WO2018205831A1 - Procédé et appareil de vérification de réseau, dispositif et support de stockage - Google Patents

Procédé et appareil de vérification de réseau, dispositif et support de stockage Download PDF

Info

Publication number
WO2018205831A1
WO2018205831A1 PCT/CN2018/084290 CN2018084290W WO2018205831A1 WO 2018205831 A1 WO2018205831 A1 WO 2018205831A1 CN 2018084290 W CN2018084290 W CN 2018084290W WO 2018205831 A1 WO2018205831 A1 WO 2018205831A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
terminal device
information
verification
terminal
Prior art date
Application number
PCT/CN2018/084290
Other languages
English (en)
Chinese (zh)
Inventor
张丽
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2018205831A1 publication Critical patent/WO2018205831A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/062Pre-authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W74/00Wireless channel access, e.g. scheduled or random access
    • H04W74/08Non-scheduled or contention based access, e.g. random access, ALOHA, CSMA [Carrier Sense Multiple Access]
    • H04W74/0833Non-scheduled or contention based access, e.g. random access, ALOHA, CSMA [Carrier Sense Multiple Access] using a random access procedure
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W60/00Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W74/00Wireless channel access, e.g. scheduled or random access
    • H04W74/08Non-scheduled or contention based access, e.g. random access, ALOHA, CSMA [Carrier Sense Multiple Access]

