WO2023004683A1 - Communication method, apparatus, and device - Google Patents

Abstract

Disclosed in the present application are a communication method, an apparatus, and a device. A solution of the present application comprises: after inter-system handover, and after an initial registration procedure of a connected state terminal device on a target communication system is not successful and causes the terminal device to release a radio link, when the terminal device, which has entered into an idle state, re-initiates a registration procedure, same sends to the target communication system a registration request message for which a security context corresponding to a source communication system has been utilized to perform integrity protection. As a consequence, after receiving the registration request message, the target communication system can successfully obtain a context of the terminal device from the source communication system on the basis of the registration request message, and can thereby enable the terminal device to successfully register to the target communication system. In conclusion, the present solution can prevent the rejection of a registration procedure re-initiated by a terminal device, terminal device registration success rate in an inter-system handover scenario is improved, terminal device registration delay is reduced, the service continuity of a terminal device can ultimately be ensured, and user experience can be guaranteed.

Description

A communication method, device and equipment technical field

The present application relates to the technical field of communication, and in particular to a communication method, device and equipment.

Background technique

When a terminal device resides in a communication system, both a non-access stratum (non access stratum, NAS) of the terminal device and a NAS of a core network in the communication system maintain a set of security contexts.

In the scenario where the terminal device needs to perform inter-system handover from the first communication system to the second communication system, the terminal device and the core network need to map the first set of security context in the first communication system to generate the security context in the second communication system. The second set of security context; after the handover is completed, all NAS messages exchanged between the terminal device and the core network in the second communication system need to use the second set of security context for integrity protection and/or confidentiality protection. Wherein, the first communication system and the second communication system are communication systems of different standards, for example, the first communication system is a 5G communication system, and the second communication system is a 4G communication system.

At present, the terminal device needs to initiate a tracking area update (tracking area update, TAU) process when switching to the second communication system. However, when a terminal device in the RRC connected state does not complete the TAU process when it is switched to the second communication system, the terminal device enters the RRC idle state, and when it initiates the TAU process again, it will be rejected by the core network of the second communication system, resulting in The terminal device cannot successfully register with the second communication system.

Obviously, the current solution will result in a low registration success rate of terminal devices, which in turn will lead to problems such as longer time spent on the network of terminal devices and service interruption, which will affect user experience.

Contents of the invention

The present application provides a communication method, device, and equipment to improve the registration success rate of terminal equipment in an inter-system handover scenario.

In the first aspect, the embodiment of the present application provides a communication method, the method includes the following steps:

After the terminal device switches from the second communication system to the first communication system, it acquires a first set of security context; wherein, the first set of security context is used for the terminal device to communicate with the first security context located in the first communication system. The network device performs security verification; after the terminal device sends a first registration request message to the first core network device, the terminal device releases the wireless link; wherein, the first registration request message uses the first set of security Integrity protection of the context, the first network device includes the first core network device; the terminal device sends a second registration request message to the first core network device, wherein the second registration request message Integrity protection is performed by using a second set of security context, and the second set of security context is used for security verification between the terminal device and the second network device located in the second communication system.

In the traditional solution, in the inter-system handover scenario, when the initial registration process fails and the idle terminal device initiates the registration process again, it continues to use the first set of security context to protect the integrity of the registration request message, while the second core network The device can only use the second set of security contexts for integrity verification, so the second registration process of the terminal device will inevitably fail. Compared with the traditional solution, in this method, when the terminal device initiates the registration process again, the second set of security context is used to protect the integrity of the registration request message; thus, when the first core network sends the registration request message to the second When the second core network device requests the context of the terminal device, it can be ensured that the second core network device can successfully perform an integrity check on the registration request message, thereby ensuring that the first core network device can successfully register from the second core network The network device obtains the context of the terminal device, so as to ensure that the terminal device can be successfully registered in the first communication system. Obviously, compared with the traditional solution, this method can avoid the situation that the registration process initiated by the terminal device is rejected again, improve the registration success rate of the terminal device in the inter-system handover scenario, and reduce the time delay for the terminal device to successfully register to the first communication system , and finally can guarantee the service continuity of the terminal equipment and guarantee the user experience.

In a possible design, the terminal device may acquire the first set of security contexts through the following steps:

The terminal device calculates the second set of security contexts according to the set security context mapping algorithm to generate the first set of security contexts.

Through this design, the terminal device can acquire the first set of security context corresponding to the first communication system during the inter-system handover process.

In a possible design, when the terminal device receives the registration rejection response message from the first core network device, the terminal device may release the wireless link.

With this design, the terminal device can release the wireless link when receiving the registration rejection response message, thereby initiating the registration procedure again, and continuing to request registration to the first communication system.

In a possible design, the registration refusal response message includes a refusal reason indication, and the refusal reason indication is used to instruct the terminal device to maintain a registration state. Exemplarily, the rejection reason indication may be other rejection reason values except the following rejection reason values: #3, #6, #8, #7, #9, #10, #11, #35, #12, #13, #14, #15, #22 (where #22 carries the T3346 value information element (T3346 value IE), and the value of the T3346 value information element is neither 0 nor invalid (deactivated)), #25, #40, #42, #31.

Through this design, the terminal device can continue to maintain the registration state after receiving the registration rejection response message, so that the registration process can be initiated again.

In a possible design, when the wireless link is abnormal, the terminal device may release the wireless link. Wherein, the wireless link abnormality may include: the signal quality of the signal sent by the first AN device in the first communication system is degraded, the bit error rate of data transmitted through the wireless link is high, the wireless link Unable to successfully transmit data, etc., this application does not limit this.

With this design, the terminal device can release the wireless link when the wireless link is abnormal, thereby initiating the registration process again and continuing to request registration to the first communication system.

In a possible design, when the registration success response message from the first core network device is not received, the terminal device may release the wireless link. Wherein, in this embodiment of the application, there are but not limited to the following situations, so that the terminal device does not receive the registration success response message:

Situation 1: The first core network device does not send a registration success response message. For example, the first core network device fails to perform the registration step after receiving the first registration request message.

Situation 2: Due to abnormal message transmission, although the first core network device sends a registration success response message to the terminal device, the terminal device does not receive it.

Situation 3: The terminal device does not receive the registration success response message within a set period of time after sending the first registration request message. Exemplarily, when the terminal device sends the first registration request message, it starts the timer T3430 synchronously. Exemplarily, the timing duration of the T3430 is 15 seconds. During the timing of the timer T3430, the terminal device does not receive the registration success response message; then when the timer T3430 times out, the terminal device abandons the registration process and releases the wireless link road.

If the terminal device does not receive the registration success response message, it means that the registration process is not successful. With this design, the terminal device can release the wireless link when the initial registration process is unsuccessful, thereby initiating the registration process again, and continuing to request registration to the first communication system.

In a possible design, the second registration request message includes device information of a second core network device that has the context of the terminal device in the second communication system, and the second network device includes the Describe the second core network equipment. For example, the second registration request message may include the first GUTI of the terminal device, and the first GUTI includes the device information of the second core network device (such as the identity of the second core network device or address); wherein, the first GUTI is obtained according to the second GUTI mapping, the first GUTI is the unique identifier of the terminal device in the first communication system; and the second GUTI is the terminal device The unique identifier in the second communication system is assigned to the terminal device by the second core network device in the second communication system.

With this design, after the first core network device receives the second registration request message, it can request the second core network device for the The context of the end device.

In a possible design, after the terminal device sends the second registration request message to the first core network device, the terminal device receives a registration success response message from the first core network device.

In a possible design, the second communication system is a fifth-generation 5G communication system, and the first communication system is a fourth-generation 4G communication system; the first registration request message is a tracking area update TAU request message , the second registration request message is a TAU request message.

In a second aspect, the embodiment of the present application provides a communication method, the method includes the following steps:

After the terminal device switches from the second communication system to the first communication system, the first core network device located in the first communication system receives a registration request message from the terminal device in an idle state; the registration request message uses the first Two sets of security contexts are used for integrity protection; the second set of security contexts is used for security verification between the terminal equipment and the second network equipment located in the second communication system; The second core network device of the second communication system sends a context request message; wherein, the context request message includes the registration request message, and the context request message is used to request the context of the terminal device, and the second The network equipment includes the second core network equipment.

In this method, when the terminal device initiates the registration process again, the second set of security context is used to protect the integrity of the registration request message; thus, when the first core network requests the second core network device for the registration request message based on the registration request message When using the context of the terminal device, it can be ensured that the second core network device can successfully perform an integrity check on the registration request message, thereby ensuring that the first core network device can successfully obtain the terminal device from the second core network device context, so as to ensure that the terminal device can be successfully registered in the first communication system. Obviously, compared with the traditional solution, this method can avoid the situation that the registration process initiated by the terminal device is rejected again, improve the registration success rate of the terminal device in the inter-system handover scenario, and reduce the time delay for the terminal device to successfully register to the first communication system , and finally can guarantee the service continuity of the terminal equipment and guarantee the user experience.

In a possible design, the first core network device receives a context response message from the second core network device; the context response message is used to indicate that the request for the context of the terminal device is successful; the first The core network device sends a registration success response message to the terminal device.

Through this design, when the first core network device successfully acquires the context of the terminal device, it can notify the terminal device that the registration is successful.

In a possible design, the registration request message includes device information of the second core network device that has the context of the terminal device in the second communication system; the first core network device may according to The device information of the second core device, and sending the context request message to the second core network device.

In a possible design, the second communication system is a fifth-generation 5G communication system, and the first communication system is a fourth-generation 4G communication system; the registration request message is a tracking area update TAU request message.

In a third aspect, the embodiment of the present application provides a communication method, the method includes the following steps:

After the terminal device switches from the second communication system to the first communication system, the second core network device receives a context request message from the first core network device; wherein the second core network device is located in the second communication system, The first core network device is located in the first communication system, the context request message includes a registration request message, and the registration request message uses a second set of security context for integrity protection; the second set of security context uses Security verification is performed between the terminal device and a second network device located in the second communication system, the second network device includes the second core device; the second core network device uses the second A security context is set, and an integrity protection check is performed on the registration request message.

In this method, when the terminal device initiates the registration process again, the second set of security context is used to protect the integrity of the registration request message; thus, when the first core network requests the second core network device for the registration request message based on the registration request message When using the context of the terminal device, the second core network device can successfully perform an integrity check on the registration request message, thereby ensuring that the first core network device can successfully obtain the context of the terminal device from the second core network device , so as to ensure that the terminal device can be successfully registered in the first communication system. Obviously, compared with the traditional solution, this method can avoid the situation that the registration process initiated by the terminal device is rejected again, improve the registration success rate of the terminal device in the inter-system handover scenario, and reduce the time delay for the terminal device to successfully register to the first communication system , and finally can guarantee the service continuity of the terminal equipment and guarantee the user experience.

In a possible design, after the verification is passed, the second core network device sends a context response message to the first core network device; the context response message is used to indicate that the request for the context of the terminal device is successful . Optionally, the context response message may include the context of the terminal device.

