WO2021018069A1

WO2021018069A1 - Method, apparatus and system for cell access

Info

Publication number: WO2021018069A1
Application number: PCT/CN2020/104699
Authority: WO
Inventors: 金文君; 胡力; 郭龙华
Original assignee: 华为技术有限公司
Priority date: 2019-07-29
Filing date: 2020-07-25
Publication date: 2021-02-04
Also published as: CN112312398A

Abstract

The present application relates to the technical field of communications, and disclosed are a method, device and system for cell access, which are used to lower the possibility of a terminal accessing a cell of a pseudo base station. The method comprises: when determined that a terminal accesses a cell of a pseudo base station, a source access network device sends a handover request message to a target access network device, the handover request message comprising a handover reason value, and the handover reason value being used to indicate that the terminal has accessed a pseudo base station; a handover response message sent by the target access network device is received, the handover response message comprising information of target cell allocated by the target access network device to the terminal; and a handover command message that has integrity protection is sent to the terminal, the handover command message comprising the information of the target cell. When it is determined that the terminal accesses a pseudo base station, the source access network device selects for the terminal the target cell for handover and triggers the handover process so as to prevent the terminal from being attacked by the pseudo base station.

Description

Method, device and system for cell access

Cross references to related applications

This application claims the priority of a Chinese patent application filed with the Chinese Patent Office, the application number is 201910691560.9, and the application name is "a method, device and system for cell access" on July 29, 2019, the entire content of which is incorporated by reference In this application.

Technical field

The embodiments of the present application relate to the field of wireless communications, and in particular, to a method, device, and system for cell access.

Background technique

With the development of communication technology, the number of terminals has gradually increased, and more and more base stations have been deployed in order to achieve better communication.

In order to monitor user messages and steal user data (for example, steal user bank card information, ID card information, etc.), an attacker may deploy false base stations (FBS) to attract terminals to access the pseudo base station. Once the terminal is connected to the pseudo base station, the pseudo base station can initiate attacks such as deny of service (DoS) or user data theft on the terminal.

In the prior art, by comparing the hash value of the system information received by the terminal with the hash value of the system information broadcast by the real base station, it is possible to identify whether the cell accessed by the terminal is a cell of a pseudo base station. After identifying the cell of the pseudo base station, how to prevent the terminal from accessing the cell of the pseudo base station again requires attention, but there is currently no relevant solution.

Summary of the invention

The embodiments of the present application provide a method, device, and system for cell access to solve the problem that there is currently no method for preventing a terminal from accessing a cell of a pseudo base station.

In the first aspect, a cell access system is provided. The system includes a source access network device and a target access network device. The source access network device can determine whether the terminal is connected to the pseudo base station by itself or through other devices. On the district. When the source access network device determines that the terminal accesses the cell of the pseudo base station, it may send a handover request message to the target access network device. The handover request message includes a handover reason value, and the handover reason value is used for Instruct the terminal to access the pseudo base station. Correspondingly, the target access network device may be used to receive a handover request message sent by the source access network device, and send a handover response message to the source access network device, where the handover response message includes the Information about the target cell allocated by the target access network device to the terminal. Correspondingly, the source access network device may be used to receive the handover response message sent by the target access network device. The source access network device may also be used to send a handover command message with integrity protection to the terminal, where the handover command message includes the target cell information.

When the source access network device determines that the terminal is connected to the pseudo base station, it can obtain the information of the target cell assigned to the terminal for cell handover from the target access network device, and pass the target cell information through the handover with integrity protection The command message is sent to the terminal so that the terminal can perform cell handover according to the information of the target cell. Since the target cell is selected by the source access network equipment, it is generally not the cell of the pseudo base station, that is, the terminal leaves the cell of the pseudo base station through cell handover, and accesses the real cell, thereby reducing the terminal access to the pseudo base station. Possibility of community. In addition, the handover request message sent by the source access network device to the target access network device carries a handover reason value indicating that the terminal accesses the pseudo base station, and the target access network device may preferentially process the handover request message according to the handover reason value , Allocate the information of the target cell to the terminal in time.

In a possible implementation, the information of the target cell may include a hash value of the system information of the target cell or the system information of the target cell.

In a possible implementation, the handover command message also includes the handover reason value and cell information of the pseudo base station.

Since the handover command message carries the handover reason value indicating that the terminal accesses the pseudo base station, it can be used to inform the terminal that the reason for the cell handover is that the terminal is connected to the cell of the pseudo base station, and inform the terminal of the cell information of the pseudo base station, so that The terminal saves the cell information of the pseudo base station to prevent the terminal from re-accessing the cell of the pseudo base station.

In a possible implementation, the information of the cell of the pseudo base station may include a hash value of the system information of the cell of the pseudo base station or the system information of the cell of the pseudo base station.

In a possible implementation, the cell information of the pseudo base station may also include one or a combination of the following information: physical cell identifier (physical cell identifier, PCI), downlink frequency, and detection of the The time of the cell of the pseudo base station.

In a possible implementation, before the source access network device sends a handover request message to the target access network device, the source access network device may also be used to determine whether the terminal has pseudo base station defense Capability, if yes, then send a handover request message including the handover reason value to the target access network device.

In a possible implementation, the terminal may report the capability information of the terminal to the source access network device. Correspondingly, the source access network device may also be used to receive capability information from the terminal. The information includes an indication of whether the terminal has the pseudo base station defense capability; the source access network device is used to determine whether the terminal has the pseudo base station defense capability according to the capability information reported by the terminal.

In a possible implementation, the source access network device may select a suitable target cell for the terminal to perform handover in the case of determining that the terminal is connected to the cell of the pseudo base station, and the source access network device receives The measurement report of the cell reported by the terminal selects the target cell that needs to be handed over for the terminal according to the measurement report of the cell. The access network device to which the target cell belongs is the target access network device.

In a possible implementation, the source access network device may also be used to determine other terminals that establish a secure connection with the source access network device, and send downlink messages with integrity protection to the other terminals, so The downlink message includes the cell information of the pseudo base station.

Specifically, the source access network device may also be used to determine a terminal with pseudo base station defense capability among other terminals that establish a secure connection with the source access network device, and deliver to the terminal with pseudo base station defense capability The downlink message with integrity protection means that the other terminal has a pseudo base station defense capability.

In this way, the source access network device can deliver the pseudo base station information to more terminals, so that more terminals can save the pseudo base station information, so as to prevent more terminals from accessing the pseudo base station cell next time .

In a second aspect, a method for cell access is provided. The method is applied to a terminal. The terminal receives a handover command message with integrity protection sent by an access network device. The handover command message includes information about the target cell and the handover. The cause value and the information of the cell of the first pseudo base station; the handover cause value is used to instruct the terminal to access the cell of the first pseudo base station. The terminal performs an integrity check on the handover command message, and after the check passes, saves the cell information of the first pseudo base station in the pseudo base station information list, and executes the process according to the information of the target cell. Handover of the target cell.

Through the above solution, the terminal can switch to the real target cell according to the handover command of the access network device, avoiding the terminal from being attacked by the pseudo base station. In addition, the terminal saves the cell information of the pseudo base station, and can avoid re-accessing the cell of the pseudo base station during subsequent cell access.

In a possible implementation, the terminal may also receive a radio resource control (radio resource control, RRC) message with integrity protection sent by the access network device, and the RRC message includes a second pseudo Information of the base station; the terminal performs an integrity check on the RRC message, and after the check passes, saves the information of the second pseudo base station in the pseudo base station information list.

In this way, even if the terminal is not currently connected to the pseudo base station, it can obtain the information of other pseudo base stations from the access network equipment and save it, so as to avoid subsequent access to the pseudo base station, thus reducing the possibility of the terminal accessing the pseudo base station. Sex.

In a possible implementation, when the terminal subsequently performs cell reselection, the terminal compares the information of the measured cell with the information in the information list of the pseudo base station to determine whether the measured cell is the cell of the pseudo base station. . When it is determined that the measured cell is not a cell of a pseudo base station, the terminal can choose to reselect to the measured cell. When it is determined that the measured cell is a cell of a pseudo base station, the terminal ignores the measured cell. Does not reselect to the measured cell.

In this way, when the terminal performs cell reselection, it determines whether the cell to be reselected is the cell of the pseudo base station according to the information list of the pseudo base station. If it is the cell of the pseudo base station, the cell is ignored, thus reducing the terminal reselection to the pseudo base station. Possibility of cell of base station.

In a possible implementation, in the cell reselection process, the terminal first measures the signal quality of the neighboring cell, and reads the basic system information of the neighboring cell (that is, the system information in MIB and SIB1). The terminal first compares the measured basic system information of the neighboring cell with the locally stored pseudo base station information, and when it is determined that the measured neighboring cell is the cell of the pseudo base station, ignores the measured neighboring cell; When it is determined that the measured neighboring cell is not a cell of a pseudo base station, the terminal then judges whether to reselect the measured neighboring cell according to the measured signal quality of the neighboring cell and the basic system information of the neighboring cell.