Definitions

  • the present invention relates to, but is not limited to, the field of wireless communication technologies, and in particular, to a network verification method and apparatus, device, and storage medium.
  • LTE Long Term Evolution
  • random access is a basic and important process in the LTE system.
  • the terminal device needs to access the base station to communicate with the base station. Access process.
  • the terminal device In the existing LTE system, the terminal device has a connected state and an idle state, and the terminal device that establishes a connection with the base station through a random access procedure is in a connected state.
  • FIG. 1 it is a flowchart of a random access procedure in an existing LTE system.
  • the contention-based random access procedure usually includes the following four steps: Step 1: The terminal device sends a random access request message, for example, through system information or Radio Resource Control (RRC) signaling, for obtaining random access.
  • RRC Radio Resource Control
  • the base station sends a random access response message
  • the random access radio network Tempory Identity (RA-RNTI) used by the terminal may be determined by the time-frequency location adopted by the random access preamble sequence.
  • Step 4 The base station parses the uplink data on the uplink authorized resource, confirms the terminal, resolves the conflict, and sends the contention resolution identifier to the terminal.
  • the terminal device needs to perform mutual authentication with the network device after the random access process is completed. It can be seen from the random access process shown in FIG. 1 that the terminal device accessing the network device requires more signaling overhead and takes a longer time. time. Therefore, the delay in performing network verification is long, and it is difficult to meet the demand for low latency of the service.
  • the method for performing network verification in the prior art is that the terminal device needs to perform mutual authentication with the network device after completing the random access process, which causes a problem that the network authentication has a long delay.
  • the embodiment of the present invention provides a network authentication method, device, device, and storage medium, to solve the method for performing network verification in the prior art, because the terminal device needs to perform mutual authentication with the network device after completing the random access process.
  • an embodiment of the present invention provides a network verification method, including:
  • the network device sends a paging message including network authentication information, where the network verification information is used by the terminal device to verify the network device, where the terminal device is in an inactive state;
  • the network device receives a network verification response message sent by the terminal device.
  • an embodiment of the present invention provides a network verification method, including:
  • the terminal device verifies the network device according to the network verification information
  • the terminal device sends a network verification response message to the network device.
  • an embodiment of the present invention provides a network authentication apparatus, where the network verification apparatus includes:
  • a sending module configured to send a paging message including network authentication information, where the network verification information is used by the terminal device to verify the network device, where the terminal device is in an inactive state;
  • the receiving module is configured to receive a network verification response message sent by the terminal device.
  • an embodiment of the present invention provides a network authentication apparatus, where the network verification apparatus includes:
  • a receiving module configured to receive a paging message that is sent by the network device, including network authentication information, where the terminal device is in an inactive state;
  • the verification module is configured to verify the network device according to the network verification information received by the receiving module;
  • a sending module configured to send a network verification response message to the network device.
  • an embodiment of the present invention provides a network device, including a memory and a processor, where the memory stores a computer program executable on a processor, where the processor implements the network device side when the program is executed. The steps in the network verification method.
  • an embodiment of the present invention provides a terminal device, including a memory and a processor, where the memory stores a computer program executable on a processor, and when the processor executes the program, the terminal device side is implemented. The steps in the network verification method.
  • an embodiment of the present invention provides a computer readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the steps in the network verification method on the terminal device side or the network device side are implemented.
  • the network authentication method and device, the device, and the storage medium provided by the embodiment of the present invention send a paging message including network authentication information through the network device, and the network verification information indicates that the terminal device performs verification on the network device, and the terminal device pair After the verification, the network authentication response message sent by the terminal is received, where the terminal device is a terminal device in an inactive state or a lightly connected state; the technical solution provided by the embodiment of the present invention is based on an inactive state or a lightly connected state.
  • the related protocol stipulates that the mutual authentication between the terminal device and the network device can be completed in the process of performing random access, which solves the method for performing network authentication in the prior art, because the terminal device needs to complete the random access process before the network device can Perform mutual authentication, which leads to a long delay in performing network verification.
  • 1 is a flow chart of a random access procedure in an existing LTE system
  • FIG. 2 is a schematic diagram of a network architecture in an existing LTE system
  • FIG. 4 is a flowchart of a network verification method according to an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of a C-RAN frame in the prior art
  • FIG. 6 is a schematic structural diagram of a CU-DU separation network architecture
  • FIG. 7 is a schematic diagram of an application scenario of a network verification method applied to a CU-DU separation network architecture according to an embodiment of the present disclosure
  • FIG. 8 is a flowchart of signaling interaction of a network verification method according to an embodiment of the present invention.
  • FIG. 9 is a flowchart of signaling interaction of another network authentication method according to an embodiment of the present invention.
  • FIG. 10 is a flowchart of another network verification method according to an embodiment of the present invention.
  • FIG. 11 is a schematic structural diagram of a network authentication apparatus according to an embodiment of the present disclosure.
  • FIG. 12 is a schematic structural diagram of another network authentication apparatus according to an embodiment of the present disclosure.
  • FIG. 13 is a schematic structural diagram of still another network verification apparatus according to an embodiment of the present disclosure.
  • FIG. 14 is a schematic structural diagram of still another network verification apparatus according to an embodiment of the present disclosure.
  • FIG. 15 is a schematic diagram of a hardware entity of a network authentication device according to an embodiment of the present invention.
  • FIG. 2 it is a schematic diagram of a network architecture in the existing LTE system.
  • the LTE system includes an Evolved Universal Terrestrial Radio Access Network (E-UTRAN) and a Core Network (CN), and the E-UTRAN includes an evolved Node B (eNB), and the CN includes Mobile Management Entity (MME) and Serving Gateway (S-GW).
  • the eNB and the CN are connected through an S1 interface, and the eNBs are connected through an X2 interface.
  • One eNB can manage one or more cells (Cells).
  • a terminal device also called a User Equipment (UE), is called an Uu interface (or an air interface). (The cell managed by the eNB and the Uu interface between the cells are not shown in FIG. 2) .
  • UE User Equipment
  • Step 1 The terminal selects resources in the unscheduled resource pool and sends uplink data.
  • Step 2 After the base station parses the uplink data, it responds with a response or data.
  • the simplified random access procedure reduces the signaling overhead between the network device and the network device when the terminal device accesses the network to a certain extent.
  • the current LTE system technology for reducing signaling overhead includes the inactive state of the light-connected UE (Lighted Connected UE) and the 5th Generation Mobile Communication (5G) system in the R14 standardization process. )Wait.
  • the terminal device and the network device can maintain a "lighter" connection state or an inactive state; for example, in the inactive state technology, the terminal device is disconnected from the network device, and the base station is disconnected.
  • the S1 connection of the terminal device is always maintained.
  • the terminal device in the inactive state has data to be transmitted, the connection between the terminal device and the network device needs to be re-established.
  • a radio access network (RAN)-based paging mechanism In the standardization process of the 3rd Generation Partnership Project (3GPP), a radio access network (RAN)-based paging mechanism has been widely discussed and widely agreed. That is, the base station directly sends a paging message to the terminal device. Under this paging mechanism, the definition of the paging area has several candidates in the standard discussion, such as a cell list, an identity code (Identity, ID), a tracking area, etc.
  • the unique identification information of the terminal device in the paging area is, for example, a Resume ID, and the resume ID is 40 bits, and is composed of a 20-bit eNB ID (a base station to which the terminal device belongs) and a 20-bit UE ID.
  • the terminal device still needs to establish and network devices. After the connection, you can authenticate with the network device. Therefore, it is more restrictive for reducing the delay of network verification. Obviously, there is a need to provide a method of performing network verification to reduce signaling overhead and achieve lower latency.
  • the terminal device in the following embodiments refers to an inactive or lightly connected terminal device, for example, a UE, and the foregoing two states have the same characteristics. That is, the RRC connection is disconnected between the terminal device and the network device, and the base station always maintains the S1 connection with the terminal device.
  • the terminal device is in an inactive state, and the terminal device is in a light connection state; the network device may be a figure.
  • the following specific embodiments of the present invention may be combined with each other, and the same or similar concepts or processes may not be described in some embodiments.
  • FIG. 4 is a flowchart of a network verification method according to an embodiment of the present invention.
  • the network verification method provided in this embodiment is applicable to the case where the network device is authenticated when the terminal device is in an inactive state or a lightly connected state, and the method may be performed by a network verification device, where the network verification device is combined by hardware and software. To achieve this, the device can be integrated into the processor of the network device for use by the processor. As shown in FIG. 4, the method in this embodiment may include the following steps:
  • the network device sends a paging message that includes network authentication information, where the network authentication information is used by the terminal device to verify the network device, where the terminal device is in an inactive state.
  • the network verification method provided by the embodiment of the present invention is a method for mutual authentication between a terminal device and a network device.
  • the network device may carry the network authentication information when the paging message is sent, and the paging message is carried on the paging control channel (PCCH).
