WO2020252790A1 - Procédé et appareil de transmission d'informations, dispositif de réseau et équipement utilisateur - Google Patents

Procédé et appareil de transmission d'informations, dispositif de réseau et équipement utilisateur Download PDF

Info

Publication number
WO2020252790A1
WO2020252790A1 PCT/CN2019/092413 CN2019092413W WO2020252790A1 WO 2020252790 A1 WO2020252790 A1 WO 2020252790A1 CN 2019092413 W CN2019092413 W CN 2019092413W WO 2020252790 A1 WO2020252790 A1 WO 2020252790A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
broadcast message
network element
integrity
key
Prior art date
Application number
PCT/CN2019/092413
Other languages
English (en)
Chinese (zh)
Inventor
许阳
王淑坤
刘建华
Original Assignee
Oppo广东移动通信有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Oppo广东移动通信有限公司 filed Critical Oppo广东移动通信有限公司
Priority to PCT/CN2019/092413 priority Critical patent/WO2020252790A1/fr
Priority to CN201980091583.4A priority patent/CN113412655A/zh
Publication of WO2020252790A1 publication Critical patent/WO2020252790A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W68/00User notification, e.g. alerting and paging, for incoming communication, change of service or the like
    • H04W68/02Arrangements for increasing efficiency of notification or paging channel