In a possible design, the registration request message includes device information of the second core network device that has the context of the terminal device in the second communication system.

In a possible design, the second communication system is a fifth-generation 5G communication system, and the first communication system is a fourth-generation 4G communication system; the registration request message is a tracking area update TAU request message.

In a fourth aspect, the embodiment of the present application provides a communication method, the method includes the following steps:

After the terminal device switches from the second communication system to the first communication system, it obtains a first set of security context; wherein, the first set of security context is used for the terminal device and the device located in the first communication system The first network device performs security verification; after the terminal device sends a registration request message to the first core network device, the terminal device releases the wireless link; wherein, the registration request message is performed using the first set of security context Integrity protection, the first network device includes the first core network device; the terminal device initiates an attach procedure.

In this method, after the terminal device in the connected state switches from the second communication system to the first communication system after the first registration process fails, causing the terminal device to release the wireless link, the terminal device in the idle state can initiate an attachment Procedure to register with the first communication system. Because the terminal device does not re-initiate the registration process, but registers with the first communication system through the attach process. Therefore, this method can enable a terminal device in an idle state to quickly register with the first communication system. Compared with the traditional solution above, the solution provided by the embodiment of the present application can avoid the situation that the terminal device is rejected when the registration process is initiated again, improve the registration success rate of the terminal device in the inter-system handover scenario, and reduce the risk of the terminal device successfully registering to the first communication system. The delay can ultimately guarantee the service continuity of terminal equipment and user experience.

In a possible design, the terminal device may acquire the first set of security contexts through the following steps:

The terminal device calculates the second set of security contexts according to the set security context mapping algorithm to generate the first set of security contexts.

Through this design, the terminal device can acquire the first set of security context corresponding to the first communication system during the inter-system handover process.

In a possible design, when the terminal device receives the registration rejection response message from the first core network device, the terminal device may release the wireless link.

With this design, the terminal device can release the wireless link when receiving the registration rejection response message, so as to register with the first communication system through the attach procedure.

In a possible design, the registration rejection response message includes a rejection reason indication, and the rejection original value indication is used to instruct the terminal device to maintain the registration state. Exemplarily, the rejection reason indication may be other rejection reason values except the following rejection reason values: #3, #6, #8, #7, #9, #10, #11, #35, #12, #13, #14, #15, #22 (where #22 carries the T3346 value information element (T3346 value IE), and the value of the T3346 value information element is neither 0 nor invalid (deactivated)), #25, #40, #42, #31.

Through this design, the terminal device can continue to maintain the registration state after receiving the registration rejection response message.

In a possible design, when the wireless link is abnormal, the terminal device may release the wireless link. Wherein, the wireless link abnormality may include: the signal quality of the signal sent by the first AN device in the first communication system is degraded, the bit error rate of data transmitted through the wireless link is high, the wireless link Unable to successfully transmit data, etc., this application does not limit this.

With this design, the terminal device can release the wireless link when the wireless link is abnormal, so as to register with the first communication system through the attach process.

In a possible design, when the registration success response message from the first core network device is not received, the terminal device may release the wireless link. Wherein, in this embodiment of the application, there are but not limited to the following situations, so that the terminal device does not receive the registration success response message:

Situation 1: The first core network device does not send a registration success response message. For example, the first core network device fails to perform the registration step after receiving the first registration request message.

Situation 2: Due to abnormal message transmission, although the first core network device sends a registration success response message to the terminal device, the terminal device does not receive it.

Situation 3: The terminal device does not receive the registration success response message within a set period of time after sending the first registration request message. Exemplarily, when the terminal device sends the first registration request message, it starts the timer T3430 synchronously. Exemplarily, the timing duration of the T3430 is 15 seconds. During the timing of the timer T3430, the terminal device does not receive the registration success response message; then when the timer T3430 times out, the terminal device abandons the registration process and releases the wireless link road.

If the terminal device does not receive the registration success response message, it means that the registration process is not successful. With this design, the terminal device can release the wireless link when the initial registration process fails, so as to register with the first communication system through the attach process.

In a possible design, the registration request message includes device information of a second core network device that has the context of the terminal device in the second communication system, and the second network device includes the first Two core network equipment.

In a possible design, the terminal device may initiate an attach process through the following steps:

The terminal device sends an attach request message to the first core network device.

In a possible design, the second communication system is a fifth-generation 5G communication system, and the first communication system is a fourth-generation 4G communication system; the registration request message is a tracking area update TAU request message.

In a fifth aspect, the embodiment of the present application provides a communication device, including a unit for performing each step in any one of the above aspects.

In a sixth aspect, the embodiment of the present application provides a communication device, including at least one processing element and at least one storage element, wherein the at least one storage element is used to store programs and data, and the at least one processing element is used to read and execute The program and data stored in the storage element enable the method provided by any one of the above aspects of the present application to be realized.

In a seventh aspect, an embodiment of the present application provides a communication system, including: a terminal device for performing the method provided in the first aspect, a first core network device for performing the method provided in the second aspect, and a device for performing The second core network device of the method provided by the third aspect.

In an eighth aspect, the embodiment of the present application further provides a computer program, which, when the computer program is run on a computer, causes the computer to execute the method provided in any one of the above aspects.

In the ninth aspect, the embodiment of the present application also provides a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, and when the computer program is executed by a computer, the computer executes any one of the above-mentioned method provided.

In a tenth aspect, the embodiment of the present application further provides a chip, the chip is used to read a computer program stored in a memory, and execute the method provided in any one of the above aspects.

In an eleventh aspect, an embodiment of the present application further provides a chip system, where the chip system includes a processor, configured to support a computer device to implement the method provided in any one of the above aspects. In a possible design, the chip system further includes a memory, and the memory is used to store necessary programs and data of the computer device. The system-on-a-chip may consist of chips, or may include chips and other discrete devices.

Description of drawings

FIG. 1A is a schematic diagram of a confidentiality protection process provided by an embodiment of the present application;

FIG. 1B is a schematic diagram of an integrity protection process provided by an embodiment of the present application;

FIG. 2 is a schematic diagram of a communication architecture provided by an embodiment of the present application;

FIG. 3 is a flowchart of a communication method provided in an embodiment of the present application;

FIG. 4 is a flow chart of another communication method provided by the embodiment of the present application;

FIG. 5 is a flow chart of a communication example provided by an embodiment of the present application;

FIG. 6 is a flow chart of another communication example provided by the embodiment of the present application;

FIG. 7 is a flowchart of a communication device provided by an embodiment of the present application;

FIG. 8 is a flowchart of a communication device provided by an embodiment of the present application.

Detailed ways

The present application provides a communication method, device, and equipment to improve the registration success rate of terminal equipment in an inter-system handover scenario. Among them, the method, the device, and the equipment are based on the same technical concept. Since the principles of solving the problems are similar, the implementation of the device, device, and method can be referred to each other, and the repetition will not be repeated.

Some terms used in this application are explained below for the understanding of those skilled in the art.

1) A terminal device is a device that provides voice and/or data connectivity to users. The terminal equipment may also be called user equipment (user equipment, UE), mobile station (mobile station, MS), mobile terminal (mobile terminal, MT) and so on. In the embodiments and examples of the present application, the UE may be used as an example for illustration.

For example, the terminal device may be a handheld device with a wireless connection function, a vehicle-mounted device, and the like. At present, examples of some terminal devices are: mobile phone (mobile phone), tablet computer, notebook computer, palmtop computer, mobile Internet device (mobile internet device, MID), intelligent sales terminal (point of sale, POS), wearable device, Virtual reality (virtual reality, VR) equipment, augmented reality (augmented reality, AR) equipment, wireless terminals in industrial control (industrial control), wireless terminals in self-driving (self-driving), remote medical surgery (remote medical surgery) ), wireless terminals in smart grid, wireless terminals in transportation safety, wireless terminals in smart city, wireless terminals in smart home, Various smart meters (smart water meters, smart electricity meters, smart gas meters), etc.

2) The communication system is used to connect the terminal device to the data network by using the 3rd generation partnership project (3GPP) access technology when the terminal device requests services, and realize the communication between the terminal device and the data network. It is also called a mobile communication system or a 3GPP communication system by transmitting user plane data between users to realize corresponding services. Unless otherwise specified, the communication systems involved in the following embodiments of the present application are all 3GPP communication systems.

Among them, the communication system is divided into an access network (access network, AN) and a core network (core network, CN). The access network is used to connect the terminal equipment to the core network through the 3GPP access technology. The core network is used to connect terminal devices to different data networks. In addition, according to the division of logical functions, the core network can be divided into the control plane and the user plane.

It should also be noted that the present application does not limit the format of the communication system, which may be a third generation (3 ^rd generation, 3G) communication system, a fourth generation (4 ^th generation, 4G) communication system (that is, long term evolution (long term evolution) , LTE) communication system, evolved packet system (evolved packet system, EPS)), fifth generation (5 ^th generation, 5G) communication system (ie 5G system (5G system, 5GS)), or future communication system, or A communication system based on the evolution of any generation of communication system.

For example, in a 4G communication system, the access network can also be called an evolved universal mobile telecommunications system (UMTS) terrestrial radio access network (evolved-UMTS terrestrial radio access network, E-UTRAN). It can also be called an evolved packet core network (evolved packet core, EPC).

For another example, in a 5G communication system, the access network can also be called a 5G radio access network (NG-radio access network, RAN), or NG-RAN, or new radio (NR) System), the core network can also be called 5G core network (5G core, 5GC).

3) The network device is a network element located in the communication system. The network device may be an access network device (ie, AN device) in the access network, or a core network device in the core network. This application is not limited to this.

4). The AN device is a device that connects the terminal device to the wireless network in the communication system. The access network device, as a node in the radio access network, may also be called a base station, and may also be called a radio access network (radio access network, RAN) node (or device).

At present, some examples of AN equipment are: new generation Node B (generation Node B, gNB), transmission reception point (transmission reception point, TRP), evolved Node B (evolved Node B, eNB), wireless network controller (radio network controller, RNC), node B (Node B, NB), access point (access point, AP) base station controller (base station controller, BSC), base transceiver station (base transceiver station, BTS), home base station (such as , home evolved NodeB, or home Node B, HNB), or base band unit (BBU), enterprise LTE discrete narrowband aggregation (Enterprise LTE Discrete Spectrum Aggregation, eLTE-DSA) base station, etc.

In addition, in a network structure, the AN device may include a centralized unit (centralized unit, CU) node and a distributed unit (distributed unit, DU) node. This structure separates the protocol layers of the eNB in the long term evolution (LTE) system, the functions of some protocol layers are placed in the CU for centralized control, and the remaining part or all of the functions of the protocol layers are distributed in the DU. Centralized control of DUs.

Exemplarily, in a 4G communication system, the AN device is called an eNB; in a 5G communication system, the AN device may be called a gNB.

5), core network equipment, a network element located in the core network, used to realize the functions of the core network, for example, responsible for connecting the terminal equipment to different data networks according to the call request or service request sent by the terminal equipment through the access network services such as billing, mobility management, and session management. Since the method provided in the embodiment of the present application is in the scenario where the terminal device performs inter-system handover, the core network device involved in the present application is a network element in the core network responsible for the mobility management function of the terminal device.

