CN109644354B - Integrity verification method, network equipment, UE and computer storage medium - Google Patents
Integrity verification method, network equipment, UE and computer storage medium Download PDFInfo
- Publication number
- CN109644354B CN109644354B CN201880002951.9A CN201880002951A CN109644354B CN 109644354 B CN109644354 B CN 109644354B CN 201880002951 A CN201880002951 A CN 201880002951A CN 109644354 B CN109644354 B CN 109644354B
- Authority
- CN
- China
- Prior art keywords
- integrity protection
- configuration information
- protection verification
- base station
- request message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012795 verification Methods 0.000 title claims abstract description 207
- 238000000034 method Methods 0.000 title claims abstract description 51
- 238000011084 recovery Methods 0.000 claims abstract description 90
- 238000012545 processing Methods 0.000 claims description 37
- 238000004891 communication Methods 0.000 claims description 24
- 238000004422 calculation algorithm Methods 0.000 claims description 20
- 238000004590 computer program Methods 0.000 claims description 8
- 238000004364 calculation method Methods 0.000 claims description 4
- 235000019527 sweetened beverage Nutrition 0.000 description 80
- 230000000977 initiatory effect Effects 0.000 description 8
- 230000011664 signaling Effects 0.000 description 8
- 230000005540 biological transmission Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 7
- 230000003993 interaction Effects 0.000 description 7
- 101000824890 Homo sapiens SOSS complex subunit B2 Proteins 0.000 description 2
- 102100022330 SPRY domain-containing SOCS box protein 2 Human genes 0.000 description 2
- 101710141938 Single-stranded DNA-binding protein 2 Proteins 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 101150012579 ADSL gene Proteins 0.000 description 1
- 102100020775 Adenylosuccinate lyase Human genes 0.000 description 1
- 108700040193 Adenylosuccinate lyases Proteins 0.000 description 1
- 206010033799 Paralysis Diseases 0.000 description 1
- 238000007792 addition Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000013468 resource allocation Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W24/00—Supervisory, monitoring or testing arrangements
- H04W24/02—Arrangements for optimising operational condition
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
- H04W76/19—Connection re-establishment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
- H04W12/106—Packet or message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/20—Manipulation of established connections
- H04W76/27—Transitions between radio resource control [RRC] states
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses an integrity verification method, network equipment, User Equipment (UE) and a computer storage medium, wherein the method comprises the following steps: configuring integrity protection verification configuration information for verifying an RRC recovery request message initiated by User Equipment (UE); and performing integrity protection verification on the RRC recovery request message sent by the UE based on the configuration information of the integrity protection verification.
Description
Technical Field
The present invention relates to the field of information processing technologies, and in particular, to an integrity verification method, a network device, a User Equipment (UE), and a computer storage medium.
Background
When the UE is in RRC _ INACTIVE state, the network side configures a paging area of the RAN for the UE, and when the UE moves in the paging area, the network side does not need to be notified, and follows mobility under idle, i.e. cell selection and reselection principle. When the UE moves out of the paging area configured by the RAN, the UE is triggered to recover RRC connection and reacquire the paging area configured by the RAN.
In the prior art, the integrity protection verification of the RRC Resume request message (MSG3) is performed at the original base station, for example, AS shown in fig. 1, that is, the serving base station sends the short mac-I and the UE context identification information in the received RRC Resume request message to the desired base station, and the original base station performs the integrity protection verification, and if the integrity protection verification passes, the original base station forwards the AS context of the UE to the serving base station, so that the serving base station can recover the context of the UE and further recover the RRC connection. But if the integrity protection verification of the RRC Resume request message fails, the original base station does not send the security context, but the signaling of the Xn interface still exists. If the false UE tries to destroy the network side and continuously sends an RRC Resume request message to the base station, the base station continuously tries to acquire the security context of the false UE, so that the network consumes excessive resources to process meaningless processing, and even the network is paralyzed.
Disclosure of Invention
To solve the foregoing technical problem, embodiments of the present invention provide an integrity verification method, a network device, a User Equipment (UE), and a computer storage medium.
The embodiment of the invention provides an integrity verification method, which is applied to first network equipment and comprises the following steps:
configuring integrity protection verification configuration information for verifying an RRC recovery request message initiated by User Equipment (UE);
and performing integrity protection verification on the RRC recovery request message sent by the UE based on the configuration information of the integrity protection verification.