  • PCCH paging control channel
  • the network authentication information sent by the network device may be received in the process of initiating the random access, so that the network can be completed before the random access process in the existing LTE system is completed. The device is verified.
  • the terminal device in the embodiment of the present invention is a terminal device in an inactive state or a lightly connected state, and may adopt a related standard protocol of an inactive state and a light connection state technology.
  • the paging message may be directly sent to the terminal device, and the network authentication information is carried in the paging message, and the terminal device performs verification on the network device, and then the terminal device may Initiating a random access procedure, performing network device-to-terminal verification and downlink transmission in a random access process; in addition, when the network device needs to release the context of the terminal device, it may also directly send a page carrying the network authentication information to the terminal device.
  • the random access procedure may be directly initiated, and the verification of the network device is completed through a random access procedure.
  • the network verification information may include, but is not limited to, check information, security algorithm configuration information, and Next Hop Chaining Count (NCC) information, etc., wherein the verification information may be complete or not.
  • NCC Next Hop Chaining Count
  • the terminal device may calculate the MAC-I according to the network verification information and the related configuration, and compare with the sent MAC-I to implement verification on the network device.
  • the network device receives a network verification response message sent by the terminal device.
  • the terminal device may send a network verification response message to the network device, and correspondingly, the network device receives the network verification response message, and the network The verification response message is used to indicate whether the verification of the network device by the terminal device is passed. At this point, the verification of the network device by the terminal device is completed.
  • the embodiment of the present invention can be applied to a scenario in which a network device has a downlink data/downlink control information to be sent or a network device needs to release a context of the terminal device.
  • the network device directly sends a paging message to indicate the terminal.
  • the device can be used for the verification.
  • the embodiment of the present invention can also be applied to the scenario in which the terminal device has the uplink data/uplink control information to be sent.
  • the S110 can also include the terminal device to initiate random access, which includes the following steps: The network device receives the random access request message sent by the terminal device; the network device sends a random access response message to the terminal device.
  • the network authentication and random access procedures in the existing LTE technologies are mainly directed to idle terminal devices, and when the terminal devices have uplink data/uplink control information, and the network devices have downlink data/downlink control information coming or need to release the terminal devices.
  • the context of the network device needs to be verified after the random access process is initiated and completed, that is, when the terminal device is in the connected state.
  • the network verification method provided by the embodiment of the present invention is directed to a light connection state in which the R14 is being standardized and an inactive terminal device in the 5G system.
  • the verification of the network device may be completed in the process of initiating the random access.
  • the network device needs to send the downlink data/downlink control information
  • the paging message may be sent to the terminal device, and the network authentication information is carried in the paging message, and the terminal device performs verification on the network device, so that the paging device can complete the
  • the network device verifies the process, and then sends the response.
  • the network device (such as the base station) then verifies the terminal device. After the verification succeeds, the network device can send the downlink data.
  • the terminal device When the network device (such as a base station) sends a paging message carrying the release terminal to the terminal, the terminal device passes the verification, and then the terminal device releases the context.
  • the method provided by the embodiment of the present invention is beneficial to reducing the signaling overhead of the terminal device before performing verification on the network device, thereby reducing the delay for performing network verification.
  • the uplink data reaches the scenario, and generally does not involve a paging process.
  • the paging is for the downlink data arrival or release process, and the direct random access process completes the network-to-terminal and terminal-to-network verification.
  • the network device is generally authenticated according to the paging message, and then the terminal device releases the context without involving the random access procedure.
  • the network verification method provided by the embodiment of the present invention sends a paging message including network authentication information by using the network device, and the network verification information indicates that the terminal device performs verification on the network device, and after the terminal device verifies the network device, the receiving terminal
  • the network authentication response message sent wherein the terminal device is a terminal device in an inactive state or a lightly connected state; the method provided by the embodiment of the present invention is based on an inactive state or a light connection state related protocol, the terminal device and the network
  • the mutual authentication of the device can be completed in the process of performing random access, and the method for performing network authentication in the prior art is solved.
  • the terminal device needs to perform mutual authentication with the network device after completing the random access process, thereby causing the network to be executed. Verify that the delay is longer.
  • the network device may be an MME or an S-GW in the CN, or may be a base station in the access network; that is, the paging message sent by the network device in the S110 may be based on the S1 interface.
  • the paging that is, the paging message initiated by the CN, may also be a RAN-based paging, that is, a paging message initiated by the base station, wherein the base station may be the source base station or the target base station due to the mobility of the terminal device.
  • the implementation manner of S110 in the embodiment of the present invention may include: the target base station receives a paging message that is sent by the source base station and includes network authentication information; and the target base station sends the paging message to the terminal device.
  • uplink and downlink data transmission is supported in an inactive state.
  • the inactive state since the terminal device is likely to move, that is, the base station to which the terminal device belongs is likely to change, when the uplink data/uplink control information of the terminal device arrives, the new base station (ie, the target base station) Without the relevant context information of the terminal device, the data transmitted by the terminal device cannot be decoded, and the target base station to which the terminal device belongs directly forwards the received uplink data/uplink control information to the source base station of the terminal device, and the source base station performs data analysis. After parsing, the analysis result is fed back to the target base station.
  • the scheme needs to establish a common transmission channel between the target base station and the source base station based on the General Packet Radio Service (GPRS) Tunneling Protocol (GTP), because the terminal device is in an inactive state and Carrying uplink data/uplink control information, so a common transmission channel between the source base station and the target base station can be established in advance.
  • GPRS General Packet Radio Service
  • GTP General Packet Radio Service Tunneling Protocol
  • the verification of the terminal device and the network device includes a process in which the terminal side and the network side authenticate each other, that is, how the network device proves that a certain effective terminal device is transmitting data, and how the terminal device determines Is communicating with an active network device.
  • the network verification response message received by the network device in the S120 may carry the terminal verification information used by the network device to verify the terminal device.
  • the method provided by the embodiment of the present invention may further include:
  • the network device verifies the terminal device according to the terminal verification information.
  • the terminal device since the terminal device moves out of the service area of the source base station, the paging message needs to be forwarded by the target base station.
  • the network authentication information may also include, but is not limited to, full/short MAC-I information, security algorithm configuration information, NCC information for updating the key, and the like.
  • the downlink data/downlink control information may be sent to the terminal device.
  • the foregoing S110 may further include: the network device receiving the random access request message sent by the terminal device; and the network device sending the random access response message to the terminal device
  • the network device receives the uplink message sent by the terminal device, where the uplink message includes the data information, the terminal verification information, and the identifier information of the terminal device, where the terminal verification information is used to indicate that the network device performs verification on the terminal device, and the terminal verification information is Also included but not limited to: verification information (full/short MAC-I information), security algorithm configuration information, and NCC information.
  • the network device may include: a central unit (CU) and a plurality of distributed units (DUs) respectively connected to the CU.
  • C-RAN Central Radio Access Network
  • this embodiment uses the C-RAN architecture as an example to illustrate the network verification method in the C-RAN architecture.
  • FIG. 5 it is a schematic structural diagram of a C-RAN architecture in the prior art, which is divided into CU and DU, and one CU can be connected to multiple DUs, wherein the CU is deployed in the core equipment room, and the DU is deployed in the wireless coverage area.
  • DUs cover different areas, and CUs and DUs are connected through a front-end interface (fronthaul).
  • PDCP Packet Data Convergence Protocol
  • RLC Radio Link Control Protocol
  • MAC Media Access Control
  • PHY Physical
  • the MAC layer and the PHY layer In the inactive state, the MAC layer and the PHY layer generally use the default configuration for the transmission of the uplink or downlink data. Therefore, in the embodiment of the present invention, it is necessary to consider how the RLC layer, the PDCP layer, and the like are processed. Two schemes can be used: one method is that the RLC layer remains in the source DU; and another method is to newly establish a relevant bearer for the terminal device under the new node.
  • the embodiment of the present invention is an example in which the RLC layer is reserved in the source DU, and the method for verifying the terminal device and the network device in the CU-DU separate network architecture is illustrated. As shown in FIG. 7, the network authentication method is provided in the embodiment of the present invention.
  • FIG. 8 is a flowchart of signaling interaction of a network verification method according to an embodiment of the present invention.
  • the method provided by the embodiment of the present invention is applied to a CU-DU separation network architecture, where a PDCP layer is located in a CU, and an RLC layer, a MAC layer, and a PHY layer are located in a DU.
  • the inactive terminal device moves to the service area of the new DU (ie, the target DU).
  • An interface exists between the source DU and the target DU, and a common transmission channel (including a control signaling channel and a user plane data channel) for transmitting data and control information for the terminal device in the inactive state is established between the source DU and the target DU.
