WO2019096265A1 - Procédé et dispositif de demande de reprise de connexion - Google Patents

Procédé et dispositif de demande de reprise de connexion Download PDF

Info

Publication number
WO2019096265A1
WO2019096265A1 PCT/CN2018/116000 CN2018116000W WO2019096265A1 WO 2019096265 A1 WO2019096265 A1 WO 2019096265A1 CN 2018116000 W CN2018116000 W CN 2018116000W WO 2019096265 A1 WO2019096265 A1 WO 2019096265A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
base station
message
authentication code
context
Prior art date
Application number
PCT/CN2018/116000
Other languages
English (en)
Chinese (zh)
Inventor
胡力
李秉肇
陈璟
耿婷婷
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CN201810149050.4A external-priority patent/CN109803258B/zh
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to ES18879002T priority Critical patent/ES2928106T3/es
Priority to AU2018366755A priority patent/AU2018366755B2/en
Priority to EP18879002.6A priority patent/EP3713271B1/fr
Priority to BR112020009673-3A priority patent/BR112020009673A2/pt
Priority to KR1020207017141A priority patent/KR102354626B1/ko
Priority to RU2020119591A priority patent/RU2772617C2/ru
Priority to EP22186005.9A priority patent/EP4152790A1/fr
Publication of WO2019096265A1 publication Critical patent/WO2019096265A1/fr
Priority to US16/874,117 priority patent/US11627623B2/en
Priority to US18/185,762 priority patent/US20230292388A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]

