

It should be understood that the processing modules in the above embodiments may be implemented by a processor or processor related circuit components, which may be implemented by transceivers or transceiver related circuit components.

It should also be understood that the terminal device according to the embodiment of the present invention may correspond to the terminal device in the communication method 600 of the embodiment of the present invention, and the operations and/or functions of the respective modules in the terminal device are respectively implemented to implement the corresponding in FIG. 6 . The process, for the sake of brevity, will not be described here.

The embodiment of the invention further provides a network device, where the network device includes:

A processing module is configured to determine an identifier of the terminal device.

The transceiver module is configured to send a notification message to the terminal device, where the notification message includes an identifier of the terminal device, so that the terminal device performs connection recovery when the wireless link fails to be discovered.

In the embodiment of the present invention, the identifier of the terminal device is configured in advance by the network device, so that when the terminal device finds that the wireless link fails, the connection recovery may be performed in time based on the identifier of the terminal device.

Optionally, as an embodiment, the notification message further includes key information, so that the terminal device generates integrity protection information according to the key information.

It should be understood that the processing modules in the above embodiments may be implemented by a processor or processor related circuit components, which may be implemented by transceivers or transceiver related circuit components.

It should also be understood that the network device according to the embodiment of the present invention may correspond to the network device in the communication method 600 of the embodiment of the present invention, and the operations and/or functions of the respective modules in the network device are respectively implemented to implement the corresponding in FIG. 6 The process, for the sake of brevity, will not be described here.

The embodiment of the present application further provides a communication device, which may be a terminal device or a circuit. The communication device can be used to perform the actions performed by the terminal device in the above method embodiments.

When the communication device is a terminal device, FIG. 11 shows a schematic structural diagram of a simplified terminal device. For ease of understanding and illustration, in FIG. 11, the terminal device uses a mobile phone as an example. As shown in FIG. 11, the terminal device includes a processor, a memory, a radio frequency circuit, an antenna, and an input/output device. The processor is mainly used for processing communication protocols and communication data, and controlling terminal devices, executing software programs, processing data of software programs, and the like. Memory is primarily used to store software programs and data. The RF circuit is mainly used for the conversion of the baseband signal and the RF signal and the processing of the RF signal. The antenna is mainly used to transmit and receive RF signals in the form of electromagnetic waves. Input and output devices, such as touch screens, display screens, keyboards, etc., are primarily used to receive user input data and output data to the user. It should be noted that some types of terminal devices may not have input and output devices.

When the data needs to be sent, the processor performs baseband processing on the data to be sent, and outputs the baseband signal to the radio frequency circuit. The radio frequency circuit performs radio frequency processing on the baseband signal, and then sends the radio frequency signal to the outside through the antenna in the form of electromagnetic waves. When data is transmitted to the terminal device, the RF circuit receives the RF signal through the antenna, converts the RF signal into a baseband signal, and outputs the baseband signal to the processor, which converts the baseband signal into data and processes the data. For ease of illustration, only one memory and processor are shown in FIG. In an actual terminal device product, there may be one or more processors and one or more memories. The memory may also be referred to as a storage medium or a storage device or the like. The memory may be independent of the processor, or may be integrated with the processor, which is not limited in this embodiment of the present application.

In the embodiment of the present application, the antenna and the radio frequency circuit having the transceiving function can be regarded as the transceiving unit of the terminal device, and the processor having the processing function is regarded as the processing unit of the terminal device. As shown in FIG. 11, the terminal device includes a transceiver unit 1110 and a processing unit 1120. The transceiver unit can also be referred to as a transceiver, a transceiver, a transceiver, and the like. The processing unit may also be referred to as a processor, a processing board, a processing module, a processing device, and the like. Optionally, the device for implementing the receiving function in the transceiver unit 1110 can be regarded as a receiving unit, and the device for implementing the sending function in the transceiver unit 1110 is regarded as a sending unit, that is, the transceiver unit 1110 includes a receiving unit and a sending unit. The transceiver unit may also be referred to as a transceiver, a transceiver, or a transceiver circuit. The receiving unit may also be referred to as a receiver, a receiver, or a receiving circuit or the like. The transmitting unit may also be referred to as a transmitter, a transmitter, or a transmitting circuit, and the like.

