WO2020252790A1 - Procédé et appareil de transmission d'informations, dispositif de réseau et équipement utilisateur - Google Patents
Procédé et appareil de transmission d'informations, dispositif de réseau et équipement utilisateur Download PDFInfo
- Publication number
- WO2020252790A1 WO2020252790A1 PCT/CN2019/092413 CN2019092413W WO2020252790A1 WO 2020252790 A1 WO2020252790 A1 WO 2020252790A1 CN 2019092413 W CN2019092413 W CN 2019092413W WO 2020252790 A1 WO2020252790 A1 WO 2020252790A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- broadcast message
- network element
- integrity
- key
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W68/00—User notification, e.g. alerting and paging, for incoming communication, change of service or the like
- H04W68/02—Arrangements for increasing efficiency of notification or paging channel
Definitions
- the first UE receives a broadcast message sent by an access network element, the broadcast message includes the at least one UE information, and each UE information in the broadcast message corresponds to a UE identifier.
- Figure 5-2 is a structural diagram of a secured NAS message provided by an embodiment of the present application.
- FIG. 7 is a second schematic diagram of secret key derivation provided by an embodiment of the present application.
- the 5G system or 5G network may also be referred to as a New Radio (NR) system or NR network.
- NR New Radio
- FIG. 2 is a 5G network architecture diagram provided by an embodiment of the application. As shown in Figure 2, the equipment involved in the 5G network includes:
- RRC-INACTIVE state (hereinafter referred to as inactive state): The RRC connection of the air interface is released, but the N2 connection is still maintained.
- the core network may not perceive the release of the air interface RRC and process it according to the CM-CONNECTED state. For example, when the downlink data arrives, it sends the downlink data to the base station as usual, and the base station can send out paging after receiving the downlink data. Therefore, paging the UE triggers an RRC Resume (RRC Resume) process to restore the RRC connection.
- RRC Resume RRC Resume
- the UE information corresponding to multiple UE IDs comes from the core network, that is, the core network sends the UE information that needs to be sent to a specific UE to the base station according to the per UE granularity, and the base station sends the UE information corresponding to the multiple UE IDs It is encapsulated and broadcasted in the same paging message.
- At least one UE information is respectively transmitted by the core network to the base station, and encapsulated by the base station in the same broadcast message (such as a paging message) and broadcasted.
- the first UE can obtain its own UE information by monitoring the broadcast message. .
- security issues there are the following security issues: 1) After receiving a broadcast message, the first UE can obtain not only its own UE information, but also other UE information; 2) A malicious attacker can intercept the broadcast message, and Modify it and send it to the UE again, which causes the UE to receive the wrong information. For this reason, the UE information in the broadcast message needs to be secured. Furthermore, if the broadcast message contains the UE identity and UE information, both the UE identity and UE information can also be secured or only the UE information can be secured.
- Figure 11-1 is a schematic diagram of encryption and/or integrity protection using a NAS layer security key, which will be described in detail below.
- the NAS layer security key can be used to encrypt and/or integrity protect the UE information.
- the NAS security key or NAS security context of the UE and the core network such as AMF
- the NAS security key can still be used Or use the new NAS security key generated by the NAS security context to perform encryption, decryption and/or integrity verification.
- the second security mechanism UE information in the broadcast message is encrypted and/or integrity protected by a second security key, the second security key being an AS layer security key, and the AS layer security key It is the security key of the protocol layer between the access network and the UE.
- the protocol layer between the access network and the UE may be the PDCP layer.
- the target object in the broadcast message, is encrypted and/or integrity protected, and the UE identity corresponding to the UE information in the target object is not encrypted and/or integrity protected.
- the target object and the UE identity corresponding to the UE information in the target object are encrypted and/or integrity protected, and the broadcast message carries second indication information, and the second The indication information is used to indicate the identifier of the receiving end of each UE information in the target object.
- the core network uses the private key to encrypt and/or sign the UE information sent to the base station. Specifically, it includes the following two forms: 1) Each UE information sent by the core network to the base station is per UE granularity When sending, the core network needs to use the private key to encrypt and/or sign each UE information. 2) The core network can send multiple UE information to the base station in batches through a new message (multiple UE information forms a target object, such as "Section"), so that the target object containing multiple UE information can be unified with the private key Encrypt and/or sign.