After the terminal reselects to a cell, it continues to monitor other system information of the reselected cell (other system information except MIB and SIB1), and combines the monitored other system information with the locally stored pseudo base station information A comparison is made to determine whether the cell reselected by the terminal is a pseudo base station cell; when the terminal determines that the reselected cell is a pseudo base station cell, it leaves the reselected cell and performs cell selection again.

In a possible implementation, the information of the target cell included in the handover command message is a hash value of all system information of the target cell, or all system information.

In a possible implementation, the information of the first pseudo base station and/or the information of the second pseudo base station may include the hash value of the system information of the cell of the pseudo base station or the system information of the cell of the pseudo base station.

In a possible implementation, the information of the first pseudo base station and/or the information of the second pseudo base station may further include one or a combination of the following information:

The physical cell identifies the PCI, the downlink frequency point, and the time when the cell where the pseudo base station is detected.

In a third aspect, a method for cell access is provided, which can be applied to a source access network device, and the source access network device can determine whether a terminal is connected to a cell of a pseudo base station by itself or through other devices. When the source access network device determines that the terminal accesses the cell of the pseudo base station, it may send a handover request message to the target access network device, where the handover request message includes a handover reason value, and the handover reason value is used to indicate the terminal Access the pseudo base station. The source access network device may also receive a handover response message sent by the target access network device, where the handover response message includes information about the target cell allocated by the target access network device to the terminal. The source access network device may also send a handover command message with integrity protection to the terminal, where the handover command message includes the information of the target cell.

Based on the above solution, when the source access network device determines that the terminal accesses the pseudo base station, it can obtain the information of the target cell allocated for the terminal handover from the target access network device, and pass the information of the target cell The integrity-protected handover command message is issued to the terminal, so that the terminal can perform cell handover according to the information of the target cell. Since the target cell is selected by the source access network equipment, it is generally not the cell of the pseudo base station. In this way, the cell switching can make the terminal leave the cell of the pseudo base station and access the real cell, thereby avoiding the terminal from being attacked by the pseudo base station. In addition, the handover request message sent by the source access network device to the target access network device carries a handover reason value instructing the terminal to access the pseudo base station, so that the target access network device can preferentially process the handover request according to the handover reason value Message, to allocate the information of the target cell to the terminal in time.

In a possible implementation, the handover command message may also include the handover reason value and cell information of the pseudo base station.

The handover reason value is carried in the handover command message to inform the terminal that the reason for the cell handover is that the terminal has accessed the cell of the pseudo base station, and inform the terminal of the cell information of the pseudo base station so that the terminal can save the cell information of the pseudo base station. Prevent the terminal from re-accessing the cell of the pseudo base station.

In a possible implementation, the cell information of the pseudo base station may further include one or a combination of the following information:

In a possible implementation, before the source access network device sends a handover request message to the target access network device, the source access network device may also determine whether the terminal has a pseudo base station defense capability, If so, send a handover request message including the handover cause value to the target access network device.

In a possible implementation, the terminal may report the capability information of the terminal to the source access network device. Correspondingly, the source access network device may also receive capability information from the terminal, and the capability information includes An indication of whether the terminal has a pseudo base station defense capability; the source access network device determines whether the terminal has a pseudo base station defense capability according to the capability information reported by the terminal.

In a possible implementation, the source access network device may also determine other terminals that establish a secure connection with the source access network device, and send a downlink message with integrity protection to the other terminals. The message includes the cell information of the pseudo base station.

Specifically, the source access network device may also determine a terminal with pseudo base station defense capability among other terminals that establish a secure connection with the source access network device, and deliver the said terminal to the terminal with pseudo base station defense capability. Downlink messages with integrity protection, that is, the other terminals have the ability to defend against pseudo base stations.

The source access network device delivers the pseudo base station information to more terminals, so that more terminals save the pseudo base station information, so as to prevent the terminal from accessing the pseudo base station cell next time.

In a fourth aspect, a system for cell access is provided. The system includes an access network device and a first terminal. The access network device can be used to determine that the cell corresponding to the measurement report reported by the terminal includes a pseudo base station. In the case of a cell in which a secure connection is established with the access network device, a downlink message with integrity protection is sent to the terminal that establishes a secure connection with the access network device, and the downlink message includes the cell information of the pseudo base station. The first terminal is one of the terminals that establish a secure connection with the access network device, and the first terminal may be used to receive a downlink message from the access network device, and the terminal can complete the downlink message After the verification is passed, the cell information of the pseudo base station in the downlink message is stored in the pseudo base station information list. The pseudo base station information list is used for the terminal to avoid reselecting to the cell of the pseudo base station in the subsequent cell reselection process.

The access network equipment sends the pseudo base station information to the terminal. The terminal can save the pseudo base station information, and consider the pseudo base station information when reselecting the cell to reduce the possibility of reselecting the pseudo base station cell.

In a possible implementation, the access network device may also be used to determine the terminal with the pseudo base station defense capability among the terminals that have established a secure connection with the access network device, and send to the terminal with the pseudo base station defense capability The downlink message with integrity protection.

In a possible implementation, the terminal may report the capability information of the terminal to the source access network device, and the source access network device may also be used to receive capability information from the terminal. The capability information includes whether the terminal is An indication of having the pseudo base station defense capability; the source access network device may also be used to determine whether the terminal has the pseudo base station defense capability according to the capability information reported by the terminal.

In this way, when the terminal performs cell reselection, it determines whether the cell to be reselected is the cell of the pseudo base station according to the information list of the pseudo base station. If it is the cell of the pseudo base station, the cell is ignored, which can reduce the terminal reselection to the pseudo base station. Possibility of cell of base station.

In a fifth aspect, a method for cell access is provided. The method can be applied to a terminal. The terminal receives a downlink message with integrity protection from an access network device, and the terminal can perform an integrity check on the downlink message. After the check is passed, the cell information of the pseudo base station in the downlink message is saved in the pseudo base station information list. The pseudo base station information list is used for the terminal to avoid reselecting to The cell of the pseudo base station.

In a possible implementation, the terminal first measures the signal quality of the neighboring cell during the cell reselection process, and obtains the basic system information of the neighboring cell (that is, the system information in MIB and SIB1). The terminal first compares the measured basic system information of the neighboring cell with the locally stored pseudo base station information, and when it is determined that the measured neighboring cell is the cell of the pseudo base station, ignores the measured neighboring cell; When it is determined that the measured neighboring cell is not a cell of a pseudo base station, the terminal then judges whether to reselect the measured neighboring cell according to the measured signal quality of the neighboring cell.

In a possible implementation, the terminal may also report its own capability information to the access network device, where the capability information includes an indication of whether the terminal has a pseudo base station defense capability.

In a possible implementation, the terminal may also report the measurement report of the cell to the access network device.

In a sixth aspect, a method for cell access is provided, which can be applied to an access network device, and the access network device can be used when determining that the cell corresponding to the measurement report reported by the terminal includes the cell of the pseudo base station Next, send a downlink message with integrity protection to a terminal that establishes a secure connection with the access network device, and the downlink message includes the cell information of the pseudo base station.

In a possible implementation, the access network device may also be used to determine the terminal with the pseudo base station defense capability among the terminals that have established a secure connection with the access network device, and send to the terminal with the pseudo base station defense capability Downlink message with integrity protection.

In a possible implementation, the information of the cell of the pseudo base station includes a hash value of the system information of the cell of the pseudo base station or the system information of the cell of the pseudo base station.

In a possible implementation, the cell information of the pseudo base station further includes one or a combination of the following information:

Physical cell identifier (Physical Cell Identifier, PCI), downlink frequency, and time when the cell where the pseudo base station is detected.

In a seventh aspect, a cell access device is provided, and the device has functional modules that implement the foregoing aspects and any possible implementation methods of the aspects. The functional modules can be realized by hardware, or by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the above-mentioned functions.

In a possible implementation, the device may be a chip or an integrated circuit.

In a possible implementation, the device may include a transceiver and a processor, and the processor is used to execute a set of programs. When the program is executed, the device may execute the above-mentioned aspects and any of the possibilities through the processor. The method in the implementation.

In an eighth aspect, an apparatus for cell access is provided. The apparatus includes a processing unit and a transceiver unit. The processing unit may be implemented by a processor in the foregoing aspects and any possible implementation of the aspects, and the transceiving unit may be implemented by a transceiver in the foregoing aspects and any possible implementation of the aspects . The processing unit may execute the foregoing aspects and any of the possible implementation methods of the aspects based on the function of the transceiver unit to send and receive messages.

In a ninth aspect, a computer-readable storage medium is provided, and the computer-readable instructions are stored in the computer storage medium. When the computer reads and executes the computer-readable instructions, the computer executes the above aspects and Any possible implementation of the method described in.

In a tenth aspect, a computer program product is provided. When the computer reads and executes the computer program product, the computer executes the methods described in the above aspects and any possible implementation of the aspects.