It should be understood that the transceiver unit 1110 is configured to perform the sending operation and the receiving operation on the terminal device side in the foregoing method embodiment, and the processing unit 1120 is configured to perform other operations on the terminal device except the transmitting and receiving operations in the foregoing method embodiment.

For example, in an implementation manner, the transceiver unit 1110 is configured to perform a sending operation on the terminal device side in step 220 in FIG. 2, and/or the transceiver unit 1110 is further configured to perform other receiving and receiving on the terminal device side in the embodiment of the present application. step. The processing unit 1120 is configured to perform step 210 in FIG. 2, and/or the processing unit 1120 is further configured to perform other processing steps on the terminal device side in the embodiment of the present application.

For example, in another implementation manner, the transceiver unit 1110 is configured to perform the receiving operation on the terminal device side in step 301, step 303 and step 307 in FIG. 3 or the terminal device side in step 305, step 306 and step 309. The operation, and/or the transceiver unit 1120 is also used to perform other transceiving steps on the terminal device side in the embodiment of the present application. The processing unit 1120 is configured to perform step 302, step 304, and step 308 in FIG. 3, and/or the processing unit 1120 is further configured to perform other processing steps on the terminal device side in the embodiment of the present application.

For example, in another implementation manner, the transceiver unit 1110 is configured to perform the receiving operation on the terminal device side in step 401 and step 407 in FIG. 4 or the sending on the terminal device side in step 405 and step 405, step 406 and step 409 in step 409. The operation, and/or the transceiver unit 1110 is further configured to perform other transceiver steps on the terminal device side in the embodiment of the present application. The processing unit 1120 is configured to perform step 402, step 403, step 404, and step 408 in FIG. 4, and/or the processing unit 1120 is further configured to perform other processing steps on the terminal device side in the embodiment of the present application.

For another example, in another implementation manner, the transceiver unit 1110 is configured to perform the receiving operation on the terminal device side in step 501 and step 508 in FIG. 5 or the transmitting operation on the terminal device side in step 503 and step 509, and/or transmit and receive. The unit 1110 is further configured to perform other transmitting and receiving steps on the terminal device side in the embodiment of the present application. The processing unit 1120 is configured to perform step 502 in FIG. 5, and/or the processing unit 1120 is further configured to perform other processing steps on the terminal device side in the embodiment of the present application.

For example, in another implementation manner, the transceiver unit 1110 is configured to perform a receiving operation on the terminal device side in step 610 in FIG. 6 or a transmitting operation on the terminal device side in step 640, and/or the transceiver unit 1110 is further configured to perform Other steps of transmitting and receiving on the terminal device side in this embodiment of the present application. The processing unit 1120 is configured to perform step 620 and step 630 in FIG. 6, and/or the processing unit 1120 is further configured to perform other processing steps on the terminal device side in the embodiment of the present application.

When the communication device is a chip, the chip includes a transceiver unit and a processing unit. The transceiver unit may be an input/output circuit and a communication interface; the processing unit is a processor or a microprocessor or an integrated circuit integrated on the chip.

When the communication device in this embodiment is a terminal device, the device shown in FIG. 12 can be referred to. As an example, the device can perform functions similar to processor 810 in FIG. In FIG. 12, the device includes a processor 1210, a transmit data processor 1220, and a receive data processor 1230. The processing module 710 in the above embodiment may be the processor 1210 in FIG. 12 and perform the corresponding functions. The transceiver module 720 in the above embodiment may be the transmit data processor 1220 in FIG. 12, and/or the receive data processor 1230. Although a channel coder and a channel decoder are shown in FIG. 12, it is to be understood that these modules are not intended to be limiting, and are merely illustrative.

Fig. 13 shows another form of this embodiment. The processing device 1300 includes modules such as a modulation subsystem, a central processing subsystem, and a peripheral subsystem. The communication device in this embodiment can be used as a modulation subsystem therein. Specifically, the modulation subsystem may include a processor 1303, an interface 1304. The processor 1303 performs the functions of the foregoing processing module 710, and the interface 1304 performs the functions of the transceiver module 720. As another variation, the modulation subsystem includes a memory 1306, a processor 1303, and a program stored on the memory 1306 and executable on the processor, and the processor 1303 executes the program to implement the terminal device side in the above method embodiment. Methods. It should be noted that the memory 1306 may be non-volatile or volatile, and its location may be located inside the modulation subsystem or in the processing device 1300 as long as the memory 1306 can be connected to the The processor 1303 is sufficient.