Definitions

  • the present application relates to the field of mobile communications technologies, and in particular, to a method and apparatus for requesting to restore a connection.
  • the suspend and resume process can be used for narrowband internet of things (NB-IoT) terminals, ie, IoT devices with low mobility or low power consumption.
  • NB-IoT narrowband internet of things
  • IoT devices with low mobility or low power consumption.
  • the terminal and the base station When the base station informs the terminal to release the current connection in a suspended manner, the terminal and the base station delete the context of the part of the access layer, and also retain the context of the part of the access layer, such as the access layer key, the security capability of the terminal, and the current Selected security algorithms, etc.
  • the terminal then enters an inactive state from the connected state. When the terminal wishes to resume the connection with the base station, it can quickly recover from the inactive state to the connected state.
  • the above service flow can be extended to apply the suspend and resume process to an enhanced mobile broadband (eMBB) terminal such as a smart phone.
  • eMBB enhanced mobile broadband
  • the base station to which the terminal is connected may change. Further, when the base station serves the terminal, a scenario of load balancing is considered. For example, when the terminal requests to recover from the inactive state to the connected state, if the load of the base station that the terminal currently wants to access is heavy, the base station will reject the access of the terminal, that is, reject the connection recovery request of the terminal. And notify the terminal to rest for a while before trying to connect.
  • the authentication information sent by the terminal may be acquired by the attacker, and then the attacker uses the obtained authentication information to request the connection to establish a connection. May cause an attack.
  • the present application provides a method and apparatus for requesting a recovery connection to effectively defend against an attacker's attack.
  • the present application provides a method for requesting a connection to restore, comprising: generating, by a terminal, a message authentication code according to a freshness parameter and an integrity protection key of the terminal, where the message authentication code is generated by two adjacent messages.
  • the freshness parameter is different; the terminal sends a connection recovery request message to the target base station, where the connection recovery request message includes the message authentication code, and the connection recovery request message is used to request to resume the radio resource control RRC connection.
  • the attack Since the message authentication code generated by the terminal is different from the message authentication code generated last time, even if the attacker steals the message authentication code used by the terminal last time, due to the "expired" message authentication code used, the attack is Will not be able to attack successfully.
  • the freshness parameter includes a number of rejections, and the number of rejections is used to indicate the number of times the terminal is rejected when attempting to resume the RRC connection.
  • the connection recovery request message further includes an indication parameter, where the indication parameter is used to indicate the freshness parameter.
  • the freshness parameter includes a packet data convergence protocol count PDCP COUNT, the indication parameter including some or all of the bits of the PDCP COUNT.
  • the terminal receives a connection recovery response message from the target base station, where the connection recovery response message is used to instruct the terminal to resume the RRC connection.
  • the present application provides a method for requesting a connection to restore, comprising: receiving, by a target base station, a connection recovery request message from a terminal, where the connection recovery request message includes a message authentication code, and the connection recovery request message is used to request to resume wireless
  • the resource control RRC connection the message authentication code is generated according to the integrity protection key of the terminal; if the target base station refuses to restore the RRC connection, sending a notification message to the source base station, where the notification message includes The message authentication code.
  • the notification message has one or more of the following functions:
  • the notification message is used to notify the update of the context of the terminal in the source base station;
  • the notification message is used to notify the target base station that the terminal is refused to resume the connection;
  • the notification message is used to notify the update of the freshness parameter of the context of the terminal in the source base station;
  • the notification message is used to notify the key of updating the context of the terminal in the source base station.
  • the source base station when the target base station refuses to restore the RRC connection, the source base station is further notified to update the context of the terminal, so that the context between the terminal and the source base station can be kept consistent, which helps reduce the probability of the terminal entering the connected state from the inactive state.
  • the notification message notifies that the updated context of the terminal includes an access layer key.
  • the freshness parameter includes a number of rejections, and the number of rejections is used to indicate the number of times the terminal is rejected when attempting to resume the RRC connection.
  • the message authentication code is generated according to a freshness parameter and an integrity protection key of the terminal, where the notification message notifies that the updated context of the terminal includes the freshness parameter
  • the freshness parameters used to generate the message authentication code two times are different.
  • connection recovery request message further includes an indication parameter
  • the indication parameter is used to indicate the freshness parameter
  • the notification message further includes the indication parameter.
  • the freshness parameter includes a PDCP COUNT
  • the indication parameter including some or all of the bits of the PDCP COUNT.
  • the present application provides a method for requesting a connection to restore, comprising: receiving, by a target base station, a connection recovery request message from a terminal, where the connection recovery request message includes a message authentication code, and the message authentication code is based on a freshness parameter and The integrity protection key of the terminal is generated, wherein the freshness parameter used by the two adjacent generation message authentication codes is different, and the connection recovery request message is used to request to restore the radio resource control RRC connection; the target base station If the RRC connection is restored, the context request message is sent to the source base station, where the context request message includes the message authentication code, and the context request message is used to request to acquire the context of the terminal.
  • the freshness parameter includes a number of rejections, and the number of rejections is used to indicate the number of times the terminal is rejected when attempting to resume the RRC connection.
  • connection recovery request message further includes an indication parameter, where the indication parameter is used to indicate the freshness parameter, and the context request message further includes the indication parameter.
  • the freshness parameter includes a packet data convergence protocol PDCP count COUNT, the indication parameter including some or all of the bits of the PDCP COUNT.
  • the application provides a method for requesting to restore a connection, including: receiving, by a source base station, a notification message from a target base station, where the notification message includes a message authentication code, and the message authentication code is based on integrity protection of the terminal. Key generated
  • the source base station verifies the message authentication code according to the integrity protection key of the source base station
  • the source base station when the target base station refuses to restore the RRC connection, the source base station is further notified to update the context of the terminal, so that the source base station updates the context of the terminal, so that the source base station remains consistent with the context of the terminal, which helps to reduce the terminal from entering the inactive state.
  • the probability of failure of the connected state when the target base station refuses to restore the RRC connection, the source base station is further notified to update the context of the terminal, so that the source base station updates the context of the terminal, so that the source base station remains consistent with the context of the terminal, which helps to reduce the terminal from entering the inactive state. The probability of failure of the connected state.
  • the notification message has one or more of the following functions:
  • the notification message is used to notify the update of the context of the terminal in the source base station;
  • the notification message is used to notify the target base station that the terminal is refused to resume the connection;
  • the notification message is used to notify the update of the freshness parameter of the context of the terminal in the source base station;
  • the notification message is used to notify the key of updating the context of the terminal in the source base station.
  • the freshness parameter includes a number of rejections, and the number of rejections is used to indicate the number of times the terminal is rejected when attempting to resume the RRC connection.
  • the source base station updates a context of the terminal in the source base station, including: the source base station increments a number of rejections of a context of the terminal by one.
  • the source base station updates a context of the terminal in the source base station, where the source base station updates an access layer key in a context of the terminal.
  • the message authentication code is generated according to a freshness parameter and an integrity protection key of the terminal, where a freshness parameter used by generating a message authentication code twice is different; And verifying, by the source base station, the message authentication code according to the integrity protection key of the source base station, where the source base station performs verification according to the freshness parameter and the integrity protection key of the source base station.
  • the message authentication code is generated according to a freshness parameter and an integrity protection key of the terminal, where a freshness parameter used by generating a message authentication code twice is different; And verifying, by the source base station, the message authentication code according to the integrity protection key of the source base station, where the source base station performs verification according to the freshness parameter and the integrity protection key of the source base station.
  • the notification message further includes an indication parameter, where the indication parameter is used to indicate the freshness parameter.
  • the freshness parameter includes a packet data convergence protocol count PDCP COUNT
  • the source base station updates a context of the terminal in the source base station, including: if the value of the PDCP COUNT is greater than the terminal The value of the PDCP COUNT in the context, the source base station updates the value of the PDCP COUNT in the context of the terminal to the value of the PDCP COUNT indicated by the indication parameter.
  • the application provides a method for requesting a connection to restore, comprising: receiving, by a source base station, a context request message from a target base station, where the context request message includes a message authentication code, and the message authentication code is according to the freshness parameter And the freshness protection key generated by the integrity protection key of the terminal, where the freshness parameter used in generating the message authentication code is different, the context request message is used to request to acquire the context of the terminal; And verifying the message authentication code according to the freshness parameter and the integrity protection key of the source base station; if the source base station verifies that the message authentication code is correct, updating the freshness in the context of the terminal And a context response message to the target base station, the context response message including a context of the terminal.
  • the freshness parameter includes a number of rejections, where the number of rejections is used to indicate a number of times the terminal attempts to recover the RRC connection, and the source base station updates the source base station according to the source station.
  • the context of the terminal in the method includes: the source base station resetting the number of rejections in the context of the terminal to zero.
  • the context request message further includes an indication parameter, where the indication parameter is used to indicate the freshness parameter, the freshness parameter includes a PDCP COUNT; and the source base station updates the source base station
  • the context of the terminal in the method includes: if the value of the PDCP COUNT is greater than the value of the PDCP COUNT in the context of the terminal, the source base station updates the value of the PDCP COUNT in the context of the terminal to The value of the PDCP COUNT indicated by the indication parameter.
  • the indication parameter includes a partial bit of the PDCP COUNT; the source base station determines the PDCP COUNT indicated by the indication parameter according to the indication parameter.
  • the present application provides a device, which may be a terminal or a chip in a terminal.
  • the device has the functionality to implement the various embodiments of the first aspect described above. This function can be implemented in hardware or in hardware by executing the corresponding software.
  • the hardware or software includes one or more modules corresponding to the functions described above.
  • the terminal when the device is a terminal, the terminal includes: a transmitting unit and a processing unit, and optionally, a receiving unit.
  • the processing unit may for example be a processor, which may for example be a receiver, a transmitting unit, for example a transmitter.
  • the receiver and transmitter include radio frequency circuits.
  • the terminal further comprises a storage unit, which may be, for example, a memory.
  • the storage unit stores a computer execution instruction
  • the processing unit is connected to the storage unit, and the processing unit executes a computer execution instruction stored by the storage unit, so that the terminal performs the request to restore the connection according to any one of the foregoing first aspects.
  • the chip when the device is a chip in the terminal, the chip includes: a transmitting unit and a processing unit, and optionally, a receiving unit.
  • the processing unit can be, for example, a processing circuit, which can be, for example, an input interface, a pin or a circuit, etc.
  • the transmitting unit can be, for example, an output interface, a pin or a circuit.
  • the processing unit may execute a computer-executed instruction stored by the storage unit to cause the method of restoring the connection of any of the above-described first aspects to be performed.
  • the storage unit may be a storage unit in the chip, such as a register, a cache, etc., and the storage unit may also be a storage unit located outside the chip in the terminal, such as a read-only memory (ROM), and may be stored.
  • ROM read-only memory
  • RAM random access memory
  • the processor mentioned in any of the above may be a general-purpose central processing unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more A program-implemented integrated circuit for controlling a method of requesting a resume connection of any of the above first aspects.
  • CPU central processing unit
  • ASIC application-specific integrated circuit
  • the application provides a device, which may be a target base station or a chip in a target base station.
  • the device has the functionality to implement the various embodiments of the second aspect described above. This function can be implemented in hardware or in hardware by executing the corresponding software.
  • the hardware or software includes one or more modules corresponding to the functions described above.
  • the base station when the device is a target base station, the base station includes: a receiving unit and a sending unit, and optionally, a processing unit.
  • the processing unit may for example be a processor, which may for example be a receiver, a transmitting unit, for example a transmitter.
  • the receiver and transmitter include radio frequency circuits.
  • the base station further comprises a storage unit, which may be, for example, a memory.
  • the storage unit stores a computer execution instruction
  • the processing unit is coupled to the storage unit, and the processing unit executes a computer execution instruction stored by the storage unit to cause the base station to perform the request to restore the connection according to any one of the foregoing second aspects.
  • the chip when the device is a chip in a target base station, the chip includes: a receiving unit and a transmitting unit, and optionally, a processing unit.
  • the processing unit can be, for example, a processing circuit, which can be, for example, an input interface, a pin or a circuit, etc.
  • the transmitting unit can be, for example, an output interface, a pin or a circuit.
  • the processing unit may execute a computer-executed instruction stored by the storage unit to cause the method of restoring the connection of any of the above-described second aspects to be performed.
  • the storage unit may be a storage unit in the chip, such as a register, a cache, etc., and the storage unit may also be a storage unit located outside the chip in the terminal, such as a ROM only, other types of statics that can store static information and instructions.
  • Storage device RAM, etc.
  • the processor mentioned in any of the above may be a general-purpose CPU, a microprocessor, an ASIC, or a program executed by one or more methods for controlling the connection recovery request of any of the above second aspects. integrated circuit.
  • the present application provides an apparatus, which may be a target base station or a chip in a target base station.
  • the device has the functionality to implement the various embodiments of the third aspect described above. This function can be implemented in hardware or in hardware by executing the corresponding software.
  • the hardware or software includes one or more modules corresponding to the functions described above.
  • the base station when the device is a target base station, the base station includes: a receiving unit and a sending unit, and optionally, a processing unit.
  • the processing unit may for example be a processor, which may for example be a receiver, a transmitting unit, for example a transmitter.
  • the receiver and transmitter include radio frequency circuits.
  • the base station further comprises a storage unit, which may be, for example, a memory.
  • the storage unit stores a computer execution instruction
  • the processing unit is connected to the storage unit, and the processing unit executes a computer execution instruction stored by the storage unit, so that the base station performs the request to restore the connection according to any one of the foregoing third aspects.
  • the chip when the device is a chip in a target base station, the chip includes: a receiving unit and a transmitting unit, and optionally, a processing unit.
  • the processing unit can be, for example, a processing circuit, which can be, for example, an input interface, a pin or a circuit, etc.
  • the transmitting unit can be, for example, an output interface, a pin or a circuit.
  • the processing unit may execute a computer-executed instruction stored by the storage unit to cause the method of restoring the connection of any of the above-described third aspects to be performed.
  • the storage unit may be a storage unit in the chip, such as a register, a cache, etc., and the storage unit may also be a storage unit located outside the chip in the terminal, such as a ROM only, other types of statics that can store static information and instructions.
  • Storage device RAM, etc.
  • the processor mentioned in any of the above may be a general-purpose CPU, a microprocessor, an ASIC, or a program executed by one or more methods for controlling the connection recovery request of any of the above third aspects. integrated circuit.
  • the present application provides an apparatus, which may be a source base station or a chip in a source base station.
  • the device has the functionality to implement the various embodiments of the fourth aspect described above. This function can be implemented in hardware or in hardware by executing the corresponding software.
  • the hardware or software includes one or more modules corresponding to the functions described above.
  • the base station when the device is a source base station, the base station includes: a receiving unit and a transmitting unit, and optionally, a processing unit.
  • the processing unit may for example be a processor, which may for example be a receiver, a transmitting unit, for example a transmitter.
  • the receiver and transmitter include radio frequency circuits.
  • the base station further comprises a storage unit, which may be, for example, a memory.
  • the storage unit stores a computer execution instruction
  • the processing unit is coupled to the storage unit, and the processing unit executes a computer execution instruction stored by the storage unit to cause the base station to perform the request to restore the connection according to any one of the foregoing fourth aspects.
  • the chip when the device is a chip in a source base station, the chip includes: a receiving unit and a transmitting unit, and optionally, a processing unit.
  • the processing unit can be, for example, a processing circuit, which can be, for example, an input interface, a pin or a circuit, etc.
  • the transmitting unit can be, for example, an output interface, a pin or a circuit.
  • the processing unit may execute a computer-executed instruction stored by the storage unit to cause the method of requesting to restore the connection of any of the above fourth aspects to be performed.
  • the storage unit may be a storage unit in the chip, such as a register, a cache, etc., and the storage unit may also be a storage unit located outside the chip in the terminal, such as a ROM only, other types of statics that can store static information and instructions.
  • Storage device RAM, etc.
  • the processor mentioned in any of the above may be a general-purpose CPU, a microprocessor, an ASIC, or a program executed by one or more methods for controlling a connection recovery connection according to any of the above fourth aspects. integrated circuit.
  • the application provides a device, which may be a source base station or a chip in a source base station.
  • the device has the functionality to implement the various embodiments of the fifth aspect described above.
  • This function can be implemented in hardware or in hardware by executing the corresponding software.
  • the hardware or software includes one or more modules corresponding to the functions described above.
  • the base station when the device is a source base station, the base station includes: a receiving unit and a transmitting unit, and optionally, a processing unit.
  • the processing unit may for example be a processor, which may for example be a receiver, a transmitting unit, for example a transmitter.
  • the receiver and transmitter include radio frequency circuits.
  • the base station further comprises a storage unit, which may be, for example, a memory.
  • the storage unit stores a computer execution instruction
  • the processing unit is connected to the storage unit, and the processing unit executes a computer execution instruction stored by the storage unit, so that the base station performs the request to restore the connection according to any one of the foregoing fifth aspects.
  • the chip when the device is a chip in a source base station, the chip includes: a receiving unit and a transmitting unit, and optionally, a processing unit.
  • the processing unit can be, for example, a processing circuit, which can be, for example, an input interface, a pin or a circuit, etc.
  • the transmitting unit can be, for example, an output interface, a pin or a circuit.
  • the processing unit may execute a computer execution instruction stored by the storage unit to cause the method of requesting to restore the connection of any of the above fifth aspects to be performed.
