WO2018201440A1 - Procédé, dispositif et système de communication - Google Patents

Procédé, dispositif et système de communication Download PDF

Info

Publication number
WO2018201440A1
WO2018201440A1 PCT/CN2017/083190 CN2017083190W WO2018201440A1 WO 2018201440 A1 WO2018201440 A1 WO 2018201440A1 CN 2017083190 W CN2017083190 W CN 2017083190W WO 2018201440 A1 WO2018201440 A1 WO 2018201440A1
Authority
WO
WIPO (PCT)
Prior art keywords
nas
rrc parameter
mac
user equipment
base station
Prior art date
Application number
PCT/CN2017/083190
Other languages
English (en)
Chinese (zh)
Inventor
胡力
陈璟
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2017/083190 priority Critical patent/WO2018201440A1/fr
Publication of WO2018201440A1 publication Critical patent/WO2018201440A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/082Access security using revocation of authorisation

Definitions

  • the present application relates to the field of communications technologies, and in particular, to a communication method, apparatus, and system.
  • LTE Long Term Evolution
  • UE user equipment
  • CSFB Circuit Switched Fallback
  • E-UTRAN extended universal terrestrial radio access network
  • GSM/EDGE radio access network GSM/EDGE radio access network
  • UMTS terrestrial radio access network Universal
  • the terrestrial radio access network UTRAN enables the network to transmit telephone services through a Circuit Switched Domain (CS domain).
  • CS domain Circuit Switched Domain
  • the CSFB process occurs before the access layer (AS) is activated.
  • the network side sends a Radio Resource Control (RRC) Connection Release (RRC Connection Release) message to the user equipment.
  • RRC Connection Release is sent.
  • RRC Radio Resource Control
  • the RRC Connection Release message is sent.
  • RRC Connection Release With the indication that the user equipment is connected to a target base station, there is no risk of being tampered with, forged or intercepted because the RRC Connection Release message does not have any security protection.
  • RRC Connection Release message does not have any security protection.
  • there is a man-in-the-middle attack that is, a 4G pseudo-source base station or a 5G pseudo-source base station uses a strong signal to cause the user equipment to camp on the source base station, and then falsifies the RRC Connection Release message, and passes the indication information in the RRC Connection Release message.
  • the user equipment is connected to another 2G pseudo target base station controlled by the attacker. Because the security protection of 2G is relatively poor compared
  • the embodiment of the invention discloses a communication method, device and system, which can identify the source base station and improve the security of the user equipment to perform CSFB.
  • the embodiment of the present invention provides a communication method, in which a user equipment sends an Extended Service Request message to a source base station, and the source base station sends a Mobility Management Entity (MME) to the mobility management entity according to the extended service request message.
  • MME Mobility Management Entity
  • the MME Transmitting a first RRC parameter, the first RRC parameter includes redirection information; the MME generates a non-access stratum-message verification code according to the non-access stratum (NAS) integrity key of the user equipment and the NAS -Message Authentication Code)
  • the second RRC parameter of the NAS-MAC, the NAS-MAC is obtained, the second RRC parameter includes the plaintext or ciphertext of the first RRC parameter;
  • the MME sends the NAS-MAC to the source base station;
  • the source base station sends the RRC to the user equipment a connection release message, the RRC connection release message includes a NAS-MAC and a second RRC parameter for generating a NAS-MAC;
  • the user equipment checks the NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment; and when the NAS-MAC
  • the verification is successful, the user equipment is redirected to the target base station indicated by the redirection information; when the NAS-MAC verification fails
  • the pseudo base station is a base station in the UE side, but it is a UE in the base station side, and the pseudo base station cannot send the correct RRC parameters to the MME.
  • the MME according to the embodiment of the present invention is The second RRC parameter sent by the source base station generates a NAS-MAC, and the MME sends the NAS-MAC to the UE through the source base station, and the UE verifies NAS-MAC, when the NAS-MAC check succeeds, the user equipment identifies the source base station as a real base station, and then redirects to the target base station indicated by the redirection information; when the NAS-MAC check fails, the user equipment identifies the source base station.
  • the pseudo base station is disconnected from the source base station, that is, the user equipment can check whether the currently received RRC parameter is a forged parameter or a tampering parameter, thereby preventing the pseudo base station from actively triggering the CSFB.
  • the process is such that the terminal is connected to the pseudo base station of the 2G, and the source base station can be identified to improve the security of the user equipment to perform CSFB.
  • the extended service request message is encapsulated in an RRC Connection Setup Complete message, and the extended service request message may include service type indication information, where the service type indication information is used to indicate that the service type requested by the UE is CSFB. For example, the call originating CS fallback of the calling party, the mobile terminating CS fallback of the called party, the mobile originating CS fallback emergency call, and the like.
  • the first RRC parameter may include redirection information, where the redirection information is used to indicate the target base station to which the user equipment is redirected, and the redirection information may include redirection control information or physical cell identity (PCI). At least one of the PCIs, the PCI is used to indicate the base station identity of the target base station to which the user equipment is redirected.
  • the redirection information includes the redirection control information
  • the UE may search for the PCI corresponding to the redirection control information, and then the base station corresponding to the PCI is used as the target base station, and is redirected to the target base station.
  • the UE may use the base station corresponding to the PCI as the target base station, and redirect to the target base station.
  • the first RRC parameter may further include a release cause (ReleaseCause, the cause value is fixed as CS Fallback High Priority), or system information related to PCI, and the like.
  • the second RRC parameter may include plaintext or ciphertext of the first RRC parameter.
  • the second RRC parameter is the same as the first RRC parameter.
  • the MME may encrypt the first RRC parameter according to the NAS encryption key of the user equipment, to obtain the first RRC.
  • the ciphertext of the parameter, and the ciphertext of the first RRC parameter is used as the second RRC parameter.
  • the MME may be configured according to the Access Security Management Entity (ASME) of the user equipment. And the NAS count (NAS COUNT), the derived NAS encryption key is obtained, and the MME can encrypt the first RRC parameter by using the derived NAS encryption key to obtain the ciphertext of the first RRC parameter, and the first RRC parameter The ciphertext is used as the second RRC parameter.
  • ASME Access Security Management Entity
  • NAS COUNT NAS count
  • the MME can encrypt the first RRC parameter by using the derived NAS encryption key to obtain the ciphertext of the first RRC parameter, and the first RRC parameter
  • the ciphertext is used as the second RRC parameter.
  • the MME may perform integrity protection on the second RRC parameter by using a NAS integrity key of the user equipment to generate a NAS-MAC.
  • the MME may perform integrity protection on the second RRC parameter and the NAS count by using the NAS integrity key of the user equipment to generate a NAS-MAC; the MME sends the NAS-MAC and the NAS count part bits to the source.
  • the base station sends an RRC connection release message to the user equipment, where the connection release message includes a NAS-MAC, a second RRC parameter, and a partial bit of the NAS count; the user equipment acquires the NAS count according to a part of the bit counted by the NAS; the user equipment The NAS-MAC is verified according to the NAS integrity key, the second RRC parameter, and the NAS count of the user equipment.
  • the NAS count is the freshness parameter of the NAS layer, and the NAS count can be updated in real time, and the NAS-MAC generated by the MME is different each time, and can resist the replay attack.
  • the MME obtains the derived NAS integrity key according to the ASME key of the user equipment and the NAS count. Key; the MME uses the derived NAS integrity key to perform integrity protection on the second RRC parameter to generate a NAS-MAC; the MME sends the NAS-MAC and NAS counted partial bits to the source base station; the source base station sends the user base station RRC connection release message, the RRC connection release message includes the NAS-MAC, the second RRC parameter, and a partial bit of the NAS count; the user equipment acquires the NAS count according to the partial bit counted by the NAS; the user equipment is based on the ASME key of the user equipment And NAS counting, obtaining a derived NAS integrity key; the user equipment checks the NAS-MAC according to the derived NAS integrity key and the second RRC parameter.
  • the NAS count is the freshness parameter of the NAS layer, and the NAS count can be updated in real time, and the derived NAS integrity keys obtained according to the NAS count each time are different, based on the derived NAS integrity key.
  • the generated NAS-MACs are also different and can resist replay attacks.
  • the MME encrypts the first RRC parameter by using the NAS encryption key of the user equipment to obtain a second RRC parameter; the MME uses the NAS integrity key of the user equipment to perform integrity protection on the second RRC parameter to generate the NAS.
  • -MAC the MME sends the NAS-MAC to the source base station; the source base station sends an RRC connection release message to the user equipment, the connection release message includes a NAS-MAC and a second RRC parameter; and the user equipment is based on the NAS integrity of the user equipment.
  • the key and the second RRC parameter are used to check the NAS-MAC.
  • the user equipment decrypts the second RRC parameter by using the NAS encryption key of the user equipment to obtain redirection information; To the target base station indicated by the redirect information.
  • the MME encrypts and protects the first RRC parameter sent by the source base station, and prevents the first RRC parameter from being forged, falsified, or monitored, and improves the security of the user equipment.
  • the MME encrypts the first RRC parameter by using the NAS encryption key of the user equipment to obtain a second RRC parameter; the MME uses the NAS integrity key of the user equipment to perform integrity protection on the second RRC parameter and the NAS count.
  • Generating a NAS-MAC the MME sends the NAS-MAC and the NAS to count the partial bits to the source base station; the source base station sends an RRC connection release message to the user equipment, where the connection release message includes the NAS-MAC, the second RRC parameter, and the NAS.
  • the user equipment obtains the NAS count according to the partial bits counted by the NAS; the user equipment checks the NAS-MAC according to the NAS integrity key, the second RRC parameter, and the NAS count of the user equipment; when NAS- When the MAC check succeeds, the user equipment decrypts the second RRC parameter by using the NAS encryption key of the user equipment to obtain redirection information; the user equipment is redirected to the target base station indicated by the redirection information.
  • the NAS count is the freshness parameter of the NAS layer, and the NAS count can be updated in real time, and the NAS-MAC generated by the MME is different each time, and can resist the replay attack.
  • the MME encrypts and protects the first RRC parameter sent by the source eNB, and prevents the first RRC parameter from being forged, falsified, or monitored, and improves the security of the user equipment.
  • the MME obtains the derived NAS integrity key and the derived NAS encryption key according to the ASME key and the NAS count of the user equipment; the MME encrypts the first RRC parameter by using the derived NAS encryption key to obtain the first a second RRC parameter; the MME performs integrity protection on the second RRC parameter by using the derived NAS integrity key to generate a NAS-MAC; the MME sends the NAS-MAC and the NAS to count the partial bits to the source base station; the source base station to the user