The embodiment of the invention provides an integrity verification method, which is applied to second network equipment and comprises the following steps:
when the UE is used as an original service base station of the UE and the context of the UE is saved, before the UE is released to enter an inactive state, integrity protection verification configuration information about RRC recovery request messages initiated by the verification UE is sent to first network equipment.
The embodiment of the invention provides an integrity verification method, which is applied to UE and comprises the following steps:
an RRC recovery request message is sent to the first network device.
An embodiment of the present invention provides a first network device, including:
the first communication unit is used for verifying the integrity protection verification configuration information of an RRC recovery request message initiated by User Equipment (UE);
and the first processing unit is used for carrying out integrity protection verification on the RRC recovery request message sent by the UE based on the configuration information of the integrity protection verification.
An embodiment of the present invention provides a second network device, including:
the second processing unit is used for sending integrity protection verification configuration information about verifying an RRC recovery request message initiated by the UE to the first network equipment through the second communication unit before releasing the UE to enter an inactive state when the second processing unit is used as an original service base station of the UE and saves the context of the UE;
and the second communication unit is used for sending the integrity protection verification configuration information to the first network equipment.
An embodiment of the present invention provides a UE, including:
and a third communication unit which transmits the RRC restoration request message to the first network device.
The network device provided by the embodiment of the invention comprises: a processor and a memory for storing a computer program capable of running on the processor,
wherein the processor is configured to perform the steps of the aforementioned method when running the computer program.
The embodiment of the invention provides a UE, which comprises: a processor and a memory for storing a computer program capable of running on the processor,
wherein the processor is configured to perform the steps of the aforementioned method when running the computer program.
Embodiments of the present invention provide a computer storage medium, which stores computer-executable instructions, and when executed, implement the foregoing method steps.
According to the technical scheme of the embodiment of the invention, the first network equipment can carry out integrity protection verification by pre-configuring the configuration information of the RRC connection recovery request message integrity protection verification; therefore, data transmission caused by signaling interaction between the first network equipment, particularly between the serving base station and the anchor base station, can be reduced, and particularly, a scene that false UE attacks the network in the system can be avoided.
Drawings
FIG. 1 is a schematic diagram illustrating a process flow of RRC connection recovery;
FIG. 2 is a schematic diagram of a network architecture;
FIG. 3 is a flowchart of an integrity verification method according to an embodiment of the present invention, schematically illustrated in FIG. 1;
FIG. 4 is a flowchart of an integrity verification method according to an embodiment of the present invention, schematically illustrated in FIG. 2;
FIG. 5 is a flowchart of an integrity verification method according to an embodiment of the present invention, schematically illustrated in FIG. 3;
FIG. 6 is a flowchart of an integrity verification method according to an embodiment of the present invention, schematically illustrating FIG. 4;
fig. 7 is a schematic diagram of a first network device according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of a second network device according to an embodiment of the present invention;
FIG. 9 is a schematic diagram of a UE configuration according to an embodiment of the present invention;
fig. 10 is a diagram illustrating a hardware architecture according to an embodiment of the present invention.
Detailed Description
So that the manner in which the features and aspects of the embodiments of the present invention can be understood in detail, a more particular description of the embodiments of the invention, briefly summarized above, may be had by reference to the embodiments, some of which are illustrated in the appended drawings.
A communication system in which a UE according to the present invention communicates with a network device is described with reference to fig. 2.
Such communication systems may use different air interfaces and/or physical layers. For example, the air interface used by the communication system includes, for example, Frequency Division Multiple Access (FDMA), Time Division Multiple Access (TDMA), Code Division Multiple Access (CDMA), and Universal Mobile Telecommunications System (UMTS) (in particular, Long Term Evolution (LTE)), global system for mobile communications (GSM), and the like. By way of non-limiting example, the following description relates to a CDMA communication system, but such teachings are equally applicable to other types of systems.