  • a common transmission channel including a control signaling channel and a user plane data channel
  • the source MAC and the target DU have default MAC layer and PHY layer configurations to support the terminal device to transmit uplink data in the inactive state, and the source DU retains the RLC related parameters of the terminal device and Configuration.
  • the implementation manner of S110 in the foregoing embodiment of the present invention may include the following steps:
  • the PDCP layer of the CU sends the network verification information to the source DU by using a channel for carrying the paging message or a channel for carrying the control signaling.
  • the network authentication information includes, for example, a short/full MAC-I and a security algorithm configuration. Information and NCC, etc.; the network authentication information is transmitted in the form of a data packet, for example, a PDCP Protocol Data Unit (PDU) (ie, a PDCP PDU).
  • PDU PDCP Protocol Data Unit
  • the channel for carrying the paging message is, for example, a paging control channel (PCCH), and the channel for carrying control signaling is, for example, a Common Control Channel (CCCH).
  • PCCH paging control channel
  • CCCH Common Control Channel
  • the source DU sends the network verification information to the target DU through the public transmission channel.
  • the information needs to carry the resume ID of the terminal device.
  • the target DU sends a paging message including network authentication information to the terminal device, where the network verification information is used by the terminal device to verify the network device, thereby solving the contention.
  • the target DU may also send network authentication information in other manners, for example, the target DU passes the Media Access Control Element (MAC CE) mode. Send network authentication information to the terminal device.
  • MAC CE Media Access Control Control Element
  • the four-step random access procedure in the LTE system is taken as an example to describe a process in which the terminal device and the network device perform verification when the terminal device in the inactive state has the uplink data, that is, the method provided by the embodiment of the present invention.
  • the method may further include: before S241:
  • the target DU receives a random access request message sent by the terminal device.
  • the random access request message is mainly used to send a random access preamble (preamble) through the specified resource;
  • the specified resource may be a dedicated resource or a resource in a public resource pool.
  • the target DU sends a random access response message to the terminal device.
  • the random access response message may include, but is not limited to, the following messages: a timing advance message (TA), an uplink scheduling grant message (UL Grant), terminal identification information (T-C-RNTI), and other auxiliary information (BI).
  • TA timing advance message
  • UL Grant uplink scheduling grant message
  • T-C-RNTI terminal identification information
  • BI auxiliary information
  • the target DU receives an uplink message sent by the terminal device, where the uplink message includes data information, terminal verification information, and identifier information of the terminal device.
  • the uplink message may be in different message types in different application scenarios.
  • the composition of the uplink message may include: data+full/short MAC-I+resume ID.
  • the target DU sends an uplink message to the RLC layer of the source DU.
  • the RLC layer of the source DU sends an uplink message to the PDCP layer of the CU.
  • the destination DU can send an uplink message to the RLC of the source DU, because an interface exists between the source DU and the target DU, and there is a common transmission channel for data/control signaling transmission between the source DU and the target DU.
  • the layer is then sent to the PDCP layer of the CU through the RLC layer of the source DU; in addition, since the RLC layer remains in the source DU, that is, the format of the data packet transmitted by the target DU to the interface between the source DUs is the MAC layer service.
  • a Service Data Unit (SDU) ie, a MAC SDU
  • RLC PDU PDU
  • the PDCP layer of the CU verifies the terminal device according to the terminal verification information, and decrypts the data information.
  • the PDCP layer in the CU may be on the network side, because the uplink message includes the terminal verification information (for example, full/short MAC-I).
  • the terminal device performs verification, and decrypts the uplink data/uplink control information to complete verification of the terminal device by the network device.
  • the embodiment shown in FIG. 8 is an example of the arrival of the uplink data/uplink control information of the terminal device, and illustrates the manner in which the terminal device authenticates the network device in the CU-DU network architecture.
  • the manner in which the terminal device authenticates the network device can refer to the process shown in FIG. 8.
  • the terminal device After performing S241 to S243, the terminal device obtains the network authentication information, and then the terminal device verifies the PDCP layer of the CU, and after the verification succeeds, the terminal device initiates a random access procedure, in which the PDCP layer of the CU is implemented to the terminal device. Verification and transmission of downstream messages.
  • FIG. 9 is a flowchart of signaling interaction of another network authentication method according to an embodiment of the present invention.
  • the embodiment of FIG. 9 illustrates that a terminal device authenticates a network device by using downlink data arrival on the network side as an example.
  • the method provided by the embodiment of the present invention may include the following steps:
  • the target base station After receiving the paging message, the target base station forwards the paging message to the terminal device.
  • the network authentication information may also include, but is not limited to, full/short MAC-I information, security algorithm configuration information, NCC information for updating the key, and the like.
  • the terminal device may calculate the MAC-I according to the network verification information and the related configuration, and compare with the sent MAC-I to implement verification on the source base station.
  • the terminal device sends a network verification response message, where the network verification response message may carry terminal verification information used by the network device to perform verification on the terminal device.
  • the target base station After receiving the network verification response message, the target base station forwards the network verification response message to the source base station.
  • S360 The source base station verifies the terminal equipment setting.
  • the downlink data may be sent to the target base station.
  • the target base station forwards the downlink data to the terminal device.
  • the network device may release the context of the terminal device for some reason.
  • the processing method may be: the network device directly releases the context of the terminal device by carrying a release command in the paging message.
  • the terminal device when the release command is received, it is also required to verify whether the paging message is from a valid network device. Therefore, the paging message may carry relevant network verification information for the terminal device to verify the network device.
  • the method may include: the network device determines to release the context of the designated terminal device, and determines the identification information of the designated terminal device.
  • the network device sends the paging message including the network authentication information, and the network device may send the paging message to the designated terminal device according to the identifier information of the specified terminal device, where the paging message further includes a release command.
  • the release instruction is used to instruct the specified terminal device to release the context of the terminal device.
  • the base station determines the identifier information of the terminal device that needs to release the specified inactive state of the context, and sends a paging message to the designated terminal device, where the paging message may be carried to indicate that the specified terminal device is released.
  • the release command of the context in addition, the paging message carries the network verification information at the same time, for example, but not limited to: full/short MAC-I information, security algorithm configuration information, NCC information for updating the key, etc., for The terminal device verifies the network device.
  • the terminal device may calculate the MAC-I according to the network authentication information and the related configuration, and compare with the sent MAC-I to implement verification on the source base station; After the verification, the terminal device detects whether the paging message is a message sent to itself and whether the message includes a release instruction for releasing its context; if the release command for releasing the terminal device is included, the terminal device clears its context. After the information enters the idle state; if the verification of the source base station fails, the process of releasing the terminal device context fails.
  • FIG. 10 is a flowchart of another network verification method according to an embodiment of the present invention.
  • the network verification method provided in this embodiment is applicable to the case where the network device is authenticated when the terminal device is in an inactive state or a lightly connected state, and the method may be performed by a network verification device, where the network verification device is combined by hardware and software. To achieve this, the device can be integrated in the processor of the terminal device for use by the processor. As shown in FIG. 10, the method in this embodiment may include the following steps:
  • the terminal device receives a paging message that is sent by the network device and includes network authentication information, where the terminal device is in an inactive state.
  • the network verification method provided by the embodiment of the present invention is a method for mutual authentication between a terminal device and a network device.
  • the terminal device may receive the network device carrying the network authentication information when the paging message is sent, and the paging message is carried on the PCCH.
  • the network authentication information sent by the network device may be received in the process of initiating the random access, so that the network can be completed before the random access process in the existing LTE system is completed. The device is verified.
  • the terminal device in the embodiment of the present invention is a terminal device in an inactive state or a lightly connected state, and may adopt a related standard protocol of an inactive state and a light connection state technology.
  • the paging message may be directly sent to the terminal device, and the network authentication information is carried in the paging message, and the terminal device performs verification on the network device, and then the terminal device may Initiating a random access procedure, performing network device-to-terminal verification and downlink transmission in a random access process; in addition, when the network device needs to release the context of the terminal device, it may also directly send a page carrying the network authentication information to the terminal device.
  • the random access process may be directly initiated, and the verification of the network device is completed through a random access procedure.
  • the network verification information may include, but is not limited to, check information, security algorithm configuration information, and NCC information, etc., wherein the verification information may be full/short MAC-I information, and the NCC is used to update the key.
  • the terminal device may calculate the MAC-I according to the network verification information and the related configuration, and compare with the sent MAC-I to implement verification on the network device.
  • the terminal device verifies the network device according to the network verification information.
  • the terminal device sends a network verification response message to the network device.
