WO2022147838A1 - Wireless communication method and apparatus - Google Patents

Wireless communication method and apparatus Download PDF

Info

Publication number
WO2022147838A1
WO2022147838A1 PCT/CN2021/071128 CN2021071128W WO2022147838A1 WO 2022147838 A1 WO2022147838 A1 WO 2022147838A1 CN 2021071128 W CN2021071128 W CN 2021071128W WO 2022147838 A1 WO2022147838 A1 WO 2022147838A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
terminal device
security
base station
request
Prior art date
Application number
PCT/CN2021/071128
Other languages
French (fr)
Chinese (zh)
Inventor
张博
何承东
邓娟
李飞
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2021/071128 priority Critical patent/WO2022147838A1/en
Priority to CN202180087378.8A priority patent/CN116711336A/en
Publication of WO2022147838A1 publication Critical patent/WO2022147838A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/06Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services

Definitions

  • the present application relates to the field of communication, and more particularly, to a method and apparatus for wireless communication.
  • IMS-VoPS capability means that the UE can maintain the continuity of the IMS-VoPS service in the PS domains of the different networks when it switches between different networks.
  • the different networks may be 4G, 5G, etc. networks.
  • the network needs to determine whether the UE and the network have the IMS-VoPS capability through the radio access network (RAN). If both the UE and the network have the IMS-VoPS capability, the network can provide the UE with IMS-VoPS. business. Specifically, after the access and mobility management function (AMF) network element receives the registration request message sent by the UE, it can send the UE capability matching request to the RAN, so that the RAN can determine whether both the UE and the network have IMS-VoPS capability. If the AMF has the radio capability (UE radio capability) information of the UE, the AMF will carry the radio capability information of the UE in the UE capability matching request. The RAN determines whether the UE has the IMS-VoPS capability according to the radio capability information of the UE.
  • AMF access and mobility management function
  • the RAN When the RAN does not obtain the radio capability information of the UE, the RAN needs to request the UE for the radio capability information of the UE. However, in some cases, the RAN cannot successfully obtain the wireless capability information of the UE from the UE, so that the RAN cannot determine whether the UE has the IMS-VoPS capability.
  • the UE provides IMS-VoPS services.
  • the wireless communication method in the embodiment of the present application enables the RAN to successfully determine whether the UE side has the IMS-VoPS capability.
  • a method for wireless communication comprising: a network device receiving a first message from a terminal device; the network device determining whether the terminal device supports access stratum (access stratum, AS) security; When the terminal device does not support the AS security, the network device sends first indication information and first request information to the base station, where the first indication information is used to indicate that the terminal device does not support the AS security , the first request information is used to request the base station to determine whether the terminal device has the IMS-VoPS capability according to the wireless capability of the terminal device.
  • access stratum access stratum
  • the wireless communication method of the embodiment of the present application indicates to the base station that the terminal device does not support AS security, so that the base station sends a message to the terminal device when the AS security is not established (or the AS security establishment fails, or the AS null algorithm protection).
  • the request information for acquiring wireless capability information the request information is not protected by AS security, so that the base station can still successfully acquire the wireless capability information of the terminal device even if the terminal device does not have AS security, so that it can successfully determine the terminal side Whether it has IMS-VoPS capability.
  • the first indication information and the first request information may be delivered in one message, or may be delivered in different messages.
  • the first request information may be carried in the capability matching request message, occupying one or more fields.
  • the first indication information may be carried in the capability matching request message, or may be carried in other messages.
  • the foregoing solution is a process in the case that the terminal device does not support the AS security.
  • the network device may also determine whether the terminal device needs to enable AS security or whether it is currently required to enable AS security.
  • the network device determines that the terminal device does not need to enable AS security or currently does not need to enable AS security, for example, in an emergency service scenario, the terminal device does not need to enable AS security currently, the network device sends first indication information to the base station, and the first indication information is used To indicate that the terminal device does not need to enable AS security or currently does not need to enable AS security.
  • the first indication information is used to indicate an emergency service.
  • the network device determines that the terminal device does not support AS security
  • the network device sends the encryption null algorithm and/or the integrity protection null algorithm to the base station.
  • the method further includes: in the case that the terminal device supports the AS security, the network device sends second request information to the base station, and the The second request information is used to request the base station to establish an AS security context; after receiving the response information from the base station in response to the second request information, the network device sends the first request to the base station information.
  • the base station is requested to establish the AS security context, so that the base station sends request information for acquiring wireless capability information to the terminal device when the AS security establishment is completed. , so that the information exchanged between the base station and the terminal device can be protected by AS security, so that the wireless capability information of the terminal device can be successfully obtained and whether the terminal side has the IMS-VoPS capability can be successfully judged.
  • the network device determining whether the terminal device supports establishing access layer AS security includes: the network device receiving second indication information, the second The indication information is used to determine whether the terminal device supports the AS security.
  • the receiving the second indication information includes: the network device receiving mobility management MM capability information from the terminal device, the mobility management capability The information carries the second indication information; or the network device receives subscription information from a unified data manager (UDM), where the subscription information carries the second indication information.
  • UDM unified data manager
  • the second indication information carries an emergency service identifier, and at this time, the second indication information is used to indicate that the terminal device does not support AS security or does not need to enable AS security.
  • the emergency service identifier is used to indicate an emergency service scenario that does not need to enable the security mechanism (including AS security) of the terminal device.
  • the base station determines whether the terminal device has the IMS-VoPS capability according to the wireless capability information of the terminal device. Then the base station sends the judgment result to the network device, and the network device can determine whether it can provide the IMS-VoPS service for the terminal device according to the judgment result.
  • the method further includes: the network device receives a message from the base station wireless capability information and integrity protection parameters of the terminal device, the integrity protection parameters are used to verify whether the wireless capability information of the terminal device has been tampered with; the network device verifies according to the first key and the integrity protection parameters Whether the terminal wireless capability information has been tampered with, the first key is a shared key between the network device and the terminal device; in the case that the terminal wireless capability information has been tampered with, optionally, The network device re-sends the capability matching request message to the base station, and after re-receiving the capability matching request message of the terminal device, the base station re-sends the capability query message to the terminal device to request the wireless capability information of the terminal device; or, the network device sends an indication to the base station The base station resends the indication information of the capability query message of the terminal device; or
  • the wireless communication method verifies the wireless capability information sent by the terminal device through the integrity protection parameter, so as to ensure that the wireless capability information sent by the terminal device has not been tampered with by the attacker, and prevent the attacker from executing the wireless capability information sent by the terminal device.
  • the dimensionality reduction attack of capability information modification thereby ensuring the security of communication.
  • a method for wireless communication comprising: providing a method for wireless communication, the method comprising: a network device receiving a first message from a terminal device; the network device determining whether the terminal device is Support AS security or whether to enable the AS security; in the case that the terminal device does not support the AS security or does not need to enable the AS security, the network device sends the first indication information and the first request information to the base station, The first indication information is used to indicate that the terminal device does not support the AS security, and the first request information is used to request the base station to determine whether the terminal device has IMS-VoPS according to the wireless capability of the terminal device ability.
  • the method further includes: in the case that the terminal device supports the AS security or needs to enable the AS security, the network device sends a message to the base station sending second request information, where the second request information is used to request the base station to establish an AS security context; after receiving the response information from the base station in response to the second request information, the network device sends the The base station sends the first request information.
  • a method for wireless communication comprising: receiving a first message from a terminal device by a network device; determining, by the network device, whether the terminal device supports access layer AS security; When the AS is secure, the network device sends second request information to the base station, where the second request information is used to request the base station to establish an AS security context; after receiving a response from the base station to the After the response information for the second request information, the network device sends the first request information to the base station.
  • the network device after the network device receives a response message for the second request information from the base station, the network device sends the first request information to the base station; or, after the network device sends the second request information , that is, the first request information is sent.
  • the base station is requested to establish the AS security context, so that the base station sends request information for acquiring wireless capability information to the terminal device when the AS security establishment is completed. , so that the information exchanged between the base station and the terminal device can be protected by AS security, so that the wireless capability information of the terminal device can be successfully obtained and whether the terminal side has the IMS-VoPS capability can be successfully judged.
  • the access and mobility management network element determines whether the user equipment UE supports establishing access stratum AS security, including: the access and mobility management network element receives second indication information, where the second indication information is used to determine whether the UE supports the AS security.
  • the receiving the second indication information includes: the network device receiving mobility management MM capability information from the terminal device, the mobility management capability The information carries the second indication information; or the network device receives UE subscription information from the unified data management UDM, and the terminal device subscription information carries the second indication information.
  • the method further includes: the network device receives the information from the base station UE radio capability information and integrity protection parameters, the UE radio capability information is used by the network device to save the UE radio capability information, and the integrity protection parameter is used to verify whether the UE radio capability information has been tampered with;
  • the access and mobility management network element verifies whether the UE wireless capability information has been tampered with according to the first key and the integrity protection parameter; in the case that the UE wireless capability information has been tampered with, the network device sends the information to the The base station sends a rejection message, or sends the first request information to the base station again.
  • a method for wireless communication comprising: a base station receiving first indication information and first request information from a network device, where the first indication information is used to indicate at least one of the following: a first A terminal device does not support the AS security, the first terminal device does not need to enable the AS security, the first terminal device does not currently need to enable the AS security, and the first terminal device requests an emergency service, the first request information is used for requesting the base station to determine whether the first terminal device has the IMS-VoPS capability according to the wireless capability of the first terminal device; after the base station receives the first request information, if the base station cannot pass the If the wireless capability information of the first terminal device is obtained from the information stored in the base station and the information carried in the first request information, a message for obtaining the first terminal device is sent to the first terminal device according to the first indication information.
  • Request information for wireless capability information of a terminal device is not protected by AS security; the base station obtains the wireless capability information of the first terminal device from the response information from the first terminal device; the base station Determine whether the first terminal device has the IMS-VoPS capability according to the wireless capability information of the first terminal device, and feed back the determination result to the network device.
  • the network device can determine whether it can provide the IMS-VoPS service for the terminal device according to the judgment result.
  • the base station determines whether the terminal device has the IMS-VoPS capability according to the wireless capability information of the terminal device, and sends the determination result to the network device.
  • the method further includes: the base station receiving second request information from the network device, where the second request information is used to request the base station to establish an AS security context with a second terminal device that supports the AS security; the base station establishes the AS security with the second terminal device, and sends a response message to the network device.
  • the method further includes: the base station receiving third request information from the network device, the The third request information is used to request the RAN to determine whether the second terminal device has the IMS-VoPS capability according to the wireless capability of the second terminal device; after the base station receives the first request information, the If the base station cannot obtain the wireless capability information of the second terminal device through the information saved by the base station and the information carried in the first request information, it sends a message for obtaining the second terminal device to the second terminal device.
  • the base station obtains the wireless capability information of the second terminal device from the response information from the second terminal device; the base station according to The wireless capability information of the second terminal device determines whether the second terminal device has the IMS-VoPS capability, and feeds back the determination result to the network device.
  • the method further includes: receiving, by the base station, radio capability information and integrity protection parameters of the terminal device from the first terminal device; the The base station sends the wireless capability information and integrity protection parameters of the first terminal device to the network device, and the integrity protection parameters are used to verify whether the wireless capability information of the first terminal device has been tampered with; the base station A rejection message indicating that the wireless capability information of the first terminal device has been tampered with is received from the network device, or the first request information is received again.
  • a method for wireless communication includes: a terminal device determines whether to support establishing access stratum AS security; the terminal device sends third indication information, where the third indication information is used to indicate the Whether the terminal device supports establishing the AS security.
  • sending the third indication information by the terminal device includes: the terminal device sending the third indication information to the access and mobility management network element; or The terminal device sends the third indication information to the radio access network base station.
  • the third indication information may not be sent through the registration request message.
  • the third indication information is an independent parameter, and the UE may send the parameter to the AMF separately through other messages, which is not limited in this application. .
  • the third indication information may be a part of UE security capability (UE security capability) information, where the UE security capability information is used to represent the security capability of the UE, including information such as security algorithms supported by the UE. Therefore, the third indication information can also be written into the UE security capability information and sent to the AMF.
  • UE security capability UE security capability
  • the third indication information may be other information that can be used to indicate the AS security capability of the UE.
  • the first indication information is the indication information (CP only indication information) indicating that the UE only supports the control plane cellular IoT (control plane cellular IoT, CP CIoT) service, because the CP CIoT service does not require AS security, and therefore only supports the CP
  • the UE of the CIoT service can be understood as the UE does not support AS security.
  • the third indication information may also carry or may be a service identifier that does not require AS security.
  • This service identifier that does not require AS security indicates that the UE can use it without supporting AS security, so it can be understood that the UE does not support AS security. .
  • the method further includes: receiving, by the terminal device, a third request message from the base station, where the third request message is used to request to obtain the information of the terminal device.
  • Radio capability information the radio capability information of the terminal device is used to determine whether the terminal device supports IMS voice services; the terminal device sends the radio capability information and integrity protection parameters of the terminal device to the base station, the integrity The protection parameter is used to verify whether the wireless capability information of the terminal device has been tampered with.
  • the method further includes: the terminal device calculates the integrity protection parameter according to the first key and the wireless capability information of the terminal device, and the The first key is a shared key between the UE and the access and mobility management network element.
  • a wireless communication method comprising: a network device receiving wireless capability information of a terminal device; the network device receiving the capability information of a base station; the network device receiving the wireless capability information of the terminal device according to the network device and the capability information of the base station to determine whether the IMS voice service is supported between the terminal device and the base station.
  • the network device receiving the wireless capability information of the terminal device includes: the network device receiving the wireless capability information from the terminal device; or the network device receiving the wireless capability information from the terminal device; Radio capability information of the terminal device of the base station.
  • the network device receiving the wireless capability information of the terminal device includes: receiving a non-access stratum NAS security mode completion message from the terminal device, the security The mode completion message includes wireless capability information of the terminal device, and the NAS security mode completion message is used to indicate that the NAS security establishment is completed.
  • the wireless capability information of the terminal device includes a first service characteristic parameter, and the first service characteristic parameter can be used to determine whether the UE supports the IMS Voice service;
  • the capability information of the base station includes a second service characteristic parameter, and the second service characteristic parameter can be used to judge whether the RAN supports the IMS voice service.
  • an apparatus for wireless communication comprising: a transceiver module for receiving a first message from a terminal device; a processing module for determining whether the terminal device supports access layer AS security; In the case that the terminal device does not support the AS security, the transceiver module is further configured to send first indication information and first request information to the base station, where the first indication information is used to indicate that the terminal device does not support the AS security, the first request information is used to request the base station to determine whether the terminal device has the IMS-VoPS capability according to the wireless capability of the terminal device.
  • the transceiver module can perform the processing of receiving and sending in the aforementioned first to third aspects and the fifth aspect, and the processing module can perform the processing of receiving and sending in the aforementioned first aspect to the third aspect and the fifth aspect. deal with.
  • an apparatus for wireless communication includes: a transceiver module for receiving first indication information and first request information from a network device, where the first indication information is used to indicate a first terminal device The AS security is not supported, and the first request information is used to request the base station to determine whether the first terminal device has the IMS-VoPS capability according to the wireless capability of the first terminal device; the transceiver module also uses After receiving the first request information, if the wireless capability information of the first terminal device cannot be obtained through the stored information and the information carried in the first request information, the wireless capability information of the first terminal device will be sent to the terminal according to the first indication information.
  • the first terminal device sends request information for acquiring wireless capability information of the first terminal device, and the request information is not protected by AS security; the processing module is configured to obtain the response information from the first terminal device from the response information Obtain the wireless capability information of the first terminal device in It is also used for feeding back the judgment result to the network device.
  • the transceiver module may perform the processing of receiving and transmitting in the foregoing fourth aspect, and the processing module may perform other processing except for receiving and transmitting in the foregoing third aspect.
  • a communication device comprising: a processor configured to execute a computer program stored in a memory, so that the communication device executes any one of the possible implementations of the first to sixth aspects .
  • a computer-readable storage medium is provided, a computer program is stored on the computer-readable storage medium, and when the computer program runs on a computer, the computer is made to execute any one of the first to sixth aspects. one possible implementation.
  • a chip system includes: a processor for calling and running a computer program from a memory, so that a communication device on which the chip system is installed executes the first to sixth aspects any possible implementation.
  • the terminal device determines whether the terminal device supports AS security.
  • the terminal device does not support AS security, by indicating to the network device that the terminal device does not support AS security, so that the base station does not establish AS security (or the AS security establishment fails, or the AS null algorithm protection case), Send the request information for obtaining wireless capability information to the terminal device, so that the base station can still successfully obtain the wireless capability information of the terminal device even if the terminal device does not support AS security, so as to successfully determine whether the terminal side has IMS-VoPS ability.
  • the terminal device When the terminal device supports AS security, request the base station to establish the AS security context, so that the base station sends the request information for acquiring the wireless capability information to the terminal device when the AS security context is established, so that the base station and the terminal device can communicate with each other.
  • the information exchanged between the two devices can be protected by the AS security, so that the wireless capability information of the terminal device can be successfully obtained, and whether the terminal side has the IMS-VoPS capability can be successfully judged.
  • FIG. 1 is a schematic diagram of a network architecture suitable for the method provided by the embodiment of the present application.
  • FIG. 2 is a schematic flow chart of the network side judging whether the UE has the IMS-VoPS capability.
  • FIG. 3 is a schematic flowchart of a communication method provided by an embodiment of the present application.
  • FIG. 4 is a schematic flowchart of a communication method provided by another embodiment of the present application.
  • FIG. 5 is a schematic flowchart of a communication method provided by another embodiment of the present application.
  • FIG. 6 is a schematic flowchart of a communication method provided by another embodiment of the present application.
  • FIG. 7 is a schematic flowchart of a communication method provided by another embodiment of the present application.
  • FIG. 8 is a schematic flowchart of a communication method provided by another embodiment of the present application.
  • FIG. 9 is a schematic flowchart of a communication method provided by another embodiment of the present application.
  • FIG. 10 is a schematic flowchart of a communication method provided by another embodiment of the present application.
  • FIG. 11 is a schematic block diagram of an example of a network device of the present application.
  • FIG. 12 is a schematic block diagram of an example of a base station of the present application.
  • FIG. 13 is a schematic block diagram of an example of the communication device of the present application.
  • FIG. 14 is a schematic block diagram of still another example of the communication device of the present application.
  • FIG. 15 is a schematic structural diagram of the communication device of the present application.
  • LTE long term evolution
  • FDD frequency division duplex
  • TDD time division duplex
  • UMTS universal mobile telecommunication system
  • WiMAX worldwide interoperability for microwave access
  • the network elements involved in this application mainly include terminal equipment, access network equipment and mobility management network elements.
  • the access network equipment and the terminal equipment are connected through a wireless air interface, which can manage wireless resources, provide access services for the terminal equipment, and then complete the forwarding of control signals and user plane data between the terminal equipment and the core network.
  • the mobility management network element is connected to the access network equipment in a wired or wireless manner, and is mainly used for mobility management and access management.
  • a terminal device may be a user equipment (UE), access terminal, subscriber unit, subscriber station, mobile station, mobile station, remote station, remote terminal, mobile device, user terminal, terminal, wireless communication device, user agent or user device.
  • the terminal device in the embodiment of the present application may also be a mobile phone (mobile phone), a tablet computer (pad), a computer with a wireless transceiver function, a virtual reality (virtual reality, VR) terminal device, an augmented reality (augmented reality, AR) Terminal equipment, wireless terminals in industrial control, wireless terminals in self driving, wireless terminals in remote medical, wireless terminals in smart grid, transportation security Wireless terminals in (transportation safety), wireless terminals in smart cities, wireless terminals in smart homes, etc.
  • VR virtual reality
  • AR augmented reality Terminal equipment
  • the access network equipment may be an evolved Node B (evolved Node B, eNB), a radio network controller (radio network controller, RNC), a Node B (Node B, NB), a base station controller (base station controller, BSC), Base transceiver station (base transceiver station, BTS), home base station (home evolved NodeB, or home Node B, HNB), baseband unit (baseBand unit, BBU), wireless fidelity (wireless fidelity, WIFI) access point in the system (access point, AP), wireless relay node, wireless backhaul node, transmission point (transmission point, TP) or transmission and reception point (transmission and reception point, TRP), etc.
  • eNB evolved Node B
  • RNC radio network controller
  • Node B Node B
  • BSC base station controller
  • Base transceiver station base transceiver station
  • BTS home base station
  • home evolved NodeB home evolved NodeB, or home Node B, HNB
  • baseband unit base
  • the access network equipment can also be 5G, such as NR, gNB in the system, or, transmission point (TRP or TP), one or a group (including multiple antenna panels) antenna panels of the base station in the 5G system, or, also It can be a network node that constitutes a gNB or a transmission point, such as a baseband unit (BBU), or a distributed unit (distributed unit, DU), etc.
  • 5G such as NR, gNB in the system, or, transmission point (TRP or TP), one or a group (including multiple antenna panels) antenna panels of the base station in the 5G system, or, also It can be a network node that constitutes a gNB or a transmission point, such as a baseband unit (BBU), or a distributed unit (distributed unit, DU), etc.
  • 5G such as NR, gNB in the system, or, transmission point (TRP or TP), one or a group (including multiple antenna panels) antenna panels of the
  • the mobility management network element may be a mobility management entity (mobility management entity, MME), a network element with MME function, an access and mobility management function (access and mobility management function, AMF) network element, a network element with AMF function, Non-3GPP interworking function (Non-3GPP interworking function, N3IWF) or serving GPRS support node (Serving GPRS Support Node, SGSN), etc.
  • MME mobility management entity
  • AMF access and mobility management function
  • N3IWF Non-3GPP interworking function
  • N3IWF serving GPRS support node
  • SGSN serving GPRS Support Node
  • the names of network elements may be different. The following describes this application by taking the naming of network elements in a 5G network as an example.
  • User equipment (UE) 101 may include various handheld devices with wireless communication functions, vehicle-mounted devices, wearable devices, computing devices or other processing devices connected to wireless modems, as well as various forms of terminals, Mobile station (mobile station, MS), terminal (terminal), soft terminal, etc. For example, water meters, electricity meters, sensors, etc.
  • Radio access network (radio access network, RAN) network element 102 hereinafter referred to as RAN, corresponding to access network equipment.
  • It is used to provide network access functions for authorized user equipment in a specific area, and can use different quality transmission tunnels according to the level of user equipment and service requirements.
  • the RAN network element can manage radio resources, provide access services for user equipment, and then complete the forwarding of control signals and user equipment data between the user equipment and the core network.
  • the RAN network element can also be understood as a base station in a traditional network.
  • RAN can be NB, eNB, gNB, ng-eNB, or any other access network device.
  • User plane function (UPF) 103 used for packet routing and forwarding and quality of service (quality of service, QoS) processing of user plane data, and the like.
  • the user plane network element may be a user plane function (UPF) network element.
  • the user plane network element may still be the UPF network element, or may have other names, which are not limited in this application.
  • Data network (DN) 104 a network for providing data transmission.
  • the data network element may be a data network element.
  • the data network element may still be a DN network element, or may have other names, which are not limited in this application.
  • AMF 105 Mainly used for mobility management and access management, etc., and can be used to implement other functions other than session management in MME functions, such as legal interception and access authorization/authentication functions.
  • the access and mobility management network element may be an access and mobility management function (AMF).
  • AMF access and mobility management function
  • the access and mobility management device may still be AMF, or may have other names, which are not limited in this application.
  • Session management function (SMF) 106 Mainly used for session management, Internet protocol (IP) address allocation and management of user equipment, selection and management of user plane functions, policy control and charging functions The endpoint of the interface and the downlink data notification, etc.
  • IP Internet protocol
  • the session management network element may be a session management function network element.
  • the session management network element may still be an SMF network element, or may have other names, which are not limited in this application.
  • PCF Policy control function
  • 107 a unified policy framework for guiding network behavior, providing policy rule information and the like for control plane functional network elements (such as AMF, SMF, etc.).
  • the policy control network element may be a policy and charging rules function (policy and charging rules function, PCRF) network element.
  • policy control network element may be a policy control function PCF network element.
  • the policy control network element may still be the PCF network element, or may have other names, which are not limited in this application.
  • Application function (AF) 108 used to perform data routing affected by applications, open functional network elements of the wireless access network, interact with the policy framework to perform policy control, and the like.
  • the application network element may be an application function network element.
  • the application network element may still be the AF network element, or may have other names, which are not limited in this application.
  • Unified data management (UDM) 109 used for processing UE identification, access authentication, registration, and mobility management.
  • the data management network element may be a unified data management network element; in a 4G communication system, the data management network element may be a home subscriber server (HSS) network element.
  • HSS home subscriber server
  • the unified data management may still be a UDM network element, or may have other names, which are not limited in this application.
  • Unified data repository (UDR) 110 It mainly includes the following functions: access functions of contract data, policy data, application data and other types of data.
  • Authentication server function (AUSF) 111 used to authenticate services, generate keys to realize bidirectional authentication of user equipment, and support a unified authentication framework.
  • the authentication server may be an authentication server function network element.
  • the authentication server function network element may still be the AUSF network element, or may have other names, which are not limited in this application.
  • the above network elements or functions may be network elements in hardware devices, software functions running on dedicated hardware, or virtualized functions instantiated on a platform (eg, a cloud platform).
  • a platform eg, a cloud platform.
  • the network device is the access and mobility management network element AMF
  • the base station is the radio access network RAN as an example for description.
  • the user equipment is connected to the AMF through the N1 interface
  • the RAN is connected to the AMF through the N2 interface
  • the RAN is connected to the UPF through the N3 interface.
  • the UPFs are connected through the N9 interface
  • the UPFs are interconnected through the N6 interface DN.
  • the SMF controls the UPF through the N4 interface.
  • the AMF interfaces with the SMF through the N11 interface.
  • the AMF obtains user equipment subscription data from the UDM unit through the N8 interface
  • the SMF obtains the user equipment subscription data from the UDM unit through the N10 interface.
  • network function network element entities such as AMF, SMF network element, PCF network element, BSF network element, and UDM network element are all called network function (NF) network elements;
  • NF network function
  • a set of network elements such as AMF, SMF network element, PCF network element, BSF network element, and UDM network element may be called control plane functional network elements.
  • the process 200 includes the following steps:
  • the UE sends a registration request message to the AMF.
  • the AMF sends a UE capability matching request message to the RAN.
  • the AMF After receiving the registration request sent by the UE, the AMF sends the UE capability matching request message to the RAN, so that the RAN determines whether the UE and the network have the IMS-VoPS capability.
  • the AMF If the AMF stores the radio capability information of the UE in advance, the AMF will carry the radio capability information of the UE in the UE capability matching request message.
  • the RAN If the RAN does not receive the wireless capability information of the UE from the AMF, and does not store the wireless capability information of the UE locally, optionally, at S230, the RAN sends a UE capability query message to the UE to request to obtain the UE. wireless capability information.
  • the UE sends its radio capability information to the RAN according to the UE capability query message sent by the RAN.
  • the RAN determines whether the UE has the IMS-VoPS capability according to the radio capability information of the UE.
  • the RAN can also determine whether the network has IMS-VoPS capability.
  • the RAN sends a UE capability matching response message to the AMF.
  • the RAN determines whether both the UE and the network have the IMS-VoPS capability. After the determination is completed, the RAN sends the determination result to the AMF through the UE capability matching response message.
  • the RAN sends a UE capability indication message to the AMF.
  • the RAN When the RAN performs steps S230 and S240, that is, the RAN does not have the wireless capability information of the UE, nor does it receive the wireless capability information of the UE from the AMF, but obtains the wireless capability information of the UE from the UE through the UE capability query message, The RAN may send the radio capability information of the UE to the AMF through the UE capability indication message. After the AMF receives the wireless capability information of the UE, it is stored locally, in case the above process needs to be performed later, the AMF can send the wireless capability information of the UE to the RAN for use.
  • the AMF sends a registration accept message to the UE.
  • the AMF determines the judgment result of the base station according to the UE capability matching response message.
  • the AMF will set the information used to indicate the IMS-VoPS capabilities in the network characteristic parameters, and accept the message through the registration
  • the network characteristic parameters in the are sent to the UE.
  • the RAN can send a request to the UE to obtain the wireless capability information of the UE. This means that for a UE that does not support establishing AS security context, if the RAN does not obtain the wireless capability information of the UE, and the RAN cannot obtain the wireless capability information from the UE, the RAN cannot determine whether the UE has IMS-VoPS. ability.
  • the RAN cannot obtain the wireless capability information of the UE, so the RAN cannot judge the UE side.
  • the RAN cannot judge whether the UE has the IMS-VoPS capability, so that the network cannot provide the IMS-VoPS service for the UE even if the UE has the IMS-VoPS capability.
  • the RAN in other scenarios, such as emergency services or scenarios where the UE does not support AS security, it is also necessary to solve the problem of how the RAN obtains the wireless capability of the UE, and then perform related judgments.
  • FIG. 3 shows a schematic flowchart of a wireless communication method 300 provided by an embodiment of the present application. As can be seen from Figure 3, the method 300 includes:
  • a terminal device sends a first message to a network device.
  • the network device receives a first message sent by the terminal device, where the first message may be, for example, a registration request message, where the registration request message is used by the terminal device to request the network device to access the network.
  • the first message may be, for example, a registration request message, where the registration request message is used by the terminal device to request the network device to access the network.
  • the network device determines that the terminal device does not support AS security.
  • the network device determines that the terminal device does not support AS security, in S303, the network device sends first indication information to the base station, where the first indication information is used to indicate that the terminal device does not support AS security.
  • the network device determines that the terminal device does not need to enable AS security or currently does not need to enable AS security. For example, in an emergency service scenario, the terminal device does not currently need to enable AS security.
  • the network device sends first indication information to the base station, where the first indication information is used to indicate that the terminal device does not need to enable AS security or does not currently need to enable AS security.
  • the first indication information is used to indicate an emergency service, and the base station determines, according to the first indication information, that the terminal device wishes to use the emergency service.
  • the network device when the network device determines that the terminal device does not support AS security, the network device sends an encryption null algorithm and/or an integrity protection null algorithm to the base station.
  • the base station determines, according to the encrypted null algorithm and/or the integrity protection null algorithm sent by the network device, that the terminal device does not support AS security, or that the terminal device (currently) does not need to enable AS security, or that the terminal device only supports AS security based on null algorithm protection.
  • the network device sends first request information to the base station, where the first request information is used to request the base station to determine whether the terminal device has the IMS-VoPS capability.
  • first indication information and the first request information may be delivered in one message, or may be delivered in different messages.
  • the first request information may be carried in the capability matching request message, occupying one or more fields.
  • the first indication information may be carried in the capability matching request message, or may be carried in other messages. That is, the first indication information and the first request information may be sent at the same time, or may be sent separately in succession, which is not limited in this application.
  • the base station sends request information for acquiring wireless capability information of the terminal device to the terminal device.
  • the base station After the base station receives the first request information sent by the network device, if the base station cannot obtain the wireless capability information of the terminal device from the information stored by itself and the information carried by the first request information, the base station will send the terminal device to the terminal device according to the first indication information. Send request information for acquiring wireless capability information of the terminal device, the request information is not protected by AS security.
  • the base station needs to send request information to the terminal device to obtain the wireless capability information of the network device.
  • the base station may determine that the terminal device does not support AS security, or, in another possible implementation manner, the base station determines, according to the first indication information, that the terminal device does not need to enable AS security or currently does not need to enable AS security Or the terminal device only supports AS security based on null algorithm protection or the terminal device wishes to use emergency services.
  • the base station sends the request information for acquiring the wireless capability information of the terminal device to the terminal device.
  • the request information is not protected by AS security.
  • the base station may not consider whether the base station and the first request information have the wireless capability information. Or, only one of them is considered, for example, the request information is sent after it is determined that it does not have the wireless capability information, or the request information is sent after it is determined that the first request information does not have the wireless capability information.
  • the terminal device sends its wireless capability information to the base station.
  • the terminal device After receiving the request information sent by the base station for acquiring the wireless capability information, the terminal device sends the wireless capability information of the terminal device to the base station, and the wireless capability information is also not protected by AS.
  • the base station determines whether the terminal device has the IMS-VoPS capability according to the wireless capability information of the terminal device. It should be understood that the present application does not limit the manner in which the base station determines whether the terminal device has the IMS-VoPS capability.
  • the base station sends the judgment result to the network device, and the judgment result may be the judgment result of whether the terminal device has IMS-VoPS capability made by the base station in S307, or whether the network supports IMS made by the base station.
  • the judgment result of the VoPS service or the judgment result of whether the terminal device and the network support the IMS-VoPS service, which is not limited in this application.
  • the network device can determine whether the network supports the IMS-VoPS service, or whether the terminal device can provide the IMS-VoPS service according to the judgment result.
  • the base station sends the wireless capability information obtained in S306 to the network device.
  • the wireless communication method indicates to the network device that the terminal device does not support AS security, so that the base station sends the terminal device to the terminal without establishing the AS security (or when the AS security establishment fails, or when the AS is protected by a null algorithm).
  • the device sends request information for acquiring wireless capability information, the request information is not protected by AS security, so that the base station can still successfully acquire the wireless capability information of the terminal device even if the terminal device does not support AS security, so that it can successfully determine Whether the terminal side has the IMS-VoPS capability.
  • FIG. 4 shows a schematic flowchart of a wireless communication method 400 provided by an embodiment of the present application. As can be seen from Figure 4, the method 400 includes:
  • a terminal device sends a first message to a network device.
  • the network device receives a first message sent by the terminal device, where the first message may be, for example, a registration request message, where the registration request message is used by the terminal device to request the network device to access the network.
  • the first message may be, for example, a registration request message, where the registration request message is used by the terminal device to request the network device to access the network.
  • the network device determines that the terminal device supports AS security.
  • the network device determines whether the terminal device supports AS security. Specifically, for example, the network device receives second indication information, where the second indication information is used to indicate whether the terminal device supports AS security.
  • the network device determines that the terminal device supports AS security, in S403, the network device sends second request information to the base station, where the second request information is used to request the base station to establish an AS security context.
  • the network device determines that the terminal device needs to enable AS security.
  • the network device receives second indication information, where the second indication information is used to indicate that the terminal device needs to enable AS security.
  • the network device determines that the terminal device needs to enable AS security, in S403, the network device sends second request information and instruction information indicating that the terminal device needs to enable AS security to the base station, where the second request information is used to request the base station to establish AS security.
  • the base station establishes the AS security context.
  • the base station establishes the AS security context with the terminal device according to the second request information. That is, the base station establishes the AS security context with the terminal, and then the base station can acquire the wireless capability information of the terminal device through the AS security context.
  • the base station sends response information to the network device.
  • the base station sends response information in response to the second request information to the network device.
  • the base station may send the response message to the network device after receiving the second request information, or may send the response message to the network after the AS security context is established, which is not limited in this application.
  • the network device sends third request information to the base station.
  • the network device after receiving the response information from the base station in response to the second request information, the network device sends the third request information to the base station; or after sending the second request information, the network device sends the third request message.
  • the third request information is used to request the base station to determine whether the terminal device has the IMS-VoPS capability according to the wireless capability information of the terminal device.
  • the third request information is similar to the first request information in the foregoing embodiment corresponding to FIG. 3 , for example, it may be carried in a capability matching request message, which will not be described again.
  • the base station after the base station receives the second request information sent by the network device and the instruction information indicating that the terminal device needs to enable AS security (or the instruction information that the terminal device currently needs to enable AS security) , the base station establishes the AS security context with the terminal device according to the second request information.
  • the base station sends request information for acquiring the wireless capability information of the terminal device to the terminal device according to the third request information; when the AS security context is failed to be established, the base station sends a reject message to the terminal device or indicates the AS Indication of a failed security context establishment.
  • the base station sends request information for acquiring wireless capability information of the terminal device to the terminal device.
  • the base station After the base station receives the first request information sent by the network device, if the base station cannot obtain the wireless capability information of the terminal device from the information stored by itself and the information carried in the third request information, the base station sends a message to the terminal device for obtaining the wireless capability information.
  • Request information for the wireless capability information of the terminal device the request information has been protected by AS security.
  • the base station when neither the base station nor the network device has wireless capability information of the terminal device, the base station needs to send request information to the terminal device to obtain the wireless capability information of the network device. Before that, if the AS security context has not been established, the base station establishes the AS security context with the terminal device according to the second request information. Therefore, the request information for acquiring the wireless capability information of the terminal device is provided when the AS security protection is provided. sent in the case.
  • the terminal device sends its wireless capability information to the base station.
  • the terminal device After receiving the request information for acquiring wireless capability information sent by the base station, the terminal device sends its wireless capability information to the base station. Specifically, for example, the terminal device sends a response message to the base station, where the response message carries its wireless capability information, and the response message is also protected by AS security.