Definitions

  • the first UE receives a broadcast message sent by an access network element, the broadcast message includes the at least one UE information, and each UE information in the broadcast message corresponds to a UE identifier.
  • Figure 5-2 is a structural diagram of a secured NAS message provided by an embodiment of the present application.
  • FIG. 7 is a second schematic diagram of secret key derivation provided by an embodiment of the present application.
  • the 5G system or 5G network may also be referred to as a New Radio (NR) system or NR network.
  • NR New Radio
  • FIG. 2 is a 5G network architecture diagram provided by an embodiment of the application. As shown in Figure 2, the equipment involved in the 5G network includes:
  • RRC-INACTIVE state (hereinafter referred to as inactive state): The RRC connection of the air interface is released, but the N2 connection is still maintained.
  • the core network may not perceive the release of the air interface RRC and process it according to the CM-CONNECTED state. For example, when the downlink data arrives, it sends the downlink data to the base station as usual, and the base station can send out paging after receiving the downlink data. Therefore, paging the UE triggers an RRC Resume (RRC Resume) process to restore the RRC connection.
  • RRC Resume RRC Resume
  • the UE information corresponding to multiple UE IDs comes from the core network, that is, the core network sends the UE information that needs to be sent to a specific UE to the base station according to the per UE granularity, and the base station sends the UE information corresponding to the multiple UE IDs It is encapsulated and broadcasted in the same paging message.
  • At least one UE information is respectively transmitted by the core network to the base station, and encapsulated by the base station in the same broadcast message (such as a paging message) and broadcasted.
  • the first UE can obtain its own UE information by monitoring the broadcast message. .
  • security issues there are the following security issues: 1) After receiving a broadcast message, the first UE can obtain not only its own UE information, but also other UE information; 2) A malicious attacker can intercept the broadcast message, and Modify it and send it to the UE again, which causes the UE to receive the wrong information. For this reason, the UE information in the broadcast message needs to be secured. Furthermore, if the broadcast message contains the UE identity and UE information, both the UE identity and UE information can also be secured or only the UE information can be secured.
  • Figure 11-1 is a schematic diagram of encryption and/or integrity protection using a NAS layer security key, which will be described in detail below.
  • the NAS layer security key can be used to encrypt and/or integrity protect the UE information.
  • the NAS security key or NAS security context of the UE and the core network such as AMF
  • the NAS security key can still be used Or use the new NAS security key generated by the NAS security context to perform encryption, decryption and/or integrity verification.
  • the second security mechanism UE information in the broadcast message is encrypted and/or integrity protected by a second security key, the second security key being an AS layer security key, and the AS layer security key It is the security key of the protocol layer between the access network and the UE.
  • the protocol layer between the access network and the UE may be the PDCP layer.
  • the target object in the broadcast message, is encrypted and/or integrity protected, and the UE identity corresponding to the UE information in the target object is not encrypted and/or integrity protected.
  • the target object and the UE identity corresponding to the UE information in the target object are encrypted and/or integrity protected, and the broadcast message carries second indication information, and the second The indication information is used to indicate the identifier of the receiving end of each UE information in the target object.
  • the core network uses the private key to encrypt and/or sign the UE information sent to the base station. Specifically, it includes the following two forms: 1) Each UE information sent by the core network to the base station is per UE granularity When sending, the core network needs to use the private key to encrypt and/or sign each UE information. 2) The core network can send multiple UE information to the base station in batches through a new message (multiple UE information forms a target object, such as "Section"), so that the target object containing multiple UE information can be unified with the private key Encrypt and/or sign.
  • a new message multiple UE information forms a target object, such as "Section"
  • the receiving unit 1301 is configured to receive at least one piece of UE information sent by a core network element
  • the receiving unit 1301 is configured to receive encrypted and/or integrity-protected at least one piece of UE information sent by a core network control plane network element, where the at least one piece of UE information is that the core network control plane network element adopts NAS Layer security key for encryption and/or integrity protection;
  • the receiving unit 1301 is configured to receive encrypted and/or integrity-protected at least one piece of UE information sent by a core network user plane network element, where the at least one piece of UE information is a user interface of the core network user plane network element.
  • the face secret key performs encryption and/or integrity protection.
  • the AS layer security key is a secret key generated based on a new base station secret key or an old base station secret key
  • the core network element uses a private key to separately encrypt and/or integrity protect each UE information in the at least one UE information, and encrypts and/or integrity protects all the information.
  • the at least one UE information is sent to the access network network element respectively.
  • the first security key is a user plane secret key
  • the at least one UE information is encrypted and/or integrity protected by the user plane network element of the core network using the user plane secret key.
  • the device further includes:
  • the processing unit 1402 is configured to, after receiving the broadcast message, obtain the first UE information corresponding to the UE identity of the first UE from the broadcast message, and use the public key in the public and private key pair to pair the The first UE information is decrypted and/or integrity verified.
  • the memory 1520 may be a separate device independent of the processor 1510, or may be integrated in the processor 1510.
  • the chip 1600 may further include a memory 1620.
  • the processor 1610 may call and run a computer program from the memory 1620 to implement the method in the embodiment of the present application.
  • the computer program can be applied to the mobile terminal/terminal device in the embodiment of the present application.
  • the computer program runs on the computer, the computer executes each method in the embodiment of the present application. For the sake of brevity, the corresponding process will not be repeated here.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé et un appareil de transmission d'informations, un dispositif de réseau et un équipement utilisateur. Le procédé comprend les étapes suivantes : un élément de réseau d'accès reçoit au moins un élément d'information d'UE envoyé par un élément de réseau central ; et l'élément de réseau d'accès envoie un message de diffusion, le message de diffusion comprenant le ou les éléments d'information d'UE, et chaque élément d'information d'UE dans le message de diffusion correspondant à un identifiant d'UE.
PCT/CN2019/092413 2019-06-21 2019-06-21 Procédé et appareil de transmission d'informations, dispositif de réseau et équipement utilisateur WO2020252790A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2019/092413 WO2020252790A1 (fr) 2019-06-21 2019-06-21 Procédé et appareil de transmission d'informations, dispositif de réseau et équipement utilisateur
CN201980091583.4A CN113412655A (zh) 2019-06-21 2019-06-21 一种信息传输方法及装置、网络设备、用户设备

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/092413 WO2020252790A1 (fr) 2019-06-21 2019-06-21 Procédé et appareil de transmission d'informations, dispositif de réseau et équipement utilisateur

Publications (1)

Publication Number Publication Date
WO2020252790A1 true WO2020252790A1 (fr) 2020-12-24

Family

ID=74040500

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/092413 WO2020252790A1 (fr) 2019-06-21 2019-06-21 Procédé et appareil de transmission d'informations, dispositif de réseau et équipement utilisateur

Country Status (2)

Country Link
CN (1) CN113412655A (fr)
WO (1) WO2020252790A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114339630A (zh) * 2021-11-30 2022-04-12 度小满科技(北京)有限公司 一种用于短信保护的方法和装置
WO2024041467A1 (fr) * 2022-08-26 2024-02-29 维沃移动通信有限公司 Procédé et appareil de transmission d'informations système, terminal, dispositif côté réseau et support

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160374048A1 (en) * 2015-06-19 2016-12-22 Qualcomm Incorporated Small data transmission in a wireless communications system
CN107592281A (zh) * 2016-07-06 2018-01-16 华为技术有限公司 一种传输数据的保护系统、方法及装置
US20190159168A1 (en) * 2016-08-31 2019-05-23 Huawei Technologies Co., Ltd. Small data transmission method and related device and system