In an eleventh aspect, a chip is provided, the chip is coupled with a memory, and is used to read and execute a software program stored in the memory to implement the above aspects and any possible implementation of the aspects. method.

Description of the drawings

FIG. 1A is a schematic diagram of a communication architecture when there is a man-in-the-middle pseudo base station provided in an embodiment of this application;

FIG. 1B is a schematic diagram of a process for determining a man-in-the-middle pseudo base station provided in an embodiment of the application;

2A is a schematic diagram of a communication architecture when a common pseudo base station exists in an embodiment of the application;

2B is a schematic diagram of a process of determining a common pseudo base station provided in an embodiment of the application;

Figure 3 is a schematic diagram of a cell handover process provided in an embodiment of this application;

FIG. 4 is a schematic diagram of a cell handover process provided in an embodiment of this application;

FIG. 5 is a schematic diagram of a cell access process provided in an embodiment of this application;

Fig. 6 is a structural diagram of a cell access device provided in an embodiment of the application;

FIG. 7 is a structural diagram of a cell access device provided in an embodiment of this application;

Fig. 8 is a structural diagram of a cell access system provided in an embodiment of the application.

Detailed ways

The embodiments of the present application provide a method, device, and system for cell access. The method, device, and system are based on the same technical concept. Since the method, device, and system have similar principles for solving problems, the device, system, and method The implementation can be referred to each other, and the repetition will not be repeated.

In order to facilitate the understanding of the embodiments of this application, the application scenarios of this application will be introduced next. The business scenarios described in the embodiments of this application are intended to more clearly illustrate the technical solutions of the embodiments of this application, and do not constitute a limitation on the technical solutions provided by the embodiments of this application. Those of ordinary skill in the art will know that as new business scenarios change It appears that the technical solutions provided in the embodiments of the present application are equally applicable to similar technical problems. The technical solutions of the embodiments of the present application can be applied to various communication systems, such as: long term evolution (LTE) system, worldwide interoperability for microwave access (WiMAX) communication system, the fifth generation of the future (5th Generation, 5G) systems, such as the new radio access technology (NR) system, and future communication systems.

In order to facilitate the understanding of the embodiments of the present application, some terms used in the embodiments of the present application are explained below to facilitate the understanding of those skilled in the art.

1) Terminal, also known as user equipment (UE), mobile station (MS), mobile terminal (MT), etc., is a way to provide users with voice and/or data connectivity device of. For example, terminal devices include handheld devices and vehicle-mounted devices with wireless connection functions. At present, terminal devices can be: mobile phones (mobile phones), tablets, notebook computers, handheld computers, mobile internet devices (MID), wearable devices, virtual reality (VR) devices, augmented reality ( augmented reality (AR) equipment, wireless terminals in industrial control, wireless terminals in self-driving (self-driving), wireless terminals in remote medical surgery, and smart grids (smart grid) The wireless terminal in the transportation safety (transportation safety), the wireless terminal in the smart city (smart city), or the wireless terminal in the smart home (smart home), etc.

2) System information, which mainly includes master information block (MIB), system information block (system information block, SIB), and positioning system information block. The main information block includes the most important and frequently transmitted parameters that the terminal needs to obtain from the cell it is accessing, such as: downlink bandwidth configuration, system frame number, etc.; the system information block includes multiple different information blocks, with system information block 1 As an example, it includes public land mobile network identification, tracking area number, cell identification, cell selection information, etc. The positioning system information block mainly includes positioning-related parameters, such as the location of the base station. Since the content of the positioning system information may change at any time as the position of the terminal changes, the system information used to calculate the hash value in this application includes the main information block and/or the system information block.

3) Access network equipment, which has equipment capable of providing random access for terminals or a chip that can be installed in the equipment, including but not limited to: evolved Node B (evolved Node B, eNB), base transceiver station (base transceiver station, BTS), home base station (for example, home evolved NodeB, or home Node B, HNB), baseband unit (BBU), wireless fidelity (wireless fidelity, WIFI) system access point ( access point, AP), wireless relay node, wireless backhaul node, transmission point (transmission and reception point, TRP or transmission point, TP), etc., and can also be gNB or transmission point (TRP or TP) in the 5G system, etc. . It can also be one or a group of antenna panels (including multiple antenna panels) in the base station in the 5G system, or it can also be a network node that constitutes a gNB or transmission point, such as a baseband unit (BBU), or a distributed unit ( DU, distributed unit), etc. In this application, the access network device forged by the attacker is referred to as a fake base station.

4) Integrity protection refers to ensuring that the information or data is not changed by unauthorized equipment or can be quickly discovered after the change during the process of transmitting and storing information or data. In addition, it should be noted that the integrity-protected messages in this application can also have confidentiality protection, where confidentiality protection means that the information cannot be accessed or disclosed by unauthorized individuals, entities, or processes.

5) Mobility management function (access and mobility management function, AMF) network element, with core network control plane function, providing user mobility management and access management functions.

The "and/or" in this application describes the association relationship of the associated objects, indicating that there can be three relationships, for example, A and/or B, which can mean: A alone exists, A and B exist at the same time, and B exists alone. This situation. The character "/" generally indicates that the associated objects are in an "or" relationship.

The multiple involved in this application refers to two or more. In the description of this application, words such as "first" and "second" are only used for the purpose of distinguishing description, and cannot be understood as indicating or implying relative importance, nor as indicating or implying order.

In addition, in the embodiments of the present application, the term "exemplary" is used to indicate an example, illustration, or illustration. Any embodiment or implementation solution described as an "example" in this application should not be construed as being more preferable or advantageous than other embodiments or implementation solutions. Rather, the term example is used to present the concept in a concrete way. Generally, in a normal communication scenario, the access network device broadcasts the system information of the cell. The terminal searches for the signals of surrounding cells, measures the signal quality of each cell, and receives the system information of the cell, and selects a suitable cell for access. For example, when the terminal is in an idle state, when performing cell reselection, the terminal measures the signal quality of the surrounding neighboring cells, and when the signal quality of a neighboring cell meets the cell reselection condition, the terminal reselects to the cell. For another example, when the terminal is in the connected state, the terminal is currently connected to the cell (called the source cell) of a certain access network device (called the source access network device), and the terminal can measure the signal quality of the source cell and nearby neighbors. And generate a signal quality measurement report and send it to the source access network device. When the source access network device determines that the signal quality of a certain neighboring cell is better than the signal quality of the source cell, it triggers a handover process to control the terminal to access the neighboring cell with better signal quality.

As shown in FIG. 1A, a schematic diagram of a communication architecture when a pseudo base station exists is provided. An attacker can deploy a pseudo base station. The pseudo base station can include a base station part (BS part) and a terminal part (UE part). The terminal part in the pseudo base station receives the system information of the cell broadcast by the access network device, and accesses the cell of the access network device according to the system information of the cell broadcast by the access network device. The pseudo base station may change other information except the cell identity in the received system information of the cell of the access network device, for example, change the cell selection information. The base station part of the pseudo base station broadcasts the modified system information. The system information of the surrounding cells received by the terminal may include the modified system information broadcast by the pseudo base station.

When the terminal measures the signal quality of surrounding cells, it will also measure the signal quality of the cell of the pseudo base station. For the terminal in the idle state, if the signal quality of the pseudo base station is very good, the terminal will be reselected to the cell of the pseudo base station. For a connected terminal, if the cell signal quality of the pseudo base station is better than the signal quality of the source cell, and the handover conditions are met, it may trigger the source access network device to initiate a handover procedure for the terminal, causing the terminal to access the pseudo base station. On the district.

After the terminal accesses the cell of the pseudo base station, the uplink message sent by the terminal first reaches the pseudo base station. If the uplink message sent by the terminal does not have integrity protection, the pseudo base station can change the content of the uplink message before sending it to the access network device, and the access network device may also send it to the core network device (in this application, Core network equipment includes but is not limited to AMF). The downlink message sent by the access network device to the terminal first arrives at the pseudo base station. If the downlink message does not have integrity protection, the pseudo base station can change the content of the downlink message before sending it to the terminal. The pseudo base station plays the role of an intermediary between the access network equipment and the terminal, and can be called a man-in-the-middle false base station (MitM-FBS).

In order to find the man-in-the-middle pseudo base station, it is possible to determine whether the terminal is connected to the cell of the man-in-the-middle pseudo base station by comparing the hash value of the system information received by the terminal and the hash value of the system information broadcast by the access network device. The device for comparing the hash values can be a terminal, an access network device, or a core network device.

If the terminal compares the hash value, it can be that the core network device transmits the hash value of the system information broadcast by the access network device to the terminal through a downlink NAS message with integrity protection, or it can be that the access network device has complete The downlink AS message of sexual protection transmits the hash value of the system information broadcast by the access network device to the terminal.

If the hash value comparison is performed by the access network device, it may be that the terminal transmits the hash value of the system information received by the terminal to the access network device through an uplink AS message with integrity protection.

If the core network device performs the hash value comparison, it may be that the terminal transmits the hash value of the system information received by the terminal to the core network device through an uplink NAS message with integrity protection.

