WO2020238596A1 - Handover method, apparatus and communications system - Google Patents

Handover method, apparatus and communications system Download PDF

Info

Publication number
WO2020238596A1
WO2020238596A1 PCT/CN2020/089622 CN2020089622W WO2020238596A1 WO 2020238596 A1 WO2020238596 A1 WO 2020238596A1 CN 2020089622 W CN2020089622 W CN 2020089622W WO 2020238596 A1 WO2020238596 A1 WO 2020238596A1
Authority
WO
WIPO (PCT)
Prior art keywords
security
protection
indication information
user equipment
security protection
Prior art date
Application number
PCT/CN2020/089622
Other languages
French (fr)
Chinese (zh)
Inventor
李飞
张博
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2020238596A1 publication Critical patent/WO2020238596A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0027Control or signalling for completing the hand-off for data sessions of end-to-end connection for a plurality of data sessions of end-to-end connections, e.g. multi-call or multi-bearer end-to-end data connections
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0055Transmission or use of information for re-establishing the radio link
    • H04W36/0058Transmission of hand-off measurement information, e.g. measurement reports
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0055Transmission or use of information for re-establishing the radio link
    • H04W36/0069Transmission or use of information for re-establishing the radio link in case of dual connectivity, e.g. decoupled uplink/downlink
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/15Setup of multiple wireless link connections

