WO2019096265A1

WO2019096265A1 - Method and device for requesting connection recovery

Info

Publication number: WO2019096265A1
Application number: PCT/CN2018/116000
Authority: WO
Inventors: 胡力; 李秉肇; 陈璟; 耿婷婷
Original assignee: 华为技术有限公司
Priority date: 2017-11-16
Filing date: 2018-11-16
Publication date: 2019-05-23

Abstract

Provided are a method and device for requesting connection recovery. The method comprises: a terminal generating a message authentication code according to a freshness parameter and an integrity protection key of the terminal, wherein the freshness parameters used for two adjacent generations of message authentication codes are different; and the terminal sending a connection recovery request message to a target base station, the connection recovery request message comprising the message authentication code, and the connection recovery request message being used for requesting the recovery of radio resource control (RRC) connection. Since a message authentication code generated by a terminal each time is different from the message authentication code generated last time, even if an attacker steals the message authentication code used by the terminal last time, due to the "expired" message authentication code used, the attacker cannot attack successfully.

Description

Method and device for requesting restoration of connection

This application claims the priority of the Chinese Patent Application filed on November 16, 2017, the disclosure of which is hereby incorporated by reference. In the present application, as well as the priority of the Chinese patent application filed on February 13, 2018, submitted to the Intellectual Property Office of the People's Republic of China, application number 201810149050.4, and the invention name "a method and apparatus for requesting restoration of connection" The entire content of which is incorporated herein by reference.

Technical field

The present application relates to the field of mobile communications technologies, and in particular, to a method and apparatus for requesting to restore a connection.

Background technique

In long term evolution (LTE), the suspend and resume process can be used for narrowband internet of things (NB-IoT) terminals, ie, IoT devices with low mobility or low power consumption. Such as smart water meters.

When the base station informs the terminal to release the current connection in a suspended manner, the terminal and the base station delete the context of the part of the access layer, and also retain the context of the part of the access layer, such as the access layer key, the security capability of the terminal, and the current Selected security algorithms, etc. The terminal then enters an inactive state from the connected state. When the terminal wishes to resume the connection with the base station, it can quickly recover from the inactive state to the connected state.

In the fifth generation (5th generation, 5G) system and future communication systems, the above service flow can be extended to apply the suspend and resume process to an enhanced mobile broadband (eMBB) terminal such as a smart phone.

Due to the high mobility of the terminal, the base station to which the terminal is connected may change. Further, when the base station serves the terminal, a scenario of load balancing is considered. For example, when the terminal requests to recover from the inactive state to the connected state, if the load of the base station that the terminal currently wants to access is heavy, the base station will reject the access of the terminal, that is, reject the connection recovery request of the terminal. And notify the terminal to rest for a while before trying to connect.

In the above scenario, after the terminal requests that the connection is rejected for the first time, the authentication information sent by the terminal may be acquired by the attacker, and then the attacker uses the obtained authentication information to request the connection to establish a connection. May cause an attack.

Therefore, in the above scenario, how to effectively defend against an attacker's attack is an urgent problem to be solved.

Summary of the invention

The present application provides a method and apparatus for requesting a recovery connection to effectively defend against an attacker's attack.

In a first aspect, the present application provides a method for requesting a connection to restore, comprising: generating, by a terminal, a message authentication code according to a freshness parameter and an integrity protection key of the terminal, where the message authentication code is generated by two adjacent messages. The freshness parameter is different; the terminal sends a connection recovery request message to the target base station, where the connection recovery request message includes the message authentication code, and the connection recovery request message is used to request to resume the radio resource control RRC connection.

Since the message authentication code generated by the terminal is different from the message authentication code generated last time, even if the attacker steals the message authentication code used by the terminal last time, due to the "expired" message authentication code used, the attack is Will not be able to attack successfully.

In a possible implementation manner, the freshness parameter includes a number of rejections, and the number of rejections is used to indicate the number of times the terminal is rejected when attempting to resume the RRC connection. In a possible implementation manner, the connection recovery request message further includes an indication parameter, where the indication parameter is used to indicate the freshness parameter.

In one example, the freshness parameter includes a packet data convergence protocol count PDCP COUNT, the indication parameter including some or all of the bits of the PDCP COUNT.

In a possible implementation manner, the terminal receives a connection recovery response message from the target base station, where the connection recovery response message is used to instruct the terminal to resume the RRC connection.

In a second aspect, the present application provides a method for requesting a connection to restore, comprising: receiving, by a target base station, a connection recovery request message from a terminal, where the connection recovery request message includes a message authentication code, and the connection recovery request message is used to request to resume wireless The resource control RRC connection, the message authentication code is generated according to the integrity protection key of the terminal; if the target base station refuses to restore the RRC connection, sending a notification message to the source base station, where the notification message includes The message authentication code.

Wherein, the notification message has one or more of the following functions:

The notification message is used to notify the update of the context of the terminal in the source base station;

The notification message is used to notify the target base station that the terminal is refused to resume the connection;

The notification message is used to notify the update of the freshness parameter of the context of the terminal in the source base station;

The notification message is used to notify the key of updating the context of the terminal in the source base station.

In the foregoing method, when the target base station refuses to restore the RRC connection, the source base station is further notified to update the context of the terminal, so that the context between the terminal and the source base station can be kept consistent, which helps reduce the probability of the terminal entering the connected state from the inactive state.

In a possible implementation manner, the notification message notifies that the updated context of the terminal includes an access layer key.

In a possible implementation manner, the freshness parameter includes a number of rejections, and the number of rejections is used to indicate the number of times the terminal is rejected when attempting to resume the RRC connection.

In a possible implementation manner, the message authentication code is generated according to a freshness parameter and an integrity protection key of the terminal, where the notification message notifies that the updated context of the terminal includes the freshness parameter Wherein, the freshness parameters used to generate the message authentication code two times are different.

In this implementation manner, the connection recovery request message further includes an indication parameter, the indication parameter is used to indicate the freshness parameter, and the notification message further includes the indication parameter. In one example, the freshness parameter includes a PDCP COUNT, the indication parameter including some or all of the bits of the PDCP COUNT.

In a third aspect, the present application provides a method for requesting a connection to restore, comprising: receiving, by a target base station, a connection recovery request message from a terminal, where the connection recovery request message includes a message authentication code, and the message authentication code is based on a freshness parameter and The integrity protection key of the terminal is generated, wherein the freshness parameter used by the two adjacent generation message authentication codes is different, and the connection recovery request message is used to request to restore the radio resource control RRC connection; the target base station If the RRC connection is restored, the context request message is sent to the source base station, where the context request message includes the message authentication code, and the context request message is used to request to acquire the context of the terminal.

In a possible implementation manner, the connection recovery request message further includes an indication parameter, where the indication parameter is used to indicate the freshness parameter, and the context request message further includes the indication parameter.

In one example, the freshness parameter includes a packet data convergence protocol PDCP count COUNT, the indication parameter including some or all of the bits of the PDCP COUNT.

In a fourth aspect, the application provides a method for requesting to restore a connection, including: receiving, by a source base station, a notification message from a target base station, where the notification message includes a message authentication code, and the message authentication code is based on integrity protection of the terminal. Key generated

The source base station verifies the message authentication code according to the integrity protection key of the source base station;

And if the source base station verifies that the message authentication code is correct, updating the context of the terminal in the source base station.

In the foregoing method, when the target base station refuses to restore the RRC connection, the source base station is further notified to update the context of the terminal, so that the source base station updates the context of the terminal, so that the source base station remains consistent with the context of the terminal, which helps to reduce the terminal from entering the inactive state. The probability of failure of the connected state.

Wherein, the notification message has one or more of the following functions:

In an example, the source base station updates a context of the terminal in the source base station, including: the source base station increments a number of rejections of a context of the terminal by one.

In a possible implementation manner, the source base station updates a context of the terminal in the source base station, where the source base station updates an access layer key in a context of the terminal.

In a possible implementation manner, the message authentication code is generated according to a freshness parameter and an integrity protection key of the terminal, where a freshness parameter used by generating a message authentication code twice is different; And verifying, by the source base station, the message authentication code according to the integrity protection key of the source base station, where the source base station performs verification according to the freshness parameter and the integrity protection key of the source base station. The message authentication code.

In a possible implementation manner, the notification message further includes an indication parameter, where the indication parameter is used to indicate the freshness parameter.

In one example, the freshness parameter includes a packet data convergence protocol count PDCP COUNT, and the source base station updates a context of the terminal in the source base station, including: if the value of the PDCP COUNT is greater than the terminal The value of the PDCP COUNT in the context, the source base station updates the value of the PDCP COUNT in the context of the terminal to the value of the PDCP COUNT indicated by the indication parameter.

In a fifth aspect, the application provides a method for requesting a connection to restore, comprising: receiving, by a source base station, a context request message from a target base station, where the context request message includes a message authentication code, and the message authentication code is according to the freshness parameter And the freshness protection key generated by the integrity protection key of the terminal, where the freshness parameter used in generating the message authentication code is different, the context request message is used to request to acquire the context of the terminal; And verifying the message authentication code according to the freshness parameter and the integrity protection key of the source base station; if the source base station verifies that the message authentication code is correct, updating the freshness in the context of the terminal And a context response message to the target base station, the context response message including a context of the terminal.

In a possible implementation manner, the freshness parameter includes a number of rejections, where the number of rejections is used to indicate a number of times the terminal attempts to recover the RRC connection, and the source base station updates the source base station according to the source station. The context of the terminal in the method includes: the source base station resetting the number of rejections in the context of the terminal to zero.

In a possible implementation manner, the context request message further includes an indication parameter, where the indication parameter is used to indicate the freshness parameter, the freshness parameter includes a PDCP COUNT; and the source base station updates the source base station The context of the terminal in the method includes: if the value of the PDCP COUNT is greater than the value of the PDCP COUNT in the context of the terminal, the source base station updates the value of the PDCP COUNT in the context of the terminal to The value of the PDCP COUNT indicated by the indication parameter.

In one example, the indication parameter includes a partial bit of the PDCP COUNT; the source base station determines the PDCP COUNT indicated by the indication parameter according to the indication parameter.

In a sixth aspect, the present application provides a device, which may be a terminal or a chip in a terminal. The device has the functionality to implement the various embodiments of the first aspect described above. This function can be implemented in hardware or in hardware by executing the corresponding software. The hardware or software includes one or more modules corresponding to the functions described above.

In a possible design, when the device is a terminal, the terminal includes: a transmitting unit and a processing unit, and optionally, a receiving unit. The processing unit may for example be a processor, which may for example be a receiver, a transmitting unit, for example a transmitter. The receiver and transmitter include radio frequency circuits. Optionally, the terminal further comprises a storage unit, which may be, for example, a memory. When the terminal includes a storage unit, the storage unit stores a computer execution instruction, the processing unit is connected to the storage unit, and the processing unit executes a computer execution instruction stored by the storage unit, so that the terminal performs the request to restore the connection according to any one of the foregoing first aspects. Methods.

In another possible design, when the device is a chip in the terminal, the chip includes: a transmitting unit and a processing unit, and optionally, a receiving unit. The processing unit can be, for example, a processing circuit, which can be, for example, an input interface, a pin or a circuit, etc., and the transmitting unit can be, for example, an output interface, a pin or a circuit. The processing unit may execute a computer-executed instruction stored by the storage unit to cause the method of restoring the connection of any of the above-described first aspects to be performed. Optionally, the storage unit may be a storage unit in the chip, such as a register, a cache, etc., and the storage unit may also be a storage unit located outside the chip in the terminal, such as a read-only memory (ROM), and may be stored. Other types of static storage devices, random access memory (RAM), etc. for static information and instructions.

The processor mentioned in any of the above may be a general-purpose central processing unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more A program-implemented integrated circuit for controlling a method of requesting a resume connection of any of the above first aspects.

In a seventh aspect, the application provides a device, which may be a target base station or a chip in a target base station. The device has the functionality to implement the various embodiments of the second aspect described above. This function can be implemented in hardware or in hardware by executing the corresponding software. The hardware or software includes one or more modules corresponding to the functions described above.

In a possible design, when the device is a target base station, the base station includes: a receiving unit and a sending unit, and optionally, a processing unit. The processing unit may for example be a processor, which may for example be a receiver, a transmitting unit, for example a transmitter. The receiver and transmitter include radio frequency circuits. Optionally, the base station further comprises a storage unit, which may be, for example, a memory. When the base station includes a storage unit, the storage unit stores a computer execution instruction, the processing unit is coupled to the storage unit, and the processing unit executes a computer execution instruction stored by the storage unit to cause the base station to perform the request to restore the connection according to any one of the foregoing second aspects. Methods.