  • the network device may send a network verification response message, where the network verification response message is used to indicate the verification of the network device by the terminal device. Whether it passed. At this point, the verification of the network device by the terminal device is completed.
  • the embodiment of the present invention can be applied to a scenario in which a network device has downlink data/downlink control information to be sent.
  • a network device directly sends a paging message to instruct the terminal device to verify the same.
  • the example may also be applied to a scenario in which the terminal device needs to send uplink data/uplink control information.
  • the S410 may also include the terminal device to initiate random access.
  • the network authentication and random access procedures in the existing LTE technologies are mainly directed to idle terminal devices, and when the terminal devices have uplink data/uplink control information, and the network devices have downlink data/downlink control information coming or need to release the terminal devices.
  • the context of the network device needs to be verified after the random access process is initiated and completed, that is, when the terminal device is in the connected state.
  • the network verification method provided by the embodiment of the present invention is directed to a light connection state in which the R14 is being standardized and an inactive terminal device in the 5G system.
  • the verification of the network device may be completed in the process of initiating the random access.
  • the network device needs to send the downlink data/downlink control information
  • the paging message may be sent to the terminal device, and the network authentication information is carried in the paging message, and the terminal device performs verification on the network device, so that the paging device can complete the
  • the network device verifies the process, and then sends the response.
  • the network device (such as the base station) then verifies the terminal device. After the verification succeeds, the network device can send the downlink data.
  • the terminal device When the network device (such as a base station) sends a paging message carrying the release terminal to the terminal, the terminal device passes the verification, and then the terminal device releases the context.
  • the method provided by the embodiment of the present invention is beneficial to reducing the signaling overhead of the terminal device before performing verification on the network device, thereby reducing the delay for performing network verification.
  • the network verification method provided by the embodiment of the present invention receives the paging message including the network verification information sent by the network device by using the terminal device, and the terminal device verifies the network device according to the network verification information, and then sends the network verification response to the network device.
  • a message, wherein the terminal device is a terminal device in an inactive state or a lightly connected state; the method provided by the embodiment of the present invention, based on an inactive or lightly connected state, the mutual authentication of the terminal device and the network device may be In the process of performing random access, the method for performing network verification in the prior art is solved. Since the terminal device needs to perform mutual authentication with the network device after completing the random access process, the delay of performing network verification is compared. Long question.
  • the network device may be an MME or an S-GW in the CN, or may be a base station in the access network; that is, the paging message sent by the network device in S410 may be based on the S1 interface.
  • the paging that is, the paging message initiated by the CN, may also be a RAN-based paging, that is, a paging message initiated by the base station, wherein the base station may be the source base station or the target base station due to the mobility of the terminal device.
  • the terminal device moves out of the service area of the source base station, the paging message received by the terminal device is forwarded by the target base station, and at this time, the network that sends the paging message
  • the device is a target base station.
  • the implementation manner of the network device sending the paging message in the embodiment of the present invention includes: a paging message that includes the network verification information sent by the source base station to the target base station; and the target base station sends the paging message to the terminal device.
  • the verification of the terminal device and the network device includes a process in which the terminal side and the network side authenticate each other, that is, how the network device proves that a certain effective terminal device is transmitting data, and how the terminal device determines Is communicating with an active network device.
  • the network verification response message sent by the terminal device in the S430 may carry the terminal verification information used by the network device to verify the terminal device, and the network device may The terminal device is authenticated according to the terminal verification information.
  • the paging message needs to be forwarded by the target base station because the terminal device moves out of the service area of the source base station, and the network verification information may also include: but not limited to: full/ Short MAC-I information, security algorithm configuration information, NCC information used to update the key, and so on.
  • the terminal device can receive downlink data/downlink control information sent by the network device.
  • the foregoing S410 may further include: the terminal device sends a random access request message to the network device; and the terminal device receives the random access response message sent by the network device.
  • the terminal device sends an uplink message, where the uplink message includes the data information, the terminal verification information, and the identifier information of the terminal device, where the terminal verification information is used to instruct the network device to perform verification on the terminal device, where the terminal verification information also includes but is not limited to: Check information (full/short MAC-I information), security algorithm configuration information, and NCC information.
  • the network device may further include: a CU and a plurality of DUs respectively connected to the CU.
  • a CU-DU separation network architecture reference may be made to the structure shown in FIG. 6 and FIG. 7 .
  • the application of the network verification method provided in the CU-DU separation network architecture may refer to the process shown in FIG. 8 , so it is no longer Narration.
  • the network device may release the context of the terminal device for some reason.
  • the processing method may be: the network device directly releases the context of the terminal device by carrying a release command in the paging message.
  • the terminal device when the release command is received, it is also required to verify whether the paging message is from a valid network device. Therefore, the paging message may carry relevant network verification information for the terminal device to verify the network device.
  • the paging message received by the terminal device in S410 may further include a release command
  • the method provided by the embodiment of the present invention may further include: when the terminal device is connected to the network When the device passes the verification, it is determined whether the paging message includes a release instruction for indicating the release of the context of the terminal device; when the terminal device determines that the paging message includes the release instruction, clearing the context information of the terminal device and entering the idle state Status; if the terminal device fails verification of the network device, the process of releasing the terminal device context fails.
  • FIG. 11 is a schematic structural diagram of a network authentication apparatus according to an embodiment of the present invention.
  • the network verification device provided in this embodiment is applicable to the case where the network device is authenticated when the terminal device is in an inactive state or a lightly connected state, and the network verification device is implemented by combining hardware and software, and the device can be integrated in the network.
  • the processor of the device is used by the processor to invoke.
  • the network authentication apparatus 10 of this embodiment may include: a sending module 11 and a receiving module 12.
  • the sending module 11 is configured to send a paging message including network authentication information, where the network authentication information is used by the terminal device to verify the network device, and the terminal device is in an inactive state.
  • the network authentication apparatus configured to perform a mutual authentication manner between the terminal device and the network device.
  • the sending module 11 may carry the network authentication information when the paging message is sent, and the paging message is carried on the PCCH.
  • the network authentication information sent by the sending module 11 may be received in the process of initiating the random access, so that before the random access process in the existing LTE system is completed, The network device is verified.
  • the terminal device in the embodiment of the present invention is a terminal device in an inactive state or a lightly connected state, and may adopt a related standard protocol of an inactive state and a light connection state technology.
  • the sending module 11 may directly send a paging message to the terminal device, and carry the network authentication information in the paging message, where the terminal device performs verification on the network device, and then, The terminal device may initiate a random access procedure, and implement network device-to-terminal verification and downlink transmission in the random access process.
  • the terminal device may also directly send the network authentication information to the terminal device. Page message.
  • the random access process may be directly initiated, and the verification of the network device is completed through a random access procedure.
  • the network verification information may include, but is not limited to, check information, security algorithm configuration information, and NCC information, etc., wherein the verification information may be full/short MAC-I information, and the NCC is used to update the key.
  • the terminal device may calculate the MAC-I according to the network verification information and the related configuration, and compare with the sent MAC-I to implement verification on the network device.
  • the receiving module 12 is configured to receive a network verification response message sent by the terminal device.
  • the network device may send a network verification response message to the network device, and correspondingly, the receiving module 12 receives the network verification response message, where The network verification response message is used to indicate whether the verification of the network device by the terminal device is passed. At this point, the verification of the network device by the terminal device is completed.
  • the embodiment of the present invention can be applied to a scenario in which a network device has downlink data/downlink control information to be sent.
  • the sending module 11 directly sends a paging message to instruct the terminal device to verify the same.
  • the embodiment may also be applied to a scenario in which the terminal device has the uplink data/uplink control information to be sent.
  • the sending module 11 may further include the terminal device initiating random access, that is, the following steps: the receiving module 12: Receive a random access request message sent by the terminal device; the sending module 11 sends a random access response message to the terminal device.
  • the network authentication device provided by the embodiment of the present invention is different from the prior art in that the network authentication and random access procedures in the existing LTE technology are mainly directed to an idle state terminal device, and the terminal device has uplink data/uplink control information.
  • the network device has the downlink data/downlink control information or needs to release the context of the terminal device, the network device needs to be verified after the random access process is initiated and completed, that is, when the terminal device is in the connected state.