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103929740B (zh) * 2013-01-15 2017-05-10 中兴通讯股份有限公司 数据安全传输方法及lte接入网系统
CN104754576B (zh) * 2013-12-31 2018-07-31 华为技术有限公司 设备验证方法、用户设备及网络设备
CN110536254B (zh) * 2016-01-25 2022-02-22 展讯通信(上海)有限公司 小区切换方法及装置、存储介质、基站
CN107182061B (zh) * 2017-06-14 2020-07-28 北京佰才邦技术有限公司 一种通信连接方法及装置
CN109729566B (zh) * 2017-10-27 2021-01-29 华为技术有限公司 一种信息传输方法和设备

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160374048A1 (en) * 2015-06-19 2016-12-22 Qualcomm Incorporated Small data transmission in a wireless communications system
CN107592281A (zh) * 2016-07-06 2018-01-16 华为技术有限公司 一种传输数据的保护系统、方法及装置
US20190159168A1 (en) * 2016-08-31 2019-05-23 Huawei Technologies Co., Ltd. Small data transmission method and related device and system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
HUAWEI; HISILICON: "Key Issue on security for small data transmission", 3GPP DRAFT; S3-182924-KEY ISSUE ON SECURITY FOR SMALL DATA TRANSMISSION, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG3, no. Harbin; 20180924 - 20180928, 21 September 2018 (2018-09-21), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France, XP051546390 *
ZTE: "Addition last known RAN information in solution 5", 3GPP DRAFT; S2-184714 ADDITION LAST ACCESS RAN INFORMATION IN SOLUTION 5, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG2, no. Newport Beach, CA, USA; 20180528 - 20180601, 22 May 2018 (2018-05-22), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France, XP051535269 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114339630A (zh) * 2021-11-30 2022-04-12 度小满科技(北京)有限公司 一种用于短信保护的方法和装置
CN114339630B (zh) * 2021-11-30 2023-07-21 度小满科技(北京)有限公司 一种用于短信保护的方法和装置
WO2024041467A1 (fr) * 2022-08-26 2024-02-29 维沃移动通信有限公司 Procédé et appareil de transmission d'informations système, terminal, dispositif côté réseau et support

Also Published As

Publication number Publication date
CN113412655A (zh) 2021-09-17

Similar Documents

Publication Publication Date Title
US11304054B2 (en) Communication method and device
CN110830991B (zh) 安全会话方法和装置
CN109391603B (zh) 数据完整性保护方法和装置
WO2020034229A1 (fr) Procédé et appareil de transmission d'informations, et dispositif de communication
US20140126489A1 (en) Managing operating parameters for communication bearers in a wireless network
WO2020248624A1 (fr) Procédé de communication, dispositif de réseau, équipement utilisateur et dispositif de réseau d'accès
WO2017133021A1 (fr) Procédé de traitement de sécurité et dispositif pertinent
US11889301B2 (en) Security verification when resuming an RRC connection
WO2021000331A1 (fr) Procédé et appareil de transmission de données, et dispositif de communication
WO2020252790A1 (fr) Procédé et appareil de transmission d'informations, dispositif de réseau et équipement utilisateur
US11381963B2 (en) Wireless communication method and device
US11979747B2 (en) Method or device for integrity protection
CN114205814A (zh) 一种数据传输方法、装置、系统、电子设备及存储介质
WO2020258292A1 (fr) Procédé de communication sans fil, équipement terminal, dispositif de réseau d'accès et dispositif de réseau central
WO2021138801A1 (fr) Procédé et appareil de transmission de service sécurisée, dispositif terminal, et dispositif réseau
WO2017210811A1 (fr) Procédé et appareil d'exécution de stratégie de sécurité
WO2020034125A1 (fr) Procédé et appareil destinés à récupérer une connexion rrc, et terminal
EP4271071A1 (fr) Procédé de communication sans fil, et dispositifs et support de stockage
WO2022174802A1 (fr) Procédé de mise à jour d'une clé cryptographique, et appareil
WO2021203400A1 (fr) Procédé et appareil de configuration d'une politique de transmission, dispositif réseau et dispositif terminal

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19934057

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19934057

Country of ref document: EP

Kind code of ref document: A1