In another possible design, when the device is a chip in a target base station, the chip includes: a receiving unit and a transmitting unit, and optionally, a processing unit. The processing unit can be, for example, a processing circuit, which can be, for example, an input interface, a pin or a circuit, etc., and the transmitting unit can be, for example, an output interface, a pin or a circuit. The processing unit may execute a computer-executed instruction stored by the storage unit to cause the method of restoring the connection of any of the above-described second aspects to be performed. Optionally, the storage unit may be a storage unit in the chip, such as a register, a cache, etc., and the storage unit may also be a storage unit located outside the chip in the terminal, such as a ROM only, other types of statics that can store static information and instructions. Storage device, RAM, etc.

Wherein, the processor mentioned in any of the above may be a general-purpose CPU, a microprocessor, an ASIC, or a program executed by one or more methods for controlling the connection recovery request of any of the above second aspects. integrated circuit.

In an eighth aspect, the present application provides an apparatus, which may be a target base station or a chip in a target base station. The device has the functionality to implement the various embodiments of the third aspect described above. This function can be implemented in hardware or in hardware by executing the corresponding software. The hardware or software includes one or more modules corresponding to the functions described above.

In a possible design, when the device is a target base station, the base station includes: a receiving unit and a sending unit, and optionally, a processing unit. The processing unit may for example be a processor, which may for example be a receiver, a transmitting unit, for example a transmitter. The receiver and transmitter include radio frequency circuits. Optionally, the base station further comprises a storage unit, which may be, for example, a memory. When the base station includes a storage unit, the storage unit stores a computer execution instruction, the processing unit is connected to the storage unit, and the processing unit executes a computer execution instruction stored by the storage unit, so that the base station performs the request to restore the connection according to any one of the foregoing third aspects. Methods.

In another possible design, when the device is a chip in a target base station, the chip includes: a receiving unit and a transmitting unit, and optionally, a processing unit. The processing unit can be, for example, a processing circuit, which can be, for example, an input interface, a pin or a circuit, etc., and the transmitting unit can be, for example, an output interface, a pin or a circuit. The processing unit may execute a computer-executed instruction stored by the storage unit to cause the method of restoring the connection of any of the above-described third aspects to be performed. Optionally, the storage unit may be a storage unit in the chip, such as a register, a cache, etc., and the storage unit may also be a storage unit located outside the chip in the terminal, such as a ROM only, other types of statics that can store static information and instructions. Storage device, RAM, etc.

Wherein, the processor mentioned in any of the above may be a general-purpose CPU, a microprocessor, an ASIC, or a program executed by one or more methods for controlling the connection recovery request of any of the above third aspects. integrated circuit.

In a ninth aspect, the present application provides an apparatus, which may be a source base station or a chip in a source base station. The device has the functionality to implement the various embodiments of the fourth aspect described above. This function can be implemented in hardware or in hardware by executing the corresponding software. The hardware or software includes one or more modules corresponding to the functions described above.

In a possible design, when the device is a source base station, the base station includes: a receiving unit and a transmitting unit, and optionally, a processing unit. The processing unit may for example be a processor, which may for example be a receiver, a transmitting unit, for example a transmitter. The receiver and transmitter include radio frequency circuits. Optionally, the base station further comprises a storage unit, which may be, for example, a memory. When the base station includes a storage unit, the storage unit stores a computer execution instruction, the processing unit is coupled to the storage unit, and the processing unit executes a computer execution instruction stored by the storage unit to cause the base station to perform the request to restore the connection according to any one of the foregoing fourth aspects. Methods.

In another possible design, when the device is a chip in a source base station, the chip includes: a receiving unit and a transmitting unit, and optionally, a processing unit. The processing unit can be, for example, a processing circuit, which can be, for example, an input interface, a pin or a circuit, etc., and the transmitting unit can be, for example, an output interface, a pin or a circuit. The processing unit may execute a computer-executed instruction stored by the storage unit to cause the method of requesting to restore the connection of any of the above fourth aspects to be performed. Optionally, the storage unit may be a storage unit in the chip, such as a register, a cache, etc., and the storage unit may also be a storage unit located outside the chip in the terminal, such as a ROM only, other types of statics that can store static information and instructions. Storage device, RAM, etc.

Wherein, the processor mentioned in any of the above may be a general-purpose CPU, a microprocessor, an ASIC, or a program executed by one or more methods for controlling a connection recovery connection according to any of the above fourth aspects. integrated circuit.

In a tenth aspect, the application provides a device, which may be a source base station or a chip in a source base station. The device has the functionality to implement the various embodiments of the fifth aspect described above. This function can be implemented in hardware or in hardware by executing the corresponding software. The hardware or software includes one or more modules corresponding to the functions described above.

In a possible design, when the device is a source base station, the base station includes: a receiving unit and a transmitting unit, and optionally, a processing unit. The processing unit may for example be a processor, which may for example be a receiver, a transmitting unit, for example a transmitter. The receiver and transmitter include radio frequency circuits. Optionally, the base station further comprises a storage unit, which may be, for example, a memory. When the base station includes a storage unit, the storage unit stores a computer execution instruction, the processing unit is connected to the storage unit, and the processing unit executes a computer execution instruction stored by the storage unit, so that the base station performs the request to restore the connection according to any one of the foregoing fifth aspects. Methods.

In another possible design, when the device is a chip in a source base station, the chip includes: a receiving unit and a transmitting unit, and optionally, a processing unit. The processing unit can be, for example, a processing circuit, which can be, for example, an input interface, a pin or a circuit, etc., and the transmitting unit can be, for example, an output interface, a pin or a circuit. The processing unit may execute a computer execution instruction stored by the storage unit to cause the method of requesting to restore the connection of any of the above fifth aspects to be performed. Optionally, the storage unit may be a storage unit in the chip, such as a register, a cache, etc., and the storage unit may also be a storage unit located outside the chip in the terminal, such as a ROM only, other types of statics that can store static information and instructions. Storage device, RAM, etc.

Wherein, the processor mentioned in any of the above may be a general-purpose CPU, a microprocessor, an ASIC, or a program executed by one or more methods for controlling a connection recovery connection according to any of the above fifth aspects. integrated circuit.

In an eleventh aspect, the present application further provides a computer readable storage medium having instructions stored therein that, when executed on a computer, cause the computer to perform the methods described in the above aspects.

In a twelfth aspect, the present application also provides a computer program product comprising instructions which, when run on a computer, cause the computer to perform the methods described in the above aspects.

In a thirteenth aspect, the present application provides a communication system, the system comprising the device of the sixth aspect, the device of the seventh aspect, and the device of the ninth aspect, or the system includes the sixth aspect The device of claim 7, the device of the seventh aspect, and the device of the tenth aspect, or the system, comprising the device of the sixth aspect, the device of the eighth aspect, and the device of the ninth aspect The system includes the apparatus of the sixth aspect, the apparatus of the eighth aspect, and the apparatus of the tenth aspect.

In a fourteenth aspect, the present application further provides a method for requesting to restore a connection, comprising: updating a access layer key by a terminal to obtain an updated access layer key; and generating, by the terminal, an update according to the updated access layer key a security integrity key; the terminal generates a message authentication code according to the updated integrity protection key; the terminal sends a connection recovery request message to the target base station, where the connection recovery request message includes the message authentication code, the connection And the recovery request message is used to request to resume the radio resource control RRC connection; the terminal receives a connection recovery reject message from the target base station, where the connection recovery reject message is used to indicate that the terminal is denied to restore the RRC connection; The access layer key is restored to the access layer key before the update.

In the scenario that the target base station rejects the connection recovery request of the terminal, the terminal has updated the access layer key. In order to keep the key between the terminal and the source base station consistent, the terminal may use the method of backing off the key by the terminal. The access layer key is restored to the access layer key before the update. Therefore, the purpose of maintaining the same key between the terminal and the source base station is also achieved, and the problem that the terminal cannot be restored due to the key synchronization between the terminal and the source base station can be effectively solved.

In a fifteenth aspect, the application provides a device, which may be a terminal or a chip in the terminal. The device has the function of implementing the embodiment of the fourteenth aspect described above. This function can be implemented in hardware or in hardware by executing the corresponding software. The hardware or software includes one or more modules corresponding to the functions described above.

In a possible design, when the device is a terminal, the terminal includes: a transmitting unit, a receiving unit, and a processing unit. The processing unit may for example be a processor, which may for example be a receiver, a transmitting unit, for example a transmitter. The receiver and transmitter include radio frequency circuits. Optionally, the terminal further comprises a storage unit, which may be, for example, a memory. When the terminal includes a storage unit, the storage unit stores a computer execution instruction, the processing unit is connected to the storage unit, and the processing unit executes a computer execution instruction stored by the storage unit, so that the terminal performs the request for restoring the connection according to the fourteenth aspect. .

In another possible design, when the device is a chip in the terminal, the chip includes: a transmitting unit, a receiving unit, and a processing unit. The processing unit can be, for example, a processing circuit, which can be, for example, an input interface, a pin or a circuit, etc., and the transmitting unit can be, for example, an output interface, a pin or a circuit. The processing unit may execute a computer-executed instruction stored by the storage unit to cause the method of the above-described fourteenth aspect to request a connection to be restored. Optionally, the storage unit may be a storage unit in the chip, such as a register, a cache, etc., and the storage unit may also be a storage unit located outside the chip in the terminal, such as a ROM, other types of static storage that can store static information and instructions. Equipment, RAM, etc.

Wherein, the processor mentioned in any of the above may be a general-purpose CPU, a microprocessor, an ASIC, or an integrated circuit of one or more programs for controlling the method for requesting the restoration of the connection in the above fourteenth aspect. .

These and other aspects of the present application will be more readily apparent from the following description of the embodiments.

DRAWINGS

FIG. 1 is a schematic diagram of a possible network architecture provided by the present application;

2 is a schematic diagram of a process for a terminal to enter an inactive state from a connected state according to the present application;

FIG. 3 is a flowchart of a method for requesting a recovery connection according to the present application; FIG.

4 is a flowchart of another method for requesting a recovery connection according to the present application;

FIG. 5 is a flowchart of another method for requesting a recovery connection according to the present application; FIG.

FIG. 6 is a flowchart of another method for requesting a recovery connection according to the present application; FIG.

FIG. 7 is a flowchart of another method for requesting to restore a connection provided by the present application;

Figure 8 is a schematic diagram of a device provided by the present application;

Figure 9 is a schematic view of another apparatus provided by the present application;

Figure 10 is a schematic view of another apparatus provided by the present application;

FIG. 11 is a schematic diagram of another apparatus provided by the present application.

Detailed ways

The present application will be further described in detail below with reference to the accompanying drawings. The specific method of operation in the method embodiments can also be applied to device embodiments or system embodiments. In the description of the present application, the meaning of "a plurality" is two or more unless otherwise stated.

It should be noted that the method of requesting to restore the connection of the present application may be performed by a device. Wherein, the device may include a device on the network side and/or a device on the terminal side. On the network side, the device may be a chip in the base station or the base station, that is, the method of requesting to restore the connection may be performed by the chip in the base station or the base station; on the terminal side, the device may be a chip in the terminal or the terminal, that is, The method of requesting to restore a connection of the present application can be performed by a chip in a terminal or a terminal.

For convenience of description, the present application uses a device as a base station or a terminal as an example to describe a method for requesting to restore a connection. For a method in which a device is a chip in a base station or a chip in a terminal, the connection may be restored by referring to the request of the base station or the terminal. The specific description of the method is not repeated.

FIG. 1 is a schematic diagram of a possible network architecture of the present application. It includes a terminal, a source base station, and a target base station. The terminal communicates with the source base station and the target base station through a wireless interface. The source base station and the target base station can communicate through a wired connection, such as through an X2 interface, an Xn interface, or can communicate through an air interface.

In the present application, the terminal may move from the source base station to the target base station due to the movement of the terminal or the like. The source base station is a base station that the terminal accesses first, and the target base station is a base station that is accessed after the terminal moves.

Among them, the terminal is a device with wireless transceiver function, which can be deployed on land, indoors or outdoors, handheld or on-board; it can also be deployed on the water surface (such as ships); it can also be deployed in the air (such as airplanes, balloons). And satellites, etc.). The terminal may be a mobile phone, a tablet, a computer with wireless transceiver function, a virtual reality (VR) terminal, an augmented reality (AR) terminal, industrial control (industrial control) Wireless terminal, wireless terminal in self driving, wireless terminal in remote medical, wireless terminal in smart grid, wireless terminal in transportation safety, A wireless terminal in a smart city, a wireless terminal in a smart home, and the like.

A base station is a device that provides wireless communication functions for a terminal, including but not limited to: a next-generation base station (g nodeB, gNB), an evolved node B (eNB), and a radio network controller (radio) in 5G. Network controller (RNC), node B (NB), base station controller (BSC), base transceiver station (BTS), home base station (for example, home evolved node B, or home node B) , HNB), BaseBand Unit (BBU), transmission and receiving point (TRP), transmitting point (TP), mobile switching center, etc.