Definitions

  • This application relates to the field of communications, and more specifically, to a method, device and communication system for handover.
  • the user equipment in the communication system can perform data transmission with two network equipment at the same time, which is called dual-connectivity (DC).
  • DC dual-connectivity
  • one of the two network devices is responsible for sending radio resource control (Radio Resource Control, RRC) messages to the user equipment and for interacting with the core network.
  • RRC Radio Resource Control
  • This network device is called the main node (MN)
  • MN main node
  • SN secondary node
  • This application provides a handover method, device, and communication system.
  • the first primary base station MN carries the security capability information of the secondary base station SN in a handover request message to notify the second primary base station MN, so that the second primary base station MN
  • the primary base station MN can learn the security capability of the SN during the MN handover process, and determine the security policy according to the security capability of the SN to reduce the signaling overhead between the second MN and the UE.
  • a handover method is provided.
  • User equipment is connected to a first primary base station MN and a secondary base station SN respectively.
  • the user equipment is handed over from the first MN to the second MN.
  • the user equipment is connected to the second MN.
  • the method includes: the first MN sends a handover request message to the second MN, the handover request message carries first indication information, and the first indication information is used for Indicate the security capability of the SN; the second MN determines a security policy according to the security capability of the SN.
  • the first MN carries the first indication information indicating the security capability of the assisting base station SN in the handover request message in the MN handover process, and notifies the second MN so that the second MN can In the MN handover procedure, the security capability of the SN is learned based on the first indication information, and the security policy is determined based on the security capability of the SN.
  • the second MN determines a security policy according to the security capability of the SN, including: when the SN does not support security protection, the second MN determines The security policy is not to activate security protection between the second MN and the user equipment.
  • the second MN determines that the security policy according to the security capability of the SN may be that the second MN determines that the security policy is not to activate the second MN when it learns that the SN does not support security protection based on the security capability of the SN Security with user equipment.
  • the method further includes: the second MN sends second indication information to the SN, where the second indication information is used to indicate that the SN does not Activate the security protection between the SN and the user equipment.
  • the security policy may be notified to the SN through the second indication information.
  • the second MN determines a security policy according to the security capability of the SN, including: the second MN determines the security policy according to the second MN and the SN The security capability determines the security strategy.
  • the second MN determines the security policy according to the security capability of the SN, which may be that the second MN determines the security policy based on the security capability of the SN and the security capability of the second MN.
  • the second MN determines a security policy according to the security capabilities of the second MN and the SN, including: when the SN supports security protection but When the second MN does not support security protection, the second MN determines that the security policy is not to activate security protection between the second MN and the user equipment.
  • the second MN determines the security policy according to the security capabilities of the second MN and the SN, specifically when the SN supports security protection but the second MN does not support security protection , The security protection between the second MN and the user equipment is not activated.
  • the method further includes: the second MN sends third indication information to the SN, and the third indication information is used to indicate that the SN does not Activate the security protection between the SN and the user equipment.
  • the third indication information may indicate the security policy between the SN and the UE.
  • the second MN determines a security policy according to the security capabilities of the second MN and the SN, including: when the SN supports security protection and the When the second MN supports security protection, the second MN determines that the security policy is to activate security protection between the second MN and the user equipment.
  • the second MN determines the security policy according to the security capabilities of the second MN and the SN. Specifically, when the SN supports security protection and the second MN supports security protection, activate the Security protection between the second MN and the user equipment.
  • the method further includes: the second MN sends fourth indication information to the SN, where the fourth indication information is used to indicate that the SN is activated Security protection between the SN and the user equipment.
  • the security policy between the SN and the UE may be indicated through the fourth indication information.
  • the security protection is encryption protection and/or integrity protection.
  • the security protection is encryption protection and/or integrity protection.
  • the aforementioned security protection is encryption protection and/or integrity protection; the aforementioned security capability is whether to support encryption protection and/or integrity protection.
  • a handover method is provided.
  • User equipment is connected to a first primary base station MN and a secondary base station SN.
  • the user equipment is handed over from the first MN to the second MN, the user equipment is connected to the second MN.
  • the method includes: the first primary base station MN determines to perform MN handover; the first MN sends a handover request message to the second MN, and the handover request message carries a first indication Information, the first indication information is used to indicate the security capability of the SN, where the security capability of the SN includes whether the SN supports security protection, and/or the SN is for the packet data unit of the UE Whether to enable security protection for the PDU session, the security protection includes encryption protection and/or integrity protection.
  • the first primary base station MN carries the first indication information indicating the security capability of the secondary base station SN in the handover request message in the MN handover process, and notifies the second primary base station MN, so that The second primary base station MN can learn the security capability of the SN based on the first indication information during the MN handover procedure.
  • the first indication information is carried in the UE context parameter at the auxiliary access network node carried in the handover request message.
  • the above-mentioned first indication information may be a new information element of the UE context parameter at the auxiliary access network node carried in the handover request message.
  • first indication information may also be a new information element carried in other parameters in the handover request message, or the first indication information may be a newly added parameter in the handover request message, which is described in this embodiment of the application. Not limited.
  • a handover method is provided.
  • User equipment is connected to a first primary base station MN and a secondary base station SN respectively.
  • the user equipment is handed over from the first MN to the second MN.
  • the user equipment is connected to the second MN.
  • the method includes: the second primary base station MN receives a handover request message from the first MN, the handover request message carries first indication information, and the first indication information is used to indicate The security capability of the assisting base station SN; the second MN determines a security policy according to the security capability of the SN.
  • the second primary base station MN can learn the security capability of the SN based on the first indication information received from the first MN during the MN handover process, and determine the security policy according to the security capability of the SN .
  • the second MN determines a security policy according to the security capability of the SN, including: when the SN does not support security protection, the second MN determines The security policy is not to activate security protection between the second MN and the user equipment.
  • the second MN determines that the security policy according to the security capability of the SN may be that the second MN determines that the security policy is not to activate the second MN when it learns that the SN does not support security protection based on the security capability of the SN Security with user equipment.
  • the method further includes: the second MN sends second indication information to the SN, where the second indication information is used to indicate that the SN does not Activate the security protection between the SN and the user equipment.
  • the security policy may be notified to the SN through the second indication information.
  • the second MN determines a security policy according to the security capability of the SN, including: the second MN determines the security policy according to the second MN and the SN The security capability determines the security strategy.
  • the second MN determines the security policy according to the security capability of the SN, which may be that the second MN determines the security policy based on the security capability of the SN and the security capability of the second MN.
  • the second MN determines a security policy according to the security capabilities of the second MN and the SN, including: when the SN supports security protection but the When the second MN does not support security protection, the second MN determines that the security policy is not to activate security protection between the second MN and the user equipment.
  • the second MN determines the security policy according to the security capabilities of the second MN and the SN. Specifically, when the SN supports security protection but the second MN does not support security protection, it is not activated. Security protection between the second MN and the user equipment.
  • the method further includes: the second MN sends third indication information to the SN, and the third indication information is used to indicate that the SN does not Activate the security protection between the SN and the user equipment.
  • the third indication information may indicate the security policy between the SN and the UE.
  • the second MN determines a security policy according to the security capabilities of the second MN and the SN, including: when the SN supports security protection and the When the second MN supports security protection, the second MN determines that the security policy is to activate security protection between the second MN and the user equipment.
  • the second MN determines the security policy according to the security capabilities of the second MN and the SN. Specifically, when the SN supports security protection and the second MN supports security protection, activate the Security protection between the second MN and the user equipment.
  • the method further includes: the second MN sends fourth indication information to the SN, where the fourth indication information is used to indicate that the SN is activated Security protection between the SN and the user equipment.
  • the security policy between the SN and the UE may be indicated through the fourth indication information.
  • the security protection is encryption protection and/or integrity protection.
  • the security protection is encryption protection and/or integrity protection.
  • a communication system which can be used to perform the operations of the first MN and the second MN in the first aspect and any possible implementation of the first aspect.
  • the communication system includes means for performing the steps or functions described in the first aspect and any possible implementation of the first aspect.
  • the means may be the first MN and the second MN in the first aspect.
  • the steps or functions can be realized by software, or by hardware, or by a combination of hardware and software.
  • the first MN and the second MN included in the communication system may perform the following operations: the first MN is configured to send a handover request message to the second MN, and the handover request message carries the first indication information, so The first indication information is used to indicate the security capability of the SN; the second MN is used to determine a security policy according to the security capability of the SN.
  • the second MN determines the security policy according to the security capability of the SN, including: when the SN does not support security protection, the second MN determines that the security policy is to not activate the second MN and the user Security protection between devices.
  • the second MN is further configured to send second indication information to the SN, where the second indication information is used to indicate that the SN does not activate the security protection between the SN and the user equipment.
  • the second MN determining the security policy according to the security capabilities of the SN includes: the second MN determining the security policy according to the security capabilities of the second MN and the SN.
  • the second MN determines the security policy according to the security capabilities of the second MN and the SN, including: when the SN supports security protection but the MN does not support integrity protection, the second MN determines The security policy is not to activate security protection between the second MN and the user equipment.
  • the second MN is further configured to send third indication information to the SN, where the third indication information is used to indicate that the SN does not activate the security protection between the SN and the user equipment.
  • the second MN determines the security policy according to the security capabilities of the second MN and the SN, including: when the SN supports security protection and the MN supports integrity protection, the second MN determines The security policy is to activate security protection between the second MN and the user equipment.
  • the second MN sends fourth indication information to the SN, where the fourth indication information is used to instruct the SN to activate security protection between the SN and the user equipment.
  • the security protection is encryption protection and/or integrity protection.
  • a handover device which can be used to perform the operation of the first primary base station MN in the second aspect and any possible implementation manner of the second aspect.
  • the device for handover includes the steps or functions corresponding to the steps or functions described in the second aspect and any possible implementation of the second aspect.
  • the means may be the first primary base station MN in the second aspect. Or a chip or functional module inside the first main base station MN.
  • the steps or functions can be realized by software, or by hardware, or by a combination of hardware and software.
  • a handover device which can be used to perform the operation of the second primary base station MN in the third aspect and any possible implementation manner of the third aspect.
  • the handover device may include the steps or functions described in any possible implementation of the second aspect and the third aspect.
  • the corresponding means may be the second primary base station of the third aspect.
  • the steps or functions can be realized by software, or by hardware, or by a combination of hardware and software.
  • a communication device including a processor, a transceiver, and a memory, where the memory is used to store a computer program, and the transceiver is used to execute any one of the possible implementation manners of the second and third aspects
  • the processor is used to call and run the computer program from the memory, so that the communication device executes the switching method in any one of the possible implementation manners of the second and third aspects.
  • processors there are one or more processors and one or more memories.
  • the memory may be integrated with the processor, or the memory and the processor may be provided separately.
  • the transceiver includes a transmitter (transmitter) and a receiver (receiver).
  • a communication device including a transceiver, a processor, and a memory.
  • the processor is used to control the transceiver to send and receive signals
  • the memory is used to store a computer program
  • the processor is used to call and run the computer program from the memory, so that the communication device executes the second aspect and any possible implementation of the second aspect Method in.
  • a communication device including a transceiver, a processor, and a memory.
  • the processor is used to control the transceiver to send and receive signals
  • the memory is used to store a computer program
  • the processor is used to call and run the computer program from the memory, so that the communication device executes the third aspect and any possible implementation manners of the third aspect Method in.
  • a system in an eighth aspect, includes the switching devices provided in the fifth aspect and the sixth aspect.
  • a computer program product includes: a computer program (also called code, or instruction), which when the computer program is executed, causes the computer to execute any one of the second and third aspects.
  • a computer program also called code, or instruction
  • a computer-readable medium stores a computer program (also called code, or instruction) when it runs on a computer, so that the computer executes the above-mentioned second and third aspects. Any one of the possible implementation methods.
  • a chip system including a memory and a processor, the memory is used to store a computer program, the processor is used to call and run the computer program from the memory, so that the communication device installed with the chip system executes The method in any one of the above-mentioned second and third aspects.
  • FIG. 1 is a schematic diagram of a communication system 100 to which the handover method provided in an embodiment of the present application is applicable.
  • Figure 2 is a schematic flow chart for establishing a dual connection.
  • Figure 3 is a schematic diagram of MN handover.
  • Fig. 4 is a schematic diagram of a handover method provided by an embodiment of the present application.
  • Fig. 5 is a schematic diagram of another handover method provided by an embodiment of the present application.
  • FIG. 6 is a schematic diagram of the switching device 10 proposed by the present application.
  • FIG. 7 is a schematic structural diagram of a user equipment 20 applicable to an embodiment of the present application.
  • FIG. 8 is a schematic diagram of the switching device 30 proposed in the present application.
  • FIG. 9 is a schematic structural diagram of a first MN 40 applicable to an embodiment of the present application.
  • FIG. 10 is a schematic diagram of the switching device 50 proposed in this application.
  • FIG. 11 is a schematic structural diagram of a second MN 60 applicable to an embodiment of the present application.
  • LTE long term evolution
  • FDD frequency division duplex
  • UMTS Universal Mobile Telecommunication System
  • WiMAX Worldwide Interoperability for Microwave Access
  • 5G Future 5th Generation
  • New Wireless new radio
  • the user equipment (user equipment) in the embodiments of the present application may refer to an access terminal, a user unit, a user station, a mobile station, a mobile station, a relay station, a remote station, a remote terminal, a mobile device, a user terminal, and a terminal device.
  • terminal equipment terminal
  • terminal wireless communication equipment, user agent or user device.
  • the user equipment can also be a cellular phone, a cordless phone, a session initiation protocol (SIP) phone, a wireless local loop (WLL) station, a personal digital assistant (PDA), with wireless communication Functional handheld devices, computing devices or other processing devices connected to wireless modems, in-vehicle devices, wearable devices, user equipment in the future 5G network or future evolution of the public land mobile network (PLMN) User equipment, etc., which are not limited in this embodiment of the present application.
  • SIP session initiation protocol
  • WLL wireless local loop
  • PDA personal digital assistant
  • the network device in the embodiment of the present application may be any device with wireless transceiving function used to communicate with user equipment.
  • This equipment includes but is not limited to: evolved Node B (eNB), radio network controller (RNC), Node B (NB), base station controller (BSC) , Base transceiver station (base transceiver station, BTS), home base station (home evolved NodeB, HeNB, or home Node B, HNB), baseband unit (BBU), wireless fidelity (wireless fidelity, WIFI) system Access point (AP), wireless relay node, wireless backhaul node, transmission point (TP) or transmission and reception point (TRP), etc., can also be 5G, such as NR ,
  • the gNB may include a centralized unit (CU) and a DU.
  • the gNB may also include an active antenna unit (AAU).
  • CU implements part of the functions of gNB
  • DU implements part of the functions of gNB.
  • the CU is responsible for processing non-real-time protocols and services, and implements radio resource control (radio resource control, RRC), packet data convergence protocol (packet data convergence protocol, PDCP) layer functions.
  • RRC radio resource control
  • PDCP packet data convergence protocol
  • the DU is responsible for processing physical layer protocols and real-time services, and realizes the functions of the radio link control (RLC) layer, media access control (MAC) layer, and physical (PHY) layer.
  • RLC radio link control
  • MAC media access control
  • PHY physical
  • the network device may be a device that includes one or more of a CU node, a DU node, and an AAU node.
  • the CU can be divided into network equipment in an access network (radio access network, RAN), or the CU can be divided into network equipment in a core network (core network, CN), which is not limited in this application.
  • the user equipment or network device includes a hardware layer, an operating system layer running on the hardware layer, and an application layer running on the operating system layer.
  • the hardware layer includes hardware such as a central processing unit (CPU), a memory management unit (MMU), and memory (also referred to as main memory).
  • the operating system may be any one or more computer operating systems that implement business processing through processes, for example, Linux operating system, Unix operating system, Android operating system, iOS operating system, or windows operating system.
  • the application layer includes applications such as browsers, address books, word processing software, and instant messaging software.
  • the embodiments of the application do not specifically limit the specific structure of the execution subject of the methods provided in the embodiments of the application, as long as the program that records the codes of the methods provided in the embodiments of the application can be provided according to the embodiments of the application.
  • the execution subject of the method provided in the embodiments of the present application may be user equipment or network equipment, or a functional module in the user equipment or network equipment that can call and execute programs.
  • various aspects or features of the present application can be implemented as methods, devices, or products using standard programming and/or engineering techniques.
  • article of manufacture as used in this application encompasses a computer program accessible from any computer-readable device, carrier, or medium.
  • computer-readable media may include, but are not limited to: magnetic storage devices (for example, hard disks, floppy disks, or tapes, etc.), optical disks (for example, compact discs (CD), digital versatile discs (DVD)) Etc.), smart cards and flash memory devices (for example, erasable programmable read-only memory (EPROM), cards, sticks or key drives, etc.).
  • various storage media described herein may represent one or more devices and/or other machine-readable media for storing information.
  • the term "machine-readable storage medium” may include, but is not limited to, wireless channels and various other media capable of storing, containing, and/or carrying instructions and/or data.
  • FIG. 1 is a schematic diagram of a communication system 100 to which the handover method provided in an embodiment of the present application is applicable.
  • the schematic diagram includes a main base station #1 (base station 10 shown in FIG. 1), a main base station #2 (shown in FIG. Base station 11), auxiliary base station (base station 20 shown in FIG. 1), and user equipment 30.
  • the handover method provided in the present application mainly relates to the case where the user equipment supports dual connectivity.
  • FIG. 1 a schematic diagram of a network architecture in which a primary base station and an auxiliary base station simultaneously provide communication services for the user equipment.
  • the primary base station can configure at least one serving cell including primary cell (primarily cell, PCell).
  • primary cell primarily cell, PCell
  • MCG master cell group
  • the primary cell can be used Provide non-access layer information and security parameters at the main base station.
  • the primary cell group may include one primary cell or at least one secondary cell; the secondary base station may be configured with at least one serving cell including a primary secondary cell (PSCell), and the secondary primary cell can be used as a secondary cell.
  • the base station provides physical layer uplink control channels, or random access, etc.
  • SCG secondary cell groups
  • the secondary cell group may include one primary and secondary cell, or may further include at least one secondary cell. .
  • the scenario involved is the occurrence of handover of a primary base station that provides services to user equipment.
  • the primary base station that provides services to the user equipment is hereinafter referred to as the source primary base station (base station 10 shown in Figure 1); after the handover, the primary base station that provides services to the user equipment is hereinafter referred to as the target primary base station (as shown in Figure 1).
  • the auxiliary base station that provides services to the user equipment is hereinafter referred to as the source auxiliary base station; after the handover, the auxiliary base station that provides services to the user equipment is hereinafter referred to as the target auxiliary base station.
  • the embodiment of the present application only involves the handover of the primary base station, that is, the secondary base stations before and after the primary base station is switched are the same base station.
  • Dual connectivity is an important technology introduced in 3GPP Release 12.
  • macro base stations and micro base stations in LTE can use the existing non-ideal backhaul X2 interface to implement carrier aggregation, thereby providing higher rates for user equipment, and using macro networking Or micro-networking improves spectrum efficiency and load balance.
  • User equipment that supports dual connections can connect two network devices at the same time, increasing the throughput of a single user device.
  • Figure 2 is a schematic flow chart of establishing a dual connection.
  • the flowchart includes MN, SN, and UE.
  • Establishing a dual connection includes the following steps:
  • S220 The MN sends an SN addition request message to the SN.
  • the SN addition request message may be called (SN addition/modification request).
  • the SN addition request message carries the security capability information of the UE, for example, the encryption protection algorithm supported by the UE and the integrity protection algorithm supported by the UE. Further, the SN addition request message will also carry the user plane security policy of the UE.
  • the security policies involved in this application include security policies for encryption protection and integrity protection.
  • the security policies for encryption protection include the following types:
  • Encryption protection must be turned on. If the base station does not support it, session establishment will be rejected;
  • Encryption protection is turned on first. If it cannot be turned on, the base station returns a notification that the encryption protection is not turned on to the session management function (SMF) network element, without the need to refuse session establishment.
  • SMS session management function
  • security policies for integrity protection include the following types:
  • the integrity protection is turned on first. If it cannot be turned on, the base station only needs to return a notification that the integrity protection is not turned on to the SMF network element, without the need to refuse session establishment.
  • integrity protection algorithm and the encryption protection algorithm are not limited in this application, and they may be existing algorithms or algorithms proposed after the development of communication technology.
  • the MN reports the UE’s connectivity capabilities, such as whether the UE supports dual connectivity, whether there are cells that support dual connectivity in the neighbor cell list, and the link between the MN and these dual connectivity-enabled cells.
  • Road status determines whether to add SN for the UE. If the UE supports dual connectivity, and the neighbor cell list that supports dual connectivity is configured in the neighbor cell list, and the link status of the MN and these dual connectivity-supporting cells is connected, the dual connectivity establishment process is triggered to add an SN for the UE.
  • S230 The SN judges whether integrity protection and/or encryption protection is enabled.
  • SN selects an encryption protection algorithm and an integrity protection algorithm according to the security algorithm supported by itself and the security algorithm supported by the UE. At the same time, SN decides whether to enable integrity protection and/ Or whether to enable encryption protection.
  • S240 The SN sends an SN addition request response message to the MN.
  • the SN addition request message may be called (SN addition/modification request acknowledge).
  • the SN addition request message carries the encryption protection algorithm, the integrity protection algorithm, the user plane security integrity protection result and the encryption protection result selected by the SN and is sent to the MN.
  • the MN sends an RRC reconfiguration message to the UE.
  • the RRC connection reconfiguration message carries information such as the encryption protection algorithm, integrity protection algorithm, counter selected by the SN, whether encryption protection and/or integrity protection is enabled by the SN, and the result of encryption protection and/or integrity protection performed by the SN. .
  • the SN transmits its own key information to the UE through S240 and S250. It should be understood that when the MN establishes a connection with the UE, it also needs to transmit its own key information to the UE.
  • the MN passes its own key information to the UE, and the SN passes its own key information to the UE through S240 and S250, which is to configure some parameters of the transmission link between the UE and the MN and between the UE and the SN.
  • S240 and S250 which is to configure some parameters of the transmission link between the UE and the MN and between the UE and the SN.
  • S260 The UE sends an RRC reconfiguration complete message to the MN.
  • the UE After the UE configures the parameters according to the key information issued by the MN, it feeds back to the MN through the RRC reconfiguration complete message.
  • S270 The MN sends an SN reconfiguration complete message to the SN.
  • the MN will receive the message that the UE has configured the parameters from the UE and inform the SN through the SN reconfiguration complete message.
  • the UE and SN can perform encryption protection or integrity protection according to the previously configured parameters. If the incomplete protection is decided before, the integrity protection will not be activated.
  • the random access procedure between the SN and the UE means that the UE and the SN start to communicate.
  • the primary base station in the dual connectivity scenario is referred to as MN, which is just an example, and does not constitute any limitation to the protection scope of this application.
  • the primary base station can also be referred to as (main evolutional NodeB, MeNB) or (main gNode B, MgNB), etc.; for the same reason, in this application, the secondary base station in the dual connectivity scenario is called SN, which is just an example, and does not constitute any limitation to the protection scope of this application.
  • secondary base station can also be called (secondary evolutional NodeB, SeNB) or (secondary gNodeB, SgNB), etc.
  • FIG. 2 is a description of the dual connection establishment process, and does not constitute any limitation to the protection scope of the present application.
  • the specific establishment process can refer to the provisions of the existing agreement, which will not be repeated.
  • Figure 3 is a schematic diagram of MN handover. Including source MN, target MN, and UE.
  • MN handover includes the following steps:
  • S310 The source MN initiates measurement control to the UE.
  • S320 The UE sends a measurement report to the source MN.
  • S330 The source MN decides to perform handover.
  • the source MN performs MN handover according to the measurement report returned by the UE.
  • the reason why the source MN decides to perform the MN handover in the embodiment of the present application is not limited, and may be any corresponding possible reason when the MN handover occurs in the existing protocol. For example, based on the measurement report sent by the UE, the source MN determines that the current quality of the service provided to the UE is poor, and selects a suitable target MN from the neighbor cell list to provide the UE with the service.
  • S340 The source MN sends a handover request message to the target MN.
  • the source MN After the source MN decides that it needs to perform MN handover, it selects a suitable target MN that provides services for the UE, and sends a handover request message to the target MN.
  • the handover request message carries the indication information indicating the SN and the indication information indicating the UE.
  • UE Context Reference at the S-NG-RAN node this parameter contains two IDs, one is Global NG-RAN Node ID indicates S-RAN node ID; one is S-NG-RAN node UE XnAP ID indicates UE.
  • the target MN After the target MN receives the handover request message sent by the source MN, it judges whether handover is possible and prepares air interface resources.
  • S360 The target MN sends a handover request response message to the source MN.
  • the source MN After the target MN is determined to provide services for the UE, the source MN sends a handover request acknowledgement message.
  • the handover request acknowledgement carries a parameter: UE context keep indicator (UE context keep indicator), which is used to indicate the handover but
  • UE context keep indicator UE context keep indicator
  • the SN needs to maintain the context of the UE. In other words, when the MN is handed over, the SN can remain unchanged and continue to be the SN of the MN after the handover.
  • the source MN sends the downlink connection configuration to the UE.
  • the source MN receives the configuration parameters from the target MN, and forwards the configuration parameters to the UE so that the UE can perform corresponding configuration.
  • S380 Establish an RRC connection between the UE and the target MN.
  • the UE After the UE completes the configuration, it can establish an RRC connection with the target MN.
  • FIG. 3 is only to facilitate the understanding of the MN handover involved in the embodiments of the present application, and a simple description is provided. The detailed MN handover process will not be repeated, and the MN handover specified in the existing protocol can be referred to.
  • the data protection methods between the UE and the MN, and between the UE and the SN are required to be consistent.
  • Data protection Methods include integrity protection methods and/or encryption protection methods.
  • the MN needs to perform the process of establishing a dual link with the SN as shown in Figure 2.
  • the SN directly or indirectly informs the target MN of its security capabilities. In order to identify whether the SN supports the relevant security protection mode, it may cause the target MN to re-establish the RRC connection with the target MN and the UE after learning the security protection mode of the SN, resulting in additional signaling interaction.
  • the data protection method between the UE and the target MN is encryption protection
  • the target MN learns the information of the SN If the security capability does not support encryption protection, the RRC connection needs to be re-established between the target MN and the UE, and the data protection mode between the UE and the target MN is negotiated to be non-encrypted protection to ensure that the data protection mode on the dual connection is consistent;
  • the data protection mode between the UE and the target MN is integrity protection; after S220-S240 shown in FIG. 2, the target MN learns If the security capability of the SN does not support integrity protection, the aforementioned S220-S240 are invalid signaling. If the target MN knows the security capability of the SN in advance, the aforementioned S220-S240 will not be initiated, saving signaling overhead.
  • the target MN may need to offload a part of packet data unit (PDU) sessions to the SN. If the SN cannot accept The offload request of the target MN results in offload failure, making the offload related signaling invalid signaling. If the target MN knows the security capability of the SN in advance, the above offload will not be initiated, saving signaling overhead.
  • PDU packet data unit
  • the source MN supports integrity protection, but the SN does not support integrity protection.
  • the source MN receives 6 PDU session requests, of which 3 PDU sessions (PDU1, PDU2, and PDU3) require integrity protection, and the other 3 PDU sessions (PDU4, PDU5, and PDU6) do not require integrity protection.
  • the source MN carries PDU1, PDU2, and PDU3 to itself, and offloads PDU4, PDU5, and PDU6 to SN.
  • the target MN may try to offload PDU1, PDU2, and PDU3 to the SN because it does not support integrity protection. However, if the SN does not support integrity protection, it will reject the offloading request, resulting in additional signaling overhead. If the target MN knows in advance that the SN does not support integrity protection, it can directly reject the session that requires integrity protection as early as the session is established, and there will be no subsequent signaling overhead.
  • the process of performing MN handover is the process shown in FIG. 3, after the handover, the process of establishing a dual connection between the target MN and the SN may cause the above-mentioned defect of additional signaling overhead.
  • the embodiment of the application provides a handover method.
  • the source MN forwards the security capabilities of the SN to the target MN during the MN handover process, so that the target MN can learn the security capabilities of the SN in advance, and further the target MN can be based on the security of the SN Ability to perform session processing and security policy decisions, to achieve the goal of saving signaling overhead in the process of establishing dual connections between the target MN and SN.
  • the method flow shown in Figure 4 is mainly to learn the security capabilities of the SN from the target MN, and how to reduce the signaling overhead between the target MN and the UE from the perspective of determining the security policy based on the security capabilities of the SN;
  • the method flow shown is mainly to learn the security capability of the SN from the target MN, and how to reduce the signaling overhead between the target MN and the SN from the perspective of determining the rejection of session establishment based on the security capability of the SN.
  • Fig. 4 is a schematic diagram of a handover method provided by an embodiment of the present application. It includes a first MN, a second MN, an SN, and a UE. Before the handover occurs, the UE is connected to the first MN and the SN respectively; the first MN may also be referred to as the source MN; The UE is connected to the second MN and the SN respectively, and the second MN may also be referred to as a target MN. In addition, optionally, in the process of UE handover from the first MN to the second MN, the UE always maintains a connection with the SN.
  • the switching method includes the following steps:
  • S410 The first MN sends a handover request message to the second MN.
  • the handover request message carries first indication information, and the first indication information is used to indicate the security capability of the SN.
  • the security capabilities of the SN include whether the SN supports security protection.
  • the security protection involved in this application includes at least one of encryption protection and integrity protection, that is, the security capability of SN can be that SN supports integrity protection, SN supports encryption protection, and SN supports encryption protection and integrity protection; Further, it can also specifically indicate whether the SN supports encryption protection for these PDU sessions for the PDU sessions performed by the UE, or whether the SN supports integrity protection for these PDU sessions, or whether the SN supports for these PDU sessions Turn on encryption protection and integrity protection.
  • the first indication information needs to indicate whether the security capability of the SN is whether the SN supports security protection
  • the first indication information may be a two-bit bitmap, and the first bit is used for Indicates whether the SN supports encryption protection (bit value 0 means not supported, bit value 1 means support), the first bit is used to indicate whether SN supports integrity protection (bit value 0 means not supported, bit value 1 Indicates support), the first indication information of 10 indicates that the SN supports encryption protection, the first indication information of 01 indicates that the SN supports integrity protection, and the first indication information of 11 indicates that the SN supports encryption protection and integrity protection.
  • the first indication information needs to indicate whether the security capability of the SN is whether the SN supports security protection
  • the first indication information may indicate whether the SN supports encryption protection, or whether the SN supports integrity Protection, or whether SN supports encryption protection and integrity protection.
  • the specific form in which the first indication information indicates the security capability of the SN is not limited in this application, and it may be one of the above-mentioned examples, or other forms, which will not be described one by one here.
  • the first indication information may be called a security capability (security capability) parameter.
  • the first indication information can be used as the new UE context (UE context reference at the S-NG-RAN node) parameter at the secondary access network node carried in the handover request message in the existing protocol.
  • the increased cell is carried in the handover request message.
  • the first indication information may be used as a newly added parameter in the handover request message.
  • the embodiment of the present application does not limit how the first indication information sent by the first MN to the second MN is carried in the handover request message. It can be used as a new information element in the handover request message, or as the handover request message.
  • the new information element in an original parameter in the handover request message; or, the above-mentioned first indication information can be carried in other signaling sent by the first MN to the second MN in the handover process; or, when allowed Under certain signaling overhead, the above-mentioned first indication information can be carried in the newly added signaling between the first MN and the second MN in the handover procedure. For example, before the first MN sends a handover request message to the second MN, The newly added signaling is used to transmit the above-mentioned first indication information.
  • the handover method shown in FIG. 4 can ensure that the data security protection forms between the UE and the second MN, and between the UE and the SN are consistent, where the security protection can be integrity protection, encryption protection, or integrity protection and Encryption protection. That is to say, the handover method shown in Figure 4 can be applied in the URLLC scenario. It should be understood that this application is only restricted to the first MN when the MN handover occurs and the SN remains unchanged. The indication information is notified to the second MN without limiting the application scenarios of the method.
  • the applicable scenarios of the method shown in FIG. 4 are not limited to the URLLC scenario, and may be other communication scenarios, which are not listed here.
  • the handover method further includes the following steps:
  • S420 The second MN determines a security policy.
  • the second MN determines the security policy between the second MN and the UE according to the security capabilities of the SN.
  • the second MN determines the The security policy is not to activate the security protection between the second MN and the UE.
  • the second MN may only refer to the security capabilities of the SN when deciding whether to activate security protection between the second MN and the UE.
  • the security capabilities of the SN indicate that the SN does not support During security protection, the second MN decides not to activate security protection between the second MN and the UE.
  • the only reference to the security capabilities of the SN applies to the case where the SN does not support security protection.
  • the security capabilities of the second MN need to be referred to, for example:
  • the second MN determines a security policy according to the security capabilities of the second MN and the SN.
  • the The second MN determines that the security policy is not to activate security protection between the SN and the UE;
  • the second MN determines a security policy according to the security capabilities of the second MN and the SN, and when the SN supports security protection and the second MN supports security protection, The second MN determines that the security policy is to activate security protection between the SN and the UE.
  • the second MN determines the security policy between the second MN and the UE based on the received first indication information and the security capability of the second MN.
  • the second MN in the existing protocol determines the security policy with the UE based only on the second MN’s security capabilities. For example, if the second MN supports security protection, the second MN determines If security protection is enabled between the second MN and the UE, and the second MN does not support security protection, the second MN determines that the corresponding security protection is not enabled between the second MN and the UE, which may cause the second MN to support security protection, and When the SN does not support security protection, the security protection is enabled when the RRC connection is established between the second MN and the UE, but the SN does not support security protection, then the security protection cannot be enabled when the RRC connection is established between the SN and the UE, then the existing protocol In this case, the RRC connection needs to be re-established between the second MN and the UE without security protection, which increases the signaling overhead between the second MN and the UE.
  • the second MN when the second MN supports security protection, when the second MN determines whether the security protection between the second MN and the UE is turned on, it refers to the security capabilities of the SN, where, when the SN supports security protection , The corresponding security protection is enabled between the second MN and the UE. When the SN does not support the security protection, the corresponding security protection is not enabled between the second MN and the UE.
  • the security capability of the SN may not be referred to as specified in the existing protocol, and the corresponding security protection is not enabled between the second MN and the UE.
  • the second MN knows the security capability of the second MN and the security capability of the SN, and the security capability of at least one of the security capability of the second MN and the security capability of the SN does not support security protection, the second MN and The corresponding security protection is not opened between UEs.
  • the second MN After executing S420, the second MN needs to send a handover request response message to the first MN, and execute S421, which is similar to S360 shown in Figure 3, and will not be repeated here; the first MN needs to send the downlink connection configuration to the UE, and execute S422, It is similar to S370 shown in FIG. 3, and will not be repeated here.
  • the UE After the UE configures the parameters based on the downlink connection configuration, it can establish an RRC connection with the second MN, that is, perform S430, and establish an RRC connection between the UE and the second MN, where whether the established RRC connection is opened for security protection is the above S420 Determine the result of the second MN.
  • the second MN needs to establish a dual connection with the SN.
  • the difference from the procedure for establishing a dual connection shown in Figure 2 is that the second MN learns the security capabilities of the SN during the handover procedure.
  • the second MN can determine whether the SN opens the security protection based on the security capabilities of the SN and its own security capabilities, that is, the method flow described in FIG. 4 further includes S440, the second MN determines whether the SN opens the security protection.
  • the second MN determines whether the SN activates the security protection between the SN and the UE based on the security policy between the second MN and the UE; the method flow described in FIG. 4 also includes S450.
  • the second MN sends indication information to the SN to indicate the SN Whether to open the security protection.
  • the second MN determines that the security policy is not to activate the security protection between the second MN and the UE, and the second MN informs through the second indication information SN, do not activate the security protection between the SN and the UE, because when the SN does not support security protection, the second MN determines that the security policy is not to activate the security protection between the second MN and the UE
  • the data protection methods between the UE and the second MN, and between the UE and the SN need to be consistent. That is, S450 in the method flow shown in FIG. 4 is that the second MN sends the second indication information to the SN.
  • the second MN determines that the security policy is not to activate the security protection between the second MN and the UE .
  • the second MN informs the SN through the third indication information that the security protection between the SN and the UE is not activated, because when the SN supports security protection but the second MN does not support security protection, the first
  • the second MN determines that the security policy is not to activate the security protection between the second MN and the UE, the data protection mode between the UE and the second MN and between the UE and the SN needs to be consistent. That is, S450 in the method flow shown in FIG. 4 is that the second MN sends the third indication information to the SN.
  • the second MN determines that the security policy is to activate the security protection between the second MN and the UE.
  • the second MN informs the SN through the fourth indication information to activate the security protection between the SN and the UE, because when the SN supports security protection and the second MN supports security protection, the second MN determines
  • the security policy is to activate the security protection between the second MN and the UE
  • the data protection modes between the UE and the second MN and between the UE and the SN need to be consistent. That is, S450 in the method flow shown in FIG. 4 is that the second MN sends fourth indication information to the SN.
  • the second MN can determine whether the SN opens the security protection based on the security capabilities of the SN and its own security capabilities, without the need to establish a dual connection between the second MN and the SN shown in FIG. 2
  • the second MN determines that the SN does not enable security protection; when the security capabilities of the second MN are consistent with the security capabilities of the SN, when the security capabilities of the second MN Both the security capabilities and the SN security capabilities do not support security protection. The second MN determines that the SN does not enable the security protection. When the second MN’s security capabilities and the SN’s security capabilities both support the security protection, the second MN determines the SN to enable the security protection. .
  • the security capability of the second MN and the security capability of the SN are both in the case of not supporting security protection, it is similar to the existing second MN based on the second MN’s non-supporting security protection and determining that the SN does not open the security protection.
  • Both the security capability and the security capability of the SN support security protection, similar to the existing second MN based on the security protection of the second MN to determine that the SN opens the security protection, so the handover method provided in this application mainly implements the second In the case that the security capability of the MN is inconsistent with the security capability of the SN, the second MN may determine that the SN does not open the security protection.
  • the second MN After the second MN determines whether the SN opens the security protection, it may notify the SN through the aforementioned second indication information, third indication information, or fourth indication information.
  • the second indication information and the third indication information are used to indicate that no security protection is enabled between the SN and the UE.
  • the second indication information and the third indication information are displayed indication information, indicating that the SN does not open the security protection
  • the second indication information and the third indication information are policy indication information, and the SN used to indicate does not enable security protection, and the specific policy indication is not needed.
  • the fourth indication information is used to indicate that security protection is enabled between the SN and the UE.
  • the fourth indication information is displayed indication information, instructing the SN to enable security protection
  • the fourth indication information is policy indication information, which is used to instruct the SN to enable security protection, and the specific policy indication is required.
  • the second MN determines the security policy of the SN, it establishes a dual connection with the SN.
  • the specific establishment process is similar to that shown in Fig. 2. That is, the method process shown in Fig. 4 also includes S441.
  • the second MN sends the SN to the SN. Add request message, S442, SN judges whether integrity protection and encryption protection are turned on, S443, SN sends SN add request response message to MN, these three steps are similar to S220, S230, S240 shown in Figure 2 and will not be repeated here. .
  • the method flow shown in Figure 4 mainly introduces how to ensure that the data security protection forms between the UE and the second MN and between the UE and the SN are consistent.
  • the handover method provided in this application can also prevent the second MN from establishing a second Neither the MN nor the SN supports a PDU session that is secured but needs to be secured. The solution will be described in detail below with reference to Figure 5.
  • Fig. 5 is a schematic diagram of another handover method provided by an embodiment of the present application. It includes a first MN, a second MN, an SN, and a UE. Before the handover occurs, the UE is connected to the first MN and the SN respectively; the first MN may also be referred to as the source MN; The UE is connected to the second MN and the SN respectively, and the second MN may also be referred to as a target MN. In addition, optionally, in the process of UE handover from the first MN to the second MN, the UE always maintains a connection with the SN.
  • the switching method includes the following steps:
  • S510 The first MN sends a handover request message to the second MN.
  • the handover request message carries first indication information, and the first indication information is used to indicate the security capability of the SN.
  • the security capability of the SN includes whether the SN opens security protection for the PDU session of the UE.
  • the security protection involved in this application includes at least one of encryption protection and integrity protection, that is, the security capability of the SN can be whether the SN opens integrity protection for the UE's PDU session, and whether the SN opens the UE's PDU session Encryption protection and whether SN enables encryption protection and integrity protection for the PDU session of the UE.
  • first indication information in FIG. 5 is similar to that shown in FIG. 4, except that the first indication information shown in FIG. 4 is used to indicate whether the SN is to enable security protection.
  • the first indication information is used to indicate whether the SN opens security protection for the PDU session of the UE.
  • the first indication information needs to indicate that the security capability of the SN is whether the SN opens the security protection for the PDU session of the UE.
  • the first indication information may be used to indicate at least one PDU session and indicate that the SN is Whether the security protection is enabled for the at least one PDU. For example, if it is necessary to indicate that the SN does not enable integrity protection for the first PDU session of the UE, the first indication information may carry the identifier of the first PDU and an indication indicating that the SN does not enable integrity protection for the first PDU session of the UE.
  • the first indication information needs to indicate that the security capability of the SN is whether the SN opens the security protection for the PDU session of the UE.
  • the first indication information may be a bitmap, and every two bits are used for Indicate a PDU performed by the above-mentioned UE. For a PDU, whether the SN opens the security protection can be indicated by two bits corresponding to the PDU session.
  • the first indication information may be called a security capability (security capability) parameter.
  • the first indication information can be used as the new UE context (UE context reference at the S-NG-RAN node) parameter at the secondary access network node carried in the handover request message in the existing protocol.
  • the increased cell is carried in the handover request message.
  • the first indication information may be used as a newly added parameter in the handover request message.
  • the handover method shown in FIG. 5 can prevent the second MN from establishing a PDU session in which neither the second MN nor the SN supports security protection but requires security protection.
  • S520 The second MN determines whether to reject session establishment.
  • the second MN determines whether to reject the establishment of the PDU session based on its own security capability and the first indication information.
  • the first MN receives 6 PDU session requests, of which 3 PDU sessions (PDU1, PDU2, and PDU3) require integrity protection, and the other 3 PDU sessions (PDU4, PDU5, and PDU6) do not require integrity protection.
  • the first MN carries PDU1, PDU2, and PDU3 to itself, and offloads PDU4, PDU5, and PDU6 to SN.
  • the second MN determines that it does not support integrity protection, and determines that the SN does not enable integrity protection for PDU1, PDU2, and PDU3 according to the first indication information, then the second MN rejects the establishment of PDU1, PDU2, and PDU3, Therefore, the second MN will not attempt to offload the PDU1, PDU2, and PDU3 to the SN because it does not support integrity protection. However, the SN does not support integrity protection and will reject the offload request, resulting in additional signaling overhead.
  • the second MN After executing S520, the second MN needs to send a handover request response message to the first MN, and execute S521, which is similar to S360 shown in Figure 3, and will not be repeated here; the first MN needs to send the downlink connection configuration to the UE, and execute S522. It is similar to S370 shown in Figure 3 and will not be repeated here; after the UE configures the parameters based on the downlink connection configuration, an RRC connection is established between the UE and the second MN, and S523 is executed, which is similar to S380 shown in Figure 3. No longer.
  • the second MN needs to establish a dual connection with the SN.
  • the difference from the process of establishing a dual connection shown in Figure 2 is that the second MN learns the security capabilities of the SN during the handover process. Then the second MN may determine how to perform offloading based on the security capability of the SN, that is, execute S530, and the second MN determines the offloading strategy.
  • the second MN determines according to the first indication information that the SN does not enable security protection for the PDU session, and the PDU session requires security protection, the second MN will not offload these PDU sessions to the SN.
  • the second MN determines the offload strategy, it establishes a dual connection with the SN.
  • the specific establishment process is similar to that shown in FIG. 2, that is, the method process shown in FIG. 5 also includes S531.
  • the second MN sends an SN addition request to the SN Message, S532, SN judges whether to enable integrity protection and encryption protection, S533, SN sends SN add request response message to MN, these three steps are similar to S220, S230, S240 shown in Figure 2 and will not be repeated here.
  • the size of the sequence numbers of the foregoing processes does not mean the order of execution, and the execution order of the processes should be determined by their functions and internal logic, and should not correspond to the implementation process of the embodiments of this application. Constitute any limitation.
  • the handover method provided by the embodiment of the present application is described in detail above with reference to Figs. 4 and 5, and the handover device provided by the embodiment of the present application is described in detail below with reference to Figs. 6-11. It should be understood that the switching device and the switching method correspond to each other, and similar descriptions may refer to the method embodiments. It is worth noting that the switching device can be used in conjunction with the above switching method, or it can be used alone.
  • FIG. 6 is a schematic diagram of the switching device 10 proposed in the present application.
  • the device 10 includes a sending and receiving unit 110, a processing unit 120 and a receiving unit 130.
  • the sending unit 110 is configured to send a measurement report to the first MN;
  • the processing unit 120 is configured to establish an RRC connection with the second MN;
  • the receiving unit 130 is configured to receive the downlink connection configuration sent by the first MN.
  • the apparatus 10 completely corresponds to the user equipment in the method embodiment, and the apparatus 10 may be the user equipment in the method embodiment, or a chip or functional module inside the user equipment in the method embodiment.
  • the corresponding units of the apparatus 10 are used to execute the corresponding steps executed by the user equipment in the method embodiments shown in FIGS. 4 and 5.
  • the sending unit 110 in the apparatus 10 executes the steps sent by the user equipment in the method embodiment. For example, step S412 of sending a measurement report to the first MN in FIG. 4 and step S512 of sending a measurement report to the first MN in FIG. 5 are performed.
  • the processing unit 120 in the device 10 executes the steps implemented or processed inside the user equipment in the method embodiment. For example, step S423 of establishing an RRC connection with the second MN in FIG. 4 and step S523 of establishing an RRC connection with the second MN in FIG. 5 are executed.
  • the receiving unit 130 in the apparatus 10 executes the steps of receiving by the user equipment in the method embodiment. For example, step S422 of receiving the downlink connection configuration sent by the first MN in FIG. 4 and step S522 of receiving the downlink connection configuration sent by the first MN in FIG. 5 are executed.
  • the receiving unit 130 and the sending unit 110 may constitute a transceiving unit and have the functions of receiving and sending at the same time.
  • the processing unit 120 may be a processor.
  • the transmitting unit 110 may be a transmitter.
  • the receiving unit 130 may be a receiver. The receiver and transmitter can be integrated to form a transceiver.
  • FIG. 7 is a schematic structural diagram of a user equipment 20 applicable to an embodiment of the present application.
  • the user equipment 20 can be applied to the system shown in FIG. 1.
  • FIG. 7 only shows the main components of the user equipment.
  • the user equipment 20 includes a processor (corresponding to the processing unit 120 shown in FIG. 6), a memory, a control circuit, an antenna, and an input and output device (corresponding to the receiving unit 130 and transmitting unit 130 shown in FIG. 6).
  • Unit 110 the processing unit 120 shown in FIG. 6
  • the user equipment 20 includes a processor (corresponding to the processing unit 120 shown in FIG. 6), a memory, a control circuit, an antenna, and an input and output device (corresponding to the receiving unit 130 and transmitting unit 130 shown in FIG. 6).
  • Unit 110 the input and output device
  • the processor is used to control the antenna and the input and output device to send and receive signals
  • the memory is used to store a computer program
  • the processor is used to call and run the computer program from the memory to execute the corresponding procedures and procedures executed by the user equipment in the switching method proposed in this application. /Or operation. I won't repeat them here.
  • FIG. 7 only shows a memory and a processor. In actual user equipment, there may be multiple processors and memories.
  • the memory may also be referred to as a storage medium or a storage device, etc., which is not limited in the embodiment of the present application.
  • Input and output devices used to exchange information with other equipment
  • the processor is configured to execute internal implementation or processing of the user equipment in the method embodiment.
  • FIG. 8 is a schematic diagram of the switching device 30 proposed in this application.
  • the device 30 includes a sending unit 310, a receiving unit 320, and a processing unit 330.
  • the sending unit 310 is configured to send a handover request message to the second MN, where the handover request message carries first indication information, and the first indication information is used to indicate the security capability of the SN.
  • the capability includes whether the SN supports security protection, and/or whether the SN enables the security protection for a packet data unit PDU session of the UE, and the security protection includes encryption protection and/or integrity protection.
  • the receiving unit 320 is configured to receive information sent by other devices.
  • the processing unit 330 is configured to determine to perform an MN handover, where the MN handover includes the user equipment UE establishing a dual connection with the first MN and the auxiliary base station SN, and switching is for the UE to establish a dual connection with the second MN and the SN.
  • the device 30 completely corresponds to the first MN in the method embodiment, and the device 30 may be the first MN in the method embodiment, or a chip or functional module inside the first MN in the method embodiment.
  • the corresponding unit of the device 30 is used to execute the corresponding steps performed by the first MN in the method embodiments shown in FIGS. 4 and 5.
  • the sending unit 310 in the device 30 executes the steps of sending by the first MN in the method embodiment. For example, perform step S411 of sending measurement control to the UE in FIG. 4, perform step S410 of sending a handover request message to the second MN in FIG. 4, perform step S422 of sending a downlink connection configuration to the UE in FIG.
  • the step S511 of the UE sending measurement control, the step S510 of sending a handover request message to the second MN in FIG. 5, and the step S522 of sending a downlink connection configuration to the UE in FIG. 5 are executed.
  • the receiving unit 320 in the device 30 executes the steps of the first MN receiving in the method embodiment. For example, perform step S412 of receiving a measurement report sent by the UE in FIG. 4, perform step S421 of receiving a handover request response message sent by the second MN in FIG. 4, perform step S512 of receiving a measurement report sent by the UE in FIG. 5, and perform receiving in FIG. Step S521 where the second MN sends a handover request response message.
  • the processing unit 330 in the device 30 executes the steps implemented or processed inside the first MN in the method embodiment. For example, step S413 of deciding to switch in FIG. 4 is executed, and step S513 of deciding to switch in FIG. 5 is executed.
  • the receiving unit 320 and the sending unit 310 may constitute a transceiving unit and have the functions of receiving and sending at the same time.
  • the processing unit 330 may be a processor.
  • the transmitting unit 310 may be a transmitter.
  • the receiving unit 320 may be a receiver. The receiver and transmitter can be integrated to form a transceiver.
  • FIG. 9 is a schematic structural diagram of a first MN 40 applicable to an embodiment of the present application, and may be used to implement the function of the first MN in the above handover method. It can be a schematic diagram of the structure of a network device.
  • the first MN 40 may include CU, DU, and AAU.
  • the network equipment consists of one or more radio frequency units, such as a remote radio unit (RRU) 401 and one Or for multiple baseband units (BBU):
  • RRU remote radio unit
  • BBU baseband units
  • the non-real-time part of the original BBU will be divided and redefined as CU, which is responsible for processing non-real-time protocols and services.
  • Part of the physical layer processing functions of the BBU are merged with the original RRU and passive antenna into AAU, and the remaining functions of the BBU are redefined as DU.
  • CU and DU are distinguished by the real-time nature of processing content, and AAU is a combination of RRU and antenna.
  • FIG. 9 is only an example, and does not limit the scope of protection of this application.
  • the deployment form may also be DU deployment in a 4G BBU computer room, CU centralized deployment or DU centralized deployment, and CU higher-level centralized deployment.
  • the AAU 401 that can implement the transceiving function is called a transceiving unit 401, which corresponds to the transmitting unit 310 in FIG. 8.
  • the transceiver unit 401 may also be called a transceiver, a transceiver circuit, or a transceiver, etc., and it may include at least one antenna 4011 and a radio frequency unit 4012.
  • the transceiving unit 401 may include a receiving unit and a transmitting unit, the receiving unit may correspond to a receiver (or receiver, receiving circuit), and the transmitting unit may correspond to a transmitter (or transmitter, transmitting circuit).
  • the CU and DU 402 that can implement internal processing functions are called the processing unit 402, which corresponds to the processing unit 330 in FIG. 8.
  • the processing unit 402 may control network devices, etc., and may be referred to as a controller.
  • the AAU 401, the CU and the DU 402 may be physically set together, or may be physically separated.
  • the first MN is not limited to the form shown in FIG. 9, but may also be in other forms: for example, it includes a BBU and an adaptive radio unit (ARU), or includes a BBU and an active antenna unit (active antenna unit, AAU); it can also be customer premises equipment (CPE), or other forms, which are not limited in this application.
  • ARU adaptive radio unit
  • AAU active antenna unit
  • CPE customer premises equipment
  • first MN 40 shown in FIG. 9 can implement the first MN function involved in the method embodiments of FIG. 4 and FIG. 5.
  • the operations and/or functions of each unit in the first MN 40 are to implement the corresponding processes executed by the first MN in the method embodiment of the present application. To avoid repetition, detailed description is omitted here.
  • the structure of the first MN illustrated in FIG. 10 is only a possible form and should not constitute any limitation to the embodiment of the present application. This application does not exclude the possibility of other forms of the first MN structure that may appear in the future.
  • FIG. 10 is a schematic diagram of the switching device 50 proposed in the present application.
  • the device 50 includes a sending unit 510, a receiving unit 520, and a processing unit 530.
  • the sending unit 510 is used to send information to other devices.
  • the receiving unit 520 is configured to receive a handover request message from a first MN, where the handover request message carries first indication information, and the first indication information is used to indicate the security capability of the assisting base station SN, and the first MN is The MN that serves the user equipment UE before the MN handover occurs, the second MN is the MN that serves the user equipment UE after the MN handover occurs, wherein the security capability of the SN includes whether the SN supports security protection, and /Or, whether the SN enables the security protection for the PDU session of the UE, and the security protection includes encryption protection and/or integrity protection.
  • the processing unit 530 is configured to determine the security capability of the SN based on the first indication information.
  • the device 50 completely corresponds to the second MN in the method embodiment, and the device 50 may be the second MN in the method embodiment, or a chip or functional module inside the second MN in the method embodiment.
  • the corresponding units of the device 50 are used to perform the corresponding steps performed by the second MN in the method embodiments shown in FIGS. 4 and 5.
  • the sending unit 510 in the device 50 executes the steps of sending by the second MN in the method embodiment. For example, perform step S421 of sending a handover request response message to the first MN in FIG. 4, perform step S450 of sending second, third, or fourth indication information to the SN in FIG. 4, and perform step S450 in FIG. Step S441 of sending an SN adding request message, step S521 of sending a handover request response message to the first MN in FIG. 5, and step S531 of sending an SN adding request message to the SN in FIG. 5 are executed.
  • the receiving unit 520 in the device 50 performs the steps of receiving by the second MN in the method embodiment. For example, step S410 of receiving the handover request message sent by the first MN in FIG. 4, step S443 of receiving the SN adding request response message sent by the SN in FIG. 4, and step S510 of receiving the handover request message sent by the first MN in FIG. Step S533 in FIG. 5 of receiving the SN adding request response message sent by the SN is performed.
  • the processing unit 530 in the device 50 executes the steps implemented or processed inside the second MN in the method embodiment. For example, perform step S430 of establishing an RRC connection with the UE in FIG. 4, perform step S420 of determining a security policy in FIG. 4, perform step S440 of determining whether the SN is enabled for security protection in FIG. Step S523: Perform step S520 in FIG. 5 to determine whether to reject session establishment, and perform step S530 in FIG. 5 to determine the offload strategy.
  • the receiving unit 520 and the sending unit 510 may constitute a transceiver unit, and have both receiving and sending functions.
  • the processing unit 530 may be a processor.
  • the sending unit 510 may be a transmitter.
  • the receiving unit 520 may be a receiver. The receiver and transmitter can be integrated to form a transceiver.
  • FIG. 11 is a schematic structural diagram of a second MN 60 applicable to an embodiment of the present application, and may be used to implement the function of the second MN in the above handover method. It can be a schematic diagram of the structure of a network device.
  • the structure of the second MN 60 is similar to the structure of the first MN 40 shown in FIG. 9, and the second MN 60 may include CU, DU, and AAU.
  • the AAU 601 that can implement the transceiver function is called a transceiver unit 601, which corresponds to the sending unit 510 in FIG. 10.
  • the transceiver unit 601 may also be called a transceiver, a transceiver circuit, or a transceiver, etc., and it may include at least one antenna 6011 and a radio frequency unit 6012.
  • the transceiving unit 601 may include a receiving unit and a transmitting unit, the receiving unit may correspond to a receiver (or receiver, receiving circuit), and the transmitting unit may correspond to a transmitter (or transmitter, transmitting circuit).
  • the CU and DU 602 that can implement internal processing functions are called a processing unit 602, which corresponds to the processing unit 530 in FIG. 10.
  • the processing unit 602 may control network devices, etc., and may be referred to as a controller.
  • the AAU 601, the CU and the DU 602 may be physically set together, or may be physically separated.
  • the second MN is not limited to the form shown in FIG. 11, and may also be in other forms: for example, including BBU and ARU, or including BBU and AAU; it may also be CPE or other forms, which is not limited by this application.
  • the second MN 60 shown in FIG. 11 can implement the second MN function involved in the method embodiments of FIG. 4 and FIG. 5.
  • the operations and/or functions of each unit in the second MN 60 are respectively for implementing the corresponding processes executed by the second MN in the method embodiment of the present application. To avoid repetition, detailed description is omitted here.
  • the structure of the second MN illustrated in FIG. 10 is only a possible form, and should not constitute any limitation to the embodiment of the present application. This application does not exclude the possibility of other forms of the second MN structure that may appear in the future.
  • An embodiment of the present application also provides a communication system, which includes the aforementioned user equipment, a second MN, a second MN, and an SN.
  • the present application also provides a computer-readable storage medium that stores instructions in the computer-readable storage medium.
  • the computer executes the first method shown in FIG. 4 and FIG. 5. The steps performed by the MN.
  • the present application also provides a computer-readable storage medium.
  • the computer-readable storage medium stores instructions. When the instructions run on a computer, the computer executes the second method shown in FIG. 4 and FIG. 5. The steps performed by the MN.
  • the present application also provides a computer-readable storage medium that stores instructions in the computer-readable storage medium.
  • the computer executes the method shown in FIG. 4 and FIG. The various steps performed.
  • This application also provides a computer program product containing instructions.
  • the computer program product runs on a computer, the computer executes the steps performed by the first MN in the method shown in FIG. 4 and FIG. 5.
  • This application also provides a computer program product containing instructions.
  • the computer program product runs on a computer, the computer executes the steps performed by the second MN in the method shown in FIG. 4 and FIG. 5.
  • This application also provides a computer program product containing instructions.
  • the computer program product runs on a computer, the computer executes the steps performed by the user equipment in the methods shown in FIGS. 4 and 5.
  • This application also provides a chip including a processor.
  • the processor is used to read and run the computer program stored in the memory to execute the corresponding operation and/or process executed by the first MN in the handover method provided in this application.
  • the chip further includes a memory, the memory and the processor are connected to the memory through a circuit or a wire, and the processor is used to read and execute the computer program in the memory.
  • the chip further includes a communication interface, and the processor is connected to the communication interface.
  • the communication interface is used to receive data and/or information that needs to be processed, and the processor obtains the data and/or information from the communication interface, and processes the data and/or information.
  • the communication interface can be an input and output interface.
  • This application also provides a chip including a processor.
  • the processor is used to read and run a computer program stored in the memory to execute the corresponding operation and/or process executed by the second MN in the handover method provided in this application.
  • the chip further includes a memory, the memory and the processor are connected to the memory through a circuit or a wire, and the processor is used to read and execute the computer program in the memory.
  • the chip further includes a communication interface, and the processor is connected to the communication interface.
  • the communication interface is used to receive data and/or information that needs to be processed, and the processor obtains the data and/or information from the communication interface, and processes the data and/or information.
  • the communication interface can be an input and output interface.
  • This application also provides a chip including a processor.
  • the processor is used to read and run the computer program stored in the memory to execute the corresponding operation and/or process executed by the user equipment in the switching method provided in this application.
  • the chip further includes a memory, the memory and the processor are connected to the memory through a circuit or a wire, and the processor is used to read and execute the computer program in the memory.
  • the chip further includes a communication interface, and the processor is connected to the communication interface.
  • the communication interface is used to receive data and/or information that needs to be processed, and the processor obtains the data and/or information from the communication interface, and processes the data and/or information.
  • the communication interface can be an input and output interface.
  • the disclosed system, device, and method may be implemented in other ways.
  • the device embodiments described above are only illustrative.
  • the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components can be combined or It can be integrated into another system, or some features can be ignored or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
  • each unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the function is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium.
  • the technical solution of this application essentially or the part that contributes to the existing technology or the part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including Several instructions are used to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the method described in each embodiment of the present application.
  • the aforementioned storage media include: U disk, mobile hard disk, read-only memory (read-only memory, ROM), random access memory (random access memory, RAM), magnetic disk or optical disk and other media that can store program code .
  • the term "and/or” in this application is only an association relationship describing the associated objects, indicating that there can be three types of relationships, for example, A and/or B, which can mean: A alone exists, and both A and B exist. , There are three cases of B alone.
  • the character "/" in this text generally means that the associated objects before and after are in an "or” relationship; the term “at least one” in this application can mean “one” and "two or more", for example, A At least one of, B and C can mean: A alone exists, B alone exists, C exists alone, A and B exist alone, A and C exist simultaneously, C and B exist simultaneously, and A and B and C exist simultaneously, this Seven situations.
  • A, B, or C refers to any of A, B, and C; A, B, and C refer to the three possibilities of A, B, and C.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Provided in embodiments of the present application are a handover method, an apparatus and a communications system, used in a scenario in which a main base station (MN) to which user equipment in a dual connectivity state is connected performs handover while a secondary base station (SN) does not change. The method comprises: a first MN sends a handover request message to a second MN, the handover request message carrying first indicator information, the first indicator information being used to indicate security capabilities of an SN, and the second MN determines a security policy according to the security capabilities of the SN. The handover method provided in the present application enables a second MN in an MN handover process to learn security capabilities of an SN, and to determine a security policy on the basis of the security capabilities of the SN, lowering signaling overhead between the second MN and a UE.