Since the mobility management function is the function of the control plane in the core network, in a communication system where the core network is split into a control plane and a user plane, the core network equipment with the mobility management function can also be called a control plane network element or a control plane. surface equipment.

Exemplarily, in a 4G communication system, a core network device with a mobility management function may be called a mobility management entity (mobility management entity, MME); in a 5G communication system, a core network device with a mobility management function may be called a It is an access and mobility management function (access and mobility management function, AMF) network element, and is referred to as AMF for short.

It should also be noted that this application does not limit the name of the core network equipment with mobility management functions, it can also implement other functions or integrate with other functional network elements, and it can also be called by other names.

6) Security verification, also known as secure docking, security verification, security protection, etc., is used to realize the confidentiality protection and/or integrity protection of the receiver and the sender.

7) Inter-system switching, which is to switch the terminal equipment from a communication system of one standard to a communication system of another standard. Wherein, in the embodiment of the present application, the terminal device in the radio resource control (radio resource control, RRC) connected state can implement the inter-system handover through a handover (handover) mechanism.

8). The wireless link is a wireless connection between the terminal device and the AN device in the communication system, used to transmit service data or signaling between the terminal device and the AN device, and may also be called a wireless connection. Exemplarily, the wireless link may include a data resource bearer (data resource bearer, DRB) or a signaling resource bearer (signaling resource bearer, SRB), wherein, the DBR is a wireless bearer for transmitting service data, and the SRB is a wireless bearer for transmitting service data. Radio bearer of RRC signaling or NAS signaling.

Wherein, after the terminal device establishes an RRC connection with the AN device, the AN device may establish a wireless link of the terminal device based on the RRC connection. Since the radio link is established based on the RRC connection, the state of the radio link is associated with the state of the RRC connection. In the communication field, the state of RRC connection includes: RRC connection state (RRC active, referred to as connection state for short), RRC idle state (RRC idle, referred to as idle state for short). When the wireless link of the terminal device is in the working state (not released), the terminal device is in the RRC connection state. When the radio link of the terminal device is released, the terminal device enters the RRC idle state.

9), "and/or", describes the association relationship of associated objects, indicating that there can be three types of relationships, for example, A and/or B, which can mean: A exists alone, A and B exist simultaneously, and B exists independently Condition. The character "/" generally indicates that the contextual objects are an "or" relationship.

It should be noted that a plurality referred to in this application refers to two or more than two. At least one means one or more than one.

In addition, it should be understood that in the description of this application, words such as "first" and "second" are only used for the purpose of distinguishing descriptions, and cannot be understood as indicating or implying relative importance, nor can they be understood as indicating or imply order.

It should be noted that the attach (attach) process and the tracking area update (tracking area update, TAU) process involved in the embodiment of the present application may be the standard process specified in the communication standard, such as the process specified in the communication standard 24.301. In addition, the messages and timers involved in the above process can also refer to the definition in the communication standard.

The role of the security context will be described below.

When a terminal device accesses the communication system and resides in the communication system, the NAS of the terminal device and the NAS of the network device (take the core network device as an example) in the communication system maintain a set of security contexts for security verification, so as to realize signaling or The transmission of business data is secure. The security verification includes confidentiality protection and/or integrity protection. For example, the 3GPP protocol TS33.401 stipulates that the NAS count value (count) in the security context is one of the parameters of confidentiality protection and integrity protection. For another example, the security context may also include: security protection key parameters and security protection algorithms; wherein, the security protection key parameters include key parameters for generating confidentiality keys and/or integrity keys, or confidentiality A key and/or an integrity key, and a security protection algorithm includes a confidentiality algorithm and/or an integrity algorithm.

Specifically, in the uplink transmission direction, the terminal device can encrypt and/or integrity protect the uplink message according to the maintained security context, and the core network device can encrypt and/or integrity protect the received message according to the maintained security context The subsequent uplink message is decrypted and/or integrity checked to obtain the uplink message.

Similarly, in the downlink transmission direction, the core network device can also encrypt and/or integrity protect the downlink message according to the maintained security context, and the terminal device can encrypt and/or integrity protect the received message according to the maintained security context The processed downlink message is decrypted and/or integrity checked to obtain the downlink message.

FIG. 1A is a schematic diagram of a process in which the receiver and the sender use the same set of security contexts for confidentiality protection. As shown in Figure 1A, the sender and the receiver use the confidentiality algorithm to calculate a series of parameters such as the confidentiality key and NAS count to obtain the key stream block; message) to obtain the ciphertext; after the ciphertext is transmitted to the receiver, the receiver uses the key stream block to decrypt the ciphertext to obtain the plaintext.

FIG. 1B is a schematic diagram of a process in which the receiver and the sender use the same security context to perform integrity protection. As shown in Figure 1B, the sender uses the integrity algorithm to calculate a series of parameters such as the message to be transmitted, the integrity key, and the NAS count, and obtains the check code, and then sends the message and the check code to the receiver at the same time. square. After receiving the message and check code, the receiver uses the integrity algorithm to calculate a series of parameters such as the received message, the integrity key, and NAS count to obtain the check code to be verified; Compare the received check code with the generated check to be verified: if the two are the same, it means that the integrity check of the message is passed/successful, indicating that the message is complete and has not been tampered with; if the two are different, then Indicates that the integrity check of the message has not passed/failed, indicating that the message may have been tampered with and is incomplete.

Through the process of confidentiality protection and integrity protection shown in Figure 1A and Figure 1B above, it can be seen that in order to ensure that security verification can be achieved between the terminal device and the core network device (the receiver can successfully verify the information sent by the sender according to the maintained security context), message decryption or integrity verification), the security context maintained by the two needs to be the same, that is, the NAS count, security protection key parameters, and security protection algorithm in the security context maintained by the terminal device and the core network device are the same. In other words, only when the terminal device and the core network device maintain the same set of security contexts can successful interconnection be achieved.

It should be noted that each set of security contexts can include uplink security contexts and downlink security contexts, uplink security contexts include uplink NAS counts, and downlink security contexts include downlink NAS counts. Wherein, the uplink security context is used for security verification of the uplink message, and the downlink security context is used for security verification of the downlink message.

In addition, the information contained in the security context in different communication systems is different, for example, the security protection key parameters or security protection algorithms contained in the security context in the 5G communication system and the 4G communication system are different.

Embodiments of the present application will be described in detail below in conjunction with the accompanying drawings.

FIG. 2 shows a communication architecture applicable to the communication method provided by the embodiment of the present application. Among them, the communication architecture is compatible with a variety of communication systems of different standards, and FIG. 2 only illustrates that the communication architecture includes a 5G communication system and a 4G communication system as an example.

It should be noted that this application does not limit the communication architecture applicable to the method provided by this application, which may include at least any of the following two communication systems: 5G communication system, 4G communication system, future new generation communication system, global mobile Communication (Global System of Mobile communication, GSM) system, code division multiple access (Code Division Multiple Access, CDMA) system, wideband code division multiple access (Wideband Code Division Multiple Access, WCDMA) system, general packet radio service (General Packet Radio Service, GPRS), Advanced long term evolution (LTE-A) system, Universal Mobile Telecommunications System (UMTS), and the 3rd Generation Partnership Project (The 3rd Generation Partnership Project, 3GPP) Related cellular systems, and communication systems based on the evolution of the above communication systems.

In a word, the communication architecture described in the embodiment of the present application is to illustrate the technical solutions of the embodiments of the present application more clearly, and does not constitute a limitation to the technical solutions provided by the embodiments of the present application. The development of the mobile communication system, the evolution of the network architecture, the technical solutions provided by the embodiments of the present application are also applicable to similar technical problems and scenarios.

In the communication architecture shown in FIG. 2 , if the inter-system handover condition is met, the terminal device (such as the UE in the figure) can switch from one communication system to another communication system through inter-system handover.

As shown in Figure 2, in this communication architecture, the 4G communication system includes two parts: an access network and a core network. Wherein, the access network is the E-UTRAN shown in the figure, and the core network includes the following network elements: mobility management function (mobility management entity, MME), serving network element (serving gateway, SGW), Packet data network gateway (PGW), policy and charging rules function (policy and charging rules function, PCRF) network element (referred to as PCRF), home subscriber server (home subscriber server, HSS), etc.

Among them, according to the division of logical functions, the PGW can also be divided into: PGW control plane (PGW-control, PGW-C) network elements (referred to as PGW-C) and PGW user plane (PGW-user, PGW-U) network elements Yuan (abbreviated as PGW-U).

The 5G communication system also includes two parts: the access network and the core network. Wherein, the access network is the NG-RAN shown in the figure, and the core network includes the following network elements: AMF network element (abbreviated as AMF), user plane function (user plane function, UPF) network element (referred to as UPF), session management function (session management function, SMF) network element (referred to as SMF), policy and charging function (policy and charge function, PCF) network element (referred to as PCF), unified data management (unified data management , UDM) network element (referred to as UDM) and so on.

It should be noted that in the communication architecture compatible with the 4G communication system and the 5G communication system shown in Figure 2, as shown in the figure, the SMF and PGW-C can be integrated in the same network element, or they can be set separately in different devices In the same way, the UPF and PGW-U, the HSS and UDM, and the PCF and PCRF network elements are also the same, and their composition is not specifically limited in this embodiment of the present application.

Communication between two network devices in a 4G communication system or a 5G communication system can be implemented through corresponding interfaces, as shown in FIG. 2 for details. It should be noted that, in order to realize inter-system handover of terminal equipment between the 5G communication system and the 4G communication system, the AMF in the 5G communication system and the MME in the 4G communication system can also communicate through the interface N26 to realize the handover process transmission of signaling, security context, and context of the terminal device.

It should be understood that the above network elements in a 4G communication system or a 5G communication system may be network elements implemented on dedicated hardware, or software instances running on dedicated hardware, or implemented on a virtualization platform (such as instance of the virtualization function on the cloud platform). In addition, the embodiment of the present application does not limit the distribution form of each network element in the communication system. Optionally, each of the above network elements may be deployed in different physical devices, or multiple network elements may be integrated in the same physical device.

In addition, the embodiment of the present application does not limit the name of each network element in the communication system. For example, in different communication systems, each network element may have other names; When in , the physical device can also have another name.

In this communication architecture, a terminal device can switch from one communication system to another through inter-system handover. For ease of description, in the following embodiments of the present application, the target communication system where the terminal device performs inter-system handover is referred to as the first communication system, and the source communication system where the terminal device performs inter-system handover is referred to as the second communication system. Further, for the convenience of distinguishing and describing network devices in different communication systems, the network devices in the first communication system are called first network devices, and the network devices in the second communication system are called second network devices. Wherein, the first network device may include a first core network device and a first AN device located in the first communication system, and the second network device may include a second core network device located in the second communication system network device and a second AN device.