  • the base station obtains the wireless capability information of the terminal device from the response message from the terminal device
  • the base station determines whether the terminal device has the IMS-VoPS capability according to the wireless capability information of the terminal device. It should be understood that the present application does not limit the manner in which the base station determines whether the terminal device has the IMS-VoPS capability.
  • the base station sends the judgment result to the network device.
  • the judgment result is similar to the judgment result in step S308 in the embodiment corresponding to FIG. 3 , for example, it may be the judgment result made by the base station in S409, or the judgment result of whether the network supports IMS-VoPS service, etc., which will not be repeated.
  • the network device can determine whether the terminal device can be provided with the IMS-VoPS service according to the judgment result.
  • the network device after determining that the terminal device supports AS security, the network device requests the base station to establish the AS security context, so that the base station sends the terminal device a message for acquiring wireless capability information when the AS security establishment is completed. Request information, so that the information exchanged between the base station and the terminal device can be protected by AS security, and the base station can successfully obtain the wireless capability information of the terminal device, so as to successfully determine whether the terminal side has the IMS-VoPS capability.
  • FIG. 5 shows a schematic flowchart of a wireless communication method 500 provided by an embodiment of the present application. As can be seen from Figure 5, the method 500 includes:
  • the UE sends a registration request message to the AMF.
  • the registration request message carries third indication information, where the third indication information is used to indicate that the UE does not support AS security.
  • the third indication information is stored locally for subsequent use in security verification.
  • the third indication information may not be sent through the registration request message.
  • the third indication information is an independent parameter, and the UE may send the parameter to the AMF separately through other messages, which is not limited in this application. .
  • the third indication information may be a part of UE security capability (UE security capability) information, where the UE security capability information is used to represent the security capability of the UE, including information such as security algorithms supported by the UE. Therefore, the third indication information can also be written into the UE security capability information and sent to the AMF.
  • UE security capability UE security capability
  • the third indication information may be other information that can be used to indicate the AS security capability of the UE.
  • the third indication information is indication information (CP only indication information) indicating that the UE only supports the control plane cellular IoT (control plane cellular IoT, CP CIoT) service, because the CP CIoT service does not require AS security, and therefore only supports the CP
  • the UE of the CIoT service can be understood as the UE does not support AS security.
  • the third indication information may be used to indicate the use of the CP CIoT service.
  • the third indication information may also carry a service identifier that does not require AS security.
  • the service identifier that does not require AS security indicates that the UE can use it without supporting AS security, so it can be understood that the UE does not support AS security.
  • the third indication information carries the emergency service identifier, because in the emergency service scenario, it is not necessary to enable the security mechanism of the UE, including the need to enable AS security.
  • the third indication information is used to indicate that the UE does not need to enable AS security or currently does not need to enable AS security, for example, in an emergency service scenario, the UE does not currently need to enable AS security.
  • the third indication information is used to indicate the emergency service, and the RAN may determine that the terminal device wishes to use the emergency service according to the third indication information.
  • the AMF After the AMF receives the registration request message sent by the UE, it performs authentication to the UE. It should be understood that the authentication here can be an initial authentication method of a network, such as a 5G network, or the authentication is to authenticate the UE based on an existing security context, which is not limited in this application;
  • NAS non-access stratum
  • the AMF sends a NAS security mode command message to the UE.
  • the AMF sends a NAS security mode command message to the UE.
  • the scenario in which the NAS SMC needs to be executed may be, for example: after the initial authentication, NAS security needs to be established; or the AMF key (AMF key) needs to be deduced, or the NAS SMC needs to be executed according to the local policy, this application This is not limited.
  • the NAS security mode command message is integrity-protected based on the NAS integrity protection key shared between the AMF and the UE. If an attacker tampers with this message, the UE will fail the verification.
  • the NAS security mode command message carries third indication information, so as to perform security verification on the message.
  • the third indication information is a part of the UE security capability information, that is, the NAS security mode command message already carries the UE security capability parameter, the third indication information does not need to be additionally sent again.
  • the UE sends a NAS security mode complete message to the AMF.
  • the UE After receiving the NAS security mode command message, the UE performs an integrity check on the NAS security mode command message, and if the verification is passed, the execution continues.
  • the UE may also send the third indication information to the AMF after the NAS security is established.
  • the third indication information may be sent in the protected NAS message after S503 or after S503.
  • the AMF determines that the UE does not support AS security.
  • the AMF receives third indication information, where the third indication information is used to indicate that the UE does not support AS security.
  • the AMF receives the registration request message sent by the UE, and obtains the third indication information carried in the registration request message.
  • the AMF determines that the UE does not need to enable AS security or currently does not need to enable AS security.
  • the AMF receives a registration request message sent by the UE, where the registration request message carries third indication information, where the third indication information is used to indicate that the UE does not need to enable AS security or that the UE does not currently need to enable AS security.
  • the AMF receives a registration request message sent by the UE, where the registration request is a registration request for an emergency service, or the registration request message carries indication information indicating an emergency service.
  • the registration request is a registration request for an emergency service
  • the registration request message carries indication information indicating an emergency service.
  • AS security does not need to be enabled
  • the AMF receives the MM capability information sent by the UE, and obtains the third indication information carried in the MM capability information.
  • the AMF sends a subscription data request to the unified data management UDM, receives the subscription information of the UE from the UDM, and obtains that the subscription information carries the third indication information.
  • the registration request message sent by the UE to the AMF usually carries the MM capability information. Therefore, when the AMF obtains the third indication information through the MM capability information or the subscription information of the UE, the confirmation of the AS security capability of the UE can be completed without changing the UE.
  • the AMF determines that the current UE does not support AS security according to the third indication information.
  • the AMF sends a UE capability matching request message to the RAN.
  • the AMF If the AMF needs to determine whether the network can provide the IMS-VoPS service for the UE, the AMF sends a UE capability matching request message to the RAN, and the UE capability matching request message is used to request the RAN to determine whether the UE has the IMS-VoPS capability.
  • the UE capability matching request message carries fourth indication information, where the fourth indication information is used to indicate that the UE does not support AS security or that the UE does not need to enable AS security or does not need to enable AS security at present; or indicates an emergency business, or CP CIoT business.
  • the fourth indication information may not be carried by the UE capability matching request message, that is, the AMF may send the fourth indication information through a separate message, which is not limited in this application.
  • fourth indication information and the third indication information may be the same or different, which is not limited in this application.
  • the UE capability matching request message carries an encrypted null algorithm and/or an integrity protection null algorithm
  • the RAN determines according to the encrypted null algorithm and/or the integrity protection null algorithm that the UE does not support AS security or that the UE (currently) does not.
  • AS security needs to be enabled or the UE only supports AS security based on null algorithm protection.
  • step S506 that is, before the AMF sends the UE capability matching request message to the RAN, the AMF calculates an integrity protection parameter, and the integrity protection parameter is used by the UE to verify whether the message sent by the network has been tampered with.
  • the integrity protection parameter is a message authentication code (message authentication code, MAC), and the AMF calculates MAC1 according to the fourth indication information and the first key, and the MAC1 is used for the UE to verify the fourth indication information sent by the network. Whether it is correct or not, the first key is the integrity protection key shared between the AMF and the UE.
  • the AMF sends the fourth indication information and MAC1 in the UE capability matching request message to the RAN.
  • the RAN sends a UE capability query message to the UE.
  • the RAN When the RAN cannot obtain the wireless capability information of the UE through the information stored by itself and the UE capability matching request message from the AMF, the RAN sends a UE capability query message to the UE according to the fourth indication information.
  • the AMF indicates to the RAN through the fourth indication information that the UE does not support AS security or that the current UE does not need to enable security or does not need to enable AS security or indicates emergency services, or CP CIoT services.
  • the RAN determines that it is not necessary to enable AS security according to the emergency service indication or the CP CIoT service indication.
  • the fourth indication information means that the security process of AS SMC does not need to be executed, or the execution of AS SMC will definitely fail, or only the AS security based on null algorithm protection is supported; therefore, in this case, the base station does not establish AS security (or AS security). If the security establishment fails, or in the case of AS null algorithm protection), the UE capability query message is directly sent to the UE to obtain the wireless capability information of the UE.
  • the UE capability query message carries fourth indication information and MAC1. It should be understood that the fourth indication information and MAC1 may also be sent separately through other messages, which is not limited in this application.
  • the RAN after the RAN receives the UE capability matching request message sent by the AMF, it can directly send the AS security context establishment request to the UE regardless of whether the UE supports AS security. If the RAN receives the AS SMC failure from the UE side The indication information, that is, the UE reports the failure of the AS security context establishment to the RAN, the RAN continues to send the UE capability query message to the UE to request to obtain the UE's wireless capability information, and the UE capability query message is not AS security protected. In the scenario where the UE does not support AS security or the current UE does not need to enable security or does not need to enable AS security, even if the AS SMC fails, the RAN can still obtain the radio capability information from the UE. At this time, the AMF may not need to send the fourth indication information to the RAN to indicate that the UE does not support AS security. This means that even if the AS SMC fails, the RAN can still obtain the UE's radio capability information from the UE.
  • the UE checks MAC1 and calculates MAC2.
  • the UE receives the UE capability query message sent by the RAN, and obtains the fourth indication information and MAC1 therefrom, and the UE verifies the correctness of the MAC1 according to the first key and the fourth indication information, and if the verification is correct, the execution continues. . Otherwise, a reject or failure message is sent to the RAN. Further, the UE calculates MAC2 according to the first key and the wireless capability information of the UE. Here MAC2 is used by AMF to check whether the radio capability information of the UE received from the RAN has been tampered with.
  • the UE sends the radio capability information of the UE to the RAN.
  • the UE sends a response message in response to the UE capability query message to the RAN, and the response message carries the radio capability information of the UE.
  • the response message also carries MAC2.
  • the UE does not support AS security, or the current UE does not need to enable security or does not need to enable AS security in scenarios (such as emergency service scenarios), even if AS security is not established or AS SMC fails, it receives a notification from the RAN that When the AS security protected UE capability query message, the UE still sends the UE's radio capability information to the RAN.
  • the RAN determines whether the UE has the IMS-VoPS capability.
  • the RAN performs the UE capability matching check according to the UE's radio capability information, and confirms the check result.
  • the UE capability matching check refers to the RAN judging whether the UE has the IMS-VoPS capability. It should be understood that the present application does not limit the specific calibration method.
  • the RAN sends a UE capability matching response message to the AMF.
  • the RAN receives the wireless capability information of the UE, and after judging whether the UE has the IMS-VoPS capability according to the wireless capability information of the UE, sends the judgment result to the AMF through the UE capability matching response message. Further, the RAN judges whether the RAN supports the IMS-VoPS service according to the RAN capability information, and sends the judgment result to the AMF through the UE capability matching response message.
  • the UE capability matching response message directly carries indication information, where the indication information is used to indicate whether the IMS-VoPS service is supported between the UE and the network.
  • the RAN sends a UE capability information indication message to the AMF, where the UE capability information indication message carries the wireless capability information of the UE, so that the AMF can store the wireless capability information of the UE, and when the above process needs to be performed subsequently, The AMF can directly send the UE's radio capability information to the RAN.
  • the UE radio capability information indication message also carries MAC2, where the MAC2 is used by the AMF to verify whether the received radio capability information of the UE has been tampered with.
  • the RAN may also carry the UE's radio capability information and MAC2 in the UE capability matching response message and send it to the AMF. This application does not limit this.
  • the AMF verifies the correctness of the MAC2 according to the first key and the wireless capability information of the UE. If the verification is correct, it is determined that the UE wireless capability information of the UE received by the AMF has not been tampered with, and then the UE's wireless capability information is saved, and the execution continues.
  • the AMF re-sends the UE capability matching request message to the RAN, and after re-receiving the UE capability matching request message, the RAN re-sends the UE capability query message to the UE to request the wireless capability information of the UE; or, The AMF sends indication information to the RAN to instruct the RAN to resend the UE capability query message; or, the AMF sends a reject message, an error message or a failure message to the UE to indicate that the UE radio capability information and the MAC2 check sent by the UE are incorrect.
  • the RAN may continue to send a rejection message, an error message or a failure message to the UE to indicate that the UE radio capability information and the MAC2 check sent by the UE are incorrect.
  • the UE receives the rejection message, the error message or the failure message, it can recalculate the MAC2, and retransmit the UE radio capability information and the MAC2 to the RAN.
  • the integrity protection parameter is used to verify the wireless capability information sent by the UE, so as to ensure that the wireless capability information sent by the UE has not been tampered with by the attacker, and prevent the attacker from executing the information targeting the wireless capability information.
  • Modified dimensionality reduction attack to ensure the security of communication.
  • the AMF sends a registration accept message to the UE.
  • the AMF determines the judgment result of the base station according to the UE capability matching response message.
  • the AMF will set the information used to indicate the IMS-VoPS capabilities in the network characteristic parameters, and accept the message through the registration
  • the network characteristic parameters in the are sent to the UE.
  • the wireless communication method of the embodiment of the present application indicates to the network device that the terminal device does not support AS security, so that the base station sends a message for acquiring the wireless capability to the terminal device without establishing the AS security (or the AS security establishment fails).
  • Information request information so that the base station can successfully obtain the wireless capability information of the terminal device even if the terminal device does not have AS security, and can successfully determine whether the terminal side has the IMS-VoPS capability.
  • FIG. 6 shows a schematic flowchart of a method 600 for wireless communication provided by an embodiment of the present application. As can be seen from Figure 6, the method 600 includes:
  • the UE sends a registration request message to the AMF.
  • the registration request message carries fifth indication information, where the fifth indication information is used to indicate that the UE supports AS security.
  • the related description of the fifth indication information is similar to the third indication information in the foregoing embodiment corresponding to FIG. 5 , and will not be repeated.
  • the fifth indication information may be other information that can be used to indicate whether the UE supports AS security.
  • the fifth indication information is used to indicate that the UE does not support the CP CIoT service (non-CP only indication information), but supports services other than the CP CIoT service. Because the CP CIoT service does not require AS security, when the fifth indication information indicates that the UE supports services other than the CP CIoT service, it can be understood that the UE supports AS security, that is, the AMF can determine that the UE supports AS security according to the fifth indication information.
  • the fifth indication information may also carry the identifier of the service requiring AS security, because the identifier of the service requiring AS security indicates that the UE needs to support AS security before it can be used, so it can be understood that the UE supports AS security.
  • the AMF determines that the UE supports AS security.
  • the AMF receives fifth indication information, where the fifth indication information is used to indicate that the UE supports AS security.
  • the AMF receives the registration request message sent by the UE, and obtains the fifth indication information carried in the registration request message.
  • the AMF receives the MM capability information sent by the UE, and obtains fifth indication information carried in the MM capability information.
  • the AMF sends a subscription data request to the UDM, receives the subscription information of the UE from the UDM, and obtains the fifth indication information carried in the subscription information.
  • the registration request message sent by the UE to the AMF usually carries the MM capability information. Therefore, when the AMF obtains the third indication information through the MM capability information or the subscription information of the UE, the confirmation of the AS security capability of the UE can be completed without changing the UE.
  • the AMF determines that the current UE supports AS security according to the fifth indication information.
  • the AMF determines that the UE supports AS security.
  • the fifth indication information may also be sent by the UE to the AMF after the NAS security mode completion message or the NAS security establishment.
  • the AMF sends the fifth indication information to the UE in the NAS security mode indication message, so that the UE can check whether the received fifth indication information is consistent with the fifth indication information sent in S601. If they are the same, send a NAS security mode complete message to the AMF; if not, send a reject or fail message to the AMF.
  • the AMF may determine by default that the UE supports AS security.
  • the AMF sends an initial context establishment request message to the RAN.
  • the AMF determines that the UE supports AS security and the AMF needs to determine whether the network can provide the IMS-VoPS service for the UE, it sends an initial context establishment request message to the RAN to request the RAN to establish an AS security context with the UE. .
  • the AMF obtains the second key K g NB through deduction, and the second key is used for the RAN to establish AS security.
  • the AMF carries the second key in the context establishment request message and sends it to the RAN.
  • the RAN uses the second key to establish the AS security context with the UE according to the context establishment request message sent by the AMF,
  • the AMF sends a UE capability matching request message to the RAN.
  • the AMF after receiving the initial context establishment response message from the RAN, the AMF sends the UE capability matching request message to the RAN.
  • the RAN sends a UE capability query message to the UE.
  • the RAN When the RAN cannot obtain the wireless capability information of the UE through the information stored by itself and the UE capability matching request message from the AMF, the RAN sends a UE capability query message to the UE. It should be noted that, before step S607, the RAN has established AS security with the UE, so the UE capability query message can be protected by the AS security.
  • the UE calculates MAC3.
  • the UE calculates the MAC3 according to the radio capability information of the UE, and the MAC3 is used by the AMF to check whether the radio capability information of the UE received from the RAN has been tampered with.
  • steps S609 to S614 are similar to steps S509 to S514 in the method 500, and details are not described herein again in this application.
  • the AMF may also execute S606 before executing S605.
  • the RAN executes S606, if the AS security has not been established at this time, firstly execute the step S604 to establish the AS security, and then execute the step S607.
  • the base station is requested to establish the AS security context, so that the base station sends a message for acquiring wireless capability information to the terminal device when the AS security establishment is completed.
  • Request information so that the information exchanged between the base station and the terminal device can be protected by AS security, so that the wireless capability information of the terminal device can be successfully obtained and whether the terminal side has the IMS-VoPS capability can be successfully judged.
  • FIG. 7 shows a schematic flowchart of a method 700 for wireless communication provided by an embodiment of the present application. As can be seen from Figure 7, the method 700 includes:
  • the UE sends a registration request message to the AMF.
  • the AMF sends a context establishment request message to the RAN.
  • the AMF If the AMF needs to determine whether the network can provide the IMS-VoPS service for the UE, the AMF directly sends a context establishment request message to the RAN to request the RAN to establish an AS security context with the UE. That is, when the AMF needs the RAN to determine whether the UE has the IMS-VoPS capability, the AMF directly requests the RAN to establish the AS security context without considering whether the UE supports AS security.
  • the AMF obtains the second key K g NB through deduction, and the second key is used for the RAN to establish AS security.
  • the AMF carries the second key in the context establishment request message and sends it to the RAN.
  • the RAN sends an AS security mode command message to the UE.
  • the RAN After receiving the context establishment request message sent by the AMF, the RAN sends the AS security mode command message to the UE to request the establishment of the AS security context.
  • the UE sends an AS security mode failure/success message to the RAN.
  • the UE When the AS security context establishment fails, the UE sends an AS security mode failure message to the RAN.
  • the UE When the AS security context is successfully established, the UE sends an AS security mode success message to the RAN.
  • the UE sends sixth indication information to the RAN, where the sixth indication information is used to indicate that the UE does not support/support AS security. It should be understood that the sixth indication information may be carried in the AS security mode failure/success message, or may be sent separately through other messages.
  • the UE calculates an integrity protection parameter and sends the integrity protection parameter to the RAN, where the integrity protection parameter is used by the AMF to verify whether the message sent from the UE side has been tampered with.
  • the integrity protection parameter is a message authentication code MAC
  • the UE calculates MAC4 according to the sixth indication information and a first key, where the first key is an integrity protection key shared between the AMF and the UE.
  • the UE sends the sixth indication information to the RAN together with MAC4, where the MAC4 can be used by the AMF to verify whether the sixth indication information has been tampered with.
  • the RAN sends a context establishment response message to the AMF.
  • the context establishment response message carries sixth indication information, where the sixth indication information is used to indicate that the UE does not support/support AS security.
  • the context establishment response message carries seventh indication information, where the seventh indication information is used to indicate that the UE does not support/support AS security, and the seventh indication information is different from the sixth indication information.
  • the RAN carries the MAC4 in the context establishment response message and sends it to the AMF.
  • the AMF determines that the UE does not support/support AS security.
  • the AMF determines that the UE does not support/support AS security according to the sixth indication information.
  • the AMF receives the MAC4 from the RAN, and the AMF verifies the correctness of the MAC4 according to the first key and the sixth indication information, and if the verification is correct, the execution continues. Otherwise, a reject or failure message is sent to the RAN.
  • steps S708 to S713 are similar to steps S506 to S514 in the method 500 . It should be noted that, step S506 in the method 500 needs to carry indication information indicating that the UE does not support AS security, but step S708 in the method 700 may not need to carry the indication information.
  • steps S708 to S713 are similar to steps S606 to S612 in the method 600 . For the sake of brevity, the present application will not repeat them here.
  • the indication that the UE supports AS security may not be sent, because if the AS security mode is successful, it means that the UE supports AS security.
  • FIG. 8 shows a schematic flowchart of a method 800 for wireless communication provided by an embodiment of the present application. As can be seen from Figure 8, the method 800 includes:
  • the UE sends a registration request message to the AMF.
  • the AMF sends a UE capability matching request message to the RAN.
  • the AMF If the AMF needs to determine whether the network can provide the IMS-VoPS service for the UE, the AMF sends a UE capability matching request message to the RAN, and the UE capability matching request message is used to request the RAN to determine whether the UE has the IMS-VoPS capability.
  • the UE capability matching request message carries a second key, and the second key is used for the RAN to establish AS security.
  • the UE capability matching request message carries context establishment request information, where the context establishment request information is used to request the RAN to establish the AS security context. It should be understood that the context establishment request information may also be sent in other messages.
  • the RAN sends an AS security mode command message to the UE.
  • the RAN After the RAN receives the UE capability matching request message sent by the AMF, it directly initiates the AS security establishment procedure according to the context establishment request information, that is, the RAN sends the AS security mode command message to the UE to request the establishment of the AS security context.
  • the UE sends an AS security mode failure/complete message to the RAN.
  • the UE When the AS security context establishment fails, the UE sends an AS security mode failure message to the RAN.
  • the UE When the AS security context is successfully established, the UE sends an AS security mode success message to the RAN.
  • the AS security mode failure/complete message carries eighth indication information, where the eighth indication information is used to indicate that the UE does not support/support AS security.
  • the RAN sends a UE capability query message to the UE.
  • the RAN After receiving the AS security mode failure/complete message, the RAN sends a UE capability query message to the UE according to the UE capability matching request message.
  • the RAN after receiving the UE capability matching request message carrying the context establishment request information, the RAN first establishes the AS security context with the UE according to the context establishment request message, and then establishes the AS security context with the UE according to the UE capability
  • the match request message sends a UE capability query message to the UE to request radio capability information of the UE.
  • steps S708 to S713 are similar to steps S507 to S514 in the method 500 .
  • steps S709 to S713 are similar to steps S606 to S612 in the method 600 .
  • the present application will not repeat them here.
  • the AS security context is established by default, and the AS security context is established by default when determining the AS security.
  • the UE capability query message is sent again, which avoids the failure of the judgment process and reduces the waste of signaling.
  • FIG. 9 shows a schematic flowchart of a wireless communication method 900 provided by an embodiment of the present application. As can be seen from Figure 9, the method 900 includes:
  • the UE sends a registration request message to the AMF.
  • the AMF After the AMF receives the registration request message sent by the UE, it performs authentication to the UE. It should be understood that the authentication here can be an initial authentication method of a network, such as a 5G network, or the authentication is to authenticate the UE based on an existing security context, which is not limited in this application;
  • NAS non-access stratum
  • the AMF sends a NAS security mode command message to the UE.
  • the AMF sends a NAS security mode command message to the UE.
  • the scenario in which the NAS SMC needs to be executed may be, for example: after the initial authentication, the NAS security needs to be established; or the AMF key is deduced, or the NAS SMC needs to be executed according to the local policy, which is not limited in this application.
  • the NAS security mode command message is integrity-protected based on the NAS integrity protection key shared between the AMF and the UE. If an attacker tampers with this message, the UE will fail the verification.
  • the UE sends a NAS security mode complete message to the AMF.
  • the UE After receiving the NAS security mode command message, the UE performs an integrity check on the NAS security mode command message. If the verification is passed, it sends a NAS security mode completion message to the AMF.
  • the NAS security mode completion message carries the wireless capability information of the UE. .
  • the wireless capability information of the UE may also be sent through other messages, which is not limited in this application.
  • the RAN sends the RAN capability information to the AMF, where the RAN capability information can be used to indicate whether the RAN has the IMS-VoPS capability.
  • the RAN after receiving the registration request message, the RAN sends the RAN capability information to the AMF; or, the RAN sends the RAN capability information to the AMF according to the request message sent by the AMF.
  • This application does not limit the sending timing and sending manner of the RAN sending the RAN capability information. It is also possible that the AMF is configured with RAN capability information, in which case step S904 is not required.
  • the AMF determines whether the UE and the network support the IMS-VoPS service.
  • the AMF judges whether the UE has the IMS-VoPS capability according to the wireless capability information of the UE, and judges whether the RAN has the IMS-VoPS capability according to the RAN capability information.
  • the AMF determines that the IMS-VoPS service is supported between the UE and the network, otherwise the AMF determines that the IMS-VoPS service is not supported between the UE and the network.
  • the AMF sends a registration reception message to the UE.
  • the AMF when the AMF determines that the IMS-VoPS service is supported between the UE and the network, the AMF will set the information used to indicate the IMS-VoPS capability in the network characteristic parameter, and send it to the network characteristic parameter in the registration accept message. UE.
  • the AMF is used to determine whether the UE and the network support the IMS-VoPS service, which avoids the problem of the failure of the determination process caused by the failure of the AS security to be established.
  • FIG. 10 shows a schematic flowchart of a wireless communication method 1000 provided by an embodiment of the present application. As can be seen from Figure 10, the method 1000 includes:
  • the UE sends a registration request message to the AMF, where the registration request message carries ninth indication information, and the ninth indication information is used to indicate services that do not require AS security such as emergency registration or CP CIoT services.
  • the AMF determines according to the ninth indication information that this is an emergency registration scenario or a CP CIoT, etc., and the security of the UE does not need to be turned on, or it can be understood that the AS security of the UE does not need to be turned on. Then the AMF sends a UE capability matching request message to the RAN, where the UE capability matching request message carries the tenth indication information.
  • the tenth indication information is used to indicate emergency registration or CP CIoT, or the security of the UE does not need to be turned on, or the AS security of the UE does not need to be turned on.
  • the tenth indication information may also be an encryption null algorithm and/or an integrity protection null algorithm.
  • the tenth indication information may also be sent separately in other messages, which is not limited in this application.
  • the AMF After receiving the registration request sent by the UE, the AMF sends the UE capability matching request message to the RAN, so that the RAN determines whether the UE and the network have the IMS-VoPS capability.
  • the AMF If the AMF stores the radio capability information of the UE in advance, the AMF will carry the radio capability information of the UE in the UE capability matching request message.
  • the RAN does not receive the wireless capability information of the UE from the AMF, and the wireless capability information of the UE is not stored locally, and the RAN determines according to the tenth indication information that this is an emergency registration scenario or CP CIoT, etc., the UE does not need to be turned on. It can be understood that it is not necessary to enable the AS security of the UE, or it can be understood that the empty encryption null algorithm and/or the integrity protection null algorithm means that the UE does not support AS security or does not need to establish AS security, then in S1030, The RAN directly sends a UE capability query message to the UE to request to obtain the wireless capability information of the UE when the AS security is not established or the AS SMC fails.
  • steps S1040 to S1080 are similar to steps S240 to S280 in the method 200 .
  • steps S1040 to S1080 are similar to steps S240 to S280 in the method 200 .
  • the present application will not repeat them here.
  • the method for judging whether the UE supports AS security may also be applicable to other scenarios where it is necessary to identify whether the terminal device supports AS security or other scenarios that need to be determined according to whether the UE supports AS security or whether the UE supports AS security. Whether it is necessary to enable AS to pass parameters.
  • the base station can correctly activate/deactivate AS security only if it knows whether the UE supports AS security.
  • the above method can be implemented by the method for determining whether the UE supports AS security provided by the embodiments of the present application. This application does not limit other similar application scenarios.
  • the AMF may not send the indication information that the UE does not support AS security or that the current service of the UE does not support AS, but may send the encryption null algorithm and/or the integrity protection null algorithm to the RAN.
  • the RAN When the RAN receives the encryption null algorithm and/or the integrity protection null algorithm from the AMF, it determines that the UE does not support AS security, or the UE's current service does not support AS security, or the UE only supports the AS security based on null algorithm protection, the RAN can In the case that the AS security is not established or the AS SMC fails or the AS protection algorithm is a null algorithm, the UE capability query message is directly sent to the UE to request to obtain the wireless capability information of the UE. Other steps remain unchanged.
  • the AMF receives the registration message sent by the UE, and determines that the UE wishes to use emergency services, or that the CP CIoT service does not require AS security establishment, or only requires AS security protected by a null algorithm. Then the AMF may not send the indication that the UE does not support AS security, or that the current service of the UE does not support the AS, but may send an indication of the emergency service or the CP CIoT service to the RAN.
  • the RAN When the RAN receives the emergency service or CP CIoT service and other indications from the AMF, it determines that the UE may not need to establish AS security, or if the current service of the UE does not require AS security, or the UE only supports the AS security based on null algorithm protection, the RAN can In the case that the AS security is not established or the AS SMC fails or the AS protection algorithm is a null algorithm, a UE capability query message is directly sent to the UE to request to obtain the wireless capability information of the UE. Other steps remain unchanged.
  • FIG. 11 is a schematic block diagram of a communication apparatus provided by an embodiment of the present application.
  • the communication device 10 may include a transceiver module 11 and a processing module 12 .
  • the communication apparatus 10 may correspond to the network equipment or AMF in the above method embodiments.
  • the communication apparatus 10 may correspond to a network device or an AMF in the methods 200 to 1000 according to the embodiments of the present application, and the communication apparatus 10 may include a method for executing the method 200 in FIG. 2 or the method in FIG. 3 .
  • Method 300 or method 400 in FIG. 4 or method 500 in FIG. 5 or method 600 in FIG. 6 or method 700 in FIG. 7 or method 800 in FIG. 8 or method 900 in FIG. 9 or method in FIG. 10 A module of a method performed by a network device or AMF in 1000.
  • each unit in the communication device 10 and the above-mentioned other operations and/or functions are respectively to implement the corresponding processes of the method 200 to the method 1000 .
  • the transceiver module 11 in the communication device 10 executes the receiving and sending operations performed by network devices such as AMF in the above method embodiments, and the processing module 12 executes operations other than the receiving and sending operations.
  • FIG. 12 is a schematic block diagram of a communication apparatus provided by an embodiment of the present application.
  • the communication device 20 may include a transceiver module 21 and a processing module 22 .
  • the communication apparatus 20 in FIG. 12 may correspond to the base station or the RAN in the methods 200 to 1000 according to the embodiments of the present application, and the communication apparatus 20 may include a method for performing the method 200 in FIG. 2 or the method in FIG. 3 .
  • Modules of a method performed by a base station or RAN in method 1000 are respectively to implement the corresponding processes of the method 200 to the method 1000 .
  • the transceiver module 21 in the communication device 20 performs the receiving and sending operations performed by network equipment such as a base station or a RAN in the above method embodiments, and the processing module 22 performs operations other than the receiving and sending operations. .
  • FIG. 13 is a schematic diagram of a communication apparatus 30 provided by an embodiment of the application.
  • the apparatus 30 may be a network device, including a network element with an access management function, such as an AMF.
  • the apparatus 30 may include a processor 31 (ie, an example of a processing module) and a memory 32 .
  • the memory 32 is used for storing instructions
  • the processor 31 is used for executing the instructions stored in the memory 32, so that the apparatus 30 implements the steps performed in the methods corresponding to FIG. 2 to FIG. 10 .
  • the device 30 may further include an input port 34 (ie, an example of a transceiver module) and an output port 34 (ie, another example of a transceiver module).
  • the processor 31, the memory 32, the input port 33 and the output port 34 can communicate with each other through an internal connection path to transmit control and/or data signals.
  • the memory 42 is used to store a computer program, and the processor 31 can be used to call and run the computer program from the memory 32 to control the input port 43 to receive signals, control the output port 34 to send signals, and complete the network device in the above method. step.
  • the memory 32 may be integrated in the processor 31 or may be provided separately from the processor 31 .
  • the input port 33 is a receiver
  • the output port 34 is a transmitter.
  • the receiver and the transmitter may be the same or different physical entities. When they are the same physical entity, they can be collectively referred to as transceivers.
  • the input port 33 is an input interface
  • the output port 34 is an output interface
  • the functions of the input port 33 and the output port 34 can be considered to be implemented by a transceiver circuit or a dedicated chip for transceiver.
  • the processor 31 can be considered to be implemented by a dedicated processing chip, a processing circuit, a processor or a general-purpose chip.
  • a general-purpose computer may be used to implement the communication device provided by the embodiments of the present application.
  • the program codes that will implement the functions of the processor 31 , the input port 33 and the output port 34 are stored in the memory 32 , and the general-purpose processor implements the functions of the processor 31 , the input port 33 and the output port 34 by executing the codes in the memory 32 .
  • the modules or units in the communication apparatus 30 may be used to perform actions or processing procedures performed by the SL carrier management device (ie, the base station) in the above method.
  • FIG. 14 is a schematic diagram of a communication apparatus 40 provided by an embodiment of the present application.
  • the communication apparatus 40 may be a network device or an access and mobility management network element or the like.
  • the apparatus 40 may include a processor 41 (which may also be understood as an example of a processing module), and may also include a memory 42 .
  • the memory 42 is used for storing instructions, and the processor 41 is used for executing the instructions stored in the memory 42, so that the apparatus 40 implements the steps performed by the communication apparatus in the methods corresponding to FIG. 2 to FIG. 10 .
  • the structure of the device 40 is similar to that of the aforementioned device 30 , and details are not repeated here.
  • FIG. 15 shows a simplified schematic diagram of the structure of a network device.
  • the network equipment includes 51 parts and 52 parts.
  • Part 51 is mainly used for transceiver of radio frequency signal and conversion of radio frequency signal and baseband signal; part 52 is mainly used for baseband processing and control of network equipment.
  • the 51 part can generally be referred to as a transceiver module, a transceiver, a transceiver circuit, or a transceiver.
  • Part 52 is usually the control center of the network device, which may be generally referred to as a processing module, and is used to control the network device to perform the processing operations on the network device side in the foregoing method embodiments.
  • the transceiver module of part 51 which may also be called a transceiver or a transceiver, etc., includes an antenna and a radio frequency circuit, wherein the radio frequency circuit is mainly used for radio frequency processing.
  • the device used for realizing the receiving function in part 51 can be regarded as a receiving module
  • the device used for realizing the sending function can be regarded as a sending module, that is, part 51 includes a receiving module and a sending module.
  • the receiving module may also be called a receiver, a receiver, or a receiving circuit, and the like
  • the sending module may be called a transmitter, a transmitter, or a transmitting circuit, and the like.
  • Section 52 may include one or more single boards, each of which may include one or more processors and one or more memories.
  • the processor is used to read and execute programs in the memory to implement baseband processing functions and control network devices. If there are multiple boards, each board can be interconnected to enhance the processing capability.
  • one or more processors may be shared by multiple boards, or one or more memories may be shared by multiple boards, or one or more processors may be shared by multiple boards at the same time. device.
  • part 51 of the transceiver module is used to perform the steps related to the transmission and reception of the network device or base station in FIG. 2 to FIG. 10 ; part 52 is used to perform the processing of the network device or base station in FIG. 2 to FIG. 10 . related steps.
  • FIG. 15 is only an example and not a limitation, and the above-mentioned network device including the transceiver module and the processing module may not depend on the structure shown in FIG. 15 .
  • the chip When the device 50 is a chip, the chip includes a transceiver module and a processing module.
  • the transceiver module may be an input/output circuit or a communication interface;
  • the processing module is a processor, a microprocessor or an integrated circuit integrated on the chip.
  • Embodiments of the present application further provide a computer-readable storage medium, on which computer instructions for implementing the method executed by the first network device in the foregoing method embodiments are stored.
  • the computer program when executed by a computer, the computer can implement the method executed by the network device in the above method embodiments.
  • Embodiments of the present application further provide a computer program product including instructions, which, when executed by a computer, cause the computer to implement the method executed by the first device or the method executed by the second device in the above method embodiments.
  • An embodiment of the present application further provides a communication system, where the communication system includes the network device in the above embodiment.
  • the network device may include a hardware layer, an operating system layer running on the hardware layer, and an application layer running on the operating system layer.
  • the hardware layer may include hardware such as a central processing unit (CPU), a memory management unit (MMU), and memory (also called main memory).
  • the operating system of the operating system layer may be any one or more computer operating systems that implement business processing through processes, such as a Linux operating system, a Unix operating system, an Android operating system, an iOS operating system, or a Windows operating system.
  • the application layer may include applications such as browsers, address books, word processing software, and instant messaging software.
  • the embodiments of the present application do not specifically limit the specific structure of the execution body of the methods provided by the embodiments of the present application, as long as the program in which the codes of the methods provided by the embodiments of the present application are recorded can be executed to execute the methods according to the embodiments of the present application.
  • the execution body of the method provided by the embodiment of the present application may be a network device, or a functional module in the network device that can call a program and execute the program.
  • Computer readable media may include, but are not limited to, magnetic storage devices (eg, hard disks, floppy disks, or magnetic tapes, etc.), optical disks (eg, compact discs (CDs), digital versatile discs (DVDs), etc. ), smart cards and flash memory devices (eg, erasable programmable read-only memory (EPROM), cards, stick or key drives, etc.).
  • magnetic storage devices eg, hard disks, floppy disks, or magnetic tapes, etc.
  • optical disks eg, compact discs (CDs), digital versatile discs (DVDs), etc.
  • smart cards and flash memory devices eg, erasable programmable read-only memory (EPROM), cards, stick or key drives, etc.
  • Various storage media described herein may represent one or more devices and/or other machine-readable media for storing information.
  • the term "machine-readable medium” may include, but is not limited to, wireless channels and various other media capable of storing, containing, and/or carrying instructions and/or data.
  • processors mentioned in the embodiments of the present application may be a central processing unit (central processing unit, CPU), and may also be other general-purpose processors, digital signal processors (digital signal processors, DSP), application-specific integrated circuits ( application specific integrated circuit, ASIC), off-the-shelf programmable gate array (field programmable gate array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • a general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
  • the memory mentioned in the embodiments of the present application may be volatile memory or non-volatile memory, or may include both volatile and non-volatile memory.
  • the non-volatile memory may be read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically programmable Erase programmable read-only memory (electrically EPROM, EEPROM) or flash memory.
  • Volatile memory may be random access memory (RAM).
  • RAM can be used as an external cache.
  • RAM may include the following forms: static random access memory (SRAM), dynamic random access memory (DRAM), synchronous dynamic random access memory (SDRAM) , double data rate synchronous dynamic random access memory (double data rate SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (enhanced SDRAM, ESDRAM), synchronous link dynamic random access memory (synchlink DRAM, SLDRAM) and Direct memory bus random access memory (direct rambus RAM, DR RAM).
  • SRAM static random access memory
  • DRAM dynamic random access memory
  • SDRAM synchronous dynamic random access memory
  • SDRAM double data rate synchronous dynamic random access memory
  • ESDRAM enhanced synchronous dynamic random access memory
  • SLDRAM synchronous link dynamic random access memory
  • Direct memory bus random access memory direct rambus RAM, DR RAM
  • the processor is a general-purpose processor, DSP, ASIC, FPGA or other programmable logic devices, discrete gate or transistor logic devices, or discrete hardware components
  • the memory storage module
  • memory described herein is intended to include, but not be limited to, these and any other suitable types of memory.
  • the disclosed apparatus and method may be implemented in other manners.
  • the apparatus embodiments described above are only illustrative.
  • the division of the units is only a logical function division. In actual implementation, there may be other division methods.
  • multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not implemented.
  • the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, which may be in electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to implement the solution provided in this application.
  • each functional unit in each embodiment of the present application may be integrated into one unit, or each unit may exist physically alone, or two or more units may be integrated into one unit.
  • the computer may be implemented in whole or in part by software, hardware, firmware or any combination thereof.
  • software it can be implemented in whole or in part in the form of a computer program product.
  • the computer program product includes one or more computer instructions.
  • the computer may be a general purpose computer, special purpose computer, computer network, or other programmable device.
  • the computer may be a personal computer, a server, or a network device or the like.
  • the computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be downloaded from a website site, computer, server, or data center Transmission to another website site, computer, server, or data center is by wire (eg, coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (eg, infrared, wireless, microwave, etc.).
  • the computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that includes an integration of one or more available media.
  • the available media may be magnetic media (eg, floppy disks, hard disks, magnetic tapes), optical media (eg, DVDs), or semiconductor media (eg, solid state disks (SSDs)), etc.
  • the medium may include but is not limited to: U disk, removable hard disk, read-only memory (ROM), random access memory (RAM), magnetic disk or optical disk and other media that can store program codes .