As another form of the present embodiment, there is provided a computer readable storage medium having stored thereon an instruction for executing a method on a terminal device side in the above method embodiment when the instruction is executed.

As another form of the embodiment, there is provided a computer program product comprising instructions which, when executed, perform the method on the terminal device side in the above method embodiment.

It should be understood that the processor mentioned in the embodiment of the present invention may be a central processing unit (CPU), and may also be other general-purpose processors, digital signal processors (DSPs), and application specific integrated circuits ( Application Specific Integrated Circuit (ASIC), Field Programmable Gate Array (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. The general purpose processor may be a microprocessor or the processor or any conventional processor or the like.

It should also be understood that the memory referred to in the embodiments of the present invention may be a volatile memory or a non-volatile memory, or may include both volatile and non-volatile memory. The non-volatile memory may be a read-only memory (ROM), a programmable read only memory (PROM), an erasable programmable read only memory (Erasable PROM, EPROM), or an electric Erase programmable read only memory (EEPROM) or flash memory. The volatile memory can be a Random Access Memory (RAM) that acts as an external cache. By way of example and not limitation, many forms of RAM are available, such as static random access memory (SRAM), dynamic random access memory (DRAM), synchronous dynamic random access memory (Synchronous DRAM). SDRAM), Double Data Rate SDRAM (DDR SDRAM), Enhanced Synchronous Dynamic Random Access Memory (ESDRAM), Synchronous Connection Dynamic Random Access Memory (Synchlink DRAM, SLDRAM) ) and direct memory bus random access memory (DR RAM).

It should be noted that when the processor is a general-purpose processor, DSP, ASIC, FPGA or other programmable logic device, discrete gate or transistor logic device, discrete hardware component, the memory (storage module) is integrated in the processor.

It should be noted that the memories described herein are intended to comprise, without being limited to, these and any other suitable types of memory.

It is also to be understood that the reference to the first, second, third, fourth

It should be understood that the term "and/or" herein is merely an association relationship describing an associated object, indicating that there may be three relationships, for example, A and/or B, which may indicate that A exists separately, and A and B exist simultaneously. There are three cases of B alone. In addition, the character "/" in this article generally indicates that the contextual object is an "or" relationship.

It should be understood that, in various embodiments of the present application, the size of the serial numbers of the above processes does not mean the order of execution, and the order of execution of each process should be determined by its function and internal logic, and should not be taken to the embodiments of the present invention. The implementation process constitutes any limitation.

Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the various examples described in connection with the embodiments disclosed herein can be implemented in electronic hardware or a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods to implement the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present application.

A person skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working process of the system, the device and the unit described above can refer to the corresponding process in the foregoing method embodiment, and details are not described herein again.

In the several embodiments provided by the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner, for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.

The units described as separate components may or may not be physically separate, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.

The functions may be stored in a computer readable storage medium if implemented in the form of a software functional unit and sold or used as a standalone product. Based on such understanding, the technical solution of the present application, which is essential or contributes to the prior art, or a part of the technical solution, may be embodied in the form of a software product, which is stored in a storage medium, including The instructions are used to cause a computer device (which may be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present application. The foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like, which can store program codes. .

The foregoing is only a specific embodiment of the present application, but the scope of protection of the present application is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope disclosed in the present application. It should be covered by the scope of protection of this application. Therefore, the scope of protection of the present application should be determined by the scope of the claims.