Referring to fig. 2, the CDMA wireless communication system may include a plurality of UEs 100, a plurality of network devices, such as a Base Station (BS)270, a Base Station Controller (BSC)275, and a Mobile Switching Center (MSC)280, etc., in the figure. The MSC280 is configured to interface with a Public Switched Telephone Network (PSTN) 290. The MSC280 is also configured to interface with a BSC275, which may be coupled to the base station 270 via a backhaul. The backhaul may be constructed according to any of several known interfaces including, for example, E1/T1, ATM, IP, PPP, frame Relay, HDSL, ADSL, or xDSL. It will be understood that a system as shown in fig. 2 may include multiple BSCs 2750.
In fig. 2, a plurality of satellites 300 are also depicted, but it is understood that useful positioning information may be obtained with any number of satellites. As a typical operation of the wireless communication system, the BS270 receives reverse link signals from various UEs 100. The UE100 is typically engaged in telephony, messaging, and other types of communications. Each reverse link signal received by a particular base station 270 is processed within the particular BS 270. The obtained data is forwarded to the associated BSC 275. The BSC provides call resource allocation and mobility management functions including coordination of soft handoff procedures between BSs 270. The BSCs 275 also route the received data to the MSC280, which provides additional routing services for interfacing with the PSTN 290. Similarly, the PSTN290 interfaces with the MSC280, which interfaces with the BSCs 275, and the BSCs 275 accordingly control the BS270 to transmit forward link signals to the UE 100.
The first embodiment,
An embodiment of the present invention provides an integrity verification method, which is applied to a first network device, and as shown in fig. 3, the integrity verification method includes:
step 301: configuring integrity protection verification configuration information for verifying a User Equipment (UE) -initiated RRC resume request message;
step 302: and performing integrity protection verification on the RRC recovery request message sent by the UE based on the configuration information of the integrity protection verification.
The first network device in this embodiment may be a base station that currently provides service for the UE.
The present embodiment may have the following two processing scenarios, which are respectively described as follows:
The first network device may also obtain integrity protection verification configuration information sent by a serving base station (second network device) before the UE in advance, and specifically includes:
receiving integrity protection verification configuration information sent by second network equipment and used for verifying an RRC recovery request message initiated by UE; and the second network equipment is an original service base station serving the UE, and sends integrity protection verification configuration information for verifying an RRC recovery request message initiated by the UE to the first network equipment before the second network equipment releases the UE to enter an inactive state.
The following processing is also performed on the second network device side: before sending the configuration information (that is, before sending integrity protection verification configuration information on verifying the RRC Resume request message initiated by the UE to the neighboring base station), the second network device calculates a corresponding KgNB (key) and a corresponding shortMAC-I according to the frequency domain SSB configuration information of the neighboring cell.
The integrity protection verification configuration information includes at least one of: at least one short MAC-I, UE context identifies the I-RNTI.
If the target cell is a wideband carrier that contains multiple SSBs in one frequency domain. The integrity protection verification configuration information includes ShortMAC-I corresponding to each SSB and corresponding SSB identification information.
That is, when there are a plurality of SSBs, the integrity protection verification configuration information further includes: identification information of an SSB corresponding to at least one SSB contained in a frequency domain range in a target cell managed by the first network equipment; and, the at least one short MAC-I corresponds to identification information of the at least one SSB.
And the network side completes configuration processing, then the UE carries out RRC recovery request, and before initiating RRC Resume request message to the target, the UE updates the key and calculates ShortMAC-I according to the ARFCN and PCI information of the current SSB.
Correspondingly, the integrity protection verification is performed on the RRC recovery request message sent by the UE on the first network device side based on the configuration information of the integrity protection verification, which further includes:
receiving an RRC recovery request message sent by the UE;
when the integrity protection verification configuration information corresponding to the UE exists, performing integrity protection verification on an RRC recovery request message sent by the UE based on the integrity protection verification configuration information;
or,
and when the integrity protection verification configuration information corresponding to the UE does not exist, addressing the anchor base station corresponding to the UE, so that the anchor base station executes integrity protection verification on the RRC recovery request message.
That is, the UE initiates an RRC Resume request message to a certain base station, and if the base station has integrity protection verification configuration information corresponding to the UE, performs integrity protection verification of the RRC Resume request message. Otherwise, the anchor gNB is addressed, and the anchor gNB is made to perform integrity protection verification of the RRC Resume request message.
Searching for a stored short MAC-I according to the UE identification information carried in the RRC recovery request message; performing integrity protection verification based on the short MAC-I; when the verification is successful, addressing target network equipment for the UE, and obtaining the UE context; rejecting the UE when the authentication fails.