  • the device sends an RRC connection release message, where the RRC connection release message includes the NAS-MAC, the second RRC parameter, and a part of the bit counted by the NAS; the user equipment acquires the NAS count according to part of the bit counted by the NAS; and the user equipment is based on the ASME of the user equipment.
  • the NAS count is a freshness parameter of the NAS layer, and the NAS count can be updated in real time, and each time the derived NAS integrity key and the derived NAS encryption key obtained according to the NAS count are different, based on The second RRC parameters obtained by the derived NAS encryption key are different, and the NAS-MAC generated based on the derived NAS integrity key is also different, and can resist the replay attack.
  • the MME encrypts and protects the first RRC parameter sent by the source eNB, and prevents the first RRC parameter from being forged, falsified, or monitored, and improves the security of the user equipment.
  • an embodiment of the present invention provides a computer storage medium, where the computer storage medium stores a program, and the program includes all or part of the steps of the communication method provided by the first aspect of the embodiment of the present invention.
  • an embodiment of the present invention provides a communication apparatus, where the communication apparatus includes a module for performing the communication method disclosed in the first aspect of the embodiment of the present invention.
  • an embodiment of the present invention provides a base station, including a processor, a memory, and a transceiver.
  • the memory stores a set of program codes
  • the processor calls the program code stored in the memory to perform the following operations. :
  • an embodiment of the present invention provides a user equipment, including: a processor, a memory, and a transceiver, wherein the memory stores a set of program codes, and the processor calls the program code stored in the memory, and is configured to execute the following: operating:
  • the NAS integrity key and the second RRC parameter check the NAS-MAC; when the NAS-MAC check succeeds, redirect to the target base station indicated by the redirect information.
  • an embodiment of the present invention provides an MME, including a processor, a memory, and a transceiver, where a set of program codes is stored in the memory, and the processor calls the program code stored in the memory to perform the following operations. :
  • the redirection information is used to indicate a target base station that is redirected by the user equipment, and the NAS integrity key is generated according to the user equipment and the NAS-MAC is generated.
  • the second RRC parameter obtains a NAS-MAC, and the second RRC parameter includes a plaintext or a ciphertext of the first RRC parameter; and sends the NAS-MAC to the source base station.
  • the seventh aspect of the present invention provides a communication system, including the base station disclosed in the fourth aspect of the embodiment of the present invention, the user equipment disclosed in the fifth aspect, and the MME disclosed in the sixth aspect.
  • FIG. 1 is a schematic structural diagram of a communication system according to an embodiment of the present invention.
  • FIG. 2 is a schematic flow chart of a communication method according to an embodiment of the present invention.
  • FIG. 3 is a schematic flow chart of a communication method according to another embodiment of the present invention.
  • FIG. 4 is a schematic flow chart of a communication method according to another embodiment of the present invention.
  • FIG. 5 is a schematic flowchart of a communication method according to another embodiment of the present invention.
  • FIG. 6 is a schematic flow chart of a communication method according to another embodiment of the present invention.
  • FIG. 7 is a schematic flowchart of a communication method according to another embodiment of the present invention.
  • FIG. 8 is a schematic flowchart diagram of a communication method according to another embodiment of the present invention.
  • FIG. 9 is a schematic flowchart diagram of a communication method according to another embodiment of the present invention.
  • FIG. 10 is a schematic flowchart diagram of a communication method according to another embodiment of the present invention.
  • FIG. 11 is a schematic structural diagram of a communication apparatus according to an embodiment of the present invention.
  • FIG. 12 is a schematic structural diagram of a base station according to an embodiment of the present disclosure.
  • FIG. 13 is a schematic structural diagram of a communication apparatus according to another embodiment of the present invention.
  • FIG. 14 is a schematic structural diagram of a user equipment according to an embodiment of the present disclosure.
  • FIG. 15 is a schematic structural diagram of a communication apparatus according to another embodiment of the present invention.
  • 16 is a schematic structural diagram of a mobility management entity according to an embodiment of the present invention.
  • FIG. 17 is a schematic structural diagram of a communication system according to an embodiment of the present invention.
  • FIG. 1 is a schematic structural diagram of a communication system according to an embodiment of the present invention.
  • the communication system may include a user equipment 10, a General Packet Radio Service (GPRS) service support node (SGSN) 20, and an MME 30.
  • GPRS General Packet Radio Service
  • the user equipment 10, the SGSN 20, and the MME 30 can perform data transmission through a communication connection.
  • GPRS General Packet Radio Service
  • the user equipment 10 may establish a communication connection with the MME 30 through the E-UTRAN, and the base station in the E-UTRAN may include an evolved base station (eNB) or the like.
  • the user equipment 10 can establish a communication connection with the SGSN 20 through the UTRAN or the GERAN.
  • the base station in the UTRAN can include a Base Transceiver Station (BTS) or a Base Station Controller (BSC), and the base station in the GERAN. It may include a base station (NodeB, NB) or a radio network controller (RNC). Wait.
  • BTS Base Transceiver Station
  • BSC Base Station Controller
  • RNC radio network controller
  • the user equipment 10 may be referred to as a mobile station, an access terminal, a subscriber unit, a subscriber station, a mobile station, a remote station, a remote terminal, a mobile device, a terminal, a wireless communication device, a user agent, or a user device, etc., which may specifically be Stations in the WLAN (Station, ST), cellular phones, cordless phones, Session Initiation Protocol (SIP) phones, Wireless Local Loop (WLL) stations, Personal Digital Assistant (PDA) ), handheld devices with wireless communication capabilities, computing devices, other processing devices connected to wireless modems, in-vehicle devices, wearable devices, mobile stations in future 5G networks, and the future evolution of the Public Land Mobile Network (Public Land Mobile Network, PLMN) Any of terminal devices and the like in the network.
  • WLAN Wireless Local Loop
  • PDA Personal Digital Assistant
  • the MME 30 is a key control node of the 3GPP protocol LTE access network, and can be used for encryption and integrity protection of NAS signaling.
  • GSM Global System for Mobile Communication
  • CDMA Code Division Multiple Access
  • WCDMA Wideband Code Division Multiple Access
  • GPRS General Packet Radio Service
  • LTE LTE
  • FDD Frequency Division Duplex
  • TDD Time Division Duplex
  • UMTS Universal Mobile Telecommunication System
  • WiMAX Worldwide Interoperability for Microwave Access
  • FIG. 2 is a schematic diagram of a communication method according to the embodiment of the present invention. The method includes, but is not limited to, the following steps:
  • Step S201 The source base station receives an extended service request message from the user equipment.
  • the source base station may be an eNB in an LTE system.
  • the extended service request message may be encapsulated in an RRC connection setup complete message.
  • the extended service request message may include service type indication information, where the service type indication information is used to indicate that the service type requested by the UE is CSFB, for example, the circuit switched domain of the calling party falls back, the called circuit switched domain falls back, and the emergency call is The circuit switched domain falls back and so on.
  • Step S202 The source base station sends a first RRC parameter to the MME according to the extended service request message, where the first RRC parameter includes redirection information.
  • the first RRC parameter includes redirection information, and the redirection information is used to indicate a target base station that is redirected by the user equipment.
  • the redirection information may include at least one of redirection control information and PCI.
  • the redirection control information may be used to indicate a target base station to which the user equipment is redirected, for example, may be an identifier of the target base station.
  • the PCI can be used to distinguish different cells. For example, the cell corresponding to the PCI can be searched, and the base station to which the cell belongs is used as the target base station, so as to be redirected to the target base station.
  • the first RRC parameter may be part or all parameters included in the RRC connection release message sent by the source base station to the UE, for example, redirection information, release reason, system information related to the PCI, and the like.
  • the PCI related system information includes system parameters of a cell corresponding to the PCI, for example, a service frequency point, a neighbor frequency point, normal or shared channel information, and the like.
  • Step S203 The source base station receives the NAS-MAC from the MME.
  • the method further includes the source base station receiving a partial bit of the NAS count from the MME.
  • the method further includes the source base station receiving the second RRC parameter from the MME.
  • the second RRC parameter is a generation parameter of the NAS-MAC, and the second RRC parameter includes a plaintext or a ciphertext of the first RRC parameter.
  • Step S204 The source base station sends an RRC connection release message to the user equipment, where the RRC connection release message includes a NAS-MAC and a second RRC parameter.
  • the RRC Connection Release message sent by the source base station to the user equipment may further include a partial bit of the NAS count, for example, the lower 4 bits of the NAS count.
  • the RRC connection release message sent by the source base station to the user equipment may further include the second RRC parameter.
  • the source base station sends a first RRC parameter to the MME according to the extended service request message sent by the user equipment, receives the NAS-MAC from the MME, and sends an RRC connection release message to the user equipment, where the RRC connection release message includes The NAS-MAC and the second RRC parameter, the second RRC parameter is a NAS-MAC generation parameter, and the second RRC parameter includes a plaintext or a ciphertext of the first RRC parameter, and the pseudo base station cannot notify the MME of the correct first RRC parameter. Therefore, the user equipment cannot be sunk to 2G by tampering with the first RRC parameter, and the security of the user equipment to perform CSFB is improved.
  • FIG. 3 is a schematic diagram of a communication method according to an embodiment of the present invention. The method includes, but is not limited to, the following steps:
  • Step S301 The user equipment sends an extended service request message to the source base station.
  • Step S302 The user equipment receives an RRC connection release message sent by the source base station, where the RRC connection release message includes a NAS-MAC and a second RRC parameter.
  • the second RRC parameter is a generation parameter of the NAS-MAC, and the second RRC parameter includes redirection information, where the redirection information is used to indicate the target base station to which the user equipment is redirected.
  • the second RRC parameter may include plaintext or ciphertext of the first RRC parameter.
  • the first RRC parameter may include redirection information.
  • the RRC Connection Release message may also include a partial bit of the NAS count.
  • Step S303 The user equipment checks the NAS-MAC according to the NAS integrity key of the user equipment and the second RRC parameter.
  • the user equipment may perform integrity protection on the second RRC parameter based on the NAS integrity algorithm between the MME and the NAS integrity key of the user equipment to generate a NAS-MAC; the user equipment the user The NAS-MAC generated by the device is compared with the NAS-MAC in the RRC connection release message.