In the present application, the terminal generally has three states, that is, a connected state, an idle state, and an inactive state.

Wherein, when the terminal is in the connected state, the terminal is in a normal working state. User data can be sent and received between the network side and the terminal.

When the terminal enters the idle state from the connected state, the terminal and the base station generally delete all the access stratum (AS) contexts of the terminal. In a special case, in 4G, when the network side releases the connection of the terminal by the suspend reason, the terminal also enters the idle state from the connected state, but at this time, the terminal and the base station delete part of the AS context, and retain A partial AS context, for example, may retain an access layer key (which may be referred to as KeNB in 4G), a security capability of the terminal, and a security algorithm (including an integrity protection algorithm and an encryption algorithm) for communication between the terminal and the source base station to which the terminal accesses. . The security capability of the terminal refers to the security algorithm supported by the terminal, including the supported encryption algorithm and the supported integrity protection algorithm. At this time, the special idle state in which the terminal is located may be referred to as a suspended state.

In 5G, an inactive state is introduced. When the terminal enters the inactive state from the connected state, the base station suspends the terminal. At this time, the terminal and the base station delete part of the AS context, and reserve part of the AS context, for example, the access layer may be reserved. The key (which can be called KgNB in 5G), the security capability of the terminal, and the security algorithm (including integrity protection algorithm and encryption algorithm) for communication between the terminal and the source base station accessed by the terminal. The security capability of the terminal refers to the security algorithm supported by the terminal, including the supported encryption algorithm and the supported integrity protection algorithm.

For convenience of explanation, the subsequent unification of the suspended state defined in 4G and the inactive state defined in 5G is called inactive state. When the terminal is in an inactive state, the base station connected to the terminal and the terminal before the terminal enters the inactive state will save part of the AS context. For details, refer to the foregoing description.

When the terminal is in an inactive state, since part of the AS context is reserved on the terminal, the terminal enters the connected state from the inactive state more quickly than when the terminal enters the connected state from the idle state.

In addition, considering the mobility of the terminal, when the terminal returns from the inactive state to the connected state, the terminal may need to replace the base station. That is, the terminal first establishes a connection with the source base station, and then the terminal enters an inactive state at the source base station for some reason, such as network side notification. When the terminal wishes to return to the connected state, if the terminal has moved to the coverage of the target base station, the terminal will resume from the inactive state to the connected state at the target base station.

Of course, the present application is also applicable to the scenario in which the target base station and the source base station are the same when the terminal is restored from the inactive state to the connected state, that is, the base station accessed by the terminal may not change, and is still the same base station.

The following describes the process of the terminal entering the inactive state from the connected state.

As shown in FIG. 2, a schematic diagram of a process for a terminal provided in the present application to enter an inactive state from a connected state includes the following steps:

Step 201: The base station determines to suspend a radio resource control (RRC) connection of the terminal.

For example, when the base station does not receive the data sent by the terminal within a certain period of time, it decides to suspend the terminal.

Step 202: The base station sends a suspension message to the terminal.

The suspend message is used to notify the terminal to release the RRC connection and enter an inactive state. The suspend message may be, for example, an RRC Connection Release message with a special indication.

In a specific implementation, the suspended message may carry the following parameters: a recovery identifier. Optionally, the suspended message may also carry a next hop chaining counter (NCC) or the like.

The recovery identifier is a parameter that is required for the terminal to enter the connection state from the inactive state. The recovery identifier may include the identifier of the source base station, the identifier of the terminal, and the like. Specifically, the recovery identifier may be ResumeID, and the inactive state-cell wireless network temporarily Identification (INACTIVE-cell radio network temporary identifier, I-RNTI).

The NCC is an optional parameter, and the NCC may also be a parameter required when the terminal subsequently enters the connected state from the inactive state. If the suspended message carries the NCC, the access layer key used by the subsequent terminal and the base station will be updated. The NCC is a parameter required to generate a new access layer key, ie the NCC can be used to generate a new access stratum key (this application uses KgNB* to represent the new access stratum key). If the suspended message does not carry the NCC, the access layer key used by the subsequent terminal and the base station will not be updated, that is, it will remain unchanged.

Optionally, the suspend message may also carry a cause parameter releaseCause, and the releaseCause is used to notify the terminal to perform the suspend operation and enter the inactive state. For example, releaseCause can be set to "RRC Suspend" or "RRC Inactive". When the terminal obtains the releaseCause parameter and determines that the releaseCause value is "RRC Suspend" or "RRC Inactive", the terminal suspends the related operation.

Optionally, the base station may further notify the control plane network element of the core network to release the bearer, for example, release a signaling radio bearer (SRB) or a data radio bearer (DRB).

Step 203: The terminal enters an inactive state.

The terminal saves the deleted part of the AS context and retains part of the AS context. The reserved part of the AS context includes an access layer key, a security capability of the terminal, an integrity protection algorithm and an encryption algorithm for communication between the terminal and the source base station to which the terminal accesses.

The terminal also saves the recovery identifier sent by the base station. Optionally, the terminal also saves parameters such as NCC.

The terminal suspends the bearer, for example, suspending the signaling radio bearer, the data radio bearer, and then entering the inactive state.

From the process in which the terminal enters the inactive state from the connected state, it can be seen that after the terminal enters the inactive state, the terminal saves part of the AS context and parameters received from the base station, and thus, when the terminal wishes to recover from the inactive state to the connection. In the state, these parameters will help the terminal to quickly recover from the inactive state to the connected state.

It should be noted that the base station accessed by the terminal may also be referred to as a source base station accessed by the terminal. When the terminal requests to resume the connection, the base station that the terminal requests to access may be the source base station or other base stations, which may be referred to as the target base station.

The following describes several methods for introducing a request to restore a connection in a base station rejection scenario. That is, the terminal requests to recover from the inactive state to the connected state, and the terminal requests to resume from the inactive state to the connected state under the target base station.

The target base station and the source base station may be different base stations, or may be the same base station. The following is an example in which the target base station and the source base station are different base stations. In the case where the target base station and the source base station are the same base station, only the interaction between the source base station and the target base station needs to be omitted.

As shown in FIG. 3, a method for requesting a recovery connection is provided by the present application, and the method includes the following steps:

Step 301: The terminal generates a message authentication code (MAC).

The message authentication code is used to authenticate the legitimacy of the terminal. In a specific implementation, the message authentication code has at least two generation modes:

Manner 1: Generate a message authentication code according to the integrity protection algorithm of the terminal and the integrity protection key of the terminal, where the integrity protection key is the same as the integrity protection key used in the previous restoration.

In the first method, the integrity protection key used by the terminal each time the message authentication code is generated is the same as the integrity protection key used in the previous restoration, and accordingly, the integrity protection key of the terminal stored in the source base station It is also the same as the integrity protection key used in the previous recovery.

For example, the Krrc-int is used to represent the integrity protection key of the terminal. If the other parameters of the message authentication code are the same, the message authentication code generated by the terminal is the same every time, that is, according to the completeness of the Krrc-int and the terminal. Sex protection algorithm generation.

The Krrc-int is generated by the terminal according to the access layer key, the identifier of the integrity protection algorithm of the terminal, and the type of the integrity protection algorithm of the terminal. Therefore, in the first method, the integrity protection key Krrc-int of the terminal is the same as the integrity protection key used in the previous recovery, and can also be understood as the access layer key of the terminal and the last recovery used. The access layer keys are the same.

For example, if KgNB is used to represent the access layer key, in the first method, the access layer key KgNB used by the terminal to generate the message authentication code remains the same as the access layer key used in the previous restoration.

Manner 2: Generate a message authentication code according to the integrity protection algorithm of the terminal and the integrity protection key of the terminal, where the integrity protection key is regenerated.

In the second mode, the integrity protection key used by the terminal each time the message authentication code is generated is regenerated, and is different from the integrity protection key used by the terminal last time.

For example, if the last used integrity protection key of the terminal is Krrc-int, the terminal will need to regenerate and use the new integrity protection key, for example using Krrc-int* to indicate the new integrity protection key.

As an implementation manner, the terminal may generate a new integrity protection key Krrc-int* by using the following method: the terminal generates a new access layer key, and then uses the new access layer key, the terminal integrity protection algorithm. The type of identity and the integrity protection algorithm of the terminal generate Krrc-int*.

For example, KgNB is used to indicate the current access layer key of the terminal, and KgNB* is used to represent the new access layer key. In the second mode, the terminal is based on the KgNB*, the identifier of the integrity protection algorithm of the terminal, and the terminal. The type of integrity protection algorithm generates Krrc-int*, and then uses Krrc-int* and the terminal integrity protection algorithm to generate the message authentication code.

Due to the use of the new access layer key KgNB*, the resulting message authentication code has changed. That is, each time the terminal needs to use the message authentication code, the generated message authentication code is different from the message authentication code generated last time.

As an example, a method of generating a new access layer key KgNB* is described below, including the following steps:

Step A1: The terminal acquires the first NCC and the second NCC.

The first NCC refers to the NCC that is sent by the source base station to the terminal and saved by the terminal in the suspending process. For details, refer to step 202 above.

The second NCC refers to the NCC saved by the terminal before the first NCC is obtained.

Step A2: The terminal determines whether the first NCC is the same as the second NCC. If they are the same, step A3 is performed; if not, step A4 is performed.

Step A3: The terminal obtains KgNB* according to KgNB.

Among them, KgNB refers to the old access layer key (old KgNB), which may also be called the original access layer key (original KgNB), or may also be called the old access layer key (old KgNB). .

Accordingly, KgNB* refers to the new access layer key (new KgNB), which may also be referred to as the updated access layer key (updated KgNB).

It should be noted that KgNB, KgNB* is just a symbolic representation. For example, in a 4G application, the access layer key can be represented by KeNB, KeNB*. The different manifestations used in the symbols themselves are not intended to limit the application.

Optionally, as an implementation manner, in step A3, the terminal may be based on KgNB, a target physical cell identifier (PCI), and an absolute radio frequency channel number-down link (ARFCN-). DL), get KgNB*.

For the specific implementation of KgNB* according to KgNB, target PCI and ARFCN-DL, for the prior art, reference may be made to related documents, for example, reference can be made to the 3rd generation partnership project (3GPP) technical specification (technical) Specification, TS) 33.401 or related description in 3GPP TS 33.501, which is not described here.

Step A4: The terminal obtains a next hop (NH) according to the first NCC and the second NCC, and obtains KgNB* according to the NH.

Wherein, NH is associated with the first NCC and the second NCC. The terminal can determine the number N of the derived NH according to the first NCC and the second NCC, and then derive the next NH according to the current NH, and obtain another NH by using the next NH, and repeat until the N is derived to obtain the final NH.

Optionally, as an implementation manner, the terminal may obtain KgNB* according to NH, target PCI, and ARFCN-DL.

For a specific implementation of the method for generating the KgNB*, refer to the related literature. For example, reference may be made to the related description in 3GPP TS33.401 or 3GPP TS 33.501, and details are not described herein again.

Optionally, after obtaining the integrity protection key by using the foregoing two methods, the terminal may use the integrity protection key, the source PCI, the source cell radio network temporary identifier (C-RNTI), and the target. The cell identifier and the recovery constant generate a message authentication code.

In summary, the main difference between the first mode and the second mode is that, in the first mode, each time the terminal uses the message authentication code, the generated message authentication code is the same as the message authentication code generated last time, that is, the message authentication code. In the second mode, each time the terminal uses the message authentication code, the generated message authentication code is different from the message authentication code generated last time, that is, the message authentication code remains updated.

Step 302: The terminal sends a connection recovery request message to the target base station, and the target base station receives a connection recovery request message from the terminal.

A connection recovery request message sent by the terminal, used to request to resume the RRC connection. That is, the terminal requests to return from the inactive state to the connected state.

As an implementation manner, the connection recovery request message carries a recovery identifier. The recovery identifier is sent by the source base station to the terminal when the terminal enters the inactive state from the connected state. For example, reference may be made to the related description of step 202 above, and details are not described herein again.

Further, the connection recovery request message further carries the message authentication code generated in step 301 above.

Step 303: The target base station determines whether to approve the recovery request of the terminal.

The target base station determines whether the terminal can be accessed based on the load capability.

In one case, if the load of the target base station is relatively heavy and cannot access the terminal, the target base station may reject the recovery request of the terminal, that is, reject the terminal from accessing the target base station. At this time, step 304 is performed.

In another case, the target base station is not heavily loaded and can access the terminal, and the target base station can agree to the terminal's recovery request, that is, the terminal is allowed to access the target base station. At this time, step 305-step 308 is performed.

Step 304: The target base station sends a connection recovery reject message to the terminal, and the terminal receives a connection recovery reject message from the target base station.