That is, if the current base station can perform integrity protection verification of the RRC Resume request message, if the verification is successful, the target base station is addressed to perform UE context solicitation, otherwise, the UE is directly rejected.
In this scenario, further reference may be made to fig. 4 and 5, where fig. 4 illustrates that the anchor base station may be a source base station connected to the UE, and the T-gbb may be understood as a current serving base station of the UE; obtaining integrity protection verification configuration information between the anchor base station and the service base station through an Xn interface; then, the anchor base station sends an RRC connection release message or an RRC pause message to the UE; the UE camps on the target gNB, and the RRC connection is reserved. The UE calculates short MAC-I at least based on information such as C-RNTI, source PCI, target cell identification and the like; the UE sends an RRC connection recovery request message to a target base station, wherein the RRC connection recovery request message at least comprises (ShortMAC-I and I-RNTI); the target base station searches the short MAC-I based on the I-RNTI in the RRC connection recovery request message, and then the target base station performs integrity check protection according to the short MAC-I; if the current base station, namely the target base station, can execute the integrity protection verification of the RRC Resume request message, if the verification is successful, the target base station is addressed to carry out the UE context request, otherwise, the UE is directly rejected.
Fig. 5 illustrates that, 1, the anchor base station (i.e., the second network device in this embodiment) first calculates a secret key and each SSB corresponds to a secret key, and then determines the ARFCN and the PCI; calculating to obtain the ShortMAC-I corresponding to each SSB based on the KRRCint corresponding to each SSB and the old security algorithm, namely the ShortMAC-I-1, the ShortMAC-I-2 and the ShortMAC-I-3 shown in the figure;
2. the anchor base station sends a key, shortMAC-I and I-RNTI corresponding to each SSB to a target base station (namely, a first network device in the embodiment);
3. before the UE sends the RRC recovery request, the UE may determine that its camped cell is SSB 2; calculating to obtain a key KgNB, extracting ARFCN and PCI from SSB2, then obtaining KRRCint, and calculating to obtain ShortMAC-I based on the obtained information and the old security algorithm;
4. when receiving an RRC recovery request sent by the UE, the target base station finds the corresponding ShortMAC-I based on the I-RNTI in the RRC recovery request, and then performs security check.
The first network device may also obtain integrity protection verification configuration information sent by a serving base station (second network device) before the UE in advance, and specifically includes:
receiving integrity protection verification configuration information sent by second network equipment and used for verifying an RRC recovery request message initiated by UE; and the second network equipment is an original service base station serving the UE, and sends integrity protection verification configuration information for verifying an RRC recovery request message initiated by the UE to the first network equipment before the second network equipment releases the UE to enter an inactive state.
The following processing is also performed on the second network device side: before sending the configuration information (that is, before sending the integrity protection verification configuration information about verifying the RRC Resume request message initiated by the UE to the neighboring base station), the second network device calculates the corresponding KgNB according to the frequency domain SSB configuration information of the neighboring cell.
The integrity protection verification configuration information includes at least one of: at least one secret key, UE context identification I-RNTI, a security algorithm, PCI of an original service base station and C-RNTI of the original service base station.
If a plurality of SSBs are included, the method may further include:
identification information of an SSB corresponding to at least one SSB contained in a frequency domain range in a target cell managed by the first network equipment; and, the at least one key corresponds to identification information of the at least one SSB.
The integrity protection verification configuration information comprises KgNB, UE context identifier I-RNTI, a stored security algorithm, and original side PCI and C-RNTI. If the target cell is a wideband carrier that contains multiple SSBs in one frequency domain. The integrity protection verification configuration information includes the KgNB corresponding to each SSB and the corresponding SSB identification information.
And the network side completes configuration processing, then the UE carries out RRC recovery request, and before initiating RRC Resume request message to the target, the UE updates the key and calculates ShortMAC-I according to the ARFCN and PCI information of the current SSB.