  • the NAS-MAC check succeeds.
  • the NAS-MAC generated by the user equipment is different from the NAS-MAC in the RRC Connection Release message, the NAS-MAC check fails.
  • the user equipment may acquire the NAS count according to the partial bits of the NAS count, and according to the NAS integrity key, the second RRC parameter, and the NAS count. , verify the NAS-MAC.
  • the user equipment may obtain the NAS count corresponding to the partial bits of the NAS count according to the correspondence between the partial bits of the NAS count and the NAS count.
  • the user equipment may perform integrity protection on the second RRC parameter and the acquired NAS count based on the NAS integrity algorithm between the MME and the NAS integrity key of the user equipment to generate a NAS-MAC; the user equipment will The NAS-MAC generated by the user equipment is compared with the NAS-MAC in the RRC connection release message.
  • the NAS-MAC check succeeds;
  • the NAS-MAC generated by the user equipment is different from the NAS-MAC in the RRC Connection Release message, the NAS-MAC check fails.
  • the user equipment may acquire the NAS count according to the partial bits of the NAS count, according to the ASME key (eg, Kasme) and NAS count of the user equipment. Obtain a derived NAS integrity key and verify the NAS-MAC according to the derived NAS integrity key and the second RRC parameter.
  • ASME key eg, Kasme
  • the user equipment may process the ASME key of the user equipment and the obtained NAS count by using a key derivation algorithm between the user equipment and the MME to obtain a derived NAS integrity key.
  • the user equipment may perform integrity protection on the second RRC parameter based on the NAS integrity algorithm between the MME and the obtained NAS integrity algorithm to generate the NAS-MAC.
  • the user equipment compares the NAS-MAC generated by the user equipment with the NAS-MAC in the RRC connection release message.
  • the NAS-MAC school The success is successful; when the NAS-MAC generated by the user equipment and the NAS-MAC in the RRC Connection Release message are different, the NAS-MAC check fails.
  • Step S304 When the NAS-MAC verification is successful, the user equipment is redirected to the target base station indicated by the redirection information.
  • the user equipment may decrypt the second RRC parameter by using the NAS encryption key of the user equipment, and obtain the weight.
  • the information is directed and redirected to the target base station indicated by the redirect information.
  • the user equipment may obtain the derived NAS encryption key according to the ASME key and the NAS count of the user equipment. Decrypting the second RRC parameter using the derived NAS encryption key, obtaining redirection information, and redirecting to the target base station indicated by the redirection information.
  • the user equipment can disconnect from the source base station.
  • the user equipment receives the NAS-MAC and the second RRC parameter sent by the source base station, the second RRC parameter is a NAS-MAC generation parameter, and the second RRC parameter includes redirection information, and the user equipment is based on the user.
  • the NAS integrity key and the second RRC parameter of the device verify the NAS-MAC.
  • the user equipment is redirected to the target base station indicated by the redirection information, and the user equipment passes the verification NAS-MAC.
  • the identification of the source base station can improve the security of the user equipment to perform CSFB.
  • FIG. 4 is a schematic diagram of a communication method according to the embodiment of the present invention. The method includes, but is not limited to, the following steps:
  • Step S401 The MME receives the first RRC parameter from the source base station of the user equipment, where the first RRC parameter includes redirection information.
  • Step S402 The MME obtains the NAS-MAC according to the NAS integrity key of the user equipment and the second RRC parameter, and the second RRC parameter is a generation parameter of the NAS-MAC.
  • the MME may perform integrity protection on the second RRC parameter based on the NAS integrity algorithm negotiated with the user equipment and the NAS integrity key of the user equipment to generate a NAS-MAC.
  • the second RRC parameter may include plaintext or ciphertext of the first RRC parameter.
  • the second RRC parameter For the second RRC parameter, the first RRC parameter, and the redirection information, refer to the related description in the embodiment shown in FIG. 2, and details are not described herein.
  • the MME may perform integrity protection on the second RRC parameter using the NAS integrity key of the user equipment to generate a NAS-MAC.
  • the second RRC parameter in this example may be the plaintext of the first RRC parameter.
  • the MME may perform integrity protection on the second RRC parameter and the NAS count using the NAS integrity key of the user equipment to generate a NAS-MAC.
  • the second RRC parameter in this example may be the plaintext of the first RRC parameter.
  • the MME may use the NAS encryption key of the user equipment to encrypt the first RRC parameter to obtain the second RRC. parameter.
  • the second RRC parameter in this example may be the ciphertext of the first RRC parameter.
  • the MME may obtain a derived NAS integrity key according to the ASME key and the NAS count of the user equipment, and perform integrity protection on the second RRC parameter using the derived NAS integrity key to generate a NAS-MAC.
  • the second RRC parameter in this example may be the plaintext of the first RRC parameter.
  • the MME may obtain the derived NAS encryption key according to the ASME key and the NAS count of the user equipment, and use The derived NAS encryption key encrypts the first RRC parameter to obtain a second RRC parameter.
  • the second RRC parameter in this example may be the ciphertext of the first RRC parameter.
  • Step S403 The MME sends the NAS-MAC to the source base station.
  • the MME may send the NAS-MAC and the second RRC parameter to the source base station.
  • the MME may send the NAS-MAC and the second RRC parameter to the source base station.
  • the MME may send the NAS-MAC and the NAS to the source base station. Part of the bit counted.
  • the MME obtains the derived NAS integrity key according to the ASME key and the NAS count of the user equipment, and uses the derived NAS integrity key to perform integrity protection on the second RRC parameter to generate the NAS-MAC.
  • the MME may send the NAS-MAC and some bits of the NAS count to the source base station.
  • the MME obtains the derived NAS integrity key and the derived NAS encryption key according to the ASME key and the NAS count of the user equipment, and the MME uses the derived NAS encryption key to perform the first RRC parameter. Encrypting, obtaining the second RRC parameter, and performing integrity protection on the second RRC parameter by using the derived NAS integrity key to generate a NAS-MAC, where the MME may send the NAS-MAC and the NAS count part of the bit to the source base station. .
  • the MME receives a first RRC parameter from a source base station of the user equipment, where the first RRC parameter includes redirection information, and obtains NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment.
  • the second RRC parameter is a NAS-MAC generation parameter, and sends a NAS-MAC to the source base station.
  • the MME uses the NAS integrity key of the UE to perform integrity protection on the second RRC parameter, thereby avoiding tampering with the first RRC parameter. Improve the security of user equipment to perform CSFB.
  • FIG. 5 is a schematic diagram of a communication system according to the embodiment of the present invention. The method includes, but is not limited to, the following steps:
  • Step S501 The UE sends an extended service request message to the source base station.
  • the source base station may be an eNB in an LTE system.
  • the UE when the UE is ready to connect to the network, the UE may send an Extended Service Request message to the eNB.
  • the UE when the UE is ready to connect to the network, the UE may actively send an RRC Connection Request (RRC Conncetion Request) message to the eNB, and the RRC connection request message may carry an establishment cause of the UE requesting to establish an RRC connection.
  • the eNB transmits an RRC Connection Setup message to the UE in response to the RRC Connection Request message.
  • the UE transmits an extended service request message carrying the service type indication information to the eNB in response to the RRC connection setup message.
  • the service type indication information is used to indicate that the service type requested by the UE is CSFB, for example, the circuit switched domain of the calling party falls back, the circuit switched domain of the called party falls back, and the circuit switched domain of the emergency call falls back.
  • Step S502 The source base station sends the first RRC parameter to the MME according to the extended service request message.
  • the first RRC parameter includes redirection information, and the redirection information is used to indicate a target base station that is redirected by the user equipment.
  • the redirection information may include at least one of redirection control information and PCI.
  • redirection information the redirection control information, the PCI, the first RRC parameter, the second RRC parameter, and the like may be referred to the related description in the implementation shown in any of the figures in FIG.
  • the eNB may send an initializing UE message to the MME, and the initializing UE message carries the first RRC parameter.
  • the first RRC parameter may be part or all parameters included in the RRC connection release message sent by the eNB to the UE, for example, redirection information, release reason, system information related to the PCI, and the like.
  • the initialization UE message may be encapsulated with an extended service request message.
  • the eNB may The following two methods are used to learn that the first RRC parameter needs to be carried in the initialization UE message.
  • the first mode if the UE actively sends an RRC connection request message to the eNB, the eNB may acquire the reason that the UE carried in the RRC connection request message requests to establish an RRC connection, and the reason that the UE requests to establish an RRC connection indicates that the UE will initiate the CSFB or initiate the initiation.
  • the connection type includes CSFB
  • the eNB may send an initialization UE message carrying the first RRC parameter to the MME.
  • the second mode When the eNB receives the extended service request message, the eNB may send an initial UE message carrying the first RRC parameter to the MME.
  • the eNB may identify the service type indication information carried in the extended service request message, and when the service type indication information is used to indicate that the service type requested by the UE is CSFB, the eNB may send the initialization that carries the first RRC parameter to the MME. UE message.
  • Step S503 The MME performs integrity protection on the second RRC parameter by using the NAS integrity key of the UE, and generates a NAS-MAC.
  • the MME may decide to perform CSFB according to the extended service request message, and then based on the NAS integrity algorithm negotiated with the UE, and the NAS integrity key Knas-int pair of the UE.
  • the second RRC parameter performs integrity protection to generate a NAS-MAC.
  • the second RRC parameter may be the plaintext of the first RRC parameter.
  • Step S504 The MME sends the NAS-MAC to the source base station.
  • the MME may send a UE Context Modification Request message to the eNB, and the UE context change request message may include the generated NAS-MAC.
  • the UE context change request message may further include CS Fallback Indication information, where the CSFB indication information is used to indicate that the source base station performs CSFB on the UE.
  • Step S505 The source base station sends an RRC connection release message to the UE, where the RRC connection release message includes a NAS-MAC and a second RRC parameter.
  • the source base station may send an RRC connection release message to the UE in response to the CSFB indication information, where the RRC connection release message may include the NAS in the UE context change request message.
  • the source base station may update the first RRC parameter according to the UE context change request message, and the source base station may compare the first RRC parameter sent to the MME in step S502 with the updated first RRC parameter, When the first RRC parameter sent to the MME and the updated first RRC parameter are different in step S502, the source base station may send the updated first RRC parameter to the MME, and the MME is updated based on the updated first RRC parameter.