As shown in FIG. 1B, it is the process of security authentication between the terminal and the network side. During the security authentication process, the hash value of the system information can be transmitted to determine whether the terminal is connected to the cell of the middleman pseudo base station.

Step 10: The terminal receives the system information broadcast by the access network equipment.

Step 11: The terminal sends an initial NAS message (initial NAS message) to the core network device.

Step 12: The terminal initiates the first authentication (authentication) on the network side.

Step 13: The core network device sends a NAS security mode command (NAS security mode commend, NAS SMC for short) message to the terminal.

Step 14: The terminal sends a NAS security mode complete (NAS security mode complete, NAS SMP for short) message to the core network device.

Step 15: The access network device sends an AS security mode command (AS security mode commend, AS SMC for short) message to the terminal.

Step 16: The terminal sends an AS security mode complete (AS security mode complete, AS SMP for short) message to the access network device.

It should be noted that if there is an intermediary pseudo base station between the terminal and the access network device, the initial NAS message, NAS SMP message, and AS SMP message sent by the terminal to the access network device and core network device all reach the intermediary pseudo base station first. The middleman pseudo base station then sends the initial NAS message, NAS SMP message, and AS SMP message to the access network device respectively. The access network device then sends the initial NAS message and NAS SMP message to the core network device respectively. In the same way, the NAS SMC message sent by the core network device to the terminal first reaches the access network device. The access network equipment sends the NAS SMC message and the AS SMC message to the terminal respectively. These messages first reach the intermediate pseudo base station, and are forwarded to the terminal by the intermediate pseudo base station.

The above NAS SMC messages, NAS SMP messages, AS SMC messages, and AS SMP messages are all messages with integrity protection. The transmission of the hash value of the system information can be realized through the above message, and the hash value verification can be performed to determine whether the terminal is connected to the middleman pseudo base station. For example, the core network device transmits the hash value of the system information broadcast by the access network device to the terminal through the NAS SMC message, and the access network device transmits the hash value of the system information broadcast by the access network device to the terminal through the AS SMC message. The terminal transmits the hash value of the system information received by the terminal to the access network device through the AS SMP message, and the terminal transmits the hash value of the system information received by the terminal to the core network device through the NAS SMP message.

In addition to the aforementioned NAS SMC messages, NAS SMP messages, AS SMC messages, and AS SMP messages, the hash value of the system information can be transferred, and the hash value of the system information can also be transferred through other integrity-protected messages.

Since the message passing the hash value has integrity protection, the middleman pseudo base station cannot change the message with integrity protection, and the passed hash value will not be changed. By comparing the hash value of the system information received by the terminal with the hash value of the system information broadcasted by the access network equipment, it can be accurately and quickly determined whether the terminal accesses the cell of the middleman pseudo base station.

In addition, if the terminal compares the hash value of the system information received by the terminal with the hash value of the system information broadcasted by the access network device to determine whether it is accessing the cell of the middleman pseudo base station, the terminal is determining whether to access the middleman pseudo base station. After the cell, it can report to the access network equipment or core network equipment the indication information of its access to the cell of the middle pseudo base station, and it can also report the cell information of the middle pseudo base station to the access network through an integrity-protected uplink message Equipment or core network equipment.

If the core network device determines that the terminal is connected to the cell of the middleman pseudo base station, the core network device can issue instructions for the terminal to access the cell of the pseudo base station to the access network device, and the access network device will use the terminal sent by the core network device The indication information of accessing the cell of the pseudo base station can know that the terminal is connected to the cell of the pseudo base station.

The information of the cell of the intermediary pseudo base station may be the system information of the cell of the intermediary pseudo base station, or the hash value of the system information of the cell of the intermediary pseudo base station. The information of the cell of the man-in-the-middle pseudo base station may also include one or a combination of the following information: a physical cell identifier PCI, a downlink frequency point, and the time when the cell of the pseudo base station is detected.

As shown in FIG. 2A, another schematic diagram of the communication architecture when a pseudo base station exists is provided. An attacker can deploy a pseudo base station, which may include a base station part (BS part) and a core network part (AMF part). For the convenience of description, the pseudo base station shown in FIG. 2A is called a normal pseudo base station. Ordinary pseudo base stations cannot communicate with access network equipment. Ordinary pseudo base station simulates the cell system information of the access network equipment, and the cell system information simulated by the base station part broadcasts. The cell ID in the simulated system information can be the cell ID forged by the ordinary pseudo base station itself, or it can be the simulation of the ordinary pseudo base station. The cell identifier of the real access network device in the network. The terminal may access the cell of the ordinary pseudo base station during cell handover or cell reselection (for a specific process, refer to the description of FIG. 1A above).

After the terminal accesses the cell of the ordinary pseudo base station, the uplink messages sent by the terminal to the access network device and the core network device directly reach the ordinary pseudo base station. Since the ordinary pseudo base station cannot communicate with the access network device, it will not forward the uplink message to the access network device. The base station part of the ordinary pseudo base station processes the uplink messages sent by the terminal to the access network equipment and feeds back the corresponding downlink messages to the terminal. The core network part of the ordinary pseudo base station processes the uplink messages sent by the terminal to the core network equipment and sends it to the terminal Feedback the corresponding downlink message. There is no security context of the terminal on the ordinary pseudo base station, so the ordinary pseudo base station cannot establish a secure connection with the terminal.

During the movement of the idle state terminal, according to the measured signal quality of the cell and the system information of the cell, select a suitable cell to camp on. Since the system information of the cell is not protected by security, the terminal may camp on the cell of the real base station or may camp on the cell of the pseudo base station. The terminal records the system information of the cell where it once resided. When the terminal transitions from the idle state to the connected state, and establishes a secure connection with the access network equipment, the terminal can report the system information related information of the cell where it once resided through the historical measurement report (logged measurement report, logged MR). Access network equipment.

As shown in Figure 2B, after the terminal establishes a secure connection with the access network device gNB1, it can report the saved related information of the cell where it once resided to the access network device gNB1 through the logged MR with integrity protection. The logged MR includes the cell identifier that the terminal has camped on and related information about the system information of the corresponding cell. The related information of the system information in the logged MR can be the system information or the hash value of the system information. The access network device gNB1 or the core network device can verify whether the cell corresponding to the cell identifier in the logged MR reported by the terminal is a pseudo base station cell according to the related information of the system information of the cell in the logged MR reported by the terminal.

First of all, it should be noted that after broadcasting the system information of the cell, the access network device can save the related information of the broadcast system information by itself, and can also report the related information of the broadcast system information to the core network device.

When the access network equipment determines whether the cell corresponding to the cell identifier in the logged MR reported by the terminal is the cell of the pseudo base station, it can perform the integrity check on the logged MR reported by the terminal. After the verification passes, the access network equipment follows The cell ID in the logged MR searches for a corresponding cell in the network. If it cannot be found, it means that the cell corresponding to the cell ID in the logged MR reported by the terminal is a pseudo base station cell. If the corresponding cell is found, as shown in Figure 2B, the access network device (gNB1) can send a system information verification request (system information verify request) message to the access network device (gNB2) to which the found corresponding cell belongs, so The system information verification request message includes information related to the system information of the cell included in the logged MR reported by the terminal.

After receiving the system information verification request message, gNB2 can compare the system information related information in the system information verification request message with the real system information related information stored locally, and verify that the logged MR reported by the terminal contains Whether the related information of the system information of the cell is true. gNB2 sends a system information verification response (system information verify response) message to gNB1, where the response message includes the system information verification result.

The gNB1 receives the system information verification response message sent by the gNB2, and determines whether the cell corresponding to the logged MR reported by the terminal is a pseudo base station according to the system information verification result included in the response message. If the system information verification result is true, it is considered that the cell corresponding to the cell identifier in the logged MR reported by the terminal is not the cell of the pseudo base station. If the system information verification result is false, it is considered that the cell corresponding to the cell identifier in the logged MR reported by the terminal is the cell of the pseudo base station.

The access network device may also report the logged MR to the core network device, and the core network device determines whether the cell corresponding to the cell identifier in the logged MR reported by the terminal is the cell of the pseudo base station. Among them, the core network equipment determines whether the cell corresponding to the cell identifier in the logged MR reported by the terminal is the cell of the pseudo base station is the same as the process for the access network equipment to determine whether the terminal accesses the pseudo base station cell, and will not be repeated Repeat.

After the terminal establishes a secure connection with the access network device, the terminal can not only report the saved information about the cell where it once resided to the access network device through the logged MR with integrity protection, but also periodically measure other neighbors. The signal quality of the area is reported to the access network equipment for the MR generated for other neighboring areas. The MR contains information about the system information of other neighboring cells measured by the terminal. The related information of the system information in the MR may include basic system information and/or a hash value of the basic system information, and the basic system information includes system information in SIB1 and MIB. The access network device or the core network device can determine whether the cell corresponding to the cell identifier in the MR reported by the terminal is a cell of a pseudo base station. The determination process is the same as the foregoing process of determining whether the cell corresponding to the cell identifier in the logged MR is the cell of the pseudo base station, and the repetition will not be repeated.