The connection recovery reject message is used to indicate that the terminal is denied the RRC connection.

Optionally, the connection recovery refusal message may be carried with a wait timer, where the information of the wait timer is used to reject the terminal access time, and may also be used to indicate that the terminal requests the recovery again. The minimum length of time that an RRC connection needs to wait. For example, if it waits for 30 minutes indicated by the timer information, it is used to instruct the terminal to wait at least 30 minutes before the connection recovery request can be re-initiated. That is, the operations of steps 301 and 302 are re-executed, and the next connection recovery request flow is entered.

Step 305: The target base station sends a context request message to the source base station, where the source base station receives a context request message from the target base station.

The context request message is used to request the context of the terminal.

As an implementation manner, when the target base station determines to agree to the connection recovery request of the terminal, the recovery identifier is obtained from the connection recovery request message, and according to the identifier of the source base station in the recovery identifier, it is determined that the terminal is connected to the source base station before, Sending a context request message to the source base station, where the context request message is used to request the acquisition of the context of the terminal, where the context request message carries the recovery identifier and the message authentication code.

After receiving the context request message, the source base station obtains the recovery identifier, and obtains the access layer context of the terminal according to the identifier of the terminal in the recovery identifier, including the security capability of the terminal. Optionally, the obtained access layer context of the terminal further includes information such as an encryption algorithm and an integrity protection algorithm negotiated between the terminal and the source base station.

Step 306: The source base station acquires the context of the terminal if the verification message authentication code is correct.

The method for the source base station to verify the message authentication code corresponds to the method for the terminal to generate the message authentication code.

If the terminal generates the message authentication code in the foregoing manner, the source base station checks the message authentication code in the following manner: the source base station acquires an integrity protection algorithm in the context of the terminal (which may also be referred to as an integrity protection algorithm of the source base station) and The access layer key is then derived according to the key of the access layer, and the integrity protection key (which may also be referred to as the integrity protection key of the source base station) is derived, or the source base station acquires the integrity in the context of the terminal. A protection algorithm (which may also be referred to as an integrity protection algorithm of the source base station) and an integrity protection key (which may also be referred to as an integrity protection key of the source base station), and then according to the integrity protection algorithm of the source base station and the integrity of the source base station The protection key is generated, and the message authentication code is generated and compared with the message authentication code in the context request message. If they are the same, the verification is correct. If it is different, the verification fails.

If the terminal generates the message authentication code by using the foregoing mode 2, the source base station checks the message authentication code by: the source base station determines whether the next hop NH has been used, and if not, the source base station obtains new access according to the NH. The layer key KgNB*, if used, the source base station obtains a new access layer key KgNB* according to the current access layer key KgNB of the terminal. After obtaining KgNB*, Krrc-int* is generated according to the KgNB*, the identity of the integrity protection algorithm of the source base station, and the type of the integrity protection algorithm of the source base station, and then the integrity protection of the source base station is performed using the Krrc-int* and the source base station. The algorithm generates a message authentication code and compares it with the message authentication code in the context request message. If they are the same, the verification is correct. If it is different, the verification fails.

Optionally, the source base station may further generate a message authentication code according to the integrity protection key, the source PCI, the source cell radio network temporary identifier (C-RNTI), the target cell identifier, and the recovery constant.

Step 307: The source base station sends a context response message to the target base station if the verification message authentication code is correct.

The context response message may include a context of the terminal, for example, an integrity protection algorithm of the source base station, and an integrity protection key of the source base station. Optionally, the generated KgNB* is also included.

Step 308: The target base station sends a connection recovery response message to the terminal, where the terminal receives a connection recovery response message from the target base station.

The connection recovery response message is used to instruct the terminal to resume the RRC connection. Optionally, the connection recovery response message may be integrity protected and encrypted by the target base station according to the integrity protection algorithm of the source base station and the integrity protection key and the encryption key generated by the KgNB*. The KgNB* used by the target base station may be from the source base station. For the specific implementation process, reference may be made to related solutions of the prior art, and details are not described herein again.

After the step 308, the subsequent process of the terminal from the inactive state to the connected state is further included. For details, refer to the description of related documents, and details are not described herein again.

The main problems with the above method for restoring connections are as follows:

On the one hand, if the message authentication code is generated in the first step 301, that is, the message authentication code generated by the terminal is the same each time. When the terminal sends the connection recovery request message to the target base station for the first time, if the target base station rejects the connection recovery request of the terminal, the attacker may steal the first connection of the terminal before the next (ie, second) transmission of the connection recovery request message. The message authentication code carried in the connection recovery request message is sent, and then the attacker masquerades as a terminal, and sends a connection recovery request message to the target base station, where the connection recovery request message carries the message authentication code stolen by the attacker. If the load of the target base station is not heavy, the foregoing step 305-step 308 is performed, so that the source base station verifies that the message authentication code is correct, and then carries the context of the terminal in the context response message and sends the message to the target base station, and the source base station The context of the terminal is deleted. Further, when the terminal resends the connection recovery request message to the target base station for the second time, the source base station has deleted the context of the terminal, and the terminal cannot pass the authentication, so the terminal cannot enter the connected state from the inactive state. Of course, if the load of the target base station is heavy, the target base station rejects the attacker's connection recovery request, but the attacker can continuously attack until the target base station agrees to the attacker's connection recovery request. Therefore, in the first method, the above-mentioned vulnerable problem exists, and the terminal may not be able to enter the connected state from the inactive state.

On the other hand, if the message authentication code is generated by using the mode 2 in the above step 301, the message authentication code generated by the terminal is different each time. When the terminal sends a connection recovery request message to the target base station for the first time, if the target base station rejects the connection recovery request of the terminal, the access layer key stored on the terminal has been updated to KgNB*. However, since the target base station does not notify the source base station that the key has been updated, the access layer key stored on the source base station is still the original access layer key KgNB. Further, when the terminal sends the connection recovery request message to the target base station for the second time, if the target base station agrees to the connection recovery request of the terminal, the access layer key stored on the terminal is KgNB*, and the connection is stored on the source base station. The inbound key is KgNB, and the source base station fails to check the authentication code of the message sent by the terminal. The terminal cannot enter the connected state from the inactive state. Therefore, there is also a problem that the second mode may not be able to enter the connected state from the inactive state.

The present application will propose the following solutions to the above problems with the method of requesting a connection recovery as shown in FIG. The following are explained separately.

Solution one

The solution 1 can be used to solve the problem that the foregoing step 301 adopts the method 1 to generate the message authentication code.

As shown in FIG. 4, a flowchart of a method for requesting a recovery connection provided by the present application includes the following steps:

Step 401: The terminal generates a message authentication code according to the freshness parameter and the integrity protection key of the terminal.

The freshness parameters used to generate the message authentication code twice are different. That is, the specific value of the freshness parameter changes every time the message authentication code is generated, and the freshness parameter used when generating the message authentication code is different from the freshness parameter used when the message authentication code was last generated. .

As an implementation manner, the freshness parameter includes a Packet Data Convergence Protocol COUNT (PDCP COUNT), and the PDCP COUNT may include an uplink PDCP COUNT and a downlink PDCP COUNT, and the terminal uplinks the PDCP every time an uplink PDCP packet is sent. COUNT plus 1, the downlink PDCP COUNT is incremented by 1 for each downlink PDCP packet sent by the base station. For example, the PDCP COUNT may be an uplink PDCP COUNT of a signaling radio bearer (SRB). Optionally, whenever the radio bearer is re-established At the same time, the PDCP COUNT can be reset to zero. Since the PDCP COUNT is constantly changing, the message authentication code generated by the terminal each time is different from the last generated message authentication code.

As another implementation manner, the freshness parameter may include the number of rejections, and the number of rejections may be used to indicate the number of times the terminal attempts to restore the RRC connection rejected by the network side. Each time the terminal attempts to resume being rejected by the network side, the number of rejections is increased by one. Alternatively, the number of rejections may be reset to zero each time the RRC connection is successfully restored. Since the number of rejections is always changing, the message authentication code generated by the terminal each time is different from the message authentication code generated last time.

In a specific implementation, the message authentication code may be generated according to the freshness parameter, the integrity protection key of the terminal, and the integrity protection algorithm of the terminal.

Step 402: The terminal sends a connection recovery request message to the target base station, and the target base station receives a connection recovery request message from the terminal.

The connection recovery request message is used to request to restore the RRC connection, and the connection recovery request message includes a message authentication code and a recovery identifier. Optionally, the connection recovery request message further includes an indication parameter, where the indication parameter is used to indicate the freshness parameter. Specifically, the indication parameter may be the freshness parameter itself, or may be a parameter indicating the freshness parameter. The connection recovery request message also includes a recovery identifier.

Specifically, if the freshness parameter is the number of rejections, the connection recovery request message includes a message authentication code and a recovery identifier. If the freshness parameter is PDCP COUNT, the connection recovery request message includes a message authentication code, a recovery identifier, and an indication parameter, and the indication parameter is used to indicate PDCP COUNT.

Wherein, if the freshness parameter is PDCP COUNT, and the PDCP COUNT is represented by a binary bit, the indication parameter PDCP COUNT itself is all bits of the PDCP COUNT. The indication parameter can also be a partial bit of the PDCP COUNT.

For example, suppose the PDCP COUNT is represented by 32 bits. Since the change between the PDCP COUNTs used when generating the message authentication code two times is not particularly large, between two adjacent PDCP COUNTs Only the lower bits change, and the higher bits do not change. Therefore, the indication parameter can be represented using a portion of the low bit of the PDCP COUNT. For example, the PDCP COUNT used by the terminal to generate the message authentication code is “00000000000011111111111100011111”, and the PDCP COUNT used by the terminal to generate the message authentication code is “00000000000011111111111100100011”. It can be found that only the lower 5 bits of the PDCP COUNT have changed. The high 27 did not change. Therefore, the lower N bits of the PDCP COUNT can be selected as the indication parameter, N being greater than 1, and less than 32. Of course, the indication parameter can also be all bits of the PDCP COUNT.

Wherein, if the freshness parameter is the number of rejections, the terminal and the source base station each maintain the number of times the terminal is refused to resume the connection.

Through the above steps 401 to 402, the message authentication code generated by the terminal is different from the message authentication code generated last time. Therefore, even if the attacker steals the message authentication code used by the terminal last time, the "expired" is used. The message authentication code, therefore, the attacker will not be able to attack successfully.

The implementation methods of the subsequent target base station and source base station are given below.

Optionally, after the foregoing step 402, the following method steps are further included:

Step 403: The target base station determines whether to approve the recovery request of the terminal.

In one case, if the load of the target base station is relatively heavy and cannot access the terminal, the target base station may reject the recovery request of the terminal, that is, reject the terminal from accessing the target base station. At this time, step 404-step 407 is performed.

In another case, the target base station is not heavily loaded and can access the terminal, and the target base station can agree to the terminal's recovery request, that is, the terminal is allowed to access the target base station. At this time, steps 408 to 411 are performed.

Step 404: The target base station sends a notification message to the source base station, where the source base station receives the notification message from the target base station.

The notification message includes a message authentication code and a recovery identifier obtained by the target base station from the connection recovery request message, and optionally, an indication parameter, wherein the context of the terminal in the source base station that notifies the update includes a freshness parameter.

Wherein, the notification message has one or more of the following functions:

The notification message is used to notify the key of the context of the terminal in the update source base station.

Step 405: The source base station checks the message authentication code, and if the verification message authentication code is correct, updates the context of the terminal.

In this step, the source base station first acquires the context of the terminal in the source base station according to the recovery identifier in the notification message.

Next, the source base station determines the freshness parameter.

As an example, the source base station determines a freshness parameter based on the indication parameters. For example, when the freshness parameter is PDCP COUNT, the source base station determines the PDCP COUNT indicating the parameter indication according to the indication parameter. In a specific implementation, if the indication parameter indicates a partial bit of the PDCP COUNT, the source base station may determine the indication according to a part of the high bit of the PDCP COUNT currently stored by the source base station and a part of the low bit of the PDCP COUNT indicated by the parameter. The PDCP COUNT indicated by the parameter.

As another example, the source base station directly determines the freshness parameter. For example, when the freshness parameter is the number of rejections, the source base station determines the current number of rejections as the number of rejections. That is, the target base station can directly obtain the number of rejections of the terminal locally.

Then, the source base station generates a message authentication code according to the freshness parameter, the integrity protection key of the source base station, and the integrity protection algorithm of the source base station, if the generated message authentication code is the same as the message authentication code generated by the terminal carried in the notification message. , the verification is correct, if it is different, the verification fails.

Optionally, the source base station may be based on a freshness parameter, an integrity protection key of the source base station, and an integrity protection algorithm of the source base station, a source PCI, a cell radio network temporary identifier (C-RNTI), The target cell identifier and the recovery constant generate a message authentication code.