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present application provides a wireless communication method and apparatus. The method comprises: a network device determines whether the terminal device supports access stratum (AS) security; and when the terminal device does not support the AS security, the network device sends first instruction information and first request information to a base station, the first instruction information being used for instructing the terminal device not to support the AS security, and the first request information being used for requesting the base station to determine, according to the wireless capability, whether the terminal device has IMS-VoPS capability. By allowing the base station to directly initiate a UE capability matching procedure when the UE does not support the AS security, when the UE supports the AS security, it is determined that the UE capability matching procedure is initiated after the AS security has been established, thereby avoiding the problem of failure of the UE capability matching process caused by no establishment of the AS security.

Description

无线通信的方法和装置Method and apparatus for wireless communication 技术领域technical field
本申请涉及通信领域,更加具体地,涉及一种无线通信的方法和装置。The present application relates to the field of communication, and more particularly, to a method and apparatus for wireless communication.
背景技术Background technique
用户设备(user equipment,UE)在互联网协议(internet protocol,IP)多媒体子系统(IP multimedia subsystem,IMS)中具备在PS域的语音连续性(voice over PS,VoPS)的能力,可以将该能力简称为IMS-VoPS能力。IMS-VoPS能力代表该UE在不同网络切换时,在不同网络的PS域可以保持IMS-VoPS业务的连续性。该不同网络可以是4G、5G等网络。User equipment (UE) has the capability of voice continuity (voice over PS, VoPS) in the PS domain in the internet protocol (IP) multimedia subsystem (IP multimedia subsystem, IMS). It is referred to as IMS-VoPS capability for short. The IMS-VoPS capability means that the UE can maintain the continuity of the IMS-VoPS service in the PS domains of the different networks when it switches between different networks. The different networks may be 4G, 5G, etc. networks.
网络需要通过无线接入网络(radio access network,RAN)判断UE及网络是否均具备IMS-VoPS能力,在UE及网络均具备IMS-VoPS能力的情况下,该网络可以为该UE提供IMS-VoPS业务。具体来讲,接入和移动管理功能(access and mobility management function,AMF)网元接收到UE发送的注册请求消息之后,可以通过向RAN发送UE能力匹配请求,使得RAN判断UE及网络是否均具备IMS-VoPS能力。如果AMF有该UE的无线能力(UE radio capability)信息,则该AMF会在该UE能力匹配请求中携带该UE的无线能力信息。RAN根据该UE的无线能力信息判断该UE是否具备IMS-VoPS能力。The network needs to determine whether the UE and the network have the IMS-VoPS capability through the radio access network (RAN). If both the UE and the network have the IMS-VoPS capability, the network can provide the UE with IMS-VoPS. business. Specifically, after the access and mobility management function (AMF) network element receives the registration request message sent by the UE, it can send the UE capability matching request to the RAN, so that the RAN can determine whether both the UE and the network have IMS-VoPS capability. If the AMF has the radio capability (UE radio capability) information of the UE, the AMF will carry the radio capability information of the UE in the UE capability matching request. The RAN determines whether the UE has the IMS-VoPS capability according to the radio capability information of the UE.
当RAN没有获得该UE的无线能力信息时,RAN需要向该UE请求该UE的无线能力信息。但RAN在有些情况下不能从UE成功获取该UE的无线能力信息,导致RAN无法判断UE侧是否具备IMS-VoPS能力,从而导致在该UE具备IMS-VoPS能力的情况下,网络也无法为该UE提供IMS-VoPS业务。When the RAN does not obtain the radio capability information of the UE, the RAN needs to request the UE for the radio capability information of the UE. However, in some cases, the RAN cannot successfully obtain the wireless capability information of the UE from the UE, so that the RAN cannot determine whether the UE has the IMS-VoPS capability. The UE provides IMS-VoPS services.
因此,如何使得RAN能够成功判断UE侧是否具备IMS-VoPS能力,从而使得AMF能够确定是否可以为该UE提供IMS-VoPS业务,是当前亟待解决的问题。Therefore, how to enable the RAN to successfully determine whether the UE side has the IMS-VoPS capability, so that the AMF can determine whether the UE can provide the IMS-VoPS service, is an urgent problem to be solved at present.
发明内容SUMMARY OF THE INVENTION
本申请实施例的无线通信方法,使得RAN能够成功判断UE侧是否具备IMS-VoPS能力。The wireless communication method in the embodiment of the present application enables the RAN to successfully determine whether the UE side has the IMS-VoPS capability.
第一方面,提供了一种无线通信的方法,该方法包括:网络设备从终端设备接收第一消息;所述网络设备确定所述终端设备是否支持接入层(access stratum,AS)安全;在所述终端设备不支持所述AS安全的情形下,所述网络设备向基站发送第一指示信息和第一请求信息,所述第一指示信息用于指示所述终端设备不支持所述AS安全,所述第一请求信息用于请求所述基站根据所述终端设备的无线能力判断所述终端设备是否具备IMS-VoPS能力。In a first aspect, a method for wireless communication is provided, the method comprising: a network device receiving a first message from a terminal device; the network device determining whether the terminal device supports access stratum (access stratum, AS) security; When the terminal device does not support the AS security, the network device sends first indication information and first request information to the base station, where the first indication information is used to indicate that the terminal device does not support the AS security , the first request information is used to request the base station to determine whether the terminal device has the IMS-VoPS capability according to the wireless capability of the terminal device.
本申请实施例的无线通信方法,通过向基站指示终端设备不支持AS安全,使得基站在不建立AS安全(或者AS安全建立失败,或者AS空算法保护)的情况下,向该终端 设备发送用于获取无线能力信息的请求信息,该请求信息未进行AS安全保护,从而使得基站在终端设备不具备AS安全的情况下,仍然可以成功获取该终端设备的无线能力信息,从而可以成功判断终端侧是否具备IMS-VoPS能力。The wireless communication method of the embodiment of the present application indicates to the base station that the terminal device does not support AS security, so that the base station sends a message to the terminal device when the AS security is not established (or the AS security establishment fails, or the AS null algorithm protection). As for the request information for acquiring wireless capability information, the request information is not protected by AS security, so that the base station can still successfully acquire the wireless capability information of the terminal device even if the terminal device does not have AS security, so that it can successfully determine the terminal side Whether it has IMS-VoPS capability.
可选地,第一指示信息和第一请求信息可以在一个消息里下发,也可以在不同消息里下发。第一请求信息可以承载在能力匹配请求消息中,占用一个或多个字段。第一指示信息,可以承载在能力匹配请求消息中,也可以承载在其他消息中。Optionally, the first indication information and the first request information may be delivered in one message, or may be delivered in different messages. The first request information may be carried in the capability matching request message, occupying one or more fields. The first indication information may be carried in the capability matching request message, or may be carried in other messages.
前述方案是在所述终端设备不支持所述AS安全的情形下的处理。网络设备也可以是确定终端设备是否需要开启AS安全或者当前是否需要开启AS安全。当网络设备确定终端设备不需要开启AS安全或者当前不需要开启AS安全,例如在紧急业务场景,终端设备当前不需要开启AS安全,网络设备向基站发送第一指示信息,该第一指示信息用于指示该终端设备不需要开启AS安全或者当前不需要开启AS安全。或者在紧急业务场景中,该第一指示信息用于指示紧急业务。The foregoing solution is a process in the case that the terminal device does not support the AS security. The network device may also determine whether the terminal device needs to enable AS security or whether it is currently required to enable AS security. When the network device determines that the terminal device does not need to enable AS security or currently does not need to enable AS security, for example, in an emergency service scenario, the terminal device does not need to enable AS security currently, the network device sends first indication information to the base station, and the first indication information is used To indicate that the terminal device does not need to enable AS security or currently does not need to enable AS security. Or in an emergency service scenario, the first indication information is used to indicate an emergency service.
可选地,当网络设备确定终端设备不支持AS安全,网络设备向基站发送加密空算法和/或完整性保护空算法。Optionally, when the network device determines that the terminal device does not support AS security, the network device sends the encryption null algorithm and/or the integrity protection null algorithm to the base station.
结合第一方面,在第一方面的某些实现方式中,该方法还包括:在所述终端设备支持所述AS安全的情形下,所述网络设备向所述基站发送第二请求信息,所述第二请求信息用于请求所述基站建立AS安全上下文;在接收到来自所述基站响应于所述第二请求信息的响应信息之后,所述网络设备向所述基站发送所述第一请求信息。With reference to the first aspect, in some implementations of the first aspect, the method further includes: in the case that the terminal device supports the AS security, the network device sends second request information to the base station, and the The second request information is used to request the base station to establish an AS security context; after receiving the response information from the base station in response to the second request information, the network device sends the first request to the base station information.
本申请实施例的无线通信方法,在确定了终端设备支持AS安全之后,请求基站建立AS安全上下文,使得基站在AS安全建立完成的情况下,向终端设备发送用于获取无线能力信息的请求信息,从而使得基站与终端设备之间交互的信息可以得到AS安全保护,从而可以成功获取终端设备的无线能力信息并成功判断终端侧是否具备IMS-VoPS能力。In the wireless communication method of the embodiment of the present application, after it is determined that the terminal device supports AS security, the base station is requested to establish the AS security context, so that the base station sends request information for acquiring wireless capability information to the terminal device when the AS security establishment is completed. , so that the information exchanged between the base station and the terminal device can be protected by AS security, so that the wireless capability information of the terminal device can be successfully obtained and whether the terminal side has the IMS-VoPS capability can be successfully judged.
结合第一方面,在第一方面的某些实现方式中,所述网络设备确定所述终端设备是否支持建立接入层AS安全,包括:所述网络设备接收第二指示信息,所述第二指示信息用于确定所述终端设备是否支持所述AS安全。With reference to the first aspect, in some implementations of the first aspect, the network device determining whether the terminal device supports establishing access layer AS security includes: the network device receiving second indication information, the second The indication information is used to determine whether the terminal device supports the AS security.
结合第一方面,在第一方面的某些实现方式中,所述接收第二指示信息,包括:所述网络设备接收来自所述终端设备的移动性管理MM能力信息,所述移动性管理能力信息中携带所述第二指示信息;或者所述网络设备接收来自统一数据管理(unified data manager,UDM)的订阅信息,所述订阅信息中携带所述第二指示信息。With reference to the first aspect, in some implementations of the first aspect, the receiving the second indication information includes: the network device receiving mobility management MM capability information from the terminal device, the mobility management capability The information carries the second indication information; or the network device receives subscription information from a unified data manager (UDM), where the subscription information carries the second indication information.
可选地,该第二指示信息携带紧急业务标识,此时该第二指示信息用于指示所述终端设备不支持AS安全或者不需要开启AS安全。所述紧急业务标识用于指示不需要开启终端设备的安全机制(包括AS安全)的紧急业务场景。Optionally, the second indication information carries an emergency service identifier, and at this time, the second indication information is used to indicate that the terminal device does not support AS security or does not need to enable AS security. The emergency service identifier is used to indicate an emergency service scenario that does not need to enable the security mechanism (including AS security) of the terminal device.
可选地,基站根据终端设备的无线能力信息判断该终端设备是否具备IMS-VoPS能力。然后基站将判断结果发送给网络设备,网络设备可以根据判断结果确定会否可以为终端设备提供IMS-VoPS业务。Optionally, the base station determines whether the terminal device has the IMS-VoPS capability according to the wireless capability information of the terminal device. Then the base station sends the judgment result to the network device, and the network device can determine whether it can provide the IMS-VoPS service for the terminal device according to the judgment result.
结合第一方面,在第一方面的某些实现方式中,所述网络设备向基站发送第一指示信息和第一请求信息之后,所述方法还包括:所述网络设备接收来自所述基站的终端设备的无线能力信息和完整性保护参数,所述完整性保护参数用于验证所述终端设备的无线能力信息是否被篡改;所述网络设备根据第一密钥和所述完整性保护参数验证所述终端无线能 力信息是否被篡改,所述第一密钥为所述网络设备和所述终端设备之间的共享密钥;在所述终端无线能力信息被篡改的情形下,可选地,网络设备重新向基站发送能力匹配请求消息,基站重新接收到该终端设备的能力匹配请求消息之后,重新向终端设备发送能力查询消息以请求终端设备的无线能力信息;或者,网络设备向基站发送指示基站重新发送终端设备的能力查询消息的指示信息;或者,网络设备发送拒绝消息、错误消息或者失败消息给UE,用于指示UE发送的终端设备的无线能力信息和完整性保护参数校验不正确;进一步地,基站可以继续发送拒绝消息、错误消息或者失败消息给终端设备,用于指示终端设备发送的终端设备的无线能力信息和完整性保护参数校验不正确。终端设备接收到拒绝消息、错误消息或者失败消息时,可以重新计算完整性保护参数,并重新发送终端设备的无线能力信息和完整性保护参数至基站。With reference to the first aspect, in some implementations of the first aspect, after the network device sends the first indication information and the first request information to the base station, the method further includes: the network device receives a message from the base station wireless capability information and integrity protection parameters of the terminal device, the integrity protection parameters are used to verify whether the wireless capability information of the terminal device has been tampered with; the network device verifies according to the first key and the integrity protection parameters Whether the terminal wireless capability information has been tampered with, the first key is a shared key between the network device and the terminal device; in the case that the terminal wireless capability information has been tampered with, optionally, The network device re-sends the capability matching request message to the base station, and after re-receiving the capability matching request message of the terminal device, the base station re-sends the capability query message to the terminal device to request the wireless capability information of the terminal device; or, the network device sends an indication to the base station The base station resends the indication information of the capability query message of the terminal device; or, the network device sends a rejection message, an error message or a failure message to the UE to indicate that the radio capability information and integrity protection parameters of the terminal device sent by the UE are incorrectly checked ; Further, the base station may continue to send a rejection message, an error message or a failure message to the terminal device, which is used to indicate that the radio capability information and integrity protection parameters of the terminal device sent by the terminal device are incorrectly checked. When the terminal device receives a rejection message, an error message or a failure message, it can recalculate the integrity protection parameters, and re-send the radio capability information and integrity protection parameters of the terminal device to the base station.
因此,本申请实施例提供的无线通信方法,通过完整性保护参数对终端设备发送的无线能力信息进行验证,从而可以确保终端设备发送的无线能力信息没有被攻击者篡改,防止攻击者执行针对无线能力信息修改的降维攻击,从而保证通信的安全性。Therefore, the wireless communication method provided by the embodiments of the present application verifies the wireless capability information sent by the terminal device through the integrity protection parameter, so as to ensure that the wireless capability information sent by the terminal device has not been tampered with by the attacker, and prevent the attacker from executing the wireless capability information sent by the terminal device. The dimensionality reduction attack of capability information modification, thereby ensuring the security of communication.
第二方面,提供了一种无线通信的方法,该方法包括:提供了一种无线通信的方法,该方法包括:网络设备从终端设备接收第一消息;所述网络设备确定所述终端设备是否支持AS安全或者是否需要开启所述AS安全;在所述终端设备不支持所述AS安全或者不需要开启AS安全的情形下,所述网络设备向基站发送第一指示信息和第一请求信息,所述第一指示信息用于指示所述终端设备不支持所述AS安全,所述第一请求信息用于请求所述基站根据所述终端设备的无线能力判断所述终端设备是否具备IMS-VoPS能力。In a second aspect, a method for wireless communication is provided, the method comprising: providing a method for wireless communication, the method comprising: a network device receiving a first message from a terminal device; the network device determining whether the terminal device is Support AS security or whether to enable the AS security; in the case that the terminal device does not support the AS security or does not need to enable the AS security, the network device sends the first indication information and the first request information to the base station, The first indication information is used to indicate that the terminal device does not support the AS security, and the first request information is used to request the base station to determine whether the terminal device has IMS-VoPS according to the wireless capability of the terminal device ability.
结合第二方面,在第二方面的某些实现方式中,该方法还包括:在所述终端设备支持所述AS安全或者需要开启所述AS安全的情形下,所述网络设备向所述基站发送第二请求信息,所述第二请求信息用于请求所述基站建立AS安全上下文;在接收到来自所述基站响应于所述第二请求信息的响应信息之后,所述网络设备向所述基站发送所述第一请求信息。第三方面,提供了一种无线通信的方法,该方法包括:网络设备从终端设备接收第一消息;所述网络设备确定所述终端设备是否支持接入层AS安全;在所述终端设备支持所述AS安全的情形下,所述网络设备向所述基站发送第二请求信息,所述第二请求信息用于请求所述基站建立AS安全上下文;在接收到来自所述基站响应于所述第二请求信息的响应信息之后,所述网络设备向所述基站发送所述第一请求信息。With reference to the second aspect, in some implementation manners of the second aspect, the method further includes: in the case that the terminal device supports the AS security or needs to enable the AS security, the network device sends a message to the base station sending second request information, where the second request information is used to request the base station to establish an AS security context; after receiving the response information from the base station in response to the second request information, the network device sends the The base station sends the first request information. In a third aspect, a method for wireless communication is provided, the method comprising: receiving a first message from a terminal device by a network device; determining, by the network device, whether the terminal device supports access layer AS security; When the AS is secure, the network device sends second request information to the base station, where the second request information is used to request the base station to establish an AS security context; after receiving a response from the base station to the After the response information for the second request information, the network device sends the first request information to the base station.
可选地,所述网络设备在接收来自基站的第二请求信息的响应消息之后,所述网络设备向基站发送所述第一请求信息;或者,所述网络设备在发送了第二请求信息之后,即发送所述第一请求信息。Optionally, after the network device receives a response message for the second request information from the base station, the network device sends the first request information to the base station; or, after the network device sends the second request information , that is, the first request information is sent.
本申请实施例的无线通信方法,在确定了终端设备支持AS安全之后,请求基站建立AS安全上下文,使得基站在AS安全建立完成的情况下,向终端设备发送用于获取无线能力信息的请求信息,从而使得基站与终端设备之间交互的信息可以得到AS安全保护,从而可以成功获取终端设备的无线能力信息并成功判断终端侧是否具备IMS-VoPS能力。In the wireless communication method of the embodiment of the present application, after it is determined that the terminal device supports AS security, the base station is requested to establish the AS security context, so that the base station sends request information for acquiring wireless capability information to the terminal device when the AS security establishment is completed. , so that the information exchanged between the base station and the terminal device can be protected by AS security, so that the wireless capability information of the terminal device can be successfully obtained and whether the terminal side has the IMS-VoPS capability can be successfully judged.
结合第三方面,在第三方面的某些实现方式中,所述接入和移动管理网元确定用户设备UE是否支持建立接入层AS安全,包括:所述接入和移动管理网元接收第二指示信息,所述第二指示信息用于确定所述UE是否支持所述AS安全。With reference to the third aspect, in some implementations of the third aspect, the access and mobility management network element determines whether the user equipment UE supports establishing access stratum AS security, including: the access and mobility management network element receives second indication information, where the second indication information is used to determine whether the UE supports the AS security.
结合第三方面,在第三方面的某些实现方式中,所述接收第二指示信息,包括:所述 网络设备接收来自所述终端设备的移动性管理MM能力信息,所述移动性管理能力信息中携带所述第二指示信息;或者所述网络设备接收来自统一数据管理UDM的UE订阅信息,所述终端设备订阅信息中携带所述第二指示信息。With reference to the third aspect, in some implementation manners of the third aspect, the receiving the second indication information includes: the network device receiving mobility management MM capability information from the terminal device, the mobility management capability The information carries the second indication information; or the network device receives UE subscription information from the unified data management UDM, and the terminal device subscription information carries the second indication information.
结合第三方面,在第三方面的某些实现方式中,所述网络设备向基站发送第一指示信息和第一请求信息之后,所述方法还包括:所述网络设备接收来自所述基站的UE无线能力信息和完整性保护参数,所述UE无线能力信息用于所述网络设备保存所述UE无线能力信息,所述完整性保护参数用于验证所述UE无线能力信息是否被篡改;所述接入和移动管理网元根据第一密钥和所述完整性保护参数验证所述UE无线能力信息是否被篡改;在所述UE无线能力信息被篡改的情形下,所述网络设备向所述基站发送拒绝消息,或者向所述基站再次发送所述第一请求信息。With reference to the third aspect, in some implementation manners of the third aspect, after the network device sends the first indication information and the first request information to the base station, the method further includes: the network device receives the information from the base station UE radio capability information and integrity protection parameters, the UE radio capability information is used by the network device to save the UE radio capability information, and the integrity protection parameter is used to verify whether the UE radio capability information has been tampered with; The access and mobility management network element verifies whether the UE wireless capability information has been tampered with according to the first key and the integrity protection parameter; in the case that the UE wireless capability information has been tampered with, the network device sends the information to the The base station sends a rejection message, or sends the first request information to the base station again.
第四方面,提供了一种无线通信的方法,该方法包括:基站接收来自网络设备的第一指示信息和第一请求信息,所述第一指示信息用于指示以下中的至少一项:第一终端设备不支持所述AS安全、第一终端设备不需要开启所述AS安全、第一终端设备当前不需要开启所述AS安全、第一终端设备请求紧急业务,所述第一请求信息用于请求所述基站根据所述第一终端设备的无线能力判断所述第一终端设备是否具备IMS-VoPS能力;所述基站在收到所述第一请求信息后,所述基站如果不能通过所述基站保存的信息和所述第一请求信息携带的信息获取到所述第一终端设备的无线能力信息,则根据所述第一指示信息向所述第一终端设备发送用于获取所述第一终端设备的无线能力信息的请求信息,所述请求信息未进行AS安全保护;所述基站从来自所述第一终端设备的响应信息中获取所述第一终端设备无线能力信息;所述基站根据所述第一终端设备的无线能力信息判断所述第一终端设备是否具备IMS-VoPS能力,并将判断结果反馈给所述网络设备。网络设备可以根据判断结果确定会否可以为终端设备提供IMS-VoPS业务。In a fourth aspect, a method for wireless communication is provided, the method comprising: a base station receiving first indication information and first request information from a network device, where the first indication information is used to indicate at least one of the following: a first A terminal device does not support the AS security, the first terminal device does not need to enable the AS security, the first terminal device does not currently need to enable the AS security, and the first terminal device requests an emergency service, the first request information is used for requesting the base station to determine whether the first terminal device has the IMS-VoPS capability according to the wireless capability of the first terminal device; after the base station receives the first request information, if the base station cannot pass the If the wireless capability information of the first terminal device is obtained from the information stored in the base station and the information carried in the first request information, a message for obtaining the first terminal device is sent to the first terminal device according to the first indication information. Request information for wireless capability information of a terminal device, the request information is not protected by AS security; the base station obtains the wireless capability information of the first terminal device from the response information from the first terminal device; the base station Determine whether the first terminal device has the IMS-VoPS capability according to the wireless capability information of the first terminal device, and feed back the determination result to the network device. The network device can determine whether it can provide the IMS-VoPS service for the terminal device according to the judgment result.
可选地,基站根据终端设备的无线能力信息判断该终端设备是否具备IMS-VoPS能力,并将判断结果发送给网络设备。Optionally, the base station determines whether the terminal device has the IMS-VoPS capability according to the wireless capability information of the terminal device, and sends the determination result to the network device.
结合第四方面,在第四方面的某些实现方式中,所述方法还包括:所述基站接收来自所述网络设备的第二请求信息,所述第二请求信息用于请求所述基站建立与第二终端设备的AS安全上下文,所述第二终端设备支持所述AS安全;所述基站建立与所述第二终端设备之间的AS安全,以及向所述网络设备发送响应消息。With reference to the fourth aspect, in some implementations of the fourth aspect, the method further includes: the base station receiving second request information from the network device, where the second request information is used to request the base station to establish an AS security context with a second terminal device that supports the AS security; the base station establishes the AS security with the second terminal device, and sends a response message to the network device.
结合第四方面,在第四方面的某些实现方式中,在所述基站建立所述AS安全之后,所述方法还包括:所述基站接收来自所述网络设备的第三请求信息,所述第三请求信息用于请求所述RAN根据所述第二终端设备的无线能力判断所述第二终端设备是否具备IMS-VoPS能力;所述基站在收到所述第一请求信息后,所述基站如果不能通过所述基站保存的信息和所述第一请求信息携带的信息获取到所述第二终端设备的无线能力信息,则向所述第二终端设备发送用于获取所述第二终端设备的无线能力信息的请求信息,所述请求信息已进行AS安全保护;所述基站从来自所述第二终端设备的响应信息中获取所述第二终端设备的无线能力信息;所述基站根据所述第二终端设备的无线能力信息判断所述第二终端设备是否具备IMS-VoPS能力,并将判断结果反馈给所述网络设备。With reference to the fourth aspect, in some implementations of the fourth aspect, after the base station establishes the AS security, the method further includes: the base station receiving third request information from the network device, the The third request information is used to request the RAN to determine whether the second terminal device has the IMS-VoPS capability according to the wireless capability of the second terminal device; after the base station receives the first request information, the If the base station cannot obtain the wireless capability information of the second terminal device through the information saved by the base station and the information carried in the first request information, it sends a message for obtaining the second terminal device to the second terminal device. Request information for the wireless capability information of the device, the request information has been protected by AS security; the base station obtains the wireless capability information of the second terminal device from the response information from the second terminal device; the base station according to The wireless capability information of the second terminal device determines whether the second terminal device has the IMS-VoPS capability, and feeds back the determination result to the network device.
结合第四方面,在第四方面的某些实现方式中,所述方法还包括:所述基站接收来自所述第一终端设备的所述终端设备的无线能力信息和完整性保护参数;所述基站将所述第 一终端设备的无线能力信息和完整性保护参数发送给所述网络设备,所述完整性保护参数用于验证所述第一终端设备的无线能力信息是否被篡改;所述基站从所述网络设备接收用于指示所述第一终端设备的无线能力信息被篡改的拒绝消息,或再次接收所述第一请求信息。With reference to the fourth aspect, in some implementations of the fourth aspect, the method further includes: receiving, by the base station, radio capability information and integrity protection parameters of the terminal device from the first terminal device; the The base station sends the wireless capability information and integrity protection parameters of the first terminal device to the network device, and the integrity protection parameters are used to verify whether the wireless capability information of the first terminal device has been tampered with; the base station A rejection message indicating that the wireless capability information of the first terminal device has been tampered with is received from the network device, or the first request information is received again.
第五方面,提供了一种无线通信的方法,该方法包括:终端设备确定是否支持建立接入层AS安全;所述终端设备发送第三指示信息,所述第三指示信息用于指示所述终端设备是否支持建立所述AS安全。In a fifth aspect, a method for wireless communication is provided, the method includes: a terminal device determines whether to support establishing access stratum AS security; the terminal device sends third indication information, where the third indication information is used to indicate the Whether the terminal device supports establishing the AS security.
结合第五方面,在第五方面的某些实现方式中,所述终端设备发送第三指示信息,包括:所述终端设备向接入和移动管理网元发送所述第三指示信息;或者所述终端设备向无线接入网络基站发送所述第三指示信息。With reference to the fifth aspect, in some implementations of the fifth aspect, sending the third indication information by the terminal device includes: the terminal device sending the third indication information to the access and mobility management network element; or The terminal device sends the third indication information to the radio access network base station.
应理解,该第三指示信息还可以不通过注册请求消息发送,例如,该第三指示信息为一个独立的参数,该UE可以将该参数通过其他消息单独发送给AMF,本申请对此不作限定。It should be understood that the third indication information may not be sent through the registration request message. For example, the third indication information is an independent parameter, and the UE may send the parameter to the AMF separately through other messages, which is not limited in this application. .
还应理解,该第三指示信息可以是UE安全能力(UE security capability)信息的一部分,这里UE安全能力信息用来表示UE的安全能力,其中包括UE支持的安全算法等信息。因此也可以将第三指示信息写入UE安全能力信息,并发送给AMF。It should also be understood that the third indication information may be a part of UE security capability (UE security capability) information, where the UE security capability information is used to represent the security capability of the UE, including information such as security algorithms supported by the UE. Therefore, the third indication information can also be written into the UE security capability information and sent to the AMF.
可选地,第三指示信息可以是其他能够用来指示UE的AS安全能力的信息。例如,该第一指示信息为指示UE仅支持控制平面蜂窝物联网(control plane cellular IoT,CP CIoT)业务的指示信息(CP only指示信息),因为CP CIoT业务不需要AS安全,因此仅支持CP CIoT业务的UE可以理解为该UE不支持AS安全。Optionally, the third indication information may be other information that can be used to indicate the AS security capability of the UE. For example, the first indication information is the indication information (CP only indication information) indicating that the UE only supports the control plane cellular IoT (control plane cellular IoT, CP CIoT) service, because the CP CIoT service does not require AS security, and therefore only supports the CP The UE of the CIoT service can be understood as the UE does not support AS security.
可选地,第三指示信息还可能携带或可能是不需要AS安全的业务标识,此不需要AS安全的业务标识表示UE不需要支持AS安全也能使用,因此可以理解为UE不支持AS安全。Optionally, the third indication information may also carry or may be a service identifier that does not require AS security. This service identifier that does not require AS security indicates that the UE can use it without supporting AS security, so it can be understood that the UE does not support AS security. .
结合第五方面,在第五方面的某些实现方式中,所述方法还包括:所述终端设备接收来自所述基站的第三请求消息,所述第三请求消息用于请求获取终端设备的无线能力信息,所述终端设备的无线能力信息用于判断所述终端设备是否支持IMS语音业务;所述终端设备向所述基站发送终端设备的无线能力信息和完整性保护参数,所述完整性保护参数用于验证所述终端设备的无线能力信息是否被篡改。With reference to the fifth aspect, in some implementations of the fifth aspect, the method further includes: receiving, by the terminal device, a third request message from the base station, where the third request message is used to request to obtain the information of the terminal device. Radio capability information, the radio capability information of the terminal device is used to determine whether the terminal device supports IMS voice services; the terminal device sends the radio capability information and integrity protection parameters of the terminal device to the base station, the integrity The protection parameter is used to verify whether the wireless capability information of the terminal device has been tampered with.
结合第五方面,在第五方面的某些实现方式中,所述方法还包括:所述终端设备根据第一密钥和所述终端设备的无线能力信息计算所述完整性保护参数,所述第一密钥为所述UE和所述接入和移动管理网元之间的共享密钥。With reference to the fifth aspect, in some implementations of the fifth aspect, the method further includes: the terminal device calculates the integrity protection parameter according to the first key and the wireless capability information of the terminal device, and the The first key is a shared key between the UE and the access and mobility management network element.
第六方面,提供了一种无线通信的方法,该方法包括:网络设备接收终端设备的无线能力信息;所述网络设备接收基站的能力信息;所述网络设备根据所述终端设备的无线能力信息和所述基站的能力信息判断所述终端设备和基站之间是否支持IMS语音业务。In a sixth aspect, a wireless communication method is provided, the method comprising: a network device receiving wireless capability information of a terminal device; the network device receiving the capability information of a base station; the network device receiving the wireless capability information of the terminal device according to the network device and the capability information of the base station to determine whether the IMS voice service is supported between the terminal device and the base station.
结合第六方面,在第六方面的某些实现方式中,所述网络设备接收终端设备的无线能力信息,包括:所述网络设备接收来自终端设备的无线能力信息;或者所述网络设备接收来自所述基站的所述终端设备的无线能力信息。With reference to the sixth aspect, in some implementation manners of the sixth aspect, the network device receiving the wireless capability information of the terminal device includes: the network device receiving the wireless capability information from the terminal device; or the network device receiving the wireless capability information from the terminal device; Radio capability information of the terminal device of the base station.
结合第六方面,在第六方面的某些实现方式中,所述网络设备接收终端设备的无线能力信息,包括:接收来自所述终端设备的非接入层NAS安全模式完成消息,所述安全模 式完成消息包括所述终端设备的无线能力信息,所述NAS安全模式完成消息用于指示NAS安全建立完成。With reference to the sixth aspect, in some implementations of the sixth aspect, the network device receiving the wireless capability information of the terminal device includes: receiving a non-access stratum NAS security mode completion message from the terminal device, the security The mode completion message includes wireless capability information of the terminal device, and the NAS security mode completion message is used to indicate that the NAS security establishment is completed.
结合第六方面,在第六方面的某些实现方式中,所述终端设备的无线能力信息包括第一业务特性参数,所述第一业务特性参数能够用于判断所述UE是否支持所述IMS语音业务;所述基站的能力信息包括第二业务特性参数,所述第二业务特性参数能够用于判断所述RAN是否支持所述IMS语音业务。With reference to the sixth aspect, in some implementations of the sixth aspect, the wireless capability information of the terminal device includes a first service characteristic parameter, and the first service characteristic parameter can be used to determine whether the UE supports the IMS Voice service; the capability information of the base station includes a second service characteristic parameter, and the second service characteristic parameter can be used to judge whether the RAN supports the IMS voice service.
第七方面,提供了一种无线通信的装置,该装置包括:收发模块,用于从终端设备接收第一消息;处理模块,用于确定所述终端设备是否支持接入层AS安全;在所述终端设备不支持所述AS安全的情形下,所述收发模块还用于向基站发送第一指示信息和第一请求信息,所述第一指示信息用于指示所述终端设备不支持所述AS安全,所述第一请求信息用于请求所述基站根据所述终端设备的无线能力判断所述终端设备是否具备IMS-VoPS能力。In a seventh aspect, an apparatus for wireless communication is provided, the apparatus comprising: a transceiver module for receiving a first message from a terminal device; a processing module for determining whether the terminal device supports access layer AS security; In the case that the terminal device does not support the AS security, the transceiver module is further configured to send first indication information and first request information to the base station, where the first indication information is used to indicate that the terminal device does not support the AS security, the first request information is used to request the base station to determine whether the terminal device has the IMS-VoPS capability according to the wireless capability of the terminal device.
该收发模块可以执行前述第一方面至第三方面、第五方面中的接收和发送的处理,处理模块可以执行前述第一方面至第三方面、第五方面中除了接收和发送之外的其他处理。The transceiver module can perform the processing of receiving and sending in the aforementioned first to third aspects and the fifth aspect, and the processing module can perform the processing of receiving and sending in the aforementioned first aspect to the third aspect and the fifth aspect. deal with.
第八方面,提供了一种无线通信的装置,该装置包括:收发模块,用于收来自网络设备的第一指示信息和第一请求信息,所述第一指示信息用于指示第一终端设备不支持所述AS安全,所述第一请求信息用于请求所述基站根据所述第一终端设备的无线能力判断所述第一终端设备是否具备IMS-VoPS能力;所述收发模块,还用于在收到所述第一请求信息后,如果不能通过保存的信息和所述第一请求信息携带的信息获取到所述第一终端设备的无线能力信息,则根据所述第一指示信息向所述第一终端设备发送用于获取所述第一终端设备的无线能力信息的请求信息,所述请求信息未进行AS安全保护;处理模块,用于从来自所述第一终端设备的响应信息中获取所述第一终端设备无线能力信息;所述处理模块,还用于根据所述第一终端设备的无线能力信息判断所述第一终端设备是否具备IMS-VoPS能力;所述收发模块,还用于将判断结果反馈给所述网络设备。In an eighth aspect, an apparatus for wireless communication is provided, the apparatus includes: a transceiver module for receiving first indication information and first request information from a network device, where the first indication information is used to indicate a first terminal device The AS security is not supported, and the first request information is used to request the base station to determine whether the first terminal device has the IMS-VoPS capability according to the wireless capability of the first terminal device; the transceiver module also uses After receiving the first request information, if the wireless capability information of the first terminal device cannot be obtained through the stored information and the information carried in the first request information, the wireless capability information of the first terminal device will be sent to the terminal according to the first indication information. The first terminal device sends request information for acquiring wireless capability information of the first terminal device, and the request information is not protected by AS security; the processing module is configured to obtain the response information from the first terminal device from the response information Obtain the wireless capability information of the first terminal device in It is also used for feeding back the judgment result to the network device.
该收发模块可以执行前述第四方面中的接收和发送的处理,处理模块可以执行前述第三方面中除了接收和发送之外的其他处理。The transceiver module may perform the processing of receiving and transmitting in the foregoing fourth aspect, and the processing module may perform other processing except for receiving and transmitting in the foregoing third aspect.
第九方面,提供了一种通信装置,该装置包括:处理器,用于执行存储器中存储的计算机程序,以使得该通信装置执行第一方面至第六方面中的任一种可能的实现方式。In a ninth aspect, a communication device is provided, the device comprising: a processor configured to execute a computer program stored in a memory, so that the communication device executes any one of the possible implementations of the first to sixth aspects .
第十方面,提供了一种计算机可读存储介质,该计算机可读存储介质上存储有计算机程序,当该计算机程序在计算机上运行时,使得该计算机执行第一方面至第六方面中的任一种可能的实现方式。In a tenth aspect, a computer-readable storage medium is provided, a computer program is stored on the computer-readable storage medium, and when the computer program runs on a computer, the computer is made to execute any one of the first to sixth aspects. one possible implementation.
第十一方面,提供了一种芯片系统,该芯片系统包括:处理器,用于从存储器中调用并运行计算机程序,使得安装有该芯片系统地通信设备执行第一方面至第六方面中的任一种可能的实现方式。In an eleventh aspect, a chip system is provided, the chip system includes: a processor for calling and running a computer program from a memory, so that a communication device on which the chip system is installed executes the first to sixth aspects any possible implementation.
本申请提供的无线通信的方法,首先确定终端设备是否支持AS安全。当终端设备不支持AS安全的情况下,通过向网络设备指示终端设备不支持AS安全,使得基站在不建立AS安全(或者AS安全建立失败,或者AS空算法保护的情况下)的情况下,向终端设备发送用于获取无线能力信息的请求信息,从而使得基站在终端设备不支持AS安全的情况下,仍然可以成功获取终端设备的无线能力信息,从而可以成功判断终端侧是否具备 IMS-VoPS能力。当终端设备支持AS安全的情况下,请求基站建立AS安全上下文,使得基站在AS安全上下文建立完成的情况下,向终端设备发送用于获取无线能力信息的请求信息,从而使得基站与终端设备之间交互的信息可以得到AS安全保护,从而可以成功获取终端设备的无线能力信息,并成功判断终端侧是否具备IMS-VoPS能力。In the wireless communication method provided by the present application, firstly, it is determined whether the terminal device supports AS security. When the terminal device does not support AS security, by indicating to the network device that the terminal device does not support AS security, so that the base station does not establish AS security (or the AS security establishment fails, or the AS null algorithm protection case), Send the request information for obtaining wireless capability information to the terminal device, so that the base station can still successfully obtain the wireless capability information of the terminal device even if the terminal device does not support AS security, so as to successfully determine whether the terminal side has IMS-VoPS ability. When the terminal device supports AS security, request the base station to establish the AS security context, so that the base station sends the request information for acquiring the wireless capability information to the terminal device when the AS security context is established, so that the base station and the terminal device can communicate with each other. The information exchanged between the two devices can be protected by the AS security, so that the wireless capability information of the terminal device can be successfully obtained, and whether the terminal side has the IMS-VoPS capability can be successfully judged.
附图说明Description of drawings
图1是适用于本申请实施例提供的方法的网络架构的示意图。FIG. 1 is a schematic diagram of a network architecture suitable for the method provided by the embodiment of the present application.
图2是网络侧判断UE是否具备IMS-VoPS能力的一种示意性流程图。FIG. 2 is a schematic flow chart of the network side judging whether the UE has the IMS-VoPS capability.
图3是本申请一个实施例提供的一种通信方法的示意性流程图。FIG. 3 is a schematic flowchart of a communication method provided by an embodiment of the present application.
图4是本申请另一个实施例提供的一种通信方法的示意性流程图。FIG. 4 is a schematic flowchart of a communication method provided by another embodiment of the present application.