- a new message multiple UE information forms a target object, such as "Section"
- the receiving unit 1301 is configured to receive at least one piece of UE information sent by a core network element
- the receiving unit 1301 is configured to receive encrypted and/or integrity-protected at least one piece of UE information sent by a core network control plane network element, where the at least one piece of UE information is that the core network control plane network element adopts NAS Layer security key for encryption and/or integrity protection;
- the receiving unit 1301 is configured to receive encrypted and/or integrity-protected at least one piece of UE information sent by a core network user plane network element, where the at least one piece of UE information is a user interface of the core network user plane network element.
- the face secret key performs encryption and/or integrity protection.
- the AS layer security key is a secret key generated based on a new base station secret key or an old base station secret key
- the core network element uses a private key to separately encrypt and/or integrity protect each UE information in the at least one UE information, and encrypts and/or integrity protects all the information.
- the at least one UE information is sent to the access network network element respectively.
- the first security key is a user plane secret key
- the at least one UE information is encrypted and/or integrity protected by the user plane network element of the core network using the user plane secret key.
- the device further includes:
- the processing unit 1402 is configured to, after receiving the broadcast message, obtain the first UE information corresponding to the UE identity of the first UE from the broadcast message, and use the public key in the public and private key pair to pair the The first UE information is decrypted and/or integrity verified.
- the memory 1520 may be a separate device independent of the processor 1510, or may be integrated in the processor 1510.
- the chip 1600 may further include a memory 1620.
- the processor 1610 may call and run a computer program from the memory 1620 to implement the method in the embodiment of the present application.
- the computer program can be applied to the mobile terminal/terminal device in the embodiment of the present application.
- the computer program runs on the computer, the computer executes each method in the embodiment of the present application. For the sake of brevity, the corresponding process will not be repeated here.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
L'invention concerne un procédé et un appareil de transmission d'informations, un dispositif de réseau et un équipement utilisateur. Le procédé comprend les étapes suivantes : un élément de réseau d'accès reçoit au moins un élément d'information d'UE envoyé par un élément de réseau central ; et l'élément de réseau d'accès envoie un message de diffusion, le message de diffusion comprenant le ou les éléments d'information d'UE, et chaque élément d'information d'UE dans le message de diffusion correspondant à un identifiant d'UE.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2019/092413 WO2020252790A1 (fr) | 2019-06-21 | 2019-06-21 | Procédé et appareil de transmission d'informations, dispositif de réseau et équipement utilisateur |
CN201980091583.4A CN113412655A (zh) | 2019-06-21 | 2019-06-21 | 一种信息传输方法及装置、网络设备、用户设备 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2019/092413 WO2020252790A1 (fr) | 2019-06-21 | 2019-06-21 | Procédé et appareil de transmission d'informations, dispositif de réseau et équipement utilisateur |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2020252790A1 true WO2020252790A1 (fr) | 2020-12-24 |
Family
ID=74040500
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2019/092413 WO2020252790A1 (fr) | 2019-06-21 | 2019-06-21 | Procédé et appareil de transmission d'informations, dispositif de réseau et équipement utilisateur |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN113412655A (fr) |
WO (1) | WO2020252790A1 (fr) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114339630A (zh) * | 2021-11-30 | 2022-04-12 | 度小满科技(北京)有限公司 | 一种用于短信保护的方法和装置 |
WO2024041467A1 (fr) * | 2022-08-26 | 2024-02-29 | 维沃移动通信有限公司 | Procédé et appareil de transmission d'informations système, terminal, dispositif côté réseau et support |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160374048A1 (en) * | 2015-06-19 | 2016-12-22 | Qualcomm Incorporated | Small data transmission in a wireless communications system |