Correspondingly, the integrity protection verification is performed on the RRC recovery request message sent by the UE on the first network device side based on the configuration information of the integrity protection verification, which further includes:
receiving an RRC recovery request message sent by the UE;
when the integrity protection verification configuration information corresponding to the UE exists, performing integrity protection verification on an RRC recovery request message sent by the UE based on the integrity protection verification configuration information;
or,
and when the integrity protection verification configuration information corresponding to the UE does not exist, addressing the anchor base station corresponding to the UE, so that the anchor base station executes integrity protection verification on the RRC recovery request message.
That is, the UE initiates an RRC Resume request message to a certain base station, and if the base station has integrity protection verification configuration information corresponding to the UE, performs integrity protection verification of the RRC Resume request message. Otherwise, the anchor gNB is addressed, and the anchor gNB is made to perform integrity protection verification of the RRC Resume request message.
Searching a stored key according to the identification information carried in the RRC recovery request message; calculating to obtain a short MAC-I at least based on the secret key and the security algorithm; performing integrity protection verification based on the short MAC-I obtained by calculation; when the verification is successful, addressing target network equipment for the UE, and obtaining the UE context; rejecting the UE when the authentication fails.
That is, the target base station searches the stored KgNB according to the information carried in the RRC resume request message, and then calculates shortMAC-I. If the current base station can execute the integrity protection verification of the RRC Resume request message, if the verification is successful, the target base station is addressed to carry out the UE context request, otherwise, the UE is directly rejected.
In this scenario, further reference may be made to fig. 4 and 6, where fig. 4 illustrates that the anchor base station may be a source base station connected to the UE, and the T-gbb may be understood as a current serving base station of the UE; obtaining integrity protection verification configuration information between the anchor base station and the service base station through an Xn interface; then, the anchor base station sends an RRC connection release message or an RRC pause message to the UE; the UE camps on the target gNB, and the RRC connection is reserved. The UE calculates short MAC-I at least based on information such as C-RNTI, source PCI, target cell identification and the like; the UE sends an RRC connection recovery request message to a target base station, wherein the RRC connection recovery request message at least comprises (ShortMAC-I and I-RNTI); the target base station searches the short MAC-I based on the I-RNTI in the RRC connection recovery request message, and then the target base station performs integrity check protection according to the short MAC-I; if the current base station, namely the target base station, can execute the integrity protection verification of the RRC Resume request message, if the verification is successful, the target base station is addressed to carry out the UE context request, otherwise, the UE is directly rejected.
Fig. 6 illustrates that, 1, the anchor base station (i.e., the second network device in this embodiment) first calculates the secret key, and each SSB corresponds to one secret key, ARFCN, and PCI;
2. the anchor base station sends a secret key, an I-RNTI, a source PCI and a source C-RNTI corresponding to each SSB and a security algorithm to a target base station (namely, a first network device in the embodiment);
3. before the UE sends the RRC recovery request, the UE may determine that its camped cell is SSB 2; calculating to obtain a key KgNB, extracting ARFCN and PCI from SSB2, then obtaining KRRCint, and calculating to obtain ShortMAC-I based on the obtained information and the old security algorithm;
4. when receiving an RRC recovery request sent by UE, the target base station calculates to obtain ShortMAC-I and then carries out security check.
Therefore, by adopting the scheme, the first network equipment can carry out integrity protection verification by pre-configuring the configuration information of the RRC connection recovery request message integrity protection verification; therefore, data transmission caused by signaling interaction between the first network equipment, particularly between the serving base station and the anchor base station, can be reduced, and particularly, a scene that false UE attacks the network in the system can be avoided.
Example II,
The embodiment of the invention provides an integrity verification method, which is applied to second network equipment and comprises the following steps: when the UE is used as an original service base station of the UE and the context of the UE is saved, before the UE is released to enter an inactive state, integrity protection verification configuration information about RRC recovery request messages initiated by the verification UE is sent to first network equipment.
In this embodiment, the second network device may be an original serving base station corresponding to the UE currently. The first network device and the cell notify all base stations in the area and base stations and cells of at least part of the base stations and cells in the area for the RAN. Or may be understood as the first network device being the current serving base station of the UE; a certain cell managed by the first network device is a target cell of the UE.
The following two processing scenarios may also exist in the present embodiment, which are respectively described as follows:
Before sending the configuration information (that is, before sending integrity protection verification configuration information on verifying the RRC Resume request message initiated by the UE to the neighboring base station), the second network device calculates a corresponding KgNB (key) and a corresponding shortMAC-I according to the frequency domain SSB configuration information of the neighboring cell.