  • the second RRC parameter is followed, and the updated second RRC parameter is used for integrity protection using the NAS integrity key of the UE to generate an updated NAS-MAC, and the source base station receives the updated NAS-MAC sent by the MME.
  • the RRC connection release message may be sent to the UE, where the RRC connection release message includes the updated NAS-MAC and the updated second RRC parameter.
  • the source eNB may determine that the first RRC parameter remains unchanged, that is, the first RRC parameter sent to the MME in step S502 is the same as the second RRC parameter that needs to be sent to the UE, and the source The base station may send an RRC connection release message to the UE, where the RRC connection release message includes the NAS-MAC generated by the MME in step S503 and the first RRC parameter sent to the MME in step S502.
  • Step S506 The UE checks the NAS-MAC by using the NAS integrity key and the second RRC parameter of the UE.
  • the UE may use its own NAS based on the NAS integrity algorithm negotiated with the MME.
  • the integrity key protects the integrity of the second RRC parameter to generate a NAS-MAC, and the UE can compare the NAS-MAC generated by the UE with the NAS-MAC in the RRC Connection Release message, and the NAS-MAC generated by the UE
  • the UE may determine that the NAS-MAC check is successful; when the NAS-MAC generated by the UE and the NAS-MAC in the RRC Connection Release message are different, the UE may determine the NAS-MAC calibration. The test failed.
  • Step S507 When the NAS-MAC check succeeds, the UE redirects to the target base station indicated by the redirection information.
  • the UE may redirect to the 2G base station indicated by the redirection information to implement CSFB.
  • Step S508 When the NAS-MAC check fails, the UE disconnects from the source base station.
  • the UE may release the currently connected source base station and reselect one base station to access.
  • the MME performs integrity protection on the second RRC parameter using the NAS integrity key of the UE to generate a NAS-MAC, because the pseudo base station cannot notify the MME by initializing the UE message by correcting the first RRC parameter. It does not have the NAS integrity key of the UE, so the UE cannot be sunk to 2G by tampering with the second RRC parameter, and a threat scenario is solved. After the NAS-MAC check fails, the UE can disconnect from the pseudo base station. The connection between the two increases the security of the UE.
  • FIG. 6 is a schematic diagram of a communication method according to another embodiment of the present invention. The method includes, but is not limited to, the following steps:
  • Step S601 The UE sends an extended service request message to the source base station.
  • step S601 in the embodiment of the present invention reference may be made to the step S501 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.
  • Step S602 The source base station sends the first RRC parameter to the MME according to the extended service request message.
  • step S602 in the embodiment of the present invention reference may be made to the step S502 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.
  • Step S603 The MME performs integrity protection on the second RRC parameter and the NAS count by using the NAS integrity key of the UE, and generates a NAS-MAC.
  • the MME may acquire the NAS count in the context of the corresponding UE, and based on the NAS integrity algorithm negotiated with the UE, and the NAS integrity key of the UE. And performing integrity protection on the second RRC parameter and the acquired NAS count to generate a NAS-MAC.
  • the NAS count obtained by the MME may be a downlink NAS count.
  • the second RRC parameter may be the plaintext of the first RRC parameter.
  • Step S604 The MME sends partial bits of the NAS-MAC and NAS count to the source base station.
  • the MME may send a UE context change request message to the eNB, where the UE context change request message may include the generated NAS-MAC and a part of the bit counted by the NAS.
  • the partial bits of the NAS count can be the lower 3-8 bits of the NAS count.
  • the UE Context Change Request message may further include CSFB indication information for indicating that the source base station performs CSFB on the UE.
  • Step S605 The source base station sends an RRC connection release message to the UE, where the RRC connection release message includes a NAS-MAC, a second RRC parameter, and a partial bit of the NAS count.
  • the source base station may send an RRC connection release message to the UE in response to the CSFB indication information, where the RRC connection release message may include the NAS in the UE context change request message.
  • the source base station may update the first RRC parameter according to the UE context change request message, and the source base station may compare the first RRC parameter sent to the MME in step S602 with the updated first RRC parameter, When the first RRC parameter sent to the MME and the updated first RRC parameter are different in step S602, the source base station may send the updated first RRC parameter to the MME, and the MME is updated based on the updated first RRC parameter.
  • the second RRC parameter is followed, and the updated second RRC parameter and the NAS count are integrity-protected using the NAS integrity key of the UE, and the updated NAS-MAC is generated, and the source base station receives the updated MME sent After the NAS-MAC, the RRC connection release message may be sent to the UE, where the RRC connection release message includes the updated NAS-MAC, the updated second RRC parameter, and a partial bit of the NAS count.
  • the source eNB may determine that the first RRC parameter remains unchanged, that is, the first RRC parameter sent to the MME in step S602 is the same as the second RRC parameter that needs to be sent to the UE, and the source The base station may send an RRC connection release message to the UE, where the RRC connection release message includes the NAS-MAC generated by the MME in step S603, the first RRC parameter sent to the MME in step S602, and a partial bit of the NAS count.
  • Step S606 The UE acquires the NAS count according to part of the bits counted by the NAS.
  • the UE may obtain the NAS count corresponding to the partial bits of the NAS count according to the correspondence between the partial bits of the NAS count and the NAS count.
  • the partial bits of each NAS count and their corresponding NAS counts may be pre-stored in the memory of the UE.
  • Step S607 The UE checks the NAS-MAC by using the NAS integrity key of the UE, the second RRC parameter, and the acquired NAS count.
  • the UE may perform integrity protection on the second RRC parameter and the acquired NAS count based on the NAS integrity algorithm negotiated with the MME and the NAS integrity key of the UE, and generate a NAS-MAC.
  • the UE may compare the NAS-MAC generated by the UE with the NAS-MAC in the RRC Connection Release message. When the NAS-MAC generated by the UE and the NAS-MAC in the RRC Connection Release message are the same, the UE may determine the NAS-MAC check. Successful; when the NAS-MAC generated by the UE and the NAS-MAC in the RRC Connection Release message are different, the UE may determine that the NAS-MAC check fails.
  • Step S608 When the NAS-MAC check succeeds, the UE redirects to the target base station indicated by the redirection information.
  • step S608 in the embodiment of the present invention reference may be made to the step S507 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.
  • Step S609 When the NAS-MAC check fails, the UE disconnects from the source base station.
  • step S609 in the embodiment of the present invention reference may be made to the step S508 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.
  • redirection information the redirection control information, the PCI, the first RRC parameter, the second RRC parameter, and the like may be referred to the related description in the implementation shown in any of the figures in FIG.
  • the MME In the method described in FIG. 6, the MME generates a NAS-MAC according to the NAS count and the RRC parameters, and carries a partial bit of the NAS count in the downlink message. Since the NAS count is a fresh parameter of the NAS layer, the NAS-MACs generated each time are different, and thus can resist the replay attack.
  • FIG. 7 is a schematic diagram of a communication method according to another embodiment of the present invention. The method includes, but is not limited to, the following steps:
  • Step S701 The UE sends an extended service request message to the source base station.
  • step S701 in the embodiment of the present invention reference may be made to the step S501 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.
  • Step S702 The source base station sends the first RRC parameter to the MME according to the extended service request message.
  • step S702 in the embodiment of the present invention reference may be made to the step S502 in the fifth embodiment, which is not repeatedly described in the embodiment of the present invention.
  • Step S703 The MME obtains the derived NAS integrity key according to the ASME key of the UE and the NAS count.
  • the MME may process the ASME key and the NAS count of the UE by using a key derivation algorithm that is preset or negotiated with the UE to obtain a derived NAS integrity key Kcsfb.
  • the MME may process the ASME key, the NAS count, and the first preset constant of the UE by using a key derivation algorithm negotiated with the UE to obtain a derived NAS integrity key Kcsfb.
  • the first preset constant can be a string such as "CSFB-INT”.
  • Step S704 The MME performs integrity protection on the second RRC parameter by using the derived NAS integrity key to generate a NAS-MAC.
  • the MME may decide to perform CSFB according to the extended service request message, and further obtain a NAS integrity algorithm based on the negotiated NAS integrity algorithm, and obtain the derived NAS integrity key pair second RRC.
  • the parameters are integrity protected and the NAS-MAC is generated.
  • the second RRC parameter may be the plaintext of the first RRC parameter.
  • Step S705 The MME sends partial bits of the NAS-MAC and NAS count to the source base station.
  • the MME may send a UE context change request message to the eNB, where the UE context change request message may include the generated NAS-MAC and a part of the bit counted by the NAS.
  • the partial bits of the NAS count can be the lower 3-8 bits of the NAS count.
  • the UE context change request message may also include a first preset constant.
  • the UE Context Change Request message may further include CSFB indication information for indicating that the source base station performs CSFB on the UE.
  • Step S706 The source base station sends an RRC connection release message to the UE, where the RRC connection release message includes a NAS-MAC, a second RRC parameter, and a partial bit of the NAS count.
  • the source base station may send an RRC connection release message to the UE in response to the CSFB indication information, where the RRC connection release message may include the NAS in the UE context change request message.
  • the RRC Connection Release message may further include a first preset constant.
  • the source eNB may update the first RRC parameter according to the UE context change request message, and the source eNB may compare the first RRC parameter sent to the MME in step S702 with the updated first RRC parameter, when When the first RRC parameter sent to the MME and the updated first RRC parameter are different, the source base station may send the updated first RRC parameter to the MME, and the MME obtains the derivative according to the ASME key and the NAS count of the UE.
  • the NAS integrity key the MME obtains the updated second RRC parameter based on the updated first RRC parameter, and performs integrity protection on the updated second RRC parameter by using the derived NAS integrity key, and generates an updated
  • the source base station may send an RRC connection release message to the UE, where the RRC connection release message includes the updated NAS-MAC, the updated second RRC parameter, and the Part of the bit counted by the NAS.
  • the source eNB may determine that the first RRC parameter remains unchanged, that is, the first RRC parameter sent to the MME in step S702 is the same as the second RRC parameter that needs to be sent to the UE, and the source The base station may send an RRC connection release message to the UE, where the RRC connection release message includes the NAS-MAC generated by the MME in step S704 and the first RRC parameter sent to the MME in step S702.
  • Step S707 The UE acquires the NAS count according to part of the bits counted by the NAS.
  • step S707 in the embodiment of the present invention reference may be made to the step S606 in the sixth embodiment, which is not repeatedly described in the embodiment of the present invention.