图5是本申请又一个实施例提供的一种通信方法的示意性流程图。FIG. 5 is a schematic flowchart of a communication method provided by another embodiment of the present application.
图6是本申请又一个实施例提供的一种通信方法的示意性流程图。FIG. 6 is a schematic flowchart of a communication method provided by another embodiment of the present application.
图7是本申请又一个实施例提供的一种通信方法的示意性流程图。FIG. 7 is a schematic flowchart of a communication method provided by another embodiment of the present application.
图8是本申请又一个实施例提供的一种通信方法的示意性流程图。FIG. 8 is a schematic flowchart of a communication method provided by another embodiment of the present application.
图9是本申请又一个实施例提供的一种通信方法的示意性流程图。FIG. 9 is a schematic flowchart of a communication method provided by another embodiment of the present application.
图10是本申请又一个实施例提供的一种通信方法的示意性流程图。FIG. 10 is a schematic flowchart of a communication method provided by another embodiment of the present application.
图11是本申请的网络设备的一例的示意性框图。FIG. 11 is a schematic block diagram of an example of a network device of the present application.
图12是本申请的基站的一例的示意性框图。FIG. 12 is a schematic block diagram of an example of a base station of the present application.
图13是本申请的通信装置的一例的示意性框图。FIG. 13 is a schematic block diagram of an example of the communication device of the present application.
图14是本申请的通信装置的再一例的示意性框图。FIG. 14 is a schematic block diagram of still another example of the communication device of the present application.
图15是本申请的通信装置的示意性结构图。FIG. 15 is a schematic structural diagram of the communication device of the present application.
具体实施方式Detailed ways
下面将结合附图,对本申请中的技术方案进行描述。The technical solutions in the present application will be described below with reference to the accompanying drawings.
本申请提供的技术方案可以应用于各种通信系统,例如:长期演进(long term evolution,LTE)系统、LTE频分双工(frequency division duplex,FDD)系统、LTE时分双工(time division duplex,TDD)、通用移动通信系统(universal mobile telecommunication system,UMTS)、全球互联微波接入(worldwide interoperability for microwave access,WiMAX)通信系统、第五代(5th generation,5G)系统或新无线(new radio,NR)等。The technical solutions provided in this application can be applied to various communication systems, such as: long term evolution (LTE) system, LTE frequency division duplex (FDD) system, LTE time division duplex (time division duplex, TDD), universal mobile telecommunication system (UMTS), worldwide interoperability for microwave access (WiMAX) communication system, fifth generation (5th generation, 5G) system or new radio (new radio, NR) etc.
本申请所涉及的网元主要包括终端设备、接入网设备和移动管理网元。其中,接入网设备与终端设备之间通过无线空口连接,能够管理无线资源,为终端设备提供接入服务,进而完成控制信号和用户面数据在终端设备和核心网之间的转发。移动管理网元与接入网设备通过有线或者无线的方式连接,主要用于移动性管理和接入管理等。The network elements involved in this application mainly include terminal equipment, access network equipment and mobility management network elements. Among them, the access network equipment and the terminal equipment are connected through a wireless air interface, which can manage wireless resources, provide access services for the terminal equipment, and then complete the forwarding of control signals and user plane data between the terminal equipment and the core network. The mobility management network element is connected to the access network equipment in a wired or wireless manner, and is mainly used for mobility management and access management.
终端设备可以是用户设备(user equipment,UE)、接入终端、用户单元、用户站、移动站、移动台、远方站、远程终端、移动设备、用户终端、终端、无线通信设备、用户代理或用户装置。本申请的实施例中的终端设备还可以是手机(mobile phone)、平板电脑(pad)、带无线收发功能的电脑、虚拟现实(virtual reality,VR)终端设备、增强现实(augmented reality,AR)终端设备、工业控制(industrial control)中的无线终端、无人驾驶(self driving)中的无线终端、远程医疗(remote medical)中的无线终端、智能电 网(smart grid)中的无线终端、运输安全(transportation safety)中的无线终端、智慧城市(smart city)中的无线终端、智慧家庭(smart home)中的无线终端等。A terminal device may be a user equipment (UE), access terminal, subscriber unit, subscriber station, mobile station, mobile station, remote station, remote terminal, mobile device, user terminal, terminal, wireless communication device, user agent or user device. The terminal device in the embodiment of the present application may also be a mobile phone (mobile phone), a tablet computer (pad), a computer with a wireless transceiver function, a virtual reality (virtual reality, VR) terminal device, an augmented reality (augmented reality, AR) Terminal equipment, wireless terminals in industrial control, wireless terminals in self driving, wireless terminals in remote medical, wireless terminals in smart grid, transportation security Wireless terminals in (transportation safety), wireless terminals in smart cities, wireless terminals in smart homes, etc.
接入网设备可以是演进型节点B(evolved Node B,eNB)、无线网络控制器(radio network controller,RNC)、节点B(Node B,NB)、基站控制器(base station controller,BSC)、基站收发台(base transceiver station,BTS)、家庭基站(home evolved NodeB,或home Node B,HNB)、基带单元(baseBand unit,BBU),无线保真(wireless fidelity,WIFI)系统中的接入点(access point,AP)、无线中继节点、无线回传节点、传输点(transmission point,TP)或者发送接收点(transmission and reception point,TRP)等。接入网设备还可以为5G,如NR,系统中的gNB,或,传输点(TRP或TP),5G系统中的基站的一个或一组(包括多个天线面板)天线面板,或者,还可以为构成gNB或传输点的网络节点,如基带单元(BBU),或,分布式单元(distributed unit,DU)等。The access network equipment may be an evolved Node B (evolved Node B, eNB), a radio network controller (radio network controller, RNC), a Node B (Node B, NB), a base station controller (base station controller, BSC), Base transceiver station (base transceiver station, BTS), home base station (home evolved NodeB, or home Node B, HNB), baseband unit (baseBand unit, BBU), wireless fidelity (wireless fidelity, WIFI) access point in the system (access point, AP), wireless relay node, wireless backhaul node, transmission point (transmission point, TP) or transmission and reception point (transmission and reception point, TRP), etc. The access network equipment can also be 5G, such as NR, gNB in the system, or, transmission point (TRP or TP), one or a group (including multiple antenna panels) antenna panels of the base station in the 5G system, or, also It can be a network node that constitutes a gNB or a transmission point, such as a baseband unit (BBU), or a distributed unit (distributed unit, DU), etc.
移动管理网元可以是移动性管理实体(mobility management entity,MME)、具有MME功能的网元、接入和移动管理功能(access and mobility management function,AMF)网元、具有AMF功能的网元、非3GPP互通功能(Non-3GPP interworking function,N3IWF)或服务GPRS支持节点(Serving GPRS Support Node,SGSN)等。The mobility management network element may be a mobility management entity (mobility management entity, MME), a network element with MME function, an access and mobility management function (access and mobility management function, AMF) network element, a network element with AMF function, Non-3GPP interworking function (Non-3GPP interworking function, N3IWF) or serving GPRS support node (Serving GPRS Support Node, SGSN), etc.
不同的网络系统中,网元命名可能有所不同。下文以5G网络中对网元的命名为例,来对本申请进行说明。In different network systems, the names of network elements may be different. The following describes this application by taking the naming of network elements in a 5G network as an example.
首先,结合图1所示的5G网络架构示意图,对5G网络系统中涉及的主要网元进行简要说明。First, the main network elements involved in the 5G network system are briefly described in conjunction with the schematic diagram of the 5G network architecture shown in FIG. 1 .
1、用户设备(user equipment,UE)101:可以包括各种具有无线通信功能的手持设备、车载设备、可穿戴设备、计算设备或连接到无线调制解调器的其它处理设备,以及各种形式的终端,移动台(mobile station,MS),终端(terminal),软终端等等。例如,水表、电表、传感器等。1. User equipment (UE) 101: may include various handheld devices with wireless communication functions, vehicle-mounted devices, wearable devices, computing devices or other processing devices connected to wireless modems, as well as various forms of terminals, Mobile station (mobile station, MS), terminal (terminal), soft terminal, etc. For example, water meters, electricity meters, sensors, etc.
2、无线接入网络(radio access network,RAN)网元102:在下文中简称为RAN,对应接入网设备。2. Radio access network (radio access network, RAN) network element 102: hereinafter referred to as RAN, corresponding to access network equipment.
用于为特定区域的授权用户设备提供入网功能,并能够根据用户设备的级别,业务的需求等使用不同质量的传输隧道。It is used to provide network access functions for authorized user equipment in a specific area, and can use different quality transmission tunnels according to the level of user equipment and service requirements.
RAN网元能够管理无线资源,为用户设备提供接入服务,进而完成控制信号和用户设备数据在用户设备和核心网之间的转发,RAN网元也可以理解为传统网络中的基站。举例来说,RAN可以是NB,eNB,gNB,ng-eNB,或者其他任何接入网设备。The RAN network element can manage radio resources, provide access services for user equipment, and then complete the forwarding of control signals and user equipment data between the user equipment and the core network. The RAN network element can also be understood as a base station in a traditional network. For example, RAN can be NB, eNB, gNB, ng-eNB, or any other access network device.
3、用户面功能(user plane function,UPF)103:用于分组路由和转发以及用户面数据的服务质量(quality of service,QoS)处理等。3. User plane function (UPF) 103: used for packet routing and forwarding and quality of service (quality of service, QoS) processing of user plane data, and the like.
在5G通信系统中,该用户面网元可以是用户面功能(user plane function,UPF)网元。在未来通信系统中,用户面网元仍可以是UPF网元,或者,还可以有其它的名称,本申请不做限定。In a 5G communication system, the user plane network element may be a user plane function (UPF) network element. In the future communication system, the user plane network element may still be the UPF network element, or may have other names, which are not limited in this application.
4、数据网络(data network,DN)104:用于提供传输数据的网络。4. Data network (DN) 104: a network for providing data transmission.
在5G通信系统中,该数据网络网元可以是数据网络网元。在未来通信系统中,数据网络网元仍可以是DN网元,或者,还可以有其它的名称,本申请不做限定。In a 5G communication system, the data network element may be a data network element. In the future communication system, the data network element may still be a DN network element, or may have other names, which are not limited in this application.
5、AMF 105:主要用于移动性管理和接入管理等,可以用于实现MME功能中除会 话管理之外的其它功能,例如,合法监听以及接入授权/鉴权等功能。5. AMF 105: Mainly used for mobility management and access management, etc., and can be used to implement other functions other than session management in MME functions, such as legal interception and access authorization/authentication functions.
在5G通信系统中,该接入和移动管理网元可以是接入和移动管理功能(access and mobility management function,AMF)。在未来通信系统中,接入和移动管理设备仍可以是AMF,或者,还可以有其它的名称,本申请不做限定。In a 5G communication system, the access and mobility management network element may be an access and mobility management function (AMF). In the future communication system, the access and mobility management device may still be AMF, or may have other names, which are not limited in this application.
6、会话管理功能(session management function,SMF)106:主要用于会话管理、用户设备的网络互连协议(internet protocol,IP)地址分配和管理、选择可管理用户平面功能、策略控制和收费功能接口的终结点以及下行数据通知等。6. Session management function (SMF) 106: Mainly used for session management, Internet protocol (IP) address allocation and management of user equipment, selection and management of user plane functions, policy control and charging functions The endpoint of the interface and the downlink data notification, etc.
在5G通信系统中,该会话管理网元可以是会话管理功能网元。在未来通信系统中,会话管理网元仍可以是SMF网元,或者,还可以有其它的名称,本申请不做限定。In a 5G communication system, the session management network element may be a session management function network element. In the future communication system, the session management network element may still be an SMF network element, or may have other names, which are not limited in this application.
7、策略控制功能(policy control function,PCF)107:用于指导网络行为的统一策略框架,为控制面功能网元(例如AMF,SMF等)提供策略规则信息等。7. Policy control function (PCF) 107: a unified policy framework for guiding network behavior, providing policy rule information and the like for control plane functional network elements (such as AMF, SMF, etc.).
在4G通信系统中,该策略控制网元可以是策略和计费规则功能(policy and charging rules function,PCRF)网元。在5G通信系统中,该策略控制网元可以是策略控制功能PCF网元。在未来通信系统中,策略控制网元仍可以是PCF网元,或者,还可以有其它的名称,本申请不做限定。In a 4G communication system, the policy control network element may be a policy and charging rules function (policy and charging rules function, PCRF) network element. In a 5G communication system, the policy control network element may be a policy control function PCF network element. In the future communication system, the policy control network element may still be the PCF network element, or may have other names, which are not limited in this application.
8、应用功能(application function,AF)108:用于进行应用影响的数据路由,无线接入网络开放功能网元,与策略框架交互进行策略控制等。8. Application function (AF) 108: used to perform data routing affected by applications, open functional network elements of the wireless access network, interact with the policy framework to perform policy control, and the like.
在5G通信系统中,该应用网元可以是应用功能网元。在未来通信系统中,应用网元仍可以是AF网元,或者,还可以有其它的名称,本申请不做限定。In a 5G communication system, the application network element may be an application function network element. In the future communication system, the application network element may still be the AF network element, or may have other names, which are not limited in this application.
9、统一数据管理(unified data management,UDM)109:用于处理UE标识,接入鉴权,注册以及移动性管理等。9. Unified data management (UDM) 109: used for processing UE identification, access authentication, registration, and mobility management.
在5G通信系统中,该数据管理网元可以是统一数据管理网元;在4G通信系统中,该数据管理网元可以是归属用户服务器(home subscriber server,HSS)网元在未来通信系统中,统一数据管理仍可以是UDM网元,或者,还可以有其它的名称,本申请不做限定。In a 5G communication system, the data management network element may be a unified data management network element; in a 4G communication system, the data management network element may be a home subscriber server (HSS) network element. In future communication systems, The unified data management may still be a UDM network element, or may have other names, which are not limited in this application.
10、统一数据存储(unified data repository,UDR)110:主要包括以下功能:签约数据、策略数据、应用数据等类型数据的存取功能。10. Unified data repository (UDR) 110: It mainly includes the following functions: access functions of contract data, policy data, application data and other types of data.
11、认证服务器(authentication server function,AUSF)111:用于鉴权服务、产生密钥实现对用户设备的双向鉴权,支持统一的鉴权框架。11. Authentication server function (AUSF) 111: used to authenticate services, generate keys to realize bidirectional authentication of user equipment, and support a unified authentication framework.
在5G通信系统中,该认证服务器可以是认证服务器功能网元。在未来通信系统中,认证服务器功能网元仍可以是AUSF网元,或者,还可以有其它的名称,本申请不做限定。In a 5G communication system, the authentication server may be an authentication server function network element. In the future communication system, the authentication server function network element may still be the AUSF network element, or may have other names, which are not limited in this application.
可以理解的是,上述网元或者功能既可以是硬件设备中的网络元件,也可以是在专用硬件上运行软件功能,或者是平台(例如,云平台)上实例化的虚拟化功能。为方便说明,本申请后续,以网络设备为接入和移动管理网元AMF,基站为无线接入网络RAN为例进行说明。It can be understood that the above network elements or functions may be network elements in hardware devices, software functions running on dedicated hardware, or virtualized functions instantiated on a platform (eg, a cloud platform). For the convenience of description, in the following sections of this application, the network device is the access and mobility management network element AMF, and the base station is the radio access network RAN as an example for description.
在图1所示的网络架构中,用户设备通过N1接口与AMF连接,RAN通过N2接口与AMF连接,RAN通过N3接口与UPF连接。UPF之间通过N9接口连接,UPF通过N6接口DN互联。SMF通过N4接口控制UPF。AMF通过N11接口与SMF接口。AMF通过N8接口从UDM单元获取用户设备签约数据,SMF通过N10接口从UDM单元获取用户设备签约数据。In the network architecture shown in FIG. 1 , the user equipment is connected to the AMF through the N1 interface, the RAN is connected to the AMF through the N2 interface, and the RAN is connected to the UPF through the N3 interface. The UPFs are connected through the N9 interface, and the UPFs are interconnected through the N6 interface DN. The SMF controls the UPF through the N4 interface. The AMF interfaces with the SMF through the N11 interface. The AMF obtains user equipment subscription data from the UDM unit through the N8 interface, and the SMF obtains the user equipment subscription data from the UDM unit through the N10 interface.
应理解,上述应用于本申请实施例的网络架构仅是一种举例说明,适用本申请实施例的网络架构并不局限于此,任何能够实现上述各个网元的功能的网络架构都适用于本申请实施例。It should be understood that the above-mentioned network architecture applied to the embodiments of the present application is only an example, and the network architecture applicable to the embodiments of the present application is not limited thereto, and any network architecture capable of implementing the functions of the above-mentioned network elements is applicable to the present application. Application Examples.
例如,在某些网络架构中,AMF、SMF网元、PCF网元、BSF网元以及UDM网元等网络功能网元实体都称为网络功能(network function,NF)网元;或者,在另一些网络架构中,AMF,SMF网元,PCF网元,BSF网元,UDM网元等网元的集合都可以称为控制面功能网元。For example, in some network architectures, network function network element entities such as AMF, SMF network element, PCF network element, BSF network element, and UDM network element are all called network function (NF) network elements; In some network architectures, a set of network elements such as AMF, SMF network element, PCF network element, BSF network element, and UDM network element may be called control plane functional network elements.
为了便于理解本申请实施例提供的无线通信的方法,下面结合图2简单介绍AMF通过RAN判断UE是否具备IMS-VoPS能力的过程200。如图2所示,该过程200包括以下步骤:In order to facilitate the understanding of the wireless communication method provided by the embodiments of the present application, the following briefly introduces a process 200 of the AMF judging whether the UE has the IMS-VoPS capability through the RAN with reference to FIG. 2 . As shown in Figure 2, the process 200 includes the following steps:
S210,UE向AMF发送注册请求消息。S210, the UE sends a registration request message to the AMF.
S220,AMF向RAN发送UE能力匹配请求消息。S220, the AMF sends a UE capability matching request message to the RAN.
AMF接收到UE发送的注册请求之后,通过向RAN发送UE能力匹配请求消息,使得RAN判断UE及网络是否具备IMS-VoPS能力。After receiving the registration request sent by the UE, the AMF sends the UE capability matching request message to the RAN, so that the RAN determines whether the UE and the network have the IMS-VoPS capability.
如果AMF事先保存有该UE的无线能力信息,则AMF会在UE能力匹配请求消息中携带该UE的无线能力信息。If the AMF stores the radio capability information of the UE in advance, the AMF will carry the radio capability information of the UE in the UE capability matching request message.
如果RAN没有从AMF处接收到该UE的无线能力信息,且其本地也没有保存该UE的无线能力信息,则可选地,在S230,RAN向UE发送UE能力查询消息,以请求获取该UE的无线能力信息。If the RAN does not receive the wireless capability information of the UE from the AMF, and does not store the wireless capability information of the UE locally, optionally, at S230, the RAN sends a UE capability query message to the UE to request to obtain the UE. wireless capability information.
可选地,在S240,UE根据RAN发送的UE能力查询消息,向RAN发送其无线能力信息。Optionally, at S240, the UE sends its radio capability information to the RAN according to the UE capability query message sent by the RAN.
S250,RAN根据该UE的无线能力信息判断该UE是否具备IMS-VoPS能力。S250, the RAN determines whether the UE has the IMS-VoPS capability according to the radio capability information of the UE.
RAN还可以判断网络是否具备IMS-VoPS能力。The RAN can also determine whether the network has IMS-VoPS capability.
S260,RAN向AMF发送UE能力匹配响应消息。S260, the RAN sends a UE capability matching response message to the AMF.
RAN判断UE及网络是否均具备IMS-VoPS能力,判断完成之后,通过UE能力匹配响应消息向AMF发送判断结果。The RAN determines whether both the UE and the network have the IMS-VoPS capability. After the determination is completed, the RAN sends the determination result to the AMF through the UE capability matching response message.
可选地,在S270,RAN向AMF发送UE能力指示消息。Optionally, at S270, the RAN sends a UE capability indication message to the AMF.
当RAN执行了步骤S230和步骤S240,即RAN没有UE的无线能力信息,也没有从AMF接收到UE的无线能力信息,而是通过UE能力查询消息从UE处获取到UE的无线能力信息时,RAN可以通过UE能力指示消息向AMF发送该UE的无线能力信息。AMF接收到该UE的无线能力信息后,在本地保存,以备后续再需要执行上述流程时,AMF可以将该UE的无线能力信息发送给RAN来使用。When the RAN performs steps S230 and S240, that is, the RAN does not have the wireless capability information of the UE, nor does it receive the wireless capability information of the UE from the AMF, but obtains the wireless capability information of the UE from the UE through the UE capability query message, The RAN may send the radio capability information of the UE to the AMF through the UE capability indication message. After the AMF receives the wireless capability information of the UE, it is stored locally, in case the above process needs to be performed later, the AMF can send the wireless capability information of the UE to the RAN for use.
S280,AMF向UE发送注册接受消息。S280, the AMF sends a registration accept message to the UE.
示例性地,AMF根据UE能力匹配响应消息确定基站的判断结果。当判断结果指示UE和网络均具备IMS-VoPS能力,即网络可以为UE提供IMS-VoPS业务,则AMF会对网络特性参数中用于指示IMS-VoPS能力的信息进行设置,并通过注册接受消息中的网络特性参数发送给UE。Exemplarily, the AMF determines the judgment result of the base station according to the UE capability matching response message. When the judgment result indicates that both the UE and the network have IMS-VoPS capabilities, that is, the network can provide IMS-VoPS services for the UE, the AMF will set the information used to indicate the IMS-VoPS capabilities in the network characteristic parameters, and accept the message through the registration The network characteristic parameters in the , are sent to the UE.
但是,根据5G安全标准的要求,只有在UE与RAN之间的AS安全已经建立的情况下,RAN才能向UE发送获取UE的无线能力信息的请求。这也就意味着,对于不支持建 立AS安全上下文的UE,如果RAN没有获得该UE的无线能力信息,且RAN无法从该UE获取该无线能力信息,则RAN无法判断UE侧是否具备IMS-VoPS能力。其次,对于支持建立AS安全的UE,RAN在发送获取UE的无线能力信息的请求之前,如果该AS安全未建立,则该RAN无法获取该UE无线能力信息,因此也会出现RAN无法判断UE侧是否具备IMS-VoPS能力的情况。显然,RAN无法判断UE侧是否具备IMS-VoPS能力,从而导致在该UE具备IMS-VoPS能力的情况下,网络也无法为该UE提供IMS-VoPS业务。另外,在其他一些场景,比如在紧急业务或者UE不支持AS安全场景下,也需要解决RAN如何获得UE无线能力的问题,进而执行相关的判断。However, according to the requirements of the 5G security standard, only when the AS security between the UE and the RAN has been established, the RAN can send a request to the UE to obtain the wireless capability information of the UE. This means that for a UE that does not support establishing AS security context, if the RAN does not obtain the wireless capability information of the UE, and the RAN cannot obtain the wireless capability information from the UE, the RAN cannot determine whether the UE has IMS-VoPS. ability. Secondly, for a UE that supports the establishment of AS security, before the RAN sends a request to obtain the wireless capability information of the UE, if the AS security is not established, the RAN cannot obtain the wireless capability information of the UE, so the RAN cannot judge the UE side. Whether it has IMS-VoPS capability. Obviously, the RAN cannot judge whether the UE has the IMS-VoPS capability, so that the network cannot provide the IMS-VoPS service for the UE even if the UE has the IMS-VoPS capability. In addition, in other scenarios, such as emergency services or scenarios where the UE does not support AS security, it is also necessary to solve the problem of how the RAN obtains the wireless capability of the UE, and then perform related judgments.
图3示出了本申请实施例提供的无线通信方法300的示意性流程图。从图3中可以看出,该方法300包括:FIG. 3 shows a schematic flowchart of a wireless communication method 300 provided by an embodiment of the present application. As can be seen from Figure 3, the method 300 includes:
S301,终端设备向网络设备发送第一消息。S301, a terminal device sends a first message to a network device.
对应地,网络设备接收终端设备发送的第一消息,该第一消息例如可以是注册请求消息,该注册请求消息用于终端设备向网络设备请求接入网络。Correspondingly, the network device receives a first message sent by the terminal device, where the first message may be, for example, a registration request message, where the registration request message is used by the terminal device to request the network device to access the network.
S302,网络设备确定终端设备不支持AS安全。S302, the network device determines that the terminal device does not support AS security.
当网络设备确定该终端设备不支持AS安全,在S303,网络设备向基站发送第一指示信息,该第一指示信息用于指示该终端设备不支持AS安全。When the network device determines that the terminal device does not support AS security, in S303, the network device sends first indication information to the base station, where the first indication information is used to indicate that the terminal device does not support AS security.
可选地,在另一种可能的实现方式,网络设备确定终端设备不需要开启AS安全或者当前不需要开启AS安全,例如在紧急业务场景,终端设备当前不需要开启AS安全。在S303,网络设备向基站发送第一指示信息,该第一指示信息用于指示该终端设备不需要开启AS安全或者当前不需要开启AS安全。或者在紧急业务场景中,该第一指示信息用于指示紧急业务,基站根据该第一指示信息确定终端设备希望使用紧急业务。Optionally, in another possible implementation manner, the network device determines that the terminal device does not need to enable AS security or currently does not need to enable AS security. For example, in an emergency service scenario, the terminal device does not currently need to enable AS security. At S303, the network device sends first indication information to the base station, where the first indication information is used to indicate that the terminal device does not need to enable AS security or does not currently need to enable AS security. Or in an emergency service scenario, the first indication information is used to indicate an emergency service, and the base station determines, according to the first indication information, that the terminal device wishes to use the emergency service.
可选地,当网络设备确定终端设备不支持AS安全,网络设备向基站发送加密空算法和/或完整性保护空算法。基站根据网络设备发送的加密空算法和/或完整性保护空算法确定终端设备不支持AS安全或者终端设备(当前)不需要开启AS安全或者终端设备仅支持基于空算法保护的AS安全。Optionally, when the network device determines that the terminal device does not support AS security, the network device sends an encryption null algorithm and/or an integrity protection null algorithm to the base station. The base station determines, according to the encrypted null algorithm and/or the integrity protection null algorithm sent by the network device, that the terminal device does not support AS security, or that the terminal device (currently) does not need to enable AS security, or that the terminal device only supports AS security based on null algorithm protection.
S304,网络设备向基站发送第一请求信息,该第一请求信息用于请求该基站判断该终端设备是否具备IMS-VoPS能力。S304, the network device sends first request information to the base station, where the first request information is used to request the base station to determine whether the terminal device has the IMS-VoPS capability.
应理解,第一指示信息和第一请求信息可以在一个消息里下发,也可以在不同消息里下发。It should be understood that the first indication information and the first request information may be delivered in one message, or may be delivered in different messages.
具体地,第一请求信息可以承载在能力匹配请求消息中,占用一个或多个字段。第一指示信息,可以承载在能力匹配请求消息中,也可以承载在其他消息中。即,该第一指示信息和该第一请求信息可以同时发送,也可以先后分别发送,本申请对此不做限定。Specifically, the first request information may be carried in the capability matching request message, occupying one or more fields. The first indication information may be carried in the capability matching request message, or may be carried in other messages. That is, the first indication information and the first request information may be sent at the same time, or may be sent separately in succession, which is not limited in this application.
S305,基站向终端设备发送用于获取该终端设备的无线能力信息的请求信息。S305: The base station sends request information for acquiring wireless capability information of the terminal device to the terminal device.
当基站接收到网络设备发送的第一请求信息之后,若基站不能通过自身保存的信息和第一请求信息携带的信息中获取到终端设备的无线能力信息,则基站根据第一指示信息向终端设备发送用于获取该终端设备的无线能力信息的请求信息,该请求信息未进行AS安全保护。After the base station receives the first request information sent by the network device, if the base station cannot obtain the wireless capability information of the terminal device from the information stored by itself and the information carried by the first request information, the base station will send the terminal device to the terminal device according to the first indication information. Send request information for acquiring wireless capability information of the terminal device, the request information is not protected by AS security.
具体来说,当基站和网络设备均没有终端设备的无线能力信息时,根据第一请求信息,基站需要向该终端设备发送请求信息以获取该网络设备的无线能力信息。根据第一指示信 息,基站可以确定该终端设备不支持AS安全,或者,在另一种可能的实现方式中,基站根据第一指示信息确定终端设备不需要开启AS安全或者当前不需要开启AS安全或者终端设备仅支持基于空算法保护的AS安全或者终端设备希望使用紧急业务。此时,基站在AS安全没有建立(或者AS安全建立失败,或者AS空算法保护)的情况下,向终端设备发送该用于获取该终端设备的无线能力信息的请求信息。该请求信息未进行AS安全保护。Specifically, when neither the base station nor the network device has wireless capability information of the terminal device, according to the first request information, the base station needs to send request information to the terminal device to obtain the wireless capability information of the network device. According to the first indication information, the base station may determine that the terminal device does not support AS security, or, in another possible implementation manner, the base station determines, according to the first indication information, that the terminal device does not need to enable AS security or currently does not need to enable AS security Or the terminal device only supports AS security based on null algorithm protection or the terminal device wishes to use emergency services. At this time, when the AS security is not established (or the AS security establishment fails, or the AS null algorithm protection), the base station sends the request information for acquiring the wireless capability information of the terminal device to the terminal device. The request information is not protected by AS security.
当然,基站在根据第一指示信息向该终端设备发送该请求信息之前,也可以不考虑自身以及第一请求信息中是否有该无线能力信息。或者,只考虑其中的一个,比如,在确定自身没有该无线能力信息后,发送该请求信息,或者是在确定该第一请求信息中没有该无线能力信息后,发送该请求信息。Of course, before sending the request information to the terminal device according to the first indication information, the base station may not consider whether the base station and the first request information have the wireless capability information. Or, only one of them is considered, for example, the request information is sent after it is determined that it does not have the wireless capability information, or the request information is sent after it is determined that the first request information does not have the wireless capability information.
S306,终端设备向基站发送其无线能力信息。S306, the terminal device sends its wireless capability information to the base station.
终端设备接收到基站发送的用于获取无线能力信息的请求信息之后,向基站发送该终端设备的无线能力信息,该无线能力信息也没有进行AS安全保护。After receiving the request information sent by the base station for acquiring the wireless capability information, the terminal device sends the wireless capability information of the terminal device to the base station, and the wireless capability information is also not protected by AS.
可选地,在S307,基站根据终端设备的无线能力信息判断该终端设备是否具备IMS-VoPS能力。应理解,本申请对基站判断终端设备是否具备IMS-VoPS能力的方式不做限定。Optionally, in S307, the base station determines whether the terminal device has the IMS-VoPS capability according to the wireless capability information of the terminal device. It should be understood that the present application does not limit the manner in which the base station determines whether the terminal device has the IMS-VoPS capability.
可选地,在S308,基站将判断结果发送给网络设备,该判断结果可以是S307中基站做出的终端设备是否具备IMS-VoPS能力的判断结果,也可以是基站做出的网络是否支持IMS-VoPS业务的判断结果,或者是终端设备和网络之间是否支持IMS-VoPS业务的判断结果,本申请对此不作限定。Optionally, in S308, the base station sends the judgment result to the network device, and the judgment result may be the judgment result of whether the terminal device has IMS-VoPS capability made by the base station in S307, or whether the network supports IMS made by the base station. - The judgment result of the VoPS service, or the judgment result of whether the terminal device and the network support the IMS-VoPS service, which is not limited in this application.
网络设备可以根据判断结果确定网络支持IMS-VoPS业务,或者是否可以为终端设备提供IMS-VoPS业务。The network device can determine whether the network supports the IMS-VoPS service, or whether the terminal device can provide the IMS-VoPS service according to the judgment result.
可选的,基站发送在S306获得的无线能力信息给网络设备。Optionally, the base station sends the wireless capability information obtained in S306 to the network device.
本申请实施例的无线通信方法,通过向网络设备指示终端设备不支持AS安全,使得基站在不建立AS安全(或者AS安全建立失败,或者AS空算法保护的情况下)的情况下,向终端设备发送用于获取无线能力信息的请求信息,该请求信息未进行AS安全保护,从而使得基站在终端设备不支持AS安全的情况下,仍然可以成功获取终端设备的无线能力信息,从而可以成功判断终端侧是否具备IMS-VoPS能力。The wireless communication method according to the embodiment of the present application indicates to the network device that the terminal device does not support AS security, so that the base station sends the terminal device to the terminal without establishing the AS security (or when the AS security establishment fails, or when the AS is protected by a null algorithm). The device sends request information for acquiring wireless capability information, the request information is not protected by AS security, so that the base station can still successfully acquire the wireless capability information of the terminal device even if the terminal device does not support AS security, so that it can successfully determine Whether the terminal side has the IMS-VoPS capability.
图4示出了本申请实施例提供的无线通信方法400的示意性流程图。从图4中可以看出,该方法400包括:FIG. 4 shows a schematic flowchart of a wireless communication method 400 provided by an embodiment of the present application. As can be seen from Figure 4, the method 400 includes:
S401,终端设备向网络设备发送第一消息。S401, a terminal device sends a first message to a network device.
对应地,网络设备接收终端设备发送的第一消息,该第一消息例如可以是注册请求消息,该注册请求消息用于终端设备向网络设备请求接入网络。Correspondingly, the network device receives a first message sent by the terminal device, where the first message may be, for example, a registration request message, where the registration request message is used by the terminal device to request the network device to access the network.
S402,网络设备确定终端设备支持AS安全。S402, the network device determines that the terminal device supports AS security.
示例性地,网络设备确定该终端设备是否支持AS安全,具体例如,网络设备接收第二指示信息,该第二指示信息用于指示该终端设备是否支持AS安全。Exemplarily, the network device determines whether the terminal device supports AS security. Specifically, for example, the network device receives second indication information, where the second indication information is used to indicate whether the terminal device supports AS security.
当网络设备确定该终端设备支持AS安全,在S403,网络设备向基站发送第二请求信息,该第二请求信息用于请求基站建立AS安全上下文。When the network device determines that the terminal device supports AS security, in S403, the network device sends second request information to the base station, where the second request information is used to request the base station to establish an AS security context.
在另一种可能的实现方式,网络设备确定终端设备需要开启AS安全。示例性地,网络设备接收第二指示信息,该第二指示信息用于指示该终端设备需要开启AS安全。当网 络设备确定终端设备需要开启AS安全,在S403,网络设备向基站发送第二请求信息和指示终端设备需要开启AS安全的指示信息,该第二请求信息用于请求基站建立AS安全。In another possible implementation manner, the network device determines that the terminal device needs to enable AS security. Exemplarily, the network device receives second indication information, where the second indication information is used to indicate that the terminal device needs to enable AS security. When the network device determines that the terminal device needs to enable AS security, in S403, the network device sends second request information and instruction information indicating that the terminal device needs to enable AS security to the base station, where the second request information is used to request the base station to establish AS security.
S404,基站建立AS安全上下文。S404, the base station establishes the AS security context.
具体地,基站根据第二请求信息,建立与终端设备之间的AS安全上下文。即,基站建立了与终端之间的AS安全上下文,之后基站可以通过该AS安全上下文获取终端设备的无线能力信息。Specifically, the base station establishes the AS security context with the terminal device according to the second request information. That is, the base station establishes the AS security context with the terminal, and then the base station can acquire the wireless capability information of the terminal device through the AS security context.
S405,基站向网络设备发送响应信息。S405, the base station sends response information to the network device.
具体地,基站向网络设备发送响应于第二请求信息的响应信息。Specifically, the base station sends response information in response to the second request information to the network device.
需要说明的是,该基站可以在接收到第二请求信息之后即向网络设备发送该响应消息,也可以是AS安全上下文建立完成之后再向网络发送该响应消息,本申请对此不做限定。It should be noted that the base station may send the response message to the network device after receiving the second request information, or may send the response message to the network after the AS security context is established, which is not limited in this application.
S406,网络设备向基站发送第三请求信息。S406, the network device sends third request information to the base station.
可选的,在接收到来自基站的响应于第二请求信息的响应信息之后,网络设备向基站发送第三请求信息;或者在发送了第二请求信息之后,网络设备即发送第三请求消息。该第三请求信息用于请求基站根据终端设备的无线能力信息判断终端设备是否具备IMS-VoPS能力。该第三请求信息与前述图3对应的实施例中的第一请求信息类似,比如,可以承载在能力匹配请求消息中,不再赘述。Optionally, after receiving the response information from the base station in response to the second request information, the network device sends the third request information to the base station; or after sending the second request information, the network device sends the third request message. The third request information is used to request the base station to determine whether the terminal device has the IMS-VoPS capability according to the wireless capability information of the terminal device. The third request information is similar to the first request information in the foregoing embodiment corresponding to FIG. 3 , for example, it may be carried in a capability matching request message, which will not be described again.
可选地,在另一种可能的实现方式,当基站接收到网络设备发送的第二请求信息和指示终端设备需要开启AS安全的指示信息(或者终端设备当前需要开启AS安全的指示信息)之后,基站根据第二请求信息建立与终端设备之间的AS安全上下文。当该AS安全上下文建立成功,基站根据第三请求信息向终端设备发送用于获取终端设备的无线能力信息的请求信息;当AS安全上下文建立失败,基站向终端设备发送拒绝消息或者用于指示AS安全上下文建立失败的指示信息。Optionally, in another possible implementation manner, after the base station receives the second request information sent by the network device and the instruction information indicating that the terminal device needs to enable AS security (or the instruction information that the terminal device currently needs to enable AS security) , the base station establishes the AS security context with the terminal device according to the second request information. When the AS security context is established successfully, the base station sends request information for acquiring the wireless capability information of the terminal device to the terminal device according to the third request information; when the AS security context is failed to be established, the base station sends a reject message to the terminal device or indicates the AS Indication of a failed security context establishment.
S407,基站向终端设备发送用于获取该终端设备的无线能力信息的请求信息。S407: The base station sends request information for acquiring wireless capability information of the terminal device to the terminal device.
当基站接收到网络设备发送的第一请求信息之后,若基站不能通过自身保存的信息和第三请求信息携带的信息中获取到终端设备的无线能力信息,则基站向终端设备发送用于获取该终端设备的无线能力信息的请求信息,该请求信息已进行AS安全保护。After the base station receives the first request information sent by the network device, if the base station cannot obtain the wireless capability information of the terminal device from the information stored by itself and the information carried in the third request information, the base station sends a message to the terminal device for obtaining the wireless capability information. Request information for the wireless capability information of the terminal device, the request information has been protected by AS security.
具体来说,当基站和网络设备均没有终端设备的无线能力信息时,基站需要向该终端设备发送请求信息以获取该网络设备的无线能力信息。在此之前,若AS安全上下文还没有建立,则基站根据第二请求信息建立与终端设备之间的AS安全上下文,因此该用于获取终端设备的无线能力信息的请求信息是在具备AS安全保护的情况下发送。Specifically, when neither the base station nor the network device has wireless capability information of the terminal device, the base station needs to send request information to the terminal device to obtain the wireless capability information of the network device. Before that, if the AS security context has not been established, the base station establishes the AS security context with the terminal device according to the second request information. Therefore, the request information for acquiring the wireless capability information of the terminal device is provided when the AS security protection is provided. sent in the case.
S408,终端设备向基站发送其无线能力信息。S408, the terminal device sends its wireless capability information to the base station.
终端设备接收到基站发送的用于获取无线能力信息的请求信息之后,向基站发送它的无线能力信息。具体例如,终端设备向基站发送响应消息,该响应消息中携带其无线能力信息,该响应消息也进行了AS安全保护。基站从来自终端设备的响应消息中获取该终端设备的无线能力信息After receiving the request information for acquiring wireless capability information sent by the base station, the terminal device sends its wireless capability information to the base station. Specifically, for example, the terminal device sends a response message to the base station, where the response message carries its wireless capability information, and the response message is also protected by AS security. The base station obtains the wireless capability information of the terminal device from the response message from the terminal device
可选地,在S409,基站根据终端设备的无线能力信息判断该终端设备是否具备IMS-VoPS能力。应理解,本申请对基站判断终端设备是否具备IMS-VoPS能力的方式不做限定。Optionally, in S409, the base station determines whether the terminal device has the IMS-VoPS capability according to the wireless capability information of the terminal device. It should be understood that the present application does not limit the manner in which the base station determines whether the terminal device has the IMS-VoPS capability.
可选地,在S410,基站将判断结果发送给网络设备。该判断结果与图3对应的实施例中步骤S308中的判断结果类似,比如,可以是基站在S409做出的判断结果,或是网络是否支持IMS-VoPS业务的判断结果等,不再赘述。Optionally, at S410, the base station sends the judgment result to the network device. The judgment result is similar to the judgment result in step S308 in the embodiment corresponding to FIG. 3 , for example, it may be the judgment result made by the base station in S409, or the judgment result of whether the network supports IMS-VoPS service, etc., which will not be repeated.