  • the storage unit may be a storage unit in the chip, such as a register, a cache, etc., and the storage unit may also be a storage unit located outside the chip in the terminal, such as a ROM only, other types of statics that can store static information and instructions.
  • Storage device RAM, etc.
  • the processor mentioned in any of the above may be a general-purpose CPU, a microprocessor, an ASIC, or a program executed by one or more methods for controlling a connection recovery connection according to any of the above fifth aspects. integrated circuit.
  • the present application further provides a computer readable storage medium having instructions stored therein that, when executed on a computer, cause the computer to perform the methods described in the above aspects.
  • the present application also provides a computer program product comprising instructions which, when run on a computer, cause the computer to perform the methods described in the above aspects.
  • the present application provides a communication system, the system comprising the device of the sixth aspect, the device of the seventh aspect, and the device of the ninth aspect, or the system includes the sixth aspect
  • the system includes the apparatus of the sixth aspect, the apparatus of the eighth aspect, and the apparatus of the tenth aspect.
  • the present application further provides a method for requesting to restore a connection, comprising: updating a access layer key by a terminal to obtain an updated access layer key; and generating, by the terminal, an update according to the updated access layer key a security integrity key; the terminal generates a message authentication code according to the updated integrity protection key; the terminal sends a connection recovery request message to the target base station, where the connection recovery request message includes the message authentication code, the connection And the recovery request message is used to request to resume the radio resource control RRC connection; the terminal receives a connection recovery reject message from the target base station, where the connection recovery reject message is used to indicate that the terminal is denied to restore the RRC connection; The access layer key is restored to the access layer key before the update.
  • the terminal has updated the access layer key.
  • the terminal may use the method of backing off the key by the terminal.
  • the access layer key is restored to the access layer key before the update. Therefore, the purpose of maintaining the same key between the terminal and the source base station is also achieved, and the problem that the terminal cannot be restored due to the key synchronization between the terminal and the source base station can be effectively solved.
  • the application provides a device, which may be a terminal or a chip in the terminal.
  • the device has the function of implementing the embodiment of the fourteenth aspect described above. This function can be implemented in hardware or in hardware by executing the corresponding software.
  • the hardware or software includes one or more modules corresponding to the functions described above.
  • the terminal when the device is a terminal, the terminal includes: a transmitting unit, a receiving unit, and a processing unit.
  • the processing unit may for example be a processor, which may for example be a receiver, a transmitting unit, for example a transmitter.
  • the receiver and transmitter include radio frequency circuits.
  • the terminal further comprises a storage unit, which may be, for example, a memory.
  • the storage unit stores a computer execution instruction
  • the processing unit is connected to the storage unit, and the processing unit executes a computer execution instruction stored by the storage unit, so that the terminal performs the request for restoring the connection according to the fourteenth aspect. .
  • the chip when the device is a chip in the terminal, the chip includes: a transmitting unit, a receiving unit, and a processing unit.
  • the processing unit can be, for example, a processing circuit, which can be, for example, an input interface, a pin or a circuit, etc.
  • the transmitting unit can be, for example, an output interface, a pin or a circuit.
  • the processing unit may execute a computer-executed instruction stored by the storage unit to cause the method of the above-described fourteenth aspect to request a connection to be restored.
  • the storage unit may be a storage unit in the chip, such as a register, a cache, etc., and the storage unit may also be a storage unit located outside the chip in the terminal, such as a ROM, other types of static storage that can store static information and instructions. Equipment, RAM, etc.
  • the processor mentioned in any of the above may be a general-purpose CPU, a microprocessor, an ASIC, or an integrated circuit of one or more programs for controlling the method for requesting the restoration of the connection in the above fourteenth aspect. .
  • FIG. 1 is a schematic diagram of a possible network architecture provided by the present application
  • FIG. 2 is a schematic diagram of a process for a terminal to enter an inactive state from a connected state according to the present application
  • FIG. 3 is a flowchart of a method for requesting a recovery connection according to the present application.
  • FIG. 5 is a flowchart of another method for requesting a recovery connection according to the present application.
  • FIG. 6 is a flowchart of another method for requesting a recovery connection according to the present application.
  • FIG. 7 is a flowchart of another method for requesting to restore a connection provided by the present application.
  • Figure 8 is a schematic diagram of a device provided by the present application.
  • Figure 9 is a schematic view of another apparatus provided by the present application.
  • Figure 10 is a schematic view of another apparatus provided by the present application.
  • FIG. 11 is a schematic diagram of another apparatus provided by the present application.
  • the method of requesting to restore the connection of the present application may be performed by a device.
  • the device may include a device on the network side and/or a device on the terminal side.
  • the device On the network side, the device may be a chip in the base station or the base station, that is, the method of requesting to restore the connection may be performed by the chip in the base station or the base station;
  • the device on the terminal side, the device may be a chip in the terminal or the terminal, that is, The method of requesting to restore a connection of the present application can be performed by a chip in a terminal or a terminal.
  • the present application uses a device as a base station or a terminal as an example to describe a method for requesting to restore a connection.
  • a device is a chip in a base station or a chip in a terminal
  • the connection may be restored by referring to the request of the base station or the terminal. The specific description of the method is not repeated.
  • FIG. 1 is a schematic diagram of a possible network architecture of the present application. It includes a terminal, a source base station, and a target base station.
  • the terminal communicates with the source base station and the target base station through a wireless interface.
  • the source base station and the target base station can communicate through a wired connection, such as through an X2 interface, an Xn interface, or can communicate through an air interface.
  • the terminal may move from the source base station to the target base station due to the movement of the terminal or the like.
  • the source base station is a base station that the terminal accesses first
  • the target base station is a base station that is accessed after the terminal moves.
  • the terminal is a device with wireless transceiver function, which can be deployed on land, indoors or outdoors, handheld or on-board; it can also be deployed on the water surface (such as ships); it can also be deployed in the air (such as airplanes, balloons). And satellites, etc.).
  • the terminal may be a mobile phone, a tablet, a computer with wireless transceiver function, a virtual reality (VR) terminal, an augmented reality (AR) terminal, industrial control (industrial control) Wireless terminal, wireless terminal in self driving, wireless terminal in remote medical, wireless terminal in smart grid, wireless terminal in transportation safety, A wireless terminal in a smart city, a wireless terminal in a smart home, and the like.
  • a base station is a device that provides wireless communication functions for a terminal, including but not limited to: a next-generation base station (g nodeB, gNB), an evolved node B (eNB), and a radio network controller (radio) in 5G.
  • Network controller g nodeB, gNB
  • eNB evolved node B
  • RNC Radio network controller
  • NB node B
  • BSC base station controller
  • BTS base transceiver station
  • home base station for example, home evolved node B, or home node B
  • HNB BaseBand Unit
  • TRP transmission and receiving point
  • TP transmitting point
  • mobile switching center etc.
  • the terminal generally has three states, that is, a connected state, an idle state, and an inactive state.
  • the terminal when the terminal is in the connected state, the terminal is in a normal working state.
  • User data can be sent and received between the network side and the terminal.
  • the terminal and the base station When the terminal enters the idle state from the connected state, the terminal and the base station generally delete all the access stratum (AS) contexts of the terminal.
  • AS access stratum
  • the terminal and the base station when the network side releases the connection of the terminal by the suspend reason, the terminal also enters the idle state from the connected state, but at this time, the terminal and the base station delete part of the AS context, and retain A partial AS context, for example, may retain an access layer key (which may be referred to as KeNB in 4G), a security capability of the terminal, and a security algorithm (including an integrity protection algorithm and an encryption algorithm) for communication between the terminal and the source base station to which the terminal accesses. .
  • the security capability of the terminal refers to the security algorithm supported by the terminal, including the supported encryption algorithm and the supported integrity protection algorithm.
  • the special idle state in which the terminal is located may be referred to as a suspended state.
  • an inactive state is introduced.
  • the base station suspends the terminal.
  • the terminal and the base station delete part of the AS context, and reserve part of the AS context, for example, the access layer may be reserved.
  • the key (which can be called KgNB in 5G), the security capability of the terminal, and the security algorithm (including integrity protection algorithm and encryption algorithm) for communication between the terminal and the source base station accessed by the terminal.
  • the security capability of the terminal refers to the security algorithm supported by the terminal, including the supported encryption algorithm and the supported integrity protection algorithm.
  • the subsequent unification of the suspended state defined in 4G and the inactive state defined in 5G is called inactive state.
  • the base station connected to the terminal and the terminal before the terminal enters the inactive state will save part of the AS context. For details, refer to the foregoing description.
  • the terminal When the terminal is in an inactive state, since part of the AS context is reserved on the terminal, the terminal enters the connected state from the inactive state more quickly than when the terminal enters the connected state from the idle state.
  • the terminal when the terminal returns from the inactive state to the connected state, the terminal may need to replace the base station. That is, the terminal first establishes a connection with the source base station, and then the terminal enters an inactive state at the source base station for some reason, such as network side notification.
  • the terminal wishes to return to the connected state, if the terminal has moved to the coverage of the target base station, the terminal will resume from the inactive state to the connected state at the target base station.
  • the present application is also applicable to the scenario in which the target base station and the source base station are the same when the terminal is restored from the inactive state to the connected state, that is, the base station accessed by the terminal may not change, and is still the same base station.
  • a schematic diagram of a process for a terminal provided in the present application to enter an inactive state from a connected state includes the following steps:
  • Step 201 The base station determines to suspend a radio resource control (RRC) connection of the terminal.
  • RRC radio resource control
  • the base station when the base station does not receive the data sent by the terminal within a certain period of time, it decides to suspend the terminal.
  • Step 202 The base station sends a suspension message to the terminal.
  • the suspend message is used to notify the terminal to release the RRC connection and enter an inactive state.
  • the suspend message may be, for example, an RRC Connection Release message with a special indication.
  • the suspended message may carry the following parameters: a recovery identifier.
  • the suspended message may also carry a next hop chaining counter (NCC) or the like.
  • NCC next hop chaining counter
  • the recovery identifier is a parameter that is required for the terminal to enter the connection state from the inactive state.
  • the recovery identifier may include the identifier of the source base station, the identifier of the terminal, and the like. Specifically, the recovery identifier may be ResumeID, and the inactive state-cell wireless network temporarily Identification (INACTIVE-cell radio network temporary identifier, I-RNTI).
  • the NCC is an optional parameter, and the NCC may also be a parameter required when the terminal subsequently enters the connected state from the inactive state. If the suspended message carries the NCC, the access layer key used by the subsequent terminal and the base station will be updated.
  • the NCC is a parameter required to generate a new access layer key, ie the NCC can be used to generate a new access stratum key (this application uses KgNB* to represent the new access stratum key). If the suspended message does not carry the NCC, the access layer key used by the subsequent terminal and the base station will not be updated, that is, it will remain unchanged.
  • the suspend message may also carry a cause parameter releaseCause, and the releaseCause is used to notify the terminal to perform the suspend operation and enter the inactive state.
  • releaseCause can be set to "RRC Suspend” or "RRC Inactive”.
  • the terminal obtains the releaseCause parameter and determines that the releaseCause value is "RRC Suspend” or "RRC Inactive"
  • the terminal suspends the related operation.
  • the base station may further notify the control plane network element of the core network to release the bearer, for example, release a signaling radio bearer (SRB) or a data radio bearer (DRB).
  • SRB signaling radio bearer
  • DRB data radio bearer
  • Step 203 The terminal enters an inactive state.
  • the terminal saves the deleted part of the AS context and retains part of the AS context.
  • the reserved part of the AS context includes an access layer key, a security capability of the terminal, an integrity protection algorithm and an encryption algorithm for communication between the terminal and the source base station to which the terminal accesses.
  • the terminal also saves the recovery identifier sent by the base station.
  • the terminal also saves parameters such as NCC.
  • the terminal suspends the bearer, for example, suspending the signaling radio bearer, the data radio bearer, and then entering the inactive state.
  • the terminal From the process in which the terminal enters the inactive state from the connected state, it can be seen that after the terminal enters the inactive state, the terminal saves part of the AS context and parameters received from the base station, and thus, when the terminal wishes to recover from the inactive state to the connection. In the state, these parameters will help the terminal to quickly recover from the inactive state to the connected state.
  • the base station accessed by the terminal may also be referred to as a source base station accessed by the terminal.
  • the base station that the terminal requests to access may be the source base station or other base stations, which may be referred to as the target base station.
  • the following describes several methods for introducing a request to restore a connection in a base station rejection scenario. That is, the terminal requests to recover from the inactive state to the connected state, and the terminal requests to resume from the inactive state to the connected state under the target base station.
  • the target base station and the source base station may be different base stations, or may be the same base station.
  • the following is an example in which the target base station and the source base station are different base stations. In the case where the target base station and the source base station are the same base station, only the interaction between the source base station and the target base station needs to be omitted.
  • a method for requesting a recovery connection includes the following steps:
  • Step 301 The terminal generates a message authentication code (MAC).
  • MAC message authentication code
  • the message authentication code is used to authenticate the legitimacy of the terminal.
  • the message authentication code has at least two generation modes:
  • Manner 1 Generate a message authentication code according to the integrity protection algorithm of the terminal and the integrity protection key of the terminal, where the integrity protection key is the same as the integrity protection key used in the previous restoration.
  • the integrity protection key used by the terminal each time the message authentication code is generated is the same as the integrity protection key used in the previous restoration, and accordingly, the integrity protection key of the terminal stored in the source base station It is also the same as the integrity protection key used in the previous recovery.
  • the Krrc-int is used to represent the integrity protection key of the terminal. If the other parameters of the message authentication code are the same, the message authentication code generated by the terminal is the same every time, that is, according to the completeness of the Krrc-int and the terminal. Sex protection algorithm generation.
  • the Krrc-int is generated by the terminal according to the access layer key, the identifier of the integrity protection algorithm of the terminal, and the type of the integrity protection algorithm of the terminal. Therefore, in the first method, the integrity protection key Krrc-int of the terminal is the same as the integrity protection key used in the previous recovery, and can also be understood as the access layer key of the terminal and the last recovery used.
  • the access layer keys are the same.
  • the access layer key KgNB used by the terminal to generate the message authentication code remains the same as the access layer key used in the previous restoration.
  • Manner 2 Generate a message authentication code according to the integrity protection algorithm of the terminal and the integrity protection key of the terminal, where the integrity protection key is regenerated.
  • the integrity protection key used by the terminal each time the message authentication code is generated is regenerated, and is different from the integrity protection key used by the terminal last time.
  • the terminal will need to regenerate and use the new integrity protection key, for example using Krrc-int* to indicate the new integrity protection key.
  • the terminal may generate a new integrity protection key Krrc-int* by using the following method: the terminal generates a new access layer key, and then uses the new access layer key, the terminal integrity protection algorithm.
  • the type of identity and the integrity protection algorithm of the terminal generate Krrc-int*.
  • KgNB is used to indicate the current access layer key of the terminal
  • KgNB* is used to represent the new access layer key.
  • the terminal is based on the KgNB*, the identifier of the integrity protection algorithm of the terminal, and the terminal.
  • the type of integrity protection algorithm generates Krrc-int*, and then uses Krrc-int* and the terminal integrity protection algorithm to generate the message authentication code.
  • the resulting message authentication code has changed. That is, each time the terminal needs to use the message authentication code, the generated message authentication code is different from the message authentication code generated last time.
  • Step A1 The terminal acquires the first NCC and the second NCC.
  • the first NCC refers to the NCC that is sent by the source base station to the terminal and saved by the terminal in the suspending process. For details, refer to step 202 above.
  • the second NCC refers to the NCC saved by the terminal before the first NCC is obtained.
  • Step A2 The terminal determines whether the first NCC is the same as the second NCC. If they are the same, step A3 is performed; if not, step A4 is performed.
  • Step A3 The terminal obtains KgNB* according to KgNB.
  • KgNB* refers to the new access layer key (new KgNB), which may also be referred to as the updated access layer key (updated KgNB).
  • KgNB, KgNB* is just a symbolic representation.
  • the access layer key can be represented by KeNB, KeNB*.
  • the different manifestations used in the symbols themselves are not intended to limit the application.
  • the terminal may be based on KgNB, a target physical cell identifier (PCI), and an absolute radio frequency channel number-down link (ARFCN-). DL), get KgNB*.
  • PCI target physical cell identifier
  • ARFCN- absolute radio frequency channel number-down link
  • KgNB* for the prior art, reference may be made to related documents, for example, reference can be made to the 3rd generation partnership project (3GPP) technical specification (technical) Specification, TS) 33.401 or related description in 3GPP TS 33.501, which is not described here.
  • 3GPP 3rd generation partnership project
  • Step A4 The terminal obtains a next hop (NH) according to the first NCC and the second NCC, and obtains KgNB* according to the NH.
  • NH next hop
  • NH is associated with the first NCC and the second NCC.
  • the terminal can determine the number N of the derived NH according to the first NCC and the second NCC, and then derive the next NH according to the current NH, and obtain another NH by using the next NH, and repeat until the N is derived to obtain the final NH.
  • the terminal may obtain KgNB* according to NH, target PCI, and ARFCN-DL.
  • the terminal may use the integrity protection key, the source PCI, the source cell radio network temporary identifier (C-RNTI), and the target.
  • the cell identifier and the recovery constant generate a message authentication code.
  • the main difference between the first mode and the second mode is that, in the first mode, each time the terminal uses the message authentication code, the generated message authentication code is the same as the message authentication code generated last time, that is, the message authentication code. In the second mode, each time the terminal uses the message authentication code, the generated message authentication code is different from the message authentication code generated last time, that is, the message authentication code remains updated.
  • Step 302 The terminal sends a connection recovery request message to the target base station, and the target base station receives a connection recovery request message from the terminal.
  • a connection recovery request message sent by the terminal used to request to resume the RRC connection. That is, the terminal requests to return from the inactive state to the connected state.
  • connection recovery request message carries a recovery identifier.
  • the recovery identifier is sent by the source base station to the terminal when the terminal enters the inactive state from the connected state. For example, reference may be made to the related description of step 202 above, and details are not described herein again.
  • connection recovery request message further carries the message authentication code generated in step 301 above.
  • Step 303 The target base station determines whether to approve the recovery request of the terminal.
  • the target base station determines whether the terminal can be accessed based on the load capability.
  • the target base station may reject the recovery request of the terminal, that is, reject the terminal from accessing the target base station. At this time, step 304 is performed.