Wherein, if the source base station verifies that the message authentication code is correct, the freshness parameter in the context of the terminal is updated. For example, when the freshness parameter is PDCP COUNT, the source base station updates the context of the terminal in the source base station, including: if the value of the PDCP COUNT in the notification message is greater than the value of the PDCP COUNT in the context of the terminal in the source base station, the source The base station updates the value of the PDCP COUNT in the context of the terminal to the value of the PDCP COUNT in the notification message, or understands that the value of the PDCP COUNT in the context of the terminal is updated to the value of the PDCP COUNT indicating the parameter indication. For another example, when the freshness parameter is the number of rejections, the source base station updates the context of the terminal in the source base station according to the freshness parameter, including: the source base station increases the number of rejections by one.

As another implementation manner, the source base station may first determine whether the value of the PDCP COUNT in the notification message is greater than the value of the PDCP COUNT in the context of the terminal in the source base station, if the value of the PDCP COUNT in the notification message is greater than the source base station. If the value of the PDCP COUNT in the context of the terminal in the terminal is correct, the source base station checks the message authentication code. If the verification message authentication code is correct, the freshness parameter in the context of the terminal is updated according to the freshness parameter. The specific update method is: The source base station updates the value of the PDCP COUNT in the context of the terminal to the value of the PDCP COUNT in the notification message.

Step 406: The source base station sends a response message to the target base station, and the target base station receives the response message from the source base station.

The step 406 is an optional step, and the response message is used by the source base station to notify the target base station after the context update of the terminal is completed.

Step 407: The target base station sends a connection recovery reject message to the terminal, where the terminal receives a connection recovery reject message from the target base station.

This step 407 is the same as step 304 above, and can be referred to the foregoing description.

When the freshness parameter is the number of rejections, the terminal updates the number of rejections after receiving the connection recovery rejection message, including: adding 1 to the number of rejections.

It should be noted that there is no order limitation between the above step 407 and step 404-step 406, that is, step 407 may be performed before step 404, may be performed after step 406, and may also be performed between step 404-step 406.

Through the above steps 404-407, when the target base station decides to reject the connection recovery request of the terminal, on the one hand, the target base station notifies the terminal to reject the connection recovery request, and on the other hand, notifies the source base station to update the context of the terminal, specifically, the update source. Freshness parameters stored in the base station. Thereby the freshness parameters between the terminal and the source base station are kept consistent.

Step 408: The target base station sends a context request message to the source base station, where the source base station receives a context request message from the target base station.

The context request message includes a message authentication code and a recovery identifier generated by the terminal, and the context request message is used to request to acquire the context of the terminal. Optionally, the context request message further includes an indication parameter.

Step 409: The source base station updates the freshness parameter in the context of the terminal if the verification message authentication code is correct.

For the manner in which the source base station checks the message authentication code and the manner in which the source base station updates the freshness parameter in the context of the terminal, refer to the description of step 405 above, and details are not described herein again.

Step 410: The source base station sends a context response message to the target base station, where the target base station receives a context response message from the source base station.

Step 411: The target base station sends a connection recovery response message to the terminal, where the terminal receives a connection recovery response message from the target base station.

The foregoing steps 410-411 are the same as the above steps 307-308, and the foregoing description may be omitted, and details are not described herein again.

Through the foregoing steps 408-411, when the target base station decides to agree to restore the connection of the terminal, the source base station checks the message authentication code of the terminal according to the freshness parameter, and when the verification is correct, on the one hand, updates the source base station. The freshness parameter in the context of the terminal, on the other hand, sends the context of the acquired terminal to the target base station.

Through the method of the above steps 401-411, the freshness parameter is introduced in the input parameter of the terminal to generate the message authentication code, and accordingly, the freshness parameter is also introduced in the input parameter of the source base station verification message authentication code. On the one hand, if the target base station rejects the connection recovery request of the terminal, the target base station may notify the source base station to update the freshness parameter in the context of the terminal by step 404, thereby maintaining the consistency of the freshness parameter of the terminal and the source base station. On the other hand, if the target base station agrees to the connection recovery request of the terminal, the target base station may request to acquire the context of the terminal from the source base station through step 408, and at the same time, the source base station may also update the source context of the source base station in the process. Sexual parameters, thereby maintaining the consistency of the terminal with the freshness parameters of the source base station.

The foregoing solution 1 can effectively solve the problem that the above-mentioned step 301 adopts the method 1 to generate a message authentication code, which is vulnerable. The following is explained in conjunction with specific examples.

Taking the freshness parameter as the PDCP COUNT as an example, it is assumed that the value of the PDCP COUNT currently stored by the terminal and the source base station is 5, and the terminal is currently in an inactive state.

The terminal sends a connection recovery request message to the target base station for the first time. The connection recovery request message carries a message authentication code, an indication parameter, and a recovery identifier, and the message authentication code is generated according to the PDCP COUNT and the integrity protection key of the terminal, and the The PDCP COUNT indicated by the indication parameter is greater than 5, for example 10.

If the target base station rejects the connection recovery request of the terminal, the connection recovery rejection message sent to the terminal carries the information of the waiting timer, and instructs the terminal to try to re-initiate the connection recovery request after 30 minutes. At the same time, the target base station informs the source base station to update the PDCP COUNT in the context of the terminal of the source base station to 10.

It is assumed that before the terminal sends the connection recovery request message to the target base station for the second time, the attacker steals the message authentication code and the recovery identifier from the connection recovery request message sent by the terminal to the target base station for the first time, where the message authentication code is generated. The PDCP COUNT used is 10.

Then, the attacker sends a connection recovery request message to the target base station, where the connection recovery request message carries the stolen message authentication code and the recovery identifier, and after receiving the connection recovery request message, the target base station, if it agrees to the attacker's recovery request, then The source base station sends a context request message. Then, the source base station checks the message authentication code sent by the attacker. The PDCP COUNT used in the generation of the message authentication code sent by the attacker is 10, and the PDCP COUNT in the context of the terminal of the source base station is also 10, two. The two are equal, so the verification fails. Thus, the attacker fails to attack.

Taking the freshness parameter as the number of rejections, the value of the number of rejections currently stored by the terminal and the source base station is 2, and the terminal is currently in an inactive state.

The terminal sends a connection recovery request message to the target base station for the first time. The connection recovery request message carries a message authentication code and a recovery identifier. The message authentication code is generated according to the number of rejections and the integrity protection key of the terminal. 2.

If the target base station rejects the connection recovery request of the terminal, the connection recovery rejection message sent to the terminal carries the information of the waiting timer, indicating that the terminal may try to re-initiate the connection recovery request after 30 minutes, and the terminal update rejection number is 3. At the same time, the target base station notifies the source base station to update the number of rejections in the context of the terminal of the source base station to 3.

It is assumed that before the terminal sends the connection recovery request message to the target base station for the second time, the attacker steals the message authentication code and the recovery identifier from the connection recovery request message sent by the terminal to the target base station for the first time, where the message authentication code is generated. The number of rejections used is 2.

Then, the attacker sends a connection recovery request message to the target base station, where the connection recovery request message carries the stolen message authentication code and the recovery identifier, and after receiving the connection recovery request message, the target base station, if it agrees to the attacker's recovery request, then The source base station sends a context request message. Then, the source base station checks the message authentication code sent by the attacker, because the number of rejections used by the attacker to send the message authentication code is 2, and the number of rejections in the context of the terminal of the source base station is 3, so the school The test failed. Thus, the attacker fails to attack.

Therefore, the first solution provided by the present application can effectively solve the problem of the method 1 for generating the message authentication code in the foregoing step 301, and can effectively resist the attack of the attacker.

Solution two

The solution 2 can be used to solve the problem that the foregoing step 301 uses the second method to generate the message authentication code.

Step 501: The terminal generates a message authentication code.

The step 501 is the same as the second method of the foregoing step 301, and the foregoing description may be referred to.

In this step 501, when the terminal generates the message authentication code, the access layer key is also updated, that is, updated by KgNB to KgNB*, and the integrity protection key is also updated, that is, updated by Krrc-int to Krrc- Int*.

Step 502: The terminal sends a connection recovery request message to the target base station, where the target base station receives a connection recovery request message from the terminal.

This step 502 is the same as the foregoing step 302, and the foregoing description can be referred to.

Step 503: The target base station determines whether to agree to the recovery request of the terminal.

In one case, if the load of the target base station is relatively heavy and cannot access the terminal, the target base station may reject the recovery request of the terminal, that is, reject the terminal from accessing the target base station. At this time, steps 504 to 507 are performed.

In another case, the target base station is not heavily loaded and can access the terminal, and the target base station can agree to the terminal's recovery request, that is, the terminal is allowed to access the target base station. At this time, step 508-step 511 is performed.

Step 504: The target base station sends a notification message to the source base station, where the source base station receives the notification message from the target base station.

The notification message includes a message authentication code and a recovery identifier obtained by the target base station from the connection recovery request message.

Wherein, the notification message has one or more of the following functions:

The key may be an access layer key, and/or an integrity protection key.

Step 505: The source base station checks the message authentication code, and if the verification message authentication code is correct, updates the key of the context of the terminal.

Then, the source base station generates a message authentication code according to the integrity protection algorithm of the source base station and the integrity protection key of the source base station. If the generated message authentication code is the same as the message authentication code carried in the notification message, the verification is correct. Different, the verification fails. The integrity protection key of the source base station used by the source base station to generate the message authentication code is the new integrity protection key Krrc-int* generated by the source base station. For the specific generation method, refer to the related description in step 306 above. No longer.

The source base station verifies the message authentication code, and if the verification message authentication code is correct, updates the access layer key of the context of the terminal, and/or the integrity protection key.

Step 506: The source base station sends a response message to the target base station, and the target base station receives the response message from the source base station.

The step 506 is an optional step, and the response message is used by the source base station to notify the target base station after the context update of the terminal is completed.

Step 507: The target base station sends a connection recovery reject message to the terminal, where the terminal receives a connection recovery reject message from the target base station.

This step 507 is the same as step 304 above, and the foregoing description can be parameterized.

It should be noted that there is no order limitation between the above steps 507 and 504-step 506, that is, step 507 may be performed before step 504, may be performed after step 506, and may also be performed between steps 504-506.

Through the above steps 504-507, when the target base station decides to reject the connection recovery request of the terminal, on the one hand, the target base station notifies the terminal to reject the connection recovery request, and on the other hand, notifies the source base station to update the key of the context of the terminal. Thereby the keys between the terminal and the source base station are kept consistent.

Step 508: The target base station sends a context request message to the source base station, where the source base station receives a context request message from the target base station.

The context request message includes a message authentication code and a recovery identifier generated by the terminal, and the context request message is used to request to acquire the context of the terminal.

This step is the same as step 305 above, and the foregoing description can be referred to.

Step 509: The source base station acquires the context of the terminal if the verification message authentication code is correct.

For the specific manner of the source base station verifying the message authentication code, reference may be made to the verification mode of the message authentication code used by the source base station when the terminal uses the mode 2 to generate the message authentication code in the foregoing step 306.

Step 510: The source base station sends a context response message to the target base station if the verification message authentication code is correct.

Step 511: The target base station sends a connection recovery response message to the terminal, where the terminal receives a connection recovery response message from the target base station.

The connection recovery response message is used to instruct the terminal to resume the RRC connection. Optionally, the connection recovery response message may be integrity protected and encrypted by the target base station according to the integrity protection algorithm of the source base station and the integrity protection key and the encryption key generated by the KgNB*. For the specific implementation process, reference may be made to related solutions of the prior art, and details are not described herein again.

The method for restoring the connection as shown in the above steps 501 to 511 can effectively solve the problem that occurs when the message authentication code is generated by the second method in the foregoing step 301. In the solution shown in FIG. 5, when the target base station decides to reject the terminal, When the request connection is restored, the target base station sends a notification message to the source base station to notify the source base station to update the key, so that the key is always the same between the terminal and the source base station, so that the terminal and the source can be effectively solved. The terminal that is not synchronized between the base stations cannot solve the problem of the connection being restored.

As an alternative, in the scenario shown in FIG. 5, in the scenario where the target base station rejects the connection recovery request of the terminal, step 504-step 506 may also be deleted, and after step 507, the operation of the terminal is added: the terminal Restore the access layer key of the terminal to the access layer key before the update.

In the scenario where the target base station rejects the connection recovery request of the terminal, the terminal has updated the access layer key. In order to keep the key between the terminal and the source base station consistent, the terminal may also use the method of backing off the key by the terminal. The access layer key of the terminal is restored to the access layer key before the update. Therefore, the purpose of maintaining the same key between the terminal and the source base station is also achieved, and the problem that the terminal cannot be restored due to the key synchronization between the terminal and the source base station can be effectively solved.