Further, a pseudo base station information list can also be maintained in the access network equipment. After the access network equipment itself or through other equipment (such as terminals or core network equipment) determines the cell of the intermediate pseudo base station or the cell of the pseudo base station, it can The relevant information of the cell of the pseudo base station is saved in the pseudo base station information list. The related information of the cell of the pseudo base station includes the system information and/or the hash value of the system information. The related information of the cell of the pseudo base station may also include one or more of the physical cell identifier PCI, the downlink frequency point, the time when the cell of the pseudo base station is detected, and the type of the pseudo base station. The types of pseudo base stations can be divided into man-in-the-middle pseudo base stations and ordinary pseudo base stations.

The above describes the process of discovering pseudo base stations. After the pseudo base station is discovered, how to prevent the terminal from accessing the pseudo base station cell again is an issue that needs attention. As shown in Figure 3, a schematic diagram of the cell handover process is provided. The access network equipment determines whether to trigger the handover according to whether the cell corresponding to the cell identifier in the MR reported by the terminal is the cell of the pseudo base station, thereby reducing the terminal access to the pseudo base station. Possibility of base station cell. Specifically, it can include the following processes:

Step 30: The terminal establishes a secure connection with the access network device (gNB1).

Step 31: The terminal reports the MR of the neighboring cell to the access network device (gNB1). The MR includes the identifier of the neighboring cell (ie, the neighboring cell), the signal quality of the neighboring cell and the related information of the system information of the neighboring cell.

The related information of the system information may include basic system information (for example, SIB1/MIB) and/or a hash value of the basic system information.

Step 32: After determining that the signal quality meets the cell handover condition, the access network device (gNB1) sends a system information verification request message to the access network device (gNB2) to which the real cell corresponding to the cell identifier in the MR belongs, the system information The verification request message includes information related to the neighboring cell system information contained in the MR reported by the terminal.

Before gNB1 sends the system information verification request message to gNB2, gNB1 can also compare the system information related information in the MR with the pre-saved pseudo base station information list to determine whether the neighboring cell corresponding to the MR reported by the terminal is the pseudo base station. Community. If so, ignore the cell. If not, gNB1 sends a system information verification request message to gNB2.

After the gNB2 receives the system information verification request message, it can compare the system information related information in the system information verification request message with the real system information related information stored locally, and verify that the MR reported by the terminal contains Whether the related information of the system information is true.

For example, when the system information related information in the system information verification request message is the hash value of basic system information, gNB2 may compare the hash value in the system information verification request message with the real basic system stored locally. Compare the hash values of information (such as SIB1 and/or MIB) to verify whether the two hash values are the same. If they are the same, the verification result is that the relevant information of the system information contained in the MR reported by the terminal is true, if not the same , The verification result is that the relevant information of the system information contained in the MR reported by the terminal is not true.

For example, when the system information related information in the system information verification request message is basic system information, gNB2 may first calculate the hash value of the basic system information in the system information verification request message, and then combine the system information The hash value of the basic system information in the information verification request message is compared with the hash value of the real basic system information (such as SIB1 and/or MIB) stored locally to verify whether the two hash values are the same. If they are the same, then The verification result is that the related information of the system information contained in the MR reported by the terminal is true, and if not the same, the verification result is that the related information of the system information contained in the MR reported by the terminal is not true.

Step 33: gNB2 sends a system information verification response (system information verify response) message to gNB1, and gNB1 receives a system information verification response fed back by gNB2, and the response message includes the system information verification result.

Step 34: The gNB1 determines whether the neighbor cell corresponding to the neighbor cell identifier included in the MR reported by the terminal is a cell of a pseudo base station according to the system information verification result included in the response message.

If the system information verification result is false, it can be considered that the attacker simulates the real cell identity, and the cell corresponding to the neighboring cell identity included in the MR reported by the terminal is the cell of the pseudo base station. The gNB1 can ignore the cell and does not perform the cell handover procedure, and the gNB1 saves the relevant information of the pseudo base station cell in the pseudo base station information list.

If the system information verification result is true, the normal cell handover procedure can be performed, see step 35-step 37. When performing cell handover, the access network device currently accessed by the terminal is called the source access network device, and the cell currently accessed is called the source cell. The device that is about to switch to the access network is called the target access network device. The cell reached is called the target cell.

Step 35: The source access network device (gNB1) sends a handover request (handover request, HO request) message to the target access network device (gNB2).

The handover request message includes relevant information of the terminal, such as the identification of the terminal and the capability information of the terminal. Correspondingly, the target access network device receives the handover request message sent by the source access network device, and sends the handover response message to the source access network device.

Step 36: The source access network device (gNB1) receives a handover response (HO response) message sent by the target access network device (gNB2), and the handover response includes the HO response message allocated by the target access network device (gNB2) for the terminal Information about the target cell.

Exemplarily, the information of the target cell allocated to the terminal includes information required for the terminal to switch to the target cell, and also includes information related to system information of the target cell. The related information of the system information may be system information (including MIB And all SIBs), it can also be the hash value of system information. The relevant information of the system information is for the terminal to identify whether the handover cell is the target cell indicated by the source access network device during the handover process.

Step 37: The source access network device (gNB1) sends a handover command (HO command) message with integrity protection to the terminal, where the handover command message includes the target cell information;

Step 38: The terminal performs an integrity check on the handover command message, and after passing the check, executes the handover to the target cell according to the information of the target cell in the handover command message.

The system information of the cell broadcast by the access network equipment includes multiple SIBs and one MIB. When the access network equipment broadcasts the system information, it may broadcast in different time periods or in batches at different frequencies. Before camping on a certain cell, the terminal only monitors the basic system information of the cell's system information, such as SIB1 and MIB. After camping on the cell, you can continue to monitor other system information of the cell, such as the remaining SIBs except SIB1 and MIB.

If the ordinary pseudo base station simulates the basic system information broadcast by the real base station, when the cell of the pseudo base station is determined using the method shown in FIG. 3, the cell of the pseudo base station may be mistaken for the cell of the real base station. In order to more accurately determine the cell of the pseudo base station, after the terminal camps on the cell, the terminal can continue to measure other system information broadcast by the camped cell, and the terminal will continue to measure other system information of the cell and the said cell. The information of the target cell in the handover command message is compared to determine whether the camped cell is the target cell indicated in the handover command message. When it is determined that the camped cell is not the target cell indicated in the handover command message, leave Resident cell.

For example, the information of the target cell allocated by the target access network device to the terminal in step 36 may include the system information of the target cell or the hash value of the system information. After the terminal camps in the cell, it continues to monitor other system information of the cell where it is camped. The terminal finds that any other system information is different from the corresponding system information in the handover command message, or the hash value of any other system information is different from the handover The hash value of the corresponding system information in the command message is different, indicating that the cell where the terminal resides is not the target cell indicated in the handover command message. The terminal can leave the cell and continue cell reselection, thereby avoiding the pseudo base station cell s attack.

Further, the terminal may also maintain a pseudo base station information list. After determining that the cell currently accessed by the terminal is a pseudo base station cell, the terminal may also save related information of the pseudo base station cell to the maintained pseudo base station information list. Of course, the terminal can also report the pseudo base station information to the access network device and/or the core network device.

When the terminal accesses the cell of the man-in-the-middle pseudo base station, the terminal can perform the normal cell handover process through steps 30, 31, 35 to 37 as shown in FIG. 3, and leave the cell of the man-in-the-middle pseudo base station currently accessed. Since the cell handover is only performed when a suitable target cell appears, the longer the terminal accesses the cell of the pseudo base station, the greater the possibility of being attacked by the pseudo base station. In order to avoid the attack of the man-in-the-middle pseudo base station in time, the terminal can also directly leave the cell of the man-in-the-middle pseudo base station currently accessed, and switch from the connected state to the idle state. This way will cause the terminal business to be interrupted.

In order to enable the terminal to leave the cell of the pseudo base station in time without interrupting the service, as shown in FIG. 4, an embodiment of the present application provides a schematic diagram of an enhanced cell handover process:

Step 40: The source access network device establishes a secure connection with the terminal.

Step 41: The source access network device determines that there is a man-in-the-middle pseudo base station between the source access network device and the terminal.

Step 42: The source access network device sends a handover request message to the target access network device, where the handover request message includes a handover reason value, and the handover reason value is used to instruct the terminal to access the pseudo base station.

Correspondingly, the target access network device receives the handover request message sent by the source access network device, and sends the handover response message to the source access network device.

Compared with the handover request message in step 35 in Fig. 3, the handover request message in step 42 adds a handover reason value for instructing the terminal to access the pseudo base station. By carrying the handover reason value instructing the terminal to access the pseudo base station in the handover request message, the target access network device can preferentially process the handover request message, which speeds up the terminal handover process and reduces the duration of the terminal being attacked by the man-in-the-middle pseudo base station.