  • the target base station is not heavily loaded and can access the terminal, and the target base station can agree to the terminal's recovery request, that is, the terminal is allowed to access the target base station.
  • step 305-step 308 is performed.
  • Step 304 The target base station sends a connection recovery reject message to the terminal, and the terminal receives a connection recovery reject message from the target base station.
  • connection recovery reject message is used to indicate that the terminal is denied the RRC connection.
  • connection recovery refusal message may be carried with a wait timer, where the information of the wait timer is used to reject the terminal access time, and may also be used to indicate that the terminal requests the recovery again.
  • the minimum length of time that an RRC connection needs to wait For example, if it waits for 30 minutes indicated by the timer information, it is used to instruct the terminal to wait at least 30 minutes before the connection recovery request can be re-initiated. That is, the operations of steps 301 and 302 are re-executed, and the next connection recovery request flow is entered.
  • Step 305 The target base station sends a context request message to the source base station, where the source base station receives a context request message from the target base station.
  • the context request message is used to request the context of the terminal.
  • the recovery identifier is obtained from the connection recovery request message, and according to the identifier of the source base station in the recovery identifier, it is determined that the terminal is connected to the source base station before, Sending a context request message to the source base station, where the context request message is used to request the acquisition of the context of the terminal, where the context request message carries the recovery identifier and the message authentication code.
  • the source base station After receiving the context request message, the source base station obtains the recovery identifier, and obtains the access layer context of the terminal according to the identifier of the terminal in the recovery identifier, including the security capability of the terminal.
  • the obtained access layer context of the terminal further includes information such as an encryption algorithm and an integrity protection algorithm negotiated between the terminal and the source base station.
  • Step 306 The source base station acquires the context of the terminal if the verification message authentication code is correct.
  • the method for the source base station to verify the message authentication code corresponds to the method for the terminal to generate the message authentication code.
  • the source base station checks the message authentication code in the following manner: the source base station acquires an integrity protection algorithm in the context of the terminal (which may also be referred to as an integrity protection algorithm of the source base station) and The access layer key is then derived according to the key of the access layer, and the integrity protection key (which may also be referred to as the integrity protection key of the source base station) is derived, or the source base station acquires the integrity in the context of the terminal.
  • an integrity protection algorithm in the context of the terminal which may also be referred to as an integrity protection algorithm of the source base station
  • the access layer key is then derived according to the key of the access layer, and the integrity protection key (which may also be referred to as the integrity protection key of the source base station) is derived, or the source base station acquires the integrity in the context of the terminal.
  • a protection algorithm (which may also be referred to as an integrity protection algorithm of the source base station) and an integrity protection key (which may also be referred to as an integrity protection key of the source base station), and then according to the integrity protection algorithm of the source base station and the integrity of the source base station
  • the protection key is generated, and the message authentication code is generated and compared with the message authentication code in the context request message. If they are the same, the verification is correct. If it is different, the verification fails.
  • the source base station checks the message authentication code by: the source base station determines whether the next hop NH has been used, and if not, the source base station obtains new access according to the NH.
  • the layer key KgNB* if used, the source base station obtains a new access layer key KgNB* according to the current access layer key KgNB of the terminal.
  • Krrc-int* is generated according to the KgNB*, the identity of the integrity protection algorithm of the source base station, and the type of the integrity protection algorithm of the source base station, and then the integrity protection of the source base station is performed using the Krrc-int* and the source base station.
  • the algorithm generates a message authentication code and compares it with the message authentication code in the context request message. If they are the same, the verification is correct. If it is different, the verification fails.
  • the source base station may further generate a message authentication code according to the integrity protection key, the source PCI, the source cell radio network temporary identifier (C-RNTI), the target cell identifier, and the recovery constant.
  • C-RNTI source cell radio network temporary identifier
  • Step 307 The source base station sends a context response message to the target base station if the verification message authentication code is correct.
  • the context response message may include a context of the terminal, for example, an integrity protection algorithm of the source base station, and an integrity protection key of the source base station.
  • a context of the terminal for example, an integrity protection algorithm of the source base station, and an integrity protection key of the source base station.
  • the generated KgNB* is also included.
  • Step 308 The target base station sends a connection recovery response message to the terminal, where the terminal receives a connection recovery response message from the target base station.
  • connection recovery response message is used to instruct the terminal to resume the RRC connection.
  • the connection recovery response message may be integrity protected and encrypted by the target base station according to the integrity protection algorithm of the source base station and the integrity protection key and the encryption key generated by the KgNB*.
  • the KgNB* used by the target base station may be from the source base station.
  • step 308 the subsequent process of the terminal from the inactive state to the connected state is further included.
  • the subsequent process of the terminal from the inactive state to the connected state is further included.
  • the message authentication code is generated in the first step 301, that is, the message authentication code generated by the terminal is the same each time.
  • the terminal sends the connection recovery request message to the target base station for the first time
  • the target base station rejects the connection recovery request of the terminal
  • the attacker may steal the first connection of the terminal before the next (ie, second) transmission of the connection recovery request message.
  • the message authentication code carried in the connection recovery request message is sent, and then the attacker masquerades as a terminal, and sends a connection recovery request message to the target base station, where the connection recovery request message carries the message authentication code stolen by the attacker.
  • step 305-step 308 is performed, so that the source base station verifies that the message authentication code is correct, and then carries the context of the terminal in the context response message and sends the message to the target base station, and the source base station The context of the terminal is deleted. Further, when the terminal resends the connection recovery request message to the target base station for the second time, the source base station has deleted the context of the terminal, and the terminal cannot pass the authentication, so the terminal cannot enter the connected state from the inactive state.
  • the target base station rejects the attacker's connection recovery request, but the attacker can continuously attack until the target base station agrees to the attacker's connection recovery request. Therefore, in the first method, the above-mentioned vulnerable problem exists, and the terminal may not be able to enter the connected state from the inactive state.
  • the message authentication code generated by the terminal is different each time.
  • the terminal sends a connection recovery request message to the target base station for the first time
  • the target base station rejects the connection recovery request of the terminal
  • the access layer key stored on the terminal has been updated to KgNB*.
  • the target base station does not notify the source base station that the key has been updated, the access layer key stored on the source base station is still the original access layer key KgNB.
  • the terminal sends the connection recovery request message to the target base station for the second time
  • the access layer key stored on the terminal is KgNB*
  • the connection is stored on the source base station.
  • the inbound key is KgNB
  • the source base station fails to check the authentication code of the message sent by the terminal.
  • the terminal cannot enter the connected state from the inactive state. Therefore, there is also a problem that the second mode may not be able to enter the connected state from the inactive state.
  • the present application will propose the following solutions to the above problems with the method of requesting a connection recovery as shown in FIG. The following are explained separately.
  • the solution 1 can be used to solve the problem that the foregoing step 301 adopts the method 1 to generate the message authentication code.
  • a flowchart of a method for requesting a recovery connection includes the following steps:
  • Step 401 The terminal generates a message authentication code according to the freshness parameter and the integrity protection key of the terminal.
  • the freshness parameters used to generate the message authentication code twice are different. That is, the specific value of the freshness parameter changes every time the message authentication code is generated, and the freshness parameter used when generating the message authentication code is different from the freshness parameter used when the message authentication code was last generated. .
  • the freshness parameter includes a Packet Data Convergence Protocol COUNT (PDCP COUNT), and the PDCP COUNT may include an uplink PDCP COUNT and a downlink PDCP COUNT, and the terminal uplinks the PDCP every time an uplink PDCP packet is sent. COUNT plus 1, the downlink PDCP COUNT is incremented by 1 for each downlink PDCP packet sent by the base station.
  • the PDCP COUNT may be an uplink PDCP COUNT of a signaling radio bearer (SRB).
  • SRB signaling radio bearer
  • the PDCP COUNT can be reset to zero. Since the PDCP COUNT is constantly changing, the message authentication code generated by the terminal each time is different from the last generated message authentication code.
  • the freshness parameter may include the number of rejections, and the number of rejections may be used to indicate the number of times the terminal attempts to restore the RRC connection rejected by the network side. Each time the terminal attempts to resume being rejected by the network side, the number of rejections is increased by one. Alternatively, the number of rejections may be reset to zero each time the RRC connection is successfully restored. Since the number of rejections is always changing, the message authentication code generated by the terminal each time is different from the message authentication code generated last time.
  • the message authentication code may be generated according to the freshness parameter, the integrity protection key of the terminal, and the integrity protection algorithm of the terminal.
  • Step 402 The terminal sends a connection recovery request message to the target base station, and the target base station receives a connection recovery request message from the terminal.
  • connection recovery request message is used to request to restore the RRC connection, and the connection recovery request message includes a message authentication code and a recovery identifier.
  • the connection recovery request message further includes an indication parameter, where the indication parameter is used to indicate the freshness parameter.
  • the indication parameter may be the freshness parameter itself, or may be a parameter indicating the freshness parameter.
  • the connection recovery request message also includes a recovery identifier.
  • the connection recovery request message includes a message authentication code and a recovery identifier. If the freshness parameter is PDCP COUNT, the connection recovery request message includes a message authentication code, a recovery identifier, and an indication parameter, and the indication parameter is used to indicate PDCP COUNT.
  • the freshness parameter is PDCP COUNT
  • the PDCP COUNT is represented by a binary bit
  • the indication parameter PDCP COUNT itself is all bits of the PDCP COUNT.
  • the indication parameter can also be a partial bit of the PDCP COUNT.
  • the indication parameter can be represented using a portion of the low bit of the PDCP COUNT.
  • the PDCP COUNT used by the terminal to generate the message authentication code is “00000000000011111111111100011111”
  • the PDCP COUNT used by the terminal to generate the message authentication code is “00000000000011111111100100011”. It can be found that only the lower 5 bits of the PDCP COUNT have changed. The high 27 did not change. Therefore, the lower N bits of the PDCP COUNT can be selected as the indication parameter, N being greater than 1, and less than 32.
  • the indication parameter can also be all bits of the PDCP COUNT.
  • the terminal and the source base station each maintain the number of times the terminal is refused to resume the connection.
  • the message authentication code generated by the terminal is different from the message authentication code generated last time. Therefore, even if the attacker steals the message authentication code used by the terminal last time, the "expired" is used. The message authentication code, therefore, the attacker will not be able to attack successfully.
  • Step 403 The target base station determines whether to approve the recovery request of the terminal.
  • the target base station determines whether the terminal can be accessed based on the load capability.
  • the target base station may reject the recovery request of the terminal, that is, reject the terminal from accessing the target base station.
  • step 404-step 407 is performed.
  • the target base station is not heavily loaded and can access the terminal, and the target base station can agree to the terminal's recovery request, that is, the terminal is allowed to access the target base station. At this time, steps 408 to 411 are performed.
  • Step 404 The target base station sends a notification message to the source base station, where the source base station receives the notification message from the target base station.
  • the notification message includes a message authentication code and a recovery identifier obtained by the target base station from the connection recovery request message, and optionally, an indication parameter, wherein the context of the terminal in the source base station that notifies the update includes a freshness parameter.
  • the notification message has one or more of the following functions:
  • the notification message is used to notify the update of the context of the terminal in the source base station;
  • the notification message is used to notify the target base station that the terminal is refused to resume the connection;
  • the notification message is used to notify the update of the freshness parameter of the context of the terminal in the source base station;
  • the notification message is used to notify the key of the context of the terminal in the update source base station.
  • Step 405 The source base station checks the message authentication code, and if the verification message authentication code is correct, updates the context of the terminal.
  • the source base station first acquires the context of the terminal in the source base station according to the recovery identifier in the notification message.
  • the source base station determines the freshness parameter.
  • the source base station determines a freshness parameter based on the indication parameters. For example, when the freshness parameter is PDCP COUNT, the source base station determines the PDCP COUNT indicating the parameter indication according to the indication parameter. In a specific implementation, if the indication parameter indicates a partial bit of the PDCP COUNT, the source base station may determine the indication according to a part of the high bit of the PDCP COUNT currently stored by the source base station and a part of the low bit of the PDCP COUNT indicated by the parameter. The PDCP COUNT indicated by the parameter.
  • the source base station directly determines the freshness parameter. For example, when the freshness parameter is the number of rejections, the source base station determines the current number of rejections as the number of rejections. That is, the target base station can directly obtain the number of rejections of the terminal locally.
  • the source base station generates a message authentication code according to the freshness parameter, the integrity protection key of the source base station, and the integrity protection algorithm of the source base station, if the generated message authentication code is the same as the message authentication code generated by the terminal carried in the notification message. , the verification is correct, if it is different, the verification fails.
  • the source base station may be based on a freshness parameter, an integrity protection key of the source base station, and an integrity protection algorithm of the source base station, a source PCI, a cell radio network temporary identifier (C-RNTI), The target cell identifier and the recovery constant generate a message authentication code.
  • a freshness parameter an integrity protection key of the source base station, and an integrity protection algorithm of the source base station
  • a source PCI a source PCI
  • C-RNTI cell radio network temporary identifier
  • the target cell identifier and the recovery constant generate a message authentication code.
  • the source base station verifies that the message authentication code is correct, the freshness parameter in the context of the terminal is updated.
  • the freshness parameter is PDCP COUNT
  • the source base station updates the context of the terminal in the source base station, including: if the value of the PDCP COUNT in the notification message is greater than the value of the PDCP COUNT in the context of the terminal in the source base station, the source The base station updates the value of the PDCP COUNT in the context of the terminal to the value of the PDCP COUNT in the notification message, or understands that the value of the PDCP COUNT in the context of the terminal is updated to the value of the PDCP COUNT indicating the parameter indication.
  • the freshness parameter is the number of rejections
  • the source base station updates the context of the terminal in the source base station according to the freshness parameter, including: the source base station increases the number of rejections by one.
  • the source base station may first determine whether the value of the PDCP COUNT in the notification message is greater than the value of the PDCP COUNT in the context of the terminal in the source base station, if the value of the PDCP COUNT in the notification message is greater than the source base station. If the value of the PDCP COUNT in the context of the terminal in the terminal is correct, the source base station checks the message authentication code. If the verification message authentication code is correct, the freshness parameter in the context of the terminal is updated according to the freshness parameter.
  • the specific update method is: The source base station updates the value of the PDCP COUNT in the context of the terminal to the value of the PDCP COUNT in the notification message.
  • Step 406 The source base station sends a response message to the target base station, and the target base station receives the response message from the source base station.
  • the step 406 is an optional step, and the response message is used by the source base station to notify the target base station after the context update of the terminal is completed.
  • Step 407 The target base station sends a connection recovery reject message to the terminal, where the terminal receives a connection recovery reject message from the target base station.
  • This step 407 is the same as step 304 above, and can be referred to the foregoing description.
  • the terminal updates the number of rejections after receiving the connection recovery rejection message, including: adding 1 to the number of rejections.
  • step 407 may be performed before step 404, may be performed after step 406, and may also be performed between step 404-step 406.
  • the target base station when the target base station decides to reject the connection recovery request of the terminal, on the one hand, the target base station notifies the terminal to reject the connection recovery request, and on the other hand, notifies the source base station to update the context of the terminal, specifically, the update source. Freshness parameters stored in the base station. Thereby the freshness parameters between the terminal and the source base station are kept consistent.
  • Step 408 The target base station sends a context request message to the source base station, where the source base station receives a context request message from the target base station.
  • the context request message includes a message authentication code and a recovery identifier generated by the terminal, and the context request message is used to request to acquire the context of the terminal.
  • the context request message further includes an indication parameter.
  • Step 409 The source base station updates the freshness parameter in the context of the terminal if the verification message authentication code is correct.
  • step 405 For the manner in which the source base station checks the message authentication code and the manner in which the source base station updates the freshness parameter in the context of the terminal, refer to the description of step 405 above, and details are not described herein again.
  • Step 410 The source base station sends a context response message to the target base station, where the target base station receives a context response message from the source base station.
  • Step 411 The target base station sends a connection recovery response message to the terminal, where the terminal receives a connection recovery response message from the target base station.
  • the source base station checks the message authentication code of the terminal according to the freshness parameter, and when the verification is correct, on the one hand, updates the source base station.
  • the freshness parameter in the context of the terminal sends the context of the acquired terminal to the target base station.
  • the freshness parameter is introduced in the input parameter of the terminal to generate the message authentication code, and accordingly, the freshness parameter is also introduced in the input parameter of the source base station verification message authentication code.
  • the target base station may notify the source base station to update the freshness parameter in the context of the terminal by step 404, thereby maintaining the consistency of the freshness parameter of the terminal and the source base station.
  • the target base station may request to acquire the context of the terminal from the source base station through step 408, and at the same time, the source base station may also update the source context of the source base station in the process. Sexual parameters, thereby maintaining the consistency of the terminal with the freshness parameters of the source base station.
  • the foregoing solution 1 can effectively solve the problem that the above-mentioned step 301 adopts the method 1 to generate a message authentication code, which is vulnerable.
  • the following is explained in conjunction with specific examples.
  • the freshness parameter as the PDCP COUNT as an example, it is assumed that the value of the PDCP COUNT currently stored by the terminal and the source base station is 5, and the terminal is currently in an inactive state.
  • the terminal sends a connection recovery request message to the target base station for the first time.