The integrity protection verification configuration information includes at least one of: at least one short MAC-I, UE context identifies the I-RNTI.
If the target cell is a wideband carrier that contains multiple SSBs in one frequency domain. The integrity protection verification configuration information includes ShortMAC-I corresponding to each SSB and corresponding SSB identification information.
That is, when there are a plurality of SSBs, the integrity protection verification configuration information further includes: identification information of an SSB corresponding to at least one SSB contained in the frequency domain range in the target cell; and, the at least one short MAC-I corresponds to identification information of the at least one SSB.
And the network side completes configuration processing, then the UE carries out RRC recovery request, and before initiating RRC Resume request message to the target, the UE updates the key and calculates ShortMAC-I according to the ARFCN and PCI information of the current SSB.
The following processing is also performed on the second network device side: before sending the configuration information (that is, before sending integrity protection verification configuration information on verifying the RRC Resume request message initiated by the UE to the neighboring base station), the second network device calculates a key corresponding to at least one SSB according to the frequency domain SSB configuration information of the neighboring cell.
The integrity protection verification configuration information includes at least one of: at least one secret key, UE context identification I-RNTI, a security algorithm, PCI of an original service base station and C-RNTI of the original service base station.
If a plurality of SSBs are included, the method may further include:
identification information of an SSB corresponding to at least one SSB contained in a frequency domain range in a target cell managed by the first network equipment; and, the at least one key corresponds to identification information of the at least one SSB.
The integrity protection verification configuration information comprises KgNB, UE context identifier I-RNTI, a stored security algorithm, and original side PCI and C-RNTI. If the target cell is a wideband carrier that contains multiple SSBs in one frequency domain. The integrity protection verification configuration information includes the KgNB corresponding to each SSB and the corresponding SSB identification information.
And the network side completes configuration processing, then the UE carries out RRC recovery request, and before initiating RRC Resume request message to the target, the UE updates the key and calculates ShortMAC-I according to the ARFCN and PCI information of the current SSB.
Therefore, by adopting the scheme, the first network equipment can carry out integrity protection verification by pre-configuring the configuration information of the RRC connection recovery request message integrity protection verification; therefore, data transmission caused by signaling interaction between the first network equipment, particularly between the serving base station and the anchor base station, can be reduced, and particularly, a scene that false UE attacks the network in the system can be avoided.
Example III,
The embodiment of the invention provides an integrity verification method, which is applied to UE and comprises the following steps:
an RRC recovery request message is sent to the first network device.
The first network device in this embodiment may be a base station that currently provides service for the UE.
And the UE can carry out RRC recovery request, and before the RRC Resume request message is initiated to the target, the UE updates the key and calculates the short MAC-I according to the ARFCN and PCI information of the current SSB.
Correspondingly, the first network device performs integrity protection verification on the RRC recovery request message sent by the UE based on the configuration information of integrity protection verification.
It should be understood that the solutions provided in this embodiment may also refer to the scenarios described in fig. 4, 5, and 6, and the solutions described in the foregoing embodiments perform corresponding processing, which is not described herein again.
Therefore, by adopting the scheme, the first network equipment can carry out integrity protection verification by pre-configuring the configuration information of the RRC connection recovery request message integrity protection verification; therefore, data transmission caused by signaling interaction between the first network equipment, particularly between the serving base station and the anchor base station, can be reduced, and particularly, a scene that false UE attacks the network in the system can be avoided.
Example four,
An embodiment of the present invention provides a first network device, as shown in fig. 7, including:
a first communication unit 71, configured to verify integrity protection verification configuration information of an RRC recovery request message initiated by a user equipment UE;
the first processing unit 72 performs integrity protection verification on the RRC recovery request message sent by the UE based on the configuration information of the integrity protection verification.
The first network device in this embodiment may be a base station that currently provides service for the UE.
The present embodiment may have the following two processing scenarios, which are respectively described as follows:
The first communication unit 71, receiving integrity protection verification configuration information sent by the second network device for verifying the RRC recovery request message initiated by the UE; and the second network equipment is an original service base station serving the UE, and sends integrity protection verification configuration information for verifying an RRC recovery request message initiated by the UE to the first network equipment before the second network equipment releases the UE to enter an inactive state.