When a terminal device in the connected state switches to the first communication system, both the NAS of the terminal device and the NAS of the first network device in the first communication system will acquire and maintain a first set of security contexts, wherein the first The set of security contexts is used for security verification between the terminal device and the first network device. And after the handover is completed, all NAS messages exchanged between the terminal device and the first network device need to use the first set of security contexts for integrity protection and/or confidentiality protection.

Wherein, the first set of security context is generated by calculating the second set of security context according to a set security context mapping algorithm. The second set of security context is used for security verification between the terminal device and the second network device located in the second communication system, that is, the second set of security context is stored in the terminal device and the second network device. context.

The first set of security context maintained by the NAS of the terminal device is generated by the terminal device by calculating the second set of security context stored locally according to a set security context mapping algorithm.

The first set of security context maintained by the NAS of the first network device may be generated by the second core network device by calculating the second set of security context stored locally according to the set security context mapping algorithm, and finally forwarded to the first network equipment.

This application uses the same security context mapping algorithm on the terminal device side and the core network side as an example, that is, the first set of security contexts maintained by the terminal device and the first network device are the same.

In this communication architecture, after a terminal device in a connected state switches to the first communication system, it needs to initiate a registration process to register with the first communication system. However, if the terminal device releases the wireless link when the terminal device fails to register with the first communication system, then the terminal device will enter an idle state. A terminal device in an idle state will initiate a registration process again, so as to continue to register with the first communication system.

Wherein, the terminal device initiates a registration process by sending a registration request to the first core network device. Currently, the terminal device will use the first set of security contexts to protect the integrity of the registration request. Wherein, the registration request includes device information of the second core network device that has the context of the terminal device in the second communication system.

After receiving the registration request sent by the terminal device in the idle state, the first core network device obtains the device information of the second core network device from the registration request, and sends a message carrying the registration information to the second core network device according to the device information. The context request of the registration request is used to obtain the context of the terminal device from the second core network device.

After the second core network device receives the context request, it will use the second set of security context to verify the integrity of the registration request in the context request, because the registration request is completed by the terminal device using the first set of security context. Therefore, the integrity verification performed by the second core network device on the registration request will fail. As a result, the first core network device cannot obtain the context of the terminal device from the second core network device, and thus the first core network device will reject the terminal device registration request.

However, if the registration request of the terminal device is rejected, the terminal device can only reside in the first communication system again through the attachment process. This will definitely prolong the time delay for the terminal device to register with the first communication system, thereby causing service continuity and ultimately affecting user experience.

Taking the switching from a 5G communication system to a 4G communication system as an example, the registration process may be a TAU process. The communication standard TS24.301 stipulates:

The UE uses the 5G security context to generate a mapped EPS security context (that is, the 4G security context);

After the handover, the UE sends a TAU request message to the MME, and the UE uses the 4G security context to protect the integrity of the TAU request message.

The communication standard TS33.501 stipulates:

The terminal device sends a TAU request carrying a mapped EPS globally unique temporary identity (GUTI) (that is, 4G GUTI) to the MME to start the TAU process. The mapped EPS GUTI is obtained according to the 5G GUTI mapping. The mapped EPS GUTI contains the device information (such as device address or device identity) of the AMF with UE context in the 5G communication system; after receiving the TAU request, the MME obtains the AMF device information from the mapped EPS GUTI included in the TAU request, The MME forwards the complete TAU request message to the AMF; the AMF uses the 5G security context to check the integrity of the TAU request message.

Based on the above description, in the inter-system handover scenario, the current solution will result in a low success rate of terminal device registration, which in turn will lead to longer network stay time of terminal devices, problems with service terminals, and affect user experience. The reason for the above impact is that the first registration process of the terminal device after the handover is unsuccessful, and after the terminal device releases the wireless link, the terminal device that enters the idle state will be rejected when it initiates the registration process again, and can only reside in the handover process through the attach process. later communication system.

It should be noted that, various embodiments of the present application do not limit the standards of the first communication system and the second communication system. Exemplarily, the first communication system may be a 5G communication system, and the second communication system may be a 4G communication system; or the first communication system may be a 4G communication system, and the second communication system may be a 5G communication system A communication system; or the first communication system may be a 5G communication system, and the second communication system may be a 6G communication system or the like. The first core network device is a network element with a mobility management function in the first communication system, and the second core device is a network element with a mobility management function in the second communication system. In addition, the security context used by the terminal device and the network device in the communication system to perform security verification may also be simply referred to as the security context corresponding to the communication system.

Embodiment one:

In order to solve the above problem and improve the registration success rate of the terminal device in the inter-system handover scenario, an embodiment of the present application provides a communication method. The method can be applied to the communication architecture shown in FIG. 2 . Referring to the flowchart shown in FIG. 3 , the method provided in the embodiment of the present application will be described in detail below.

S300a: When the terminal device resides in the second communication system, the second communication system establishes a session connection (PDU session) of the terminal device, and the terminal device and the second network device located in the second communication system use a second set of Security context for security verification. Wherein, the second network device includes a second AN device and a second core network device.

Specifically, the NAS in the terminal device and the NAS in the second network device respectively maintain the second set of security contexts, and use the second set of security contexts maintained respectively to perform confidentiality protection and Integrity protection, the specific process can refer to the above specific description of FIG. 1A and FIG. 1B , which will not be repeated here.

S300b: When the current network environment meets the inter-system handover condition, trigger the inter-system handover of the terminal device in the connected state; the terminal device, the first network device in the first communication system, and the second network device in the second communication system start An inter-system handover procedure is executed, and the terminal device is handed over from the second communication system to the first communication system.

In an implementation manner, when the second network device in the second communication system determines that an inter-system handover condition is met, it triggers an inter-system handover process from the second communication system to the first communication system. For the above specific process, reference may be made to the current communication protocol, which will not be described in detail here.

S301a: After the handover is successful, the terminal device successfully camps on the first communication system. The terminal device acquires a first set of security contexts, where the first set of security contexts is used to perform security verification between the terminal device and a first network device in the first communication system. The first network device includes a first AN device and a first core network device.

Optionally, the terminal device may obtain the first set of security contexts by adopting the following steps:

The terminal device calculates the second set of security contexts maintained by itself according to the locally saved set security context mapping algorithm to generate the first set of security contexts.

Exemplarily, the set security context mapping algorithm may be: the security context mapping algorithm in 3GPP protocol 33501_CR0611r1, which is used to map the security context corresponding to the 5G communication system to the security context corresponding to the 4G communication system.

S301b: After the handover is successful, the first core network device in the first communication system acquires the first set of security context.

Optionally, the first core network device may, but not limited to, obtain the first set of security context in the following manner: during or after the handover between different systems, the second core network device in the second communication system The device calculates the second set of security context stored locally according to the set security context mapping algorithm, generates the first set of security context, and sends the first set of security context to the first core network device.

Wherein, the security context mapping algorithm used by the second core network device should be the same as the security context mapping algorithm used by the terminal device. In this way, it can be ensured that the first set of security contexts generated by the two are the same, thereby ensuring that the terminal device and the first set of security contexts are the same. A core device can use the first set of security contexts to successfully implement security verification.

S302: The terminal device initiates a registration process, and sends a first registration request message to the first core network device; the first core network device receives the first registration request message from the terminal device. Wherein, the first registration request message uses the first set of security context for integrity protection.

In this embodiment of the present application, after the terminal device is handed over from another system, the terminal device successfully resides in the first communication system, and the terminal device also needs to initiate a registration process to register with the first communication system.

Exemplarily, the registration process in this embodiment may be a TAU process. The first registration request may be a TAU request (tracking area update request) message for integrity protection using the first set of security context.

The first core network device located in the first communication system can learn the RRC connection state of the terminal device. Since the terminal device initiates the registration process in the connected state, the first core network device will perform corresponding registration steps after receiving the first registration request message from the terminal device in the connected state, and according to As a result of the execution, a corresponding registration response message is fed back to the terminal device (if the execution is successful, a registration success response message is fed back; when the execution fails, a registration rejection response message is fed back). For example, the first core network device initiates a location update (update location) process to a data function network element (such as HSS/UDM) in the communication system that stores user-related data (that is, sends a location update request (update location) to the data function network element. location request) message).

It should be noted that, since the terminal device does not encrypt the first registration request message, after the first core network device receives the first registration request message from the terminal device in the connected state, , using the first set of security context to perform integrity check on the first registration request message (without using the first set of security context to perform decryption processing on the first registration request message), in the integrity check After passing the verification, perform corresponding registration steps according to the first registration request message.

In addition, the first registration request message may carry device information of a second core network device having a context (UE context) of the terminal device in the second communication system.

Wherein, the device information is used to identify the second core network device in the second communication system, and may be information such as a device identifier of the second core network device or an address of the second core network device. Applications are not limited to this.

Exemplarily, the first registration request message may carry a first GUTI, and similar to the first set of security contexts, the first GUTI is obtained through mapping from the second GUTI. The first GUTI includes device information of the second core network device in the second communication system that has the context of the terminal device. Wherein, the first GUTI is the unique identifier of the terminal device in the first communication system; and the second GUTI is the unique identifier of the terminal device in the second communication system, and is determined by the second communication system The second core network device allocated to the terminal device.

S303: After the terminal device sends the first registration request message to the first core network device but has not successfully registered with the first communication system, release the wireless link of the terminal device. Wherein, the wireless link is a wireless connection between the terminal device and the first AN device in the first communication system.

In this embodiment of the present application, after the wireless link of the terminal device is released, the terminal device enters an idle state, and the first core network device may know that the terminal device is in the idle state.

In an implementation manner, the wireless link of the terminal device may be actively released by the first AN device. For example, the first AN device actively releases when it is determined that the wireless link is abnormal.

In another implementation manner, the terminal device may, but not limited to, release the wireless link in the following ways:

Manner 1: When the terminal device receives the registration rejection response message from the first core network device, the terminal device releases the wireless link. Wherein, the registration refusal response message is fed back after the first core network device fails to perform the registration step, and the registration refusal response message is used to notify the terminal device that this registration process fails, or that the first core device refuses to register. The registration request of the terminal device.

Optionally, the registration refusal response message includes a refusal reason indication, and the refusal reason indication is used to instruct the terminal device to maintain the registration state, that is, it will not cause the terminal device to migrate to the de-registered state. Exemplarily, the rejection reason indication may be other rejection reason values except the following rejection reason values: #3, #6, #8, #7, #9, #10, #11, #35, #12, #13, #14, #15, #22 (where #22 carries the T3346 value information element (T3346 value IE), and the value of the T3346 value information element is neither 0 nor invalid (deactivated)), #25, #40, #42, #31.

Therefore, the terminal device will still maintain the registration state after receiving the registration rejection response message, and will initiate the registration process again later.

Way 2: When the registration success response message from the first core network device is not received, the terminal device releases the wireless link. Wherein, the registration success response message is fed back by the first core device after successfully performing the registration step, and the registration success response message is used to notify the terminal device that the registration process is successful, or that the first core network device will The terminal device is registered with the first communication system.