网络设备可以根据判断结果确定是否可以为终端设备提供IMS-VoPS业务。The network device can determine whether the terminal device can be provided with the IMS-VoPS service according to the judgment result.
本申请实施例的无线通信方法,网络设备在确定了终端设备支持AS安全之后,请求基站建立AS安全上下文,使得基站在AS安全建立完成的情况下,向终端设备发送用于获取无线能力信息的请求信息,从而使得基站与终端设备之间交互的信息可以得到AS安全保护,且基站可以成功获取终端设备的无线能力信息,从而能够成功判断终端侧是否具备IMS-VoPS能力。In the wireless communication method of the embodiment of the present application, after determining that the terminal device supports AS security, the network device requests the base station to establish the AS security context, so that the base station sends the terminal device a message for acquiring wireless capability information when the AS security establishment is completed. Request information, so that the information exchanged between the base station and the terminal device can be protected by AS security, and the base station can successfully obtain the wireless capability information of the terminal device, so as to successfully determine whether the terminal side has the IMS-VoPS capability.
图5示出了本申请实施例提供的无线通信方法500的示意性流程图。从图5中可以看出,该方法500包括:FIG. 5 shows a schematic flowchart of a wireless communication method 500 provided by an embodiment of the present application. As can be seen from Figure 5, the method 500 includes:
S501,UE发送注册请求消息至AMF。S501, the UE sends a registration request message to the AMF.
可选地,该注册请求消息中携带第三指示信息,该第三指示信息用于指示该UE不支持AS安全。Optionally, the registration request message carries third indication information, where the third indication information is used to indicate that the UE does not support AS security.
可选地,UE发送第三指示信息之后,在本地保存该第三指示信息,以便后续用于安全验证。Optionally, after the UE sends the third indication information, the third indication information is stored locally for subsequent use in security verification.
应理解,该第三指示信息还可以不通过注册请求消息发送,例如,该第三指示信息为一个独立的参数,该UE可以将该参数通过其他消息单独发送给AMF,本申请对此不作限定。It should be understood that the third indication information may not be sent through the registration request message. For example, the third indication information is an independent parameter, and the UE may send the parameter to the AMF separately through other messages, which is not limited in this application. .
还应理解,该第三指示信息可以是UE安全能力(UE security capability)信息的一部分,这里UE安全能力信息用来表示UE的安全能力,其中包括UE支持的安全算法等信息。因此也可以将第三指示信息写入UE安全能力信息,并发送给AMF。It should also be understood that the third indication information may be a part of UE security capability (UE security capability) information, where the UE security capability information is used to represent the security capability of the UE, including information such as security algorithms supported by the UE. Therefore, the third indication information can also be written into the UE security capability information and sent to the AMF.
可选地,第三指示信息可以是其他能够用来指示UE的AS安全能力的信息。例如,该第三指示信息为指示UE仅支持控制平面蜂窝物联网(control plane cellular IoT,CP CIoT)业务的指示信息(CP only指示信息),因为CP CIoT业务不需要AS安全,因此仅支持CP CIoT业务的UE可以理解为该UE不支持AS安全。Optionally, the third indication information may be other information that can be used to indicate the AS security capability of the UE. For example, the third indication information is indication information (CP only indication information) indicating that the UE only supports the control plane cellular IoT (control plane cellular IoT, CP CIoT) service, because the CP CIoT service does not require AS security, and therefore only supports the CP The UE of the CIoT service can be understood as the UE does not support AS security.
可选的,第三指示信息可以是用来指示使用CP CIoT业务。Optionally, the third indication information may be used to indicate the use of the CP CIoT service.
可选地,第三指示信息还可能携带不需要AS安全的业务标识,该不需要AS安全的业务标识表示UE不需要支持AS安全也能使用,因此可以理解为UE不支持AS安全。例如,该第三指示信息携带紧急业务标识,因为紧急业务场景下,不需要开启UE的安全机制,包括不需要开启AS安全。Optionally, the third indication information may also carry a service identifier that does not require AS security. The service identifier that does not require AS security indicates that the UE can use it without supporting AS security, so it can be understood that the UE does not support AS security. For example, the third indication information carries the emergency service identifier, because in the emergency service scenario, it is not necessary to enable the security mechanism of the UE, including the need to enable AS security.
在另一种可能的实现方式中,第三指示信息用于指示UE不需要开启AS安全或者当前不需要开启AS安全,例如在紧急业务场景,UE当前不需要开启AS安全。或者在紧急业务场景中,第三指示信息用于指示紧急业务,RAN可以根据该第三指示信息确定终端设备希望使用紧急业务。AMF接收到UE发送的注册请求消息之后,执行对UE的认证。应理解,这里认证可以是网络的初始认证方式,该网络例如是5G网络,或者该认证是基于已有安全上下文对UE进行认证,本申请对此不作限定;In another possible implementation manner, the third indication information is used to indicate that the UE does not need to enable AS security or currently does not need to enable AS security, for example, in an emergency service scenario, the UE does not currently need to enable AS security. Or in an emergency service scenario, the third indication information is used to indicate the emergency service, and the RAN may determine that the terminal device wishes to use the emergency service according to the third indication information. After the AMF receives the registration request message sent by the UE, it performs authentication to the UE. It should be understood that the authentication here can be an initial authentication method of a network, such as a 5G network, or the authentication is to authenticate the UE based on an existing security context, which is not limited in this application;
认证后,最终双方都保存了非接入层(non-access stratum,NAS)保护密钥,包括NAS加密密钥和NAS完整性保护密钥。After authentication, both parties finally save the non-access stratum (NAS) protection keys, including the NAS encryption key and the NAS integrity protection key.
可选地,在S502,AMF向UE发送NAS安全模式命令消息。Optionally, at S502, the AMF sends a NAS security mode command message to the UE.
若是需要执行NAS安全模式命令(security mode command,SMC)的场景,则AMF向UE发送NAS安全模式命令消息。If it is necessary to execute a NAS security mode command (security mode command, SMC) scenario, the AMF sends a NAS security mode command message to the UE.
需要说明的是,该需要执行NAS SMC的场景例如可以是:初始认证后,需要建立NAS安全;或者需要对AMF密钥(AMF key)进行了推演,或者根据本地策略需要执行NAS SMC,本申请对此不做限定。It should be noted that the scenario in which the NAS SMC needs to be executed may be, for example: after the initial authentication, NAS security needs to be established; or the AMF key (AMF key) needs to be deduced, or the NAS SMC needs to be executed according to the local policy, this application This is not limited.
应理解,该NAS安全模式命令消息是基于AMF与UE之间共享的NAS完整性保护密钥进行了完整性保护的,攻击者若篡改此消息,则UE会校验不通过。It should be understood that the NAS security mode command message is integrity-protected based on the NAS integrity protection key shared between the AMF and the UE. If an attacker tampers with this message, the UE will fail the verification.
可选地,该NAS安全模式命令消息携带第三指示信息,以便对消息进行安全验证。Optionally, the NAS security mode command message carries third indication information, so as to perform security verification on the message.
还应理解,如果第三指示信息是UE安全能力信息的一部分,即NAS安全模式命令消息中已经携带了UE安全能力参数,则不需要再次额外发送第三指示信息。It should also be understood that, if the third indication information is a part of the UE security capability information, that is, the NAS security mode command message already carries the UE security capability parameter, the third indication information does not need to be additionally sent again.
可选地,在S503,UE向AMF发送NAS安全模式完成消息。Optionally, at S503, the UE sends a NAS security mode complete message to the AMF.
UE接收到NAS安全模式命令消息之后,对该NAS安全模式命令消息进行完整性校验,如果校验通过,则继续执行。After receiving the NAS security mode command message, the UE performs an integrity check on the NAS security mode command message, and if the verification is passed, the execution continues.
可选的,校验该NAS安全模式命令消息中携带的第三指示信息是否与S501发送的第三指示信息一致。如果一样则发送NAS安全模式完成消息至AMF;如果不一样,则发送拒绝或者失败消息给AMF。Optionally, check whether the third indication information carried in the NAS security mode command message is consistent with the third indication information sent in S501. If they are the same, send a NAS security mode complete message to the AMF; if not, send a reject or fail message to the AMF.
可选地,也可以UE在NAS安全建立之后,再发送第三指示信息给AMF。具体可以为S503或者S503之后在受保护的NAS消息中发送第三指示信息。Optionally, the UE may also send the third indication information to the AMF after the NAS security is established. Specifically, the third indication information may be sent in the protected NAS message after S503 or after S503.
S504,AMF确定UE不支持AS安全。S504, the AMF determines that the UE does not support AS security.
可选地,在步骤S504之前,AMF接收第三指示信息,该第三指示信息用于指示UE不支持AS安全。示例性地,AMF接收UE发送的注册请求消息,并获取该注册请求消息中携带的第三指示信息。Optionally, before step S504, the AMF receives third indication information, where the third indication information is used to indicate that the UE does not support AS security. Exemplarily, the AMF receives the registration request message sent by the UE, and obtains the third indication information carried in the registration request message.
可选地,在另一种可能的实现方式,AMF确定UE不需要开启AS安全或者当前不需要开启AS安全。Optionally, in another possible implementation manner, the AMF determines that the UE does not need to enable AS security or currently does not need to enable AS security.
示例性地,AMF接收UE发送的注册请求消息,该注册请求消息携带第三指示信息,该第三指示信息用于指示UE不需要开启AS安全或者UE当前不需要开启AS安全。Exemplarily, the AMF receives a registration request message sent by the UE, where the registration request message carries third indication information, where the third indication information is used to indicate that the UE does not need to enable AS security or that the UE does not currently need to enable AS security.
作为又一示例,AMF接收UE发送的注册请求消息,此注册请求是紧急业务的注册请求,或者该注册请求消息中携带指示紧急业务的指示信息。紧急业务场景下,不需要开启AS安全,则根据此紧急业务场景,确定不需要开启UE的安全机制,包括不需要开启AS安全。As another example, the AMF receives a registration request message sent by the UE, where the registration request is a registration request for an emergency service, or the registration request message carries indication information indicating an emergency service. In an emergency service scenario, AS security does not need to be enabled, and according to this emergency service scenario, it is determined that the security mechanism of the UE does not need to be enabled, including that AS security does not need to be enabled.
示例性地,AMF接收UE发送的MM能力信息,并获取该MM能力信息中携带的第三指示信息。Exemplarily, the AMF receives the MM capability information sent by the UE, and obtains the third indication information carried in the MM capability information.
示例性地,AMF发送订阅数据请求至统一数据管理UDM,并从该UDM接收来UE的订阅信息,并获取该订阅信息中携带第三指示信息。Exemplarily, the AMF sends a subscription data request to the unified data management UDM, receives the subscription information of the UE from the UDM, and obtains that the subscription information carries the third indication information.
需要说明的是,UE发送给AMF的注册请求消息通常会携带MM能力信息。因此,当AMF通过MM能力信息或者UE的订阅信息获取第三指示信息时,可以在不改动UE的情况下,完成UE的AS安全能力的确认。It should be noted that the registration request message sent by the UE to the AMF usually carries the MM capability information. Therefore, when the AMF obtains the third indication information through the MM capability information or the subscription information of the UE, the confirmation of the AS security capability of the UE can be completed without changing the UE.
AMF根据第三指示信息确定当前UE不支持AS安全。在S506,AMF向RAN发送 UE能力匹配请求消息。The AMF determines that the current UE does not support AS security according to the third indication information. At S506, the AMF sends a UE capability matching request message to the RAN.
若AMF需要确定网络能否为UE提供IMS-VoPS业务,则AMF向RAN发送UE能力匹配请求消息,该UE能力匹配请求消息用于请求RAN判断UE是否具备IMS-VoPS能力。If the AMF needs to determine whether the network can provide the IMS-VoPS service for the UE, the AMF sends a UE capability matching request message to the RAN, and the UE capability matching request message is used to request the RAN to determine whether the UE has the IMS-VoPS capability.
可选地,该UE能力匹配请求消息中携带第四指示信息,该第四指示信息用于指示UE不支持AS安全或者该UE在当前不需要开启AS安全或者不需要开启AS安全;或者指示紧急业务,或者CP CIoT业务。Optionally, the UE capability matching request message carries fourth indication information, where the fourth indication information is used to indicate that the UE does not support AS security or that the UE does not need to enable AS security or does not need to enable AS security at present; or indicates an emergency business, or CP CIoT business.
应理解,该第四指示信息也可以不通过UE能力匹配请求消息携带,即AMF可以通过单独的消息发送该第四指示信息,本申请对此不作限定。It should be understood that the fourth indication information may not be carried by the UE capability matching request message, that is, the AMF may send the fourth indication information through a separate message, which is not limited in this application.
还应理解,该第四指示信息与第三指示信息可以相同,也可以不同,本申请对此不作限定。It should also be understood that the fourth indication information and the third indication information may be the same or different, which is not limited in this application.
可选地,该UE能力匹配请求消息中携带加密空算法和/或完整性保护空算法,RAN根据该加密空算法和/或完整性保护空算法确定UE不支持AS安全或者UE(当前)不需要开启AS安全或者UE仅支持基于空算法保护的AS安全。Optionally, the UE capability matching request message carries an encrypted null algorithm and/or an integrity protection null algorithm, and the RAN determines according to the encrypted null algorithm and/or the integrity protection null algorithm that the UE does not support AS security or that the UE (currently) does not. AS security needs to be enabled or the UE only supports AS security based on null algorithm protection.
可选地,在步骤S506之前,即在AMF向RAN发送UE能力匹配请求消息之前,AMF计算完整性保护参数,该完整性保护参数用于UE验证网络发来的消息是否被篡改。Optionally, before step S506, that is, before the AMF sends the UE capability matching request message to the RAN, the AMF calculates an integrity protection parameter, and the integrity protection parameter is used by the UE to verify whether the message sent by the network has been tampered with.
示例性地,该完整性保护参数为消息认证码(message authentication code,MAC),AMF根据第四指示信息和第一密钥计算MAC1,该MAC1用于UE校验网络发来的第四指示信息是否正确,该第一密钥为AMF和UE之间共享的完整性保护密钥。AMF将第四指示信息和MAC1携带在UE能力匹配请求消息中发送给RAN。Exemplarily, the integrity protection parameter is a message authentication code (message authentication code, MAC), and the AMF calculates MAC1 according to the fourth indication information and the first key, and the MAC1 is used for the UE to verify the fourth indication information sent by the network. Whether it is correct or not, the first key is the integrity protection key shared between the AMF and the UE. The AMF sends the fourth indication information and MAC1 in the UE capability matching request message to the RAN.
在S507,RAN向UE发送UE能力查询消息。At S507, the RAN sends a UE capability query message to the UE.
当RAN不能通过自身保存的信息和来自AMF的UE能力匹配请求消息中获取到UE的无线能力信息时,则根据第四指示信息向UE发送UE能力查询消息。When the RAN cannot obtain the wireless capability information of the UE through the information stored by itself and the UE capability matching request message from the AMF, the RAN sends a UE capability query message to the UE according to the fourth indication information.
需要说明的是,AMF通过第四指示信息向RAN指示UE不支持AS安全或者当前UE不需要开启安全或者不需要开启AS安全或者指示紧急业务,或者CP CIoT业务。这里RAN根据紧急业务指示,或者CP CIoT业务指示确定不需要开启AS安全。第四指示信息意味着不需要执行AS SMC的安全流程,或者执行AS SMC肯定会失败,或者仅支持基于空算法保护的AS安全;因此在这种情况下,基站不去建立AS安全(或者AS安全建立失败,或者AS空算法保护的情况下),直接向UE发送UE能力查询消息以获取UE的无线能力信息。It should be noted that the AMF indicates to the RAN through the fourth indication information that the UE does not support AS security or that the current UE does not need to enable security or does not need to enable AS security or indicates emergency services, or CP CIoT services. Here, the RAN determines that it is not necessary to enable AS security according to the emergency service indication or the CP CIoT service indication. The fourth indication information means that the security process of AS SMC does not need to be executed, or the execution of AS SMC will definitely fail, or only the AS security based on null algorithm protection is supported; therefore, in this case, the base station does not establish AS security (or AS security). If the security establishment fails, or in the case of AS null algorithm protection), the UE capability query message is directly sent to the UE to obtain the wireless capability information of the UE.
可选地,该UE能力查询消息中携带第四指示信息和MAC1。应理解,该第四指示信息和MAC1也可以通过其他消息单独发送,本申请对此不作限定。Optionally, the UE capability query message carries fourth indication information and MAC1. It should be understood that the fourth indication information and MAC1 may also be sent separately through other messages, which is not limited in this application.
在一种可能的实现方式,RAN接收到AMF发送的UE能力匹配请求消息之后,可以不管UE是否支持AS安全,直接向UE发送AS安全上下文建立请求,若RAN从UE侧接收到AS SMC失败的指示信息,即UE向RAN上报AS安全上下文建立失败,则RAN继续发送UE能力查询消息至UE以请求获取UE的无线能力信息,且该UE能力查询消息未进行AS安全保护。在UE不支持AS安全或者当前UE不需要开启安全或者不需要开启AS安全场景下,即使AS SMC失败,RAN仍旧可以从UE获得无线能力信息。此时AMF可以不需要向RAN发送第四指示信息指示UE不支持AS安全。此时意味着,即使 AS SMC失败,RAN仍旧可以从UE获取UE的无线能力信息。In a possible implementation manner, after the RAN receives the UE capability matching request message sent by the AMF, it can directly send the AS security context establishment request to the UE regardless of whether the UE supports AS security. If the RAN receives the AS SMC failure from the UE side The indication information, that is, the UE reports the failure of the AS security context establishment to the RAN, the RAN continues to send the UE capability query message to the UE to request to obtain the UE's wireless capability information, and the UE capability query message is not AS security protected. In the scenario where the UE does not support AS security or the current UE does not need to enable security or does not need to enable AS security, even if the AS SMC fails, the RAN can still obtain the radio capability information from the UE. At this time, the AMF may not need to send the fourth indication information to the RAN to indicate that the UE does not support AS security. This means that even if the AS SMC fails, the RAN can still obtain the UE's radio capability information from the UE.
可选地,在S508,UE校检MAC1,并计算MAC2。Optionally, at S508, the UE checks MAC1 and calculates MAC2.
示例性地,UE接收RAN发送的UE能力查询消息,并从中获取第四指示信息和MAC1,UE根据第一密钥和第四指示信息校验MAC1的正确性,若校验正确,则继续执行。否则,则发送拒绝消息或失败消息至RAN。进一步地,UE根据第一密钥和UE的无线能力信息计算MAC2。这里MAC2用来AMF校验从RAN接收到的UE的无线能力信息是否被篡改。Exemplarily, the UE receives the UE capability query message sent by the RAN, and obtains the fourth indication information and MAC1 therefrom, and the UE verifies the correctness of the MAC1 according to the first key and the fourth indication information, and if the verification is correct, the execution continues. . Otherwise, a reject or failure message is sent to the RAN. Further, the UE calculates MAC2 according to the first key and the wireless capability information of the UE. Here MAC2 is used by AMF to check whether the radio capability information of the UE received from the RAN has been tampered with.
在S509,UE向RAN发送UE的无线能力信息。At S509, the UE sends the radio capability information of the UE to the RAN.
示例性地,UE向RAN发送响应于UE能力查询消息的响应消息,并通过该响应消息携带UE的无线能力信息。Exemplarily, the UE sends a response message in response to the UE capability query message to the RAN, and the response message carries the radio capability information of the UE.
可选地,该响应消息中还携带MAC2。Optionally, the response message also carries MAC2.
可选的,若UE不支持AS安全,或者当前UE不需要开启安全或者不需要开启AS安全场景下(例如紧急业务场景),即使AS安全没有建立或者AS SMC失败后,从RAN接收到未进行AS安全保护的UE能力查询消息时,UE仍旧发送UE的无线能力信息给RAN。Optionally, if the UE does not support AS security, or the current UE does not need to enable security or does not need to enable AS security in scenarios (such as emergency service scenarios), even if AS security is not established or AS SMC fails, it receives a notification from the RAN that When the AS security protected UE capability query message, the UE still sends the UE's radio capability information to the RAN.
在S510,RAN判断UE是否具备IMS-VoPS能力。At S510, the RAN determines whether the UE has the IMS-VoPS capability.
示例性地,RAN根据UE的无线能力信息执行UE能力匹配校验,并确认校验结果。该UE能力匹配校检指的是RAN判断UE是否具备IMS-VoPS能力。应理解,本申请对具体的校检方式不做限定。Exemplarily, the RAN performs the UE capability matching check according to the UE's radio capability information, and confirms the check result. The UE capability matching check refers to the RAN judging whether the UE has the IMS-VoPS capability. It should be understood that the present application does not limit the specific calibration method.
在S511,RAN向AMF发送UE能力匹配响应消息。At S511, the RAN sends a UE capability matching response message to the AMF.
示例性地,RAN接收到UE的无线能力信息,并根据该UE的无线能力信息对该UE是否具备IMS-VoPS能力做出判断之后,通过UE能力匹配响应消息将判断结果发送给AMF。进一步地,RAN根据RAN能力信息判断RAN是否支持IMS-VoPS业务,并将该判断结果通过UE能力匹配响应消息发送给AMF。或者,该UE能力匹配响应消息中直接携带一个指示信息,该指示信息用于指示UE和网络之间是否支持IMS-VoPS业务。Exemplarily, the RAN receives the wireless capability information of the UE, and after judging whether the UE has the IMS-VoPS capability according to the wireless capability information of the UE, sends the judgment result to the AMF through the UE capability matching response message. Further, the RAN judges whether the RAN supports the IMS-VoPS service according to the RAN capability information, and sends the judgment result to the AMF through the UE capability matching response message. Alternatively, the UE capability matching response message directly carries indication information, where the indication information is used to indicate whether the IMS-VoPS service is supported between the UE and the network.
可选地,在S512,RAN向AMF发送UE能力信息指示消息,该UE能力信息指示消息中携带UE的无线能力信息,以便AMF可以保存该UE的无线能力信息,后续再需要执行上述流程时,AMF可以直接将该UE的无线能力信息发送给RAN。Optionally, in S512, the RAN sends a UE capability information indication message to the AMF, where the UE capability information indication message carries the wireless capability information of the UE, so that the AMF can store the wireless capability information of the UE, and when the above process needs to be performed subsequently, The AMF can directly send the UE's radio capability information to the RAN.
可选地,该UE无线能力信息指示消息中还携带了MAC2,该MAC2用于AMF验证接收到的UE的无线能力信息是否被篡改。Optionally, the UE radio capability information indication message also carries MAC2, where the MAC2 is used by the AMF to verify whether the received radio capability information of the UE has been tampered with.
应理解,RAN也可以将UE的无线能力信息和MAC2携带在UE能力匹配响应消息中发送给AMF。本申请对此不做限定。It should be understood that the RAN may also carry the UE's radio capability information and MAC2 in the UE capability matching response message and send it to the AMF. This application does not limit this.
可选地,在S513,AMF根据第一密钥和UE的无线能力信息校验MAC2的正确性。若校验正确,则确定AMF接收到的UE的UE无线能力信息没有被篡改,然后保存该UE的无线能力信息,并继续执行。Optionally, at S513, the AMF verifies the correctness of the MAC2 according to the first key and the wireless capability information of the UE. If the verification is correct, it is determined that the UE wireless capability information of the UE received by the AMF has not been tampered with, and then the UE's wireless capability information is saved, and the execution continues.
若校验失败,可选地,AMF重新向RAN发送UE能力匹配请求消息,RAN重新接收到该UE能力匹配请求消息之后,重新向UE发送UE能力查询消息以请求UE的无线能力信息;或者,AMF向RAN发送指示RAN重新发送UE能力查询消息的指示信息;或者,AMF发送拒绝消息、错误消息或者失败消息给UE,用于指示UE发送的UE无线能 力信息和MAC2校验不正确。进一步地,RAN可以继续发送拒绝消息、错误消息或者失败消息给UE,用于指示UE发送的UE无线能力信息和MAC2校验不正确。UE接收到拒绝消息、错误消息或者失败消息时,可以重新计算MAC2,并重新发送UE无线能力信息和MAC2至RAN。If the verification fails, optionally, the AMF re-sends the UE capability matching request message to the RAN, and after re-receiving the UE capability matching request message, the RAN re-sends the UE capability query message to the UE to request the wireless capability information of the UE; or, The AMF sends indication information to the RAN to instruct the RAN to resend the UE capability query message; or, the AMF sends a reject message, an error message or a failure message to the UE to indicate that the UE radio capability information and the MAC2 check sent by the UE are incorrect. Further, the RAN may continue to send a rejection message, an error message or a failure message to the UE to indicate that the UE radio capability information and the MAC2 check sent by the UE are incorrect. When the UE receives the rejection message, the error message or the failure message, it can recalculate the MAC2, and retransmit the UE radio capability information and the MAC2 to the RAN.
因此,本申请实施例提供的无线通信方法,通过完整性保护参数对UE发送的无线能力信息进行验证,从而可以确保UE发送的无线能力信息没有被攻击者篡改,防止攻击者执行针对无线能力信息修改的降维攻击,从而保证通信的安全性。Therefore, in the wireless communication method provided by the embodiments of the present application, the integrity protection parameter is used to verify the wireless capability information sent by the UE, so as to ensure that the wireless capability information sent by the UE has not been tampered with by the attacker, and prevent the attacker from executing the information targeting the wireless capability information. Modified dimensionality reduction attack to ensure the security of communication.
在S514,AMF向UE发送注册接受消息。At S514, the AMF sends a registration accept message to the UE.
示例性地,AMF根据UE能力匹配响应消息确定基站的判断结果。当判断结果指示UE和网络均具备IMS-VoPS能力,即网络可以为UE提供IMS-VoPS业务,则AMF会对网络特性参数中用于指示IMS-VoPS能力的信息进行设置,并通过注册接受消息中的网络特性参数发送给UE。Exemplarily, the AMF determines the judgment result of the base station according to the UE capability matching response message. When the judgment result indicates that both the UE and the network have IMS-VoPS capabilities, that is, the network can provide IMS-VoPS services for the UE, the AMF will set the information used to indicate the IMS-VoPS capabilities in the network characteristic parameters, and accept the message through the registration The network characteristic parameters in the , are sent to the UE.
因此,本申请实施例的无线通信方法,通过向网络设备指示终端设备不支持AS安全,使得基站在不建立AS安全(或者AS安全建立失败)的情况下,向终端设备发送用于获取无线能力信息的请求信息,从而使得基站在终端设备不具备AS安全的情况下,仍然可以成功获取终端设备的无线能力信息从而可以成功判断终端侧是否具备IMS-VoPS能力。Therefore, the wireless communication method of the embodiment of the present application indicates to the network device that the terminal device does not support AS security, so that the base station sends a message for acquiring the wireless capability to the terminal device without establishing the AS security (or the AS security establishment fails). Information request information, so that the base station can successfully obtain the wireless capability information of the terminal device even if the terminal device does not have AS security, and can successfully determine whether the terminal side has the IMS-VoPS capability.
图6示出了本申请实施例提供的无线通信的方法600的示意性流程图。从图6中可以看出,该方法600包括:FIG. 6 shows a schematic flowchart of a method 600 for wireless communication provided by an embodiment of the present application. As can be seen from Figure 6, the method 600 includes:
S601,UE发送注册请求消息至AMF。S601, the UE sends a registration request message to the AMF.
可选的,该注册请求消息中携带第五指示信息,该第五指示信息用于指示该UE支持AS安全。Optionally, the registration request message carries fifth indication information, where the fifth indication information is used to indicate that the UE supports AS security.
该第五指示信息的相关描述与前述图5对应的实施例中的第三指示信息类似,不再赘述。The related description of the fifth indication information is similar to the third indication information in the foregoing embodiment corresponding to FIG. 5 , and will not be repeated.
可选地,第五指示信息可以是其他能够用来指示UE是否支持AS安全的信息。例如,该第五指示信息用于指示UE不支持CP CIoT业务(非CP only指示信息),而支持CP CIoT业务以外的业务。因为CP CIoT业务不需要AS安全,当第五指示信息指示UE支持CP CIoT业务以外的业务,可以理解为UE支持AS安全,即AMF可以根据该第五指示信息确定UE支持AS安全。Optionally, the fifth indication information may be other information that can be used to indicate whether the UE supports AS security. For example, the fifth indication information is used to indicate that the UE does not support the CP CIoT service (non-CP only indication information), but supports services other than the CP CIoT service. Because the CP CIoT service does not require AS security, when the fifth indication information indicates that the UE supports services other than the CP CIoT service, it can be understood that the UE supports AS security, that is, the AMF can determine that the UE supports AS security according to the fifth indication information.
可选地,该第五指示信息还可能携带需要AS安全的业务的标识,因为此需要AS安全的业务的标识表示UE需要支持AS安全才能使用,因此可以理解为UE支持AS安全。Optionally, the fifth indication information may also carry the identifier of the service requiring AS security, because the identifier of the service requiring AS security indicates that the UE needs to support AS security before it can be used, so it can be understood that the UE supports AS security.
S602,AMF确定UE支持AS安全。S602, the AMF determines that the UE supports AS security.
可选地,在步骤S602之前,AMF接收第五指示信息,该第五指示信息用于指示UE支持AS安全。Optionally, before step S602, the AMF receives fifth indication information, where the fifth indication information is used to indicate that the UE supports AS security.
示例性地,AMF接收UE发送的注册请求消息,并获取该注册请求消息中携带的第五指示信息。示例性地,AMF接收UE发送的MM能力信息,并获取该MM能力信息中携带的第五指示信息。Exemplarily, the AMF receives the registration request message sent by the UE, and obtains the fifth indication information carried in the registration request message. Exemplarily, the AMF receives the MM capability information sent by the UE, and obtains fifth indication information carried in the MM capability information.
示例性地,AMF发送订阅数据请求至UDM,并从UDM接收UE的订阅信息,并获取该订阅信息中携带第五指示信息。Exemplarily, the AMF sends a subscription data request to the UDM, receives the subscription information of the UE from the UDM, and obtains the fifth indication information carried in the subscription information.
需要说明的是,UE发送给AMF的注册请求消息通常会携带MM能力信息。因此, 当AMF通过MM能力信息或者UE的订阅信息获取第三指示信息时,可以在不改动UE的情况下,完成UE的AS安全能力的确认。It should be noted that the registration request message sent by the UE to the AMF usually carries the MM capability information. Therefore, when the AMF obtains the third indication information through the MM capability information or the subscription information of the UE, the confirmation of the AS security capability of the UE can be completed without changing the UE.
AMF根据第五指示信息确定当前UE支持AS安全。The AMF determines that the current UE supports AS security according to the fifth indication information.
可选的,若AMF没有从UE或者UDM接收到UE不支持安全或者不支持AS安全的信息或紧急业务的注册或者CP CIoT业务等信息,则AMF确定UE支持AS安全。Optionally, if the AMF does not receive information from the UE or UDM that the UE does not support security or does not support AS security, or information such as registration of emergency services or CP CIoT services, the AMF determines that the UE supports AS security.
可选的,第五指示信息也可以在NAS安全模式完成消息或者NAS安全建立之后,再由UE发送给AMF。Optionally, the fifth indication information may also be sent by the UE to the AMF after the NAS security mode completion message or the NAS security establishment.
可选的,AMF在NAS安全模式指示消息把第五指示信息发送给UE,以使UE可以校验接收到的第五指示信息,跟S601中发送的第五指示信息是否一致。如果一样则发送NAS安全模式完成消息至AMF;如果不一样,则发送拒绝或者失败消息给AMF。Optionally, the AMF sends the fifth indication information to the UE in the NAS security mode indication message, so that the UE can check whether the received fifth indication information is consistent with the fifth indication information sent in S601. If they are the same, send a NAS security mode complete message to the AMF; if not, send a reject or fail message to the AMF.
或者,AMF在没有接收到第五指示信息时,可以默认确定UE支持AS安全。Alternatively, when the AMF does not receive the fifth indication information, it may determine by default that the UE supports AS security.
S603,AMF向RAN发送初始上下文建立请求消息。S603, the AMF sends an initial context establishment request message to the RAN.
示例性地,当AMF确定了UE支持AS安全,且AMF需要确定网络能否为UE提供IMS-VoPS业务时,向RAN发送初始上下文建立请求消息,以请求RAN建立与UE之间的AS安全上下文。Exemplarily, when the AMF determines that the UE supports AS security and the AMF needs to determine whether the network can provide the IMS-VoPS service for the UE, it sends an initial context establishment request message to the RAN to request the RAN to establish an AS security context with the UE. .
可选地,在S603之前,AMF通过推演得到第二密钥K gNB,该第二密钥用于RAN建立AS安全。AMF将该第二密钥携带在上下文建立请求消息中发送给RAN。 Optionally, before S603, the AMF obtains the second key K g NB through deduction, and the second key is used for the RAN to establish AS security. The AMF carries the second key in the context establishment request message and sends it to the RAN.
S604,RAN建立AS安全。S604, the RAN establishes AS security.
示例性地,RAN根据AMF发送的上下文建立请求消息,利用第二密钥建立与UE之间的AS安全上下文,Exemplarily, the RAN uses the second key to establish the AS security context with the UE according to the context establishment request message sent by the AMF,
并在S605,向AMF发送初始上下文建立响应消息。And in S605, send an initial context establishment response message to the AMF.
S606,AMF向RAN发送UE能力匹配请求消息。S606, the AMF sends a UE capability matching request message to the RAN.
具体地,AMF接收到来自RAN的初始上下文建立响应消息之后,向RAN发送UE能力匹配请求消息。Specifically, after receiving the initial context establishment response message from the RAN, the AMF sends the UE capability matching request message to the RAN.
S607,RAN向UE发送UE能力查询消息。S607, the RAN sends a UE capability query message to the UE.
当RAN不能通过自身保存的信息和来自AMF的UE能力匹配请求消息中获取到UE的无线能力信息时,则向UE发送UE能力查询消息。需要说明的是,在步骤S607之前,RAN已建立与UE之间的AS安全,因此该UE能力查询消息可以得到AS安全保护。When the RAN cannot obtain the wireless capability information of the UE through the information stored by itself and the UE capability matching request message from the AMF, the RAN sends a UE capability query message to the UE. It should be noted that, before step S607, the RAN has established AS security with the UE, so the UE capability query message can be protected by the AS security.
可选地,在S608,UE计算MAC3。Optionally, at S608, the UE calculates MAC3.
示例性地,UE根据UE的无线能力信息计算该MAC3,该MAC3用于AMF校验从RAN接收到的UE的无线能力信息是否被篡改。Exemplarily, the UE calculates the MAC3 according to the radio capability information of the UE, and the MAC3 is used by the AMF to check whether the radio capability information of the UE received from the RAN has been tampered with.
应理解,步骤S609至步骤S614与方法500中S509至S514类似,本申请在此不再赘述。It should be understood that steps S609 to S614 are similar to steps S509 to S514 in the method 500, and details are not described herein again in this application.
可选的,AMF也可以在执行S605之前执行S606。当RAN执行S606,若此时AS安全还没有建立,则首先执行步骤S604建立AS安全,再执行步骤S607。Optionally, the AMF may also execute S606 before executing S605. When the RAN executes S606, if the AS security has not been established at this time, firstly execute the step S604 to establish the AS security, and then execute the step S607.
因此,本申请实施例的无线通信方法,在确定了终端设备支持AS安全之后,请求基站建立AS安全上下文,使得基站在AS安全建立完成的情况下,向终端设备发送用于获取无线能力信息的请求信息,从而使得基站与终端设备之间交互的信息可以得到AS安全保护,从而可以成功获取终端设备的无线能力信息并成功判断终端侧是否具备IMS-VoPS 能力。Therefore, in the wireless communication method of the embodiment of the present application, after it is determined that the terminal device supports AS security, the base station is requested to establish the AS security context, so that the base station sends a message for acquiring wireless capability information to the terminal device when the AS security establishment is completed. Request information, so that the information exchanged between the base station and the terminal device can be protected by AS security, so that the wireless capability information of the terminal device can be successfully obtained and whether the terminal side has the IMS-VoPS capability can be successfully judged.
图7示出了本申请实施例提供的无线通信的方法700的示意性流程图。从图7中可以看出,该方法700包括:FIG. 7 shows a schematic flowchart of a method 700 for wireless communication provided by an embodiment of the present application. As can be seen from Figure 7, the method 700 includes:
S701,UE向AMF发送注册请求消息。S701, the UE sends a registration request message to the AMF.
S702,AMF向RAN发送上下文建立请求消息。S702, the AMF sends a context establishment request message to the RAN.
若AMF需要确定网络能否为UE提供IMS-VoPS业务,则AMF直接向RAN发送上下文建立请求消息,以请求RAN建立与UE之间的AS安全上下文。即,AMF需要RAN来判断UE是否具备IMS-VoPS能力时,AMF不考虑UE是否支持AS安全,直接请求RAN建立AS安全上下文。If the AMF needs to determine whether the network can provide the IMS-VoPS service for the UE, the AMF directly sends a context establishment request message to the RAN to request the RAN to establish an AS security context with the UE. That is, when the AMF needs the RAN to determine whether the UE has the IMS-VoPS capability, the AMF directly requests the RAN to establish the AS security context without considering whether the UE supports AS security.
可选地,在S702之前,AMF通过推演得到第二密钥K gNB,该第二密钥用于RAN建立AS安全。AMF将该第二密钥携带在上下文建立请求消息中发送给RAN。 Optionally, before S702, the AMF obtains the second key K g NB through deduction, and the second key is used for the RAN to establish AS security. The AMF carries the second key in the context establishment request message and sends it to the RAN.
S703,RAN向UE发送AS安全模式命令消息。S703, the RAN sends an AS security mode command message to the UE.
RAN接收到AMF发送的上下文建立请求消息之后,向UE发送AS安全模式命令消息已请求建立AS安全上下文。After receiving the context establishment request message sent by the AMF, the RAN sends the AS security mode command message to the UE to request the establishment of the AS security context.
S704,UE向RAN发送AS安全模式失败/成功消息。S704, the UE sends an AS security mode failure/success message to the RAN.
当AS安全上下文建立失败,UE向RAN发送AS安全模式失败消息。When the AS security context establishment fails, the UE sends an AS security mode failure message to the RAN.
当AS安全上下文建立成功,UE向RAN发送AS安全模式成功消息。When the AS security context is successfully established, the UE sends an AS security mode success message to the RAN.
S705,UE向RAN发送第六指示信息,该第六指示信息用于指示UE不支持/支持AS安全。应理解,该第六指示信息可以携带在AS安全模式失败/成功消息中,也可以通过其他消息单独发送。S705, the UE sends sixth indication information to the RAN, where the sixth indication information is used to indicate that the UE does not support/support AS security. It should be understood that the sixth indication information may be carried in the AS security mode failure/success message, or may be sent separately through other messages.
可选地,UE计算完整性保护参数,并将该完整性保护参数发送给RAN,该完整性保护参数用于AMF验证UE侧发来的消息是否被篡改。Optionally, the UE calculates an integrity protection parameter and sends the integrity protection parameter to the RAN, where the integrity protection parameter is used by the AMF to verify whether the message sent from the UE side has been tampered with.
示例性地,该完整性保护参数为消息认证码MAC,UE根据第六指示信息和第一密钥计算MAC4,该第一密钥为AMF和UE之间共享的完整性保护密钥。UE将第六指示信息和MAC4一起发送给RAN,该MAC4可用于AMF验证该第六指示信息是否被篡改。S706,RAN向AMF发送上下文建立响应消息。Exemplarily, the integrity protection parameter is a message authentication code MAC, and the UE calculates MAC4 according to the sixth indication information and a first key, where the first key is an integrity protection key shared between the AMF and the UE. The UE sends the sixth indication information to the RAN together with MAC4, where the MAC4 can be used by the AMF to verify whether the sixth indication information has been tampered with. S706, the RAN sends a context establishment response message to the AMF.
可选地,该上下文建立响应消息中携带第六指示信息,该第六指示信息用于指示UE不支持/支持AS安全。或者,该上下文建立响应消息中携带第七指示信息,该第七指示信息用于指示UE不支持/支持AS安全,该第七指示信息与第六指示信息不同。Optionally, the context establishment response message carries sixth indication information, where the sixth indication information is used to indicate that the UE does not support/support AS security. Alternatively, the context establishment response message carries seventh indication information, where the seventh indication information is used to indicate that the UE does not support/support AS security, and the seventh indication information is different from the sixth indication information.
可选地,RAN将MAC4携带在上下文建立响应消息中一起发送给AMF。Optionally, the RAN carries the MAC4 in the context establishment response message and sends it to the AMF.
S707,AMF确定UE不支持/支持AS安全。S707, the AMF determines that the UE does not support/support AS security.
AMF根据第六指示信息确定UE不支持/支持AS安全。The AMF determines that the UE does not support/support AS security according to the sixth indication information.
可选地,AMF从RAN接收MAC4,AMF根据第一密钥和第六指示信息校验MAC4的正确性,若校验正确,则继续执行。否则,则发送拒绝消息或失败消息至RAN。Optionally, the AMF receives the MAC4 from the RAN, and the AMF verifies the correctness of the MAC4 according to the first key and the sixth indication information, and if the verification is correct, the execution continues. Otherwise, a reject or failure message is sent to the RAN.
当AMF确定UE不支持AS安全,则步骤S708至步骤S713与方法500中步骤S506至S514类似。但需要说明的是,方法500中的步骤S506需要携带指示UE不支持AS安全的指示信息,但方法700中的步骤S708可以不需要携带该指示信息。当AMF确定UE支持AS安全,则步骤S708至步骤S713与方法600中步骤S606至S612类似。为了简洁,本申请在此不再赘述。When the AMF determines that the UE does not support AS security, steps S708 to S713 are similar to steps S506 to S514 in the method 500 . It should be noted that, step S506 in the method 500 needs to carry indication information indicating that the UE does not support AS security, but step S708 in the method 700 may not need to carry the indication information. When the AMF determines that the UE supports AS security, steps S708 to S713 are similar to steps S606 to S612 in the method 600 . For the sake of brevity, the present application will not repeat them here.
可选的,UE支持AS安全的指示也可以不发送,因为如果AS安全模式成功就意味着UE支持AS安全。Optionally, the indication that the UE supports AS security may not be sent, because if the AS security mode is successful, it means that the UE supports AS security.
因此,本申请实施例提供的无线通信方法,通过定义机制的顺序,可以在不改变UE的情况下,避免不能判断UE侧是否具备IMS-VoPS能力流程的情况。Therefore, in the wireless communication method provided by the embodiments of the present application, by defining the order of the mechanisms, it is possible to avoid the situation where the process of determining whether the UE side has the IMS-VoPS capability cannot be determined without changing the UE.
图8示出了本申请实施例提供的无线通信的方法800的示意性流程图。从图8中可以看出,该方法800包括:FIG. 8 shows a schematic flowchart of a method 800 for wireless communication provided by an embodiment of the present application. As can be seen from Figure 8, the method 800 includes:
S801,UE向AMF发送注册请求消息。S801, the UE sends a registration request message to the AMF.
S802,AMF向RAN发送UE能力匹配请求消息。S802, the AMF sends a UE capability matching request message to the RAN.