The integrity protection verification configuration information includes at least one of: at least one short MAC-I, UE context identifies the I-RNTI.
If the target cell is a wideband carrier that contains multiple SSBs in one frequency domain. The integrity protection verification configuration information includes ShortMAC-I corresponding to each SSB and corresponding SSB identification information.
That is, when there are a plurality of SSBs, the integrity protection verification configuration information further includes: identification information of an SSB corresponding to at least one SSB contained in a frequency domain range in a target cell managed by the first network equipment; and, the at least one short MAC-I corresponds to identification information of the at least one SSB.
And the network side completes configuration processing, then the UE carries out RRC recovery request, and before initiating RRC Resume request message to the target, the UE updates the key and calculates ShortMAC-I according to the ARFCN and PCI information of the current SSB.
Accordingly, the first communication unit 71 receives an RRC recovery request message sent by the UE;
a first processing unit 72, configured to, when there is integrity protection verification configuration information corresponding to the UE, perform integrity protection verification on an RRC recovery request message sent by the UE based on the integrity protection verification configuration information; and when the integrity protection verification configuration information corresponding to the UE does not exist, addressing the anchor base station corresponding to the UE, so that the anchor base station executes integrity protection verification on the RRC recovery request message.
That is, the UE initiates an RRC Resume request message to a certain base station, and if the base station has integrity protection verification configuration information corresponding to the UE, performs integrity protection verification of the RRC Resume request message. Otherwise, the anchor gNB is addressed, and the anchor gNB is made to perform integrity protection verification of the RRC Resume request message.
The first processing unit 72 searches for the stored short MAC-I according to the UE identification information carried in the RRC recovery request message; performing integrity protection verification based on the short MAC-I; when the verification is successful, addressing target network equipment for the UE, and obtaining the UE context; rejecting the UE when the authentication fails.
That is, if the current base station can perform integrity protection verification of the RRC Resume request message, if the verification is successful, the target base station is addressed to perform UE context solicitation, otherwise, the UE is directly rejected.
The first communication unit 71, receiving integrity protection verification configuration information sent by the second network device for verifying the RRC recovery request message initiated by the UE; and the second network equipment is an original service base station serving the UE, and sends integrity protection verification configuration information for verifying an RRC recovery request message initiated by the UE to the first network equipment before the second network equipment releases the UE to enter an inactive state.
The integrity protection verification configuration information includes at least one of: at least one secret key, UE context identification I-RNTI, a security algorithm, PCI of an original service base station and C-RNTI of the original service base station.
If a plurality of SSBs are included, the method may further include: identification information of an SSB corresponding to at least one SSB contained in a frequency domain range in a target cell managed by the first network equipment; and, the at least one key corresponds to identification information of the at least one SSB.
The integrity protection verification configuration information comprises KgNB, UE context identifier I-RNTI, a stored security algorithm, and original side PCI and C-RNTI. If the target cell is a wideband carrier that contains multiple SSBs in one frequency domain. The integrity protection verification configuration information includes the KgNB corresponding to each SSB and the corresponding SSB identification information.
And the network side completes configuration processing, then the UE carries out RRC recovery request, and before initiating RRC Resume request message to the target, the UE updates the key and calculates ShortMAC-I according to the ARFCN and PCI information of the current SSB.
Accordingly, the first communication unit 71 receives an RRC recovery request message sent by the UE;
a first processing unit 72, configured to, when there is integrity protection verification configuration information corresponding to the UE, perform integrity protection verification on an RRC recovery request message sent by the UE based on the integrity protection verification configuration information; and when the integrity protection verification configuration information corresponding to the UE does not exist, addressing the anchor base station corresponding to the UE, so that the anchor base station executes integrity protection verification on the RRC recovery request message.
That is, the UE initiates an RRC Resume request message to a certain base station, and if the base station has integrity protection verification configuration information corresponding to the UE, performs integrity protection verification of the RRC Resume request message. Otherwise, the anchor gNB is addressed, and the anchor gNB is made to perform integrity protection verification of the RRC Resume request message.
The first processing unit 72, which searches the stored key according to the identification information carried in the RRC recovery request message; calculating to obtain a short MAC-I at least based on the secret key and the security algorithm; performing integrity protection verification based on the short MAC-I obtained by calculation; when the verification is successful, addressing target network equipment for the UE, and obtaining the UE context; rejecting the UE when the authentication fails.