  • the connection recovery request message carries a message authentication code, an indication parameter, and a recovery identifier, and the message authentication code is generated according to the PDCP COUNT and the integrity protection key of the terminal, and the The PDCP COUNT indicated by the indication parameter is greater than 5, for example 10.
  • the target base station rejects the connection recovery request of the terminal, the connection recovery rejection message sent to the terminal carries the information of the waiting timer, and instructs the terminal to try to re-initiate the connection recovery request after 30 minutes.
  • the target base station informs the source base station to update the PDCP COUNT in the context of the terminal of the source base station to 10.
  • the PDCP COUNT used is 10.
  • the attacker sends a connection recovery request message to the target base station, where the connection recovery request message carries the stolen message authentication code and the recovery identifier, and after receiving the connection recovery request message, the target base station, if it agrees to the attacker's recovery request, then The source base station sends a context request message. Then, the source base station checks the message authentication code sent by the attacker.
  • the PDCP COUNT used in the generation of the message authentication code sent by the attacker is 10, and the PDCP COUNT in the context of the terminal of the source base station is also 10, two. The two are equal, so the verification fails. Thus, the attacker fails to attack.
  • the freshness parameter as the number of rejections
  • the value of the number of rejections currently stored by the terminal and the source base station is 2, and the terminal is currently in an inactive state.
  • the terminal sends a connection recovery request message to the target base station for the first time.
  • the connection recovery request message carries a message authentication code and a recovery identifier.
  • the message authentication code is generated according to the number of rejections and the integrity protection key of the terminal. 2.
  • the target base station rejects the connection recovery request of the terminal, the connection recovery rejection message sent to the terminal carries the information of the waiting timer, indicating that the terminal may try to re-initiate the connection recovery request after 30 minutes, and the terminal update rejection number is 3. At the same time, the target base station notifies the source base station to update the number of rejections in the context of the terminal of the source base station to 3.
  • the attacker steals the message authentication code and the recovery identifier from the connection recovery request message sent by the terminal to the target base station for the first time, where the message authentication code is generated.
  • the number of rejections used is 2.
  • the attacker sends a connection recovery request message to the target base station, where the connection recovery request message carries the stolen message authentication code and the recovery identifier, and after receiving the connection recovery request message, the target base station, if it agrees to the attacker's recovery request, then The source base station sends a context request message. Then, the source base station checks the message authentication code sent by the attacker, because the number of rejections used by the attacker to send the message authentication code is 2, and the number of rejections in the context of the terminal of the source base station is 3, so the school The test failed. Thus, the attacker fails to attack.
  • the first solution provided by the present application can effectively solve the problem of the method 1 for generating the message authentication code in the foregoing step 301, and can effectively resist the attack of the attacker.
  • the solution 2 can be used to solve the problem that the foregoing step 301 uses the second method to generate the message authentication code.
  • Step 501 The terminal generates a message authentication code.
  • the step 501 is the same as the second method of the foregoing step 301, and the foregoing description may be referred to.
  • the access layer key is also updated, that is, updated by KgNB to KgNB*, and the integrity protection key is also updated, that is, updated by Krrc-int to Krrc- Int*.
  • Step 502 The terminal sends a connection recovery request message to the target base station, where the target base station receives a connection recovery request message from the terminal.
  • This step 502 is the same as the foregoing step 302, and the foregoing description can be referred to.
  • Step 503 The target base station determines whether to agree to the recovery request of the terminal.
  • the target base station determines whether the terminal can be accessed based on the load capability.
  • the target base station may reject the recovery request of the terminal, that is, reject the terminal from accessing the target base station. At this time, steps 504 to 507 are performed.
  • the target base station is not heavily loaded and can access the terminal, and the target base station can agree to the terminal's recovery request, that is, the terminal is allowed to access the target base station.
  • step 508-step 511 is performed.
  • Step 504 The target base station sends a notification message to the source base station, where the source base station receives the notification message from the target base station.
  • the notification message includes a message authentication code and a recovery identifier obtained by the target base station from the connection recovery request message.
  • the notification message has one or more of the following functions:
  • the notification message is used to notify the update of the context of the terminal in the source base station;
  • the notification message is used to notify the target base station that the terminal is refused to resume the connection;
  • the notification message is used to notify the update of the freshness parameter of the context of the terminal in the source base station;
  • the notification message is used to notify the key of the context of the terminal in the update source base station.
  • the key may be an access layer key, and/or an integrity protection key.
  • Step 505 The source base station checks the message authentication code, and if the verification message authentication code is correct, updates the key of the context of the terminal.
  • the source base station first acquires the context of the terminal in the source base station according to the recovery identifier in the notification message.
  • the source base station generates a message authentication code according to the integrity protection algorithm of the source base station and the integrity protection key of the source base station. If the generated message authentication code is the same as the message authentication code carried in the notification message, the verification is correct. Different, the verification fails.
  • the integrity protection key of the source base station used by the source base station to generate the message authentication code is the new integrity protection key Krrc-int* generated by the source base station. For the specific generation method, refer to the related description in step 306 above. No longer.
  • the source base station verifies the message authentication code, and if the verification message authentication code is correct, updates the access layer key of the context of the terminal, and/or the integrity protection key.
  • Step 506 The source base station sends a response message to the target base station, and the target base station receives the response message from the source base station.
  • the step 506 is an optional step, and the response message is used by the source base station to notify the target base station after the context update of the terminal is completed.
  • Step 507 The target base station sends a connection recovery reject message to the terminal, where the terminal receives a connection recovery reject message from the target base station.
  • This step 507 is the same as step 304 above, and the foregoing description can be parameterized.
  • step 507 may be performed before step 504, may be performed after step 506, and may also be performed between steps 504-506.
  • the target base station decides to reject the connection recovery request of the terminal, on the one hand, the target base station notifies the terminal to reject the connection recovery request, and on the other hand, notifies the source base station to update the key of the context of the terminal. Thereby the keys between the terminal and the source base station are kept consistent.
  • Step 508 The target base station sends a context request message to the source base station, where the source base station receives a context request message from the target base station.
  • the context request message includes a message authentication code and a recovery identifier generated by the terminal, and the context request message is used to request to acquire the context of the terminal.
  • This step is the same as step 305 above, and the foregoing description can be referred to.
  • Step 509 The source base station acquires the context of the terminal if the verification message authentication code is correct.
  • Step 510 The source base station sends a context response message to the target base station if the verification message authentication code is correct.
  • the context response message may include a context of the terminal, for example, an integrity protection algorithm of the source base station, and an integrity protection key of the source base station.
  • a context of the terminal for example, an integrity protection algorithm of the source base station, and an integrity protection key of the source base station.
  • the generated KgNB* is also included.
  • Step 511 The target base station sends a connection recovery response message to the terminal, where the terminal receives a connection recovery response message from the target base station.
  • connection recovery response message is used to instruct the terminal to resume the RRC connection.
  • the connection recovery response message may be integrity protected and encrypted by the target base station according to the integrity protection algorithm of the source base station and the integrity protection key and the encryption key generated by the KgNB*.
  • step 308 the subsequent process of the terminal from the inactive state to the connected state is further included.
  • the subsequent process of the terminal from the inactive state to the connected state is further included.
  • the method for restoring the connection as shown in the above steps 501 to 511 can effectively solve the problem that occurs when the message authentication code is generated by the second method in the foregoing step 301.
  • the target base station decides to reject the terminal
  • the target base station sends a notification message to the source base station to notify the source base station to update the key, so that the key is always the same between the terminal and the source base station, so that the terminal and the source can be effectively solved.
  • the terminal that is not synchronized between the base stations cannot solve the problem of the connection being restored.
  • step 504-step 506 may also be deleted, and after step 507, the operation of the terminal is added: the terminal Restore the access layer key of the terminal to the access layer key before the update.
  • the terminal has updated the access layer key.
  • the terminal may also use the method of backing off the key by the terminal.
  • the access layer key of the terminal is restored to the access layer key before the update. Therefore, the purpose of maintaining the same key between the terminal and the source base station is also achieved, and the problem that the terminal cannot be restored due to the key synchronization between the terminal and the source base station can be effectively solved.
  • the solution three is a solution obtained by combining the above solution one and the solution two.
  • the solution 3 can effectively resist the attacker's attack while solving the above problem of inconsistent key.
  • Step 601 The terminal generates a message authentication code.
  • the message authentication code is generated by combining the manner in which the message authentication code is generated in the above step 401 and the manner in which the message authentication code is generated in step 501.
  • the terminal generates a message authentication code according to the integrity protection algorithm of the terminal, the integrity protection key of the terminal, and the freshness parameter, where the integrity protection key of the terminal is Krrc-int*, and the Krrc-int* is based on The updated access layer key KgNB*, the identity of the integrity protection algorithm of the terminal, and the type of integrity protection algorithm of the terminal are generated.
  • Step 602 The terminal sends a connection recovery request message to the target base station, where the target base station receives a connection recovery request message from the terminal.
  • connection recovery request message includes a message authentication code and a recovery identifier.
  • connection recovery request further includes an indication parameter, and the indication parameter is used to indicate a freshness parameter.
  • Step 603 The target base station determines whether to approve the recovery request of the terminal.
  • the target base station determines whether the terminal can be accessed based on the load capability.
  • the target base station may reject the recovery request of the terminal, that is, reject the terminal from accessing the target base station. At this time, steps 604 to 607 are performed.
  • the target base station is not heavily loaded and can access the terminal, and the target base station can agree to the terminal's recovery request, that is, the terminal is allowed to access the target base station.
  • step 608-step 611 is performed.
  • Step 604 The target base station sends a notification message to the source base station, where the source base station receives the notification message from the target base station.
  • the notification message includes a message authentication code and a recovery identifier obtained by the target base station from the connection recovery request message.
  • the notification message may further include an indication parameter.
  • the notification message has one or more of the following functions:
  • the notification message is used to notify the update of the context of the terminal in the source base station;
  • the notification message is used to notify the target base station that the terminal is refused to resume the connection;
  • the notification message is used to notify the update of the freshness parameter of the context of the terminal in the source base station;
  • the notification message is used to notify the key of the context of the terminal in the update source base station.
  • the key may be an access layer key, and/or an integrity protection key.
  • Step 605 The source base station checks the message authentication code. If the verification message authentication code is correct, the freshness parameter and the key of the context of the terminal are updated.
  • the source base station first determines the context of the terminal in the source base station according to the recovery identifier in the notification message.
  • the source base station determines the freshness parameter.
  • the source base station may determine the freshness parameter according to the indication parameter in the notification message. For example, when the freshness parameter is PDCP COUNT, the source base station determines the PDCP COUNT indicating the parameter indication according to the indication parameter.
  • the source base station can also directly determine the freshness parameters. For example, when the freshness parameter is the number of rejections, the source base station determines the current number of rejections as the number of rejections.
  • the source base station generates a message authentication code according to the freshness parameter, the integrity protection key of the source base station, and the integrity protection algorithm of the source base station, if the generated message authentication code is the same as the message authentication code generated by the terminal carried in the notification message. , the verification is correct, if it is different, the verification fails.
  • the integrity protection key of the source base station used by the source base station to generate the message authentication code is a new integrity protection key Krrc-int* generated by the source base station.
  • the freshness parameter in the context of the terminal is updated according to the freshness parameter. For details, refer to the related description of the foregoing step 405. And, the source base station also updates the key in the context of the terminal. For example, the integrity protection key Krrc-int in the source base station is updated to Krrc-int*, and/or the access layer key KgNB in the source base station is updated to KgNB*.
  • Step 606 The source base station sends a response message to the target base station, and the target base station receives the response message from the source base station.
  • the step 606 is an optional step, and the response message is used by the source base station to notify the target base station after the context update of the terminal is completed.
  • Step 607 The target base station sends a connection recovery reject message to the terminal, where the terminal receives a connection recovery reject message from the target base station.
  • This step 607 is the same as step 404 above, and the foregoing description can be parameterized.
  • step 607 may be performed before step 604, may be performed after step 606, and may also be performed between steps 604-606.
  • the target base station when the target base station decides to reject the connection recovery request of the terminal, on the one hand, the target base station notifies the terminal to reject the connection recovery request, and on the other hand, notifies the source base station to update the context of the terminal, specifically, the update source. Freshness parameters and keys stored in the base station. Therefore, the freshness parameters between the terminal and the source base station are consistent, and the keys are consistent.
  • Step 608 The target base station sends a context request message to the source base station, where the source base station receives a context request message from the target base station.
  • the context request message includes a message authentication code generated by the terminal, a freshness parameter, and a recovery identifier, and the context request message is used to request to acquire the context of the terminal.
  • Step 609 If the source base station verifies that the message authentication code is correct, the freshness parameter and the key in the context of the terminal are updated.
  • step 605 For the manner in which the source base station checks the message authentication code, and the manner in which the source base station updates the freshness parameter and the key in the context of the terminal, refer to the description of step 605 above, and details are not described herein again.
  • Step 610 The source base station sends a context response message to the target base station, and the target base station receives a context response message from the source base station.
  • Step 611 The target base station sends a connection recovery response message to the terminal, where the terminal receives a connection recovery response message from the target base station.
  • the source base station performs the message authentication code of the terminal according to the freshness parameter, the integrity protection key of the source base station, and the integrity protection algorithm of the source base station.
  • the freshness parameter is introduced in the input parameter of the terminal to generate the message authentication code by the method in the above steps 601-step 611.
  • the freshness parameter is also introduced in the input parameter of the source base station verification message authentication code.
  • the integrity protection key used to generate the message authentication code is generated based on the updated integrity protection key.
  • the target base station may notify the source base station to update the freshness parameter and the key in the context of the terminal by step 604, thereby maintaining the freshness parameter and the key of the terminal and the source base station. Consistent.
  • the target base station may request to acquire the context of the terminal from the source base station by using step 608, and the source base station may also update the source context of the source base station in the process. Sex parameters and keys, thereby maintaining the consistency of the terminal and the source station's freshness parameters and keys.
  • the key synchronization between the terminal and the source base station can be maintained, and on the other hand, the attacker can be effectively resisted, thereby facilitating the terminal to smoothly enter the connected state from the inactive state. .
  • the solution 4 can be used to solve the problem that the foregoing step 301 adopts the second method to generate the message authentication code.
  • Step 701 The terminal generates a message authentication code.
  • This step 701 is the same as the second method of the foregoing step 301, and reference may be made to the foregoing description.
  • the terminal updates the access layer key before the message authentication code is generated, that is, the KgNB is updated to KgNB*, and the integrity protection key is also updated, that is, updated by Krrc-int to Krrc-int. *.
  • a message authentication code is then generated based on the updated integrity protection key.
  • Step 702 The terminal sends a connection recovery request message to the target base station, where the target base station receives a connection recovery request message from the terminal.
  • This step 702 is the same as the foregoing step 302, and can be referred to the foregoing description.
  • Step 703 The target base station determines whether to agree with the recovery request of the terminal.
  • the target base station determines whether the terminal can be accessed based on the load capability.
  • the target base station may reject the recovery request of the terminal, that is, reject the terminal from accessing the target base station. At this time, steps 704-705 are performed.
  • the target base station is not heavily loaded and can access the terminal, and the target base station can agree to the terminal's recovery request, that is, the terminal is allowed to access the target base station.
  • step 706-step 709 is performed.
  • Step 704 The target base station sends a connection recovery reject message to the terminal, where the terminal receives a connection recovery reject message from the target base station.
  • This step 704 is the same as step 304 above, and reference may be made to the foregoing description.
  • Step 705 The terminal restores the access layer key of the terminal to the access layer key before the update.
  • One implementation may be that the terminal saves the access layer key before the update, such as KgNB, before receiving the reject message. After receiving the reject message, the terminal uses the access layer key before the update as the current or stored access layer key. Optionally, after receiving the reject message, the terminal may also delete the updated access layer key, such as KgNB*.
  • the terminal saves the security context before the update before receiving the reject message, and the security context before the update includes the access layer key before the update, such as KgNB.
  • the terminal uses the pre-update security context as the current or stored security context.
  • the terminal may also delete the updated security context.
  • the security context may be the AS security context of the terminal.
  • the terminal restores the access layer key of the terminal to the access layer key before the update
  • the access layer key before the update is saved, and the terminal performs the second mode in step 701 again after the next connection is restored.
  • the terminal has updated the access layer key.
  • the terminal may use the method of backing off the key by the terminal.
  • the access layer key is restored to the access layer key before the update. Therefore, the purpose of maintaining the same key between the terminal and the source base station is also achieved, and the problem that the terminal cannot be restored due to the key synchronization between the terminal and the source base station can be effectively solved.
  • Step 706 The target base station sends a context request message to the source base station, where the source base station receives a context request message from the target base station.
  • the context request message includes a message authentication code and a recovery identifier generated by the terminal, and the context request message is used to request to acquire the context of the terminal.