若AMF需要确定网络能否为UE提供IMS-VoPS业务,则AMF向RAN发送UE能力匹配请求消息,该UE能力匹配请求消息用于请求RAN判断UE是否具备IMS-VoPS能力。If the AMF needs to determine whether the network can provide the IMS-VoPS service for the UE, the AMF sends a UE capability matching request message to the RAN, and the UE capability matching request message is used to request the RAN to determine whether the UE has the IMS-VoPS capability.
进一步地,该UE能力匹配请求消息中携带第二密钥,该第二密钥用于RAN建立AS安全。Further, the UE capability matching request message carries a second key, and the second key is used for the RAN to establish AS security.
可选地,该UE能力匹配请求消息中携带上下文建立请求信息,该上下文建立请求信息用于请求RAN建立AS安全上下文。应理解,该上下文建立请求信息还可以在其他消息中发送。Optionally, the UE capability matching request message carries context establishment request information, where the context establishment request information is used to request the RAN to establish the AS security context. It should be understood that the context establishment request information may also be sent in other messages.
S803,RAN向UE发送AS安全模式命令消息。S803, the RAN sends an AS security mode command message to the UE.
当RAN接收到AMF发送的UE能力匹配请求消息之后,根据上下文建立请求信息直接发起AS安全建立流程,即RAN发送AS安全模式命令消息至UE,以请求建立AS安全上下文。After the RAN receives the UE capability matching request message sent by the AMF, it directly initiates the AS security establishment procedure according to the context establishment request information, that is, the RAN sends the AS security mode command message to the UE to request the establishment of the AS security context.
S804,UE向RAN发送AS安全模式失败/完成消息。S804, the UE sends an AS security mode failure/complete message to the RAN.
当AS安全上下文建立失败,UE向RAN发送AS安全模式失败消息。When the AS security context establishment fails, the UE sends an AS security mode failure message to the RAN.
当AS安全上下文建立成功,UE向RAN发送AS安全模式成功消息。When the AS security context is successfully established, the UE sends an AS security mode success message to the RAN.
该AS安全模式失败/完成消息中携带第八指示信息,该第八指示信息用于指示UE不支持/支持AS安全。The AS security mode failure/complete message carries eighth indication information, where the eighth indication information is used to indicate that the UE does not support/support AS security.
S805,RAN向UE发送UE能力查询消息。S805, the RAN sends a UE capability query message to the UE.
RAN在接收到AS安全模式失败/完成消息之后,根据UE能力匹配请求消息向UE发送UE能力查询消息。After receiving the AS security mode failure/complete message, the RAN sends a UE capability query message to the UE according to the UE capability matching request message.
需要说明的是,本申请实施例的方法800,RAN在接收到携带上下文建立请求信息的UE能力匹配请求消息后,先根据上下文建立请求消息建立与UE之间的AS安全上下文,再根据UE能力匹配请求消息向UE发送UE能力查询消息以请求UE的无线能力信息。It should be noted that, in the method 800 of this embodiment of the present application, after receiving the UE capability matching request message carrying the context establishment request information, the RAN first establishes the AS security context with the UE according to the context establishment request message, and then establishes the AS security context with the UE according to the UE capability The match request message sends a UE capability query message to the UE to request radio capability information of the UE.
当第八指示信息指示UE不支持AS安全,则步骤S708至S713与方法500中步骤S507至S514类似。当第八指示信息指示UE支持AS安全,则步骤S709至S713与方法600中步骤S606至S612类似。为了简洁,本申请在此不再赘述。When the eighth indication information indicates that the UE does not support AS security, steps S708 to S713 are similar to steps S507 to S514 in the method 500 . When the eighth indication information indicates that the UE supports AS security, steps S709 to S713 are similar to steps S606 to S612 in the method 600 . For the sake of brevity, the present application will not repeat them here.
因此,本申请实施例提供的无线通信方法,通过提前发送用于建立AS安全的密钥,在指示RAN判断UE及网络是否均具备IMS-VoPS能力时,默认建立AS安全上下文,在确定AS安全上下文建立完成之后,再发送UE能力查询消息,避免了判断流程的失败,且减少了信令浪费。Therefore, in the wireless communication method provided by the embodiments of the present application, by sending the key for establishing AS security in advance, when instructing the RAN to determine whether both the UE and the network have the IMS-VoPS capability, the AS security context is established by default, and the AS security context is established by default when determining the AS security. After the context establishment is completed, the UE capability query message is sent again, which avoids the failure of the judgment process and reduces the waste of signaling.
图9示出了本申请实施例提供的无线通信方法900的示意性流程图。从图9中可以看 出,该方法900包括:FIG. 9 shows a schematic flowchart of a wireless communication method 900 provided by an embodiment of the present application. As can be seen from Figure 9, the method 900 includes:
S901,UE向AMF发送注册请求消息。S901, the UE sends a registration request message to the AMF.
AMF接收到UE发送的注册请求消息之后,执行对UE的认证。应理解,这里认证可以是网络的初始认证方式,该网络例如是5G网络,或者该认证是基于已有安全上下文对UE进行认证,本申请对此不作限定;After the AMF receives the registration request message sent by the UE, it performs authentication to the UE. It should be understood that the authentication here can be an initial authentication method of a network, such as a 5G network, or the authentication is to authenticate the UE based on an existing security context, which is not limited in this application;
认证后,最终双方都保存了非接入层(non-access stratum,NAS)保护密钥,包括NAS加密密钥和NAS完整性保护密钥。After authentication, both parties finally save the non-access stratum (NAS) protection keys, including the NAS encryption key and the NAS integrity protection key.
可选地,在S902,AMF向UE发送NAS安全模式命令消息。Optionally, at S902, the AMF sends a NAS security mode command message to the UE.
若是需要执行NAS SMC的场景,则AMF向UE发送NAS安全模式命令消息。If it is necessary to execute the NAS SMC scenario, the AMF sends a NAS security mode command message to the UE.
需要说明的是,该需要执行NAS SMC的场景例如可以是:初始认证后,需要建立NAS安全;或者AMF key进行了推演,或者根据本地策略需要执行NAS SMC,本申请对此不做限定。It should be noted that the scenario in which the NAS SMC needs to be executed may be, for example: after the initial authentication, the NAS security needs to be established; or the AMF key is deduced, or the NAS SMC needs to be executed according to the local policy, which is not limited in this application.
应理解,该NAS安全模式命令消息是基于AMF与UE之间共享的NAS完整性保护密钥进行了完整性保护的,攻击者若篡改此消息,则UE会校验不通过。It should be understood that the NAS security mode command message is integrity-protected based on the NAS integrity protection key shared between the AMF and the UE. If an attacker tampers with this message, the UE will fail the verification.
可选地,在S903,UE向AMF发送NAS安全模式完成消息。Optionally, at S903, the UE sends a NAS security mode complete message to the AMF.
UE接收到NAS安全模式命令消息之后,对该NAS安全模式命令消息进行完整性校验,如果校验通过,则发送NAS安全模式完成消息至AMF,该NAS安全模式完成消息携带UE的无线能力信息。After receiving the NAS security mode command message, the UE performs an integrity check on the NAS security mode command message. If the verification is passed, it sends a NAS security mode completion message to the AMF. The NAS security mode completion message carries the wireless capability information of the UE. .
应理解,UE的无线能力信息还可以通过其他消息来发送,本申请对此不作限定。It should be understood that the wireless capability information of the UE may also be sent through other messages, which is not limited in this application.
S904,RAN向AMF发送RAN能力信息,该RAN能力信息可用于指示RAN是否具备IMS-VoPS能力。S904, the RAN sends the RAN capability information to the AMF, where the RAN capability information can be used to indicate whether the RAN has the IMS-VoPS capability.
可选地,RAN在接收到注册请求消息之后,即向AMF发送RAN能力信息;或者,RAN根据AMF发送的请求消息,向AMF发送RAN能力信息。本申请对于RAN发送RAN能力信息的发送时机和发送方式不做限定。还可能AMF配置有RAN能力信息,此时步骤S904将不需要。Optionally, after receiving the registration request message, the RAN sends the RAN capability information to the AMF; or, the RAN sends the RAN capability information to the AMF according to the request message sent by the AMF. This application does not limit the sending timing and sending manner of the RAN sending the RAN capability information. It is also possible that the AMF is configured with RAN capability information, in which case step S904 is not required.
S905,AMF确定UE和网络是否支持IMS-VoPS业务。S905, the AMF determines whether the UE and the network support the IMS-VoPS service.
AMF根据UE的无线能力信息判断UE是否具备IMS-VoPS能力,根据RAN能力信息判断RAN是否具备IMS-VoPS能力。当UE和RAN均具备IMS-VoPS能力时,AMF确定UE和网络之间支持IMS-VoPS业务,否则AMF确定UE和网络之间不支持IMS-VoPS业务。The AMF judges whether the UE has the IMS-VoPS capability according to the wireless capability information of the UE, and judges whether the RAN has the IMS-VoPS capability according to the RAN capability information. When both the UE and the RAN have the IMS-VoPS capability, the AMF determines that the IMS-VoPS service is supported between the UE and the network, otherwise the AMF determines that the IMS-VoPS service is not supported between the UE and the network.
S906,AMF向UE发送注册接收消息。S906, the AMF sends a registration reception message to the UE.
示例性地,当AMF确定UE和网络之间支持IMS-VoPS业务,则AMF会对网络特性参数中用于指示IMS-VoPS能力的信息进行设置,并通过注册接受消息中的网络特性参数发送给UE。Exemplarily, when the AMF determines that the IMS-VoPS service is supported between the UE and the network, the AMF will set the information used to indicate the IMS-VoPS capability in the network characteristic parameter, and send it to the network characteristic parameter in the registration accept message. UE.
因此本申请实施例的无线通信方法,通过让AMF来判断UE和网络是否支持IMS-VoPS业务,避免了因AS安全没有建立而导致的判断流程失败的问题。Therefore, in the wireless communication method of the embodiment of the present application, the AMF is used to determine whether the UE and the network support the IMS-VoPS service, which avoids the problem of the failure of the determination process caused by the failure of the AS security to be established.
图10示出了本申请实施例提供的无线通信方法1000的示意性流程图。从图10中可以看出,该方法1000包括:FIG. 10 shows a schematic flowchart of a wireless communication method 1000 provided by an embodiment of the present application. As can be seen from Figure 10, the method 1000 includes:
S1010,UE向AMF发送注册请求消息,该注册请求消息中携带第九指示信息,该第 九指示信息用于指示紧急注册或者CP CIoT业务等不需要AS安全的业务。S1010, the UE sends a registration request message to the AMF, where the registration request message carries ninth indication information, and the ninth indication information is used to indicate services that do not require AS security such as emergency registration or CP CIoT services.
S1020,AMF根据第九指示信息确定此为紧急注册场景或者CP CIoT等,不需要开启UE的安全,或者可以理解为不需要开启UE的AS安全。则AMF向RAN发送UE能力匹配请求消息,该UE能力匹配请求消息中携带第十指示信息。第十指示信息用来指示紧急注册或者CP CIoT,或者不需要开启UE的安全,或者不需要开启UE的AS安全。这里第十指示信息还可以是加密空算法和/或完整性保护空算法。S1020, the AMF determines according to the ninth indication information that this is an emergency registration scenario or a CP CIoT, etc., and the security of the UE does not need to be turned on, or it can be understood that the AS security of the UE does not need to be turned on. Then the AMF sends a UE capability matching request message to the RAN, where the UE capability matching request message carries the tenth indication information. The tenth indication information is used to indicate emergency registration or CP CIoT, or the security of the UE does not need to be turned on, or the AS security of the UE does not need to be turned on. Here, the tenth indication information may also be an encryption null algorithm and/or an integrity protection null algorithm.
应理解,该第十指示信息还可以在其他消息中单独发送,本申请对此不作限定。It should be understood that the tenth indication information may also be sent separately in other messages, which is not limited in this application.
AMF接收到UE发送的注册请求之后,通过向RAN发送UE能力匹配请求消息,使得RAN判断UE及网络是否具备IMS-VoPS能力。After receiving the registration request sent by the UE, the AMF sends the UE capability matching request message to the RAN, so that the RAN determines whether the UE and the network have the IMS-VoPS capability.
如果AMF事先保存有该UE的无线能力信息,则AMF会在UE能力匹配请求消息中携带该UE的无线能力信息。If the AMF stores the radio capability information of the UE in advance, the AMF will carry the radio capability information of the UE in the UE capability matching request message.
如果RAN没有从AMF处接收到该UE的无线能力信息,且其本地也没有保存该UE的无线能力信息,同时RAN根据第十指示信息确定此为紧急注册场景或者CP CIoT等,不需要开启UE的安全,或者可以理解为不需要开启UE的AS安全,或者可以理解为空的加密空算法和/或完整性保护空算法意味着UE不支持AS安全或者不需要建立AS安全,则在S1030,RAN在没有建立AS安全的情况下或者AS SMC失败的情况下,直接向UE发送UE能力查询消息,以请求获取UE的无线能力信息。If the RAN does not receive the wireless capability information of the UE from the AMF, and the wireless capability information of the UE is not stored locally, and the RAN determines according to the tenth indication information that this is an emergency registration scenario or CP CIoT, etc., the UE does not need to be turned on. It can be understood that it is not necessary to enable the AS security of the UE, or it can be understood that the empty encryption null algorithm and/or the integrity protection null algorithm means that the UE does not support AS security or does not need to establish AS security, then in S1030, The RAN directly sends a UE capability query message to the UE to request to obtain the wireless capability information of the UE when the AS security is not established or the AS SMC fails.
本申请实施例提供的无线通信方法中,步骤S1040至S1080与方法200中步骤S240至S280类似。为了简洁,本申请在此不再赘述。In the wireless communication method provided by the embodiment of the present application, steps S1040 to S1080 are similar to steps S240 to S280 in the method 200 . For the sake of brevity, the present application will not repeat them here.
需要说明的是,本申请实施例提供的无线通信方法中,判断UE是否支持AS安全的方法还可以适用于其他需要识别终端设备是否支持AS安全的场景或者其他需要根据UE是否支持AS安全或者UE是否需要开启AS情况下,才能传递参数的场景。例如,基站在只有知道UE是否支持AS安全的情况下才能正确激活/不激活AS安全,此时可以通过本申请实施例提供的确定UE是否支持AS安全的方法来实现上述方法。本申请对其他类似的应用场景不作限定。It should be noted that, in the wireless communication method provided in the embodiment of the present application, the method for judging whether the UE supports AS security may also be applicable to other scenarios where it is necessary to identify whether the terminal device supports AS security or other scenarios that need to be determined according to whether the UE supports AS security or whether the UE supports AS security. Whether it is necessary to enable AS to pass parameters. For example, the base station can correctly activate/deactivate AS security only if it knows whether the UE supports AS security. In this case, the above method can be implemented by the method for determining whether the UE supports AS security provided by the embodiments of the present application. This application does not limit other similar application scenarios.
需要说明的是,针对本申请中实施例,若AMF根据UE发送的指示信息,或者UE发送的紧急业务指示信息、或者CP CIoT业务等指示信息,确定UE不支持AS安全,或者UE当前业务不支持AS安全情况下,AMF也可以不发送UE不支持AS安全,或者UE当前业务不支持AS的指示信息,而可以发送加密空算法和/或完整性保护空算法给RAN。RAN从AMF接收到加密空算法和/或完整性保护空算法,则确定UE不支持AS安全,或者UE当前业务不支持AS安全情况下,或者UE仅支持基于空算法保护的AS安全,RAN可以在没有建立AS安全的情况下或者AS SMC失败或者AS保护算法为空算法的情况下,直接向UE发送UE能力查询消息,以请求获取UE的无线能力信息。其他步骤不变。It should be noted that, for the embodiments in this application, if the AMF determines that the UE does not support AS security, or the current service of the UE does not In the case of supporting AS security, the AMF may not send the indication information that the UE does not support AS security or that the current service of the UE does not support AS, but may send the encryption null algorithm and/or the integrity protection null algorithm to the RAN. When the RAN receives the encryption null algorithm and/or the integrity protection null algorithm from the AMF, it determines that the UE does not support AS security, or the UE's current service does not support AS security, or the UE only supports the AS security based on null algorithm protection, the RAN can In the case that the AS security is not established or the AS SMC fails or the AS protection algorithm is a null algorithm, the UE capability query message is directly sent to the UE to request to obtain the wireless capability information of the UE. Other steps remain unchanged.
需要说明的是,针对本申请中实施例,AMF接收UE发送的注册消息,确定UE希望使用紧急业务,或者CP CIoT业务等不需要AS安全建立,或者仅需要空算法保护的AS安全。则AMF也可以不发送UE不支持AS安全,或者UE当前业务不支持AS的指示,而可以发送紧急业务,或者CP CIoT业务等指示给RAN。RAN从AMF接收到紧急业务,或者CP CIoT业务等指示,则确定UE可以不需要建立AS安全,或者UE当前业务不需要AS安全情况下,或者UE仅支持基于空算法保护的AS安全,RAN可以在没有建立AS 安全的情况下或者AS SMC失败或者AS保护算法为空算法的情况下,直接向UE发送UE能力查询消息,以请求获取UE的无线能力信息。其他步骤不变。It should be noted that, for the embodiment of this application, the AMF receives the registration message sent by the UE, and determines that the UE wishes to use emergency services, or that the CP CIoT service does not require AS security establishment, or only requires AS security protected by a null algorithm. Then the AMF may not send the indication that the UE does not support AS security, or that the current service of the UE does not support the AS, but may send an indication of the emergency service or the CP CIoT service to the RAN. When the RAN receives the emergency service or CP CIoT service and other indications from the AMF, it determines that the UE may not need to establish AS security, or if the current service of the UE does not require AS security, or the UE only supports the AS security based on null algorithm protection, the RAN can In the case that the AS security is not established or the AS SMC fails or the AS protection algorithm is a null algorithm, a UE capability query message is directly sent to the UE to request to obtain the wireless capability information of the UE. Other steps remain unchanged.
以上,结合图2至图10详细说明了本申请实施例提供的方法。以下,结合图11至图15详细说明本申请实施例提供的通信装置。In the above, the methods provided by the embodiments of the present application are described in detail with reference to FIG. 2 to FIG. 10 . Hereinafter, the communication apparatus provided by the embodiments of the present application will be described in detail with reference to FIG. 11 to FIG. 15 .
图11是本申请实施例提供的通信装置的示意性框图。如图所示,该通信装置10可以包括收发模块11和处理模块12。FIG. 11 is a schematic block diagram of a communication apparatus provided by an embodiment of the present application. As shown in the figure, the communication device 10 may include a transceiver module 11 and a processing module 12 .
在一种可能的设计中,该通信装置10可对应于上文方法实施例中的网络设备或者AMF。In a possible design, the communication apparatus 10 may correspond to the network equipment or AMF in the above method embodiments.
示例性的,该通信装置10可对应于根据本申请实施例的方法200至方法1000中的网络设备或者是AMF,该通信装置10可以包括用于执行图2中的方法200或图3中的方法300或图4中的方法400或图5中的方法500或图6中的方法600或图7中的方法700或图8中的方法800或图9中的方法900或图10中的方法1000中的网络设备或AMF执行的方法的模块。并且,该通信装置10中的各单元和上述其他操作和/或功能分别为了实现方法200至方法1000的相应流程。Exemplarily, the communication apparatus 10 may correspond to a network device or an AMF in the methods 200 to 1000 according to the embodiments of the present application, and the communication apparatus 10 may include a method for executing the method 200 in FIG. 2 or the method in FIG. 3 . Method 300 or method 400 in FIG. 4 or method 500 in FIG. 5 or method 600 in FIG. 6 or method 700 in FIG. 7 or method 800 in FIG. 8 or method 900 in FIG. 9 or method in FIG. 10 A module of a method performed by a network device or AMF in 1000. In addition, each unit in the communication device 10 and the above-mentioned other operations and/or functions are respectively to implement the corresponding processes of the method 200 to the method 1000 .
该通信装置10中的该收发模块11执行上述各方法实施例中诸如AMF之类的网络设备所执行的接收和发送操作,该处理模块12则执行除了该接收和发送操作之外的操作。The transceiver module 11 in the communication device 10 executes the receiving and sending operations performed by network devices such as AMF in the above method embodiments, and the processing module 12 executes operations other than the receiving and sending operations.
图12是本申请实施例提供的通信装置的示意性框图。如图所示,该通信装置20可以包括收发模块21和处理模块22。示例性的,图12中的通信装置20可对应于根据本申请实施例的方法200至方法1000中的基站或者RAN,该通信装置20可以包括用于执行图2中的方法200或图3中的方法300或图4中的方法400或图5中的方法500或图6中的方法600或图7中的方法700或图8中的方法800或图9中的方法900或图10中的方法1000中的基站或RAN执行的方法的模块。并且,该通信装置20中的各单元和上述其他操作和/或功能分别为了实现方法200至方法1000的相应流程。FIG. 12 is a schematic block diagram of a communication apparatus provided by an embodiment of the present application. As shown in the figure, the communication device 20 may include a transceiver module 21 and a processing module 22 . Exemplarily, the communication apparatus 20 in FIG. 12 may correspond to the base station or the RAN in the methods 200 to 1000 according to the embodiments of the present application, and the communication apparatus 20 may include a method for performing the method 200 in FIG. 2 or the method in FIG. 3 . method 300 in FIG. 4 or method 400 in FIG. 4 or method 500 in FIG. 5 or method 600 in FIG. 6 or method 700 in FIG. 7 or method 800 in FIG. 8 or method 900 in FIG. Modules of a method performed by a base station or RAN in method 1000. In addition, each unit in the communication device 20 and the above-mentioned other operations and/or functions are respectively to implement the corresponding processes of the method 200 to the method 1000 .
该通信装置20中的该收发模块21执行上述各方法实施例中诸如基站或RAN之类的网络设备所执行的接收和发送操作,该处理模块22则执行除了该接收和发送操作之外的操作。The transceiver module 21 in the communication device 20 performs the receiving and sending operations performed by network equipment such as a base station or a RAN in the above method embodiments, and the processing module 22 performs operations other than the receiving and sending operations. .
根据前述方法,图13为本申请实施例提供的通信装置30的示意图,如图13所示,该装置30可以为网络设备,包括具有接入管理功能的网元,如AMF等。According to the foregoing method, FIG. 13 is a schematic diagram of a communication apparatus 30 provided by an embodiment of the application. As shown in FIG. 13 , the apparatus 30 may be a network device, including a network element with an access management function, such as an AMF.
该装置30可以包括处理器31(即,处理模块的一例)和存储器32。该存储器32用于存储指令,该处理器31用于执行该存储器32存储的指令,以使该装置30实现如图2-图10对应的方法中执行的步骤。The apparatus 30 may include a processor 31 (ie, an example of a processing module) and a memory 32 . The memory 32 is used for storing instructions, and the processor 31 is used for executing the instructions stored in the memory 32, so that the apparatus 30 implements the steps performed in the methods corresponding to FIG. 2 to FIG. 10 .
进一步地,该装置30还可以包括输入口34(即,收发模块的一例)和输出口34(即,收发模块的另一例)。进一步地,该处理器31、存储器32、输入口33和输出口34可以通过内部连接通路互相通信,传递控制和/或数据信号。该存储器42用于存储计算机程序,该处理器31可以用于从该存储器32中调用并运行该计算机程序,以控制输入口43接收信号,控制输出口34发送信号,完成上述方法中网络设备的步骤。该存储器32可以集成在处理器31中,也可以与处理器31分开设置。Further, the device 30 may further include an input port 34 (ie, an example of a transceiver module) and an output port 34 (ie, another example of a transceiver module). Further, the processor 31, the memory 32, the input port 33 and the output port 34 can communicate with each other through an internal connection path to transmit control and/or data signals. The memory 42 is used to store a computer program, and the processor 31 can be used to call and run the computer program from the memory 32 to control the input port 43 to receive signals, control the output port 34 to send signals, and complete the network device in the above method. step. The memory 32 may be integrated in the processor 31 or may be provided separately from the processor 31 .
可选地,若该通信装置30为通信设备,该输入口33为接收器,该输出口34为发送器。其中,接收器和发送器可以为相同或者不同的物理实体。为相同的物理实体时,可以 统称为收发器。Optionally, if the communication device 30 is a communication device, the input port 33 is a receiver, and the output port 34 is a transmitter. The receiver and the transmitter may be the same or different physical entities. When they are the same physical entity, they can be collectively referred to as transceivers.
可选地,若该通信装置30为芯片或电路,该输入口33为输入接口,该输出口34为输出接口。Optionally, if the communication device 30 is a chip or a circuit, the input port 33 is an input interface, and the output port 34 is an output interface.
作为一种实现方式,输入口33和输出口34的功能可以考虑通过收发电路或者收发的专用芯片实现。处理器31可以考虑通过专用处理芯片、处理电路、处理器或者通用芯片实现。As an implementation manner, the functions of the input port 33 and the output port 34 can be considered to be implemented by a transceiver circuit or a dedicated chip for transceiver. The processor 31 can be considered to be implemented by a dedicated processing chip, a processing circuit, a processor or a general-purpose chip.
作为另一种实现方式,可以考虑使用通用计算机的方式来实现本申请实施例提供的通信设备。即将实现处理器31、输入口33和输出口34功能的程序代码存储在存储器32中,通用处理器通过执行存储器32中的代码来实现处理器31、输入口33和输出口34的功能。As another implementation manner, a general-purpose computer may be used to implement the communication device provided by the embodiments of the present application. The program codes that will implement the functions of the processor 31 , the input port 33 and the output port 34 are stored in the memory 32 , and the general-purpose processor implements the functions of the processor 31 , the input port 33 and the output port 34 by executing the codes in the memory 32 .
其中,通信装置30中各模块或单元可以用于执行上述方法中SL载波管理的设备(即,基站)所执行的各动作或处理过程,这里,为了避免赘述,省略其详细说明。The modules or units in the communication apparatus 30 may be used to perform actions or processing procedures performed by the SL carrier management device (ie, the base station) in the above method.
该装置30所涉及的与本申请实施例提供的技术方案相关的概念,解释和详细说明及其他步骤请参见前述方法或其他实施例中关于这些内容的描述,此处不做赘述。For the concepts related to the technical solutions provided by the embodiments of the present application involved in the device 30 , for explanations and detailed descriptions, and other steps, please refer to the descriptions of the foregoing methods or other embodiments, which will not be repeated here.
根据前述方法,图14为本申请实施例提供的通信装置40的示意图。该通信装置40可以是网络设备或接入和移动性管理网元等。该装置40可以包括处理器41(也可以理解为处理模块的一个示例),还可以包括存储器42。该存储器42用于存储指令,该处理器41用于执行该存储器42存储的指令,以使该装置40实现如图2至图10中对应的方法中通信装置执行的步骤。According to the foregoing method, FIG. 14 is a schematic diagram of a communication apparatus 40 provided by an embodiment of the present application. The communication apparatus 40 may be a network device or an access and mobility management network element or the like. The apparatus 40 may include a processor 41 (which may also be understood as an example of a processing module), and may also include a memory 42 . The memory 42 is used for storing instructions, and the processor 41 is used for executing the instructions stored in the memory 42, so that the apparatus 40 implements the steps performed by the communication apparatus in the methods corresponding to FIG. 2 to FIG. 10 .
该装置40的结构与前述装置30类似,不再赘述。The structure of the device 40 is similar to that of the aforementioned device 30 , and details are not repeated here.
该装置40所涉及的与本申请实施例提供的技术方案相关的概念,解释和详细说明及其他步骤请参见前述方法或其他实施例中关于这些内容的描述,此处不做赘述。For the concepts related to the technical solutions provided by the embodiments of the present application involved in the apparatus 40, for explanations and detailed descriptions and other steps, please refer to the descriptions of the foregoing methods or other embodiments, which will not be repeated here.
图15示出了一种简化的网络设备结构示意图。网络设备包括51部分以及52部分。51部分主要用于射频信号的收发以及射频信号与基带信号的转换;52部分主要用于基带处理,对网络设备进行控制等。51部分通常可以称为收发模块、收发机、收发电路、或者收发器等。52部分通常是网络设备的控制中心,通常可以称为处理模块,用于控制网络设备执行上述方法实施例中网络设备侧的处理操作。FIG. 15 shows a simplified schematic diagram of the structure of a network device. The network equipment includes 51 parts and 52 parts. Part 51 is mainly used for transceiver of radio frequency signal and conversion of radio frequency signal and baseband signal; part 52 is mainly used for baseband processing and control of network equipment. The 51 part can generally be referred to as a transceiver module, a transceiver, a transceiver circuit, or a transceiver. Part 52 is usually the control center of the network device, which may be generally referred to as a processing module, and is used to control the network device to perform the processing operations on the network device side in the foregoing method embodiments.
51部分的收发模块,也可以称为收发机或收发器等,其包括天线和射频电路,其中射频电路主要用于进行射频处理。例如,可以将51部分中用于实现接收功能的器件视为接收模块,将用于实现发送功能的器件视为发送模块,即51部分包括接收模块和发送模块。接收模块也可以称为接收机、接收器、或接收电路等,发送模块可以称为发射机、发射器或者发射电路等。The transceiver module of part 51, which may also be called a transceiver or a transceiver, etc., includes an antenna and a radio frequency circuit, wherein the radio frequency circuit is mainly used for radio frequency processing. For example, the device used for realizing the receiving function in part 51 can be regarded as a receiving module, and the device used for realizing the sending function can be regarded as a sending module, that is, part 51 includes a receiving module and a sending module. The receiving module may also be called a receiver, a receiver, or a receiving circuit, and the like, and the sending module may be called a transmitter, a transmitter, or a transmitting circuit, and the like.
52部分可以包括一个或多个单板,每个单板可以包括一个或多个处理器和一个或多个存储器。处理器用于读取和执行存储器中的程序以实现基带处理功能以及对网络设备的控制。若存在多个单板,各个单板之间可以互联以增强处理能力。作为一种可选的实施方式,也可以是多个单板共用一个或多个处理器,或者是多个单板共用一个或多个存储器,或者是多个单板同时共用一个或多个处理器。 Section 52 may include one or more single boards, each of which may include one or more processors and one or more memories. The processor is used to read and execute programs in the memory to implement baseband processing functions and control network devices. If there are multiple boards, each board can be interconnected to enhance the processing capability. As an optional implementation manner, one or more processors may be shared by multiple boards, or one or more memories may be shared by multiple boards, or one or more processors may be shared by multiple boards at the same time. device.
例如,在一种实现方式中,51部分的收发模块用于执行图2至图10中网络设备或基站的收发相关的步骤;52部分用于执行图2至图10中网络设备或基站的处理相关的步骤。For example, in an implementation manner, part 51 of the transceiver module is used to perform the steps related to the transmission and reception of the network device or base station in FIG. 2 to FIG. 10 ; part 52 is used to perform the processing of the network device or base station in FIG. 2 to FIG. 10 . related steps.
应理解,图15仅为示例而非限定,上述包括收发模块和处理模块的网络设备可以不 依赖于图15所示的结构。It should be understood that FIG. 15 is only an example and not a limitation, and the above-mentioned network device including the transceiver module and the processing module may not depend on the structure shown in FIG. 15 .
当该装置50为芯片时,该芯片包括收发模块和处理模块。其中,收发模块可以是输入输出电路、通信接口;处理模块为该芯片上集成的处理器或者微处理器或者集成电路。When the device 50 is a chip, the chip includes a transceiver module and a processing module. Wherein, the transceiver module may be an input/output circuit or a communication interface; the processing module is a processor, a microprocessor or an integrated circuit integrated on the chip.
本申请实施例还提供一种计算机可读存储介质,其上存储有用于实现上述方法实施例中由第网络设备执行的方法的计算机指令。Embodiments of the present application further provide a computer-readable storage medium, on which computer instructions for implementing the method executed by the first network device in the foregoing method embodiments are stored.
例如,该计算机程序被计算机执行时,使得该计算机可以实现上述方法实施例中由网络设备执行的方法。For example, when the computer program is executed by a computer, the computer can implement the method executed by the network device in the above method embodiments.
本申请实施例还提供一种包含指令的计算机程序产品,该指令被计算机执行时使得该计算机实现上述方法实施例中由第一设备执行的方法,或由第二设备执行的方法。Embodiments of the present application further provide a computer program product including instructions, which, when executed by a computer, cause the computer to implement the method executed by the first device or the method executed by the second device in the above method embodiments.
本申请实施例还提供一种通信系统,该通信系统包括上文实施例中的网络设备。An embodiment of the present application further provides a communication system, where the communication system includes the network device in the above embodiment.
上述提供的任一种装置中相关内容的解释及有益效果均可参考上文提供的对应的方法实施例,此处不再赘述。For the explanation and beneficial effects of the relevant content in any of the above-mentioned apparatuses, reference may be made to the corresponding method embodiments provided above, which will not be repeated here.
在本申请实施例中,网络设备可以包括硬件层、运行在硬件层之上的操作系统层,以及运行在操作系统层上的应用层。其中,硬件层可以包括中央处理器(central processing unit,CPU)、内存管理单元(memory management unit,MMU)和内存(也称为主存)等硬件。操作系统层的操作系统可以是任意一种或多种通过进程(process)实现业务处理的计算机操作系统,例如,Linux操作系统、Unix操作系统、Android操作系统、iOS操作系统或windows操作系统等。应用层可以包含浏览器、通讯录、文字处理软件、即时通信软件等应用。In this embodiment of the present application, the network device may include a hardware layer, an operating system layer running on the hardware layer, and an application layer running on the operating system layer. The hardware layer may include hardware such as a central processing unit (CPU), a memory management unit (MMU), and memory (also called main memory). The operating system of the operating system layer may be any one or more computer operating systems that implement business processing through processes, such as a Linux operating system, a Unix operating system, an Android operating system, an iOS operating system, or a Windows operating system. The application layer may include applications such as browsers, address books, word processing software, and instant messaging software.
本申请实施例并未对本申请实施例提供的方法的执行主体的具体结构进行特别限定,只要能够通过运行记录有本申请实施例提供的方法的代码的程序,以根据本申请实施例提供的方法进行通信即可。例如,本申请实施例提供的方法的执行主体可以是网络设备,或者,是网络设备中能够调用程序并执行程序的功能模块。The embodiments of the present application do not specifically limit the specific structure of the execution body of the methods provided by the embodiments of the present application, as long as the program in which the codes of the methods provided by the embodiments of the present application are recorded can be executed to execute the methods according to the embodiments of the present application. Just communicate. For example, the execution body of the method provided by the embodiment of the present application may be a network device, or a functional module in the network device that can call a program and execute the program.
本申请的各个方面或特征可以实现成方法、装置或使用标准编程和/或工程技术的制品。本文中使用的术语“制品”可以涵盖可从任何计算机可读器件、载体或介质访问的计算机程序。例如,计算机可读介质可以包括但不限于:磁存储器件(例如,硬盘、软盘或磁带等),光盘(例如,压缩盘(compact disc,CD)、数字通用盘(digital versatile disc,DVD)等),智能卡和闪存器件(例如,可擦写可编程只读存储器(erasable programmable read-only memory,EPROM)、卡、棒或钥匙驱动器等)。Various aspects or features of the present application may be implemented as methods, apparatus, or articles of manufacture using standard programming and/or engineering techniques. The term "article of manufacture" as used herein may encompass a computer program accessible from any computer-readable device, carrier or media. For example, computer readable media may include, but are not limited to, magnetic storage devices (eg, hard disks, floppy disks, or magnetic tapes, etc.), optical disks (eg, compact discs (CDs), digital versatile discs (DVDs), etc. ), smart cards and flash memory devices (eg, erasable programmable read-only memory (EPROM), cards, stick or key drives, etc.).
本文描述的各种存储介质可代表用于存储信息的一个或多个设备和/或其它机器可读介质。术语“机器可读介质”可以包括但不限于:无线信道和能够存储、包含和/或承载指令和/或数据的各种其它介质。Various storage media described herein may represent one or more devices and/or other machine-readable media for storing information. The term "machine-readable medium" may include, but is not limited to, wireless channels and various other media capable of storing, containing, and/or carrying instructions and/or data.
应理解,本申请实施例中提及的处理器可以是中央处理单元(central processing unit,CPU),还可以是其他通用处理器、数字信号处理器(digital signal processor,DSP)、专用集成电路(application specific integrated circuit,ASIC)、现成可编程门阵列(field programmable gate array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。It should be understood that the processor mentioned in the embodiments of the present application may be a central processing unit (central processing unit, CPU), and may also be other general-purpose processors, digital signal processors (digital signal processors, DSP), application-specific integrated circuits ( application specific integrated circuit, ASIC), off-the-shelf programmable gate array (field programmable gate array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
还应理解,本申请实施例中提及的存储器可以是易失性存储器或非易失性存储器,或 可包括易失性和非易失性存储器两者。其中,非易失性存储器可以是只读存储器(read-only memory,ROM)、可编程只读存储器(programmable ROM,PROM)、可擦除可编程只读存储器(erasable PROM,EPROM)、电可擦除可编程只读存储器(electrically EPROM,EEPROM)或闪存。易失性存储器可以是随机存取存储器(random access memory,RAM)。例如,RAM可以用作外部高速缓存。作为示例而非限定,RAM可以包括如下多种形式:静态随机存取存储器(static RAM,SRAM)、动态随机存取存储器(dynamic RAM,DRAM)、同步动态随机存取存储器(synchronous DRAM,SDRAM)、双倍数据速率同步动态随机存取存储器(double data rate SDRAM,DDR SDRAM)、增强型同步动态随机存取存储器(enhanced SDRAM,ESDRAM)、同步连接动态随机存取存储器(synchlink DRAM,SLDRAM)和直接内存总线随机存取存储器(direct rambus RAM,DR RAM)。It should also be understood that the memory mentioned in the embodiments of the present application may be volatile memory or non-volatile memory, or may include both volatile and non-volatile memory. The non-volatile memory may be read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically programmable Erase programmable read-only memory (electrically EPROM, EEPROM) or flash memory. Volatile memory may be random access memory (RAM). For example, RAM can be used as an external cache. By way of example and not limitation, RAM may include the following forms: static random access memory (SRAM), dynamic random access memory (DRAM), synchronous dynamic random access memory (SDRAM) , double data rate synchronous dynamic random access memory (double data rate SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (enhanced SDRAM, ESDRAM), synchronous link dynamic random access memory (synchlink DRAM, SLDRAM) and Direct memory bus random access memory (direct rambus RAM, DR RAM).
需要说明的是,当处理器为通用处理器、DSP、ASIC、FPGA或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件时,存储器(存储模块)可以集成在处理器中。It should be noted that when the processor is a general-purpose processor, DSP, ASIC, FPGA or other programmable logic devices, discrete gate or transistor logic devices, or discrete hardware components, the memory (storage module) can be integrated in the processor.
还需要说明的是,本文描述的存储器旨在包括但不限于这些和任意其它适合类型的存储器。It should also be noted that the memory described herein is intended to include, but not be limited to, these and any other suitable types of memory.
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的保护范围。Those of ordinary skill in the art can realize that the units and steps of each example described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Skilled artisans may implement the described functions using different methods for each specific application, but such implementations should not be considered outside the scope of protection of this application.
所属领域的技术人员可以清楚地了解到,为描述方便和简洁,上述描述的装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that, for the convenience and brevity of description, for the specific working process of the above-described devices and units, reference may be made to the corresponding processes in the foregoing method embodiments, and details are not repeated here.
在本申请所提供的几个实施例中,应该理解到,所揭露的装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。此外,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, which may be in electrical, mechanical or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元实现本申请提供的方案。The units described as separate components may or may not be physically separated, and components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to implement the solution provided in this application.
另外,在本申请各个实施例中的各功能单元可以集成在一个单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。In addition, each functional unit in each embodiment of the present application may be integrated into one unit, or each unit may exist physically alone, or two or more units may be integrated into one unit.
在上述实施例中,可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用软件实现时,可以全部或部分地以计算机程序产品的形式实现。所述计算机程序产品包括一个或多个计算机指令。在计算机上加载和执行所述计算机程序指令时,全部或部分地产生按照本申请实施例所述的流程或功能。所述计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。例如,所述计算机可以是个人计算机,服务器,或者网络设备等。所述计算机指令可以存储在计算机可读存储介质中,或者从一个计算机 可读存储介质向另一个计算机可读存储介质传输,例如,所述计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如同轴电缆、光纤、数字用户线(DSL))或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可用介质集成的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质,(例如,软盘、硬盘、磁带)、光介质(例如,DVD)、或者半导体介质(例如固态硬盘(solid state disk,(SSD))等。例如,前述的可用介质可以包括但不限于:U盘、移动硬盘、只读存储器(read-only memory,ROM)、随机存取存储器(random access memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。In the above-mentioned embodiments, it may be implemented in whole or in part by software, hardware, firmware or any combination thereof. When implemented in software, it can be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, all or part of the processes or functions described in the embodiments of the present application are generated. The computer may be a general purpose computer, special purpose computer, computer network, or other programmable device. For example, the computer may be a personal computer, a server, or a network device or the like. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be downloaded from a website site, computer, server, or data center Transmission to another website site, computer, server, or data center is by wire (eg, coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (eg, infrared, wireless, microwave, etc.). The computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that includes an integration of one or more available media. The available media may be magnetic media (eg, floppy disks, hard disks, magnetic tapes), optical media (eg, DVDs), or semiconductor media (eg, solid state disks (SSDs)), etc. For example, the aforementioned available media The medium may include but is not limited to: U disk, removable hard disk, read-only memory (ROM), random access memory (RAM), magnetic disk or optical disk and other media that can store program codes .
以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到的变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以所述权利要求和说明书的保护范围为准。The above are only specific embodiments of the present application, but the protection scope of the present application is not limited to this. Any person skilled in the art can easily think of changes or substitutions within the technical scope disclosed in the present application, All should be covered within the scope of protection of this application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims and the description.