Claims (36)

1. A terminal device, comprising:

   a processing module, configured to determine a second encryption algorithm after the terminal device moves to a cell of the second network device, where the second encryption algorithm is an encryption algorithm supported by the second network device, where the terminal device is located And saving the context information of the terminal device in the first network device, and having a state of cell reselection mobility, where the first network device is different from the second network device;

   And a transceiver module, configured to send data encrypted by using the second encryption algorithm to the second network device.
2. The terminal device according to claim 1, wherein the processing module is configured to determine a second encryption algorithm, including:

   The processing module is configured to determine whether the second network device supports a first encryption algorithm, where the first encryption algorithm is an encryption algorithm configured by the first network device for the terminal device; and when the second network is When the device supports the first encryption algorithm, the first encryption algorithm is determined as the second encryption algorithm.
3. The terminal device according to claim 2, wherein the transceiver module is further configured to receive a system broadcast message sent by the second network device, where the system broadcast message includes a second network for indicating First indication information of an encryption algorithm supported or not supported by the device;

   The processing module is configured to determine whether the second network device supports the first encryption algorithm, including:

   The processing module is configured to determine, according to the first indication information, whether the second network device supports the first encryption algorithm.
4. The terminal device according to claim 2, wherein the transceiver module is further configured to receive cell encryption algorithm information sent by the first network device, where the cell encryption algorithm information is used to indicate the first network Encryption algorithm related information of each cell in the management area of the device;

   The processing module is configured to determine whether the second network device supports the first encryption algorithm, including:

   The processing module is configured to determine, according to the cell encryption algorithm information, whether the second network device supports the first encryption algorithm when the cell of the second network device is in the management area.
5. The terminal device according to any one of claims 2 to 4, wherein the transceiver module is further configured to: when the second network device does not support the first encryption algorithm, to the second device The network device sends a radio resource control RRC connection recovery request, where the RRC connection recovery request includes an identifier of the terminal device;

   The transceiver module is further configured to receive an RRC connection recovery response that is sent by the second network device, where the RRC connection recovery response includes second indication information that is used to indicate an encryption algorithm supported by the second network device.

   The processing module is configured to determine a second encryption algorithm, including:

   The processing module is configured to acquire the second encryption algorithm according to the second indication information received by the transceiver module.
6. The terminal device according to claim 3, wherein the system broadcast message includes the first indication information for indicating an encryption algorithm supported by the second network device;

   The processing module is configured to determine a second encryption algorithm, including:

   The processing module is configured to: when the second network device does not support the first encryption algorithm, acquire the second encryption based on an encryption algorithm supported by the second network device indicated by the first indication information algorithm.
7. The terminal device according to claim 4, wherein the transceiver module is further configured to: when the cell of the second network device is not in the management area, send an RRC connection recovery to the second network device a request, the RRC connection recovery request includes an identifier of the terminal device, and an RRC connection recovery response sent by the second network device, where the RRC connection recovery response includes Second indication information of the encryption algorithm;

   The processing module is configured to determine a second encryption algorithm, including:

   The processing module is configured to acquire the second encryption algorithm according to the second indication information.
8. The terminal device according to claim 1, wherein the transceiver module is further configured to send a first message to the second network device, where the first message includes an identifier of the terminal device, and a first data encrypted by an encryption algorithm, where the first encryption algorithm is an encryption algorithm configured by the first network device for the terminal device; and an encryption algorithm update command sent by the second network device is received, the encryption An algorithm update command is used to indicate that the first encryption algorithm is updated to the second encryption algorithm;

   The processing module is configured to determine a second encryption algorithm, including:

   The processing module is configured to acquire the second encryption algorithm according to the encryption algorithm update command.
9. The terminal device according to claim 8, wherein the data that is sent by the terminal device to the second network device and encrypted by using the second encryption algorithm is the first data.
10. The terminal device according to claim 9, wherein the transceiver module is further configured to: before transmitting the first data encrypted by using the second encryption algorithm to the second network device, The third indication information sent by the second network device is used to indicate that the data sent by using the first encryption algorithm is retransmitted.
11. A network device, comprising:

    a transceiver module, configured to receive data that is sent by the terminal device and that is encrypted by using a second encryption algorithm, where the second encryption algorithm is an encryption algorithm supported by the network device, and the terminal device is in the first Context information of the network device, and having a state of cell reselection mobility, the first network device being different from the network device;

    And a processing module, configured to decrypt data sent by the terminal device based on the second encryption algorithm.
12. The network device according to claim 11, wherein the transceiver module is further configured to: before receiving the data encrypted by the second encryption algorithm sent by the terminal device, send a system broadcast message to the terminal device. And the system broadcast message includes first indication information for indicating an encryption algorithm supported or not supported by the network device.
13. The network device according to claim 11, wherein the transceiver module is further configured to: before receiving the data encrypted by the second encryption algorithm sent by the terminal device, receive the wireless resource sent by the terminal device Controlling an RRC connection recovery request, where the RRC connection recovery request includes an identifier of the terminal device;