Description

切换的方法、装置和通信系统Method, device and communication system for switching
本申请要求于2019年05月29日提交中国专利局、申请号为201910457885.0、申请名称为“切换的方法、装置和通信系统”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of a Chinese patent application filed with the Chinese Patent Office on May 29, 2019, the application number is 201910457885.0, and the application name is "Method, Device and Communication System for Handover", the entire content of which is incorporated into this application by reference in.
技术领域Technical field
本申请涉及通信领域,并且更具体地,涉及一种切换的方法、装置和通信系统。This application relates to the field of communications, and more specifically, to a method, device and communication system for handover.
背景技术Background technique
通信系统中的用户设备可以同时与两个网络设备之间进行数据传输,称为双连接(dual-connectivity,DC)。其中,两个网络设备中的一个网络设备负责发送无线资源控制(radio resource control,RRC)消息给用户设备,并负责和核心网交互,该网络设备称为主网络设备(main node,MN),另一个网络设备称为辅助网络设备(secondary node,SN)。The user equipment in the communication system can perform data transmission with two network equipment at the same time, which is called dual-connectivity (DC). Among them, one of the two network devices is responsible for sending radio resource control (Radio Resource Control, RRC) messages to the user equipment and for interacting with the core network. This network device is called the main node (MN), Another network device is called a secondary network device (secondary node, SN).
当用户设备从源MN向目标MN切换以实现与分别与目标MN和所述SN连接时,目标MN如何与所述SN进行安全策略协商这个问题目前亟需进行解决。When the user equipment switches from the source MN to the target MN to connect to the target MN and the SN, respectively, the problem of how the target MN negotiates security policies with the SN needs to be solved urgently.
发明内容Summary of the invention
本申请提供一种切换的方法、装置和通信系统,通过在MN切换流程中第一主基站MN将辅助基站SN的安全能力信息携带在切换请求消息中通知给第二主基站MN,使得第二主基站MN能够在MN切换流程中获知SN的安全能力,并根据SN的安全能力确定安全策略降低第二MN和UE之间的信令开销。This application provides a handover method, device, and communication system. In the MN handover procedure, the first primary base station MN carries the security capability information of the secondary base station SN in a handover request message to notify the second primary base station MN, so that the second primary base station MN The primary base station MN can learn the security capability of the SN during the MN handover process, and determine the security policy according to the security capability of the SN to reduce the signaling overhead between the second MN and the UE.
第一方面,提供了一种切换的方法,用户设备分别与第一主基站MN和辅基站SN连接,当所述用户设备从所述第一MN向第二MN切换以实现分别与所述第二MN和所述SN连接时,所述方法包括:所述第一MN向所述第二MN发送切换请求消息,所述切换请求消息中携带第一指示信息,所述第一指示信息用于指示所述SN的安全能力;所述第二MN根据所述SN的安全能力确定安全策略。In the first aspect, a handover method is provided. User equipment is connected to a first primary base station MN and a secondary base station SN respectively. When the user equipment is handed over from the first MN to the second MN, the user equipment is connected to the second MN. When the second MN is connected to the SN, the method includes: the first MN sends a handover request message to the second MN, the handover request message carries first indication information, and the first indication information is used for Indicate the security capability of the SN; the second MN determines a security policy according to the security capability of the SN.
本申请实施例提供的切换的方法,通过在MN切换流程中第一MN将指示辅助基站SN的安全能力的第一指示信息携带在切换请求消息中,通知给第二MN,使得第二MN能够在MN切换流程中,基于该第一指示信息获知SN的安全能力,基于该SN的安全能力确定安全策略。In the handover method provided by the embodiment of the present application, the first MN carries the first indication information indicating the security capability of the assisting base station SN in the handover request message in the MN handover process, and notifies the second MN so that the second MN can In the MN handover procedure, the security capability of the SN is learned based on the first indication information, and the security policy is determined based on the security capability of the SN.
结合第一方面,在第一方面的某些实现方式中,所述第二MN根据所述SN的安全能力确定安全策略,包括:当所述SN不支持安全保护时,所述第二MN确定所述安全策略为不激活所述第二MN与用户设备之间安全保护。With reference to the first aspect, in some implementations of the first aspect, the second MN determines a security policy according to the security capability of the SN, including: when the SN does not support security protection, the second MN determines The security policy is not to activate security protection between the second MN and the user equipment.
本申请实施例提供的切换的方法,第二MN根据所述SN的安全能力确定安全策略可 以是第二MN基于SN的安全能力获知SN不支持安全保护时,确定安全策略为不激活第二MN与用户设备之间安全保。In the handover method provided by the embodiment of the present application, the second MN determines that the security policy according to the security capability of the SN may be that the second MN determines that the security policy is not to activate the second MN when it learns that the SN does not support security protection based on the security capability of the SN Security with user equipment.
结合第一方面,在第一方面的某些实现方式中,所述方法还包括:所述第二MN向所述SN发送第二指示信息,所述第二指示信息用于指示所述SN不激活所述SN与所述用户设备之间的安全保护。With reference to the first aspect, in some implementations of the first aspect, the method further includes: the second MN sends second indication information to the SN, where the second indication information is used to indicate that the SN does not Activate the security protection between the SN and the user equipment.
本申请实施例提供的切换的方法,第二MN基于SN的安全能力确定安全策略之后,可以通过第二指示信息将该安全策略通知给SN。In the handover method provided by the embodiment of the present application, after the second MN determines the security policy based on the security capability of the SN, the security policy may be notified to the SN through the second indication information.
结合第一方面,在第一方面的某些实现方式中,所述第二MN根据所述SN的安全能力确定安全策略,包括:所述第二MN根据所述第二MN和所述SN的安全能力确定安全策略。With reference to the first aspect, in some implementations of the first aspect, the second MN determines a security policy according to the security capability of the SN, including: the second MN determines the security policy according to the second MN and the SN The security capability determines the security strategy.
本申请实施例提供的切换的方法,第二MN根据所述SN的安全能力确定安全策略可以是第二MN基于SN的安全能力和第二MN的安全能力,确定安全策略。In the handover method provided in the embodiment of the present application, the second MN determines the security policy according to the security capability of the SN, which may be that the second MN determines the security policy based on the security capability of the SN and the security capability of the second MN.
结合第一方面,在第一方面的某些实现方式中,所述第二MN根据所述第二MN和所述SN的安全能力确定安全策略,包括:当所述所述SN支持安全保护但第二MN不支持安全保护时,所述第二MN确定所述安全策略为不激活所述第二MN与用户设备之间安全保护。With reference to the first aspect, in some implementations of the first aspect, the second MN determines a security policy according to the security capabilities of the second MN and the SN, including: when the SN supports security protection but When the second MN does not support security protection, the second MN determines that the security policy is not to activate security protection between the second MN and the user equipment.
本申请实施例提供的切换的方法,第二MN根据所述第二MN和所述SN的安全能力确定安全策略具体可以是当所述所述SN支持安全保护但第二MN不支持安全保护时,不激活所述第二MN与用户设备之间安全保护。In the handover method provided by the embodiment of the present application, the second MN determines the security policy according to the security capabilities of the second MN and the SN, specifically when the SN supports security protection but the second MN does not support security protection , The security protection between the second MN and the user equipment is not activated.
结合第一方面,在第一方面的某些实现方式中,所述方法还包括:所述第二MN向所述SN发送第三指示信息,所述第三指示信息用于指示所述SN不激活所述SN与所述用户设备之间的安全保护。With reference to the first aspect, in some implementations of the first aspect, the method further includes: the second MN sends third indication information to the SN, and the third indication information is used to indicate that the SN does not Activate the security protection between the SN and the user equipment.
本申请实施例提供的切换的方法,第二MN基于SN的安全能力和第二MN的安全能力确定安全策略之后,可以通过第三指示信息指示SN和UE之间的安全策略。In the handover method provided by the embodiment of the present application, after the second MN determines the security policy based on the security capability of the SN and the security capability of the second MN, the third indication information may indicate the security policy between the SN and the UE.
结合第一方面,在第一方面的某些实现方式中,所述第二MN根据所述第二MN和所述SN的安全能力确定安全策略,包括:当所述SN支持安全保护且所述第二MN支持安全保护且时,所述第二MN确定所述安全策略为激活所述第二MN与用户设备之间安全保护。With reference to the first aspect, in some implementations of the first aspect, the second MN determines a security policy according to the security capabilities of the second MN and the SN, including: when the SN supports security protection and the When the second MN supports security protection, the second MN determines that the security policy is to activate security protection between the second MN and the user equipment.
本申请实施例提供的切换的方法,第二MN根据所述第二MN和所述SN的安全能力确定安全策略具体可以是所述SN支持安全保护且第二MN支持安全保护时,激活所述第二MN与用户设备之间安全保护。In the handover method provided by the embodiment of the present application, the second MN determines the security policy according to the security capabilities of the second MN and the SN. Specifically, when the SN supports security protection and the second MN supports security protection, activate the Security protection between the second MN and the user equipment.
结合第一方面,在第一方面的某些实现方式中,所述方法还包括:所述第二MN向所述SN发送第四指示信息,所述第四指示信息用于指示所述SN激活所述SN与所述用户设备之间的安全保护。With reference to the first aspect, in some implementations of the first aspect, the method further includes: the second MN sends fourth indication information to the SN, where the fourth indication information is used to indicate that the SN is activated Security protection between the SN and the user equipment.
本申请实施例提供的切换的方法,第二MN基于SN的安全能力和第二MN的安全能力确定安全策略之后,可以通过第四指示信息指示SN和UE之间的安全策略。In the handover method provided in the embodiment of the present application, after the second MN determines the security policy based on the security capability of the SN and the security capability of the second MN, the security policy between the SN and the UE may be indicated through the fourth indication information.
结合第一方面,在第一方面的某些实现方式中,所述安全保护为加密保护和/或完整性保护。With reference to the first aspect, in some implementations of the first aspect, the security protection is encryption protection and/or integrity protection.
本申请实施例提供的切换的方法,安全保护为加密保护和/或完整性保护。In the switching method provided in the embodiment of the present application, the security protection is encryption protection and/or integrity protection.
应理解,上述安全保护为加密保护和/或完整性保护;上述安全能力为是否支持加密保护和/或完整性保护。It should be understood that the aforementioned security protection is encryption protection and/or integrity protection; the aforementioned security capability is whether to support encryption protection and/or integrity protection.
第二方面,提供了一种切换的方法,用户设备分别与第一主基站MN和辅基站SN连接,当所述用户设备从所述第一MN向第二MN切换以实现分别与所述第二MN和所述SN连接时,所述方法包括:第一主基站MN确定进行MN切换;所述第一MN向所述第二MN发送切换请求消息,所述切换请求消息中携带第一指示信息,所述第一指示信息用于指示所述SN的安全能力,其中,所述SN的安全能力包括所述SN是否支持安全保护,和/或,所述SN对于所述UE的分组数据单元PDU会话是否开启安全保护,所述安全保护包括加密保护和/或完整性保护。In a second aspect, a handover method is provided. User equipment is connected to a first primary base station MN and a secondary base station SN. When the user equipment is handed over from the first MN to the second MN, the user equipment is connected to the second MN. When the second MN is connected to the SN, the method includes: the first primary base station MN determines to perform MN handover; the first MN sends a handover request message to the second MN, and the handover request message carries a first indication Information, the first indication information is used to indicate the security capability of the SN, where the security capability of the SN includes whether the SN supports security protection, and/or the SN is for the packet data unit of the UE Whether to enable security protection for the PDU session, the security protection includes encryption protection and/or integrity protection.
本申请实施例提供的切换的方法,通过在MN切换流程中第一主基站MN将指示辅助基站SN的安全能力的第一指示信息携带在切换请求消息中,通知给第二主基站MN,使得第二主基站MN能够在MN切换流程中,基于该第一指示信息获知SN的安全能力。In the handover method provided in the embodiment of the present application, the first primary base station MN carries the first indication information indicating the security capability of the secondary base station SN in the handover request message in the MN handover process, and notifies the second primary base station MN, so that The second primary base station MN can learn the security capability of the SN based on the first indication information during the MN handover procedure.
结合第二方面,在第二方面的某些实现方式中,所述第一指示信息携带在所述切换请求消息携带的辅助接入网节点处的UE上下文参数中。With reference to the second aspect, in some implementations of the second aspect, the first indication information is carried in the UE context parameter at the auxiliary access network node carried in the handover request message.
本申请实施例提供的切换的方法,上述的第一指示信息可以是在切换请求消息携带的辅助接入网节点处的UE上下文参数新增的一个信元。In the handover method provided by the embodiment of the present application, the above-mentioned first indication information may be a new information element of the UE context parameter at the auxiliary access network node carried in the handover request message.
应理解,上述第一指示信息还可以是携带在切换请求消息中的其他参数中新增的信元,或者,第一指示信息为切换请求消息中新增的参数,本申请实施例中对此并不限制。It should be understood that the foregoing first indication information may also be a new information element carried in other parameters in the handover request message, or the first indication information may be a newly added parameter in the handover request message, which is described in this embodiment of the application. Not limited.
第三方面,提供了一种切换的方法,用户设备分别与第一主基站MN和辅基站SN连接,当所述用户设备从所述第一MN向第二MN切换以实现分别与所述第二MN和所述SN连接时,所述方法包括:第二主基站MN从第一MN处接收切换请求消息,所述切换请求消息中携带第一指示信息,所述第一指示信息用于指示辅助基站SN的安全能力;所述第二MN根据所述SN的安全能力确定安全策略。In a third aspect, a handover method is provided. User equipment is connected to a first primary base station MN and a secondary base station SN respectively. When the user equipment is handed over from the first MN to the second MN, the user equipment is connected to the second MN. When the second MN is connected to the SN, the method includes: the second primary base station MN receives a handover request message from the first MN, the handover request message carries first indication information, and the first indication information is used to indicate The security capability of the assisting base station SN; the second MN determines a security policy according to the security capability of the SN.
本申请实施例提供的切换的方法,第二主基站MN能够在MN切换流程中,基于从第一MN处接收到的第一指示信息获知SN的安全能力,并根据SN的安全能力确定安全策略。In the handover method provided by the embodiment of the present application, the second primary base station MN can learn the security capability of the SN based on the first indication information received from the first MN during the MN handover process, and determine the security policy according to the security capability of the SN .
结合第三方面,在第三方面的某些实现方式中,所述第二MN根据所述SN的安全能力确定安全策略,包括:当所述SN不支持安全保护时,所述第二MN确定所述安全策略为不激活所述第二MN与用户设备之间安全保护。With reference to the third aspect, in some implementations of the third aspect, the second MN determines a security policy according to the security capability of the SN, including: when the SN does not support security protection, the second MN determines The security policy is not to activate security protection between the second MN and the user equipment.
本申请实施例提供的切换的方法,第二MN根据所述SN的安全能力确定安全策略可以是第二MN基于SN的安全能力获知SN不支持安全保护时,确定安全策略为不激活第二MN与用户设备之间安全保。In the handover method provided by the embodiment of the present application, the second MN determines that the security policy according to the security capability of the SN may be that the second MN determines that the security policy is not to activate the second MN when it learns that the SN does not support security protection based on the security capability of the SN Security with user equipment.
结合第三方面,在第三方面的某些实现方式中,所述方法还包括:所述第二MN向所述SN发送第二指示信息,所述第二指示信息用于指示所述SN不激活所述SN与所述用户设备之间的安全保护。With reference to the third aspect, in some implementations of the third aspect, the method further includes: the second MN sends second indication information to the SN, where the second indication information is used to indicate that the SN does not Activate the security protection between the SN and the user equipment.
本申请实施例提供的切换的方法,第二MN基于SN的安全能力确定安全策略之后,可以通过第二指示信息将该安全策略通知给SN。In the handover method provided by the embodiment of the present application, after the second MN determines the security policy based on the security capability of the SN, the security policy may be notified to the SN through the second indication information.
结合第三方面,在第三方面的某些实现方式中,所述第二MN根据所述SN的安全能力确定安全策略,包括:所述第二MN根据所述第二MN和所述SN的安全能力确定安全 策略。With reference to the third aspect, in some implementations of the third aspect, the second MN determines a security policy according to the security capability of the SN, including: the second MN determines the security policy according to the second MN and the SN The security capability determines the security strategy.
本申请实施例提供的切换的方法,第二MN根据所述SN的安全能力确定安全策略可以是第二MN基于SN的安全能力和第二MN的安全能力,确定安全策略。In the handover method provided in the embodiment of the present application, the second MN determines the security policy according to the security capability of the SN, which may be that the second MN determines the security policy based on the security capability of the SN and the security capability of the second MN.
结合第三方面,在第三方面的某些实现方式中,所述第二MN根据所述第二MN和所述SN的安全能力确定安全策略,包括:当所述SN支持安全保护但所述第二MN不支持安全保护时,所述第二MN确定所述安全策略为不激活所述第二MN与用户设备之间安全保护。With reference to the third aspect, in some implementations of the third aspect, the second MN determines a security policy according to the security capabilities of the second MN and the SN, including: when the SN supports security protection but the When the second MN does not support security protection, the second MN determines that the security policy is not to activate security protection between the second MN and the user equipment.
本申请实施例提供的切换的方法,第二MN根据所述第二MN和所述SN的安全能力确定安全策略具体可以是所述SN支持安全保护但第二MN不支持安全保护时,不激活所述第二MN与用户设备之间安全保护。In the handover method provided by the embodiment of the present application, the second MN determines the security policy according to the security capabilities of the second MN and the SN. Specifically, when the SN supports security protection but the second MN does not support security protection, it is not activated. Security protection between the second MN and the user equipment.
结合第三方面,在第三方面的某些实现方式中,所述方法还包括:所述第二MN向所述SN发送第三指示信息,所述第三指示信息用于指示所述SN不激活所述SN与所述用户设备之间的安全保护。With reference to the third aspect, in some implementations of the third aspect, the method further includes: the second MN sends third indication information to the SN, and the third indication information is used to indicate that the SN does not Activate the security protection between the SN and the user equipment.
本申请实施例提供的切换的方法,第二MN基于SN的安全能力和第二MN的安全能力确定安全策略之后,可以通过第三指示信息指示SN和UE之间的安全策略。In the handover method provided by the embodiment of the present application, after the second MN determines the security policy based on the security capability of the SN and the security capability of the second MN, the third indication information may indicate the security policy between the SN and the UE.
结合第三方面,在第三方面的某些实现方式中,所述第二MN根据所述第二MN和所述SN的安全能力确定安全策略,包括:当所述SN支持安全保护且所述第二MN支持安全保护且时,所述第二MN确定所述安全策略为激活所述第二MN与用户设备之间安全保护。With reference to the third aspect, in some implementations of the third aspect, the second MN determines a security policy according to the security capabilities of the second MN and the SN, including: when the SN supports security protection and the When the second MN supports security protection, the second MN determines that the security policy is to activate security protection between the second MN and the user equipment.
本申请实施例提供的切换的方法,第二MN根据所述第二MN和所述SN的安全能力确定安全策略具体可以是所述SN支持安全保护且第二MN支持安全保护时,激活所述第二MN与用户设备之间安全保护。In the handover method provided by the embodiment of the present application, the second MN determines the security policy according to the security capabilities of the second MN and the SN. Specifically, when the SN supports security protection and the second MN supports security protection, activate the Security protection between the second MN and the user equipment.
结合第三方面,在第三方面的某些实现方式中,所述方法还包括:所述第二MN向所述SN发送第四指示信息,所述第四指示信息用于指示所述SN激活所述SN与所述用户设备之间的安全保护。With reference to the third aspect, in some implementations of the third aspect, the method further includes: the second MN sends fourth indication information to the SN, where the fourth indication information is used to indicate that the SN is activated Security protection between the SN and the user equipment.
本申请实施例提供的切换的方法,第二MN基于SN的安全能力和第二MN的安全能力确定安全策略之后,可以通过第四指示信息指示SN和UE之间的安全策略。In the handover method provided in the embodiment of the present application, after the second MN determines the security policy based on the security capability of the SN and the security capability of the second MN, the security policy between the SN and the UE may be indicated through the fourth indication information.
结合第三方面,在第三方面的某些实现方式中,所述安全保护为加密保护和/或完整性保护。With reference to the third aspect, in some implementations of the third aspect, the security protection is encryption protection and/or integrity protection.
本申请实施例提供的切换的方法,安全保护为加密保护和/或完整性保护。In the switching method provided in the embodiment of the present application, the security protection is encryption protection and/or integrity protection.
第四方面,提供了一种通信系统,该系统可以用来执行第一方面以及第一方面的任意可能的实现方式中的第一MN和第二MN的操作。具体地,通信系统包括用于执行上述第一方面以及第一方面的任意可能的实现方式中所描述的步骤或功能相对应的部件(means)可以是第一方面中的第一MN和第二MN或第一MN和第二MN内部的芯片或功能模块。步骤或功能可以通过软件实现,或硬件实现,或者通过硬件和软件结合来实现。In a fourth aspect, a communication system is provided, which can be used to perform the operations of the first MN and the second MN in the first aspect and any possible implementation of the first aspect. Specifically, the communication system includes means for performing the steps or functions described in the first aspect and any possible implementation of the first aspect. The means may be the first MN and the second MN in the first aspect. MN or chip or functional module inside the first MN and the second MN. The steps or functions can be realized by software, or by hardware, or by a combination of hardware and software.
具体地,该通信系统包括的第一MN和第二MN可以执行以下操作:第一MN,用于向所述第二MN发送切换请求消息,所述切换请求消息中携带第一指示信息,所述第一指示信息用于指示所述SN的安全能力;所述第二MN,用于根据所述SN的安全能力确定安全策略。Specifically, the first MN and the second MN included in the communication system may perform the following operations: the first MN is configured to send a handover request message to the second MN, and the handover request message carries the first indication information, so The first indication information is used to indicate the security capability of the SN; the second MN is used to determine a security policy according to the security capability of the SN.
示例性地,第二MN根据所述SN的安全能力确定安全策略,包括:当所述SN不支持安全保护时,所述第二MN确定所述安全策略为不激活所述第二MN与用户设备之间安全保护。Exemplarily, the second MN determines the security policy according to the security capability of the SN, including: when the SN does not support security protection, the second MN determines that the security policy is to not activate the second MN and the user Security protection between devices.
示例性地,第二MN还用于向所述SN发送第二指示信息,所述第二指示信息用于指示所述SN不激活所述SN与所述用户设备之间的安全保护。Exemplarily, the second MN is further configured to send second indication information to the SN, where the second indication information is used to indicate that the SN does not activate the security protection between the SN and the user equipment.
示例性地,第二MN根据所述SN的安全能力确定安全策略,包括:所述第二MN根据所述第二MN和所述SN的安全能力确定安全策略。Exemplarily, the second MN determining the security policy according to the security capabilities of the SN includes: the second MN determining the security policy according to the security capabilities of the second MN and the SN.
示例性地,第二MN根据所述第二MN和所述SN的安全能力确定安全策略,包括:当所述SN支持安全保护但所述MN不支持完整性保护时,所述第二MN确定所述安全策略为不激活所述第二MN与用户设备之间安全保护。Exemplarily, the second MN determines the security policy according to the security capabilities of the second MN and the SN, including: when the SN supports security protection but the MN does not support integrity protection, the second MN determines The security policy is not to activate security protection between the second MN and the user equipment.
示例性地,第二MN还用于向所述SN发送第三指示信息,所述第三指示信息用于指示所述SN不激活所述SN与所述用户设备之间的安全保护。Exemplarily, the second MN is further configured to send third indication information to the SN, where the third indication information is used to indicate that the SN does not activate the security protection between the SN and the user equipment.
示例性地,第二MN根据所述第二MN和所述SN的安全能力确定安全策略,包括:当所述SN支持安全保护且所述MN支持完整性保护时,所述第二MN确定所述安全策略为激活所述第二MN与用户设备之间安全保护。Exemplarily, the second MN determines the security policy according to the security capabilities of the second MN and the SN, including: when the SN supports security protection and the MN supports integrity protection, the second MN determines The security policy is to activate security protection between the second MN and the user equipment.
示例性地,第二MN向所述SN发送第四指示信息,所述第四指示信息用于指示所述SN激活所述SN与所述用户设备之间的安全保护。Exemplarily, the second MN sends fourth indication information to the SN, where the fourth indication information is used to instruct the SN to activate security protection between the SN and the user equipment.
示例性地,安全保护为加密保护和/或完整性保护。Exemplarily, the security protection is encryption protection and/or integrity protection.
第五方面,提供了一种切换的装置,该装置可以用来执行第二方面以及第二方面的任意可能的实现方式中的第一主基站MN的操作。具体地,切换的装置包括用于执行上述第二方面以及第二方面的任意可能的实现方式中所描述的步骤或功能相对应的部件(means)可以是第二方面中的第一主基站MN或第一主基站MN内部的芯片或功能模块。步骤或功能可以通过软件实现,或硬件实现,或者通过硬件和软件结合来实现。In a fifth aspect, a handover device is provided, which can be used to perform the operation of the first primary base station MN in the second aspect and any possible implementation manner of the second aspect. Specifically, the device for handover includes the steps or functions corresponding to the steps or functions described in the second aspect and any possible implementation of the second aspect. The means may be the first primary base station MN in the second aspect. Or a chip or functional module inside the first main base station MN. The steps or functions can be realized by software, or by hardware, or by a combination of hardware and software.
第六方面,提供了一种切换的装置,该装置可以用来用于执行第三方面以及第三方面的任意可能的实现方式中的第二主基站MN的操作。具体地,该切换的装置可以包括用于执行上述第二方面以及第三方面的任意可能的实现方式中所描述的步骤或功能相对应的部件(means)可以是第三方面的第二主基站MN或第二主基站MN内部的芯片或功能模块。步骤或功能可以通过软件实现,或硬件实现,或者通过硬件和软件结合来实现。In the sixth aspect, a handover device is provided, which can be used to perform the operation of the second primary base station MN in the third aspect and any possible implementation manner of the third aspect. Specifically, the handover device may include the steps or functions described in any possible implementation of the second aspect and the third aspect. The corresponding means may be the second primary base station of the third aspect. The chip or functional module inside the MN or the second main base station MN. The steps or functions can be realized by software, or by hardware, or by a combination of hardware and software.
第七方面,提供了一种通信设备,包括,处理器,收发器,存储器,该存储器用于存储计算机程序,该收发器,用于执行第二和第三方面中任一种可能实现方式中的切换的方法中的收发步骤,该处理器用于从存储器中调用并运行该计算机程序,使得该通信设备执行第二和第三方面中任一种可能实现方式中的切换的方法。In a seventh aspect, a communication device is provided, including a processor, a transceiver, and a memory, where the memory is used to store a computer program, and the transceiver is used to execute any one of the possible implementation manners of the second and third aspects In the transceiving step in the switching method, the processor is used to call and run the computer program from the memory, so that the communication device executes the switching method in any one of the possible implementation manners of the second and third aspects.
可选地,处理器为一个或多个,存储器为一个或多个。Optionally, there are one or more processors and one or more memories.
可选地,存储器可以与处理器集成在一起,或者存储器与处理器分离设置。Optionally, the memory may be integrated with the processor, or the memory and the processor may be provided separately.
可选的,收发器包括,发射机(发射器)和接收机(接收器)。Optionally, the transceiver includes a transmitter (transmitter) and a receiver (receiver).
一个可能的设计中,提供了一种通信设备,包括收发器、处理器和存储器。该处理器用于控制收发器收发信号,该存储器用于存储计算机程序,该处理器用于从存储器中调用并运行该计算机程序,使得该通信设备执行第二方面以及第二方面的任意可能的实现方式中的方法。In one possible design, a communication device is provided, including a transceiver, a processor, and a memory. The processor is used to control the transceiver to send and receive signals, the memory is used to store a computer program, and the processor is used to call and run the computer program from the memory, so that the communication device executes the second aspect and any possible implementation of the second aspect Method in.
另一个可能的设计中,提供了一种通信设备,包括收发器、处理器和存储器。该处理器用于控制收发器收发信号,该存储器用于存储计算机程序,该处理器用于从存储器中调用并运行该计算机程序,使得该通信设备执行第三方面以及第三方面的任意可能的实现方式中的方法。In another possible design, a communication device is provided, including a transceiver, a processor, and a memory. The processor is used to control the transceiver to send and receive signals, the memory is used to store a computer program, and the processor is used to call and run the computer program from the memory, so that the communication device executes the third aspect and any possible implementation manners of the third aspect Method in.
第八方面,提供了一种系统,系统包括第五方面和第六方面提供的切换的装置。In an eighth aspect, a system is provided, and the system includes the switching devices provided in the fifth aspect and the sixth aspect.
第九方面,提供了一种计算机程序产品,计算机程序产品包括:计算机程序(也可以称为代码,或指令),当计算机程序被运行时,使得计算机执行上述第二和第三方面中任一种可能实现方式中的方法。In a ninth aspect, a computer program product is provided. The computer program product includes: a computer program (also called code, or instruction), which when the computer program is executed, causes the computer to execute any one of the second and third aspects. One of the possible implementation methods.
第十方面,提供了一种计算机可读介质,计算机可读介质存储有计算机程序(也可以称为代码,或指令)当其在计算机上运行时,使得计算机执行上述第二和第三方面中任一种可能实现方式中的方法。In a tenth aspect, a computer-readable medium is provided, and the computer-readable medium stores a computer program (also called code, or instruction) when it runs on a computer, so that the computer executes the above-mentioned second and third aspects. Any one of the possible implementation methods.
第十一方面,提供了一种芯片系统,包括存储器和处理器,该存储器用于存储计算机程序,该处理器用于从存储器中调用并运行该计算机程序,使得安装有该芯片系统的通信设备执行上述第二和第三方面中任一种可能实现方式中的方法。In an eleventh aspect, a chip system is provided, including a memory and a processor, the memory is used to store a computer program, the processor is used to call and run the computer program from the memory, so that the communication device installed with the chip system executes The method in any one of the above-mentioned second and third aspects.
附图说明Description of the drawings
图1是本申请实施例提供的切换的方法适用的一种通信系统100示意图。FIG. 1 is a schematic diagram of a communication system 100 to which the handover method provided in an embodiment of the present application is applicable.
图2是建立双连接的示意性流程图。Figure 2 is a schematic flow chart for establishing a dual connection.
图3是发生MN切换的示意图。Figure 3 is a schematic diagram of MN handover.
图4是本申请实施例提供的一种切换的方法的示意图。Fig. 4 is a schematic diagram of a handover method provided by an embodiment of the present application.
图5是本申请实施例提供的另一种切换的方法的示意图。Fig. 5 is a schematic diagram of another handover method provided by an embodiment of the present application.
图6是本申请提出的切换的装置10的示意图。FIG. 6 is a schematic diagram of the switching device 10 proposed by the present application.
图7是适用于本申请实施例的用户设备20的结构示意图。FIG. 7 is a schematic structural diagram of a user equipment 20 applicable to an embodiment of the present application.
图8是本申请提出的切换的装置30的示意图。FIG. 8 is a schematic diagram of the switching device 30 proposed in the present application.
图9是适用于本申请实施例的第一MN 40的结构示意图。FIG. 9 is a schematic structural diagram of a first MN 40 applicable to an embodiment of the present application.
图10是本申请提出的切换的装置50的示意图。FIG. 10 is a schematic diagram of the switching device 50 proposed in this application.
图11是适用于本申请实施例的第二MN 60的结构示意图。FIG. 11 is a schematic structural diagram of a second MN 60 applicable to an embodiment of the present application.
具体实施方式Detailed ways
下面将结合附图,对本申请中的技术方案进行描述。The technical solution in this application will be described below in conjunction with the drawings.
本申请实施例的技术方案可以应用于各种通信系统,例如:长期演进(long term evolution,LTE)系统、LTE频分双工(frequency division duplex,FDD)系统、LTE时分双工(time division duplex,TDD)、通用移动通信系统(universal mobile telecommunication system,UMTS)、全球互联微波接入(worldwide interoperability for microwave access,WiMAX)通信系统、未来的第五代(5th generation,5G)系统或新无线(new radio,NR)等。The technical solutions of the embodiments of this application can be applied to various communication systems, such as: long term evolution (LTE) system, LTE frequency division duplex (FDD) system, LTE time division duplex (time division duplex) , TDD), Universal Mobile Telecommunication System (UMTS), Worldwide Interoperability for Microwave Access (WiMAX) Communication System, Future 5th Generation (5G) System or New Wireless ( new radio, NR) etc.