In the second method, there may be the following situations, so that the terminal device does not receive the registration success response message:

Situation 1: The first core network device does not send a registration success response message. For example, the first core network device fails to perform the registration step.

Situation 2: Due to abnormal message transmission, although the first core network device sends a registration success response message to the terminal device, the terminal device does not receive it.

Situation 3: The terminal device does not receive the registration success response message within a set period of time after sending the first registration request message. Exemplarily, when the terminal device sends the first registration request message, it starts the timer T3430 synchronously. Exemplarily, the timing duration of the T3430 is 15 seconds. During the timing of the timer T3430, the terminal device does not receive the registration success response message; then when the timer T3430 times out, the terminal device abandons the registration process and releases the wireless link road.

Manner 3: When the wireless link is abnormal, the terminal device releases the wireless link.

The abnormality of the wireless link may include: the signal quality of the signal sent by the first AN device in the first communication system is reduced, the bit error rate of data transmitted through the wireless link is high, and the wireless link cannot be successful Transmission of data, etc., is not limited in this application.

S304: The terminal device in the idle state (maintaining the registration state) initiates the registration process again, and sends a second registration request message to the first core device; the first core network device receives the terminal device from the idle state The second registration request message. Wherein, the second registration request message uses a second set of security context for integrity protection.

In this step, the terminal device does not perform encryption processing on the second registration request message.

Similar to the first registration request message, the second registration request message may be a TAU request message for integrity protection using a second set of security context. In addition, the second registration request message also carries device information of a second core network device that has the context of the terminal device in the second communication system.

Exemplarily, the second registration request message carries the first GUTI of the terminal device. The first GUTI includes the device information of the second core network device. For a specific description, refer to the description of the first registration request message in S302, which will not be repeated here.

S305: The first core network device sends a context request message to the second core network device located in the second communication system; the second core network device receives the context from the first core network device request message. The context request message includes the second registration request message, and the context request message is used to request the context of the terminal device.

Wherein, the context of the terminal device includes various information enabling the terminal device to create and maintain wireless links, bearers, and PDU sessions in the communication system to realize communication services. Exemplarily, the context of the terminal device may include, for example, network capability information, various identifiers of the terminal device, authentication information, created connection information, created bearer information, and the like.

In one embodiment, if the second registration request message contains the device information of the second core network device, after receiving the second registration request message, the first core network device, from the Obtain the device information of the second core network device from the second registration request message, and finally send the context request message to the second core device according to the device information of the second core network device.

In this implementation manner, since the second registration request message is not encrypted but only undergoes integrity protection processing, the first core network device does not need to perform decryption processing and integrity verification on the second registration request message Processing, the device information of the second core device may also be successfully acquired directly from the second registration request message. In this way, the first core network device may determine, according to the device information, that the sending object of the context request message is the second core network device.

S306: The second core network device acquires the second registration request message from the context request message, and uses the saved second set of security context to perform integrity check on the second registration request message.

In an implementation manner, the second core network device may maintain a protection timer for each saved terminal device context. When the protection timer corresponding to the context of any terminal device expires, the second core network device deletes the context of the terminal device.

In this embodiment of the present application, it is only taken as an example that the second core network device stores the context of the terminal device, that is, the protection timer corresponding to the context of the terminal device has not expired.

S307: The second core network device sends a context response message to the first core network device after passing the integrity check of the second registration request message; the first core network device receives a context response message from the The context response message of the second core network device. Wherein, the context response message is used to indicate that the request for the context of the terminal device is successful.

Corresponding to S306, when the second core network device passes the complete verification of the second registration request message and the second core network device determines that the context of the terminal device is saved, The second core network device sends the context response message to the first core device. Optionally, in this embodiment of the present application, the second core network device may, but not limited to, send the context of the terminal device to the first core network device in the following manner:

The second core network device sends the context of the terminal device to the first core network device through the context response message, that is, the context response message includes the context of the terminal device.

S308: The first core network device sends a registration success response message to the terminal device; the terminal device receives the registration success response message from the first core network device.

The registration success response message is used to notify the terminal device that this registration process is successful, and that the terminal device has successfully registered in the first communication system.

Through the above process, after the terminal device receives the registration success response message from the first core network device, it successfully registers in the first communication system. Afterwards, the terminal device can create a wireless link, a bearer, and a session in the first communication system, so as to implement communication services.

To sum up, the embodiment of the present application provides a communication method. In this method, after the terminal device in the connected state switches from the second communication system to the first communication system after the first registration process fails, causing the terminal device to release the wireless link, the terminal device in the idle state initiates the registration process again , send to the first core network device in the first communication system a registration request message that adopts the second set of security context for integrity protection; in this way, the first core network device sends the registration request message to the terminal device in the idle state after receiving the When receiving a registration request message, the context of the terminal device may be requested from the second core network device of the second communication system based on the registration request message; and the second core network device may use the saved second set of security context to successfully register the terminal device. An integrity check is performed on the request message, so as to send the context of the terminal device to the first core network device. Therefore, the first core network device can successfully obtain the context of the terminal device from the second core network device, so that the terminal device can successfully register in the first communication system.

In the traditional solution, in the inter-system handover scenario, when the initial registration process fails and the idle terminal device initiates the registration process again, it continues to use the first set of security context to protect the integrity of the registration request message, while the second core network The device can only use the second set of security contexts for integrity verification, so the second registration process of the terminal device will inevitably fail. Compared with the traditional solution, in the solution provided by the embodiment of this application, when the terminal device initiates the registration process again, the second set of security context is used to protect the integrity of the registration request message; this can ensure that the second core network device can successfully performing an integrity check on the registration request message, thereby ensuring that the first core network device can successfully obtain the context of the terminal device from the second core network device, thereby ensuring that the terminal device can successfully register with the In the first communication system described above. Obviously, compared with the traditional solution, the solution provided by the embodiment of the present application can avoid the situation that the registration process initiated by the terminal device is rejected again, improve the registration success rate of the terminal device in the inter-system handover scenario, and reduce the risk of the terminal device successfully registering to the first registration process. The delay of the communication system can ultimately guarantee the service continuity of the terminal equipment and guarantee the user experience.

Embodiment two:

In order to solve the above problems, reduce the registration delay of the terminal device in the inter-system handover scenario, and improve the registration success rate of the terminal device, another communication method is provided in the embodiment of the present application. The method can be applied to the communication architecture shown in FIG. 2 . Referring to the flow chart shown in FIG. 4 , the method provided in the embodiment of the present application will be described in detail below.

Wherein, as shown in Figure 3 and Figure 4, steps S400a-S403 in this embodiment are the same as steps S300a-S303 in Embodiment 1, so the specific description of steps S400a-S403 can refer to the corresponding steps in Embodiment 1, I won't repeat them here.

S404: After the first registration process of the terminal device in the connected state is switched from the second communication system to the first communication system, after the first registration process fails, causing the terminal device to release the wireless link, the terminal device in the idle state re-cams to the first communication system After a communication system is established, the terminal device initiates an attach process.

Optionally, the terminal device may enter a de-registration state after performing local de-registration; and then re-reside in the first communication system through a frequency scanning and network search process.

In an implementation manner, the terminal device may attach using an attach procedure in a current communication standard. For example, the terminal device needs to access the first communication system through a random access procedure; then, the terminal device sends an attach request (attach request) message to the first core network device in the first communication system, etc. , no further description here.

Through the above steps, when the terminal device completes the attachment procedure, it can register with the first communication system.

To sum up, the embodiment of the present application provides a communication method. In this method, after the terminal device in the connected state switches from the second communication system to the first communication system after the first registration process fails, causing the terminal device to release the wireless link, the terminal device in the idle state can initiate an attachment Procedure to register with the first communication system. Because the terminal device does not re-initiate the registration process, but registers with the first communication system through the attach process. Therefore, this method can enable a terminal device in an idle state to quickly register with the first communication system. Compared with the traditional solution above, the solution provided by the embodiment of the present application can avoid the situation that the terminal device is rejected when the registration process is initiated again, improve the registration success rate of the terminal device in the inter-system handover scenario, and reduce the risk of the terminal device successfully registering to the first communication system. The delay can ultimately guarantee the service continuity of terminal equipment and user experience.

Based on the above embodiments provided in this application, this application also provides some communication examples. Referring to FIG. 5 or FIG. 6, the examples will be described in detail respectively. The following example takes UE handover from a 5G communication system to a 4G communication system as an example for illustration. And for the sake of illustration, in the following examples, the security context corresponding to the 5G communication system is referred to as the 5G security context, and the security context corresponding to the 4G communication system is referred to as the 4G security context; The network element with mobility management function is marked as AMF; in the 4G communication system, AN equipment is marked as eNB, and the network element with mobility management function in the core network is marked as MME. In addition, the data function network elements HSS and UDM that store user data in the 4G communication system and the 5G communication system can be integrated into the same network element, which is recorded as HSS/UDM.

Example 1: This example is based on the method provided by the embodiment shown in FIG. 3 . Referring to the flow chart shown in Fig. 5, the steps in this example will be described in detail.

S500: The UE resides in the 5G communication system, establishes a wireless link with the gNB, and a PDU session, and enters a connected state; the UE performs security verification with network devices in the 5G communication system such as the gNB and AMF using the 5G security context.

Both the UE and the NAS of the network device in the 5G communication system maintain the 5G security context.

S501: The inter-system handover process of the UE in the connected state triggered by the network (that is, the handover process from the 5G communication system to the 4G communication system). Optionally, in this example, S501 may be implemented by using the inter-system switching process in the current communication standard. Exemplarily, the process may include the following steps S5011-S5018.

S5011: When the gNB accessed by the UE in the 5G communication system determines that the current network environment meets the inter-system handover conditions, it sends a handover required (handover required) message to the AMF in the 5G communication system to trigger inter-system handover of the UE in the connected state .

S5012: The AMF performs mapping calculation on the 5G security context maintained by itself according to the saved setting security context mapping algorithm, and generates a 4G security context.

Since the 4G security context is obtained by mapping and calculating the 5G security context, the 4G security context may also be called a mapped security context, a 5G mapped security context, and the like.

S5013: The AMF sends handover-related information including the 4G security context to the MME in the 4G communication system.

After receiving the handover related information, the MME saves the handover related information, so that after the handover is successful, it can communicate with the UE according to the handover related information.

S5014: The AMF sends a handover command (handover command) to the gNB.

S5015: The gNB sends a handover command to the UE.

S5016: The UE performs mapping calculation on the 5G security context maintained by itself according to the saved set security context mapping algorithm to generate a 4G security context.

S5017: The UE sends a handover complete (handover complete) message to the eNB in the 4G communication system.

S5018: The eNB sends a handover notification (handover notify) to the MME.

S502: After switching to the 4G communication system, the UE initiates the first TAU process in the 4G communication system, that is, the UE sends a TAU request (TAU request) message to the MME. Wherein, the UE uses the 4G security context to perform integrity protection on the TAU request message.

S503: The MME receives the TAU request message, and executes corresponding TAU steps after successfully performing integrity verification on the TAU request message using the 4G security context. Optionally, in this example, the TAU step performed by the MME in the current communication standard may be used to implement S503. Exemplarily, the TAU step may include the following steps S5031-S5034.