    The transceiver module is further configured to send an RRC connection recovery response to the terminal device, where the RRC connection recovery response includes second indication information for indicating an encryption algorithm supported by the network device.
14. The network device according to claim 11, wherein the transceiver module is further configured to: before receiving the data encrypted by the second encryption algorithm sent by the terminal device, receive the first sent by the terminal device a message, the first message includes an identifier of the terminal device, and first data encrypted by using a first encryption algorithm, where the first encryption algorithm is an encryption algorithm configured by the first network device for the terminal device ;

    The processing module is further configured to request context information of the terminal device from the first network device based on the identifier of the terminal device received by the transceiver module;

    The processing module is further configured to acquire the first encryption algorithm according to the context information;

    The transceiver module is further configured to: when the network device does not support the first encryption algorithm, the terminal device sends an encryption algorithm update command, where the encryption algorithm update command is used to indicate that the first encryption algorithm is updated. For the second encryption algorithm.
15. The network device according to claim 14, wherein the data encrypted by the terminal device and transmitted by the terminal device using the second encryption algorithm is the first data.
16. The network device according to claim 15, wherein the transceiver module is further configured to: before receiving the data encrypted by the second encryption algorithm sent by the terminal device, send the third indication information to the terminal device, The third indication information is used to indicate that the data sent by using the first encryption algorithm is retransmitted.
17. A communication method, comprising:

    After the terminal device moves to the cell of the second network device, the terminal device determines a second encryption algorithm, the second encryption algorithm is an encryption algorithm supported by the second network device, and the terminal device is in the save the terminal a state in which the device is in context information of the first network device and has cell reselection mobility, the first network device being different from the second network device;

    The terminal device sends data encrypted by using the second encryption algorithm to the second network device.
18. The communication method according to claim 17, wherein the terminal device determines the second encryption algorithm, including:

    Determining, by the terminal device, whether the second network device supports the first encryption algorithm, where the first encryption algorithm is an encryption algorithm configured by the first network device for the terminal device;

    When the second network device supports the first encryption algorithm, the terminal device determines the first encryption algorithm as the second encryption algorithm.
19. The communication method according to claim 18, wherein the determining, by the terminal device, whether the second network device supports the first encryption algorithm comprises:

    Receiving, by the terminal device, a system broadcast message sent by the second network device, where the system broadcast message includes first indication information for indicating an encryption algorithm supported or not supported by the second network device;

    The terminal device determines, according to the first indication information, whether the second network device supports the first encryption algorithm.
20. The communication method according to claim 18, wherein the communication method further comprises:

    The terminal device receives the cell encryption algorithm information sent by the first network device, where the cell encryption algorithm information is used to indicate encryption algorithm related information of each cell in the management area of the first network device;

    The determining, by the terminal device, whether the second network device supports the first encryption algorithm, includes:

    When the cell of the second network device is in the management area, the terminal device determines, according to the cell encryption algorithm information, whether the second network device supports the first encryption algorithm.
21. The communication method according to any one of claims 18 to 20, wherein the terminal device determines the second encryption algorithm, including:

    When the second network device does not support the first encryption algorithm, the terminal device sends a radio resource control RRC connection recovery request to the second network device, where the RRC connection recovery request includes the terminal device Identification

    Receiving, by the terminal device, an RRC connection recovery response sent by the second network device, where the RRC connection recovery response includes second indication information for indicating an encryption algorithm supported by the second network device;

    The terminal device acquires the second encryption algorithm according to the second indication information.
22. The communication method according to claim 19, wherein the system broadcast message includes the first indication information for indicating an encryption algorithm supported by the second network device;

    The terminal device determines a second encryption algorithm, including:

    When the second network device does not support the first encryption algorithm, the terminal device acquires the second encryption algorithm based on an encryption algorithm supported by the second network device indicated by the first indication information.
23. The communication method according to claim 20, wherein the terminal device determines the second encryption algorithm, including:

    When the cell of the second network device is not in the management area, the terminal device sends an RRC connection recovery request to the second network device, where the RRC connection recovery request includes an identifier of the terminal device;