Solution three

The solution three is a solution obtained by combining the above solution one and the solution two. The solution 3 can effectively resist the attacker's attack while solving the above problem of inconsistent key.

Step 601: The terminal generates a message authentication code.

Here, the message authentication code is generated by combining the manner in which the message authentication code is generated in the above step 401 and the manner in which the message authentication code is generated in step 501. Specifically, the terminal generates a message authentication code according to the integrity protection algorithm of the terminal, the integrity protection key of the terminal, and the freshness parameter, where the integrity protection key of the terminal is Krrc-int*, and the Krrc-int* is based on The updated access layer key KgNB*, the identity of the integrity protection algorithm of the terminal, and the type of integrity protection algorithm of the terminal are generated.

Step 602: The terminal sends a connection recovery request message to the target base station, where the target base station receives a connection recovery request message from the terminal.

The connection recovery request message includes a message authentication code and a recovery identifier. Optionally, the connection recovery request further includes an indication parameter, and the indication parameter is used to indicate a freshness parameter.

Step 603: The target base station determines whether to approve the recovery request of the terminal.

In one case, if the load of the target base station is relatively heavy and cannot access the terminal, the target base station may reject the recovery request of the terminal, that is, reject the terminal from accessing the target base station. At this time, steps 604 to 607 are performed.

In another case, the target base station is not heavily loaded and can access the terminal, and the target base station can agree to the terminal's recovery request, that is, the terminal is allowed to access the target base station. At this time, step 608-step 611 is performed.

Step 604: The target base station sends a notification message to the source base station, where the source base station receives the notification message from the target base station.

The notification message includes a message authentication code and a recovery identifier obtained by the target base station from the connection recovery request message. Optionally, the notification message may further include an indication parameter.

Wherein, the notification message has one or more of the following functions:

The key may be an access layer key, and/or an integrity protection key.

Step 605: The source base station checks the message authentication code. If the verification message authentication code is correct, the freshness parameter and the key of the context of the terminal are updated.

In this step, the source base station first determines the context of the terminal in the source base station according to the recovery identifier in the notification message.

Next, the source base station determines the freshness parameter. The source base station may determine the freshness parameter according to the indication parameter in the notification message. For example, when the freshness parameter is PDCP COUNT, the source base station determines the PDCP COUNT indicating the parameter indication according to the indication parameter. The source base station can also directly determine the freshness parameters. For example, when the freshness parameter is the number of rejections, the source base station determines the current number of rejections as the number of rejections.

Then, the source base station generates a message authentication code according to the freshness parameter, the integrity protection key of the source base station, and the integrity protection algorithm of the source base station, if the generated message authentication code is the same as the message authentication code generated by the terminal carried in the notification message. , the verification is correct, if it is different, the verification fails. The integrity protection key of the source base station used by the source base station to generate the message authentication code is a new integrity protection key Krrc-int* generated by the source base station.

If the source base station check message authentication code is correct, the freshness parameter in the context of the terminal is updated according to the freshness parameter. For details, refer to the related description of the foregoing step 405. And, the source base station also updates the key in the context of the terminal. For example, the integrity protection key Krrc-int in the source base station is updated to Krrc-int*, and/or the access layer key KgNB in the source base station is updated to KgNB*.

Step 606: The source base station sends a response message to the target base station, and the target base station receives the response message from the source base station.

The step 606 is an optional step, and the response message is used by the source base station to notify the target base station after the context update of the terminal is completed.

Step 607: The target base station sends a connection recovery reject message to the terminal, where the terminal receives a connection recovery reject message from the target base station.

This step 607 is the same as step 404 above, and the foregoing description can be parameterized.

It should be noted that there is no order limitation between the above steps 607 and 604-step 606, that is, step 607 may be performed before step 604, may be performed after step 606, and may also be performed between steps 604-606.

Through the above steps 604-step 607, when the target base station decides to reject the connection recovery request of the terminal, on the one hand, the target base station notifies the terminal to reject the connection recovery request, and on the other hand, notifies the source base station to update the context of the terminal, specifically, the update source. Freshness parameters and keys stored in the base station. Therefore, the freshness parameters between the terminal and the source base station are consistent, and the keys are consistent.

Step 608: The target base station sends a context request message to the source base station, where the source base station receives a context request message from the target base station.

The context request message includes a message authentication code generated by the terminal, a freshness parameter, and a recovery identifier, and the context request message is used to request to acquire the context of the terminal.

Step 609: If the source base station verifies that the message authentication code is correct, the freshness parameter and the key in the context of the terminal are updated.

For the manner in which the source base station checks the message authentication code, and the manner in which the source base station updates the freshness parameter and the key in the context of the terminal, refer to the description of step 605 above, and details are not described herein again.

Step 610: The source base station sends a context response message to the target base station, and the target base station receives a context response message from the source base station.

Step 611: The target base station sends a connection recovery response message to the terminal, where the terminal receives a connection recovery response message from the target base station.

The foregoing steps 610-611 are the same as the above steps 307-308, and the foregoing description may be omitted, and details are not described herein again.

Through the above steps 608-step 611, when the target base station decides to agree to restore the connection of the terminal, the source base station performs the message authentication code of the terminal according to the freshness parameter, the integrity protection key of the source base station, and the integrity protection algorithm of the source base station. Checking, and when the check is correct, on the one hand, updating the freshness parameter in the context of the terminal of the source base station according to the freshness parameter of the terminal, and updating the key in the context of the terminal of the source base station, on the other hand, The context of the acquired terminal is sent to the target base station.

The freshness parameter is introduced in the input parameter of the terminal to generate the message authentication code by the method in the above steps 601-step 611. Correspondingly, the freshness parameter is also introduced in the input parameter of the source base station verification message authentication code. Moreover, the integrity protection key used to generate the message authentication code is generated based on the updated integrity protection key. On the one hand, if the target base station rejects the connection recovery request of the terminal, the target base station may notify the source base station to update the freshness parameter and the key in the context of the terminal by step 604, thereby maintaining the freshness parameter and the key of the terminal and the source base station. Consistent. On the other hand, if the target base station agrees with the connection recovery request of the terminal, the target base station may request to acquire the context of the terminal from the source base station by using step 608, and the source base station may also update the source context of the source base station in the process. Sex parameters and keys, thereby maintaining the consistency of the terminal and the source station's freshness parameters and keys.

Through the foregoing steps 601-611, on the one hand, the key synchronization between the terminal and the source base station can be maintained, and on the other hand, the attacker can be effectively resisted, thereby facilitating the terminal to smoothly enter the connected state from the inactive state. .

Solution four,

The solution 4 can be used to solve the problem that the foregoing step 301 adopts the second method to generate the message authentication code.

Step 701: The terminal generates a message authentication code.

This step 701 is the same as the second method of the foregoing step 301, and reference may be made to the foregoing description.

In this step 701, the terminal updates the access layer key before the message authentication code is generated, that is, the KgNB is updated to KgNB*, and the integrity protection key is also updated, that is, updated by Krrc-int to Krrc-int. *. A message authentication code is then generated based on the updated integrity protection key.

Step 702: The terminal sends a connection recovery request message to the target base station, where the target base station receives a connection recovery request message from the terminal.

This step 702 is the same as the foregoing step 302, and can be referred to the foregoing description.

Step 703: The target base station determines whether to agree with the recovery request of the terminal.

In one case, if the load of the target base station is relatively heavy and cannot access the terminal, the target base station may reject the recovery request of the terminal, that is, reject the terminal from accessing the target base station. At this time, steps 704-705 are performed.

In another case, the target base station is not heavily loaded and can access the terminal, and the target base station can agree to the terminal's recovery request, that is, the terminal is allowed to access the target base station. At this time, step 706-step 709 is performed.

Step 704: The target base station sends a connection recovery reject message to the terminal, where the terminal receives a connection recovery reject message from the target base station.

This step 704 is the same as step 304 above, and reference may be made to the foregoing description.

Step 705: The terminal restores the access layer key of the terminal to the access layer key before the update.

One implementation may be that the terminal saves the access layer key before the update, such as KgNB, before receiving the reject message. After receiving the reject message, the terminal uses the access layer key before the update as the current or stored access layer key. Optionally, after receiving the reject message, the terminal may also delete the updated access layer key, such as KgNB*.

Another implementation manner may be that the terminal saves the security context before the update before receiving the reject message, and the security context before the update includes the access layer key before the update, such as KgNB. After receiving the reject message, the terminal uses the pre-update security context as the current or stored security context. Optionally, after receiving the reject message, the terminal may also delete the updated security context. Specifically, the security context may be the AS security context of the terminal.

After the terminal restores the access layer key of the terminal to the access layer key before the update, the access layer key before the update is saved, and the terminal performs the second mode in step 701 again after the next connection is restored. Message authentication code.

Step 706: The target base station sends a context request message to the source base station, where the source base station receives a context request message from the target base station.

Step 707: The source base station acquires the context of the terminal if the verification message authentication code is correct.

Step 708: The source base station sends a context response message to the target base station if the verification message authentication code is correct.

Step 709: The target base station sends a connection recovery response message to the terminal, where the terminal receives a connection recovery response message from the target base station.

After the step 709, the subsequent process of the terminal from the inactive state to the connected state is further included. For details, refer to the description of related documents, and details are not described herein again.

The method for restoring the connection as shown in the foregoing steps 701 to 709 can effectively solve the problem that occurs when the message authentication code is generated by the second method in the foregoing step 301. In the solution shown in FIG. 7, when the target base station decides to reject the terminal, When the request connection is restored, the target base station sends a connection recovery reject message to the terminal through step 704, and the terminal restores the access layer key of the terminal to the access layer key before the update by step 705, thereby causing the terminal and the source. The keys are always the same between the base stations, so that the problem that the terminal cannot be restored due to the key synchronization between the terminal and the source base station can be effectively solved.

It should be noted that the connection recovery request message, the connection recovery response message, the connection recovery completion message, the context request message, the context response message, and the like in the foregoing embodiment are only one name, and the name does not limit the message itself. In the 5G network and other networks in the future, the connection recovery request message, the connection recovery response message, the connection recovery completion message, the context request message, and the context response message may be other names, which are not specifically limited in the embodiment of the present application. For example, the connection recovery request message may also be replaced with a request message, a recovery request message, a connection request message, etc., and the connection recovery response message may be replaced with a response message, a recovery response message, a connection response message, etc., and the connection is restored. The completion message may also be replaced with a completion message, a recovery completion message, a connection completion message, etc., and the context request message may also be replaced with a request message or the like, and the context response message may also be replaced with a response message or the like.

The foregoing provides a description of the solution provided by the present application from the perspective of interaction between the various network elements. It can be understood that, in order to implement the above functions, each of the foregoing network elements includes a hardware structure and/or a software module corresponding to each function. Those skilled in the art will readily appreciate that the present invention can be implemented in a combination of hardware or hardware and computer software in combination with the elements and algorithm steps of the various examples described in the embodiments disclosed herein. Whether a function is implemented in hardware or computer software to drive hardware depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods for implementing the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present invention.

Based on the same inventive concept, as shown in FIG. 8 , a schematic diagram of a device provided by the present application, which may be a terminal, a target base station, or a source base station, may be implemented by the terminal, the target base station, or the source base station in any of the foregoing embodiments. The method of execution.

The apparatus 800 includes at least one processor 801, a transmitter 802, a receiver 803, and optionally a memory 804. The processor 801, the transmitter 802, the receiver 803, and the memory 804 are connected by a communication line.

Processor 801 can be a general purpose central processing unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more integrated circuits for controlling the execution of the program of the present invention.

The communication line can include a path for communicating information between the units.

The transmitter 802 and the receiver 803 are configured to communicate with other devices or communication networks. The transmitter and receiver include radio frequency circuits.

The memory 804 can be a read-only memory (ROM) or other type of static storage device that can store static information and instructions, a random access memory (RAM) or other type that can store information and instructions. The dynamic storage device may also be an electrically erasable programmabler-only memory (EEPROM), a compact disc read-only memory (CD-ROM) or other optical disc storage, or a disc storage ( Including compressed optical discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.), magnetic disk storage media or other magnetic storage devices, or can be used to carry or store desired program code in the form of instructions or data structures and can be stored by a computer Any other media taken, but not limited to this. The memory 804 may be independent and connected to the processor 801 via a communication line. Memory 804 can also be integrated with the processor. The memory 804 is used to store application code for executing the solution of the present invention, and is controlled by the processor 801 for execution. The processor 801 is configured to execute application code stored in the memory 804.

In a specific implementation, as an embodiment, the processor 801 may include one or more CPUs, such as CPU0 and CPU1 in FIG.

In a particular implementation, as an embodiment, apparatus 800 can include multiple processors, such as processor 801 and processor 808 in FIG. Each of these processors may be a single-CPU processor or a multi-core processor, where the processor may refer to one or more devices, circuits, and/or A processing core for processing data, such as computer program instructions.