本申请实施例中的用户设备(user equipment)可以指接入终端、用户单元、用户站、移动站、移动台、中继站、远方站、远程终端、移动设备、用户终端(user terminal)、终端设备(terminal equipment)、终端(terminal)、无线通信设备、用户代理或用户装置。 用户设备还可以是蜂窝电话、无绳电话、会话启动协议(session initiation protocol,SIP)电话、无线本地环路(wireless local loop,WLL)站、个人数字助理(personal digital assistant,PDA)、具有无线通信功能的手持设备、计算设备或连接到无线调制解调器的其它处理设备、车载设备、可穿戴设备,未来5G网络中的用户设备或者未来演进的公用陆地移动通信网络(public land mobile network,PLMN)中的用户设备等,本申请实施例对此并不限定。The user equipment (user equipment) in the embodiments of the present application may refer to an access terminal, a user unit, a user station, a mobile station, a mobile station, a relay station, a remote station, a remote terminal, a mobile device, a user terminal, and a terminal device. (terminal equipment), terminal (terminal), wireless communication equipment, user agent or user device. The user equipment can also be a cellular phone, a cordless phone, a session initiation protocol (SIP) phone, a wireless local loop (WLL) station, a personal digital assistant (PDA), with wireless communication Functional handheld devices, computing devices or other processing devices connected to wireless modems, in-vehicle devices, wearable devices, user equipment in the future 5G network or future evolution of the public land mobile network (PLMN) User equipment, etc., which are not limited in this embodiment of the present application.
本申请实施例中的网络设备可以是用于与用户设备通信的任意一种具有无线收发功能的设备。该设备包括但不限于:演进型节点B(evolved Node B,eNB)、无线网络控制器(radio network controller,RNC)、节点B(Node B,NB)、基站控制器(base station controller,BSC)、基站收发台(base transceiver station,BTS)、家庭基站(home evolved NodeB,HeNB,或home Node B,HNB)、基带单元(baseband unit,BBU),无线保真(wireless fidelity,WIFI)系统中的接入点(access point,AP)、无线中继节点、无线回传节点、传输点(transmission point,TP)或者发送接收点(transmission and reception point,TRP)等,还可以为5G,如,NR,系统中的gNB,或,传输点(TRP或TP),5G系统中的基站的一个或一组(包括多个天线面板)天线面板,或者,还可以为构成gNB或传输点的网络节点,如基带单元(BBU),或,分布式单元(distributed unit,DU)等。The network device in the embodiment of the present application may be any device with wireless transceiving function used to communicate with user equipment. This equipment includes but is not limited to: evolved Node B (eNB), radio network controller (RNC), Node B (NB), base station controller (BSC) , Base transceiver station (base transceiver station, BTS), home base station (home evolved NodeB, HeNB, or home Node B, HNB), baseband unit (BBU), wireless fidelity (wireless fidelity, WIFI) system Access point (AP), wireless relay node, wireless backhaul node, transmission point (TP) or transmission and reception point (TRP), etc., can also be 5G, such as NR , The gNB in the system, or the transmission point (TRP or TP), one or a group of antenna panels (including multiple antenna panels) of the base station in the 5G system, or the network node that constitutes the gNB or transmission point, Such as baseband unit (BBU), or distributed unit (DU), etc.
在一些部署中,gNB可以包括集中式单元(centralized unit,CU)和DU。gNB还可以包括有源天线单元(active antenna unit,AAU)。CU实现gNB的部分功能,DU实现gNB的部分功能。比如,CU负责处理非实时协议和服务,实现无线资源控制(radio resource control,RRC),分组数据汇聚层协议(packet data convergence protocol,PDCP)层的功能。DU负责处理物理层协议和实时服务,实现无线链路控制(radio link control,RLC)层、媒体接入控制(media access control,MAC)层和物理(physical,PHY)层的功能。AAU实现部分物理层处理功能、射频处理及有源天线的相关功能。由于RRC层的信息最终会变成PHY层的信息,或者,由PHY层的信息转变而来,因而,在这种架构下,高层信令,如RRC层信令,也可以认为是由DU发送的,或者,由DU+AAU发送的。可以理解的是,网络设备可以为包括CU节点、DU节点、AAU节点中一项或多项的设备。此外,可以将CU划分为接入网(radio access network,RAN)中的网络设备,也可以将CU划分为核心网(core network,CN)中的网络设备,本申请对此不做限定。In some deployments, the gNB may include a centralized unit (CU) and a DU. The gNB may also include an active antenna unit (AAU). CU implements part of the functions of gNB, and DU implements part of the functions of gNB. For example, the CU is responsible for processing non-real-time protocols and services, and implements radio resource control (radio resource control, RRC), packet data convergence protocol (packet data convergence protocol, PDCP) layer functions. The DU is responsible for processing physical layer protocols and real-time services, and realizes the functions of the radio link control (RLC) layer, media access control (MAC) layer, and physical (PHY) layer. AAU realizes some physical layer processing functions, radio frequency processing and related functions of active antennas. Since the information of the RRC layer will eventually become the information of the PHY layer, or be transformed from the information of the PHY layer, under this architecture, high-level signaling, such as RRC layer signaling, can also be considered to be sent by DU , Or, sent by DU+AAU. It can be understood that the network device may be a device that includes one or more of a CU node, a DU node, and an AAU node. In addition, the CU can be divided into network equipment in an access network (radio access network, RAN), or the CU can be divided into network equipment in a core network (core network, CN), which is not limited in this application.
在本申请实施例中,用户设备或网络设备包括硬件层、运行在硬件层之上的操作系统层,以及运行在操作系统层上的应用层。该硬件层包括中央处理器(central processing unit,CPU)、内存管理单元(memory management unit,MMU)和内存(也称为主存)等硬件。该操作系统可以是任意一种或多种通过进程(process)实现业务处理的计算机操作系统,例如,Linux操作系统、Unix操作系统、Android操作系统、iOS操作系统或windows操作系统等。该应用层包含浏览器、通讯录、文字处理软件、即时通信软件等应用。并且,本申请实施例并未对本申请实施例提供的方法的执行主体的具体结构特别限定,只要能够通过运行记录有本申请实施例的提供的方法的代码的程序,以根据本申请实施例提供的方法进行通信即可,例如,本申请实施例提供的方法的执行主体可以是用户设备或网络设备,或者,是用户设备或网络设备中能够调用程序并执行程序的功能模块。In the embodiments of the present application, the user equipment or network device includes a hardware layer, an operating system layer running on the hardware layer, and an application layer running on the operating system layer. The hardware layer includes hardware such as a central processing unit (CPU), a memory management unit (MMU), and memory (also referred to as main memory). The operating system may be any one or more computer operating systems that implement business processing through processes, for example, Linux operating system, Unix operating system, Android operating system, iOS operating system, or windows operating system. The application layer includes applications such as browsers, address books, word processing software, and instant messaging software. In addition, the embodiments of the application do not specifically limit the specific structure of the execution subject of the methods provided in the embodiments of the application, as long as the program that records the codes of the methods provided in the embodiments of the application can be provided according to the embodiments of the application. For example, the execution subject of the method provided in the embodiments of the present application may be user equipment or network equipment, or a functional module in the user equipment or network equipment that can call and execute programs.
另外,本申请的各个方面或特征可以实现成方法、装置或使用标准编程和/或工程技 术的制品。本申请中使用的术语“制品”涵盖可从任何计算机可读器件、载体或介质访问的计算机程序。例如,计算机可读介质可以包括,但不限于:磁存储器件(例如,硬盘、软盘或磁带等),光盘(例如,压缩盘(compact disc,CD)、数字通用盘(digital versatile disc,DVD)等),智能卡和闪存器件(例如,可擦写可编程只读存储器(erasable programmable read-only memory,EPROM)、卡、棒或钥匙驱动器等)。另外,本文描述的各种存储介质可代表用于存储信息的一个或多个设备和/或其它机器可读介质。术语“机器可读存储介质”可包括但不限于,无线信道和能够存储、包含和/或承载指令和/或数据的各种其它介质。In addition, various aspects or features of the present application can be implemented as methods, devices, or products using standard programming and/or engineering techniques. The term "article of manufacture" as used in this application encompasses a computer program accessible from any computer-readable device, carrier, or medium. For example, computer-readable media may include, but are not limited to: magnetic storage devices (for example, hard disks, floppy disks, or tapes, etc.), optical disks (for example, compact discs (CD), digital versatile discs (DVD)) Etc.), smart cards and flash memory devices (for example, erasable programmable read-only memory (EPROM), cards, sticks or key drives, etc.). In addition, various storage media described herein may represent one or more devices and/or other machine-readable media for storing information. The term "machine-readable storage medium" may include, but is not limited to, wireless channels and various other media capable of storing, containing, and/or carrying instructions and/or data.
图1是本申请实施例提供的切换的方法适用的一种通信系统100示意图,该示意图包括主基站#1(图1中所示的基站10)、主基站#2(图1中所示的基站11)、辅助基站(图1中所示的基站20)以及用户设备30。FIG. 1 is a schematic diagram of a communication system 100 to which the handover method provided in an embodiment of the present application is applicable. The schematic diagram includes a main base station #1 (base station 10 shown in FIG. 1), a main base station #2 (shown in FIG. Base station 11), auxiliary base station (base station 20 shown in FIG. 1), and user equipment 30.
本申请提供的切换的方法主要涉及到用户设备支持双连接的情况下,如图1所示为主基站和辅助基站同时为用户设备供通信服务的网路架构示意图。对于配置了双连接的用户设备,主基站可以配置包括主小区(primarily cell,PCell)在内的至少一个服务小区,这些小区可以称为主小区组(master cell group,MCG),主小区可以用于主基站提供非接入层信息以及安全参数等。例如,主小区组可以包括一个主小区,也可以进一步包括至少一个辅小区;辅助基站可配置包括主辅小区(primarily secondary cell,PSCell)在内的至少一个服务小区,辅主小区可以用于辅基站提供物理层上行控制信道,或随机接入等,这些小区可以称为辅小区组(secondary cell group,SCG),例如,辅小区组可以包括一个主辅小区,也可以进一步包括至少一个辅小区。The handover method provided in the present application mainly relates to the case where the user equipment supports dual connectivity. As shown in FIG. 1, a schematic diagram of a network architecture in which a primary base station and an auxiliary base station simultaneously provide communication services for the user equipment. For user equipment configured with dual connectivity, the primary base station can configure at least one serving cell including primary cell (primarily cell, PCell). These cells can be called master cell group (MCG), and the primary cell can be used Provide non-access layer information and security parameters at the main base station. For example, the primary cell group may include one primary cell or at least one secondary cell; the secondary base station may be configured with at least one serving cell including a primary secondary cell (PSCell), and the secondary primary cell can be used as a secondary cell. The base station provides physical layer uplink control channels, or random access, etc. These cells can be called secondary cell groups (SCG). For example, the secondary cell group may include one primary and secondary cell, or may further include at least one secondary cell. .
本申请实施例,涉及的场景为向用户设备提供服务的主基站的发生切换。切换前,向用户设备提供服务的主基站以下称为源主基站(图1中所示的基站10);切换后,向用户设备提供服务的主基站以下称为目标主基站(图1中所示的基站11)。同理,切换前,向用户设备提供服务的辅助基站以下称为源辅助基站;切换后,向用户设备提供服务的辅助基站以下称为目标辅助基站。由于,本申请实施例中只涉及主基站的切换,即主基站切换前后的辅助基站为同一个基站。In this embodiment of the application, the scenario involved is the occurrence of handover of a primary base station that provides services to user equipment. Before handover, the primary base station that provides services to the user equipment is hereinafter referred to as the source primary base station (base station 10 shown in Figure 1); after the handover, the primary base station that provides services to the user equipment is hereinafter referred to as the target primary base station (as shown in Figure 1). The base station shown 11). In the same way, before handover, the auxiliary base station that provides services to the user equipment is hereinafter referred to as the source auxiliary base station; after the handover, the auxiliary base station that provides services to the user equipment is hereinafter referred to as the target auxiliary base station. Because, the embodiment of the present application only involves the handover of the primary base station, that is, the secondary base stations before and after the primary base station is switched are the same base station.
为了便于理解本申请实施例中提供的切换的方法,下面简单介绍本申请实施例中涉及到的几个基本概念:In order to facilitate the understanding of the handover method provided in the embodiments of the present application, the following briefly introduces several basic concepts involved in the embodiments of the present application:
1、双连接。1. Dual connection.
双连接是3GPP Release 12版本引入的重要技术。通过双连接技术,LTE中的宏基站和微基站可以利用现有的非理想回传(non-ideal backhaul)X2接口来实现载波聚合,从而为用户设备提供更高的速率,以及利用宏组网或微组网提高频谱效率和负载平衡。支持双连接的用户设备可以同时连接两个网络设备,增加单用户设备的吞吐量。Dual connectivity is an important technology introduced in 3GPP Release 12. Through dual connectivity technology, macro base stations and micro base stations in LTE can use the existing non-ideal backhaul X2 interface to implement carrier aggregation, thereby providing higher rates for user equipment, and using macro networking Or micro-networking improves spectrum efficiency and load balance. User equipment that supports dual connections can connect two network devices at the same time, increasing the throughput of a single user device.
2、建立双连接。2. Establish a dual connection.
如图2所示,图2是建立双连接的示意性流程图。该流程图中包括MN、SN以及UE。As shown in Figure 2, Figure 2 is a schematic flow chart of establishing a dual connection. The flowchart includes MN, SN, and UE.
建立双连接包括以下步骤:Establishing a dual connection includes the following steps:
S210,RRC连接建立。S210, the RRC connection is established.
指的是UE和MN之间建立空口连接。Refers to the establishment of an air interface connection between the UE and the MN.
S220,MN向SN发送SN添加请求消息。S220: The MN sends an SN addition request message to the SN.
该SN添加请求消息可以称为(SN addition/modification request)。该SN添加请求消 息中携带UE的安全能力信息,例如,UE支持的加密保护算法、UE支持的完整性保护算法等。进一步地,该SN添加请求消息中还会携带UE的用户面安全策略。The SN addition request message may be called (SN addition/modification request). The SN addition request message carries the security capability information of the UE, for example, the encryption protection algorithm supported by the UE and the integrity protection algorithm supported by the UE. Further, the SN addition request message will also carry the user plane security policy of the UE.
本申请中涉及的安全策略包括针对加密保护和针对完整性保护的安全策略,其中,针对加密保护的安全策略包括以下几种类型:The security policies involved in this application include security policies for encryption protection and integrity protection. Among them, the security policies for encryption protection include the following types:
1)、必须的(required):必须开启加密保护,如果基站不支持就会拒绝会话建立;1). Required: Encryption protection must be turned on. If the base station does not support it, session establishment will be rejected;
2)、不需要的(not needed):不需要开启加密保护;2) Not needed: No need to open encryption protection;
3)、优先的(preferred):优先开启加密保护,如果无法开启,则基站向会话管理功能(session management function,SMF)网元返回未开启加密保护的通知即可,而不需要拒绝会话建立。3) Preferred: Encryption protection is turned on first. If it cannot be turned on, the base station returns a notification that the encryption protection is not turned on to the session management function (SMF) network element, without the need to refuse session establishment.
同理,针对完整性保护的安全策略包括以下几种类型:Similarly, security policies for integrity protection include the following types:
1)、必须的(required):必须开启完整性保护,如果基站不支持就会拒绝会话建立;1), required (required): integrity protection must be turned on, if the base station does not support it, session establishment will be rejected;
2)、不需要的(not needed):不需要开启完整性保护;2) Not needed: No need to turn on integrity protection;
3)、优先的(preferred):优先开启完整性保护,如果无法开启,则基站向SMF网元返回未开启完整性保护的通知即可,而不需要拒绝会话建立。3). Preferred: the integrity protection is turned on first. If it cannot be turned on, the base station only needs to return a notification that the integrity protection is not turned on to the SMF network element, without the need to refuse session establishment.
应理解,对于完整性保护算法以及加密保护算法本申请中并不限制,可以是现有中的算法,也可以是通信技术发展以后提出的算法。It should be understood that the integrity protection algorithm and the encryption protection algorithm are not limited in this application, and they may be existing algorithms or algorithms proposed after the development of communication technology.
可选地,UE接入MN后,MN根据UE上报的UE的连接能力,例如UE是否支持双连接,邻区列表中是否有支持双连接的小区,以及MN和这些支持双连接的小区的链路状态来决定是否为该UE添加SN。如果UE支持双连接,而且邻区列表中配置了支持双连接的邻区,且MN和这些支持双连接的小区的链路状态是通的,就触发双连接建立过程为该UE添加一个SN。Optionally, after the UE accesses the MN, the MN reports the UE’s connectivity capabilities, such as whether the UE supports dual connectivity, whether there are cells that support dual connectivity in the neighbor cell list, and the link between the MN and these dual connectivity-enabled cells. Road status determines whether to add SN for the UE. If the UE supports dual connectivity, and the neighbor cell list that supports dual connectivity is configured in the neighbor cell list, and the link status of the MN and these dual connectivity-supporting cells is connected, the dual connectivity establishment process is triggered to add an SN for the UE.
应理解,本申请中对于如何建立双连接并不限制,可以是现有的建立双连接的任何一种方式,本申请仅做简单的说明。It should be understood that there is no restriction on how to establish a dual connection in this application, and it can be any existing way of establishing a dual connection, and this application only provides a brief description.
S230,SN判断是否开启完整性保护和/或加密保护。S230: The SN judges whether integrity protection and/or encryption protection is enabled.
SN根据自身支持的安全算法和UE支持的安全算法,选择一个加密保护算法和一个完整性保护算法,同时SN根据UE的用户面安全策略和自身安全能力决策用户面安全是否开启完整性保护和/或是否开启加密保护。SN selects an encryption protection algorithm and an integrity protection algorithm according to the security algorithm supported by itself and the security algorithm supported by the UE. At the same time, SN decides whether to enable integrity protection and/ Or whether to enable encryption protection.
S240,SN向MN发送SN添加请求响应消息。S240: The SN sends an SN addition request response message to the MN.
该SN添加请求消息可以称为(SN addition/modification request acknowledge)。该SN添加请求消息中携带SN选择的加密保护算法、完整性保护算法以及用户面安全完整性保护结果以及加密保护结果发给MN。The SN addition request message may be called (SN addition/modification request acknowledge). The SN addition request message carries the encryption protection algorithm, the integrity protection algorithm, the user plane security integrity protection result and the encryption protection result selected by the SN and is sent to the MN.
S250,MN向UE发送RRC重配置消息。S250: The MN sends an RRC reconfiguration message to the UE.
该RRC连接重配消息中携带有上述SN选择的加密保护算法、完整性保护算法、计数器以及SN是否开启加密保护和/或完整性保护、SN进行加密保护和/或完整性保护的结果等信息。The RRC connection reconfiguration message carries information such as the encryption protection algorithm, integrity protection algorithm, counter selected by the SN, whether encryption protection and/or integrity protection is enabled by the SN, and the result of encryption protection and/or integrity protection performed by the SN. .
SN通过S240和S250将自身的密钥信息传递给UE,应理解,MN与UE建立连接的时候也需要将自身的密钥信息传递给UE。The SN transmits its own key information to the UE through S240 and S250. It should be understood that when the MN establishes a connection with the UE, it also needs to transmit its own key information to the UE.
实际上,MN将自身的密钥信息传递给UE,以及SN通过S240和S250将自身的密钥信息传递给UE,就是配置UE和MN以及UE和SN之间的传输链路的一些参数,但是 双连接建立之前SN与UE无直接连接,所以经由MN进行传递。In fact, the MN passes its own key information to the UE, and the SN passes its own key information to the UE through S240 and S250, which is to configure some parameters of the transmission link between the UE and the MN and between the UE and the SN. Before the dual connection is established, there is no direct connection between the SN and the UE, so it is passed through the MN.
S260,UE向MN发送RRC重配置完成消息。S260: The UE sends an RRC reconfiguration complete message to the MN.
UE根据MN下发的密钥信息配置好参数之后,通过RRC重配置完成消息反馈MN。After the UE configures the parameters according to the key information issued by the MN, it feeds back to the MN through the RRC reconfiguration complete message.
S270,MN向SN发送SN重配完成消息。S270: The MN sends an SN reconfiguration complete message to the SN.
MN将从UE处接收到UE配置好参数的消息通过SN重配完成消息告知SN。The MN will receive the message that the UE has configured the parameters from the UE and inform the SN through the SN reconfiguration complete message.
S280,SN和UE激活参数。S280, SN and UE activation parameters.
UE和SN可以根据之前配好的参数进行加密保护或完整性保护,如果之前决定不完整性保护则不会激活完整性保护。The UE and SN can perform encryption protection or integrity protection according to the previously configured parameters. If the incomplete protection is decided before, the integrity protection will not be activated.
S290,SN和UE之间进行随机接入流程。S290, a random access procedure is performed between the SN and the UE.
SN和UE之间进行随机接入流程就是指UE和SN开始进行通信。The random access procedure between the SN and the UE means that the UE and the SN start to communicate.
应理解,本申请中将双连接场景下的主基站称为MN只是一种举例,对本申请的保护范围不构成任何限制,例如,主基站还可以称为(main evolutional NodeB,MeNB)或(main gNode B,MgNB)等;同理,本申请中将双连接场景下的辅助基站称为SN也只是一种举例,对本申请的保护范围不构成任何限制,例如,辅助基站还可以称为(secondary evolutional NodeB,SeNB)或(secondary gNode B,SgNB)等。It should be understood that in this application, the primary base station in the dual connectivity scenario is referred to as MN, which is just an example, and does not constitute any limitation to the protection scope of this application. For example, the primary base station can also be referred to as (main evolutional NodeB, MeNB) or (main gNode B, MgNB), etc.; for the same reason, in this application, the secondary base station in the dual connectivity scenario is called SN, which is just an example, and does not constitute any limitation to the protection scope of this application. For example, secondary base station can also be called (secondary evolutional NodeB, SeNB) or (secondary gNodeB, SgNB), etc.
还应理解,图2是对双连接建立过程的描述,对本申请的保护范围并不构成任何限定,具体的建立流程可以参考现有协议的规定,这不再赘述。It should also be understood that FIG. 2 is a description of the dual connection establishment process, and does not constitute any limitation to the protection scope of the present application. The specific establishment process can refer to the provisions of the existing agreement, which will not be repeated.
3、MN切换。3. MN handover.
如图3所示,图3是发生MN切换的示意图。包括源MN、目标MN以及UE。As shown in Figure 3, Figure 3 is a schematic diagram of MN handover. Including source MN, target MN, and UE.
MN切换包括以下步骤:MN handover includes the following steps:
S310,源MN向UE发起测量控制。S310: The source MN initiates measurement control to the UE.
S320,UE向源MN发送测量报告。S320: The UE sends a measurement report to the source MN.
S330,源MN决定进行切换。S330: The source MN decides to perform handover.
源MN根据UE返回的测量报告决策进行MN切换。The source MN performs MN handover according to the measurement report returned by the UE.
应理解,本申请实施例中对于源MN决定进行MN切换的原因并不限制,可以是现有协议中发生MN切换时对应的任意一种可能的原因。例如,源MN基于UE发送的测量报告,确定当前自身为UE提供服务的质量较差,从邻区列表中选择合适的目标MN为UE提供服务。It should be understood that the reason why the source MN decides to perform the MN handover in the embodiment of the present application is not limited, and may be any corresponding possible reason when the MN handover occurs in the existing protocol. For example, based on the measurement report sent by the UE, the source MN determines that the current quality of the service provided to the UE is poor, and selects a suitable target MN from the neighbor cell list to provide the UE with the service.
S340,源MN向目标MN发送切换请求消息。S340: The source MN sends a handover request message to the target MN.
源MN决策需要进行MN切换之后,选择合适的为UE提供服务的目标MN,并向该目标MN发送切换请求消息。After the source MN decides that it needs to perform MN handover, it selects a suitable target MN that provides services for the UE, and sends a handover request message to the target MN.
具体地,由于本申请实施例中主要涉及的是MN的切换,而切换前后的MN连接的SN相同,所以该切换请求消息中携带有指示SN的指示信息以及指示UE的指示信息。Specifically, since the embodiment of the present application mainly involves the handover of the MN, and the SN connected to the MN before and after the handover is the same, the handover request message carries the indication information indicating the SN and the indication information indicating the UE.
应理解,本申请实施例中对于发生MN切换的时候,源MN如何向目标MN发送切换请求,以及切换请求消息中携带的信息并不限制,参考现有协议规定即可。例如,源MN在S340发送切换请求(handover request)消息的时候,会在handover request中携带参数:UE Context Reference at the S-NG-RAN node,该参数包含两个ID,一个是Global NG-RAN Node ID指示S-RAN的节点ID;一个是S-NG-RAN node UE XnAP ID指示UE。It should be understood that, in the embodiments of the present application, when a MN handover occurs, how the source MN sends a handover request to the target MN and the information carried in the handover request message are not limited, and it is sufficient to refer to the existing protocol. For example, when the source MN sends a handover request (handover request) message in S340, it will carry a parameter in the handover request: UE Context Reference at the S-NG-RAN node, this parameter contains two IDs, one is Global NG-RAN Node ID indicates S-RAN node ID; one is S-NG-RAN node UE XnAP ID indicates UE.
S350,目标MN许可控制。S350, target MN admission control.
目标MN接收到源MN发送的切换请求消息之后,判断是否能够切换,准备空口资源。After the target MN receives the handover request message sent by the source MN, it judges whether handover is possible and prepares air interface resources.
S360,目标MN向源MN发送切换请求响应消息。S360: The target MN sends a handover request response message to the source MN.
目标MN确定为UE提供服务之后,源MN发送切换请求响应(handover request acknowledge)消息,该handover request acknowledge中携带参数:UE上下文保持指示(UE context kept indicator),该参数用来指示在MN切换但SN不变时,SN需要保持UE的上下文。也就是说,MN切换的时候,SN是可以不变的,继续作为切换后MN的SN。After the target MN is determined to provide services for the UE, the source MN sends a handover request acknowledgement message. The handover request acknowledgement carries a parameter: UE context keep indicator (UE context keep indicator), which is used to indicate the handover but When the SN does not change, the SN needs to maintain the context of the UE. In other words, when the MN is handed over, the SN can remain unchanged and continue to be the SN of the MN after the handover.
S370,源MN向UE发送下行连接配置。S370: The source MN sends the downlink connection configuration to the UE.
源MN从目标MN处接收到配置参数,将该配置参数转发给UE使得UE能够进行相应的配置。The source MN receives the configuration parameters from the target MN, and forwards the configuration parameters to the UE so that the UE can perform corresponding configuration.
S380,UE与目标MN之间建立RRC连接。S380: Establish an RRC connection between the UE and the target MN.
UE完成配置之后,能够与目标MN之间建立RRC连接。After the UE completes the configuration, it can establish an RRC connection with the target MN.
应理解,图3只是为了便于理解本申请实施例中所涉及到的MN切换,而进行简单的说明,详细的MN切换流程不再赘述,可以参考现有协议中规定的MN切换。It should be understood that FIG. 3 is only to facilitate the understanding of the MN handover involved in the embodiments of the present application, and a simple description is provided. The detailed MN handover process will not be repeated, and the MN handover specified in the existing protocol can be referred to.
现有协议中,在发生MN切换而SN不变的时候,MN切换之后,目标MN与SN之间建立双连接的流程如图2所示。In the existing protocol, when the MN is switched and the SN remains unchanged, after the MN is switched, the process of establishing a dual connection between the target MN and the SN is shown in Figure 2.
可选地,在高可靠低时延通信(ultra-reliable and low latency communications,URLLC)的双连接场景下,要求UE和MN之间、UE和SN之间的数据保护方式要是一致的,数据保护方式包括完整性保护方式和/或加密保护方式。按图3所示的切换流程,MN在切换完成之后,需要在执行图2所示的与SN建立双链接的流程中,由SN直接或间接地将自身的安全能力通知给目标MN,目标MN才能识别出SN是否支持相关安全保护方式,可能会导致目标MN获知SN的安全保护方式之后,重新建立与目标MN与UE之间的RRC连接,产生额外的信令交互。Optionally, in the dual-connection scenario of ultra-reliable and low latency communications (URLLC), the data protection methods between the UE and the MN, and between the UE and the SN are required to be consistent. Data protection Methods include integrity protection methods and/or encryption protection methods. According to the handover process shown in Figure 3, after the handover is completed, the MN needs to perform the process of establishing a dual link with the SN as shown in Figure 2. The SN directly or indirectly informs the target MN of its security capabilities. In order to identify whether the SN supports the relevant security protection mode, it may cause the target MN to re-establish the RRC connection with the target MN and the UE after learning the security protection mode of the SN, resulting in additional signaling interaction.
例如,执行图2所示的S210目标MN与UE之间建立RRC连接之后,UE和目标MN之间的数据保护方式为加密保护;执行图2所示的S220-S240之后,目标MN获知SN的安全能力不支持加密保护,则目标MN与UE之间需要重新建立RRC连接,协商UE和目标MN之间的数据保护方式为不加密保护,才能够保证双连接上的数据保护方式是一致的;For example, after performing the RRC connection between the target MN and the UE in S210 shown in Figure 2, the data protection method between the UE and the target MN is encryption protection; after performing S220-S240 shown in Figure 2, the target MN learns the information of the SN If the security capability does not support encryption protection, the RRC connection needs to be re-established between the target MN and the UE, and the data protection mode between the UE and the target MN is negotiated to be non-encrypted protection to ensure that the data protection mode on the dual connection is consistent;
还例如,执行图2所示的S210目标MN与UE之间建立RRC连接之后,UE和目标MN之间的数据保护方式为完整性保护;执行图2所示的S220-S240之后,目标MN获知SN的安全能力不支持完整性保护,则上述的S220-S240为无效的信令,如果目标MN提前获知了SN的安全能力就不会发起上述的S220-S240,节省信令的开销。For another example, after the RRC connection is established between the target MN and the UE in S210 shown in FIG. 2, the data protection mode between the UE and the target MN is integrity protection; after S220-S240 shown in FIG. 2, the target MN learns If the security capability of the SN does not support integrity protection, the aforementioned S220-S240 are invalid signaling. If the target MN knows the security capability of the SN in advance, the aforementioned S220-S240 will not be initiated, saving signaling overhead.
可选地,在非URLLC的双连接场景,MN在切换完成之后,目标MN可能需要将一部分分组数据单元(packet data unit,PDU)会话(session)分流(offload)到SN上,如果SN无法接受目标MN的分流请求则导致分流失败,使得分流的相关信令为无效的信令,如果目标MN提前获知了SN的安全能力就不会发起上述的分流,节省信令的开销。Optionally, in a non-URLLC dual-connection scenario, after the handover of the MN is completed, the target MN may need to offload a part of packet data unit (PDU) sessions to the SN. If the SN cannot accept The offload request of the target MN results in offload failure, making the offload related signaling invalid signaling. If the target MN knows the security capability of the SN in advance, the above offload will not be initiated, saving signaling overhead.
例如,源MN支持完整性保护,SN不支持完整性保护。源MN接收到6个PDU会话请求,其中,3个PDU会话(PDU1、PDU2和PDU3)需要完整性保护,另外3个PDU会话(PDU4、PDU5和PDU6)不需要完整性保护。此时源MN将PDU1、PDU2、PDU3承载到自身,将PDU4、PDU5、PDU6offload到SN。当发生MN切换时,目标MN可能 因为自身不支持完整性保护而试图将PDU1、PDU2、PDU3也offload到SN,而SN不支持完整性保护会拒绝该分流请求,从而导致额外的信令开销。目标MN如果能够提前知道SN不支持完整性保护,可以早在会话建立时就直接拒绝需要完整性保护的会话,就不会有后面的信令开销。For example, the source MN supports integrity protection, but the SN does not support integrity protection. The source MN receives 6 PDU session requests, of which 3 PDU sessions (PDU1, PDU2, and PDU3) require integrity protection, and the other 3 PDU sessions (PDU4, PDU5, and PDU6) do not require integrity protection. At this time, the source MN carries PDU1, PDU2, and PDU3 to itself, and offloads PDU4, PDU5, and PDU6 to SN. When MN handover occurs, the target MN may try to offload PDU1, PDU2, and PDU3 to the SN because it does not support integrity protection. However, if the SN does not support integrity protection, it will reject the offloading request, resulting in additional signaling overhead. If the target MN knows in advance that the SN does not support integrity protection, it can directly reject the session that requires integrity protection as early as the session is established, and there will be no subsequent signaling overhead.
也就是说,如果进行MN切换的流程为如图3所示的流程,则在切换之后目标MN与SN建立双连接的流程中可能会产生上述的存在额外信令开销的缺陷。本申请实施例提供一种切换的方法,通过在MN切换的流程中源MN将SN的安全能力转发给目标MN,使得目标MN能够提前获知SN的安全能力,进一步地目标MN可以根据SN的安全能力进行会话处理以及安全策略决策,达到目标MN与SN建立双连接的流程节省信令开销的目的。下面结合图4和图5详细介绍本申请实施例提供的切换的方法。其中,图4所示的方法流程主要是从目标MN获知SN的安全能力,基于SN的安全能力确定安全策略的角度说明如何实现降低目标MN和UE之间的信令开销的目的;图5所示的方法流程主要是从目标MN获知SN的安全能力,基于SN的安全能力确定拒绝会话建立的角度说明如何实现降低目标MN和SN之间的信令开销的目的。That is to say, if the process of performing MN handover is the process shown in FIG. 3, after the handover, the process of establishing a dual connection between the target MN and the SN may cause the above-mentioned defect of additional signaling overhead. The embodiment of the application provides a handover method. The source MN forwards the security capabilities of the SN to the target MN during the MN handover process, so that the target MN can learn the security capabilities of the SN in advance, and further the target MN can be based on the security of the SN Ability to perform session processing and security policy decisions, to achieve the goal of saving signaling overhead in the process of establishing dual connections between the target MN and SN. The handover method provided by the embodiment of the present application will be described in detail below with reference to FIG. 4 and FIG. 5. Among them, the method flow shown in Figure 4 is mainly to learn the security capabilities of the SN from the target MN, and how to reduce the signaling overhead between the target MN and the UE from the perspective of determining the security policy based on the security capabilities of the SN; The method flow shown is mainly to learn the security capability of the SN from the target MN, and how to reduce the signaling overhead between the target MN and the SN from the perspective of determining the rejection of session establishment based on the security capability of the SN.
图4是本申请实施例提供的一种切换的方法的示意图。包括第一MN、第二MN、SN以及UE,其中,在发生切换之前,UE分别与所述第一MN和所述SN连接;所述第一MN也可称为源MN;切换之后,所述UE分别与所述第二MN和所述SN连接,所述第二MN也可以称为目标MN。另外,可选的,UE从所述第一MN向所述第二MN切换的过程,所述UE始终与所述SN保持连接。Fig. 4 is a schematic diagram of a handover method provided by an embodiment of the present application. It includes a first MN, a second MN, an SN, and a UE. Before the handover occurs, the UE is connected to the first MN and the SN respectively; the first MN may also be referred to as the source MN; The UE is connected to the second MN and the SN respectively, and the second MN may also be referred to as a target MN. In addition, optionally, in the process of UE handover from the first MN to the second MN, the UE always maintains a connection with the SN.