The source access network device may determine that the terminal needs to be handed over to the target cell according to the measurement report of the cell reported by the terminal, and the target cell belongs to the target access network device.

Step 43: The source access network device receives a handover response message sent by the target access network device, where the handover response message includes the information of the target cell allocated by the target access network device to the terminal.

The information of the target cell includes a hash value of all system information of the target cell or all system information of the target cell.

Step 44: The source access network device sends a handover command message with integrity protection to the terminal, where the handover command message includes the information of the target cell.

The handover command message may also include a handover reason value, and the handover reason value indicates that the terminal accesses the pseudo base station.

The handover command message may also include cell information of the pseudo base station. The cell information of the pseudo base station includes the system information of the cell of the pseudo base station and/or the hash value of the system information of the cell of the pseudo base station. The cell information of the pseudo base station may include one or a combination of the following information: a physical cell identifier PCI, a downlink frequency point, and the time when the cell of the pseudo base station is detected.

Compared with the handover command message in step 37 in Figure 3, the handover command message in step 44 adds a handover reason value for instructing the terminal to access the pseudo base station and/or a field for carrying information about the cell of the pseudo base station. . By designing a new message element, the new handover command message carries a handover reason value indicating that the terminal accesses the pseudo base station. Make the terminal aware of the reason for the switch itself so that it can be recorded in the log. By designing a new message element and carrying the relevant information of the pseudo base station cell in the new handover command message, the terminal can continue to read the pseudo base station information when it recognizes that the reason for the handover is that the terminal accesses the pseudo base station, and then the pseudo base station The information of the base station is saved in the maintained pseudo base station information list to avoid subsequent access to the pseudo base station cell again.

Step 45: The terminal receives the handover command message with integrity protection sent by the source access network device, performs integrity check on the handover command, and after the check is passed, executes the check to the target cell according to the information of the target cell Switch. The terminal can also save the pseudo base station information in the maintained pseudo base station information list.

Optionally, after the terminal establishes a secure connection with the source access network device, step 401 may be performed: the terminal reports the capability information of the terminal to the source access network device through an uplink message with integrity protection. Correspondingly, the access network device receives the capability information from the terminal. The capability information includes an indication of whether the terminal has a pseudo base station defense capability. A terminal with pseudo base station defense capability has the following functions: it can identify and save the cell information of the pseudo base station, and in the subsequent cell reselection, can determine whether the cell is the cell of the pseudo base station according to the stored pseudo base station information.

Before performing step 42, the source access network device may also perform step 411: the source access network device determines whether the terminal has the pseudo base station defense capability according to the capability information reported by the terminal. If it possesses the pseudo base station defense capability, then perform the enhanced cell handover procedure provided in the subsequent step 42-step 45. If the terminal does not have the pseudo base station defense capability, the normal cell handover procedure provided in step 35 to step 38 shown in FIG. 3 is executed.

In the embodiment shown in FIG. 4, the source access network device can not only send the cell information of the pseudo base station to the terminal in the case of determining that the terminal accesses the man-in-the-middle pseudo base station, it can also communicate with the source The access network equipment establishes a secure connection and other terminals with pseudo base station defense capabilities deliver cell information of the pseudo base station.

For example, the access network device determines other terminals that establish a secure connection with the access network device, and sends to the other terminals a downlink RRC message with integrity protection, where the downlink RRC message includes the pseudo base station Information about the cell. Specifically, the source access network device may also determine other terminals with pseudo base station defense capabilities among other terminals that establish a secure connection with the source access network device, and deliver to other terminals with pseudo base station defense capabilities. The downlink message with integrity protection. The source access network device delivers the pseudo base station information to more terminals, so that more terminals save the pseudo base station information, so as to prevent the terminal from accessing the pseudo base station cell next time.

For the terminal, the terminal may also receive an integrity-protected RRC message sent by the currently accessed access network device. The RRC message includes the pseudo base station information; the terminal performs integrity on the RRC message Check, after the check is passed, save the information of the pseudo base station in the pseudo base station information list maintained by itself. In this way, even if the terminal is not currently connected to the pseudo base station, it can obtain the information of other pseudo base stations from the access network equipment, and save it, so as to avoid subsequent access to the pseudo base station, thereby reducing the terminal’s access to the pseudo base station. possibility.

As shown in FIG. 5, an embodiment of the present application also provides a schematic flow chart of cell access;

Step 51: The terminal establishes a secure connection with the access network equipment.

Optionally, step 52: the terminal reports the measurement report of the cell to the access network device.

Step 53: The access network device detects a pseudo base station, and the access network device determines whether the terminal has a pseudo base station defense capability, and if so, execute step 54.

The access network equipment may detect pseudo base stations or detect man-in-the-middle pseudo base stations according to the measurement report of the cell reported in step 52.

Step 54: Send an RRC message with integrity protection to the terminal, which includes the pseudo base station information, for example, the system information of the pseudo base station cell and/or the hash value of the system information, downlink frequency, PCI, etc.

Step 55: After the terminal passes the verification of the RRC message, it saves the pseudo base station information in the pseudo base station information list maintained by itself.

Step 56: In the subsequent cell reselection, the terminal first measures the signal quality of the neighboring cell, and reads the basic system information of the neighboring cell (that is, the system information in MIB and SIB1). The terminal first compares the basic system information of the measured cell with the pseudo base station information stored in the locally maintained pseudo base station information list, and when it is determined that the measured neighboring cell is the cell of the pseudo base station, the measurement is ignored To the neighboring cell; otherwise, follow the normal process for cell reselection.

Step 57: After the cell is reselected, the terminal continues to monitor other system information of the cell (other system information except MIB and SIB1), and compares the monitored other system information with the pseudo base station information stored in the locally maintained pseudo base station information list. The base station information is compared, and if it is found to be a pseudo base station, then leave the cell.

In this application, the access network device can report the pseudo base station information to the core network device, and can also transmit the pseudo base station information to other access network devices, and the core network devices can inform each other about the pseudo base station information. For example, when the access network device 1 finds a pseudo base station, the access network device 1 can report information about the pseudo base station to the core network device 1 connected to itself, and the core network device 1 can report to all access network devices connected to the core network device 1. (1-10) Issue related information of pseudo base station. Core network equipment 1 can also interact with core network equipment 2-10 about pseudo base station related information. Core network equipment 1-10 sends to their respective connected access network equipment 1-10, then 100 access network equipment obtains Information about the pseudo base station. Multiple access network devices deliver the pseudo base station information to multiple terminals, which can encourage more terminals to obtain the pseudo base station information.

Based on the same technical concept as the above cell access method, as shown in 6, an embodiment of the present application also provides a cell access device 600, and the cell access device 600 includes: a processing unit 601, a transceiver unit 602 .

In an embodiment, the apparatus 600 for cell access may be an apparatus on the side of an access network device, and the apparatus 600 may be used to perform operations performed by the access network device. Specifically, the device 600 may be the access network device itself, or may be a device composed of multiple functional units inside the access network device, and the device 600 may also be a chip.

For example, when the apparatus 600 performs operations performed by the access network equipment: the processing unit 601 is used to determine whether the terminal accesses the cell of the pseudo base station by itself or through other equipment. In this case, control the transceiver unit 602 to send a handover request message to the target access network device, the handover request message includes a handover reason value, the handover reason value is used to instruct the terminal to access the pseudo base station; and receive the target A handover response message sent by the base station, the handover response message including the information of the target cell allocated by the target access network device to the terminal; and a handover command message with integrity protection is sent to the terminal, the handover The command message includes the information of the target cell.

In a possible implementation, the information of the target cell includes a hash value of the system information of the target cell or the system information of the target cell.

In a possible implementation, the processing unit 601 is further configured to determine that the terminal has a pseudo base station defense capability before sending a handover request message to the target source access network device.

In a possible implementation, the transceiving unit 602 is further configured to receive capability information from the terminal, where the capability information includes an indication of whether the terminal has a pseudo base station defense capability; the processing unit 601 is also It is used to determine that the terminal has a pseudo base station defense capability according to the capability information.

In a possible implementation, the transceiving unit 602 is further configured to receive the measurement report of the cell reported by the terminal; the processing unit 601 is further configured to determine for the terminal that the terminal needs to be handed over according to the measurement report. Into the target cell.

In a possible implementation, the processing unit 601 is further configured to determine other terminals that establish a secure connection with the source access network device, and the transceiving unit 602 is further configured to send to the other terminals a complete In a downlink message with sexual protection, the downlink message includes cell information of the pseudo base station, and the other terminals have the pseudo base station defense capability.

In a possible implementation, the transceiving unit 602 is further configured to receive the measurement report of the cell reported by the terminal, and the processing unit 601 determines that the cell corresponding to the measurement report reported by the terminal includes the cell of the pseudo base station. Next, the transceiver unit 602 sends a downlink message with integrity protection to a terminal that establishes a secure connection with the access network device, and the downlink message includes the cell information of the pseudo base station.