It should be understood that when the device 800 is a terminal, the device 800 can be used to implement the steps performed by the terminal in the method of the embodiment of the present invention. For example, the device 800 can perform step 301, step 302, step 304 in FIG. 3 and Step 308, step 401, step 402, step 407, and step 411 in FIG. 4 may also be performed. Step 501, step 502, step 507, and step 511 in FIG. 5 may also be performed, and step 601 in FIG. 6 may also be performed. Step 602, step 607, and step 611, step 701, step 702, step 704, and step 709 in FIG. 7 can also be performed. Related features can be referred to above, and will not be described again here.

When the device 800 is a target base station, the device 800 can be used to implement the steps performed by the target base station in the method of the embodiment of the present invention. For example, the device 800 can perform step 302, step 303, step 304, and step in FIG. 305, step 307 and step 308, step 402, step 403, step 404, step 406, step 407, step 408, step 410 and step 411 in FIG. 4 may also be performed, and step 502 and step 503 in FIG. 5 may also be performed. Step 504, step 506, step 507, step 508, step 510, and step 511, step 602, step 603, step 604, step 606, step 607, step 608, step 610, and step 611 in FIG. 6 may also be performed. Step 702, step 703, step 704, step 706, step 708, and step 709 in FIG. 7 can also be performed. Related features can be referred to above, and will not be described again here.

When the device 800 is a source base station, the device 800 can be used to implement the steps performed by the source base station in the method of the embodiment of the present invention. For example, the device 800 can perform step 305, step 306, and step 307 in FIG. 3, Step 404, step 405, step 406, step 408, step 409, and step 410 in FIG. 4 may also be performed, and step 504, step 505, step 506, step 508, step 509, and step 510 in FIG. 5 may also be performed. Step 604, step 605, step 606, step 608, step 609, and step 610 in FIG. 6 may also be performed, and step 706, step 707, and step 708 in FIG. 7 may also be performed, and related features may be referred to above. I will not repeat them here.

The application may divide the function module into the terminal according to the above method example. For example, each function module may be divided according to each function, or two or more functions may be integrated into one processing module. The above integrated modules can be implemented in the form of hardware or in the form of software functional modules. It should be noted that the division of modules in the present application is schematic, and is only a logical function division, and may be further divided in actual implementation. For example, in the case of dividing each functional module by corresponding functions, FIG. 9 shows a schematic diagram of a device, which may be the terminal involved in the above embodiment, and the device 900 includes a processing unit 901 and a transmitting unit 903. . Optionally, a receiving unit 902 is further included.

In an implementation of a method of requesting a restore connection:

The processing unit 901 is configured to generate a message authentication code according to the freshness parameter and the integrity protection key of the device, where the freshness parameter used in generating the message authentication code twice is different;

The sending unit 903 is configured to send a connection recovery request message to the target base station, where the connection recovery request message includes the message authentication code, and the connection recovery request message is used to request to resume the radio resource control RRC connection.

In a possible implementation manner, the freshness parameter includes a number of rejections, the number of rejections being used to indicate the number of times the device is rejected when attempting to resume the RRC connection.

In a possible implementation, the receiving unit 902 is configured to receive a connection recovery response message from the target base station, where the connection recovery response message is used to instruct the terminal to resume the RRC connection.

In a possible implementation manner, the connection recovery request message further includes an indication parameter, where the indication parameter is used to indicate the freshness parameter.

In a possible implementation manner, the freshness parameter includes a packet data convergence protocol count PDCPCOUNT, and the indication parameter includes part or all of the bits of the PDCP COUNT.

It should be understood that the terminal may be used to implement the steps performed by the terminal in the method of the embodiment of the present invention. For related features, reference may be made to the above, and details are not described herein again.

The application may perform the division of the function modules on the target base station according to the foregoing method example. For example, each function module may be divided according to each function, or two or more functions may be integrated into one processing module. The above integrated modules can be implemented in the form of hardware or in the form of software functional modules. It should be noted that the division of modules in the present application is schematic, and is only a logical function division, and may be further divided in actual implementation. For example, in the case of dividing each functional module by corresponding functions, FIG. 10 shows a schematic diagram of a device, which may be the target base station involved in the above embodiment, and the device 1000 includes a receiving unit 1001 and a transmitting unit. 1002.

In an implementation of a method of requesting a restore connection:

The receiving unit 1001 is configured to receive a connection recovery request message from a terminal, where the connection recovery request message includes a message authentication code, where the connection recovery request message is used to request to restore a radio resource control RRC connection, where the message authentication code is Generating according to the integrity protection key of the terminal;

The sending unit 1002 is configured to: if the RRC connection is refused to be restored, send a notification message to the source base station, where the notification message includes the message authentication code.

Wherein, the notification message has one or more of the following functions:

In a possible implementation manner, the connection recovery request message further includes an indication parameter, where the indication parameter is used to indicate the freshness parameter, and the notification message further includes the indication parameter.

In a possible implementation manner, the freshness parameter includes a PDCP COUNT, and the indication parameter includes part or all of the bits of the PDCP COUNT.

In a possible implementation, the freshness parameter includes a number of rejections, the number of rejections being used to indicate the number of times the device is rejected when attempting to resume the RRC connection.

In another implementation of a method that requests a restore connection:

The receiving unit 1001 is configured to receive a connection recovery request message from a terminal, where the connection recovery request message includes a message authentication code, where the message authentication code is generated according to a freshness parameter and an integrity protection key of the terminal. The freshness parameter used in generating the message authentication code twice is different, and the connection recovery request message is used to request to resume the radio resource control RRC connection;

The sending unit 1002 is configured to: if the RRC connection is restored, send a context request message to the source base station, where the context request message includes the message authentication code, where the context request message is used to request to acquire the context of the terminal. .

In a possible implementation manner, the freshness parameter includes a packet data convergence protocol PDCP count COUNT, and the indication parameter includes part or all of the bits of the PDCP COUNT.

It should be understood that the target base station may be used to implement the steps performed by the target base station in the method of the embodiment of the present invention. For related features, reference may be made to the above, and details are not described herein again.

The application may divide the function modules of the source base station according to the foregoing method example. For example, each function module may be divided according to each function, or two or more functions may be integrated into one processing module. The above integrated modules can be implemented in the form of hardware or in the form of software functional modules. It should be noted that the division of modules in the present application is schematic, and is only a logical function division, and may be further divided in actual implementation. For example, in the case of dividing each functional module by corresponding functions, FIG. 11 shows a schematic diagram of a device, which may be the source base station involved in the above embodiment, and the device 1100 includes a processing unit 1101 and a receiving unit. 1102 and a transmitting unit 1103.

In an implementation of a method of requesting a restore connection:

The receiving unit 1102 is configured to receive a notification message from a target base station, where the notification message includes a message authentication code, where the message authentication code is generated according to an integrity protection key of the terminal;

The processing unit 1101 is configured to check the message authentication code according to the integrity protection key of the source base station, and to update the source base station if the message authentication code is correct The context of the terminal.

Wherein, the notification message has one or more of the following functions:

In a possible implementation manner, the processing unit 1101 is specifically configured to update an access layer key in a context of the terminal in the source base station.

In a possible implementation manner, the message authentication code is generated according to a freshness parameter and an integrity protection key of the terminal, where a freshness parameter used by generating a message authentication code twice is different;

The processing unit 1101 is specifically configured to check the message authentication code according to the freshness parameter and an integrity protection key of the source base station.

In a possible implementation, the freshness parameter includes a packet data convergence protocol, which is a PDCP COUNT, and the processing unit 1101 is configured to update a context of the terminal in the source base station, and specifically includes:

If the value of the PDCP COUNT is greater than the value of the PDCP COUNT in the context of the terminal, the value of the PDCP COUNT in the context of the terminal is updated to the value of the PDCP COUNT indicated by the indication parameter.

In a possible implementation, the processing unit 1101 is specifically configured to increase the number of rejections of the context of the terminal by one.

In another implementation of a method that requests a restore connection:

The receiving unit 1102 is configured to receive a context request message from a target base station, where the context request message includes a message authentication code, where the message authentication code is generated according to the freshness parameter and an integrity protection key of the terminal. The freshness parameter used by the neighboring two generation message authentication codes is different, and the context request message is used to request to acquire the context of the terminal;

The processing unit 1101 is configured to check the message authentication code according to the freshness parameter and the integrity protection key of the source base station; and, if used to verify that the message authentication code is correct, update Freshness parameters in the context of the terminal;

The sending unit 1103 is configured to send a context response message to the target base station, where the context response message includes a context of the terminal.

In a possible implementation manner, the context request message further includes an indication parameter, where the indication parameter is used to indicate the freshness parameter, and the freshness parameter includes a PDCP COUNT; the processing unit 1101 is configured according to the update. The context of the terminal in the source base station specifically includes:

In a possible implementation, the indication parameter includes a partial bit of the PDCP COUNT; the processing unit 1101 is further configured to: determine, according to the indication parameter, the PDCP COUNT indicated by the indication parameter.

In a possible implementation manner, the freshness parameter includes a number of rejections, the number of rejections is used to indicate a number of times the device attempts to recover the RRC connection, and the processing unit 1101 is configured to update according to the update. The context of the terminal in the source base station includes: resetting the number of rejections in the context of the terminal to zero.

It should be understood that the source base station may be used to implement the steps performed by the source base station in the method of the embodiment of the present invention. For related features, reference may be made to the above, and details are not described herein again.

In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware or any combination thereof. When implemented in software, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the processes or functions described in accordance with embodiments of the present invention are generated in whole or in part. The computer can be a general purpose computer, a special purpose computer, a computer network, or other programmable device. The computer instructions can be stored in a computer readable storage medium or transferred from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions can be from a website site, computer, server or data center Transfer to another website site, computer, server, or data center by wire (eg, coaxial cable, fiber optic, digital subscriber line (DSL), or wireless (eg, infrared, wireless, microwave, etc.). The computer readable storage medium can be any available media that can be accessed by a computer or a data storage device such as a server, data center, or the like that includes one or more available media. The usable medium may be a magnetic medium (eg, a floppy disk, a hard disk, a magnetic tape), an optical medium (eg, a DVD), or a semiconductor medium (such as a Solid State Disk (SSD)) or the like.

In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the processes or functions described in accordance with embodiments of the present invention are generated in whole or in part. The computer can be a general purpose computer, a special purpose computer, a computer network, or other programmable device. The computer instructions can be stored in a computer readable storage medium or transferred from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions can be from a website site, computer, server or data center Transfer to another website site, computer, server, or data center by wire (eg, coaxial cable, fiber optic, digital subscriber line (DSL), or wireless (eg, infrared, wireless, microwave, etc.). The computer readable storage medium can be any available media that can be accessed by a computer or a data storage device such as a server, data center, or the like that includes one or more available media. The usable medium may be a magnetic medium (eg, a floppy disk, a hard disk, a magnetic tape), an optical medium (eg, a DVD), or a semiconductor medium (such as a Solid State Disk (SSD)) or the like.

Although the present invention has been described herein in connection with the embodiments of the present invention, it will be understood by those skilled in the <RTIgt; Other variations of the disclosed embodiments are achieved. In the claims, the word "comprising" does not exclude other components or steps, and "a" or "an" does not exclude a plurality. A single processor or other unit may fulfill several of the functions recited in the claims. Certain measures are recited in mutually different dependent claims, but this does not mean that the measures are not combined to produce a good effect.

Those skilled in the art will appreciate that embodiments of the present application can be provided as a method, apparatus (device), computer readable storage medium, or computer program product. Thus, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or a combination of software and hardware aspects, which are collectively referred to herein as "module" or "system."

Those skilled in the art can also understand that the various illustrative logical blocks and steps listed in the embodiments of the present application can be implemented by electronic hardware, computer software, or a combination of the two. Whether such functionality is implemented by hardware or software depends on the design requirements of the particular application and the overall system. Those skilled in the art can implement the described functions using various methods for each specific application, but such implementation should not be construed as being beyond the scope of the embodiments of the present application.