S5031: The MMR sends a location update request (update location request) message to the HSS/UDM.

S5032: After receiving the location update request message, the HSS/UDM sends a deregistration notification (Nudm_UECM_DeregistrationNotification) to the AMF in the 5G communication system. The context of the UE is stored in the AMF, and the deregistration notification is used to notify the AMF to delete the context of the UE.

S5033: If the protection timer of the context of the UE has not expired, the AMF continues to maintain the context of the UE.

It should be noted that, if the protection timer of the context of the UE has expired, the AMF deletes the context of the UE when receiving the notification of deregistration. In addition, when the AMF continues to maintain the context of the UE because the protection timer has not expired, the protection timer continues to run until the AMF deletes the context of the UE when the protection timer expires.

Optionally, when any of the following steps S504a-S504d is executed, the radio link of the UE is released.

S504a: The MME sends a TAU reject (TAU reject) message to the UE when an exception occurs during the execution of the TAU step in S503. Wherein, the TAU rejection message is used to notify the UE that the current TAU process fails.

The TAU rejection message includes a rejection reason value indicating that the UE remains in the registered state and will not cause the UE to migrate to the deregistered state. Therefore, after receiving the TAU rejection message, the UE will continue to maintain the registration state.

Exemplarily, the rejection reason value contained in the TAU rejection message may be other rejection reason values except the following rejection reason values:

#3, #6, #8, #7, #9, #10, #11, #35, #12, #13, #14, #15, #22 (wherein #22 carries the T3346 value information element ( T3346 value IE), and the value of the T3346 value information element is neither 0 nor invalid (deactivated)), #25, #40, #42, #31.

S504b: The UE does not receive the TAU success response message from the MME. Wherein, the TAU success response message is used to notify the UE that the current TAU process is successful. However, the UE does not receive the TAU success response message, and the UE determines that the current TAU procedure fails.

Optionally, the UE may not receive the TAU success response message in the following situations:

Situation 1: An exception occurs when the MME executes the TAU step, and does not send a TAU success response message to the UE.

Situation 2: The message transmission between the MME and the UE is abnormal, and the successful response message sent by the MME to the TAU fails to be successfully transmitted to the UE.

Case 3: The UE starts the timer T3430 after sending the TAU request message; and during the timing of T3430, the UE does not receive the TAU success response message until the T3430 times out.

S504c: The UE determines that the radio link is abnormal.

Optionally, wireless link abnormalities may include, but are not limited to, the following situations:

The signal quality of the signal sent by the eNB received by the UE is degraded, the bit error rate of the data transmitted by the UE through the wireless link is high, and the UE cannot successfully transmit data through the wireless link.

S504d: The eNB determines that the radio link is abnormal.

Optionally, wireless link abnormalities may include, but are not limited to, the following situations:

The signal quality of the signal sent by the UE received by the eNB is degraded, the bit error rate of the data transmitted by the eNB through the wireless link is high, and the eNB cannot successfully transmit data through the wireless link.

S505: In any case of S504a-S504d above, the radio link of the UE is released, and the UE enters an idle state.

S506: The UE in the idle state re-initiates the TAU process, that is, the UE sends a TAU request message to the MME again. Wherein, this time, the UE adopts the 5G security context to perform integrity protection on the TAU request message.

Wherein, the TAU request message sent in S502 and S506 carries the 4G GUTI of the UE (that is, the GUTI of the UE in the 4G communication system). Wherein, the 4G GUTI is obtained by the UE according to the mapping of the 5G GUTI, therefore, the 4G GUTI can also be called a mapped GUTI.

Wherein, the 4G GUTI includes the device information of the AMF (for example, the identification or address of the AMF) that saves the context of the UE in the 5G communication system.

S507: After receiving the TAU request message sent from the UE in the idle state, the MME sends a context request (context request) message to the AMF in the 5G communication system according to the device information of the AMF in the TAU request message. Wherein, the context request message includes the TAU request message, which is used to request the context of the UE.

S508: After receiving the context request message, the AMF uses the 5G security context to perform integrity check on the TAU request message, and the check passes.

S509: The AMF returns a context response (context response) message to the MME. The context response message is used to indicate that the request for the context of the UE is successful. The context response message includes the context of the UE.

S510: After receiving the context response message, the MME returns a TAU success response message to the UE. The TAU success response message is used to notify that the TAU process is successful, and the UE is successfully registered in the 4G communication system.

In the solution of switching from the traditional 5G communication system to the 4G communication system, the UE in the connected state fails to perform the first TAU process after the handover, and the UE that enters the idle state continues to use the 4G security context to check the integrity of the TAU request message when it initiates the TAU process again. protection, and the MME will forward the TAU request message to the AMF to obtain the context of the UE, but the AMF can only use the 5G security context for integrity verification. Therefore, the AMF will fail to verify the TAU request message, resulting in the MME being unable to obtain The context of the UE will eventually lead to the failure of the re-initiated TAU procedure of the UE. Compared with the traditional solution, in this example, when the UE initiates the TAU process again, the 5G security context is used to protect the integrity of the TAU request message; this can ensure that when the AMF receives the TAU request message forwarded by the MME, the The AMF can successfully check the integrity of the TAU request message, so as to ensure that the MME can successfully obtain the context of the UE from the AMF, and then ensure that the UE can successfully register in the 4G communication system through the TAU process. Obviously, compared with the traditional solution, the solution provided by this example of this application can avoid the situation that the TAU process initiated by the UE is rejected again, improve the registration success rate of the UE in the scenario where the UE switches from the 5G communication system to the 4G communication system, and reduce the UE registration success rate. The delay in registering to the 4G communication system can ultimately guarantee the service continuity of the UE and user experience.

Example 2: This example is based on the method provided by the embodiment shown in FIG. 4 . Referring to the flow chart shown in FIG. 6, the steps in this example will be described in detail. Wherein, as shown in FIG. 5 and FIG. 6 , steps S600 - S605 in this example are the same as steps S500 - S505 in Example 1, therefore, the same steps can be referred to each other, and no further description is given here.

S606: After the first TAU process of the UE in the connected state after switching from the 5G communication system to the 4G communication system is successful, the UE releases the wireless link, and the UE in the idle state re-cams to the 4G communication system, and initiates an attach process.

Wherein, after entering the idle state, the UE may perform local de-registration, and then enter the de-registration state; and then re-stay in the 4G communication system through the process of frequency scanning and network search.

Optionally, the UE may use an attach procedure in a current communication standard to attach. For example, the UE accesses the 4G communication system through a random access procedure; then sends an attach request message to the MMR to request attachment and registration to the 4G communication system.

After the UE successfully completes the attach process, it can be registered in the 4G communication system.

In the example, after the UE in the connected state fails to perform the first TAU process after switching from the 5G communication system to the 4G communication system, causing the UE to release the wireless link, the UE in the idle state can initiate the attach process to register with the 4G communication system. system. Since the UE does not re-initiate the TAU process, but registers to the 4G communication system through the attach process, this example can enable the UE in the idle state to quickly register to the 4G communication system. Compared with the traditional solution above, the solution provided by the example of this application can avoid the situation that the UE initiates the TAU process again and is rejected, improve the registration success rate of the UE in the scenario of switching from the 5G communication system to the 4G communication system, and reduce the UE's successful registration to 4G communication. The delay of the system can ultimately guarantee the service continuity of the UE and the user experience.

Based on the same technical concept, the present application also provides a communication device, the structure of which is shown in FIG. 7 , including a communication unit 701 and a processing unit 702 . The communication apparatus 700 may be applied to a core network device or a UE in the communication architecture shown in FIG. 2 , and may implement the communication methods provided in the above embodiments and examples. Optionally, the physical form of the communication device 700 may be a communication device, such as a core network device or a terminal device (ie UE); or the communication device may be other devices capable of realizing the functions of a communication device, such as a communication The processor or chip inside the device, etc. Specifically, the communication device 700 may be a field-programmable gate array (field-programmable gate array, FPGA), a complex programmable logic device (complex programmable logic device, CPLD), an application specific integrated circuit (application specific integrated circuits, ASIC), Or some programmable chips such as System on a chip (SOC).

The functions of each unit in the apparatus 700 will be introduced below.

The communication unit 701 is configured to receive and send data.

When the communication device 700 is applied to a core network device, the communication unit 701 may be implemented through a physical interface, a communication module, a communication interface, and an input/output interface. The communication device 700 can be connected with a network cable or cable through the communication unit 701, and then establish a physical connection with other devices.

When the communication apparatus 700 is applied to a terminal device, the communication unit 701 may be implemented by a transceiver, for example, a mobile communication module.

The mobile communication module can provide wireless communication solutions including 2G/3G/4G/5G/6G and future generations applied to terminal equipment. The mobile communication module may include at least one antenna, at least one filter, a switch, a power amplifier, a low noise amplifier (low noise amplifier, LNA) and the like. The terminal device can access the AN device in the mobile communication system through the mobile communication module, and interact with the AN device, so as to realize the interaction between the terminal device and the mobile communication system.

In an implementation manner, the communication apparatus 700 is applied to the terminal device in FIG. 3 , for example, the UE in the example shown in FIG. 5 . The processing unit 702 is configured to:

After the terminal device is switched from the second communication system to the first communication system, a first set of security context is obtained; wherein, the first set of security context is used for the terminal device to communicate with a device located in the first communication system The first network device performs security verification;

After sending the first registration request message to the first core network device through the communication unit 701, release the wireless link of the terminal device; wherein, the first registration request message uses the first set of security context for complete permanent protection, the first network device includes the first core network device;

Send a second registration request message to the first core network device through the communication unit 701, where the second registration request message uses a second set of security context for integrity protection, and the second set of security context is used for The terminal device performs security verification with the second network device located in the second communication system.

Optionally, the processing unit 702, when acquiring the first set of security context, is specifically configured to:

Calculate the second set of security contexts according to the set security context mapping algorithm to generate the first set of security contexts.

Optionally, the processing unit 702 is specifically configured to: when releasing the wireless link of the terminal device:

When the communication unit 701 receives a registration rejection response message from the first core network device, release the wireless link.

Optionally, the registration refusal response message includes a refusal reason indication, and the refusal reason indication is used to instruct the terminal device to keep the registration state.

Optionally, the processing unit 702 is specifically configured to: when releasing the wireless link of the terminal device:

When the wireless link is abnormal, release the wireless link.

Optionally, the processing unit 702 is specifically configured to: when releasing the wireless link of the terminal device:

When the communication unit 701 does not receive a registration success response message from the first core network device, the wireless link is released.

Optionally, the second registration request message includes device information of a second core network device that has the context of the terminal device in the second communication system, and the second network device includes the second core network device network equipment.

Optionally, the processing unit 702 is further configured to:

After the communication unit 701 sends the second registration request message to the first core network device, the communication unit 701 receives a registration success response message from the first core network device.