  • Step S708 The UE obtains the derived NAS integrity key by using the ASME key of the UE and the acquired NAS count.
  • the UE may process the ASME key and the acquired NAS count by using a key derivation algorithm that is preset or negotiated with the MME to obtain a derived NAS integrity key.
  • the UE may process its ASME key, NAS count, and first preset constant by a key derivation algorithm negotiated with the MME to obtain a derived NAS integrity key Kcsfb.
  • Step S709 The UE verifies the NAS-MAC by using the obtained derived NAS integrity key and the second RRC parameter.
  • the UE may perform integrity protection on the second RRC parameter based on the NAS integrity algorithm negotiated with the MME and the obtained derived NAS integrity key to generate a NAS-MAC, and then the UE may generate the UE.
  • the NAS-MAC compares with the NAS-MAC in the RRC Connection Release message. When the NAS-MAC generated by the UE and the NAS-MAC in the RRC Connection Release message are the same, the UE may determine that the NAS-MAC check is successful; when the UE generates When the NAS-MAC in the NAS-MAC and the RRC Connection Release message are different, the UE may determine that the NAS-MAC check fails.
  • Step S710 When the NAS-MAC check succeeds, the UE redirects to the target base station indicated by the redirection information.
  • step S710 in the embodiment of the present invention reference may be made to the step S507 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.
  • Step S711 When the NAS-MAC check fails, the UE disconnects from the source base station.
  • step S711 in the embodiment of the present invention refer to the step S508 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.
  • redirection information the redirection control information, the PCI, the first RRC parameter, the second RRC parameter, and the like may be referred to the related description in the implementation shown in any of the figures in FIG.
  • the MME obtains the derived NAS integrity key according to the ASME key and the NAS count of the UE, and performs integrity protection on the RRC parameters using the derived NAS integrity key to obtain the NAS-MAC. Since the NAS count is a fresh parameter of the NAS layer, the derived NAS integrity keys obtained each time are different, resulting in different NAS-MACs generated each time, thereby being resistant to replay attacks.
  • FIG. 8 is a schematic diagram of a communication method according to another embodiment of the present invention. The method includes, but is not limited to, the following steps:
  • Step S801 The UE sends an extended service request message to the source base station.
  • step S801 in the embodiment of the present invention reference may be made to the step S501 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.
  • Step S802 The source base station sends the first RRC parameter to the MME according to the extended service request message.
  • step S802 in the embodiment of the present invention reference may be made to the step S502 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.
  • Step S803 The MME encrypts the first RRC parameter by using the NAS encryption key of the UE, to obtain a second RRC parameter.
  • the MME may decide to perform CSFB according to the extended service request message, and further base the algorithm based on the NAS confidentiality algorithm negotiated with the UE and the NAS encryption key Knas-enc of the UE.
  • the first RRC parameter sent by the base station is encrypted to obtain a second RRC parameter.
  • the second RRC parameter may be a ciphertext of the first RRC parameter.
  • Step S804 The MME performs integrity protection on the second RRC parameter by using the NAS integrity key of the UE, and generates a NAS-MAC.
  • the MME may perform integrity protection on the second RRC parameter based on the NAS integrity algorithm negotiated with the UE and the NAS integrity key of the UE to generate a NAS-MAC.
  • the MME may perform integrity protection on the first RRC parameters based on the NAS integrity algorithm negotiated with the UE and the NAS integrity key of the UE to generate a NAS-MAC.
  • Step S805 The MME sends the NAS-MAC and the second RRC parameter to the source base station.
  • Step S806 The source base station sends an RRC connection release message to the UE, where the RRC connection release message includes a NAS-MAC and a second RRC parameter.
  • the source base station may update the first RRC parameter according to the UE context change request message, and the source base station may compare the first RRC parameter sent to the MME in step S802 with the updated first RRC parameter, when When the first RRC parameter sent to the MME in step S802 is different from the updated first RRC parameter, the source base station may send the updated first RRC parameter to the MME, and the MME uses the NAS encryption key pair of the UE to update the number. An RRC parameter is encrypted, and the updated second RRC parameter is obtained. The MME performs integrity protection on the updated second RRC parameter according to the NAS integrity key of the UE, generates an updated NAS-MAC, and the source base station receives the MME.
  • the RRC connection release message may be sent to the UE, where the RRC connection release message includes the updated NAS-MAC and the updated second RRC parameter.
  • the source eNB may determine that the first RRC parameter remains unchanged, that is, the information included in the first RRC parameter sent to the MME in step S802 and the second RRC that needs to be sent to the UE.
  • the information included in the parameter is the same, and the source base station may send an RRC connection release message to the UE, where the RRC connection release message includes the NAS-MAC and the second RRC parameter generated by the MME in step S804.
  • Step S807 The UE checks the NAS-MAC by using the NAS integrity key and the second RRC parameter of the UE.
  • the UE may perform integrity protection on the second RRC parameter based on the NAS integrity algorithm negotiated with the MME and the NAS integrity key of the UE, and generate a NAS-MAC, and then the UE may generate the NAS by the UE.
  • -MAC and NAS-MAC in the RRC Connection Release message are compared.
  • the UE may determine that the NAS-MAC check is successful; when the NAS generated by the UE When the MAC-MAC and the RRC Connection Release message are not the same, the UE may determine that the NAS-MAC check fails.
  • Step S808 When the NAS-MAC check succeeds, the UE decrypts the second RRC parameter by using the NAS encryption key of the UE, to obtain redirection information.
  • the UE may decrypt the second RRC parameter based on the NAS confidentiality algorithm negotiated with the MME and the NAS encryption key of the UE, to obtain redirection information.
  • Step S809 The UE redirects to the target base station indicated by the redirection information.
  • Step S810 When the NAS-MAC check fails, the UE disconnects from the source base station.
  • redirection information the redirection control information, the PCI, the first RRC parameter, the second RRC parameter, and the like may be referred to the related description in the implementation shown in any of the figures in FIG.
  • the MME adds encryption protection to the first RRC parameter sent by the source base station, which can prevent the first RRC parameter from being forged, falsified or monitored, and improve the security of the first RRC parameter.
  • FIG. 9 is a schematic diagram of a communication method according to another embodiment of the present invention. The method includes, but is not limited to, the following steps:
  • Step S901 The UE sends an extended service request message to the source base station.
  • step S901 in the embodiment of the present invention reference may be made to the step S501 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.
  • Step S902 The source base station sends the first RRC parameter to the MME according to the extended service request message.
  • step S902 in the embodiment of the present invention reference may be made to the step S502 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.
  • Step S903 The MME encrypts the first RRC parameter by using the NAS encryption key of the UE, to obtain a second RRC parameter.
  • step S903 in the embodiment of the present invention reference may be made to the step S803 in the eighth embodiment, which is not described in detail in the embodiment of the present invention.
  • Step S904 The MME performs integrity protection on the second RRC parameter and the NAS count by using the NAS integrity key of the UE, and generates a NAS-MAC.
  • the MME may perform integrity protection on the second RRC parameter and the NAS count based on the NAS integrity algorithm negotiated with the UE and the NAS integrity key of the UE to generate a NAS-MAC.
  • the MME may perform integrity protection on the first RRC parameters and the NAS count based on the NAS integrity algorithm negotiated with the UE and the NAS integrity key of the UE to generate a NAS-MAC.
  • Step S905 The MME sends the NAS-MAC, the second RRC parameter, and part of the bit counted by the NAS to the source base station.
  • Step S906 The source base station sends an RRC connection release message to the UE, where the RRC connection release message includes a NAS-MAC, a second RRC parameter, and a partial bit of the NAS count.
  • the source eNB may update the first RRC parameter according to the UE context change request message, and the source eNB may compare the first RRC parameter sent to the MME in step S902 with the updated first RRC parameter, when When the first RRC parameter sent to the MME in step S902 is different from the updated first RRC parameter, the source base station may send the updated first RRC parameter to the MME, and the MME uses the NAS encryption key pair of the UE to update the number.
  • An RRC parameter is encrypted to obtain an updated second RRC parameter, and the MME performs integrity protection on the updated second RRC parameter and the NAS count by using the NAS integrity key of the UE to generate an updated NAS-MAC, the source base station.
  • the RRC connection release message may be sent to the UE, where the RRC connection release message includes the updated NAS-MAC, the updated second RRC parameter, and a partial bit of the NAS count.
  • the source eNB may determine that the first RRC parameter remains unchanged, that is, the information included in the first RRC parameter sent to the MME in step S902 and the second RRC that needs to be sent to the UE.
  • the information included in the parameter is the same, and the source base station may send an RRC connection release message to the UE, where the RRC connection release message includes the NAS-MAC and the second RRC parameter generated by the MME in step S904.
  • Step S907 The UE acquires the NAS count according to part of the bits counted by the NAS.
  • step S907 in the embodiment of the present invention reference may be made to the step S606 in the sixth embodiment, which is not described in detail in the embodiment of the present invention.
  • Step S908 The UE checks the NAS-MAC by using the NAS integrity key of the UE, the second RRC parameter, and the acquired NAS count.
  • the UE may perform integrity protection on the second RRC parameter and the acquired NAS count based on the NAS integrity algorithm negotiated with the MME and the NAS integrity key of the UE, and generate a NAS-MAC.
  • the UE may compare the NAS-MAC generated by the UE with the NAS-MAC in the RRC Connection Release message. When the NAS-MAC generated by the UE and the NAS-MAC in the RRC Connection Release message are the same, the UE may determine the NAS-MAC check. Successful; when the NAS-MAC generated by the UE and the NAS-MAC in the RRC Connection Release message are different, the UE may determine that the NAS-MAC check fails.
  • Step S909 When the NAS-MAC check succeeds, the UE decrypts the second RRC parameter by using the NAS encryption key of the UE, to obtain redirection information.
  • the UE may decrypt the second RRC parameter based on the NAS confidentiality algorithm negotiated with the MME and the NAS encryption key of the UE, to obtain redirection information.
  • Step S910 The UE redirects to the target base station indicated by the redirection information.
  • Step S911 When the NAS-MAC check fails, the UE disconnects from the source base station.
  • redirection information the redirection control information, the PCI, the first RRC parameter, the second RRC parameter, and the like may be referred to the related description in the implementation shown in any of the figures in FIG.
  • the MME adds encryption protection to the first RRC parameter, which can prevent the first RRC parameter from being forged, falsified or monitored, and improve the security of the first RRC parameter.
  • the MME according to the NAS count and the number
  • the second RRC parameter generates the NAS-MAC. Since the NAS count is a fresh parameter of the NAS layer, the NAS-MACs generated each time are different, so that the replay attack can be resisted.