While the invention has been described with respect to the specific embodiments and embodiments thereof, various modifications and combinations may be made without departing from the spirit and scope of the invention. Accordingly, the specification and drawings are to be construed as the It is apparent that those skilled in the art can make various modifications and variations to the invention without departing from the spirit and scope of the invention. Thus, it is intended that the present invention cover the modifications and modifications of the invention

Claims

A method for requesting a connection to restore, characterized in that it comprises:

The terminal generates a message authentication code according to the freshness parameter and the integrity protection key of the terminal, where the freshness parameter used in generating the message authentication code twice is different;

The terminal sends a connection recovery request message to the target base station, where the connection recovery request message includes the message authentication code, and the connection recovery request message is used to request to resume the radio resource control RRC connection.
The method of claim 1, wherein the freshness parameter comprises a number of rejections, the number of rejections being used to indicate a number of times the terminal is rejected when attempting to resume the RRC connection.
The method of claim 1, wherein the connection recovery request message further comprises an indication parameter, the indication parameter being used to indicate the freshness parameter.
The method of claim 3, wherein the freshness parameter comprises a packet data convergence protocol count PDCP COUNT, the indication parameter comprising part or all of the bits of the PDCP COUNT.
A method for requesting a connection to restore, characterized in that it comprises:

The target base station receives a connection recovery request message from the terminal, where the connection recovery request message includes a message authentication code, and the connection recovery request message is used to request to restore the radio resource control RRC connection, where the message authentication code is complete according to the terminal Sexual protection key generation;

And if the target base station refuses to restore the RRC connection, sending a notification message to the source base station, where the notification message includes the message authentication code.
The method according to claim 5, wherein the notification message is used to notify update of a context of the terminal in the source base station, and the notification message notifies that the updated context of the terminal includes an access layer dense key.
The method according to claim 5 or 6, wherein the message authentication code is generated according to a freshness parameter and an integrity protection key of the terminal, and the notification message is used to notify the update of the source base station. The context of the terminal in the notification message notifying that the updated context of the terminal includes the freshness parameter, wherein the freshness parameter used by the two adjacent generation message authentication codes is different.
A method for requesting a connection to restore, characterized in that it comprises:

The target base station receives a connection recovery request message from the terminal, where the connection recovery request message includes a message authentication code, and the message authentication code is generated according to a freshness parameter and an integrity protection key of the terminal, where two adjacent The freshness parameter used by the secondary generation message authentication code is different, and the connection recovery request message is used to request to restore the radio resource control RRC connection;

And if the target base station restores the RRC connection, sending a context request message to the source base station, where the context request message includes the message authentication code, where the context request message is used to request to acquire a context of the terminal.
A method for requesting a connection to restore, characterized in that it comprises:

The source base station receives a notification message from the target base station, where the notification message includes a message authentication code, and the message authentication code is generated according to the integrity protection key of the terminal;

The source base station verifies the message authentication code according to the integrity protection key of the source base station;

And if the source base station verifies that the message authentication code is correct, updating the context of the terminal in the source base station.
The method according to claim 9, wherein the source base station updates a context of the terminal in the source base station, including:

The source base station updates an access stratum key in the context of the terminal.
The method according to claim 9, wherein the message authentication code is generated according to a freshness parameter and an integrity protection key of the terminal, wherein the message used by the message authentication code is generated twice adjacently Different sex parameters;

The source base station verifies the message authentication code according to the integrity protection key of the source base station, and includes:

The source base station verifies the message authentication code according to the freshness parameter and the integrity protection key of the source base station.
The method according to claim 11, wherein the notification message further comprises an indication parameter, the indication parameter being used to indicate the freshness parameter.
The method according to claim 12, wherein the freshness parameter comprises a packet data convergence protocol count PDCP COUNT, and the source base station updates a context of the terminal in the source base station, including:

If the value of the PDCP COUNT is greater than the value of the PDCP COUNT in the context of the terminal, the source base station updates the value of the PDCP COUNT in the context of the terminal to the value of the PDCP COUNT indicated by the indication parameter.
The method of claim 11 wherein said freshness parameter comprises a number of rejections, said number of rejections being used to indicate a number of times said terminal is rejected when attempting to resume said RRC connection.
A method for requesting a connection to restore, characterized in that it comprises:

The source base station receives a context request message from the target base station, where the context request message includes a message authentication code, and the message authentication code is generated according to a freshness parameter and an integrity protection key of the terminal, where The freshness parameter used to generate the message authentication code is different, and the context request message is used to request to acquire the context of the terminal;

The source base station verifies the message authentication code according to the freshness parameter and the integrity protection key of the source base station;

And if the source base station verifies that the message authentication code is correct, updating a freshness parameter in a context of the terminal, and sending a context response message to the target base station, where the context response message includes a context of the terminal.
A method for requesting a connection to restore, characterized in that it comprises:

The terminal updates the access layer key to obtain an updated access layer key;

The terminal generates an updated integrity protection key according to the updated access layer key;

The terminal generates a message authentication code according to the updated integrity protection key;

The terminal sends a connection recovery request message to the target base station, where the connection recovery request message includes the message authentication code, and the connection recovery request message is used to request to resume the radio resource control RRC connection;

Receiving, by the terminal, a connection recovery reject message from the target base station, where the connection recovery reject message is used to indicate that the terminal is denied to restore the RRC connection;

The terminal restores the access layer key of the terminal to an access layer key before the update.
An apparatus, comprising: a processing unit and a transmitting unit;

The processing unit is configured to generate a message authentication code according to the freshness parameter and the integrity protection key of the device, where the freshness parameter used in generating the message authentication code twice is different;

The sending unit is configured to send a connection recovery request message to the target base station, where the connection recovery request message includes the message authentication code, and the connection recovery request message is used to request to resume the radio resource control RRC connection.
The apparatus of claim 17, wherein the freshness parameter comprises a number of rejections, the number of rejections being used to indicate the number of times the device was rejected when attempting to resume the RRC connection.
The apparatus of claim 17, wherein the connection recovery request message further comprises an indication parameter, the indication parameter being used to indicate the freshness parameter.
The apparatus of claim 19, wherein the freshness parameter comprises a packet data convergence protocol count PDCP COUNT, the indication parameter comprising part or all of the bits of the PDCP COUNT.
A device, comprising: a receiving unit and a transmitting unit;

The receiving unit is configured to receive a connection recovery request message from the terminal, where the connection recovery request message includes a message authentication code, where the connection recovery request message is used to request to restore a radio resource control RRC connection, where the message authentication code is based on The integrity protection key of the terminal is generated;

The sending unit is configured to: if the RRC connection is refused to be restored, send a notification message to the source base station, where the notification message includes the message authentication code.
The apparatus according to claim 21, wherein the notification message is used to notify update of a context of the terminal in the source base station, and the notification message notifies that the updated context of the terminal includes an access layer dense key.
The apparatus according to claim 21 or 22, wherein the message authentication code is generated according to a freshness parameter and an integrity protection key of the terminal, the notification message being used to notify the update of the source base station The context of the terminal in the notification message notifying that the updated context of the terminal includes the freshness parameter, wherein the freshness parameter used by the two adjacent generation message authentication codes is different.
A device, comprising: a receiving unit and a transmitting unit;

The receiving unit is configured to receive a connection recovery request message from the terminal, where the connection recovery request message includes a message authentication code, where the message authentication code is generated according to a freshness parameter and an integrity protection key of the terminal, The freshness parameter used in generating the message authentication code is different, and the connection recovery request message is used to request to resume the radio resource control RRC connection;

The sending unit is configured to: if the RRC connection is restored, send a context request message to the source base station, where the context request message includes the message authentication code, where the context request message is used to request to acquire a context of the terminal.
A device comprising a receiving unit and a processing unit;

The receiving unit is configured to receive a notification message from a target base station, where the notification message includes a message authentication code, and the message authentication code is generated according to an integrity protection key of the terminal;

The processing unit is configured to check the message authentication code according to an integrity protection key of the source base station, and to update the source base station if the message authentication code is correct The context of the terminal.
The apparatus according to claim 25, wherein the processing unit is specifically configured to update an access layer key in a context of the terminal in the source base station.
The apparatus according to claim 25, wherein said message authentication code is generated based on a freshness parameter and an integrity protection key of said terminal, wherein freshly used two adjacent message generation code generation codes are used Different sex parameters;

The processing unit is specifically configured to check the message authentication code according to the freshness parameter and an integrity protection key of the source base station.
The apparatus according to claim 27, wherein the notification message further comprises an indication parameter, the indication parameter being used to indicate the freshness parameter.
The device according to claim 28, wherein the freshness parameter comprises a packet data convergence protocol count PDCP COUNT, and the processing unit is configured to: if the value of the PDCP COUNT is greater than a context of the terminal The value of PDCP COUNT updates the value of PDCP COUNT in the context of the terminal to the value of PDCP COUNT indicated by the indication parameter.
The apparatus of claim 27, wherein the freshness parameter comprises a number of rejections, the number of rejections being used to indicate a number of times the device was rejected when attempting to resume the RRC connection.
An apparatus, comprising: a receiving unit, a transmitting unit, and a processing unit;

The receiving unit is configured to receive a context request message from a target base station, where the context request message includes a message authentication code, where the message authentication code is generated according to the freshness parameter and an integrity protection key of the terminal The freshness parameter used by the neighboring two generation message authentication codes is different, and the context request message is used to request to acquire the context of the terminal;

The processing unit is configured to check the message authentication code according to the freshness parameter and the integrity protection key of the source base station, and to update the location if the message authentication code is verified to be correct a freshness parameter in the context of the terminal;

The sending unit is configured to send a context response message to the target base station, where the context response message includes a context of the terminal.
An apparatus is applied to a terminal, comprising: a receiving unit, a sending unit, and a processing unit;

The processing unit is configured to update an access layer key to obtain an updated access layer key; generate an updated integrity protection key according to the updated access layer key; and, according to the updated Integrity protection key, generating a message authentication code;

The sending unit is configured to send a connection recovery request message to the target base station, where the connection recovery request message includes the message authentication code, where the connection recovery request message is used to request to resume the radio resource control RRC connection;

The receiving unit is configured to receive a connection recovery reject message from the target base station, where the connection recovery reject message is used to indicate that the terminal is denied to restore the RRC connection;

The processing unit is further configured to restore an access layer key of the terminal to an access layer key before the update.
A terminal characterized by comprising the apparatus of any one of claims 17-20 or 32.
A computer storage medium, characterized in that the computer readable storage medium stores instructions that, when run on a computer, cause the computer to perform the method of any of claims 1-16.
An apparatus, comprising: a memory and a processor coupled to the memory;

Program instructions are stored in the memory, and when the processor executes the program instructions, cause the apparatus to perform the method of any of the preceding claims 1-16.
A method for requesting a connection to restore, wherein the method is applied to a scenario in which a terminal is restored from an inactive state to a connected state, including:

The terminal updates the access layer key to obtain an updated access layer key;

Sending, by the terminal, a connection recovery request message to the target base station, where the connection recovery request message is used to request to resume the radio resource control RRC connection;

Receiving, by the terminal, a connection recovery reject message from the target base station, where the connection recovery reject message is used to indicate that the terminal is denied to restore the RRC connection;

Recovering, by the terminal, the updated access layer key to an access layer key before the update; wherein the access layer key before the update is before the terminal enters an inactive state, the terminal The access stratum key used by the base station to which it is connected.
The method according to claim 36, wherein before the terminal sends a connection recovery request message to the target base station, the method further includes:

The terminal generates a message authentication code according to the integrity protection key and the integrity protection algorithm, where the integrity key and the integrity protection algorithm are connected to the terminal before the terminal enters an inactive state. Integrity protection key and integrity protection algorithm used by the base station;

The connection recovery request message further includes the message authentication code.
The method according to claim 36 or 37, wherein the terminal restores the updated access layer key to an access layer key before the update, comprising:

The terminal sets the pre-update security context to the current security context, and the pre-update security includes the pre-update access layer key.
A terminal, comprising: a receiving unit, a sending unit, and a processing unit;

The processing unit is configured to update an access layer key to obtain an updated access layer key;

The sending unit is configured to send a connection recovery request message to the target base station, where the connection recovery request message includes the message authentication code, where the connection recovery request message is used to request to resume the radio resource control RRC connection;

The receiving unit is configured to receive a connection recovery reject message from the target base station, where the connection recovery reject message is used to indicate that the terminal is denied to restore the RRC connection;

The processing unit is further configured to restore the access layer key of the terminal to an access layer key before the update; where the pre-update access layer key is before the terminal enters an inactive state The access layer key used by the terminal and the base station to which the terminal is connected.
The terminal according to claim 39, wherein the processing unit is further configured to generate a message authentication code according to an integrity protection key and an integrity protection algorithm; wherein the integrity key and the complete The integrity protection algorithm is an integrity protection key and an integrity protection algorithm used by the terminal and the base station to which the terminal is connected before the terminal enters an inactive state;

The connection recovery request message further includes the message authentication code.
The terminal according to claim 39 or 40, wherein the processing unit is specifically configured to set a pre-update security context as a current security context, and the pre-update security includes the pre-update connection Incoming layer key.
A computer storage medium, characterized in that the computer readable storage medium stores instructions that, when executed on a computer, cause the computer to perform the method of any one of claims 36-38.
An apparatus, comprising: a memory and a processor coupled to the memory;

Program instructions are stored in the memory, and when the processor executes the program instructions, cause the apparatus to perform the method of any of the preceding claims 36-38.