Optionally, the second communication system is a fifth-generation 5G communication system, and the first communication system is a fourth-generation 4G communication system; the first registration request message is a tracking area update TAU request message, and the first The second registration request message is a TAU request message.

In an implementation manner, the communication apparatus 700 is applied to a first core network device located in the first communication system in FIG. 3 , for example, the MME in the example shown in FIG. 5 . The processing unit 702 is configured to:

After the terminal device switches from the second communication system to the first communication system, the communication unit 701 receives a registration request message from the terminal device in the idle state; the registration request message uses the second set of security context to perform Integrity protection; the second set of security context is used for security verification between the terminal device and the second network device in the second communication system;

Send a context request message to the second core network device located in the second communication system through the communication unit 701; wherein, the context request message includes the registration request message, and the context request message is used to request the In the context of the terminal device, the second network device includes the second core network device.

Optionally, the processing unit 702 is further configured to:

Receive a context response message from the second core network device through the communication unit 701; wherein the context response message is used to indicate that the request for the context of the terminal device is successful;

Send a registration success response message to the terminal device through the communication unit 701 .

Optionally, the registration request message includes device information of the second core network device that has the context of the terminal device in the second communication system; the processing unit 702, through the communication unit 701 Sending a context request message to a second core network device located in the second communication system includes:

Sending the context request message to the second core network device according to the device information of the second core device.

Optionally, the second communication system is a fifth-generation 5G communication system, and the first communication system is a fourth-generation 4G communication system; the registration request message is a tracking area update TAU request message.

In an implementation manner, the communication apparatus 700 is applied to a second core network device located in the second communication system in FIG. 3 , such as the AMF in the example shown in FIG. 5 . The processing unit 702 is configured to:

After the terminal device switches from the second communication system to the first communication system, the communication unit 701 receives a context request message from the first core network device; wherein the first core network device is located in the first In a communication system, the context request message includes a registration request message, and the registration request message uses a second set of security context for integrity protection; the second set of security context is used for the terminal device to communicate with the A second network device in the system performs security verification, and the second network device includes the second core device;

Perform integrity protection check on the registration request message by using the second set of security context.

Optionally, the processing unit 702 is further configured to:

After the verification is passed, the communication unit 701 sends a context response message to the first core network device; wherein the context response message is used to indicate that the request for the context of the terminal device is successful.

Optionally, the registration request message includes device information of the second core network device that has the context of the terminal device in the second communication system.

Optionally, the second communication system is a fifth-generation 5G communication system, and the first communication system is a fourth-generation 4G communication system; the registration request message is a tracking area update TAU request message.

In an implementation manner, the communication apparatus 700 is applied to the terminal device in FIG. 4 , for example, the UE in the example shown in FIG. 6 . The processing unit 702 is configured to:

After the terminal device is switched from the second communication system to the first communication system, a first set of security context is acquired; wherein, the first set of security context is used for the terminal device and the first communication system The first network device in the network performs security verification;

After the registration request message is sent to the first core network device through the communication unit 701, the wireless link of the terminal device is released; wherein, the registration request message uses the first set of security context for integrity protection, so The first network device includes the first core network device;

Initiate the attach process.

Optionally, the processing unit 702, when acquiring the first set of security context, is specifically configured to:

Calculate the second set of security contexts according to the set security context mapping algorithm to generate the first set of security contexts.

Optionally, the processing unit 702 is specifically configured to: when releasing the wireless link of the terminal device:

When the communication unit 701 receives a registration rejection response message from the first core network device, release the wireless link.

Optionally, the registration rejection response message includes a rejection reason indication, and the rejection original value indication is used to instruct the terminal device to maintain the registration state.

Optionally, the processing unit 702 is specifically configured to: when releasing the wireless link of the terminal device:

When the wireless link is abnormal, release the wireless link.

Optionally, the processing unit 702 is specifically configured to: when releasing the wireless link of the terminal device:

When the communication unit 701 does not receive a registration success response message from the first core network device, the wireless link is released.

Optionally, the registration request message includes device information of a second core network device that has the context of the terminal device in the second communication system, and the second network device includes the second core network device .

Optionally, the processing unit 702, when initiating the attach process, is specifically configured to:

Send an attach request message to the first core network device through the communication unit 701 .

Optionally, the second communication system is a fifth-generation 5G communication system, and the first communication system is a fourth-generation 4G communication system; the registration request message is a tracking area update TAU request message.

It should be noted that the division of modules in the above embodiments of the present application is schematic, and is only a logical function division. In actual implementation, there may be other division methods. In addition, each function in each embodiment of the present application Units can be integrated into one processing unit, or physically exist separately, or two or more units can be integrated into one unit. The above-mentioned integrated units can be implemented in the form of hardware or in the form of software functional units.

If the integrated unit is realized in the form of a software function unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application is essentially or part of the contribution to the prior art or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , including several instructions to make a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor (processor) execute all or part of the steps of the methods described in the various embodiments of the present application. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disc and other media that can store program codes. .

Based on the same technical concept, this application also provides a communication device, which can be applied to the core network device or UE in the communication architecture shown in Figure 2, and can implement the communication methods provided in the above embodiments and examples , having the functions of the communication device shown in FIG. 7 . Referring to FIG. 8 , the communication device 800 includes: a communication module 801 , a processor 802 and a memory 803 . Wherein, the communication module 801, the processor 802 and the memory 803 are connected to each other.

Optionally, the communication module 801 , the processor 802 and the memory 803 are connected to each other through a bus 804 . The bus 804 may be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus or an extended industry standard architecture (extended industry standard architecture, EISA) bus or the like. The bus can be divided into address bus, data bus, control bus and so on. For ease of representation, only one thick line is used in FIG. 8 , but it does not mean that there is only one bus or one type of bus.

The communication module 801 is configured to receive and send data to realize communication interaction with other devices. For example, when the communication device 800 is applied to a core network device, the communication module 801 may be implemented through a physical interface, a communication module, a communication interface, and an input/output interface. For another example, when the communication device 800 is applied to a terminal device, the communication module 801 may also be implemented by a transceiver.

In an implementation manner, the communication device 800 may be the terminal device in FIG. 3 , such as the UE in the example shown in FIG. 5 . Processor 802 for:

After the terminal device is switched from the second communication system to the first communication system, a first set of security context is obtained; wherein, the first set of security context is used for the terminal device to communicate with a device located in the first communication system The first network device performs security verification;

After sending the first registration request message to the first core network device through the communication module 801, release the wireless link of the terminal device; wherein, the first registration request message uses the first set of security context for complete permanent protection, the first network device includes the first core network device;

Send a second registration request message to the first core network device through the communication module 801, where the second registration request message uses a second set of security context for integrity protection, and the second set of security context is used for The terminal device performs security verification with the second network device located in the second communication system.

In another implementation manner, the communication device 800 may be a first core network device located in the first communication system in FIG. 3 , for example, the MME in the example shown in FIG. 5 . The processor 802 is configured to:

After the terminal device switches from the second communication system to the first communication system, the communication module 801 receives a registration request message from the terminal device in the idle state; the registration request message uses the second set of security context to perform Integrity protection; the second set of security context is used for security verification between the terminal device and the second network device in the second communication system;

Send a context request message to the second core network device located in the second communication system through the communication module 801; wherein, the context request message includes the registration request message, and the context request message is used to request the In the context of the terminal device, the second network device includes the second core network device.

In another implementation manner, the communication device 800 may be a second core network device located in the second communication system in FIG. 3 , for example, the AMF in the example shown in FIG. 5 . The processor 802 is configured to:

After the terminal device switches from the second communication system to the first communication system, the communication module 801 receives a context request message from the first core network device; wherein the first core network device is located in the first In a communication system, the context request message includes a registration request message, and the registration request message uses a second set of security context for integrity protection; the second set of security context is used for the terminal device to communicate with the A second network device in the system performs security verification, and the second network device includes the second core device;

Perform integrity protection check on the registration request message by using the second set of security context.

In another implementation manner, the communication device 800 may be the terminal device in FIG. 4 , for example, the UE in the example shown in FIG. 6 . Processor 802 for:

After the terminal device is switched from the second communication system to the first communication system, a first set of security context is acquired; wherein, the first set of security context is used for the terminal device and the first communication system The first network device in the network performs security verification;

After the registration request message is sent to the first core network device through the communication module 801, the wireless link of the terminal device is released; wherein, the registration request message uses the first set of security context for integrity protection, so The first network device includes the first core network device;

Initiate the attach process.

It should be noted that this embodiment does not describe the specific functions of the processor 802 in detail. For the specific functions of the processor 802, refer to the descriptions in the communication methods provided in the above embodiments and examples, and the implementation shown in FIG. 7 The specific functions of the communication device 700 are described in the example, which will not be repeated here.

The memory 803 is used to store program instructions and data. Specifically, the program instructions may include program codes including computer operation instructions. The memory 803 may include a random access memory (random access memory, RAM), and may also include a non-volatile memory (non-volatile memory), such as at least one disk memory. The processor 802 executes the program instructions stored in the memory 803 and uses the data stored in the memory 803 to implement the above functions, thereby realizing the communication method provided by the above embodiments.

It can be understood that the memory 803 in FIG. 8 of the present application may be a volatile memory or a non-volatile memory, or may include both volatile and non-volatile memories. Among them, the non-volatile memory can be read-only memory (Read-Only Memory, ROM), programmable read-only memory (Programmable ROM, PROM), erasable programmable read-only memory (Erasable PROM, EPROM), electronically programmable Erase Programmable Read-Only Memory (Electrically EPROM, EEPROM) or Flash. The volatile memory can be Random Access Memory (RAM), which acts as external cache memory. By way of illustration and not limitation, many forms of RAM are available, such as Static Random Access Memory (Static RAM, SRAM), Dynamic Random Access Memory (Dynamic RAM, DRAM), Synchronous Dynamic Random Access Memory (Synchronous DRAM, SDRAM), double data rate synchronous dynamic random access memory (Double Data Rate SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (Enhanced SDRAM, ESDRAM), synchronous connection dynamic random access memory (Synchlink DRAM, SLDRAM ) and Direct Memory Bus Random Access Memory (Direct Rambus RAM, DR RAM). It should be noted that the memory of the systems and methods described herein is intended to include, but not be limited to, these and any other suitable types of memory.

Based on the above embodiments, an embodiment of the present application further provides a computer program that, when the computer program is run on a computer, causes the computer to execute the communication method provided by the above embodiments.

Based on the above embodiments, the embodiments of the present application also provide a computer-readable storage medium, in which a computer program is stored. When the computer program is executed by a computer, the computer executes the communication provided by the above embodiments. method.

Wherein, the storage medium may be any available medium that can be accessed by a computer. By way of example but not limitation: computer-readable media may include RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage media or other magnetic storage devices, or may be used to carry or store information in the form of instructions or data structures desired program code and any other medium that can be accessed by a computer.

Based on the above embodiments, the embodiments of the present application further provide a chip, the chip is configured to read a computer program stored in a memory, and implement the communication method provided by the above embodiments.