  • FIG. 10 is a schematic diagram of a communication method according to another embodiment of the present invention. The method includes, but is not limited to, the following steps:
  • Step S1001 The UE sends an extended service request message to the source base station.
  • step S1001 in the embodiment of the present invention reference may be made to the step S501 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.
  • Step S1002 The source base station sends a first RRC parameter to the MME according to the extended service request message.
  • step S1002 in the embodiment of the present invention reference may be made to the step S502 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.
  • Step S1003 The MME obtains the derived NAS integrity key and the derived NAS encryption key according to the ASME key and the NAS count of the UE.
  • the MME may process the ASME key and the NAS count of the UE by using a key derivation algorithm that is preset or negotiated with the UE, to obtain a derived NAS integrity key Kcsfb-int and derived NAS encryption. Key Kcsfb-enc.
  • the MME may process the ASME key, the NAS count, and the second preset constant of the UE by using a key derivation algorithm negotiated with the UE to obtain a derived NAS integrity key.
  • the second preset constant can be a string such as "CSFB-INT”.
  • the MME may process the ASME key, the NAS count, and the third preset constant of the UE by using a key derivation algorithm negotiated with the UE to obtain a derived NAS encryption key.
  • the third preset constant can be a string such as "CSFB-ENC”.
  • Step S1004 The MME encrypts the first RRC parameter by using the derived NAS encryption key to obtain a second RRC parameter.
  • the MME may decide to perform CSFB according to the extended service request message, and then encrypt the first RRC parameter by using the derived NAS encryption key based on the NAS confidentiality algorithm negotiated with the UE.
  • a second RRC parameter is obtained.
  • the second RRC parameter may be a ciphertext of the first RRC parameter.
  • Step S1005 The MME performs integrity protection on the second RRC parameter by using the derived NAS integrity key to generate a NAS-MAC.
  • the MME may perform integrity protection on the second RRC parameter based on the NAS integrity algorithm negotiated with the UE and the derived NAS integrity key to generate a NAS-MAC.
  • Step S1006 The MME sends the NAS-MAC, the second RRC parameter, and part of the bit counted by the NAS to the source base station.
  • Step S1007 The source base station sends an RRC connection release message to the UE, where the RRC connection release message includes a NAS-MAC, a second RRC parameter, and a partial bit of the NAS count.
  • the source eNB may update the first RRC parameter according to the UE context change request message, and the source eNB may compare the first RRC parameter sent to the MME in step S1002 with the updated first RRC parameter, when When the first RRC parameter sent to the MME and the updated first RRC parameter are different, the source base station may send the updated first RRC parameter to the MME, and the MME obtains the derivative according to the ASME key and the NAS count of the UE.
  • MME uses derived NAS encryption key pair
  • the updated first RRC parameter is encrypted to obtain the updated second RRC parameter
  • the MME performs integrity protection on the updated second RRC parameter by using the derived NAS integrity key to generate an updated NAS-MAC, source.
  • the base station may send an RRC connection release message to the UE, where the RRC connection release message includes the updated NAS-MAC, the updated second RRC parameter, and some bits of the NAS count. .
  • the source eNB may determine that the first RRC parameter remains unchanged, that is, the information included in the first RRC parameter sent to the MME in step S1002 and the second RRC that needs to be sent to the UE.
  • the information included in the parameter is the same, and the source base station may send an RRC connection release message to the UE, where the RRC connection release message includes the NAS-MAC and the second RRC parameter generated by the MME in step S1005.
  • Step S1008 The UE acquires the NAS count according to part of the bits counted by the NAS.
  • step S1008 in the embodiment of the present invention reference may be made to the step S606 in the sixth embodiment, which is not described in detail in the embodiment of the present invention.
  • Step S1009 The UE obtains the derived NAS integrity key and the derived NAS encryption key by using the ASME key of the UE and the acquired NAS count.
  • the UE may process the ASME key of the UE and the obtained NAS count by using a preset key derivation algorithm negotiated with the MME to obtain a derived NAS integrity key and derived NAS encryption. Key.
  • the UE may process the ASME key of the UE, the obtained NAS count, and the second preset constant by using a key derivation algorithm negotiated with the MME to obtain a derived NAS integrity key.
  • the UE may process the ASME key of the UE, the obtained NAS count, and the third preset constant by using a key derivation algorithm negotiated with the MME to obtain a derived NAS encryption key.
  • Step S1010 The UE verifies the NAS-MAC by using the obtained derived NAS integrity key and the second RRC parameter.
  • the UE may perform integrity protection on the second RRC parameter by using the obtained NAS integrity key based on the NAS integrity algorithm negotiated with the MME to generate a NAS-MAC, and then the UE may generate the UE.
  • the NAS-MAC compares with the NAS-MAC in the RRC Connection Release message. When the NAS-MAC generated by the UE and the NAS-MAC in the RRC Connection Release message are the same, the UE may determine that the NAS-MAC check is successful; when the UE generates When the NAS-MAC in the NAS-MAC and the RRC Connection Release message are different, the UE may determine that the NAS-MAC check fails.
  • Step S1011 When the NAS-MAC check succeeds, the UE decrypts the second RRC parameter by using the obtained derived NAS encryption key to obtain redirection information.
  • the UE may decrypt the second RRC parameter by using the obtained NAS encryption key based on the NAS confidentiality algorithm negotiated with the MME to obtain the redirection information.
  • Step S1012 The UE redirects to the target base station indicated by the redirection information.
  • Step S1013 When the NAS-MAC check fails, the UE disconnects from the source base station.
  • the MME adds encryption protection to the first RRC parameter, which can prevent the first RRC parameter from being forged, falsified or intercepted, and improve the security of the first RRC parameter.
  • the MME is based on the ASME of the UE.
  • the key and NAS counts the derived NAS integrity key and the derived NAS encryption key, and the first RRC parameter is encrypted using the derived NAS encryption key to obtain a second RRC parameter, using the derived NAS integrity key pair.
  • the second RRC parameter performs integrity protection to obtain NAS-MAC. Since the NAS count is a fresh parameter of the NAS layer, The derived NAS integrity key and the derived NAS encryption key obtained each time are different, resulting in different NAS-MACs generated each time, thereby being resistant to replay attacks.
  • FIG. 11 is a schematic structural diagram of a communication apparatus according to an embodiment of the present invention.
  • the communication apparatus may include a receiving module 1101 and a sending module 1102.
  • the detailed description of each module is as follows.
  • the receiving module 1101 is configured to receive an extended service request message from the user equipment.
  • the sending module 1102 is configured to send, according to the extended service request message, a first RRC parameter to the MME, where the first RRC parameter includes redirection information, where the redirection information is used to indicate a target base station that is redirected by the user equipment. .
  • the receiving module 1101 is further configured to receive a NAS-MAC from the MME.
  • the sending module 1102 is further configured to send an RRC connection release message to the user equipment, where the RRC connection release message includes the NAS-MAC and a second RRC parameter, and the second RRC parameter is the NAS-MAC a generating parameter, where the second RRC parameter includes a plaintext or a ciphertext of the first RRC parameter.
  • the RRC connection release message further includes a partial bit of the NAS
  • the receiving module 1101 is further configured to: after the sending, the module 1102 sends the first RRC parameter to the MME, The MME receives a partial bit of the NAS count.
  • the second RRC parameter includes the ciphertext of the first RRC parameter
  • the receiving module 1101 is further configured to receive the second RRC parameter from the MME.
  • the receiving module 1101 receives an extended service request message from the user equipment, and the sending module 1102 sends a first RRC parameter to the MME according to the extended service request message, where the first RRC parameter includes redirection.
  • the information receiving module 1101 receives the NAS-MAC from the MME, and the sending module 1102 sends an RRC connection release message to the user equipment, where the RRC connection release message includes the NAS-MAC and the second RRC parameter, and may be used by the source base station. Identification is performed to improve the security of the user equipment performing CSFB.
  • FIG. 12 is a base station according to an embodiment of the present invention.
  • the base station includes a processor 1201, a memory 1202, and a transceiver 1203.
  • the processor 1201, the memory 1202, and the transceiver 1203 are connected to each other through a bus.
  • the memory 1202 includes, but is not limited to, a random access memory (RAM), a read-only memory (ROM), an Erasable Programmable Read Only Memory (EPROM), or A Compact Disc Read-Only Memory (CD-ROM) for storing related instructions and data, such as an extended service request message, a first RRC parameter of the user equipment, and the like.
  • the transceiver 1203 is configured to receive and transmit data, for example, receive an extended service request message from a user equipment, or send a first RRC parameter or the like to the MME.
  • the processor 1201 may be one or more Central Processing Units (CPUs) or one or more Microcontroller Units (MCUs). In the case where the processor 1201 is a CPU, the CPU may be a single core CPU or a multi-core CPU. The processor 1201 can be combined with the communication shown in FIG. Letter device.
  • CPUs Central Processing Units
  • MCUs Microcontroller Units
  • the processor 1201 in the base station is configured to read the program code stored in the memory 1202 and perform the following operations:
  • the transceiver 1203 Transmitting, by the transceiver 1203, the first RRC parameter to the MME according to the extended service request message, where the first RRC parameter includes redirection information, where the redirection information is used to indicate a target base station that is redirected by the user equipment;
  • the transceiver 1203 Transmitting, by the transceiver 1203, an RRC connection release message to the user equipment, where the RRC connection release message includes the NAS-MAC and a second RRC parameter, where the second RRC parameter is a generation parameter of the NAS-MAC, where The second RRC parameter includes a plaintext or a ciphertext of the first RRC parameter.
  • the RRC connection release message further includes a partial bit of the NAS, and after the processor 1201 sends the first RRC parameter to the MME by using the transceiver 1203, the following operations may also be performed:
  • a portion of the bits of the NAS count is received from the MME by the transceiver 1203.
  • the second RRC parameter includes the ciphertext of the first RRC parameter
  • the processor 1201 may further perform, by using the transceiver 1203, the following: receiving the second RRC parameter from the MME.
  • the processor 1201 receives an extended service request message from the user equipment through the transceiver 1203, and sends a first RRC parameter to the MME according to the extended service request message, where the first RRC parameter includes redirection information, from the MME.
  • Receiving the NAS-MAC sending an RRC connection release message to the user equipment, where the RRC connection release message includes a NAS-MAC and a second RRC parameter, and the base station can be identified to improve the security of the user equipment to perform CSFB.
  • FIG. 13 is a schematic structural diagram of a communication apparatus according to an embodiment of the present invention.
  • the communication apparatus may include a sending module 1301, a receiving module 1302, a checking module 1303, and an orientation module 1304, where details of each module are provided. Described as follows.