  • the network verification apparatus is directed to the light connection state in which the R14 is being standardized and the inactive state terminal device in the 5G system.
  • the verification of the network device may be completed in the process of initiating the random access.
  • the network device needs to send the downlink data/downlink control information
  • the paging message may be directly sent to the terminal device, and the network authentication information is carried in the paging message, and the terminal device performs verification on the network device, so that the paging device can complete the paging.
  • the network device (such as the base station) performs verification on the terminal device.
  • the network device can send downlink data.
  • the network device such as a base station
  • the terminal device passes the verification, and then the terminal device releases the context.
  • the apparatus provided by the embodiment of the present invention is advantageous for reducing the signaling overhead of the terminal device before performing verification on the network device, thereby reducing the delay for performing network verification.
  • the network verification device provided by the embodiment of the present invention is used to perform the network verification method provided by the embodiment shown in FIG. 4 of the present invention, and has a corresponding function module, and the implementation principle and technical effects thereof are similar, and details are not described herein again.
  • the network device may be an MME or an S-GW in the CN, or may be a base station in the access network; that is, the paging message sent by the sending module 11 may be a paging based on the S1 interface. That is, the paging message initiated by the CN may also be a RAN-based paging, that is, a paging message initiated by the base station, wherein the base station may be the source base station or the target base station due to the mobility of the terminal device.
  • the implementation manner of the paging message sent by the target base station in the embodiment of the present invention may include: the receiving module 12 of the target base station, configured to send the source base station before the sending module 11 of the target base station sends the paging message including the network authentication information. a paging message including network authentication information; the sending module 11 of the target base station is configured to send the paging message to the terminal device.
  • the verification of the terminal device and the network device includes a process in which the terminal side and the network side authenticate each other, that is, how the network device proves that a certain effective terminal device is transmitting data, and how the terminal device determines Is communicating with an active network device.
  • the network verification response message received by the receiving module 12 may carry the terminal verification information used by the network device to verify the terminal device.
  • the apparatus provided by the embodiment of the present invention may further include:
  • the verification module 13 is configured to verify the terminal device according to the terminal verification information received by the receiving module 12. In this embodiment, since the terminal device moves out of the service area of the source base station, the paging message needs to be forwarded by the target base station.
  • the network authentication information may also include, but is not limited to, full/short MAC-I information, security algorithm configuration information, NCC information for updating the key, and the like. After the verification module 13 verifies the terminal device, the downlink data/downlink control information may be sent to the terminal device.
  • the sending module 11 may further include: before receiving the paging message, the receiving module 12 receives the random access request message sent by the terminal device; and the sending module 11 Sending a random access response message to the terminal device; the receiving module 12 receives the uplink message sent by the terminal device, where the uplink message includes the data information, the terminal verification information, and the identifier information of the terminal device, where the terminal verification information is used to indicate the network device.
  • the terminal device is verified, and the terminal verification information also includes but is not limited to: verification information (full/short MAC-I information), security algorithm configuration information, and NCC information.
  • the network device may include: a CU and a plurality of DUs respectively connected to the CU.
  • the CU-DU separation network architecture may refer to the structure shown in FIG. 6.
  • the application scenario of the embodiment of the present invention may refer to the application scenario shown in FIG.
  • the network device sends the paging message including the network authentication information, which may include: the PDCP layer of the CU passes the channel (for example, PCCH) for carrying the paging message or the channel for carrying control signaling.
  • the target DU may also send network authentication information in other manners, for example, the target DU sends the network authentication information to the terminal device by using a MAC CE manner.
  • the four-step random access procedure in the LTE system is taken as an example to illustrate that the process of verifying the terminal device and the network device when the terminal device in the inactive state has the uplink data arrives may include:
  • the receiving module 12 of the target DU is further configured to receive a random access request message sent by the terminal device before the sending module 11 sends the paging message;
  • the sending module 11 of the target DU is further configured to send a random access response message to the terminal device;
  • the receiving module 12 of the target DU is further configured to receive an uplink message sent by the terminal device, where the uplink message includes data information, terminal verification information, and identifier information of the terminal device.
  • the sending module 11 of the target DU is further configured to send the uplink message to the radio link layer control protocol RLC layer of the source DU, and to the PDCP layer of the CU through the RLC layer of the source DU; wherein, since the RLC layer remains at the source DU That is, the format of the data packet transmitted by the target DU to the interface between the source DUs is MAC SDU or RLC PDU.
  • the PDCP layer of the CU verifies the terminal device according to the terminal verification information, and decrypts the data information.
  • the network verification device provided by the embodiment of the present invention is used to perform the network verification method provided by the embodiment shown in FIG. 8 of the present invention, and has a corresponding function module, and the implementation principle and technical effects thereof are similar, and details are not described herein again.
  • FIG. 12 is a schematic structural diagram of another network authentication apparatus according to an embodiment of the present disclosure.
  • the network verification apparatus 10 may further include:
  • the determining module 14 is configured to: before the sending module 11 sends the paging message including the network authentication information, determine to release the context of the designated terminal device, and determine the identification information of the designated terminal device;
  • the sending module 11 sends the paging message including the network authentication information, and may include: sending, according to the identification information of the specified terminal device determined by the determining module 14, a paging message to the designated terminal device, where the paging message further includes a release command,
  • the release instruction is used to instruct the specified terminal device to release the context of the terminal device.
  • the terminal device may calculate the MAC-I according to the network authentication information and the related configuration, and compare with the sent MAC-I to implement verification on the source base station; After the verification, the terminal device detects whether the paging message is a message sent to itself and whether the message includes a release instruction for releasing its context; if the release command for releasing the terminal device is included, the terminal device clears its context. After the information enters the idle state; if the verification of the network device fails, the process of releasing the terminal device context fails.
  • the sending module 11 and the receiving module 12 in the embodiments shown in FIG. 11 and FIG. 12 can be implemented by a transceiver of a network device, and the verification module 13 and the determining module 14 can pass through a processor of the network device.
  • the processor may be, for example, a central processing unit (CPU), or an application specific integrated circuit (ASIC), or one or more integrated circuits that implement the embodiments of the present invention. .
  • FIG. 13 is a schematic structural diagram of still another network verification apparatus according to an embodiment of the present invention.
  • the network verification device provided in this embodiment is applicable to the case where the network device is authenticated when the terminal device is in an inactive state or a lightly connected state, and the network verification device is implemented by combining hardware and software, and the device can be integrated in the terminal.
  • the processor of the device is used by the processor to invoke.
  • the network authentication apparatus 20 provided by the embodiment of the present invention may include: a receiving module 21, a verification module 22, and a sending module 23.
  • the receiving module 21 is configured to receive a paging message that is sent by the network device and includes network authentication information, where the terminal device is in an inactive state.
  • the network verification apparatus provided by the embodiment of the present invention is configured to perform mutual authentication between the terminal device and the network device.
  • the receiving module 21 may receive the network device carrying the network authentication information when the paging message is sent, and the paging message is carried on the PCCH.
  • the network authentication information sent by the network device may be received in the process of initiating the random access, so that the network can be completed before the random access process in the existing LTE system is completed. The device is verified.
  • the terminal device in the embodiment of the present invention is a terminal device in an inactive state or a lightly connected state, and may adopt a related standard protocol of an inactive state and a light connection state technology.
  • the paging message may be directly sent to the terminal device, and the network authentication information is carried in the paging message, and the terminal device performs verification on the network device, and then the terminal device may Initiating a random access procedure, performing network device-to-terminal verification and downlink transmission in a random access process; in addition, when the network device needs to release the context of the terminal device, it may also directly send a page carrying the network authentication information to the terminal device.
  • the random access process may be directly initiated, and the verification of the network device is completed through a random access procedure.
  • the network verification information may include, but is not limited to, check information, security algorithm configuration information, and NCC information, etc., wherein the verification information may be full/short MAC-I information, and the NCC is used to update the key.
  • the terminal device may calculate the MAC-I according to the network verification information and the related configuration, and compare with the sent MAC-I to implement verification on the network device.
  • the verification module 22 is configured to verify the network device according to the network verification information received by the receiving module 21;
  • the sending module 23 is configured to send a network verification response message to the network device.
  • the sending module 23 may send a network verification response message to the network device, where the network verification response message is used to indicate the terminal device. Whether the verification of the network device is passed. At this point, the verification of the network device by the terminal device is completed.