CN107592281A (zh) * | 2016-07-06 | 2018-01-16 | 华为技术有限公司 | 一种传输数据的保护系统、方法及装置 |
US20190159168A1 (en) * | 2016-08-31 | 2019-05-23 | Huawei Technologies Co., Ltd. | Small data transmission method and related device and system |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103929740B (zh) * | 2013-01-15 | 2017-05-10 | 中兴通讯股份有限公司 | 数据安全传输方法及lte接入网系统 |
CN104754576B (zh) * | 2013-12-31 | 2018-07-31 | 华为技术有限公司 | 设备验证方法、用户设备及网络设备 |
CN110536254B (zh) * | 2016-01-25 | 2022-02-22 | 展讯通信(上海)有限公司 | 小区切换方法及装置、存储介质、基站 |
CN107182061B (zh) * | 2017-06-14 | 2020-07-28 | 北京佰才邦技术有限公司 | 一种通信连接方法及装置 |
CN109729566B (zh) * | 2017-10-27 | 2021-01-29 | 华为技术有限公司 | 一种信息传输方法和设备 |
-
2019
- 2019-06-21 CN CN201980091583.4A patent/CN113412655A/zh active Pending
- 2019-06-21 WO PCT/CN2019/092413 patent/WO2020252790A1/fr active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160374048A1 (en) * | 2015-06-19 | 2016-12-22 | Qualcomm Incorporated | Small data transmission in a wireless communications system |
CN107592281A (zh) * | 2016-07-06 | 2018-01-16 | 华为技术有限公司 | 一种传输数据的保护系统、方法及装置 |
US20190159168A1 (en) * | 2016-08-31 | 2019-05-23 | Huawei Technologies Co., Ltd. | Small data transmission method and related device and system |
Non-Patent Citations (2)
Title |
---|
HUAWEI; HISILICON: "Key Issue on security for small data transmission", 3GPP DRAFT; S3-182924-KEY ISSUE ON SECURITY FOR SMALL DATA TRANSMISSION, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG3, no. Harbin; 20180924 - 20180928, 21 September 2018 (2018-09-21), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France, XP051546390 * |
ZTE: "Addition last known RAN information in solution 5", 3GPP DRAFT; S2-184714 ADDITION LAST ACCESS RAN INFORMATION IN SOLUTION 5, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG2, no. Newport Beach, CA, USA; 20180528 - 20180601, 22 May 2018 (2018-05-22), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France, XP051535269 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114339630A (zh) * | 2021-11-30 | 2022-04-12 | 度小满科技(北京)有限公司 | 一种用于短信保护的方法和装置 |
CN114339630B (zh) * | 2021-11-30 | 2023-07-21 | 度小满科技(北京)有限公司 | 一种用于短信保护的方法和装置 |
WO2024041467A1 (fr) * | 2022-08-26 | 2024-02-29 | 维沃移动通信有限公司 | Procédé et appareil de transmission d'informations système, terminal, dispositif côté réseau et support |
Also Published As
Publication number | Publication date |
---|---|
CN113412655A (zh) | 2021-09-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11304054B2 (en) | Communication method and device | |
CN110830991B (zh) | 安全会话方法和装置 | |
CN109391603B (zh) | 数据完整性保护方法和装置 | |
WO2020034229A1 (fr) | Procédé et appareil de transmission d'informations, et dispositif de communication | |
US20140126489A1 (en) | Managing operating parameters for communication bearers in a wireless network | |
WO2020248624A1 (fr) | Procédé de communication, dispositif de réseau, équipement utilisateur et dispositif de réseau d'accès | |
WO2017133021A1 (fr) | Procédé de traitement de sécurité et dispositif pertinent | |
US11889301B2 (en) | Security verification when resuming an RRC connection | |
WO2021000331A1 (fr) | Procédé et appareil de transmission de données, et dispositif de communication | |
WO2020252790A1 (fr) | Procédé et appareil de transmission d'informations, dispositif de réseau et équipement utilisateur | |
US11381963B2 (en) | Wireless communication method and device | |
US11979747B2 (en) | Method or device for integrity protection | |
CN114205814A (zh) | 一种数据传输方法、装置、系统、电子设备及存储介质 | |
WO2020258292A1 (fr) | Procédé de communication sans fil, équipement terminal, dispositif de réseau d'accès et dispositif de réseau central | |
WO2021138801A1 (fr) | Procédé et appareil de transmission de service sécurisée, dispositif terminal, et dispositif réseau | |
WO2017210811A1 (fr) | Procédé et appareil d'exécution de stratégie de sécurité | |
WO2020034125A1 (fr) | Procédé et appareil destinés à récupérer une connexion rrc, et terminal | |
EP4271071A1 (fr) | Procédé de communication sans fil, et dispositifs et support de stockage | |
WO2022174802A1 (fr) | Procédé de mise à jour d'une clé cryptographique, et appareil | |
WO2021203400A1 (fr) | Procédé et appareil de configuration d'une politique de transmission, dispositif réseau et dispositif terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 19934057 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 19934057 Country of ref document: EP Kind code of ref document: A1 |