For example, when the apparatus 600 performs an operation performed by the terminal: the transceiver unit 602 is configured to receive a handover command message with integrity protection sent by an access network device, and the handover command message includes information about the target cell, The handover cause value and the information of the first pseudo base station; the handover cause value is used to instruct the terminal to access the first pseudo base station; the processing unit 601 is used to save the information of the first pseudo base station to In the pseudo base station information list, and perform handover to the target cell.

In a possible implementation, the transceiver unit 602 is further configured to receive an integrity-protected radio resource control RRC message sent by the access network device, where the RRC message includes information about the second pseudo base station;

The processing unit 601 is further configured to save the information of the second pseudo base station in the pseudo base station information list.

In a possible implementation, the processing unit 601 is further configured to determine the measured cell based on the measured cell information and the pseudo base station information list when the terminal subsequently performs cell reselection Whether the cell is a cell of a pseudo base station; when it is determined that the measured cell is a cell of a pseudo base station, ignore the measured cell.

Based on the same technical concept as the above-mentioned cell access method, as shown in FIG. 7, an embodiment of the present application also provides a cell access device 700. The cell access device 700 includes a processor 701 and a transceiver. 702. Optionally, further includes a memory 703. The processor 701 is configured to call a set of programs, and when the programs are executed, the processor 701 executes the operations performed by the terminal or the access network device in the above cell access method. The memory 703 is used to store a program executed by the processor 701. The processing unit 601 in FIG. 6 can all be implemented by the processor 701, and the transceiver unit 602 can be implemented by the transceiver 702.

The processor may be a central processing unit (CPU), a network processor (NP), or a combination of CPU and NP.

The processor may further include a hardware chip or other general-purpose processors. The aforementioned hardware chip may be an application-specific integrated circuit (ASIC), a programmable logic device (PLD) or a combination thereof. The above-mentioned PLD can be a complex programmable logic device (CPLD), a field-programmable gate array (FPGA), a general array logic (generic array logic, GAL) and other programmable logic devices , Discrete gates or transistor logic devices, discrete hardware components, etc. or any combination thereof. The general-purpose processor may be a microprocessor or the processor may also be any conventional processor or the like.

It should also be understood that the memory mentioned in the embodiments of the present application may be a volatile memory or a non-volatile memory, or may include both volatile and non-volatile memory. Among them, the non-volatile memory can be read-only memory (Read-Only Memory, ROM), programmable read-only memory (Programmable ROM, PROM), erasable programmable read-only memory (Erasable PROM, EPROM), and electrically available Erase programmable read-only memory (Electrically EPROM, EEPROM) or flash memory. The volatile memory may be a random access memory (Random Access Memory, RAM), which is used as an external cache. By way of exemplary but not restrictive description, many forms of RAM are available, such as static random access memory (Static RAM, SRAM), dynamic random access memory (Dynamic RAM, DRAM), synchronous dynamic random access memory (Synchronous DRAM, SDRAM), double data rate synchronous dynamic random access memory (Double Data Rate SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (Enhanced SDRAM, ESDRAM), synchronous connection dynamic random access memory (Synchlink DRAM, SLDRAM) ) And Direct Rambus RAM (DR RAM). It should be noted that the memories described in this application are intended to include, but are not limited to, these and any other suitable types of memories.

As shown in FIG. 8, a system for cell access is provided. The system includes a source access network device 81 and a target access network device 82 for performing the cell access method described above. The system may also include a terminal 83 that executes the method of cell access. Or, the system includes a source access network device 81 and a terminal 83 that execute the cell access method.

In a possible implementation, the source access network device 81 is configured to send a handover request message to the target access network device 82 when it is determined that the terminal accesses the cell of the pseudo base station. The handover request The message includes a handover reason value, the handover reason value is used to instruct the terminal to access the pseudo base station; the handover response message sent by the target access network device 82 is received, and the handover response message includes the target access network device 82 is the information of the target cell allocated by the terminal; sending a handover command message with integrity protection to the terminal, the handover command message including the target cell information; the target access network device 82 is used for Receive the handover request message sent by the source access network device 81, and send the handover response message to the source access network device 81.

In a possible implementation, the cell information of the pseudo base station further includes one or a combination of the following information: a physical cell identifier PCI, a downlink frequency point, and the time when the cell of the pseudo base station is detected.

In a possible implementation, before sending the handover request message to the target access network device 82, the source access network device 81 is further configured to: determine that the terminal has a pseudo base station defense capability.

In a possible implementation, the source access network device 81 is further configured to receive capability information from the terminal, where the capability information includes an indication of whether the terminal has a pseudo base station defense capability; according to the capability Information to determine that the terminal has a pseudo base station defense capability.

In a possible implementation, the source access network device 81 is further configured to receive a measurement report of a cell reported by the terminal, and determine the target cell that needs to be handed over for the terminal according to the measurement report .

In a possible implementation, the source access network device 81 is also used to determine other terminals that establish a secure connection with the source access network device 81, and send a downlink message with integrity protection to the other terminals , The downlink message includes the cell information of the pseudo base station, and the other terminals have pseudo base station defense capabilities.

The embodiment of the present application also provides a communication device for implementing the cell access method provided above.

The embodiment of the present application also provides a computer storage medium storing a computer program, and the computer program includes a method for performing the above cell access.

The embodiment of the present application also provides a computer program product containing instructions, which when running on a computer, causes the computer to execute the cell access method provided above.

In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware or any combination thereof. When implemented by software, it can be implemented in the form of a computer program product in whole or in part. The computer program product includes one or more computer instructions. When the computer instructions are loaded and executed on the computer, the processes or functions described in the embodiments of the present application are generated in whole or in part. The computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable devices. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium. For example, the computer instructions may be transmitted from a website, computer, server, or data center. Transmission to another website, computer, server, or data center via wired (for example, coaxial cable, optical fiber, Digital Subscriber Line (DSL)) or wireless (for example, infrared, wireless, microwave, etc.). The computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server or a data center integrated with one or more available media. The usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, and a magnetic tape), an optical medium (for example, a high-density digital video disc (Digital Video Disc, DVD)), or a semiconductor medium (for example, a solid state disk (Solid State Disk, SSD)) etc.

Those skilled in the art should understand that the embodiments of the present application can be provided as methods, systems, or computer program products. Therefore, the present application may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, this application may adopt the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes.

This application is described with reference to flowcharts and/or block diagrams of methods, equipment (systems), and computer program products according to the embodiments of this application. It should be understood that each process and/or block in the flowchart and/or block diagram, and the combination of processes and/or blocks in the flowchart and/or block diagram can be implemented by computer program instructions. These computer program instructions can be provided to the processor of a general-purpose computer, a special-purpose computer, an embedded processor, or other programmable data processing equipment to generate a machine, so that the instructions executed by the processor of the computer or other programmable data processing equipment are generated It is a device that realizes the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.

These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device. The device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.

These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment. The instructions provide steps for implementing functions specified in a flow or multiple flows in the flowchart and/or a block or multiple blocks in the block diagram.

Although the preferred embodiments of the present application have been described, those skilled in the art can make additional changes and modifications to these embodiments once they learn the basic creative concept. Therefore, the appended claims are intended to be interpreted as including the preferred embodiments and all changes and modifications falling within the scope of the present application.

Obviously, those skilled in the art can make various changes and modifications to the embodiments of the present application without departing from the spirit and scope of the embodiments of the present application. In this way, if these modifications and variations of the embodiments of this application fall within the scope of the claims of this application and their equivalent technologies, this application is also intended to include these modifications and variations.

Claims

A system for cell access, which is characterized by comprising: source access network equipment and target access network equipment;

The source access network device is used for:

In the case of determining that the terminal accesses the cell of the pseudo base station, a handover request message is sent to the target access network device, the handover request message includes a handover reason value, and the handover reason value is used to instruct the terminal to access the pseudo base station ；

Receiving a handover response message sent by the target access network device, where the handover response message includes information about the target cell allocated by the target access network device to the terminal;

Sending a handover command message with integrity protection to the terminal, where the handover command message includes the information of the target cell;

The target access network device is used to:

Receiving a handover request message sent by the source access network device, and sending the handover response message to the source access network device.
The system according to claim 1, wherein the information of the target cell includes a hash value of the system information of the target cell or the system information of the target cell.
The system according to any one of claims 1-2, wherein the handover command message further includes the handover reason value and the cell information of the pseudo base station.
The system according to claim 3, wherein the cell information of the pseudo base station includes a hash value of the system information of the pseudo base station cell or the system information of the pseudo base station cell.
The system according to claim 4, wherein the cell information of the pseudo base station further comprises one or a combination of the following information:

The physical cell identifies the PCI, the downlink frequency point, and the time when the cell where the pseudo base station is detected.
The system according to any one of claims 1-5, wherein before sending a handover request message to the target access network device, the source access network device is further configured to:

It is determined that the terminal has a pseudo base station defense capability.
7. The system according to claim 6, wherein the source access network device is further configured to receive capability information from the terminal, and the capability information includes an indication of whether the terminal has a pseudo base station defense capability; According to the capability information, it is determined that the terminal has a pseudo base station defense capability.
The system according to any one of claims 1-7, wherein the source access network device is further configured to receive the measurement report of the cell reported by the terminal, and determine the need for the terminal according to the measurement report. The target cell accessed by handover.
The system according to any one of claims 1-8, wherein the source access network device is further configured to determine other terminals that establish a secure connection with the source access network device, and report to the other terminal Sending a downlink message with integrity protection, the downlink message including cell information of the pseudo base station, wherein the other terminals have a pseudo base station defense capability.
A method for cell access, characterized by comprising:

The terminal receives a handover command message with integrity protection sent by the access network equipment, where the handover command message includes information about the target cell, a handover reason value, and information about the first pseudo base station; the handover reason value is used to indicate the The terminal accesses the first pseudo base station;

The terminal saves the information of the first pseudo base station in a pseudo base station information list, and performs handover to the target cell.
The method of claim 10, wherein the method further comprises:

Receiving a radio resource control RRC message with integrity protection sent by the access network device, where the RRC message includes the information of the second pseudo base station;

The terminal saves the information of the second pseudo base station in the pseudo base station information list.
The method according to claim 10 or 11, wherein the method further comprises:

When subsequently performing cell reselection, the terminal determines whether the measured cell is a cell of a pseudo base station according to the information of the measured cell and the pseudo base station information list;

When it is determined that the measured cell is a cell of a pseudo base station, the measured cell is ignored.
The method according to any one of claims 10-12, wherein the information of the target cell comprises a hash value of the system information of the target cell or the system information of the target cell.
The method according to any one of claims 11-13, wherein the information of the first pseudo base station comprises:

The hash value of the system information of the cell of the first pseudo base station or the system information of the cell of the first pseudo base station;

The information of the second pseudo base station includes:

The hash value of the system information of the cell of the second pseudo base station or the system information of the cell of the second pseudo base station.
The method according to claim 14, wherein the information of the first pseudo base station further comprises one or a combination of the following information: physical cell identifier PCI, downlink frequency point, and detection of the first pseudo base station The time of the cell;

The information of the second pseudo base station further includes one or a combination of the following information: a physical cell identifier PCI, a downlink frequency point, and a time when the cell of the second pseudo base station is detected.
A method for cell access, characterized by comprising:

When the source access network device determines that the terminal accesses the cell of the pseudo base station, it sends a handover request message to the target access network device. The handover request message includes a handover reason value, and the handover reason value is used to instruct the terminal to access Into the pseudo base station;

Receiving, by the source access network device, a handover response message sent by the target base station, where the handover response message includes information about the target cell allocated by the target access network device to the terminal;

The source access network device sends a handover command message with integrity protection to the terminal, where the handover command message includes the information of the target cell.
The method according to claim 16, wherein the information of the target cell comprises a hash value of the system information of the target cell or the system information of the target cell.
The method according to claim 16 or 17, wherein the handover command message further includes the handover reason value and cell information of the pseudo base station.
The method according to claim 18, wherein the information of the cell of the pseudo base station comprises a hash value of the system information of the cell of the pseudo base station or the system information of the cell of the pseudo base station.
The method according to claim 19, wherein the cell information of the pseudo base station further comprises one or a combination of the following information:

The physical cell identifies the PCI, the downlink frequency point, and the time when the cell where the pseudo base station is detected.
The method according to any one of claims 16-20, wherein before sending a handover request message to the target source access network device, the method further comprises:

The source access network device determines that the terminal has a pseudo base station defense capability.
The method of claim 21, wherein the method further comprises:

The source access network device receives capability information from the terminal, where the capability information includes an indication of whether the terminal has a pseudo base station defense capability; according to the capability information, it is determined that the terminal has a pseudo base station defense capability.
The method according to any one of claims 16-22, wherein the method further comprises:

The source access network device receives the measurement report of the cell reported by the terminal, and determines the target cell that needs to be handed over for the terminal according to the measurement report.
The method according to any one of claims 16-23, wherein the method further comprises:

The source access network device determines other terminals that establish a secure connection with the source access network device, and sends a downlink message with integrity protection to the other terminal, and the downlink message includes the cell information of the pseudo base station Information, wherein the other terminal has a pseudo base station defense capability.
A system for cell access, which is characterized by comprising: access network equipment and terminals;

The access network device is configured to send integrity protection to the terminal that establishes a secure connection with the access network device when it is determined that the cell corresponding to the measurement report reported by the terminal includes the cell of the pseudo base station The downlink message includes the cell information of the pseudo base station;

The terminal is configured to receive a downlink message with integrity protection from the access network device, and after passing the integrity check on the downlink message, the cell information of the pseudo base station in the downlink message Save to the pseudo base station information list.
The system according to claim 25, wherein, before sending a downlink message with integrity protection to the terminal, the access network device is further configured to:

It is determined that the terminal has a pseudo base station defense capability.
The system according to claim 26, wherein the terminal is further configured to report capability information of the terminal to the access network device;

The access network device is further configured to receive capability information from the terminal, where the capability information includes an indication of whether the terminal has a pseudo base station defense capability; and according to the capability information, it is determined that the terminal has a pseudo base station Defense ability.
The system according to any one of claims 25-27, wherein the information of the cell of the pseudo base station comprises a hash value of the system information of the cell of the pseudo base station or the system information of the cell of the pseudo base station .
The system according to claim 28, wherein the cell information of the pseudo base station further comprises one or a combination of the following information:

The physical cell identifies the PCI, the downlink frequency point, and the time when the cell where the pseudo base station is detected.
The system according to any one of claims 25-29, wherein the terminal is further configured to determine the cell reselection according to the information of the measured cell and the pseudo base station information list when performing cell reselection. Whether the measured cell is a pseudo base station cell;

When it is determined that the measured cell is a cell of a pseudo base station, the measured cell is ignored.
A method for cell access, characterized by comprising:

The terminal receives a downlink message with integrity protection from the access network device;

After passing the integrity check on the downlink message, the terminal saves the cell information of the pseudo base station in the downlink message in the pseudo base station information list.
The method of claim 31, further comprising:

When subsequently performing cell reselection, the terminal determines whether the measured cell is a cell of a pseudo base station according to the information of the measured cell and the pseudo base station information list;

When it is determined that the measured cell is a cell of a pseudo base station, the measured cell is ignored.
The method according to claim 31 or 32, further comprising:

The terminal reports its own capability information to the access network device, where the capability information includes an indication of whether the terminal has a pseudo base station defense capability.
The method according to any one of claims 31-33, further comprising:

The terminal reports the measurement report of the cell to the access network device.
A method for cell access, characterized by comprising:

When determining that the cell corresponding to the measurement report reported by the terminal includes the cell of the pseudo base station, the access network device sends a downlink message with integrity protection to the terminal that establishes a secure connection with the access network device. In the downlink message Including the cell information of the pseudo base station.
The method according to claim 35, wherein before sending a downlink message with integrity protection to the terminal, the method further comprises:

The access network device determines that the terminal has a pseudo base station defense capability.
The method according to claim 35 or 36, further comprising:

The access network device receives capability information from the terminal, where the capability information includes an indication of whether the terminal has a pseudo base station defense capability; according to the capability information, it is determined that the terminal has a pseudo base station defense capability.
The method according to any one of claims 35-37, wherein the cell information of the pseudo base station comprises a hash value of the system information of the cell of the pseudo base station or the system information of the cell of the pseudo base station .
The method according to claim 38, wherein the cell information of the pseudo base station further comprises one or a combination of the following information:

The physical cell identifies the PCI, the downlink frequency point, and the time when the cell where the pseudo base station is detected.
A device for cell access, which is characterized by comprising: a transceiver and a processor;

The transceiver is used to receive and send messages;

The processor is configured to execute a set of programs. When the program is executed, the device can execute the method according to any one of claims 10-15 or the method according to any one of claims 16-24 through the processor Or the method of any one of claims 31-34 or the method of any one of claims 35-39.
A computer-readable storage medium, characterized in that computer-readable instructions are stored in the computer storage medium, and when the computer reads and executes the computer-readable instructions, the computer executes any one of claims 10-15 The method of item or the method of any one of claims 16-24 or the method of any one of claims 31-34 or the method of any one of claims 35-39.
A computer program product, characterized in that when the computer reads and executes the computer program product, the computer is caused to execute the method according to any one of claims 10-15 or the method according to any one of claims 16-24 Or the method of any one of claims 31-34 or the method of any one of claims 35-39.
A chip, characterized in that the chip is coupled with a memory, and is used to read and execute a software program stored in the memory to implement the method according to any one of claims 10-15 or claims 16-24 The method of any one or the method of any one of claims 31-34 or the method of any one of claims 35-39.
A communication device, characterized in that it is used to implement the method according to any one of claims 10-15 or the method according to any one of claims 16-24 or the method or right according to any one of claims 31-34 The method described in any one of 35-39 is required.