  • the sending module 1301 is configured to send an extended service request message to the source base station.
  • the receiving module 1302 is configured to receive an RRC connection release message sent by the source base station, where the RRC connection release message includes a NAS-MAC and a second RRC parameter, where the second RRC parameter is a generation parameter of the NAS-MAC,
  • the second RRC parameter includes redirection information.
  • the verification module 1303 is configured to check the NAS-MAC according to the NAS integrity key of the communication device and the second RRC parameter.
  • the directional module 1304 is configured to redirect to the target base station indicated by the redirection information when the NAS-MAC check succeeds.
  • the RRC connection release message further includes a partial bit of the NAS count.
  • the verification module 1303 is specifically configured to:
  • the NAS-MAC is verified according to the NAS integrity key, the second RRC parameter, and the NAS count.
  • the directional module 1304 is specifically configured to:
  • the verification module 1303 is specifically configured to:
  • the NAS-MAC is verified according to the derived NAS integrity key and the second RRC parameter.
  • the directional module 1304 is specifically configured to:
  • the communications apparatus in the embodiment of the present invention may further include:
  • the disconnection module 1305 is configured to disconnect the connection with the source base station when the NAS-MAC check fails.
  • the sending module 1301 sends an extended service request message to the source base station
  • the receiving module 1302 receives the RRC connection release message sent by the source base station, where the RRC connection release message includes the NAS-MAC and the second RRC parameter,
  • the second RRC parameter includes redirection information
  • the verification module 1303 checks the NAS-MAC according to the NAS integrity key and the second RRC parameter of the communication device.
  • the orientation module 1304 redirects to the redirect.
  • the target base station indicated by the information can identify the source base station and improve the security of the user equipment to perform CSFB.
  • FIG. 14 is a user equipment, where the user equipment includes a processor 1401, a memory 1402, and a transceiver 1403.
  • the processor 1401, the memory 1402, and the transceiver 1403 are connected to each other through a bus. .
  • the memory 1402 includes, but is not limited to, a RAM, a ROM, an EPROM, or a CD-ROM for storing related instructions and data, such as NAS-MAC, second RRC parameters, and the like.
  • the transceiver 1403 is configured to receive and send data, for example, send an extended service request message to the source base station, or receive an RRC connection release message sent by the source base station, and the like.
  • the processor 1401 may be one or more CPUs, or one or more MCUs. In the case where the processor 1401 is a CPU, the CPU may be a single core CPU or a multi-core CPU. The processor 1401 can be combined with the communication device shown in FIG.
  • the processor 1401 in the user equipment is configured to read the program code stored in the memory 1402 and perform the following operations:
  • An extended service request message is sent to the source base station through the transceiver 1403.
  • the transceiver 1403 Receiving, by the transceiver 1403, an RRC connection release message sent by the source base station, where the RRC connection release message includes a NAS-MAC and a second RRC parameter, where the second RRC parameter is a generation parameter of the NAS-MAC, where The second RRC parameter includes redirection information.
  • the NAS-MAC check succeeds, it is redirected to the target base station indicated by the redirect information.
  • the RRC connection release message further includes a partial bit of the NAS count.
  • the processor 1401 verifies the NAS-MAC according to the NAS integrity key of the user equipment and the second RRC parameter, where specifically:
  • the NAS-MAC is verified according to the NAS integrity key, the second RRC parameter, and the NAS count.
  • the processor 1401 is redirected to the target base station indicated by the redirection information, which may be:
  • the processor 1401 verifies the NAS-MAC according to the NAS integrity key of the user equipment and the second RRC parameter, where specifically:
  • the NAS-MAC is verified according to the derived NAS integrity key and the second RRC parameter.
  • the processor 1401 is redirected to the target base station indicated by the redirection information, which may be:
  • processor 1401 can also perform the following operations:
  • the processor 1401 sends an extended service request message to the source base station by using the transceiver 1403, and receives an RRC connection release message sent by the source base station, where the RRC connection release message includes a NAS-MAC and a second RRC parameter.
  • the second RRC parameter includes redirection information, and the NAS-MAC is verified according to the NAS integrity key and the second RRC parameter of the user equipment, and when the NAS-MAC verification is successful, the target base station indicated by the redirection information is redirected.
  • the source base station can be identified to improve the security of the user equipment to perform CSFB.
  • FIG. 15 is a schematic structural diagram of a communication apparatus according to another embodiment of the present invention.
  • the communication apparatus may include a receiving module 1501, an obtaining module 1502, and a sending module 1503.
  • the detailed description of each module is as follows.
  • the receiving module 1501 is configured to receive, by using a source base station of the user equipment, a first RRC parameter, where the first RRC parameter packet And including redirection information, where the redirection information is used to indicate a target base station that is redirected by the user equipment.
  • the obtaining module 1502 is configured to obtain a NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment, where the second RRC parameter is a generation parameter of the NAS-MAC, and the second RRC parameter A plaintext or ciphertext containing the first RRC parameter.
  • the sending module 1503 is configured to send the NAS-MAC to the source base station.
  • the obtaining module 1502 is specifically configured to:
  • the obtaining module 1502 is further configured to use the NAS encryption key pair of the user equipment before obtaining the NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment.
  • the first RRC parameter is encrypted to obtain the second RRC parameter.
  • the obtaining module 1502 is specifically configured to:
  • the second RRC parameter is integrity protected using the derived NAS integrity key to generate the NAS-MAC.
  • the obtaining module 1502 is further configured to: before obtaining the NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment, according to the ASME key and the NAS count of the user equipment. Obtaining a derived NAS encryption key; encrypting the first RRC parameter by using the derived NAS encryption key to obtain the second RRC parameter.
  • the sending module 1503 is further configured to send the second RRC parameter to the source base station.
  • the sending module 1503 is further configured to send, to the source base station, part of the bits of the NAS count.
  • the redirection information includes at least one of redirection control information or a physical cell identifier PCI.
  • the receiving module 1501 receives the first RRC parameter from the source base station of the user equipment, where the first RRC parameter includes redirection information, and the obtaining module 1502 is configured according to the NAS integrity key of the user equipment and the second RRC.
  • the parameter obtains the NAS-MAC, and the sending module 1503 sends the NAS-MAC to the source base station, which can identify the source base station and improve the security of the user equipment to perform CSFB.
  • FIG. 16 is a mobility management entity according to an embodiment of the present invention.
  • the mobility management entity includes a processor 1601, a memory 1602, and a transceiver 1603.
  • the processor 1601, the memory 1602, and the transceiver 1603 Connected to each other via a bus.
  • the memory 1602 includes, but is not limited to, a RAM, a ROM, an EPROM, or a CD-ROM for storing related instructions and data, such as a first RRC parameter of the user equipment, NAS-MAC, and the like.
  • the transceiver 1603 is configured to receive and transmit data, for example, receive a first RRC parameter from a source base station of the user equipment, or send a NAS-MAC or the like to the source base station.
  • the processor 1601 may be one or more CPUs, or one or more MCUs. In the processor 1601 is a In the case of a CPU, the CPU can be a single core CPU or a multi-core CPU. The processor 1601 can be combined with the communication device shown in FIG.
  • the processor 1601 in the MME is configured to read the program code stored in the memory 1602, and perform the following operations:
  • a first RRC parameter from a source base station of the user equipment, where the first RRC parameter includes redirection information, where the redirection information is used to indicate a target base station that is redirected by the user equipment;
  • the NAS-MAC is transmitted to the source base station through the transceiver 1603.
  • the processor 1601 obtains the NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment, where specifically:
  • the following operations may also be performed:
  • the processor 1601 obtains the NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment, where specifically:
  • the second RRC parameter is integrity protected using the derived NAS integrity key to generate the NAS-MAC.
  • the following operations may also be performed:
  • processor 1601 can also perform the following operations:
  • the second RRC parameter is sent to the source base station by the transceiver 1603.
  • processor 1601 can also perform the following operations:
  • a portion of the bits of the NAS count is transmitted by the transceiver 1603 to the source base station.
  • the redirection information includes at least one of redirection control information or a physical cell identifier PCI.
  • the processor 1601 receives a first RRC parameter from a source base station of the user equipment, where the first RRC parameter includes redirection information, obtained according to the NAS integrity key and the second RRC parameter of the user equipment.
  • the NAS-MAC sends a NAS-MAC to the source base station to identify the base station and improve the security of the user equipment to perform CSFB.
  • FIG. 17 is a communication system according to an embodiment of the present invention.
  • the communication system includes a base station 1701 shown in FIG. 12, a user equipment 1702 shown in FIG. 14, and a mobility management entity 1703 shown in FIG.
  • a base station 1701 shown in FIG. 12 a user equipment 1702 shown in FIG. 14, and a mobility management entity 1703 shown in FIG.
  • the program can be stored in a computer readable storage medium, when the program is executed
  • the flow of the method embodiments as described above may be included.
  • the foregoing storage medium includes various media that can store program codes, such as a ROM or a random access memory RAM, a magnetic disk, or an optical disk.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne, dans ses modes de réalisation, un procédé, un dispositif et un système de communication. Ledit procédé comprend les étapes suivantes : un équipement d'utilisateur envoie à une station de base source un message de demande de service étendu ; l'équipement d'utilisateur reçoit un message de libération de connexion RRC envoyé par la station de base source, le message de libération de connexion RRC comprenant un NAS-MAC et un second paramètre RRC, le second paramètre RRC étant un paramètre généré à partir du NAS-MAC, le second paramètre RRC comprenant des informations de redirection ; l'équipement d'utilisateur contrôle le NAS-MAC selon une clé d'intégrité NAS de l'équipement d'utilisateur et le second paramètre RRC ; si le NAS-MAC a réussi le contrôle, l'équipement d'utilisateur est redirigé vers une station de base cible indiquée par les informations de redirection. Les modes de réalisation de la présente invention peuvent être utilisés pour réaliser une reconnaissance d'identité sur la station de base source, ce qui améliore la sécurité pour l'équipement d'utilisateur réalisant un CSFB.
PCT/CN2017/083190 2017-05-05 2017-05-05 Procédé, dispositif et système de communication WO2018201440A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/083190 WO2018201440A1 (fr) 2017-05-05 2017-05-05 Procédé, dispositif et système de communication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/083190 WO2018201440A1 (fr) 2017-05-05 2017-05-05 Procédé, dispositif et système de communication