  • This step is the same as step 305 above, and the foregoing description can be referred to.
  • Step 707 The source base station acquires the context of the terminal if the verification message authentication code is correct.
  • Step 708 The source base station sends a context response message to the target base station if the verification message authentication code is correct.
  • the context response message may include a context of the terminal, for example, an integrity protection algorithm of the source base station, and an integrity protection key of the source base station.
  • a context of the terminal for example, an integrity protection algorithm of the source base station, and an integrity protection key of the source base station.
  • the generated KgNB* is also included.
  • Step 709 The target base station sends a connection recovery response message to the terminal, where the terminal receives a connection recovery response message from the target base station.
  • connection recovery response message is used to instruct the terminal to resume the RRC connection.
  • the connection recovery response message may be integrity protected and encrypted by the target base station according to the integrity protection algorithm of the source base station and the integrity protection key and the encryption key generated by the KgNB*.
  • step 709 the subsequent process of the terminal from the inactive state to the connected state is further included.
  • the subsequent process of the terminal from the inactive state to the connected state is further included.
  • the method for restoring the connection as shown in the foregoing steps 701 to 709 can effectively solve the problem that occurs when the message authentication code is generated by the second method in the foregoing step 301.
  • the target base station decides to reject the terminal
  • the target base station sends a connection recovery reject message to the terminal through step 704, and the terminal restores the access layer key of the terminal to the access layer key before the update by step 705, thereby causing the terminal and the source.
  • the keys are always the same between the base stations, so that the problem that the terminal cannot be restored due to the key synchronization between the terminal and the source base station can be effectively solved.
  • connection recovery request message, the connection recovery response message, the connection recovery completion message, the context request message, the context response message, and the like in the foregoing embodiment are only one name, and the name does not limit the message itself.
  • the connection recovery request message, the connection recovery response message, the connection recovery completion message, the context request message, and the context response message may be other names, which are not specifically limited in the embodiment of the present application.
  • the connection recovery request message may also be replaced with a request message, a recovery request message, a connection request message, etc.
  • the connection recovery response message may be replaced with a response message, a recovery response message, a connection response message, etc., and the connection is restored.
  • the completion message may also be replaced with a completion message, a recovery completion message, a connection completion message, etc.
  • the context request message may also be replaced with a request message or the like
  • the context response message may also be replaced with a response message or the like.
  • each of the foregoing network elements includes a hardware structure and/or a software module corresponding to each function.
  • the present invention can be implemented in a combination of hardware or hardware and computer software in combination with the elements and algorithm steps of the various examples described in the embodiments disclosed herein. Whether a function is implemented in hardware or computer software to drive hardware depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods for implementing the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present invention.
  • FIG. 8 a schematic diagram of a device provided by the present application, which may be a terminal, a target base station, or a source base station, may be implemented by the terminal, the target base station, or the source base station in any of the foregoing embodiments.
  • the apparatus 800 includes at least one processor 801, a transmitter 802, a receiver 803, and optionally a memory 804.
  • the processor 801, the transmitter 802, the receiver 803, and the memory 804 are connected by a communication line.
  • Processor 801 can be a general purpose central processing unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more integrated circuits for controlling the execution of the program of the present invention.
  • CPU central processing unit
  • ASIC application-specific integrated circuit
  • the communication line can include a path for communicating information between the units.
  • the transmitter 802 and the receiver 803 are configured to communicate with other devices or communication networks.
  • the transmitter and receiver include radio frequency circuits.
  • the memory 804 can be a read-only memory (ROM) or other type of static storage device that can store static information and instructions, a random access memory (RAM) or other type that can store information and instructions.
  • the dynamic storage device may also be an electrically erasable programmabler-only memory (EEPROM), a compact disc read-only memory (CD-ROM) or other optical disc storage, or a disc storage ( Including compressed optical discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.), magnetic disk storage media or other magnetic storage devices, or can be used to carry or store desired program code in the form of instructions or data structures and can be stored by a computer Any other media taken, but not limited to this.
  • EEPROM electrically erasable programmabler-only memory
  • CD-ROM compact disc read-only memory
  • CD-ROM compact disc read-only memory
  • disc storage Including compressed optical discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.
  • the memory 804 may be independent and connected to the processor 801 via a communication line. Memory 804 can also be integrated with the processor.
  • the memory 804 is used to store application code for executing the solution of the present invention, and is controlled by the processor 801 for execution.
  • the processor 801 is configured to execute application code stored in the memory 804.
  • the processor 801 may include one or more CPUs, such as CPU0 and CPU1 in FIG.
  • apparatus 800 can include multiple processors, such as processor 801 and processor 808 in FIG. Each of these processors may be a single-CPU processor or a multi-core processor, where the processor may refer to one or more devices, circuits, and/or A processing core for processing data, such as computer program instructions.
  • the device 800 can be used to implement the steps performed by the terminal in the method of the embodiment of the present invention.
  • the device 800 can perform step 301, step 302, step 304 in FIG. 3 and Step 308, step 401, step 402, step 407, and step 411 in FIG. 4 may also be performed.
  • Step 501, step 502, step 507, and step 511 in FIG. 5 may also be performed, and step 601 in FIG. 6 may also be performed.
  • Step 602, step 607, and step 611, step 701, step 702, step 704, and step 709 in FIG. 7 can also be performed.
  • Related features can be referred to above, and will not be described again here.
  • the device 800 can be used to implement the steps performed by the target base station in the method of the embodiment of the present invention.
  • the device 800 can perform step 302, step 303, step 304, and step in FIG. 305, step 307 and step 308, step 402, step 403, step 404, step 406, step 407, step 408, step 410 and step 411 in FIG. 4 may also be performed, and step 502 and step 503 in FIG. 5 may also be performed.
  • Step 504, step 506, step 507, step 508, step 510, and step 511, step 602, step 603, step 604, step 606, step 607, step 608, step 610, and step 611 in FIG. 6 may also be performed.
  • Step 702, step 703, step 704, step 706, step 708, and step 709 in FIG. 7 can also be performed.
  • Related features can be referred to above, and will not be described again here.
  • the device 800 can be used to implement the steps performed by the source base station in the method of the embodiment of the present invention.
  • the device 800 can perform step 305, step 306, and step 307 in FIG. 3, Step 404, step 405, step 406, step 408, step 409, and step 410 in FIG. 4 may also be performed, and step 504, step 505, step 506, step 508, step 509, and step 510 in FIG. 5 may also be performed.
  • Step 604, step 605, step 606, step 608, step 609, and step 610 in FIG. 6 may also be performed, and step 706, step 707, and step 708 in FIG. 7 may also be performed, and related features may be referred to above. I will not repeat them here.
  • the application may divide the function module into the terminal according to the above method example.
  • each function module may be divided according to each function, or two or more functions may be integrated into one processing module.
  • the above integrated modules can be implemented in the form of hardware or in the form of software functional modules. It should be noted that the division of modules in the present application is schematic, and is only a logical function division, and may be further divided in actual implementation.
  • FIG. 9 shows a schematic diagram of a device, which may be the terminal involved in the above embodiment, and the device 900 includes a processing unit 901 and a transmitting unit 903. .
  • a receiving unit 902 is further included.
  • the processing unit 901 is configured to generate a message authentication code according to the freshness parameter and the integrity protection key of the device, where the freshness parameter used in generating the message authentication code twice is different;
  • the sending unit 903 is configured to send a connection recovery request message to the target base station, where the connection recovery request message includes the message authentication code, and the connection recovery request message is used to request to resume the radio resource control RRC connection.
  • the freshness parameter includes a number of rejections, the number of rejections being used to indicate the number of times the device is rejected when attempting to resume the RRC connection.
  • the receiving unit 902 is configured to receive a connection recovery response message from the target base station, where the connection recovery response message is used to instruct the terminal to resume the RRC connection.
  • connection recovery request message further includes an indication parameter, where the indication parameter is used to indicate the freshness parameter.
  • the freshness parameter includes a packet data convergence protocol count PDCPCOUNT
  • the indication parameter includes part or all of the bits of the PDCP COUNT.
  • the terminal may be used to implement the steps performed by the terminal in the method of the embodiment of the present invention.
  • the terminal may be used to implement the steps performed by the terminal in the method of the embodiment of the present invention.
  • the application may perform the division of the function modules on the target base station according to the foregoing method example.
  • each function module may be divided according to each function, or two or more functions may be integrated into one processing module.
  • the above integrated modules can be implemented in the form of hardware or in the form of software functional modules.
  • the division of modules in the present application is schematic, and is only a logical function division, and may be further divided in actual implementation.
  • FIG. 10 shows a schematic diagram of a device, which may be the target base station involved in the above embodiment, and the device 1000 includes a receiving unit 1001 and a transmitting unit. 1002.
  • the receiving unit 1001 is configured to receive a connection recovery request message from a terminal, where the connection recovery request message includes a message authentication code, where the connection recovery request message is used to request to restore a radio resource control RRC connection, where the message authentication code is Generating according to the integrity protection key of the terminal;
  • the sending unit 1002 is configured to: if the RRC connection is refused to be restored, send a notification message to the source base station, where the notification message includes the message authentication code.
  • the notification message has one or more of the following functions:
  • the notification message is used to notify the update of the context of the terminal in the source base station;
  • the notification message is used to notify the target base station that the terminal is refused to resume the connection;
  • the notification message is used to notify the update of the freshness parameter of the context of the terminal in the source base station;
  • the notification message is used to notify the key of the context of the terminal in the update source base station.
  • the notification message notifies that the updated context of the terminal includes an access layer key.
  • the message authentication code is generated according to a freshness parameter and an integrity protection key of the terminal, where the notification message notifies that the updated context of the terminal includes the freshness parameter
  • the freshness parameters used to generate the message authentication code two times are different.
  • connection recovery request message further includes an indication parameter, where the indication parameter is used to indicate the freshness parameter, and the notification message further includes the indication parameter.
  • the freshness parameter includes a PDCP COUNT
  • the indication parameter includes part or all of the bits of the PDCP COUNT.
  • the freshness parameter includes a number of rejections, the number of rejections being used to indicate the number of times the device is rejected when attempting to resume the RRC connection.
  • the receiving unit 1001 is configured to receive a connection recovery request message from a terminal, where the connection recovery request message includes a message authentication code, where the message authentication code is generated according to a freshness parameter and an integrity protection key of the terminal.
  • the freshness parameter used in generating the message authentication code twice is different, and the connection recovery request message is used to request to resume the radio resource control RRC connection;
  • the sending unit 1002 is configured to: if the RRC connection is restored, send a context request message to the source base station, where the context request message includes the message authentication code, where the context request message is used to request to acquire the context of the terminal. .
  • connection recovery request message further includes an indication parameter, where the indication parameter is used to indicate the freshness parameter, and the context request message further includes the indication parameter.
  • the freshness parameter includes a packet data convergence protocol PDCP count COUNT
  • the indication parameter includes part or all of the bits of the PDCP COUNT.
  • the freshness parameter includes a number of rejections, the number of rejections being used to indicate the number of times the device is rejected when attempting to resume the RRC connection.
  • target base station may be used to implement the steps performed by the target base station in the method of the embodiment of the present invention.
  • reference may be made to the above, and details are not described herein again.
  • the application may divide the function modules of the source base station according to the foregoing method example.
  • each function module may be divided according to each function, or two or more functions may be integrated into one processing module.
  • the above integrated modules can be implemented in the form of hardware or in the form of software functional modules. It should be noted that the division of modules in the present application is schematic, and is only a logical function division, and may be further divided in actual implementation.
  • FIG. 11 shows a schematic diagram of a device, which may be the source base station involved in the above embodiment, and the device 1100 includes a processing unit 1101 and a receiving unit. 1102 and a transmitting unit 1103.
  • the receiving unit 1102 is configured to receive a notification message from a target base station, where the notification message includes a message authentication code, where the message authentication code is generated according to an integrity protection key of the terminal;
  • the processing unit 1101 is configured to check the message authentication code according to the integrity protection key of the source base station, and to update the source base station if the message authentication code is correct The context of the terminal.
  • the notification message has one or more of the following functions:
  • the notification message is used to notify the update of the context of the terminal in the source base station;
  • the notification message is used to notify the target base station that the terminal is refused to resume the connection;
  • the notification message is used to notify the update of the freshness parameter of the context of the terminal in the source base station;
  • the notification message is used to notify the key of the context of the terminal in the update source base station.
  • the processing unit 1101 is specifically configured to update an access layer key in a context of the terminal in the source base station.
  • the message authentication code is generated according to a freshness parameter and an integrity protection key of the terminal, where a freshness parameter used by generating a message authentication code twice is different;
  • the processing unit 1101 is specifically configured to check the message authentication code according to the freshness parameter and an integrity protection key of the source base station.
  • the notification message further includes an indication parameter, where the indication parameter is used to indicate the freshness parameter.
  • the freshness parameter includes a packet data convergence protocol, which is a PDCP COUNT
  • the processing unit 1101 is configured to update a context of the terminal in the source base station, and specifically includes:
  • the value of the PDCP COUNT is greater than the value of the PDCP COUNT in the context of the terminal, the value of the PDCP COUNT in the context of the terminal is updated to the value of the PDCP COUNT indicated by the indication parameter.
  • the freshness parameter includes a number of rejections, the number of rejections being used to indicate the number of times the device is rejected when attempting to resume the RRC connection.
  • the processing unit 1101 is specifically configured to increase the number of rejections of the context of the terminal by one.
  • the receiving unit 1102 is configured to receive a context request message from a target base station, where the context request message includes a message authentication code, where the message authentication code is generated according to the freshness parameter and an integrity protection key of the terminal.
  • the freshness parameter used by the neighboring two generation message authentication codes is different, and the context request message is used to request to acquire the context of the terminal;
  • the processing unit 1101 is configured to check the message authentication code according to the freshness parameter and the integrity protection key of the source base station; and, if used to verify that the message authentication code is correct, update Freshness parameters in the context of the terminal;
  • the sending unit 1103 is configured to send a context response message to the target base station, where the context response message includes a context of the terminal.
  • the context request message further includes an indication parameter, where the indication parameter is used to indicate the freshness parameter, and the freshness parameter includes a PDCP COUNT; the processing unit 1101 is configured according to the update.
  • the context of the terminal in the source base station specifically includes:
  • the value of the PDCP COUNT is greater than the value of the PDCP COUNT in the context of the terminal, the value of the PDCP COUNT in the context of the terminal is updated to the value of the PDCP COUNT indicated by the indication parameter.
  • the indication parameter includes a partial bit of the PDCP COUNT; the processing unit 1101 is further configured to: determine, according to the indication parameter, the PDCP COUNT indicated by the indication parameter.
  • the freshness parameter includes a number of rejections
  • the number of rejections is used to indicate a number of times the device attempts to recover the RRC connection
  • the processing unit 1101 is configured to update according to the update.
  • the context of the terminal in the source base station includes: resetting the number of rejections in the context of the terminal to zero.
  • the source base station may be used to implement the steps performed by the source base station in the method of the embodiment of the present invention.
  • reference may be made to the above, and details are not described herein again.
  • the above embodiments it may be implemented in whole or in part by software, hardware, firmware or any combination thereof.
  • software it may be implemented in whole or in part in the form of a computer program product.
  • the computer program product includes one or more computer instructions.
  • the computer program instructions When the computer program instructions are loaded and executed on a computer, the processes or functions described in accordance with embodiments of the present invention are generated in whole or in part.
  • the computer can be a general purpose computer, a special purpose computer, a computer network, or other programmable device.
  • the computer instructions can be stored in a computer readable storage medium or transferred from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions can be from a website site, computer, server or data center Transfer to another website site, computer, server, or data center by wire (eg, coaxial cable, fiber optic, digital subscriber line (DSL), or wireless (eg, infrared, wireless, microwave, etc.).
  • the computer readable storage medium can be any available media that can be accessed by a computer or a data storage device such as a server, data center, or the like that includes one or more available media.
  • the usable medium may be a magnetic medium (eg, a floppy disk, a hard disk, a magnetic tape), an optical medium (eg, a DVD), or a semiconductor medium (such as a Solid State Disk (SSD)) or the like.
  • a magnetic medium eg, a floppy disk, a hard disk, a magnetic tape
  • an optical medium eg, a DVD
  • a semiconductor medium such as a Solid State Disk (SSD)
  • the above embodiments it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof.
  • software it may be implemented in whole or in part in the form of a computer program product.
  • the computer program product includes one or more computer instructions.
  • the computer program instructions When the computer program instructions are loaded and executed on a computer, the processes or functions described in accordance with embodiments of the present invention are generated in whole or in part.
  • the computer can be a general purpose computer, a special purpose computer, a computer network, or other programmable device.
  • the computer instructions can be stored in a computer readable storage medium or transferred from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions can be from a website site, computer, server or data center Transfer to another website site, computer, server, or data center by wire (eg, coaxial cable, fiber optic, digital subscriber line (DSL), or wireless (eg, infrared, wireless, microwave, etc.).
  • the computer readable storage medium can be any available media that can be accessed by a computer or a data storage device such as a server, data center, or the like that includes one or more available media.
  • the usable medium may be a magnetic medium (eg, a floppy disk, a hard disk, a magnetic tape), an optical medium (eg, a DVD), or a semiconductor medium (such as a Solid State Disk (SSD)) or the like.
  • a magnetic medium eg, a floppy disk, a hard disk, a magnetic tape
  • an optical medium eg, a DVD
  • a semiconductor medium such as a Solid State Disk (SSD)
  • embodiments of the present application can be provided as a method, apparatus (device), computer readable storage medium, or computer program product.
  • the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or a combination of software and hardware aspects, which are collectively referred to herein as "module” or "system.”