  • the embodiment of the present invention can be applied to a scenario in which a network device has downlink data/downlink control information to be sent.
  • a network device directly sends a paging message to instruct the terminal device to verify the same.
  • the example may also be applied to a scenario in which the terminal device needs to send the uplink data/uplink control information.
  • the receiving module 21 may further include the terminal device to initiate random access before receiving the paging message.
  • the network authentication and random access procedures in the existing LTE technologies are mainly directed to idle terminal devices, and when the terminal devices have uplink data/uplink control information, and the network devices have downlink data/downlink control information coming or need to release the terminal devices.
  • the context of the network device needs to be verified after the random access process is initiated and completed, that is, when the terminal device is in the connected state.
  • the network verification apparatus is directed to the light connection state in which the R14 is being standardized and the inactive state terminal device in the 5G system.
  • the verification of the network device may be completed in the process of initiating the random access.
  • the network device needs to send the downlink data/downlink control information
  • the paging message may be directly sent to the terminal device, and the network authentication information is carried in the paging message, and the terminal device performs verification on the network device, so that the paging device can complete the paging.
  • the network device (such as the base station) performs verification on the terminal device.
  • the network device can send downlink data.
  • the network device such as a base station
  • the terminal device passes the verification, and then the terminal device releases the context.
  • the apparatus provided by the embodiment of the present invention is advantageous for reducing the signaling overhead of the terminal device before performing verification on the network device, thereby reducing the delay for performing network verification.
  • the network verification device provided by the embodiment of the present invention is used to perform the network verification method provided by the embodiment shown in FIG. 10 of the present invention, and has a corresponding function module, and the implementation principle and technical effects thereof are similar, and details are not described herein again.
  • the network device may be an MME or an S-GW in the CN, or may be a base station in the access network; that is, the paging message received by the receiving module 21 may be based on the S1 interface.
  • the paging that is, the paging message initiated by the CN, may also be a RAN-based paging, that is, a paging message initiated by the base station, wherein the base station may be the source base station or the target base station due to the mobility of the terminal device.
  • the terminal device moves out of the service area of the source base station, the paging message received by the terminal device is forwarded by the target base station, and at this time, the network that sends the paging message
  • the device is a target base station.
  • the implementation manner of the network device sending the paging message in the embodiment of the present invention includes: a paging message that includes the network verification information sent by the source base station to the target base station; and the target base station sends the paging message to the terminal device.
  • the verification of the terminal device and the network device includes a process in which the terminal side and the network side authenticate each other, that is, how the network device proves that a certain effective terminal device is transmitting data, and how the terminal device determines Is communicating with an active network device.
  • the network verification response message sent by the sending module 23 may carry the terminal verification information used by the network device to verify the terminal device, and the network device may The terminal verification information is used to verify the terminal device.
  • the network verification information may also include: but not limited to: full/short MAC-I information, security algorithm configuration information, NCC information for updating the key, and the like.
  • the receiving module 21 may further receive downlink data/downlink control information sent by the network device.
  • the sending module 23 is further configured to: before the receiving module 21 receives the paging message, send a random access request message to the network device; the receiving module 21, And the sending module 23 is further configured to send an uplink message, where the uplink message includes data information, terminal verification information, and identifier information of the terminal device, where the terminal verification information is used to indicate
  • the network device verifies the terminal device, and the terminal verification information also includes but is not limited to: verification information (full/short MAC-I information), security algorithm configuration information, and NCC information.
  • the network device may further include: a CU and multiple DUs connected to the CU respectively.
  • a CU-DU separation network architecture reference may be made to the foregoing structure shown in FIG. 6 and FIG. 7.
  • the application of the network verification apparatus provided in the CU-DU separation network architecture according to the embodiment of the present invention can refer to the process shown in FIG. Narration.
  • the network device may release the context of the terminal device for some reason.
  • the processing mode may be: the network device directly releases the context of the terminal device by carrying a release command in the paging message.
  • the terminal device when the release command is received, it is also required to verify whether the paging message is from a valid network device. Therefore, the paging message may carry relevant network verification information for the terminal device to verify the network device.
  • FIG. 14 is a schematic structural diagram of still another network authentication apparatus according to an embodiment of the present invention.
  • the paging message in this embodiment further includes a release instruction. Based on the structure of the embodiment shown in FIG. 13, the network provided by this embodiment is provided.
  • the verification device 20 may further include:
  • the determining module 24 is configured to: when the verification module 22 verifies the network device, determine whether the paging message includes a release instruction for instructing to release the context of the terminal device;
  • the clearing module 25 is configured to: when the determining module 24 determines that the paging message includes a release command, clear the context information of the terminal device and enter an idle state; if the verification of the network device by the verification module 22 fails, the terminal device context is released. The process failed.
  • the receiving module 21 and the sending module 23 in the embodiments shown in FIG. 13 and FIG. 14 can be implemented by a transceiver of the terminal device, and the verification module 22, the determining module 24, and the clearing module 25 can pass through the terminal.
  • the processor of the device is implemented, which may be, for example, a CPU, or an ASIC, or one or more integrated circuits that implement embodiments of the present invention.
  • the network verification method described above is implemented in the form of a software function module and sold or used as a standalone product, it may also be stored in a computer readable storage medium.
  • the technical solution of the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product stored in a storage medium, including a plurality of instructions.
  • One device (which may be a terminal device or a network device, etc.) is caused to perform all or part of the methods described in various embodiments of the present invention.
  • the foregoing storage medium includes various media that can store program codes, such as a USB flash drive, a mobile hard disk, a read only memory (ROM), a magnetic disk, or an optical disk.
  • program codes such as a USB flash drive, a mobile hard disk, a read only memory (ROM), a magnetic disk, or an optical disk.
  • an embodiment of the present invention provides a network device, including a memory and a processor, where the memory stores a computer program executable on a processor, and when the processor executes the program, the network on the network device side is implemented. The steps in the verification method.
  • An embodiment of the present invention provides a terminal device, including a memory and a processor, where the memory stores a computer program executable on a processor, and when the processor executes the program, the network verification method in the terminal device side is implemented. A step of.
  • the embodiment of the invention provides a computer readable storage medium, on which a computer program is stored, and when the computer program is executed by the processor, the steps in the network verification method on the terminal device side or the network device side are implemented.
  • FIG. 15 is a schematic diagram of a hardware entity of a network authentication device according to an embodiment of the present invention.
  • the hardware entity of the network authentication device (such as a terminal device or network device) 1500 includes: a processor 1501. Communication interface 1502 and memory 1503, wherein
  • the processor 1501 typically controls the overall operation of the device 1500.
  • Communication interface 1502 may enable devices to communicate with other terminals or servers over a network.
  • the memory 1503 is configured to store instructions and applications executable by the processor 1501, and may also cache data to be processed or processed by the processor 1501 and each module in the device 1500 (eg, image data, audio data, voice communication data, and video). Communication data) can be realized by flash memory (FLASH) or random access memory (RAM).
  • the disclosed apparatus and method may be implemented in other manners.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • there may be another division manner such as: multiple units or components may be combined, or Can be integrated into another system, or some features can be ignored or not executed.
  • the coupling, or direct coupling, or communication connection of the components shown or discussed may be indirect coupling or communication connection through some interfaces, devices or units, and may be electrical, mechanical or other forms. of.
  • the units described above as separate components may or may not be physically separated, and the components displayed as the unit may or may not be physical units; they may be located in one place or distributed on multiple network units; Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may be separately used as one unit, or two or more units may be integrated into one unit;
  • the unit can be implemented in the form of hardware or in the form of hardware plus software functional units.
  • the foregoing program may be stored in a computer readable storage medium, and when executed, the program includes The foregoing steps of the method embodiment; and the foregoing storage medium includes: a removable storage device, a read only memory (ROM), a magnetic disk, or an optical disk, and the like, which can store program codes.
  • ROM read only memory
  • the above-described integrated unit of the present invention may be stored in a computer readable storage medium if it is implemented in the form of a software function module and sold or used as a standalone product.
  • the technical solution of the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product stored in a storage medium, including a plurality of instructions.
  • a network authentication device (which may be a terminal device or a network device, etc.) is caused to perform all or part of the methods described in various embodiments of the present invention.
  • the foregoing storage medium includes various media that can store program codes, such as a mobile storage device, a ROM, a magnetic disk, or an optical disk.
  • the embodiment of the present invention solves the problem of performing network verification in the prior art. Because the terminal device needs to perform mutual authentication with the network device after completing the random access process, the delay of performing network verification is long.