具体的,所述UE分别与第一主基站MN和辅基站SN连接,当所述UE从所述第一MN向第二MN切换以实现分别与所述第二MN和所述SN连接时,该切换的方法包括以下步骤:Specifically, the UE is connected to the first primary base station MN and the secondary base station SN respectively, and when the UE is handed over from the first MN to the second MN to connect to the second MN and the SN, The switching method includes the following steps:
S410,第一MN向第二MN发送切换请求消息。S410: The first MN sends a handover request message to the second MN.
其中,切换请求消息中携带有第一指示信息,该第一指示信息用于指示SN的安全能力。具体地,SN的安全能力包括SN是否支持安全保护。本申请中涉及的安全保护包括加密保护和完整性保护中的至少一种,也就是说,SN的安全能力可以是SN支持完整性保护、SN支持加密保护以及SN支持加密保护和完整性保护;进一步地,还可以具体指示对于UE进行的PDU会话来说,针对这些PDU会话SN是否支持开启加密保护,或者,针对这些PDU会话SN是否支持开启完整性保护,或者,针对这些PDU会话SN是否支持开启加密保护和完整性保护。Wherein, the handover request message carries first indication information, and the first indication information is used to indicate the security capability of the SN. Specifically, the security capabilities of the SN include whether the SN supports security protection. The security protection involved in this application includes at least one of encryption protection and integrity protection, that is, the security capability of SN can be that SN supports integrity protection, SN supports encryption protection, and SN supports encryption protection and integrity protection; Further, it can also specifically indicate whether the SN supports encryption protection for these PDU sessions for the PDU sessions performed by the UE, or whether the SN supports integrity protection for these PDU sessions, or whether the SN supports for these PDU sessions Turn on encryption protection and integrity protection.
作为一种可能的实现方式,第一指示信息需要指示SN的安全能力为SN是否支持安全保护的情况下,第一指示信息可以为两个比特位的比特位图,第一个比特位用于表示SN是否支持加密保护(比特值为0表示不支持、比特值为1表示支持)、第一个比特位用于表示SN是否支持完整性保护(比特值为0表示不支持、比特值为1表示支持),则第一指示信息为10表示SN支持加密保护、第一指示信息为01表示SN支持完整性保护、第一指示信息为11表示SN支持加密保护和完整性保护。As a possible implementation, the first indication information needs to indicate whether the security capability of the SN is whether the SN supports security protection, the first indication information may be a two-bit bitmap, and the first bit is used for Indicates whether the SN supports encryption protection (bit value 0 means not supported, bit value 1 means support), the first bit is used to indicate whether SN supports integrity protection (bit value 0 means not supported, bit value 1 Indicates support), the first indication information of 10 indicates that the SN supports encryption protection, the first indication information of 01 indicates that the SN supports integrity protection, and the first indication information of 11 indicates that the SN supports encryption protection and integrity protection.
作为另一种可能的实现方式,第一指示信息需要指示SN的安全能力为SN是否支持安全保护的情况下,第一指示信息可以为显示指示SN是否支持加密保护,或,SN是否支持完整性保护,或,SN是否支持加密保护和完整性保护。As another possible implementation manner, the first indication information needs to indicate whether the security capability of the SN is whether the SN supports security protection, the first indication information may indicate whether the SN supports encryption protection, or whether the SN supports integrity Protection, or whether SN supports encryption protection and integrity protection.
应理解,本申请中对于第一指示信息指示SN的安全能力的具体形式并不限制,可以是上述举例的一种,也可以是其他的方式,这里不再一一举例说明。It should be understood that the specific form in which the first indication information indicates the security capability of the SN is not limited in this application, and it may be one of the above-mentioned examples, or other forms, which will not be described one by one here.
可选地,从第一指示信息的功能看,可以称第一指示信息为安全能力(security capability)参数。Optionally, from the perspective of the function of the first indication information, the first indication information may be called a security capability (security capability) parameter.
作为一种可能的实现方式,该第一指示信息可以作为现有协议中切换请求消息中携带的辅助接入网节点处的UE上下文(UE context reference at the S-NG-RAN node)参数中新增的信元,携带在切换请求消息中。As a possible implementation, the first indication information can be used as the new UE context (UE context reference at the S-NG-RAN node) parameter at the secondary access network node carried in the handover request message in the existing protocol. The increased cell is carried in the handover request message.
作为另一种可能的实现方式,该第一指示信息可以作为切换请求消息中的新增参数。As another possible implementation manner, the first indication information may be used as a newly added parameter in the handover request message.
应理解,本申请实施例中并不限定第一MN向第二MN发送的第一指示信息如何携带在切换请求消息,可以是作为该切换请求消息中的新增信元,也可以是作为该切换请求消息中的某个原有参数中的新增信元;或者,上述的第一指示信息可以携带在切换流程中其他的第一MN向第二MN发送的信令中;或者,在允许一定信令的开销下,上述的第一指示信息可以携带在切换流程中第一MN和第二MN之间新增的信令中,例如,第一MN向第二MN发送切换请求消息之前,新增信令用于传输上述的第一指示信息。It should be understood that the embodiment of the present application does not limit how the first indication information sent by the first MN to the second MN is carried in the handover request message. It can be used as a new information element in the handover request message, or as the handover request message. The new information element in an original parameter in the handover request message; or, the above-mentioned first indication information can be carried in other signaling sent by the first MN to the second MN in the handover process; or, when allowed Under certain signaling overhead, the above-mentioned first indication information can be carried in the newly added signaling between the first MN and the second MN in the handover procedure. For example, before the first MN sends a handover request message to the second MN, The newly added signaling is used to transmit the above-mentioned first indication information.
还应理解,与图3所示的切换流程类似,图4中的第一MN向第二MN发送切换请求消息之前,还需要根据UE返回的测量报告决定进行切换,即图4所示的方法流程还包括S411,第一MN向UE发起测量控制、S412,UE向第一MN发送测量报告、S413,第一MN决定进行切换,这三个步骤与图3中所示的S310、S320、S330类似这里不再赘述。It should also be understood that, similar to the handover process shown in Figure 3, before the first MN in Figure 4 sends a handover request message to the second MN, it also needs to decide to perform handover according to the measurement report returned by the UE, that is, the method shown in Figure 4 The process also includes S411, the first MN initiates measurement control to the UE, S412, the UE sends a measurement report to the first MN, S413, and the first MN decides to switch. These three steps are the same as those shown in S310, S320, and S330 in Figure 3. Similar to here will not repeat them.
进一步地,图4所示的切换方法可以保证UE和第二MN之间、以及UE和SN之间的数据安全保护形式一致,其中,安全保护可以是完整性保护、加密保护或者完整性保护和加密保护。即图4所示的切换方法可以应用在URLLC场景下,应理解,本申请中只限制第一MN在发生MN切换而SN不变的情况下,在切换流程中将SN的安全能力通过第一指示信息通知给第二MN,而不限制该方法的应用场景,则图4所示的方法能够应用的场景并不限制为URLLC场景,可以是其他的通信场景,这里不一一列举。Further, the handover method shown in FIG. 4 can ensure that the data security protection forms between the UE and the second MN, and between the UE and the SN are consistent, where the security protection can be integrity protection, encryption protection, or integrity protection and Encryption protection. That is to say, the handover method shown in Figure 4 can be applied in the URLLC scenario. It should be understood that this application is only restricted to the first MN when the MN handover occurs and the SN remains unchanged. The indication information is notified to the second MN without limiting the application scenarios of the method. The applicable scenarios of the method shown in FIG. 4 are not limited to the URLLC scenario, and may be other communication scenarios, which are not listed here.
为了保证UE和第二MN之间、以及UE和SN之间的数据安全保护形式一致,该切换方法还包括以下步骤:In order to ensure that the data security protection forms between the UE and the second MN and between the UE and the SN are consistent, the handover method further includes the following steps:
S420,第二MN确定安全策略。S420: The second MN determines a security policy.
作为一种可能的实现方式,第二MN根据所述SN的安全能力确定第二MN与UE之间之间的安全策略,当所述SN不支持安全保护时,所述第二MN确定所述安全策略为不激活所述第二MN与UE之间安全保护。As a possible implementation manner, the second MN determines the security policy between the second MN and the UE according to the security capabilities of the SN. When the SN does not support security protection, the second MN determines the The security policy is not to activate the security protection between the second MN and the UE.
应理解,本申请图4所示的实施例中,第二MN在决定第二MN与UE之间是否激活安全保护的时候,可以仅仅参考SN的安全能力,当SN的安全能力指示SN不支持安全保护时,第二MN在决定第二MN与UE之间不激活安全保护。该仅仅参考SN的安全能力适用于SN不支持安全保护的情况,当SN支持安全保护的情况下,需要参考第二MN的安全能力,例如:It should be understood that, in the embodiment shown in Figure 4 of this application, the second MN may only refer to the security capabilities of the SN when deciding whether to activate security protection between the second MN and the UE. When the security capabilities of the SN indicate that the SN does not support During security protection, the second MN decides not to activate security protection between the second MN and the UE. The only reference to the security capabilities of the SN applies to the case where the SN does not support security protection. When the SN supports the security protection, the security capabilities of the second MN need to be referred to, for example:
作为另一种可能的实现方式,第二MN根据所述第二MN和所述SN的安全能力确定安全策略,当所述SN支持安全保护但所述第二MN不支持安全保护时,所述第二MN确定所述安全策略为不激活所述SN与UE之间安全保护;As another possible implementation manner, the second MN determines a security policy according to the security capabilities of the second MN and the SN. When the SN supports security protection but the second MN does not support security protection, the The second MN determines that the security policy is not to activate security protection between the SN and the UE;
或者,作为另一种可能的实现方式,第二MN根据所述第二MN和所述SN的安全能 力确定安全策略,当所述SN支持安全保护且所述第二MN支持安全保护时,所述第二MN确定所述安全策略为激活所述SN与UE之间安全保护。Or, as another possible implementation manner, the second MN determines a security policy according to the security capabilities of the second MN and the SN, and when the SN supports security protection and the second MN supports security protection, The second MN determines that the security policy is to activate security protection between the SN and the UE.
具体地,第二MN基于接收到的第一指示信息以及第二MN的安全能力确定第二MN与UE之间的安全策略。Specifically, the second MN determines the security policy between the second MN and the UE based on the received first indication information and the security capability of the second MN.
应理解,与现有协议中不同的是,现有协议中第二MN确定与UE之间的安全策略仅仅基于第二MN的安全能力,例如,第二MN支持安全保护,则第二MN确定第二MN与UE之间开启安全保护、第二MN不支持安全保护,则第二MN确定第二MN与UE之间不开启相应的安全保护,则可能会导致第二MN支持安全保护,而SN不支持安全保护时,第二MN与UE之间建立RRC连接时开启了安全保护,但是SN不支持安全保护,那么SN与UE之间建立RRC连接时无法开启安全保护,则现有协议中在这种情况下,第二MN与UE之间需要重新建立RRC连接不开启安全保护,增加了第二MN与UE之间的信令开销。It should be understood that, unlike in the existing protocol, the second MN in the existing protocol determines the security policy with the UE based only on the second MN’s security capabilities. For example, if the second MN supports security protection, the second MN determines If security protection is enabled between the second MN and the UE, and the second MN does not support security protection, the second MN determines that the corresponding security protection is not enabled between the second MN and the UE, which may cause the second MN to support security protection, and When the SN does not support security protection, the security protection is enabled when the RRC connection is established between the second MN and the UE, but the SN does not support security protection, then the security protection cannot be enabled when the RRC connection is established between the SN and the UE, then the existing protocol In this case, the RRC connection needs to be re-established between the second MN and the UE without security protection, which increases the signaling overhead between the second MN and the UE.
本申请实施例中,在第二MN支持安全保护的情况下,第二MN确定第二MN与UE之间的安全保护是否开启时,参考了SN的安全能力,其中,当SN支持安全保护时,第二MN与UE之间开启相应的安全保护,当SN不支持安全保护时,第二MN与UE之间不开启相应的安全保护。In the embodiment of this application, when the second MN supports security protection, when the second MN determines whether the security protection between the second MN and the UE is turned on, it refers to the security capabilities of the SN, where, when the SN supports security protection , The corresponding security protection is enabled between the second MN and the UE. When the SN does not support the security protection, the corresponding security protection is not enabled between the second MN and the UE.
第二MN不支持安全保护的情况下,可以与现有协议中规定的一样不参考SN的安全能力,第二MN与UE之间不开启相应的安全保护。In the case that the second MN does not support security protection, the security capability of the SN may not be referred to as specified in the existing protocol, and the corresponding security protection is not enabled between the second MN and the UE.
或者,为了体现图4所示的实施例中第二MN基于SN的安全能力确定安全策略,可以理解为第二MN在获知SN不支持安全保护时,决策安全策略为不激活所述第二MN与UE之间安全保护。Or, in order to reflect that the second MN in the embodiment shown in FIG. 4 determines the security policy based on the security capability of the SN, it can be understood that when the second MN learns that the SN does not support security protection, the security policy is decided to not activate the second MN. Security protection between UE and UE.
应理解,当第二MN已知第二MN的安全能力和SN的安全能力时,第二MN的安全能力和SN的安全能力中至少一个的安全能力为不支持安全保护,则第二MN与UE之间不开启相应的安全保护。It should be understood that when the second MN knows the security capability of the second MN and the security capability of the SN, and the security capability of at least one of the security capability of the second MN and the security capability of the SN does not support security protection, the second MN and The corresponding security protection is not opened between UEs.
执行S420之后,第二MN需要向第一MN发送切换请求响应消息,执行S421,与图3中所示的S360类似,这里不再赘述;第一MN需要向UE发送下行连接配置,执行S422,与图3中所示的S370类似,这里不再赘述。After executing S420, the second MN needs to send a handover request response message to the first MN, and execute S421, which is similar to S360 shown in Figure 3, and will not be repeated here; the first MN needs to send the downlink connection configuration to the UE, and execute S422, It is similar to S370 shown in FIG. 3, and will not be repeated here.
UE基于下行连接配置配置好参数之后,可以与第二MN之间建立RRC连接,即执行S430,UE与第二MN之间建立RRC连接,其中,建立的RRC连接的是否开启安全保护为上述S420中第二MN确定的结果。After the UE configures the parameters based on the downlink connection configuration, it can establish an RRC connection with the second MN, that is, perform S430, and establish an RRC connection between the UE and the second MN, where whether the established RRC connection is opened for security protection is the above S420 Determine the result of the second MN.
进一步地,MN切换完成之后,第二MN需要与SN之间建立双连接,与图2中所示的建立双连接的流程不同的是,由于第二MN在切换流程中获知了SN的安全能力,则第二MN可以基于SN的安全能力以及自身的安全能力确定SN是否开启安全保护,即图4所述的方法流程还包括S440,第二MN确定SN是否开启安全保护。第二MN基于第二MN和UE之间的安全策略,确定SN是否激活SN和UE之间的安全保护;图4所述的方法流程还包括S450,第二MN向SN发送指示信息,指示SN是否开启安全保护。Further, after the handover of the MN is completed, the second MN needs to establish a dual connection with the SN. The difference from the procedure for establishing a dual connection shown in Figure 2 is that the second MN learns the security capabilities of the SN during the handover procedure. , The second MN can determine whether the SN opens the security protection based on the security capabilities of the SN and its own security capabilities, that is, the method flow described in FIG. 4 further includes S440, the second MN determines whether the SN opens the security protection. The second MN determines whether the SN activates the security protection between the SN and the UE based on the security policy between the second MN and the UE; the method flow described in FIG. 4 also includes S450. The second MN sends indication information to the SN to indicate the SN Whether to open the security protection.
例如,对应于上述的当所述SN不支持安全保护时,所述第二MN确定所述安全策略为不激活所述第二MN与UE之间安全保护,第二MN通过第二指示信息通知SN,不激活所述SN与所述UE之间的安全保护,因为当所述SN不支持安全保护时,所述第二MN 确定所述安全策略为不激活所述第二MN与UE之间安全保护的情况下,需要使UE和第二MN之间、UE和SN之间的数据保护方式一致。即图4所示的方法流程中S450为,第二MN向SN发送第二指示信息。For example, corresponding to the aforementioned when the SN does not support security protection, the second MN determines that the security policy is not to activate the security protection between the second MN and the UE, and the second MN informs through the second indication information SN, do not activate the security protection between the SN and the UE, because when the SN does not support security protection, the second MN determines that the security policy is not to activate the security protection between the second MN and the UE In the case of security protection, the data protection methods between the UE and the second MN, and between the UE and the SN need to be consistent. That is, S450 in the method flow shown in FIG. 4 is that the second MN sends the second indication information to the SN.
还例如,对应于上述的当所述SN支持安全保护但所述第二MN不支持安全保护时,所述第二MN确定所述安全策略为不激活所述第二MN与UE之间安全保护,第二MN通过第三指示信息通知SN,不激活所述SN与所述UE之间的安全保护,因为当所述SN支持安全保护但所述第二MN不支持安全保护时,所述第二MN确定所述安全策略为不激活所述第二MN与UE之间安全保护的情况下,需要使UE和第二MN之间、UE和SN之间的数据保护方式一致。即图4所示的方法流程中S450为,第二MN向SN发送第三指示信息。For another example, corresponding to the aforementioned when the SN supports security protection but the second MN does not support security protection, the second MN determines that the security policy is not to activate the security protection between the second MN and the UE , The second MN informs the SN through the third indication information that the security protection between the SN and the UE is not activated, because when the SN supports security protection but the second MN does not support security protection, the first When the second MN determines that the security policy is not to activate the security protection between the second MN and the UE, the data protection mode between the UE and the second MN and between the UE and the SN needs to be consistent. That is, S450 in the method flow shown in FIG. 4 is that the second MN sends the third indication information to the SN.
还例如,对应于上述的当所述SN支持安全保护且所述第二MN支持安全保护时,所述第二MN确定所述安全策略为激活所述第二MN与UE之间安全保护,第二MN通过第四指示信息通知SN,激活所述SN与所述UE之间的安全保护,因为当所述SN支持安全保护且所述第二MN支持安全保护时,所述第二MN确定所述安全策略为激活所述第二MN与UE之间安全保护的情况下,需要使UE和第二MN之间、UE和SN之间的数据保护方式一致。即图4所示的方法流程中S450为,第二MN向SN发送第四指示信息。For another example, corresponding to the above-mentioned when the SN supports security protection and the second MN supports security protection, the second MN determines that the security policy is to activate the security protection between the second MN and the UE. The second MN informs the SN through the fourth indication information to activate the security protection between the SN and the UE, because when the SN supports security protection and the second MN supports security protection, the second MN determines In the case where the security policy is to activate the security protection between the second MN and the UE, the data protection modes between the UE and the second MN and between the UE and the SN need to be consistent. That is, S450 in the method flow shown in FIG. 4 is that the second MN sends fourth indication information to the SN.
本申请所提供的切换的方法,第二MN能够基于SN的安全能力以及自身的安全能力确定SN是否开启安全保护,而无需基于图2所示的第二MN与SN之间建立双连接的过程中,获知SN是否开启安全保护,从而能够避免因为第二MN未能及时获取到SN是否开启安全保护情况下,增加第二MN与SN之间的额外信令交互。In the handover method provided by the present application, the second MN can determine whether the SN opens the security protection based on the security capabilities of the SN and its own security capabilities, without the need to establish a dual connection between the second MN and the SN shown in FIG. 2 In the process, it is learned whether the SN has security protection enabled, so as to avoid the additional signaling interaction between the second MN and the SN when the second MN fails to obtain whether the SN security protection is enabled in time.
具体地,第二MN的安全能力与SN的安全能力不一致的情况下,第二MN确定SN不开启安全保护;第二MN的安全能力与SN的安全能力一致的情况下,当第二MN的安全能力与SN的安全能力均为不支持安全保护,第二MN确定SN不开启安全保护、当第二MN的安全能力与SN的安全能力均为支持安全保护,第二MN确定SN开启安全保护。Specifically, when the security capabilities of the second MN are inconsistent with the security capabilities of the SN, the second MN determines that the SN does not enable security protection; when the security capabilities of the second MN are consistent with the security capabilities of the SN, when the security capabilities of the second MN Both the security capabilities and the SN security capabilities do not support security protection. The second MN determines that the SN does not enable the security protection. When the second MN’s security capabilities and the SN’s security capabilities both support the security protection, the second MN determines the SN to enable the security protection. .
由于第二MN的安全能力与SN的安全能力均为不支持安全保护的情况,与现有中第二MN基于第二MN的不支持安全保护确定SN不开启安全保护类似、另外第二MN的安全能力与SN的安全能力均为支持安全保护的情况,与现有中第二MN基于第二MN的支持安全保护确定SN开启安全保护类似,所以本申请提供的切换的方法主要实现了第二MN的安全能力与SN的安全能力不一致的情况下,第二MN可以确定SN不开启安全保护。Since the security capability of the second MN and the security capability of the SN are both in the case of not supporting security protection, it is similar to the existing second MN based on the second MN’s non-supporting security protection and determining that the SN does not open the security protection. Both the security capability and the security capability of the SN support security protection, similar to the existing second MN based on the security protection of the second MN to determine that the SN opens the security protection, so the handover method provided in this application mainly implements the second In the case that the security capability of the MN is inconsistent with the security capability of the SN, the second MN may determine that the SN does not open the security protection.
第二MN确定SN是否开启安全保护之后,可以通过上述的第二指示信息、第三指示信息或第四指示信息通知SN。第After the second MN determines whether the SN opens the security protection, it may notify the SN through the aforementioned second indication information, third indication information, or fourth indication information. First
具体地,第二指示信息、第三指示信息用于指示SN与所述UE之间不开启安全保护。Specifically, the second indication information and the third indication information are used to indicate that no security protection is enabled between the SN and the UE.
一种可能的实现方式,第二指示信息、第三指示信息为显示的指示信息,指示SN不开启安全保护;In a possible implementation manner, the second indication information and the third indication information are displayed indication information, indicating that the SN does not open the security protection;
一种可能的实现方式,第二指示信息、第三指示信息为策略指示信息,用于指示的SN不开启安全保护,具体地策略指示为not needed。In a possible implementation manner, the second indication information and the third indication information are policy indication information, and the SN used to indicate does not enable security protection, and the specific policy indication is not needed.
具体地,第四指示信息用于指示SN与所述UE之间开启安全保护。Specifically, the fourth indication information is used to indicate that security protection is enabled between the SN and the UE.
一种可能的实现方式,第四指示信息为显示的指示信息,指示SN开启安全保护;In a possible implementation manner, the fourth indication information is displayed indication information, instructing the SN to enable security protection;
一种可能的实现方式,第四指示信息为策略指示信息,用于指示的SN开启安全保护,具体地策略指示为required。In a possible implementation manner, the fourth indication information is policy indication information, which is used to instruct the SN to enable security protection, and the specific policy indication is required.
进一步地,第二MN确定了SN的安全策略之后,与SN建立双连接,具体建立流程与图2所示的类似,即图4所示的方法流程还包括S441,第二MN向SN发送SN添加请求消息、S442,SN判断是否开启完整性保护和加密保护、S443,SN向MN发送SN添加请求响应消息,这三个步骤与图2中所示的S220、S230、S240类似这里不再赘述。Further, after the second MN determines the security policy of the SN, it establishes a dual connection with the SN. The specific establishment process is similar to that shown in Fig. 2. That is, the method process shown in Fig. 4 also includes S441. The second MN sends the SN to the SN. Add request message, S442, SN judges whether integrity protection and encryption protection are turned on, S443, SN sends SN add request response message to MN, these three steps are similar to S220, S230, S240 shown in Figure 2 and will not be repeated here. .
图4所示的方法流程,主要介绍了如何保证UE和第二MN之间、以及UE和SN之间的数据安全保护形式一致,本申请提供的切换方法还可以避免,第二MN建立第二MN和SN均不支持安全保护的、但需要安全保护的PDU会话,下面结合图5详细介绍该方案。The method flow shown in Figure 4 mainly introduces how to ensure that the data security protection forms between the UE and the second MN and between the UE and the SN are consistent. The handover method provided in this application can also prevent the second MN from establishing a second Neither the MN nor the SN supports a PDU session that is secured but needs to be secured. The solution will be described in detail below with reference to Figure 5.
图5是本申请实施例提供的另一种切换的方法的示意图。包括第一MN、第二MN、SN以及UE,其中,在发生切换之前,UE分别与所述第一MN和所述SN连接;所述第一MN也可称为源MN;切换之后,所述UE分别与所述第二MN和所述SN连接,所述第二MN也可以称为目标MN。另外,可选的,UE从所述第一MN向所述第二MN切换的过程,所述UE始终与所述SN保持连接。Fig. 5 is a schematic diagram of another handover method provided by an embodiment of the present application. It includes a first MN, a second MN, an SN, and a UE. Before the handover occurs, the UE is connected to the first MN and the SN respectively; the first MN may also be referred to as the source MN; The UE is connected to the second MN and the SN respectively, and the second MN may also be referred to as a target MN. In addition, optionally, in the process of UE handover from the first MN to the second MN, the UE always maintains a connection with the SN.
具体的,所述UE分别与第一主基站MN和辅基站SN连接,当所述UE从所述第一MN向第二MN切换以实现分别与所述第二MN和所述SN连接时,该切换的方法包括以下步骤:Specifically, the UE is connected to the first primary base station MN and the secondary base station SN respectively, and when the UE is handed over from the first MN to the second MN to connect to the second MN and the SN, The switching method includes the following steps:
S510,第一MN向第二MN发送切换请求消息。S510: The first MN sends a handover request message to the second MN.
其中,切换请求消息中携带有第一指示信息,该第一指示信息用于指示SN的安全能力。具体地,SN的安全能力包括SN对于UE的PDU会话是否开启安全保护。本申请中涉及的安全保护包括加密保护和完整性保护中的至少一种,也就是说,SN的安全能力可以是SN对于UE的PDU会话是否开启完整性保护、SN对于UE的PDU会话是否开启加密保护以及SN对于UE的PDU会话是否开启加密保护和完整性保护。Wherein, the handover request message carries first indication information, and the first indication information is used to indicate the security capability of the SN. Specifically, the security capability of the SN includes whether the SN opens security protection for the PDU session of the UE. The security protection involved in this application includes at least one of encryption protection and integrity protection, that is, the security capability of the SN can be whether the SN opens integrity protection for the UE's PDU session, and whether the SN opens the UE's PDU session Encryption protection and whether SN enables encryption protection and integrity protection for the PDU session of the UE.
应理解,图5中第一指示信息的具体形式与图4中所示的类似,不同的是图4中所示的第一指示信息用于指示SN是否开启安全保护、图5中所示的第一指示信息用于指示SN对于UE的PDU会话是否开启安全保护。It should be understood that the specific form of the first indication information in FIG. 5 is similar to that shown in FIG. 4, except that the first indication information shown in FIG. 4 is used to indicate whether the SN is to enable security protection. The first indication information is used to indicate whether the SN opens security protection for the PDU session of the UE.
作为一种可能的实现方式,第一指示信息需要指示SN的安全能力为SN对于UE的PDU会话是否开启安全保护的情况下,第一指示信息可以用于指示至少一个PDU会话,以及指示SN对于该至少一个PDU是否开启安全保护。例如,需要指示SN对于UE的第一PDU会话不开启完整性保护,则第一指示信息中可以携带该第一PDU的标识以及指示SN对于UE的第一PDU会话不开启完整性保护的指示。As a possible implementation, the first indication information needs to indicate that the security capability of the SN is whether the SN opens the security protection for the PDU session of the UE. The first indication information may be used to indicate at least one PDU session and indicate that the SN is Whether the security protection is enabled for the at least one PDU. For example, if it is necessary to indicate that the SN does not enable integrity protection for the first PDU session of the UE, the first indication information may carry the identifier of the first PDU and an indication indicating that the SN does not enable integrity protection for the first PDU session of the UE.
作为一种可能的实现方式,第一指示信息需要指示SN的安全能力为SN对于UE的PDU会话是否开启安全保护的情况下,第一指示信息可以是比特位图,每两个比特位用于指示一个上述UE进行的一个PDU,针对一个PDU来说,SN是否开启安全保护可以由该PDU会话对应的两个比特位来表示。As a possible implementation, the first indication information needs to indicate that the security capability of the SN is whether the SN opens the security protection for the PDU session of the UE. The first indication information may be a bitmap, and every two bits are used for Indicate a PDU performed by the above-mentioned UE. For a PDU, whether the SN opens the security protection can be indicated by two bits corresponding to the PDU session.
可选地,从第一指示信息的功能看,可以称第一指示信息为安全能力(security capability)参数。Optionally, from the perspective of the function of the first indication information, the first indication information may be called a security capability (security capability) parameter.
作为一种可能的实现方式,该第一指示信息可以作为现有协议中切换请求消息中携带 的辅助接入网节点处的UE上下文(UE context reference at the S-NG-RAN node)参数中新增的信元,携带在切换请求消息中。As a possible implementation, the first indication information can be used as the new UE context (UE context reference at the S-NG-RAN node) parameter at the secondary access network node carried in the handover request message in the existing protocol. The increased cell is carried in the handover request message.
作为另一种可能的实现方式,该第一指示信息可以作为切换请求消息中的新增参数。As another possible implementation manner, the first indication information may be used as a newly added parameter in the handover request message.
还应理解,与图3所示的切换流程类似,图5中的第一MN向第二MN发送切换请求消息之前,还需要根据UE返回的测量报告决定进行切换,即图4所示的方法流程还包括S511,第一MN向UE发起测量控制、S512,UE向第一MN发送测量报告、S513,第一MN决定进行切换,这三个步骤与图3中所示的S310、320、S330类似这里不再赘述。It should also be understood that, similar to the handover process shown in Figure 3, before the first MN in Figure 5 sends a handover request message to the second MN, it also needs to decide to perform handover according to the measurement report returned by the UE, that is, the method shown in Figure 4 The process also includes S511, the first MN initiates measurement control to the UE, S512, the UE sends a measurement report to the first MN, S513, and the first MN decides to switch. These three steps are the same as S310, 320, and S330 shown in Figure 3. Similar to here will not repeat them.
进一步地,图5所示的切换方法可以避免第二MN建立第二MN和SN均不支持安全保护的、但需要安全保护的PDU会话。Further, the handover method shown in FIG. 5 can prevent the second MN from establishing a PDU session in which neither the second MN nor the SN supports security protection but requires security protection.
S520,第二MN确定是否拒绝会话建立。S520: The second MN determines whether to reject session establishment.
具体地,第二MN基于自身的安全能力以及第一指示信息,确定是否拒绝PDU会话的建立。Specifically, the second MN determines whether to reject the establishment of the PDU session based on its own security capability and the first indication information.
例如,第一MN接收到6个PDU会话请求,其中,3个PDU会话(PDU1、PDU2和PDU3)需要完整性保护,另外3个PDU会话(PDU4、PDU5和PDU6)不需要完整性保护。此时第一MN将PDU1、PDU2、PDU3承载到自身,将PDU4、PDU5、PDU6offload到SN。当发生MN切换时,第二MN确定自身不支持完整性保护,以及根据第一指示信息确定SN对PDU1、PDU2、PDU3不开启完整性保护,则第二MN拒绝PDU1、PDU2、PDU3的建立,从而不会产生第二MN因为自身不支持完整性保护而试图将PDU1、PDU2、PDU3offload到SN,而SN不支持完整性保护会拒绝该分流请求,导致额外的信令开销。For example, the first MN receives 6 PDU session requests, of which 3 PDU sessions (PDU1, PDU2, and PDU3) require integrity protection, and the other 3 PDU sessions (PDU4, PDU5, and PDU6) do not require integrity protection. At this time, the first MN carries PDU1, PDU2, and PDU3 to itself, and offloads PDU4, PDU5, and PDU6 to SN. When a MN handover occurs, the second MN determines that it does not support integrity protection, and determines that the SN does not enable integrity protection for PDU1, PDU2, and PDU3 according to the first indication information, then the second MN rejects the establishment of PDU1, PDU2, and PDU3, Therefore, the second MN will not attempt to offload the PDU1, PDU2, and PDU3 to the SN because it does not support integrity protection. However, the SN does not support integrity protection and will reject the offload request, resulting in additional signaling overhead.
执行S520之后,第二MN需要向第一MN发送切换请求响应消息,执行S521,与图3中所示的S360类似,这里不再赘述;第一MN需要向UE发送下行连接配置,执行S522,与图3中所示的S370类似,这里不再赘述;UE基于下行连接配置配置好参数之后,UE与第二MN之间建立RRC连接,执行S523,与图3中所示的S380类似,这里不再赘述。After executing S520, the second MN needs to send a handover request response message to the first MN, and execute S521, which is similar to S360 shown in Figure 3, and will not be repeated here; the first MN needs to send the downlink connection configuration to the UE, and execute S522. It is similar to S370 shown in Figure 3 and will not be repeated here; after the UE configures the parameters based on the downlink connection configuration, an RRC connection is established between the UE and the second MN, and S523 is executed, which is similar to S380 shown in Figure 3. No longer.
进一步地,切换完成之后,第二MN需要与SN之间建立双连接,与图2中所示的建立双连接的流程不同的是,由于第二MN在切换流程中获知了SN的安全能力,则第二MN可以基于SN的安全能力确定如何进行分流,即执行S530,第二MN确定分流策略。Further, after the handover is completed, the second MN needs to establish a dual connection with the SN. The difference from the process of establishing a dual connection shown in Figure 2 is that the second MN learns the security capabilities of the SN during the handover process. Then the second MN may determine how to perform offloading based on the security capability of the SN, that is, execute S530, and the second MN determines the offloading strategy.
第二MN根据第一指示信息确定SN对PDU会话不开启安全保护,而该PDU会话需要安全保护,则第二MN不会将这些PDU会话分流到SN。The second MN determines according to the first indication information that the SN does not enable security protection for the PDU session, and the PDU session requires security protection, the second MN will not offload these PDU sessions to the SN.