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne un procédé et un dispositif de demande de reprise de connexion. Le procédé comprend les étapes suivantes : un terminal génère un code d'authentification de message d'après un paramètre d'ancienneté et une clé de protection d'intégrité du terminal, les paramètres d'ancienneté utilisés pour deux générations adjacentes de codes d'authentification de message étant différents ; et le terminal envoie un message de demande de reprise de connexion à une station de base cible, le message de demande de reprise de connexion contenant le code d'authentification de message, et le message de demande de reprise de connexion étant utilisé pour demander la reprise d'une connexion de gestion des ressources radioélectriques (RRC). Comme un code d'authentification de message généré par un terminal est différent du précédent code d'authentification de message généré, même si un attaquant subtilise le précédent code d'authentification de message généré, comme le code d'authentification de message a « expiré », l'attaque ne peut pas aboutir.
PCT/CN2018/116000 2017-11-16 2018-11-16 Procédé et dispositif de demande de reprise de connexion WO2019096265A1 (fr)

Priority Applications (9)

Application Number Priority Date Filing Date Title
ES18879002T ES2928106T3 (es) 2017-11-16 2018-11-16 Método y dispositivo para solicitar la recuperación de la conexión
AU2018366755A AU2018366755B2 (en) 2017-11-16 2018-11-16 Connection resume request method and apparatus
EP18879002.6A EP3713271B1 (fr) 2017-11-16 2018-11-16 Procédé et dispositif de demande de reprise de connexion
BR112020009673-3A BR112020009673A2 (pt) 2017-11-16 2018-11-16 método e aparelho de solicitação de restabelecimento de conexão
KR1020207017141A KR102354626B1 (ko) 2017-11-16 2018-11-16 연결 재개 요청 방법 및 장치
RU2020119591A RU2772617C2 (ru) 2017-11-16 2018-11-16 Способ и устройство запроса возобновления соединения
EP22186005.9A EP4152790A1 (fr) 2017-11-16 2018-11-16 Procédé et appareil de demande de reprise de connexion
US16/874,117 US11627623B2 (en) 2017-11-16 2020-05-14 Connection resume request method and apparatus
US18/185,762 US20230292388A1 (en) 2017-11-16 2023-03-17 Connection Resume Request Method and Apparatus