Claims (21)

  1. 一种无线通信的方法,其特征在于,包括:A method of wireless communication, comprising:
    网络设备从终端设备接收第一消息;the network device receives the first message from the terminal device;
    所述网络设备确定所述终端设备是否支持接入层AS安全;determining, by the network device, whether the terminal device supports access-layer AS security;
    在所述终端设备不支持所述AS安全的情形下,所述网络设备向基站发送第一指示信息和第一请求信息,所述第一指示信息用于指示所述终端设备不支持所述AS安全,所述第一请求信息用于请求所述基站根据所述终端设备的无线能力判断所述终端设备是否具备IMS-VoPS能力。In the case that the terminal device does not support the AS security, the network device sends first indication information and first request information to the base station, where the first indication information is used to indicate that the terminal device does not support the AS Safety, the first request information is used to request the base station to determine whether the terminal device has the IMS-VoPS capability according to the wireless capability of the terminal device.
  2. 根据权利要求1所述的方法,其特征在于,所述方法还包括:The method according to claim 1, wherein the method further comprises:
    在所述终端设备支持所述AS安全的情形下,所述网络设备向所述基站发送第二请求信息,所述第二请求信息用于请求所述基站建立AS安全上下文;In the case that the terminal device supports the AS security, the network device sends second request information to the base station, where the second request information is used to request the base station to establish an AS security context;
    在接收到来自所述基站的、响应于所述第二请求信息的响应信息之后,所述网络设备向所述基站发送所述第一请求信息。After receiving the response information from the base station in response to the second request information, the network device sends the first request information to the base station.
  3. 根据权利要求1或2所述的方法,其特征在于,所述网络设备确定所述终端设备是否支持建立接入层AS安全,包括:The method according to claim 1 or 2, wherein determining, by the network device, whether the terminal device supports establishing access layer AS security, comprises:
    所述网络设备接收第二指示信息,所述第二指示信息用于确定所述终端设备是否支持所述AS安全;receiving, by the network device, second indication information, where the second indication information is used to determine whether the terminal device supports the AS security;
    所述网络设备根据所述第二指示信息确定所述终端设备是否支持建立接入层AS安全。The network device determines, according to the second indication information, whether the terminal device supports establishing access stratum AS security.
  4. 根据权利要求3所述的方法,其特征在于,所述接收第二指示信息,包括:The method according to claim 3, wherein the receiving the second indication information comprises:
    所述网络设备接收来自所述终端设备的移动性管理信息,所述移动性管理能力信息中携带所述第二指示信息;或者The network device receives the mobility management information from the terminal device, and the mobility management capability information carries the second indication information; or
    所述网络设备接收来自统一数据管理的订阅信息,所述订阅信息中携带所述第二指示信息。The network device receives subscription information from unified data management, where the subscription information carries the second indication information.
  5. 根据权利要求1至4中任一项所述的方法,其特征在于,所述网络设备向所述基站发送所述第一请求信息之后,所述方法还包括:The method according to any one of claims 1 to 4, wherein after the network device sends the first request information to the base station, the method further comprises:
    所述网络设备接收来自所述基站的终端设备的无线能力信息和完整性保护参数,所述完整性保护参数用于验证所述终端设备的无线能力信息是否被篡改;receiving, by the network device, wireless capability information and an integrity protection parameter of the terminal device from the base station, where the integrity protection parameter is used to verify whether the wireless capability information of the terminal device has been tampered with;
    所述网络设备根据第一密钥和所述完整性保护参数验证所述终端无线能力信息是否被篡改,所述第一密钥为所述网络设备和所述终端设备之间的共享密钥;The network device verifies whether the terminal wireless capability information has been tampered with according to a first key and the integrity protection parameter, where the first key is a shared key between the network device and the terminal device;
    在所述终端无线能力信息被篡改的情形下,所述网络设备向所述基站发送拒绝消息,或者向所述基站再次发送所述第一请求信息。In the case that the wireless capability information of the terminal is tampered with, the network device sends a rejection message to the base station, or sends the first request information to the base station again.
  6. 一种无线通信的方法,其特征在于,包括:A method for wireless communication, comprising:
    基站接收来自网络设备的第一指示信息和第一请求信息,所述第一指示信息用于指示第一终端设备不支持所述AS安全,所述第一请求信息用于请求所述基站根据所述第一终端设备的无线能力判断所述第一终端设备是否具备IMS-VoPS能力;The base station receives first indication information and first request information from the network device, the first indication information is used to indicate that the first terminal device does not support the AS security, and the first request information is used to request the base station to The wireless capability of the first terminal device determines whether the first terminal device has the IMS-VoPS capability;
    所述基站在收到所述第一请求信息后,所述基站如果不能通过所述基站保存的信息和 所述第一请求信息携带的信息获取到所述第一终端设备的无线能力信息,则根据所述第一指示信息向所述第一终端设备发送用于获取所述第一终端设备的无线能力信息的请求信息,所述请求信息未进行AS安全保护;After the base station receives the first request information, if the base station cannot obtain the wireless capability information of the first terminal device through the information stored by the base station and the information carried in the first request information, Send request information for acquiring wireless capability information of the first terminal device to the first terminal device according to the first indication information, where the request information is not protected by AS security;
    所述基站从来自所述第一终端设备的响应信息中获取所述第一终端设备无线能力信息;acquiring, by the base station, the wireless capability information of the first terminal device from the response information from the first terminal device;
    所述基站根据所述第一终端设备的无线能力信息判断所述第一终端设备是否具备IMS-VoPS能力。The base station determines whether the first terminal device has the IMS-VoPS capability according to the wireless capability information of the first terminal device.
  7. 根据权利要求6所述的方法,其特征在于,所述方法还包括:The method according to claim 6, wherein the method further comprises:
    所述基站接收来自所述网络设备的第二请求信息,所述第二请求信息用于请求所述基站建立与第二终端设备的AS安全上下文,所述第二终端设备支持所述AS安全;receiving, by the base station, second request information from the network device, where the second request information is used to request the base station to establish an AS security context with a second terminal device, and the second terminal device supports the AS security;
    所述基站建立与所述第二终端设备之间的AS安全上下文,以及向所述网络设备发送响应消息。The base station establishes an AS security context with the second terminal device, and sends a response message to the network device.
  8. 根据权利要求7所述的方法,其特征在于,在所述基站建立所述AS安全上下文之后,所述方法还包括:The method according to claim 7, wherein after the base station establishes the AS security context, the method further comprises:
    所述基站接收来自所述网络设备的第三请求信息,所述第三请求信息用于请求所述基站根据所述第二终端设备的无线能力判断所述第二终端设备是否具备IMS-VoPS能力;The base station receives third request information from the network device, where the third request information is used to request the base station to determine whether the second terminal device has the IMS-VoPS capability according to the wireless capability of the second terminal device ;
    所述基站在收到所述第一请求信息后,所述基站如果不能通过所述基站保存的信息和所述第一请求信息携带的信息获取到所述第二终端设备的无线能力信息,则向所述第二终端设备发送用于获取所述第二终端设备的无线能力信息的请求信息,所述请求消息已进行AS安全保护;After the base station receives the first request information, if the base station cannot obtain the wireless capability information of the second terminal device through the information stored by the base station and the information carried in the first request information, sending, to the second terminal device, request information for acquiring the wireless capability information of the second terminal device, where the request message has been protected by AS security;
    所述基站从来自所述第二终端设备的响应信息中获取所述第二终端设备的无线能力信息;acquiring, by the base station, the wireless capability information of the second terminal device from the response information from the second terminal device;
    所述基站根据所述第二终端设备的无线能力信息判断所述第二终端设备是否具备IMS-VoPS能力,并将判断结果反馈给所述网络设备。The base station determines whether the second terminal device has the IMS-VoPS capability according to the wireless capability information of the second terminal device, and feeds back the determination result to the network device.
  9. 根据权利要求6至8中任一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 6 to 8, wherein the method further comprises:
    所述基站接收来自所述第一终端设备的所述终端设备的无线能力信息和完整性保护参数;receiving, by the base station, radio capability information and integrity protection parameters of the terminal device from the first terminal device;
    所述基站将所述第一终端设备的无线能力信息和完整性保护参数发送给所述网络设备,所述完整性保护参数用于验证所述第一终端设备的无线能力信息是否被篡改;sending, by the base station, the wireless capability information and integrity protection parameters of the first terminal device to the network device, where the integrity protection parameters are used to verify whether the wireless capability information of the first terminal device has been tampered with;
    所述基站从所述网络设备接收用于指示所述第一终端设备的无线能力信息被篡改的拒绝消息,或再次接收所述第一请求信息。The base station receives a rejection message from the network device indicating that the wireless capability information of the first terminal device has been tampered with, or receives the first request information again.
  10. 一种无线通信的装置,其特征在于,包括:A device for wireless communication, comprising:
    收发模块,用于从终端设备接收第一消息;a transceiver module for receiving the first message from the terminal device;
    处理模块,用于确定所述终端设备是否支持接入层AS安全,a processing module, configured to determine whether the terminal device supports access layer AS security,
    以及在所述终端设备不支持所述AS安全的情形下,通过所述收发模块向基站发送第一指示信息和第一请求信息,所述第一指示信息用于指示所述终端设备不支持所述AS安全,所述第一请求信息用于请求所述基站根据所述终端设备的无线能力判断所述终端设备是否具备IMS-VoPS能力。And in the case that the terminal device does not support the AS security, send first indication information and first request information to the base station through the transceiver module, where the first indication information is used to indicate that the terminal device does not support the AS security. The AS security, the first request information is used to request the base station to determine whether the terminal device has the IMS-VoPS capability according to the wireless capability of the terminal device.
  11. 根据权利要求10所述的装置,其特征在于,所述处理模块还用于,在所述终端 设备支持所述AS安全的情形下,通过所述收发模块向所述基站发送第二请求信息,所述第二请求信息用于请求所述基站建立AS安全上下文;以及在所述收发模块接收到来自所述基站的、响应于所述第二请求信息的响应信息之后,通过所述收发模块向所述基站发送所述第一请求信息。The apparatus according to claim 10, wherein the processing module is further configured to send the second request information to the base station through the transceiver module when the terminal device supports the AS security, The second request information is used to request the base station to establish an AS security context; and after the transceiver module receives the response information from the base station in response to the second request information, the transceiver module sends the request message to the base station. The base station sends the first request information.
  12. 根据权利要求10或11所述的装置,其特征在于,所述收发模块还用于接收第二指示信息,所述第二指示信息用于确定所述终端设备是否支持所述AS安全;The apparatus according to claim 10 or 11, wherein the transceiver module is further configured to receive second indication information, and the second indication information is used to determine whether the terminal device supports the AS security;
    所述处理模块用于根据所述第二指示信息确定所述终端设备是否支持建立接入层AS安全。The processing module is configured to determine, according to the second indication information, whether the terminal device supports establishing access stratum AS security.
  13. 根据权利要求12所述的装置,其特征在于,所述收发模块具体用于:The device according to claim 12, wherein the transceiver module is specifically used for:
    接收来自所述终端设备的移动性管理能力信息,所述移动性管理能力信息中携带所述第二指示信息;或者receiving mobility management capability information from the terminal device, where the mobility management capability information carries the second indication information; or
    接收来自统一数据管理的订阅信息,所述订阅信息中携带所述第二指示信息。Subscription information from unified data management is received, where the subscription information carries the second indication information.
  14. 根据权利要求10至13中任一项所述的装置,其特征在于,所述收发模块还用于:The device according to any one of claims 10 to 13, wherein the transceiver module is further configured to:
    在向所述基站发送所述第一请求信息之后,接收来自所述基站的终端设备的无线能力信息和完整性保护参数,所述完整性保护参数用于验证所述终端设备的无线能力信息是否被篡改;After sending the first request information to the base station, receive wireless capability information and integrity protection parameters of the terminal equipment from the base station, where the integrity protection parameters are used to verify whether the wireless capability information of the terminal equipment is tampered with;
    所述处理模块还用于:The processing module is also used for:
    根据第一密钥和所述完整性保护参数验证所述终端无线能力信息是否被篡改,所述第一密钥为所述网络设备和所述终端设备之间的共享密钥;Verify whether the terminal wireless capability information has been tampered with according to a first key and the integrity protection parameter, where the first key is a shared key between the network device and the terminal device;
    以及在所述终端无线能力信息被篡改的情形下,通过所述收发模块向所述基站发送拒绝消息,或者向所述基站再次发送所述第一请求信息。and in the case that the wireless capability information of the terminal is tampered with, send a rejection message to the base station through the transceiver module, or send the first request information to the base station again.
  15. 一种无线通信的装置,其特征在于,包括:A device for wireless communication, comprising:
    收发模块,用于接收来自网络设备的第一指示信息和第一请求信息,所述第一指示信息用于指示第一终端设备不支持所述AS安全,所述第一请求信息用于请求所述基站根据所述第一终端设备的无线能力判断所述第一终端设备是否具备IMS-VoPS能力;A transceiver module, configured to receive first indication information and first request information from a network device, where the first indication information is used to indicate that the first terminal device does not support the AS security, and the first request information is used to request all The base station determines whether the first terminal device has the IMS-VoPS capability according to the wireless capability of the first terminal device;
    处理模块,用于在所述收发模块收到所述第一请求信息后,如果不能通过保存的信息和所述第一请求信息携带的信息获取到所述第一终端设备的无线能力信息,则根据所述第一指示信息,通过所述收发模块向所述第一终端设备发送用于获取所述第一终端设备的无线能力信息的请求信息,所述请求信息未进行AS安全保护;The processing module is configured to, after the transceiver module receives the first request information, if the wireless capability information of the first terminal device cannot be obtained through the stored information and the information carried by the first request information, then According to the first indication information, sending request information for acquiring the wireless capability information of the first terminal device to the first terminal device through the transceiver module, the request information is not protected by AS security;
    用于从所述收发模块接收的、来自所述第一终端设备的响应信息中获取所述第一终端设备无线能力信息;根据所述第一终端设备的无线能力信息判断所述第一终端设备是否具备IMS-VoPS能力。for obtaining the wireless capability information of the first terminal device from the response information from the first terminal device received by the transceiver module; determining the first terminal device according to the wireless capability information of the first terminal device Whether it has IMS-VoPS capability.
  16. 根据权利要求15所述的装置,其特征在于,所述收发模块还用于:The device according to claim 15, wherein the transceiver module is further configured to:
    接收来自所述网络设备的第二请求信息,所述第二请求信息用于请求所述基站建立与第二终端设备的AS安全上下文,所述第二终端设备支持所述AS安全;receiving second request information from the network device, where the second request information is used to request the base station to establish an AS security context with a second terminal device, and the second terminal device supports the AS security;
    所述处理模块还用于:The processing module is also used for:
    建立与所述第二终端设备之间的AS安全;establishing AS security with the second terminal device;
    所述收发模块还用于:The transceiver module is also used for:
    向所述网络设备发送响应消息。A response message is sent to the network device.
  17. 根据权利要求16所述的装置,其特征在于,所述收发模块还用于,在所述处理模块建立所述AS安全之后,The device according to claim 16, wherein the transceiver module is further configured to: after the processing module establishes the AS security,
    接收来自所述网络设备的第三请求信息,所述第三请求信息用于请求所述基站根据所述第二终端设备的无线能力判断所述第二终端设备是否具备IMS-VoPS能力;receiving third request information from the network device, where the third request information is used to request the base station to determine whether the second terminal device has the IMS-VoPS capability according to the wireless capability of the second terminal device;
    所述处理模块还用于,在所述收发模块收到所述第一请求信息后,如果不能通过保存的信息和所述第一请求信息携带的信息获取到所述第二终端设备的无线能力信息,通过所述收发模块向所述第二终端设备发送用于获取所述第二终端设备的无线能力信息的请求信息,所述请求消息已进行AS安全保护;The processing module is further configured to, after the transceiver module receives the first request information, if the wireless capability of the second terminal device cannot be obtained through the stored information and the information carried in the first request information information, sending request information for acquiring the wireless capability information of the second terminal device to the second terminal device through the transceiver module, and the request message has been AS security protected;
    从来自所述第二终端设备的响应信息中获取所述第二终端设备的无线能力信息;Obtain the wireless capability information of the second terminal device from the response information from the second terminal device;
    根据所述第二终端设备的无线能力信息判断所述第二终端设备是否具备IMS-VoPS能力。Determine whether the second terminal device has the IMS-VoPS capability according to the wireless capability information of the second terminal device.
  18. 根据权利要求15至17任一项所述的装置,其特征在于,所述收发模块还用于:The device according to any one of claims 15 to 17, wherein the transceiver module is further configured to:
    接收来自所述第一终端设备的所述终端设备的无线能力信息和完整性保护参数;receiving radio capability information and integrity protection parameters of the terminal device from the first terminal device;
    将所述第一终端设备的无线能力信息和完整性保护参数发送给所述网络设备,所述完整性保护参数用于验证所述第一终端设备的无线能力信息是否被篡改;sending the wireless capability information and integrity protection parameters of the first terminal device to the network device, where the integrity protection parameters are used to verify whether the wireless capability information of the first terminal device has been tampered with;
    从所述网络设备接收用于指示所述第一终端设备的无线能力信息被篡改的拒绝消息,或再次接收所述第一请求信息。A rejection message indicating that the wireless capability information of the first terminal device has been tampered with is received from the network device, or the first request information is received again.
  19. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有计算机程序,当所述计算机程序在计算机上运行时,使得计算机执行如权利要求1-9中任一项所述的方法。A computer-readable storage medium, characterized in that, the computer-readable storage medium stores a computer program, when the computer program is run on a computer, the computer is made to execute any one of claims 1-9. Methods.
  20. 一种芯片,其特征在于,包括处理器和存储器,所述存储器用于存储计算机程序,所述处理器用于调用并运行所述存储器中存储的计算机程序,以执行如权利要求1-9中任一项所述的方法。A chip, characterized in that it includes a processor and a memory, the memory is used to store a computer program, and the processor is used to call and run the computer program stored in the memory to execute any one of claims 1-9. one of the methods described.
  21. 一种通信系统,其特征在于,所述通信系统包括至少一个网络设备、基站和终端设备,其中,所述网络设备用于执行如权利要求1-5中任一项所述的方法,所述基站用于执行如权利要求6-9中任一项所述的方法。A communication system, characterized in that the communication system includes at least one network device, a base station and a terminal device, wherein the network device is configured to execute the method according to any one of claims 1-5, the A base station for performing the method according to any of claims 6-9.
PCT/CN2021/071128 2021-01-11 2021-01-11 Wireless communication method and apparatus WO2022147838A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2021/071128 WO2022147838A1 (en) 2021-01-11 2021-01-11 Wireless communication method and apparatus
CN202180087378.8A CN116711336A (en) 2021-01-11 2021-01-11 Method and apparatus for wireless communication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/071128 WO2022147838A1 (en) 2021-01-11 2021-01-11 Wireless communication method and apparatus