进一步地,第二MN确定了分流策略之后,与SN建立双连接,具体建立流程与图2所示的类似,即图5所示的方法流程还包括S531,第二MN向SN发送SN添加请求消息、S532,SN判断是否开启完整性保护和加密保护、S533,SN向MN发送SN添加请求响应消息,这三个步骤与图2中所示的S220、S230、S240类似这里不再赘述。Further, after the second MN determines the offload strategy, it establishes a dual connection with the SN. The specific establishment process is similar to that shown in FIG. 2, that is, the method process shown in FIG. 5 also includes S531. The second MN sends an SN addition request to the SN Message, S532, SN judges whether to enable integrity protection and encryption protection, S533, SN sends SN add request response message to MN, these three steps are similar to S220, S230, S240 shown in Figure 2 and will not be repeated here.
应理解,上述各个方法实施例中,上述各过程的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本申请实施例的实施过程构成任何限定。It should be understood that in the foregoing method embodiments, the size of the sequence numbers of the foregoing processes does not mean the order of execution, and the execution order of the processes should be determined by their functions and internal logic, and should not correspond to the implementation process of the embodiments of this application. Constitute any limitation.
还应理解,图4和图5所示的切换的方法可以结合使用,即在URLLC场景下能够节省第二MN与UE之间,或,第二MN与SN之间的信令开销,以及第二MN还可以拒绝建立某些PDU会话。It should also be understood that the handover methods shown in Figures 4 and 5 can be used in combination, that is, in the URLLC scenario, the signaling overhead between the second MN and the UE, or between the second MN and the SN, and the first The second MN can also refuse to establish certain PDU sessions.
还应理解本申请中的“第一”、“第二”仅用于区分说明,而不应对本申请构成任何限定。It should also be understood that the "first" and "second" in this application are only used for distinguishing description, and should not constitute any limitation to this application.
上面结合图4和图5详细介绍了本申请实施例提供的切换的方法,下面结合图6-图11详细介绍本申请实施例提供的切换的装置。应理解,切换的装置与切换的方法相互对应,类似的描述可以参照方法实施例。值得注意的是,切换的装置可以与上述切换的方法配合使用,也可以单独使用。The handover method provided by the embodiment of the present application is described in detail above with reference to Figs. 4 and 5, and the handover device provided by the embodiment of the present application is described in detail below with reference to Figs. 6-11. It should be understood that the switching device and the switching method correspond to each other, and similar descriptions may refer to the method embodiments. It is worth noting that the switching device can be used in conjunction with the above switching method, or it can be used alone.
参见图6,图6是本申请提出的切换的装置10的示意图。如图6所示,装置10包括发送收单元110、处理单元120以及接收单元130。Refer to FIG. 6, which is a schematic diagram of the switching device 10 proposed in the present application. As shown in FIG. 6, the device 10 includes a sending and receiving unit 110, a processing unit 120 and a receiving unit 130.
发送单元110,用于向第一MN发送测量报告;The sending unit 110 is configured to send a measurement report to the first MN;
处理单元120,用于与第二MN建立RRC连接;The processing unit 120 is configured to establish an RRC connection with the second MN;
接收单元130,用于接收第一MN发送的下行连接配置。The receiving unit 130 is configured to receive the downlink connection configuration sent by the first MN.
装置10和方法实施例中的用户设备完全对应,装置10可以是方法实施例中的用户设备,或者方法实施例中的用户设备内部的芯片或功能模块。装置10的相应单元用于执行图4和图5所示的方法实施例中由用户设备执行的相应步骤。The apparatus 10 completely corresponds to the user equipment in the method embodiment, and the apparatus 10 may be the user equipment in the method embodiment, or a chip or functional module inside the user equipment in the method embodiment. The corresponding units of the apparatus 10 are used to execute the corresponding steps executed by the user equipment in the method embodiments shown in FIGS. 4 and 5.
其中,装置10中的发送单元110执行方法实施例中用户设备发送的步骤。例如,执行图4中向第一MN发送测量报告的步骤S412、执行图5中向第一MN发送测量报告的步骤S512。Wherein, the sending unit 110 in the apparatus 10 executes the steps sent by the user equipment in the method embodiment. For example, step S412 of sending a measurement report to the first MN in FIG. 4 and step S512 of sending a measurement report to the first MN in FIG. 5 are performed.
装置10中的处理单元120执行方法实施例中用户设备内部实现或处理的步骤。例如,执行图4中与第二MN建立RRC连接的步骤S423、执行图5中与第二MN建立RRC连接的步骤S523。The processing unit 120 in the device 10 executes the steps implemented or processed inside the user equipment in the method embodiment. For example, step S423 of establishing an RRC connection with the second MN in FIG. 4 and step S523 of establishing an RRC connection with the second MN in FIG. 5 are executed.
装置10中的接收单元130执行方法实施例中用户设备接收的步骤。例如,执行图4中接收第一MN发送的下行连接配置的步骤S422、执行图5中接收第一MN发送的下行连接配置的步骤S522。The receiving unit 130 in the apparatus 10 executes the steps of receiving by the user equipment in the method embodiment. For example, step S422 of receiving the downlink connection configuration sent by the first MN in FIG. 4 and step S522 of receiving the downlink connection configuration sent by the first MN in FIG. 5 are executed.
接收单元130和发送单元110可以组成收发单元,同时具有接收和发送的功能。其中,处理单元120可以是处理器。发送单元110可以是发射器。接收单元130可以是接收器。接收器和发射器可以集成在一起组成收发器。The receiving unit 130 and the sending unit 110 may constitute a transceiving unit and have the functions of receiving and sending at the same time. Wherein, the processing unit 120 may be a processor. The transmitting unit 110 may be a transmitter. The receiving unit 130 may be a receiver. The receiver and transmitter can be integrated to form a transceiver.
参见图7,图7是适用于本申请实施例的用户设备20的结构示意图。该用户设备20可应用于图1所示出的系统中。为了便于说明,图7仅示出了用户设备的主要部件。如图7所示,用户设备20包括处理器(对应于图6中所示的处理单元120)、存储器、控制电路、天线以及输入输出装置(对应于图6中所示的接收单元130和发送单元110)。处理器用于控制天线以及输入输出装置收发信号,存储器用于存储计算机程序,处理器用于从存储器中调用并运行该计算机程序,以执行本申请提出的切换的方法中由用户设备执行的相应流程和/或操作。此处不再赘述。Referring to FIG. 7, FIG. 7 is a schematic structural diagram of a user equipment 20 applicable to an embodiment of the present application. The user equipment 20 can be applied to the system shown in FIG. 1. For ease of description, FIG. 7 only shows the main components of the user equipment. As shown in FIG. 7, the user equipment 20 includes a processor (corresponding to the processing unit 120 shown in FIG. 6), a memory, a control circuit, an antenna, and an input and output device (corresponding to the receiving unit 130 and transmitting unit 130 shown in FIG. 6). Unit 110). The processor is used to control the antenna and the input and output device to send and receive signals, the memory is used to store a computer program, and the processor is used to call and run the computer program from the memory to execute the corresponding procedures and procedures executed by the user equipment in the switching method proposed in this application. /Or operation. I won't repeat them here.
本领域技术人员可以理解,为了便于说明,图7仅示出了一个存储器和处理器。在实际的用户设备中,可以存在多个处理器和存储器。存储器也可以称为存储介质或者存储设备等,本申请实施例对此不做限制。Those skilled in the art can understand that, for ease of description, FIG. 7 only shows a memory and a processor. In actual user equipment, there may be multiple processors and memories. The memory may also be referred to as a storage medium or a storage device, etc., which is not limited in the embodiment of the present application.
输入输出装置,用于与其他设备交互信息;Input and output devices, used to exchange information with other equipment;
处理器,用于执行方法实施例中用户设备内部实现或处理。The processor is configured to execute internal implementation or processing of the user equipment in the method embodiment.
参见图8,图8是本申请提出的切换的装置30的示意图。如图8所示,装置30包括发送单元310、接收单元320以及处理单元330。Referring to FIG. 8, FIG. 8 is a schematic diagram of the switching device 30 proposed in this application. As shown in FIG. 8, the device 30 includes a sending unit 310, a receiving unit 320, and a processing unit 330.
发送单元310,用于向第二MN发送切换请求消息,所述切换请求消息中携带第一指 示信息,所述第一指示信息用于指示所述SN的安全能力,其中,所述SN的安全能力包括所述SN是否支持安全保护,和/或,所述SN对于UE的分组数据单元PDU会话是否开启所述安全保护,所述安全保护包括加密保护和/或完整性保护。The sending unit 310 is configured to send a handover request message to the second MN, where the handover request message carries first indication information, and the first indication information is used to indicate the security capability of the SN. The capability includes whether the SN supports security protection, and/or whether the SN enables the security protection for a packet data unit PDU session of the UE, and the security protection includes encryption protection and/or integrity protection.
接收单元320,用于接收其他设备发送的信息。The receiving unit 320 is configured to receive information sent by other devices.
处理单元330,用于确定进行MN切换,其中,所述MN切换包括用户设备UE与第一MN和辅助基站SN建立双连接,切换为UE与第二MN和所述SN建立双连接。The processing unit 330 is configured to determine to perform an MN handover, where the MN handover includes the user equipment UE establishing a dual connection with the first MN and the auxiliary base station SN, and switching is for the UE to establish a dual connection with the second MN and the SN.
装置30和方法实施例中的第一MN完全对应,装置30可以是方法实施例中的第一MN,或者方法实施例中的第一MN内部的芯片或功能模块。装置30的相应单元用于执行图4和图5所示的方法实施例中由第一MN执行的相应步骤。The device 30 completely corresponds to the first MN in the method embodiment, and the device 30 may be the first MN in the method embodiment, or a chip or functional module inside the first MN in the method embodiment. The corresponding unit of the device 30 is used to execute the corresponding steps performed by the first MN in the method embodiments shown in FIGS. 4 and 5.
其中,装置30中的发送单元310执行方法实施例中第一MN发送的步骤。例如,执行图4中向UE发送测量控制的步骤S411、执行图4中向第二MN发送切换请求消息的步骤S410、执行图4中向UE发送下行连接配置的步骤S422、执行图5中向UE发送测量控制的步骤S511、执行图5中向第二MN发送切换请求消息的步骤S510、执行图5中向UE发送下行连接配置的步骤S522。The sending unit 310 in the device 30 executes the steps of sending by the first MN in the method embodiment. For example, perform step S411 of sending measurement control to the UE in FIG. 4, perform step S410 of sending a handover request message to the second MN in FIG. 4, perform step S422 of sending a downlink connection configuration to the UE in FIG. The step S511 of the UE sending measurement control, the step S510 of sending a handover request message to the second MN in FIG. 5, and the step S522 of sending a downlink connection configuration to the UE in FIG. 5 are executed.
装置30中的接收单元320执行方法实施例中第一MN接收的步骤。例如,执行图4中接收UE发送测量报告的步骤S412、执行图4中接收第二MN发送切换请求响应消息的步骤S421、执行图5中接收UE发送测量报告的步骤S512、执行图5中接收第二MN发送切换请求响应消息的步骤S521。The receiving unit 320 in the device 30 executes the steps of the first MN receiving in the method embodiment. For example, perform step S412 of receiving a measurement report sent by the UE in FIG. 4, perform step S421 of receiving a handover request response message sent by the second MN in FIG. 4, perform step S512 of receiving a measurement report sent by the UE in FIG. 5, and perform receiving in FIG. Step S521 where the second MN sends a handover request response message.
装置30中的处理单元330执行方法实施例中第一MN内部实现或处理的步骤。例如,执行图4中决定进行切换的步骤S413、执行图5中决定进行切换的步骤S513。The processing unit 330 in the device 30 executes the steps implemented or processed inside the first MN in the method embodiment. For example, step S413 of deciding to switch in FIG. 4 is executed, and step S513 of deciding to switch in FIG. 5 is executed.
接收单元320和发送单元310可以组成收发单元,同时具有接收和发送的功能。其中,处理单元330可以是处理器。发送单元310可以是发射器。接收单元320可以是接收器。接收器和发射器可以集成在一起组成收发器。The receiving unit 320 and the sending unit 310 may constitute a transceiving unit and have the functions of receiving and sending at the same time. Wherein, the processing unit 330 may be a processor. The transmitting unit 310 may be a transmitter. The receiving unit 320 may be a receiver. The receiver and transmitter can be integrated to form a transceiver.
参见图9,图9是适用于本申请实施例的第一MN 40的结构示意图,可以用于实现上述切换的方法中的第一MN的功能。可以为网络设备的结构示意图。Referring to FIG. 9, FIG. 9 is a schematic structural diagram of a first MN 40 applicable to an embodiment of the present application, and may be used to implement the function of the first MN in the above handover method. It can be a schematic diagram of the structure of a network device.
在5G通信系统中,第一MN 40可以包括CU、DU和AAU相比于LTE通信系统中的网络设备由一个或多个射频单元,如远端射频单元(remote radio unit,RRU)401和一个或多个基带单元(base band unit,BBU)来说:In the 5G communication system, the first MN 40 may include CU, DU, and AAU. Compared with the network equipment in the LTE communication system, the network equipment consists of one or more radio frequency units, such as a remote radio unit (RRU) 401 and one Or for multiple baseband units (BBU):
原BBU的非实时部分将分割出来,重新定义为CU,负责处理非实时协议和服务、BBU的部分物理层处理功能与原RRU及无源天线合并为AAU、BBU的剩余功能重新定义为DU,负责处理物理层协议和实时服务。简而言之,CU和DU,以处理内容的实时性进行区分、AAU为RRU和天线的组合。The non-real-time part of the original BBU will be divided and redefined as CU, which is responsible for processing non-real-time protocols and services. Part of the physical layer processing functions of the BBU are merged with the original RRU and passive antenna into AAU, and the remaining functions of the BBU are redefined as DU. Responsible for handling physical layer protocols and real-time services. In short, CU and DU are distinguished by the real-time nature of processing content, and AAU is a combination of RRU and antenna.
CU、DU、AAU可以采取分离或合设的方式,所以,会出现多种网络部署形态,一种可能的部署形态如图9所示与传统4G网络设备一致,CU与DU共硬件部署。应理解,图9只是一种示例,对本申请的保护范围并不限制,例如,部署形态还可以是DU部署在4G BBU机房,CU集中部署或DU集中部署,CU更高层次集中等。CU, DU, and AAU can be separated or co-located. Therefore, there will be multiple network deployment forms. A possible deployment form is shown in Figure 9 and is consistent with traditional 4G network equipment. CU and DU share hardware deployment. It should be understood that FIG. 9 is only an example, and does not limit the scope of protection of this application. For example, the deployment form may also be DU deployment in a 4G BBU computer room, CU centralized deployment or DU centralized deployment, and CU higher-level centralized deployment.
所述AAU 401可以实现收发功能称为收发单元401,与图8中的发送单元310对应。可选地,该收发单元401还可以称为收发机、收发电路、或者收发器等,其可以包括至少一个天线4011和射频单元4012。可选地,收发单元401可以包括接收单元和发送单元, 接收单元可以对应于接收器(或称接收机、接收电路),发送单元可以对应于发射器(或称发射机、发射电路)。所述CU和DU 402可以实现内部处理功能称为处理单元402,与图8中的处理单元330对应。可选地,该处理单元402可以对网络设备进行控制等,可以称为控制器。所述AAU 401与CU和DU 402可以是物理上设置在一起,也可以物理上分离设置的。The AAU 401 that can implement the transceiving function is called a transceiving unit 401, which corresponds to the transmitting unit 310 in FIG. 8. Optionally, the transceiver unit 401 may also be called a transceiver, a transceiver circuit, or a transceiver, etc., and it may include at least one antenna 4011 and a radio frequency unit 4012. Optionally, the transceiving unit 401 may include a receiving unit and a transmitting unit, the receiving unit may correspond to a receiver (or receiver, receiving circuit), and the transmitting unit may correspond to a transmitter (or transmitter, transmitting circuit). The CU and DU 402 that can implement internal processing functions are called the processing unit 402, which corresponds to the processing unit 330 in FIG. 8. Optionally, the processing unit 402 may control network devices, etc., and may be referred to as a controller. The AAU 401, the CU and the DU 402 may be physically set together, or may be physically separated.
另外,第一MN不限于图9所示的形态,也可以是其它形态:例如:包括BBU和自适应无线单元(adaptive radio unit,ARU),或者包括BBU和有源天线单元(active antenna unit,AAU);也可以为客户用户设备(customer premises equipment,CPE),还可以为其它形态,本申请不限定。In addition, the first MN is not limited to the form shown in FIG. 9, but may also be in other forms: for example, it includes a BBU and an adaptive radio unit (ARU), or includes a BBU and an active antenna unit (active antenna unit, AAU); it can also be customer premises equipment (CPE), or other forms, which are not limited in this application.
应理解,图9所示的第一MN 40能够实现图4和图5的方法实施例中涉及的第一MN功能。第一MN 40中的各个单元的操作和/或功能,分别为了实现本申请方法实施例中由第一MN执行的相应流程。为避免重复,此处适当省略详述描述。图10示例的第一MN的结构仅为一种可能的形态,而不应对本申请实施例构成任何限定。本申请并不排除未来可能出现的其他形态的第一MN结构的可能。It should be understood that the first MN 40 shown in FIG. 9 can implement the first MN function involved in the method embodiments of FIG. 4 and FIG. 5. The operations and/or functions of each unit in the first MN 40 are to implement the corresponding processes executed by the first MN in the method embodiment of the present application. To avoid repetition, detailed description is omitted here. The structure of the first MN illustrated in FIG. 10 is only a possible form and should not constitute any limitation to the embodiment of the present application. This application does not exclude the possibility of other forms of the first MN structure that may appear in the future.
参见图10,图10是本申请提出的切换的装置50的示意图。如图10所示,装置50包括发送单元510、接收单元520以及处理单元530。Refer to FIG. 10, which is a schematic diagram of the switching device 50 proposed in the present application. As shown in FIG. 10, the device 50 includes a sending unit 510, a receiving unit 520, and a processing unit 530.
发送单元510,用于向其他设备发送信息。The sending unit 510 is used to send information to other devices.
接收单元520,用于从第一MN处接收切换请求消息,所述切换请求消息中携带第一指示信息,所述第一指示信息用于指示辅助基站SN的安全能力,所述第一MN为发生MN切换之前为用户设备UE提供服务的MN,所述第二MN为发生MN切换之后为用户设备UE提供服务的MN,其中,所述SN的安全能力包括所述SN是否支持安全保护,和/或,所述SN对于所述UE的PDU会话是否开启所述安全保护,所述安全保护包括加密保护和/或完整性保护。The receiving unit 520 is configured to receive a handover request message from a first MN, where the handover request message carries first indication information, and the first indication information is used to indicate the security capability of the assisting base station SN, and the first MN is The MN that serves the user equipment UE before the MN handover occurs, the second MN is the MN that serves the user equipment UE after the MN handover occurs, wherein the security capability of the SN includes whether the SN supports security protection, and /Or, whether the SN enables the security protection for the PDU session of the UE, and the security protection includes encryption protection and/or integrity protection.
处理单元530,用于基于所述第一指示信息确定所述SN的安全能力。The processing unit 530 is configured to determine the security capability of the SN based on the first indication information.
装置50和方法实施例中的第二MN完全对应,装置50可以是方法实施例中的第二MN,或者方法实施例中的第二MN内部的芯片或功能模块。装置50的相应单元用于执行图4和图5所示的方法实施例中由第二MN执行的相应步骤。The device 50 completely corresponds to the second MN in the method embodiment, and the device 50 may be the second MN in the method embodiment, or a chip or functional module inside the second MN in the method embodiment. The corresponding units of the device 50 are used to perform the corresponding steps performed by the second MN in the method embodiments shown in FIGS. 4 and 5.
其中,装置50中的发送单元510执行方法实施例中第二MN发送的步骤。例如,执行图4中向第一MN发送切换请求响应消息的步骤S421、执行图4中向SN发送第二指示信息、第三指示信息或第四指示信息的步骤S450、执行图4中向SN发送SN添加请求消息的步骤S441、执行图5中向第一MN发送切换请求响应消息的步骤S521、执行图5中向SN发送SN添加请求消息的步骤S531。Wherein, the sending unit 510 in the device 50 executes the steps of sending by the second MN in the method embodiment. For example, perform step S421 of sending a handover request response message to the first MN in FIG. 4, perform step S450 of sending second, third, or fourth indication information to the SN in FIG. 4, and perform step S450 in FIG. Step S441 of sending an SN adding request message, step S521 of sending a handover request response message to the first MN in FIG. 5, and step S531 of sending an SN adding request message to the SN in FIG. 5 are executed.
装置50中的接收单元520执行方法实施例中第二MN接收的步骤。例如,执行图4中接收第一MN发送切换请求消息的步骤S410、执行图4中接收SN发送SN添加请求响应消息的步骤S443、执行图5中接收第一MN发送切换请求消息的步骤S510、执行图5中接收SN发送SN添加请求响应消息的步骤S533。The receiving unit 520 in the device 50 performs the steps of receiving by the second MN in the method embodiment. For example, step S410 of receiving the handover request message sent by the first MN in FIG. 4, step S443 of receiving the SN adding request response message sent by the SN in FIG. 4, and step S510 of receiving the handover request message sent by the first MN in FIG. Step S533 in FIG. 5 of receiving the SN adding request response message sent by the SN is performed.
装置50中的处理单元530执行方法实施例中第二MN内部实现或处理的步骤。例如,执行图4中与UE建立RRC连接的步骤S430、执行图4中确定安全策略的步骤S420、执行图4中确定SN是否开启安全保护的步骤S440、执行图5中与UE建立RRC连接的步 骤S523、执行图5中确定是否拒绝会话建立的步骤S520、执行图5中确定分流策略的步骤S530。The processing unit 530 in the device 50 executes the steps implemented or processed inside the second MN in the method embodiment. For example, perform step S430 of establishing an RRC connection with the UE in FIG. 4, perform step S420 of determining a security policy in FIG. 4, perform step S440 of determining whether the SN is enabled for security protection in FIG. Step S523: Perform step S520 in FIG. 5 to determine whether to reject session establishment, and perform step S530 in FIG. 5 to determine the offload strategy.
接收单元520和发送单元510可以组成收发单元,同时具有接收和发送的功能。其中,处理单元530可以是处理器。发送单元510可以是发射器。接收单元520可以是接收器。接收器和发射器可以集成在一起组成收发器。The receiving unit 520 and the sending unit 510 may constitute a transceiver unit, and have both receiving and sending functions. Wherein, the processing unit 530 may be a processor. The sending unit 510 may be a transmitter. The receiving unit 520 may be a receiver. The receiver and transmitter can be integrated to form a transceiver.
参见图11,图11是适用于本申请实施例的第二MN 60的结构示意图,可以用于实现上述切换的方法中的第二MN的功能。可以为网络设备的结构示意图。Referring to FIG. 11, FIG. 11 is a schematic structural diagram of a second MN 60 applicable to an embodiment of the present application, and may be used to implement the function of the second MN in the above handover method. It can be a schematic diagram of the structure of a network device.
第二MN 60的结构与图9所示的第一MN 40的结构类似,第二MN 60可以包括CU、DU和AAU。The structure of the second MN 60 is similar to the structure of the first MN 40 shown in FIG. 9, and the second MN 60 may include CU, DU, and AAU.
所述AAU 601可以实现收发功能称为收发单元601,与图10中的发送单元510对应。可选地,该收发单元601还可以称为收发机、收发电路、或者收发器等,其可以包括至少一个天线6011和射频单元6012。可选地,收发单元601可以包括接收单元和发送单元,接收单元可以对应于接收器(或称接收机、接收电路),发送单元可以对应于发射器(或称发射机、发射电路)。所述CU和DU 602可以实现内部处理功能称为处理单元602,与图10中的处理单元530对应。可选地,该处理单元602可以对网络设备进行控制等,可以称为控制器。所述AAU 601与CU和DU 602可以是物理上设置在一起,也可以物理上分离设置的。The AAU 601 that can implement the transceiver function is called a transceiver unit 601, which corresponds to the sending unit 510 in FIG. 10. Optionally, the transceiver unit 601 may also be called a transceiver, a transceiver circuit, or a transceiver, etc., and it may include at least one antenna 6011 and a radio frequency unit 6012. Optionally, the transceiving unit 601 may include a receiving unit and a transmitting unit, the receiving unit may correspond to a receiver (or receiver, receiving circuit), and the transmitting unit may correspond to a transmitter (or transmitter, transmitting circuit). The CU and DU 602 that can implement internal processing functions are called a processing unit 602, which corresponds to the processing unit 530 in FIG. 10. Optionally, the processing unit 602 may control network devices, etc., and may be referred to as a controller. The AAU 601, the CU and the DU 602 may be physically set together, or may be physically separated.
另外,第二MN不限于图11所示的形态,也可以是其它形态:例如:包括BBU和ARU,或者包括BBU和AAU;也可以为CPE,还可以为其它形态,本申请不限定。In addition, the second MN is not limited to the form shown in FIG. 11, and may also be in other forms: for example, including BBU and ARU, or including BBU and AAU; it may also be CPE or other forms, which is not limited by this application.
应理解,图11所示的第二MN 60能够实现图4和图5的方法实施例中涉及的第二MN功能。第二MN 60中的各个单元的操作和/或功能,分别为了实现本申请方法实施例中由第二MN执行的相应流程。为避免重复,此处适当省略详述描述。图10示例的第二MN的结构仅为一种可能的形态,而不应对本申请实施例构成任何限定。本申请并不排除未来可能出现的其他形态的第二MN结构的可能。It should be understood that the second MN 60 shown in FIG. 11 can implement the second MN function involved in the method embodiments of FIG. 4 and FIG. 5. The operations and/or functions of each unit in the second MN 60 are respectively for implementing the corresponding processes executed by the second MN in the method embodiment of the present application. To avoid repetition, detailed description is omitted here. The structure of the second MN illustrated in FIG. 10 is only a possible form, and should not constitute any limitation to the embodiment of the present application. This application does not exclude the possibility of other forms of the second MN structure that may appear in the future.
本申请实施例还提供一种通信系统,其包括前述的用户设备、第二MN、第二MN和SN。An embodiment of the present application also provides a communication system, which includes the aforementioned user equipment, a second MN, a second MN, and an SN.
本申请还提供了一种计算机可读存储介质,该计算机可读存储介质中存储有指令,当该指令在计算机上运行时,使得计算机执行上述如图4和图5所示的方法中第一MN执行的各个步骤。The present application also provides a computer-readable storage medium that stores instructions in the computer-readable storage medium. When the instructions run on a computer, the computer executes the first method shown in FIG. 4 and FIG. 5. The steps performed by the MN.
本申请还提供了一种计算机可读存储介质,该计算机可读存储介质中存储有指令,当该指令在计算机上运行时,使得计算机执行上述如图4和图5所示的方法中第二MN执行的各个步骤。The present application also provides a computer-readable storage medium. The computer-readable storage medium stores instructions. When the instructions run on a computer, the computer executes the second method shown in FIG. 4 and FIG. 5. The steps performed by the MN.
本申请还提供了一种计算机可读存储介质,该计算机可读存储介质中存储有指令,当该指令在计算机上运行时,使得计算机执行上述如图4和图5所示的方法中用户设备执行的各个步骤。The present application also provides a computer-readable storage medium that stores instructions in the computer-readable storage medium. When the instructions run on a computer, the computer executes the method shown in FIG. 4 and FIG. The various steps performed.
本申请还提供了一种包含指令的计算机程序产品,当该计算机程序产品在计算机上运行时,使得计算机执行如图4和图5所示的方法中第一MN执行的各个步骤。This application also provides a computer program product containing instructions. When the computer program product runs on a computer, the computer executes the steps performed by the first MN in the method shown in FIG. 4 and FIG. 5.
本申请还提供了一种包含指令的计算机程序产品,当该计算机程序产品在计算机上运行时,使得计算机执行如图4和图5所示的方法中第二MN执行的各个步骤。This application also provides a computer program product containing instructions. When the computer program product runs on a computer, the computer executes the steps performed by the second MN in the method shown in FIG. 4 and FIG. 5.
本申请还提供了一种包含指令的计算机程序产品,当该计算机程序产品在计算机上运行时,使得计算机执行如图4和图5所示的方法中用户设备执行的各个步骤。This application also provides a computer program product containing instructions. When the computer program product runs on a computer, the computer executes the steps performed by the user equipment in the methods shown in FIGS. 4 and 5.
本申请还提供一种芯片,包括处理器。该处理器用于读取并运行存储器中存储的计算机程序,以执行本申请提供的切换的方法中由第一MN执行的相应操作和/或流程。可选地,该芯片还包括存储器,该存储器与该处理器通过电路或电线与存储器连接,处理器用于读取并执行该存储器中的计算机程序。进一步可选地,该芯片还包括通信接口,处理器与该通信接口连接。通信接口用于接收需要处理的数据和/或信息,处理器从该通信接口获取该数据和/或信息,并对该数据和/或信息进行处理。该通信接口可以是输入输出接口。This application also provides a chip including a processor. The processor is used to read and run the computer program stored in the memory to execute the corresponding operation and/or process executed by the first MN in the handover method provided in this application. Optionally, the chip further includes a memory, the memory and the processor are connected to the memory through a circuit or a wire, and the processor is used to read and execute the computer program in the memory. Further optionally, the chip further includes a communication interface, and the processor is connected to the communication interface. The communication interface is used to receive data and/or information that needs to be processed, and the processor obtains the data and/or information from the communication interface, and processes the data and/or information. The communication interface can be an input and output interface.
本申请还提供一种芯片,包括处理器。该处理器用于读取并运行存储器中存储的计算机程序,以执行本申请提供的切换的方法中由第二MN执行的相应操作和/或流程。可选地,该芯片还包括存储器,该存储器与该处理器通过电路或电线与存储器连接,处理器用于读取并执行该存储器中的计算机程序。进一步可选地,该芯片还包括通信接口,处理器与该通信接口连接。通信接口用于接收需要处理的数据和/或信息,处理器从该通信接口获取该数据和/或信息,并对该数据和/或信息进行处理。该通信接口可以是输入输出接口。This application also provides a chip including a processor. The processor is used to read and run a computer program stored in the memory to execute the corresponding operation and/or process executed by the second MN in the handover method provided in this application. Optionally, the chip further includes a memory, the memory and the processor are connected to the memory through a circuit or a wire, and the processor is used to read and execute the computer program in the memory. Further optionally, the chip further includes a communication interface, and the processor is connected to the communication interface. The communication interface is used to receive data and/or information that needs to be processed, and the processor obtains the data and/or information from the communication interface, and processes the data and/or information. The communication interface can be an input and output interface.
本申请还提供一种芯片,包括处理器。该处理器用于读取并运行存储器中存储的计算机程序,以执行本申请提供的切换的方法中由用户设备执行的相应操作和/或流程。可选地,该芯片还包括存储器,该存储器与该处理器通过电路或电线与存储器连接,处理器用于读取并执行该存储器中的计算机程序。进一步可选地,该芯片还包括通信接口,处理器与该通信接口连接。通信接口用于接收需要处理的数据和/或信息,处理器从该通信接口获取该数据和/或信息,并对该数据和/或信息进行处理。该通信接口可以是输入输出接口。This application also provides a chip including a processor. The processor is used to read and run the computer program stored in the memory to execute the corresponding operation and/or process executed by the user equipment in the switching method provided in this application. Optionally, the chip further includes a memory, the memory and the processor are connected to the memory through a circuit or a wire, and the processor is used to read and execute the computer program in the memory. Further optionally, the chip further includes a communication interface, and the processor is connected to the communication interface. The communication interface is used to receive data and/or information that needs to be processed, and the processor obtains the data and/or information from the communication interface, and processes the data and/or information. The communication interface can be an input and output interface.
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。A person of ordinary skill in the art may be aware that the units and algorithm steps of the examples described in combination with the embodiments disclosed herein can be implemented by electronic hardware or a combination of computer software and electronic hardware. Whether these functions are executed by hardware or software depends on the specific application and design constraint conditions of the technical solution. Professionals and technicians can use different methods for each specific application to implement the described functions, but such implementation should not be considered beyond the scope of this application.
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统、装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that, for the convenience and conciseness of description, the specific working process of the above-described system, device, and unit can refer to the corresponding process in the foregoing method embodiment, which will not be repeated here.
在本申请所提供的几个实施例中,应该理解到,所揭露的系统、装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed system, device, and method may be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components can be combined or It can be integrated into another system, or some features can be ignored or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。In addition, the functional units in each embodiment of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
所述功能如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储 在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(read-only memory,ROM)、随机存取存储器(random access memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。If the function is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium. Based on this understanding, the technical solution of this application essentially or the part that contributes to the existing technology or the part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including Several instructions are used to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the method described in each embodiment of the present application. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (read-only memory, ROM), random access memory (random access memory, RAM), magnetic disk or optical disk and other media that can store program code .
另外,本申请中术语“和/或”,仅仅是一种描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。另外,本文中字符“/”,一般表示前后关联对象是一种“或”的关系;本申请中术语“至少一个”,可以表示“一个”和“两个或两个以上”,例如,A、B和C中至少一个,可以表示:单独存在A,单独存在B,单独存在C、同时存在A和B,同时存在A和C,同时存在C和B,同时存在A和B和C,这七种情况。还例如,A、B或C指的是A和B和C中的任意一个;A、B和C指的是A和B和C这3个可能。In addition, the term "and/or" in this application is only an association relationship describing the associated objects, indicating that there can be three types of relationships, for example, A and/or B, which can mean: A alone exists, and both A and B exist. , There are three cases of B alone. In addition, the character "/" in this text generally means that the associated objects before and after are in an "or" relationship; the term "at least one" in this application can mean "one" and "two or more", for example, A At least one of, B and C can mean: A alone exists, B alone exists, C exists alone, A and B exist alone, A and C exist simultaneously, C and B exist simultaneously, and A and B and C exist simultaneously, this Seven situations. For another example, A, B, or C refers to any of A, B, and C; A, B, and C refer to the three possibilities of A, B, and C.
以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以所述权利要求的保护范围为准。The above are only specific implementations of this application, but the protection scope of this application is not limited to this. Any person skilled in the art can easily think of changes or substitutions within the technical scope disclosed in this application. Should be covered within the scope of protection of this application. Therefore, the protection scope of this application should be subject to the protection scope of the claims.