Abstract

L'invention concerne un procédé et un appareil de vérification de réseau, un dispositif et un support de stockage. Selon certains modes de réalisation, la présente invention concerne un procédé de vérification de réseau qui comprend les étapes suivantes : un dispositif de réseau envoie un message de radiomessagerie comprenant des informations de vérification de réseau, les informations de vérification de réseau étant utilisées de sorte qu'un dispositif de terminal vérifie le dispositif de réseau, et le dispositif de terminal est dans un état non activé ; et le dispositif de réseau reçoit un message de réponse de vérification de réseau envoyé par le dispositif de terminal.
PCT/CN2018/084290 2017-05-09 2018-04-24 Procédé et appareil de vérification de réseau, dispositif et support de stockage WO2018205831A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710322886.5A CN108882235A (zh) 2017-05-09 2017-05-09 一种网络验证方法和装置
CN201710322886.5 2017-05-09

Publications (1)

Publication Number Publication Date
WO2018205831A1 true WO2018205831A1 (fr) 2018-11-15

Family

ID=64104290

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/084290 WO2018205831A1 (fr) 2017-05-09 2018-04-24 Procédé et appareil de vérification de réseau, dispositif et support de stockage

Country Status (2)

Country Link
CN (1) CN108882235A (fr)
WO (1) WO2018205831A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111601379B (zh) * 2019-06-27 2022-02-01 维沃移动通信有限公司 用于获取定时提前量的方法和设备
EP4183191A4 (fr) * 2020-07-17 2023-10-04 ZTE Corporation Acheminement de données dans des architectures divisées entre unités centralisées et unités distribuées

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101272251A (zh) * 2007-03-22 2008-09-24 华为技术有限公司 鉴权和密钥协商方法、认证方法、系统及设备
WO2013172750A1 (fr) * 2012-05-15 2013-11-21 Telefonaktiebolaget L M Ericsson (Publ) Radiomessagerie sécurisée
US9451463B1 (en) * 2007-11-15 2016-09-20 Open Invention Network, Llc System, method, and computer-readable medium for mobile-terminated SMS message delivery for a mobile station attached with an IP-femtocell system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101272251A (zh) * 2007-03-22 2008-09-24 华为技术有限公司 鉴权和密钥协商方法、认证方法、系统及设备
US9451463B1 (en) * 2007-11-15 2016-09-20 Open Invention Network, Llc System, method, and computer-readable medium for mobile-terminated SMS message delivery for a mobile station attached with an IP-femtocell system
WO2013172750A1 (fr) * 2012-05-15 2013-11-21 Telefonaktiebolaget L M Ericsson (Publ) Radiomessagerie sécurisée

Also Published As

Publication number Publication date
CN108882235A (zh) 2018-11-23

Similar Documents

Publication Publication Date Title
US11706814B2 (en) Communications device, infrastructure equipment and methods
CN104581843B (zh) 用于无线通信系统的网络端的处理交递方法及其通信装置
EP3378273B1 (fr) Procédés et dispositifs pour exécuter une procédure resume
TWI336577B (en) Method and mobile terminal for communicating data in a wireless communications system
US11405830B2 (en) Information transmission method and apparatus
WO2018126801A1 (fr) Procédé et appareil d'envoi de données, procédé et appareil de réception de données
US8228851B2 (en) Method for handling random access response reception and an E-UTRAN and user equipment thereof
JP2019068416A (ja) システム間移動におけるセキュリティ
CN107710801A (zh) 免授权传输的方法、用户设备、接入网设备和核心网设备
CN106817696B (zh) 处理用于双连接的数据传送/接收的装置及方法
WO2016021817A1 (fr) Procédé d'authentification de terminal dans un système de communication sans fil, et dispositif y étant destiné
US20190124506A1 (en) System and Method for Communicating with Provisioned Security Protection
JP6697075B2 (ja) 車車間・路車間通信システムにおけるデータ伝送のための方法
WO2019029531A1 (fr) Procédé de déclenchement d'authentification de réseau et dispositif associé
ES2963419T3 (es) Verificación de la seguridad cuando se reanuda una conexión de RRC
US20140106746A1 (en) Network Attach Method for Relay Node and Related Apparatus
JP7405265B2 (ja) 端末装置及び基地局
TW200814681A (en) Procedure for initial access
WO2018205831A1 (fr) Procédé et appareil de vérification de réseau, dispositif et support de stockage
CN108924831B (zh) 终端的验证方法和装置
KR102104844B1 (ko) 데이터 전송 방법, 제1 장치 및 제2 장치
US20220345883A1 (en) Security key updates in dual connectivity
CN110831247A (zh) 一种通信方法及装置
WO2011120466A2 (fr) Procédé et dispositif d'accès à un réseau
WO2023098209A1 (fr) Procédé, dispositif et système de protection de transmission de données

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18798452

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18798452

Country of ref document: EP

Kind code of ref document: A1