Based on the above embodiments, an embodiment of the present application provides a chip system, the chip system includes a processor, configured to support a computer device to implement the functions involved in the service device, forwarding device, or site device in the above embodiments. In a possible design, the chip system further includes a memory, and the memory is used to store necessary programs and data of the computer device. The system-on-a-chip may consist of chips, or may include chips and other discrete devices.

To sum up, the embodiments of the present application provide a communication method, device, and equipment. In this solution, after inter-system handover, the terminal device in the connected state fails to perform the first registration process of the target communication system, causing the terminal device to release the wireless link. When the terminal device in the idle state initiates the registration process again, Sending a registration request message that uses the security context corresponding to the source communication system for integrity protection. In this way, after receiving the registration request message, the target communication system can successfully obtain the context of the terminal device from the source communication system based on the registration request message, and then enable the terminal device to successfully register with the target communication system. To sum up, this solution can avoid the situation that the registration process initiated by the terminal device is rejected again, improve the registration success rate of the terminal device in the inter-system handover scenario, reduce the registration delay of the terminal device, and finally ensure the business continuity of the terminal device and guarantee user experience.

Those skilled in the art should understand that the embodiments of the present application may be provided as methods, systems, or computer program products. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the present application. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby The instructions provide steps for implementing the functions specified in the flow chart or blocks of the flowchart and/or the block or blocks of the block diagrams.

Apparently, those skilled in the art can make various changes and modifications to this application without departing from the protection scope of this application. In this way, if these modifications and variations of the present application fall within the scope of the claims of the present application and their equivalent technologies, the present application is also intended to include these modifications and variations.

Claims (38)

1. A communication method, characterized in that, comprising:

   After the terminal device switches from the second communication system to the first communication system, it acquires a first set of security context; wherein, the first set of security context is used for the terminal device to communicate with the first security context located in the first communication system. Security verification of network equipment;

   After the terminal device sends a first registration request message to the first core network device, the terminal device releases the wireless link; wherein, the first registration request message uses the first set of security context for integrity protection, The first network device includes the first core network device;

   The terminal device sends a second registration request message to the first core network device, where the second registration request message uses a second set of security context for integrity protection, and the second set of security context is used for the The terminal device performs security verification with the second network device located in the second communication system.
2. The method according to claim 1, wherein said terminal device obtaining a first set of security context comprises:

   The terminal device calculates the second set of security contexts according to the set security context mapping algorithm to generate the first set of security contexts.
3. The method according to claim 1 or 2, wherein the release of the wireless link by the terminal device comprises:

   When the terminal device receives the registration rejection response message from the first core network device, the terminal device releases the wireless link.
4. The method according to claim 3, wherein the registration refusal response message includes a refusal reason indication, and the refusal reason indication is used to instruct the terminal device to maintain a registration state.
5. The method according to claim 1 or 2, wherein the release of the wireless link by the terminal device comprises:

   When the wireless link is abnormal, the terminal device releases the wireless link.
6. The method according to claim 1 or 2, wherein the release of the wireless link by the terminal device comprises:

   When the registration success response message from the first core network device is not received, the terminal device releases the wireless link.
7. The method according to any one of claims 1-6, wherein the second registration request message includes device information of a second core network device that has the context of the terminal device in the second communication system , the second network device includes the second core network device.
8. The method according to any one of claims 1-7, wherein after the terminal device sends a second registration request message to the first core network device, the method further comprises:

   The terminal device receives a registration success response message from the first core network device.
9. The method according to any one of claims 1-8, wherein the second communication system is a fifth-generation 5G communication system, and the first communication system is a fourth-generation 4G communication system;

   The first registration request message is a tracking area update TAU request message, and the second registration request message is a TAU request message.
10. A communication method, characterized in that, comprising:

    After the terminal device switches from the second communication system to the first communication system, the first core network device located in the first communication system receives a registration request message from the terminal device in an idle state; the registration request message uses the first performing integrity protection with two sets of security contexts; the second set of security contexts is used to perform security verification between the terminal device and a second network device located in the second communication system;

    The first core network device sends a context request message to a second core network device located in the second communication system; wherein the context request message includes the registration request message, and the context request message is used to request the In the context of the terminal device, the second network device includes the second core network device.
11. The method of claim 10, further comprising:

    The first core network device receives a context response message from the second core network device; the context response message is used to indicate that the request for the context of the terminal device is successful;

    The first core network device sends a registration success response message to the terminal device.
12. The method according to claim 10 or 11, wherein the registration request message includes device information of the second core network device that has the context of the terminal device in the second communication system; the The first core network device sends a context request message to the second core network device located in the second communication system, including:

    The first core network device sends the context request message to the second core network device according to the device information of the second core network device.
13. The method according to any one of claims 10-12, wherein the second communication system is a fifth-generation 5G communication system, and the first communication system is a fourth-generation 4G communication system;

    The registration request message is a tracking area update TAU request message.
14. A communication method, characterized in that, comprising:

    After the terminal device switches from the second communication system to the first communication system, the second core network device receives a context request message from the first core network device; wherein the second core network device is located in the second communication system, The first core network device is located in the first communication system, the context request message includes a registration request message, and the registration request message uses a second set of security context for integrity protection; the second set of security context uses performing security verification between the terminal device and a second network device located in the second communication system, where the second network device includes the second core device;

    The second core network device uses the second set of security context to perform integrity protection check on the registration request message.
15. The method of claim 14, further comprising:

    After the verification is passed, the second core network device sends a context response message to the first core network device; the context response message is used to indicate that the request for the context of the terminal device is successful.
16. The method according to claim 14 or 15, wherein the registration request message includes device information of the second core network device having the context of the terminal device in the second communication system.
17. The method according to any one of claims 14-16, wherein the second communication system is a fifth-generation 5G communication system, and the first communication system is a fourth-generation 4G communication system;

    The registration request message is a tracking area update TAU request message.
18. A communication device applied to terminal equipment, characterized in that it includes:

    a communication unit for receiving and sending data;

    processing unit for:

    After the terminal device is switched from the second communication system to the first communication system, a first set of security context is obtained; wherein, the first set of security context is used for the terminal device to communicate with a device located in the first communication system The first network device performs security verification;

    After sending the first registration request message to the first core network device through the communication unit, release the wireless link of the terminal device; wherein, the first registration request message uses the first set of security context for integrity protection, the first network device includes the first core network device;

    Send a second registration request message to the first core network device through the communication unit, where the second registration request message uses a second set of security context for integrity protection, and the second set of security context is used for all The terminal device performs security verification with the second network device located in the second communication system.
19. The device according to claim 18, wherein the processing unit, when acquiring the first set of security context, is specifically configured to:

    Calculate the second set of security contexts according to the set security context mapping algorithm to generate the first set of security contexts.
20. The apparatus according to claim 18 or 19, wherein the processing unit, when releasing the wireless link of the terminal device, is specifically configured to:

    Release the wireless link when the communication unit receives a registration rejection response message from the first core network device.
21. The apparatus according to claim 20, wherein the registration refusal response message includes a refusal reason indication, and the refusal reason indication is used to instruct the terminal device to maintain a registration state.
22. The apparatus according to claim 18 or 19, wherein the processing unit, when releasing the wireless link of the terminal device, is specifically configured to:

    When the wireless link is abnormal, release the wireless link.
23. The apparatus according to claim 18 or 19, wherein the processing unit, when releasing the wireless link of the terminal device, is specifically configured to:

    releasing the wireless link when the registration success response message from the first core network device is not received through the communication unit.
24. The device according to any one of claims 18-23, wherein the second registration request message includes the device information of the second core network device that has the context of the terminal device in the second communication system , the second network device includes the second core network device.
25. The device according to any one of claims 18-24, wherein the processing unit is further configured to:

    After the communication unit sends the second registration request message to the first core network device, the communication unit receives a registration success response message from the first core network device.
26. The device according to any one of claims 18-25, wherein the second communication system is a fifth-generation 5G communication system, and the first communication system is a fourth-generation 4G communication system;

    The first registration request message is a tracking area update TAU request message, and the second registration request message is a TAU request message.
27. A communication device, applied to a first core network device, where the first core network device is located in a first communication system, characterized in that it includes:

    a communication unit for receiving and sending data;

    processing unit for:

    After the terminal device switches from the second communication system to the first communication system, the communication unit receives a registration request message from the terminal device in the idle state; the registration request message uses the second set of security context for complete security protection; the second set of security context is used for security verification between the terminal device and the second network device located in the second communication system;

    Send a context request message to a second core network device located in the second communication system through the communication unit; wherein, the context request message includes the registration request message, and the context request message is used to request the terminal A device context, where the second network device includes the second core network device.
28. The device according to claim 27, wherein the processing unit is further configured to:

    receiving a context response message from the second core network device through the communication unit; wherein the context response message is used to indicate that the request for the context of the terminal device is successful;

    Sending a registration success response message to the terminal device through the communication unit.
29. The device according to claim 27 or 28, wherein the registration request message includes device information of the second core network device that has the context of the terminal device in the second communication system; the The processing unit, sending the context request message to the second core network device located in the second communication system through the communication unit, includes:

    Sending the context request message to the second core network device according to the device information of the second core device.
30. The device according to any one of claims 27-29, wherein the second communication system is a fifth-generation 5G communication system, and the first communication system is a fourth-generation 4G communication system;

    The registration request message is a tracking area update TAU request message.
31. A communication device, applied to a second core network device, where the second core network device is located in a second communication system, characterized in that it includes:

    a communication unit for receiving and sending data;

    processing unit for:

    After the terminal device switches from the second communication system to the first communication system, the communication unit receives a context request message from the first core network device; wherein the first core network device is located in the first communication In the system, the context request message includes a registration request message, and the registration request message uses a second set of security context for integrity protection; the second set of security context is used for the terminal device and the terminal device located in the second communication system Perform security verification on the second network device in the second network device, the second network device includes the second core device;

    Perform integrity protection check on the registration request message by using the second set of security context.
32. The device according to claim 31, wherein the processing unit is further configured to:

    After the verification is passed, the communication unit sends a context response message to the first core network device; wherein the context response message is used to indicate that the request for the context of the terminal device is successful.
33. The apparatus according to claim 31 or 32, wherein the registration request message includes the device information of the second core network device having the context of the terminal device in the second communication system.
34. The device according to any one of claims 31-33, wherein the second communication system is a fifth-generation 5G communication system, and the first communication system is a fourth-generation 4G communication system;

    The registration request message is a tracking area update TAU request message.
35. A communication device, characterized in that it includes:

    A communication module for receiving and sending data;

    A processor, configured to implement the method according to any one of claims 1-17 through the communication module.
36. A computer-readable storage medium, characterized in that a computer program is stored in the computer-readable storage medium, and when the computer program is run on a computer, the computer is made to execute the method described in any one of claims 1-17. method.
37. A computer program product, characterized in that, when the computer program product is run on a computer, the computer is made to execute the method according to any one of claims 1-17.
38. A chip, characterized in that the chip is coupled with a memory, and the chip reads a computer program stored in the memory to execute the method according to any one of claims 1-17.

Images