Claims (29)

  1. 一种切换的方法,其特征在于,用户设备分别与第一主基站MN和辅基站SN连接,当所述用户设备从所述第一MN向第二MN切换以实现分别与所述第二MN和所述SN连接时,所述方法包括:A handover method, characterized in that a user equipment is respectively connected to a first primary base station MN and a secondary base station SN, and when the user equipment is handed over from the first MN to the second MN, the user equipment is connected to the second MN respectively. When connecting with the SN, the method includes:
    所述第一MN向所述第二MN发送切换请求消息,所述切换请求消息中携带第一指示信息,所述第一指示信息用于指示所述SN的安全能力;Sending, by the first MN, a handover request message to the second MN, where the handover request message carries first indication information, and the first indication information is used to indicate the security capability of the SN;
    所述第二MN根据所述SN的安全能力确定安全策略。The second MN determines a security policy according to the security capability of the SN.
  2. 根据权利要求1所述的方法,其特征在于,所述第二MN根据所述SN的安全能力确定安全策略,包括:The method according to claim 1, wherein the second MN determining a security policy according to the security capability of the SN comprises:
    当所述SN不支持安全保护时,所述第二MN确定所述安全策略为不激活所述第二MN与用户设备之间安全保护。When the SN does not support security protection, the second MN determines that the security policy is not to activate security protection between the second MN and the user equipment.
  3. 根据权利要求2所述的方法,其特征在于,所述方法还包括:The method of claim 2, wherein the method further comprises:
    所述第二MN向所述SN发送第二指示信息,所述第二指示信息用于指示所述SN不激活所述SN与所述用户设备之间的安全保护。The second MN sends second indication information to the SN, where the second indication information is used to instruct the SN to not activate security protection between the SN and the user equipment.
  4. 根据权利要求1所述的方法,其特征在于,所述第二MN根据所述SN的安全能力确定安全策略,包括:The method according to claim 1, wherein the second MN determining a security policy according to the security capability of the SN comprises:
    所述第二MN根据所述第二MN和所述SN的安全能力确定安全策略。The second MN determines a security policy according to the security capabilities of the second MN and the SN.
  5. 根据权利要求4所述的方法,其特征在于,所述第二MN根据所述第二MN和所述SN的安全能力确定安全策略,包括:The method according to claim 4, wherein the second MN determining a security policy according to the security capabilities of the second MN and the SN comprises:
    当所述SN支持安全保护但所述第二MN不支持安全保护时,所述第二MN确定所述安全策略为不激活所述SN与用户设备之间安全保护。When the SN supports security protection but the second MN does not support security protection, the second MN determines that the security policy is not to activate security protection between the SN and the user equipment.
  6. 根据权利要求5所述的方法,其特征在于,所述方法还包括:The method of claim 5, wherein the method further comprises:
    所述第二MN向所述SN发送第三指示信息,所述第三指示信息用于指示所述SN不激活所述SN与所述用户设备之间的安全保护。The second MN sends third indication information to the SN, where the third indication information is used to instruct the SN to not activate the security protection between the SN and the user equipment.
  7. 根据权利要求4所述的方法,其特征在于,所述第二MN根据所述第二MN和所述SN的安全能力确定安全策略,包括:The method according to claim 4, wherein the second MN determining a security policy according to the security capabilities of the second MN and the SN comprises:
    当所述SN支持安全保护且所述第二MN支持安全保护时,所述第二MN确定所述安全策略为激活所述SN与用户设备之间安全保护。When the SN supports security protection and the second MN supports security protection, the second MN determines that the security policy is to activate security protection between the SN and the user equipment.
  8. 根据权利要求7所述的方法,其特征在于,所述方法还包括:The method according to claim 7, wherein the method further comprises:
    所述第二MN向所述SN发送第四指示信息,所述第四指示信息用于指示所述SN激活所述SN与所述用户设备之间的安全保护。The second MN sends fourth indication information to the SN, where the fourth indication information is used to instruct the SN to activate security protection between the SN and the user equipment.
  9. 根据权利要求2至8中任一项所述的方法,其特征在于,所述安全保护为加密保护和/或完整性保护。The method according to any one of claims 2 to 8, wherein the security protection is encryption protection and/or integrity protection.
  10. 一种切换的方法,其特征在于,用户设备分别与第一主基站MN和辅基站SN连接,当所述用户设备从所述第一MN向第二MN切换以实现分别与所述第二MN和所述SN连接时,所述方法包括:A handover method, characterized in that a user equipment is respectively connected to a first primary base station MN and a secondary base station SN, and when the user equipment is handed over from the first MN to the second MN, the user equipment is connected to the second MN respectively. When connecting with the SN, the method includes:
    所述第二MN接收所述第一MN发送的切换请求消息,所述切换请求消息中携带第一 指示信息,所述第一指示信息用于指示所述SN的安全能力;Receiving, by the second MN, a handover request message sent by the first MN, where the handover request message carries first indication information, and the first indication information is used to indicate the security capability of the SN;
    所述第二MN根据所述SN的安全能力确定安全策略。The second MN determines a security policy according to the security capability of the SN.
  11. 根据权利要求10所述的方法,其特征在于,所述第二MN根据所述SN的安全能力确定安全策略,包括:The method according to claim 10, wherein the second MN determining a security policy according to the security capability of the SN comprises:
    当所述SN不支持安全保护时,所述第二MN确定所述安全策略为不激活所述第二MN与用户设备之间安全保护。When the SN does not support security protection, the second MN determines that the security policy is not to activate security protection between the second MN and the user equipment.
  12. 根据权利要求11所述的方法,其特征在于,所述方法还包括:The method of claim 11, wherein the method further comprises:
    所述第二MN向所述SN发送第二指示信息,所述第二指示信息用于指示所述SN不激活所述SN与所述用户设备之间的安全保护。The second MN sends second indication information to the SN, where the second indication information is used to instruct the SN to not activate security protection between the SN and the user equipment.
  13. 根据权利要求12所述的方法,其特征在于,所述第二MN根据所述SN的安全能力确定安全策略,包括:The method according to claim 12, wherein the second MN determining a security policy according to the security capability of the SN comprises:
    所述第二MN根据所述第二MN和所述SN的安全能力确定安全策略。The second MN determines a security policy according to the security capabilities of the second MN and the SN.
  14. 根据权利要求13所述的方法,其特征在于,所述第二MN根据所述第二MN和所述SN的安全能力确定安全策略,包括:The method according to claim 13, wherein the second MN determining a security policy according to the security capabilities of the second MN and the SN comprises:
    当所述SN支持安全保护但所述MN不支持完整性保护时,所述第二MN确定所述安全策略为不激活所述第二MN与用户设备之间安全保护。When the SN supports security protection but the MN does not support integrity protection, the second MN determines that the security policy is not to activate security protection between the second MN and the user equipment.
  15. 根据权利要求14所述的方法,其特征在于,所述方法还包括:The method of claim 14, wherein the method further comprises:
    所述第二MN向所述SN发送第三指示信息,所述第三指示信息用于指示所述SN不激活所述SN与所述用户设备之间的安全保护。The second MN sends third indication information to the SN, where the third indication information is used to instruct the SN to not activate the security protection between the SN and the user equipment.
  16. 根据权利要求13所述的方法,其特征在于,所述第二MN根据所述第二MN和所述SN的安全能力确定安全策略,包括:The method according to claim 13, wherein the second MN determining a security policy according to the security capabilities of the second MN and the SN comprises:
    当所述SN支持安全保护且所述第二MN支持安全保护时,所述第二MN确定所述安全策略为激活所述SN与用户设备之间安全保护。When the SN supports security protection and the second MN supports security protection, the second MN determines that the security policy is to activate security protection between the SN and the user equipment.
  17. 根据权利要求16所述的方法,其特征在于,所述方法还包括:The method of claim 16, wherein the method further comprises:
    所述第二MN向所述SN发送第四指示信息,所述第四指示信息用于指示所述SN激活所述SN与所述用户设备之间的安全保护。The second MN sends fourth indication information to the SN, where the fourth indication information is used to instruct the SN to activate security protection between the SN and the user equipment.
  18. 根据权利要求10至17中任一项所述的方法,其特征在于,所述安全保护为加密保护和/或完整性保护。The method according to any one of claims 10 to 17, wherein the security protection is encryption protection and/or integrity protection.
  19. 一种通信系统,其特征在于,所述通信系统包括第一主基站MN、第二MN、辅基站SN,用户设备分别与所述第一MN和所述SN连接,当所述用户设备从所述第一MN向所述第二MN切换以实现分别与所述第二MN和所述SN连接时,所述第一MN,用于向所述第二MN发送切换请求消息,所述切换请求消息中携带第一指示信息,所述第一指示信息用于指示所述SN的安全能力;A communication system, characterized in that the communication system includes a first primary base station MN, a second MN, and a secondary base station SN, and user equipment is connected to the first MN and the SN, and when the user equipment When the first MN switches to the second MN to connect to the second MN and the SN, the first MN is used to send a handover request message to the second MN, and the handover request The message carries first indication information, where the first indication information is used to indicate the security capability of the SN;
    所述第二MN,用于根据所述SN的安全能力确定安全策略。The second MN is used to determine a security policy according to the security capability of the SN.
  20. 一种切换的装置,其特征在于,用户设备分别与第一主基站MN和辅基站SN连接,当所述用户设备从所述第一MN向第二MN切换以实现分别与所述第二MN和所述SN连接时,所述装置用于执行所述第二MN的操作,所述装置包括:A handover device, characterized in that user equipment is connected to a first primary base station MN and a secondary base station SN respectively, and when the user equipment is handed over from the first MN to the second MN, the user equipment is connected to the second MN. When connected to the SN, the device is used to perform operations of the second MN, and the device includes:
    接收单元,用于接收所述第一MN发送的切换请求消息,所述切换请求消息中携带第一指示信息,所述第一指示信息用于指示所述SN的安全能力;A receiving unit, configured to receive a handover request message sent by the first MN, where the handover request message carries first indication information, and the first indication information is used to indicate the security capability of the SN;
    处理单元,用于根据所述SN的安全能力确定安全策略。The processing unit is used to determine a security policy according to the security capability of the SN.
  21. 根据权利要求20所述的装置,其特征在于,所述处理单元根据所述SN的安全能力确定安全策略,包括:The device according to claim 20, wherein the processing unit determines a security policy according to the security capability of the SN, comprising:
    当所述SN不支持安全保护时,所述处理单元确定所述安全策略为不激活所述第二MN与用户设备之间安全保护。When the SN does not support security protection, the processing unit determines that the security policy is not to activate security protection between the second MN and the user equipment.
  22. 根据权利要求21所述的装置,其特征在于,所述装置还包括:The device according to claim 21, wherein the device further comprises:
    发送单元,用于向所述SN发送第二指示信息,所述第二指示信息用于指示所述SN不激活所述SN与所述用户设备之间的安全保护。The sending unit is configured to send second indication information to the SN, where the second indication information is used to instruct the SN to not activate the security protection between the SN and the user equipment.
  23. 根据权利要求22所述的装置,其特征在于,所述处理单元根据所述SN的安全能力确定安全策略,包括:The device according to claim 22, wherein the processing unit determines a security policy according to the security capability of the SN, comprising:
    所述处理单元根据所述第二MN和所述SN的安全能力确定安全策略。The processing unit determines a security policy according to the security capabilities of the second MN and the SN.
  24. 根据权利要求23所述的装置,其特征在于,所述处理单元根据所述第二MN和所述SN的安全能力确定安全策略,包括:The device according to claim 23, wherein the processing unit determines a security policy according to the security capabilities of the second MN and the SN, comprising:
    当所述SN支持安全保护但所述MN不支持完整性保护时,所述处理单元确定所述安全策略为不激活所述第二MN与用户设备之间安全保护。When the SN supports security protection but the MN does not support integrity protection, the processing unit determines that the security policy is not to activate security protection between the second MN and the user equipment.
  25. 根据权利要求24所述的装置,其特征在于,所述装置还包括:The device according to claim 24, wherein the device further comprises:
    发送单元,用于向所述SN发送第三指示信息,所述第三指示信息用于指示所述SN不激活所述SN与所述用户设备之间的安全保护。The sending unit is configured to send third indication information to the SN, where the third indication information is used to instruct the SN to not activate the security protection between the SN and the user equipment.
  26. 根据权利要求23所述的装置,其特征在于,所述处理单元根据所述第二MN和所述SN的安全能力确定安全策略,包括:The device according to claim 23, wherein the processing unit determines a security policy according to the security capabilities of the second MN and the SN, comprising:
    当所述SN支持安全保护且所述MN支持完整性保护时,所述处理单元确定所述安全策略为激活所述第二MN与用户设备之间安全保护。When the SN supports security protection and the MN supports integrity protection, the processing unit determines that the security policy is to activate security protection between the second MN and the user equipment.
  27. 根据权利要求26所述的装置,其特征在于,所述装置还包括:The device according to claim 26, wherein the device further comprises:
    发送单元,用于向所述SN发送第四指示信息,所述第四指示信息用于指示所述SN激活所述SN与所述用户设备之间的安全保护。The sending unit is configured to send fourth indication information to the SN, where the fourth indication information is used to instruct the SN to activate security protection between the SN and the user equipment.
  28. 根据权利要求20至27中任一项所述的装置,其特征在于,所述安全保护为加密保护和/或完整性保护。The device according to any one of claims 20 to 27, wherein the security protection is encryption protection and/or integrity protection.
  29. 一种计算机可读存储介质,其特征在于,包括:所述计算机可读介质存储有计算机程序;所述计算机程序在计算机上运行时,使得计算机执行权利要求1-18中任一项所述的方法。A computer-readable storage medium, comprising: the computer-readable medium stores a computer program; when the computer program is run on a computer, the computer executes any one of claims 1-18 method.
PCT/CN2020/089622 2019-05-29 2020-05-11 Handover method, apparatus and communications system WO2020238596A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910457885.0 2019-05-29
CN201910457885.0A CN112020056B (en) 2019-05-29 2019-05-29 Switching method, device and communication system