    Receiving, by the terminal device, an RRC connection recovery response sent by the second network device, where the RRC connection recovery response includes second indication information for indicating an encryption algorithm supported by the second network device;

    The terminal device acquires the second encryption algorithm according to the second indication information.
24. The communication method according to claim 17, wherein the terminal device determines the second encryption algorithm, including:

    Transmitting, by the terminal device, the first message to the second network device, where the first message includes an identifier of the terminal device, and first data encrypted by using a first encryption algorithm, where the first encryption algorithm is An encryption algorithm configured by the first network device for the terminal device;

    Receiving, by the terminal device, an encryption algorithm update command sent by the second network device, where the encryption algorithm update command is used to indicate that the first encryption algorithm is updated to the second encryption algorithm;

    The terminal device acquires the second encryption algorithm according to the encryption algorithm update command.
25. The communication method according to claim 24, wherein the data transmitted by the terminal device to the second network device and encrypted by using the second encryption algorithm is the first data.
26. The communication method according to claim 25, wherein before the terminal device transmits the first data encrypted by using the second encryption algorithm to the second network device, the communication method further includes :

    The terminal device receives third indication information that is sent by the second network device, where the third indication information is used to indicate that data sent by using the first encryption algorithm is retransmitted.
27. A communication method, comprising:

    The second network device receives the data encrypted by the terminal device and is encrypted by using the second encryption algorithm, where the second encryption algorithm is an encryption algorithm supported by the second network device, and the terminal device is in the storage of the terminal device. a context information of a network device, and having a state of cell reselection mobility, the first network device being different from the second network device;

    The second network device decrypts data sent by the terminal device based on the second encryption algorithm.
28. The communication method according to claim 27, wherein before the second network device receives the data encrypted by the second encryption algorithm sent by the terminal device, the communication method further includes:

    The second network device sends a system broadcast message to the terminal device, where the system broadcast message includes first indication information for indicating an encryption algorithm supported or not supported by the second network device.
29. The communication method according to claim 27, wherein before the second network device receives the data encrypted by the second encryption algorithm sent by the terminal device, the communication method further includes:

    Receiving, by the second network device, a radio resource control RRC connection recovery request sent by the terminal device, where the RRC connection recovery request includes an identifier of the terminal device;

    The second network device sends an RRC connection recovery response to the terminal device, where the RRC connection recovery response includes second indication information for indicating an encryption algorithm supported by the second network device.
30. The communication method according to claim 27, wherein before the second network device receives the data encrypted by the second encryption algorithm sent by the terminal device, the communication method further includes:

    Receiving, by the second network device, the first message sent by the terminal device, where the first message includes an identifier of the terminal device, and first data encrypted by using a first encryption algorithm, where the first encryption algorithm is The encryption algorithm configured by the first network device for the terminal device;

    The second network device requests context information of the terminal device from the first network device based on the identifier of the terminal device;

    The second network device acquires the first encryption algorithm according to the context information;

    When the second network device does not support the first encryption algorithm, the second network device sends an encryption algorithm update command to the terminal device, where the encryption algorithm update command is used to indicate that the first encryption algorithm is to be used. Updated to the second encryption algorithm.
31. The communication method according to claim 30, wherein the data encrypted by the terminal device and transmitted by the second device using the second encryption algorithm is the first data.
32. The communication method according to claim 31, wherein before the second network device receives the data encrypted by the second encryption algorithm sent by the terminal device, the communication method further includes:

    The second network device sends third indication information to the terminal device, where the third indication information is used to indicate that data sent by using the first encryption algorithm is retransmitted.
33. A computer readable storage medium having stored thereon a computer program, wherein the program is executed by a processor to implement the communication method according to any one of claims 17 to 26.
34. A computer readable storage medium having stored thereon a computer program, wherein the program is executed by a processor to implement the communication method according to any one of claims 27 to 32.
35. A communication device comprising a memory, a processor, and a program stored on the memory and operable on the processor, wherein the processor executes the program to implement any of claims 17 to 26 A communication method as described.
36. A communication device comprising a memory, a processor, and a program stored on the memory and operable on the processor, wherein the processor executes the program to implement any of claims 27 to 32 A communication method as described.

Images