Publications (1)

Publication Number Publication Date
WO2022147838A1 true WO2022147838A1 (en) 2022-07-14

Family

ID=82357632

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/071128 WO2022147838A1 (en) 2021-01-11 2021-01-11 Wireless communication method and apparatus

Country Status (2)

Country Link
CN (1) CN116711336A (en)
WO (1) WO2022147838A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10257239B2 (en) * 2015-07-24 2019-04-09 Apple Inc. Packet switched voice service registration techniques with reduced overhead
CN110583047A (en) * 2018-04-09 2019-12-17 联发科技股份有限公司 method and device for selecting voice domain
CN111567068A (en) * 2018-08-09 2020-08-21 联发科技股份有限公司 Voice indication processing based on packet switching for internet protocol multimedia subsystem

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10257239B2 (en) * 2015-07-24 2019-04-09 Apple Inc. Packet switched voice service registration techniques with reduced overhead
CN110583047A (en) * 2018-04-09 2019-12-17 联发科技股份有限公司 method and device for selecting voice domain
CN111567068A (en) * 2018-08-09 2020-08-21 联发科技股份有限公司 Voice indication processing based on packet switching for internet protocol multimedia subsystem

Also Published As

Publication number Publication date
CN116711336A (en) 2023-09-05

Similar Documents

Publication Publication Date Title
US11582602B2 (en) Key obtaining method and device, and communications system
WO2021037175A1 (en) Network slice management method and related device
WO2021136211A1 (en) Method and device for determining authorization result
CN111328112B (en) Method, device and system for isolating security context
WO2022022347A1 (en) Network access method, communication system, and communication apparatus
US20210168139A1 (en) Network Slice Authentication Method and Communications Apparatus
US20210045050A1 (en) Communications method and apparatus
JP7255949B2 (en) Communication method and device
JP2022522280A (en) Fixed network residential gateway certification decision
US20220303763A1 (en) Communication method, apparatus, and system
WO2022247812A1 (en) Authentication method, communication device, and system
WO2021180209A1 (en) Method for transmitting paging information and communication apparatus
WO2022068474A1 (en) Communication method and apparatus for prose communication group, and storage medium
CN116723507B (en) Terminal security method and device for edge network
WO2020151710A1 (en) Method for determining security protection mode, device, and system
WO2022147838A1 (en) Wireless communication method and apparatus
WO2023011630A1 (en) Authorization verification method and apparatus
CN115942305A (en) Session establishment method and related device
WO2022237838A1 (en) Communication method and communication device
WO2023072271A1 (en) Method and apparatus for managing security context
CN112601222A (en) Safety protection method and device for air interface information
WO2024093923A1 (en) Communication method and communication apparatus
WO2023072275A1 (en) Communication method, apparatus and system
CN116528234B (en) Virtual machine security and credibility verification method and device
WO2022188156A1 (en) Communication method and communication apparatus

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21916891

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 202180087378.8

Country of ref document: CN

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21916891

Country of ref document: EP

Kind code of ref document: A1