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN201711138495 2017-11-16
CN201711138495.4 2017-11-16
CN201810149050.4 2018-02-13
CN201810149050.4A CN109803258B (zh) 2017-11-16 2018-02-13 一种请求恢复连接的方法及装置

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US16/874,117 Continuation US11627623B2 (en) 2017-11-16 2020-05-14 Connection resume request method and apparatus

Publications (1)

Publication Number Publication Date
WO2019096265A1 true WO2019096265A1 (fr) 2019-05-23

Family

ID=66538927

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/116000 WO2019096265A1 (fr) 2017-11-16 2018-11-16 Procédé et dispositif de demande de reprise de connexion

Country Status (1)

Country Link
WO (1) WO2019096265A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106961712A (zh) * 2016-01-12 2017-07-18 展讯通信(上海)有限公司 小区接入方法及基站
CN107046735A (zh) * 2016-02-05 2017-08-15 中兴通讯股份有限公司 终端与网络间连接处理方法和装置
CN107294723A (zh) * 2016-03-31 2017-10-24 中兴通讯股份有限公司 消息完整性认证信息的生成和验证方法、装置及验证系统
CN107318176A (zh) * 2016-04-26 2017-11-03 中兴通讯股份有限公司 恢复标识的获取、发送方法及装置、ue、接入网设备

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106961712A (zh) * 2016-01-12 2017-07-18 展讯通信(上海)有限公司 小区接入方法及基站
CN107046735A (zh) * 2016-02-05 2017-08-15 中兴通讯股份有限公司 终端与网络间连接处理方法和装置
CN107294723A (zh) * 2016-03-31 2017-10-24 中兴通讯股份有限公司 消息完整性认证信息的生成和验证方法、装置及验证系统
CN107318176A (zh) * 2016-04-26 2017-11-03 中兴通讯股份有限公司 恢复标识的获取、发送方法及装置、ue、接入网设备

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3713271A4 *

Similar Documents

Publication Publication Date Title
AU2018366755B2 (en) Connection resume request method and apparatus
CN109729524B (zh) 一种rrc连接恢复方法及装置
JP2020504559A (ja) Pduセッション管理
EP3713372A1 (fr) Procédé et dispositif de création de groupe d'utilisateurs
CN110383868B (zh) 无线通信系统中的非活动状态安全支持
WO2019096171A1 (fr) Procédé et appareil de demande de récupération de connexion
WO2009152759A1 (fr) Procédé et dispositif de prévention de perte de synchronisation de sécurité de réseau
CN110731091B (zh) 用于促进用户设备的无线电链路恢复的方法、元件、介质及用户设备
WO2019062374A1 (fr) Procédé et appareil de négociation d'algorithme d'élaboration de clés
CN111886885B (zh) 恢复rrc连接时的安全验证
US20220303763A1 (en) Communication method, apparatus, and system
CN111836263A (zh) 通信处理方法和通信处理装置
CN110545253B (zh) 一种信息处理方法、装置、设备及计算机可读存储介质
CN109842484B (zh) 一种下一跳链计数器更新方法、装置及设备
WO2019096265A1 (fr) Procédé et dispositif de demande de reprise de connexion
RU2772617C2 (ru) Способ и устройство запроса возобновления соединения
WO2023072271A1 (fr) Procédé et appareil de gestion d'un contexte de sécurité
CN116634426A (zh) 一种通信的方法及装置
KR20230076258A (ko) 통신 시스템에서 보안 설정 방법 및 장치
CN116233848A (zh) 一种数据传输保护方法、设备及系统
CN116530119A (zh) 保护无线网络中序列号的方法、设备和系统
CN113810903A (zh) 一种通信方法及装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18879002

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 20207017141

Country of ref document: KR

Kind code of ref document: A

ENP Entry into the national phase

Ref document number: 2018879002

Country of ref document: EP

Effective date: 20200616

ENP Entry into the national phase

Ref document number: 2018366755

Country of ref document: AU

Date of ref document: 20181116

Kind code of ref document: A

REG Reference to national code

Ref country code: BR

Ref legal event code: B01A

Ref document number: 112020009673

Country of ref document: BR

ENP Entry into the national phase

Ref document number: 112020009673

Country of ref document: BR

Kind code of ref document: A2

Effective date: 20200514