Publications (1)

Publication Number Publication Date
WO2020238596A1 true WO2020238596A1 (en) 2020-12-03

Family

ID=73500738

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/089622 WO2020238596A1 (en) 2019-05-29 2020-05-11 Handover method, apparatus and communications system

Country Status (2)

Country Link
CN (1) CN112020056B (en)
WO (1) WO2020238596A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022147777A1 (en) * 2021-01-08 2022-07-14 华为技术有限公司 Security policy processing method and communication device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104378793A (en) * 2013-08-12 2015-02-25 中兴通讯股份有限公司 Switching method, master control base station and controlled base station
WO2016108560A1 (en) * 2014-12-30 2016-07-07 Lg Electronics Inc. Method and apparatus for performing inter-menb handover without senb change in wireless communication system
WO2019096329A1 (en) * 2017-11-20 2019-05-23 华为技术有限公司 Method and device for determining security capability

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10123242B2 (en) * 2015-01-30 2018-11-06 Nokia Solutions And Networks Oy Method, apparatus and system for dual connectivity handover
RU2744323C2 (en) * 2017-01-30 2021-03-05 Телефонактиеболагет Лм Эрикссон (Пабл) Methods for data integrity protection on the user plane

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104378793A (en) * 2013-08-12 2015-02-25 中兴通讯股份有限公司 Switching method, master control base station and controlled base station
WO2016108560A1 (en) * 2014-12-30 2016-07-07 Lg Electronics Inc. Method and apparatus for performing inter-menb handover without senb change in wireless communication system
WO2019096329A1 (en) * 2017-11-20 2019-05-23 华为技术有限公司 Method and device for determining security capability

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
HUAWEI ET AL.: "DC based NR scheme for 0ms interruption handover", 3GPP TSG-RAN WG2 #101 R2-1802473, 2 March 2018 (2018-03-02), XP051400151 *
LG ELECTRONICS INC.: "Alternative for security key change and reducing signalling overhead in DC based HO", 3GPP TSG-RAN WG2#104 R2-1816445, 16 November 2018 (2018-11-16), XP051480406 *

Also Published As

Publication number Publication date
CN112020056B (en) 2022-02-25
CN112020056A (en) 2020-12-01

Similar Documents

Publication Publication Date Title
US11950314B2 (en) Configuration method and apparatus, and system
US10785824B2 (en) Information processing method and related apparatus
WO2020001575A1 (en) Iab node switching method, iab node and host base station
WO2020199942A1 (en) Communication method, communication apparatus, and system
US20140376515A1 (en) Methods, apparatuses and computer program products for wlan discovery and handover in coexisted lte and wlan networks
WO2021013122A1 (en) Handover method and device
WO2020200034A1 (en) Network access method and apparatus
US20220225203A1 (en) Communication Method and Communications Apparatus
JP7147883B2 (en) Integrity protection handling in gNB-CU-UP
US11553546B2 (en) Methods and systems for radio access network aggregation and uniform control of multi-RAT networks
WO2013075602A1 (en) Method, base station and user equipment for achieving carrier aggregation
WO2020103807A1 (en) Communication method and apparatus
EP3567975A1 (en) Methods of operating network nodes in a communication network, and network nodes implementing the same
WO2019072170A1 (en) Communication method and communication apparatus
US20230012998A1 (en) Communication method, access network device, terminal device, and core network device
US11412564B2 (en) Method and apparatus for providing next generation network service in heterogeneous network environment
US20230086410A1 (en) Communication method and communication apparatus
WO2020211778A1 (en) Cell handover method and apparatus
WO2019076347A1 (en) Communication method and communication apparatus
WO2021032007A1 (en) Link failure report transmission method and device
WO2020238596A1 (en) Handover method, apparatus and communications system
US20230254729A1 (en) Migration method and apparatus for iab-node
WO2023273397A1 (en) Group handover method, device, and apparatus, and storage medium
CN107548166B (en) Method for configuring multi-connection signaling, main base station, user equipment and communication system
WO2019028922A1 (en) Method and device for transmitting cell configuration information

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20813153

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20813153

Country of ref document: EP

Kind code of ref document: A1