Publications (1)

Publication Number Publication Date
WO2018201440A1 true WO2018201440A1 (fr) 2018-11-08

Family

ID=64016909

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/083190 WO2018201440A1 (fr) 2017-05-05 2017-05-05 Procédé, dispositif et système de communication

Country Status (1)

Country Link
WO (1) WO2018201440A1 (fr)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101867986A (zh) * 2009-04-20 2010-10-20 大唐移动通信设备有限公司 一种csfb功能的激活方法及系统
CN102232317A (zh) * 2010-10-26 2011-11-02 华为技术有限公司 移动交换中心池中的寻呼处理方法及装置
US20130201924A1 (en) * 2012-02-07 2013-08-08 Qualcomm Incorporated Data radio bearer (drb) enhancements for small data transmissions apparatus, systems, and methods
CN103607783A (zh) * 2013-12-06 2014-02-26 中国联合网络通信集团有限公司 一种csfb呼叫建立方法及用户设备
CN103813300A (zh) * 2012-11-14 2014-05-21 华为终端有限公司 数据传输方法、设备及系统
US20160007239A1 (en) * 2013-02-26 2016-01-07 Samsung Electronics Co., Ltd. Method and system for improving circuit switched fall back (csfb) performance

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101867986A (zh) * 2009-04-20 2010-10-20 大唐移动通信设备有限公司 一种csfb功能的激活方法及系统
CN102232317A (zh) * 2010-10-26 2011-11-02 华为技术有限公司 移动交换中心池中的寻呼处理方法及装置
US20130201924A1 (en) * 2012-02-07 2013-08-08 Qualcomm Incorporated Data radio bearer (drb) enhancements for small data transmissions apparatus, systems, and methods
CN103813300A (zh) * 2012-11-14 2014-05-21 华为终端有限公司 数据传输方法、设备及系统
US20160007239A1 (en) * 2013-02-26 2016-01-07 Samsung Electronics Co., Ltd. Method and system for improving circuit switched fall back (csfb) performance
CN103607783A (zh) * 2013-12-06 2014-02-26 中国联合网络通信集团有限公司 一种csfb呼叫建立方法及用户设备

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
HUAWEI ET AL.: "Enhanced NAS Token Solution for LTE Redirection Attack", 3GPP TSG SA WG3 (SECURITY) MEETING #87 S 3-171245, 9 May 2017 (2017-05-09), XP051269217 *

Similar Documents

Publication Publication Date Title
US11228905B2 (en) Security implementation method, related apparatus, and system
KR102547749B1 (ko) 완전 순방향 비밀성을 통한 인증 및 키 합의
US11582602B2 (en) Key obtaining method and device, and communications system
US20180310170A1 (en) Communication Method and Device
KR101091793B1 (ko) 보안 키 변경 처리 방법 및 관련 통신 기기
US20090209259A1 (en) System and method for performing handovers, or key management while performing handovers in a wireless communication system
JP4820429B2 (ja) 新しい鍵を生成する方法および装置
CN112154624A (zh) 针对伪基站的用户身份隐私保护
WO2014134786A1 (fr) Procédé et appareil d'interaction de clés
EP2266334A2 (fr) Procédés, appareils et produits de programme d'ordinateur pour fournir une séparation cryptographique à multiples sauts pour des transferts
WO2022127656A1 (fr) Procédé d'authentification et appareil associé
JP6651613B2 (ja) ワイヤレス通信
KR20100126691A (ko) 무선 통신 시스템에서 핸드오버들을 수행, 또는 핸드오버들을 수행하면서 키 관리를 수행하는 시스템 및 방법
CN113170369B (zh) 用于在系统间改变期间的安全上下文处理的方法和装置
US20190149326A1 (en) Key obtaining method and apparatus
CN109842881B (zh) 通信方法、相关设备以及系统
WO2008152611A1 (fr) Dispositif, procédé et progiciel produisant un conteneur transparent
CN111465060A (zh) 一种确定安全保护方式的方法、装置及系统
WO2018201440A1 (fr) Procédé, dispositif et système de communication
WO2020147602A1 (fr) Procédé, appareil et système d'authentification
US10390224B2 (en) Exception handling in cellular authentication
WO2018176273A1 (fr) Procédé, appareil, et système de communication
WO2021160996A1 (fr) Module de traitement pour authentifier un dispositif de communication dans un réseau compatible 3g

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17908269

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17908269

Country of ref document: EP

Kind code of ref document: A1