That is, the target base station searches the stored KgNB according to the information carried in the RRC resume request message, and then calculates shortMAC-I. If the current base station can execute the integrity protection verification of the RRC Resume request message, if the verification is successful, the target base station is addressed to carry out the UE context request, otherwise, the UE is directly rejected.
Therefore, by adopting the scheme, the first network equipment can carry out integrity protection verification by pre-configuring the configuration information of the RRC connection recovery request message integrity protection verification; therefore, data transmission caused by signaling interaction between the first network equipment, particularly between the serving base station and the anchor base station, can be reduced, and particularly, a scene that false UE attacks the network in the system can be avoided.
Example V,
An embodiment of the present invention provides a second network device, as shown in fig. 8, including: a second processing unit 81, configured to send integrity protection verification configuration information about verifying an RRC recovery request message initiated by the UE to the first network device through the second communication unit before releasing the UE to enter an inactive state when serving as an original serving base station of the UE and saving a context of the UE;
the second communication unit 82 sends the integrity protection verification configuration information to the first network device.
In this embodiment, the second network device may be an original serving base station corresponding to the UE currently. The first network device and the cell notify all base stations in the area and base stations and cells of at least part of the base stations and cells in the area for the RAN. Or may be understood as the first network device being the current serving base station of the UE; a certain cell managed by the first network device is a target cell of the UE.
The following two processing scenarios may also exist in the present embodiment, which are respectively described as follows:
Before sending the configuration information (that is, before sending the integrity protection verification configuration information about verifying the RRC response request message initiated by the UE to the neighboring base station), the second processing unit calculates a corresponding KgNB (key) and a corresponding shortMAC-I according to the frequency domain SSB configuration information of the neighboring cell.
The integrity protection verification configuration information includes at least one of: at least one short MAC-I, UE context identifies the I-RNTI.
If the target cell is a wideband carrier that contains multiple SSBs in one frequency domain. The integrity protection verification configuration information includes ShortMAC-I corresponding to each SSB and corresponding SSB identification information.
That is, when there are a plurality of SSBs, the integrity protection verification configuration information further includes: identification information of an SSB corresponding to at least one SSB contained in the frequency domain range in the target cell; and, the at least one short MAC-I corresponds to identification information of the at least one SSB.
And the network side completes configuration processing, then the UE carries out RRC recovery request, and before initiating RRC Resume request message to the target, the UE updates the key and calculates ShortMAC-I according to the ARFCN and PCI information of the current SSB.
The following processing is also performed on the second network device side: before sending the configuration information (that is, before sending integrity protection verification configuration information on an RRC Resume request message initiated by a verification UE to the neighboring base station), the second processing unit calculates a key corresponding to at least one SSB according to the frequency domain SSB configuration information of the neighboring base station.
The integrity protection verification configuration information includes at least one of: at least one secret key, UE context identification I-RNTI, a security algorithm, PCI of an original service base station and C-RNTI of the original service base station.
If a plurality of SSBs are included, the method may further include:
identification information of an SSB corresponding to at least one SSB contained in a frequency domain range in a target cell managed by the first network equipment; and, the at least one key corresponds to identification information of the at least one SSB.
The integrity protection verification configuration information comprises KgNB, UE context identifier I-RNTI, a stored security algorithm, and original side PCI and C-RNTI. If the target cell is a wideband carrier that contains multiple SSBs in one frequency domain. The integrity protection verification configuration information includes the KgNB corresponding to each SSB and the corresponding SSB identification information.
And the network side completes configuration processing, then the UE carries out RRC recovery request, and before initiating RRC Resume request message to the target, the UE updates the key and calculates ShortMAC-I according to the ARFCN and PCI information of the current SSB.
Therefore, by adopting the scheme, the first network equipment can carry out integrity protection verification by pre-configuring the configuration information of the RRC connection recovery request message integrity protection verification; therefore, data transmission caused by signaling interaction between the first network equipment, particularly between the serving base station and the anchor base station, can be reduced, and particularly, a scene that false UE attacks the network in the system can be avoided.
Example six,
An embodiment of the present invention provides a UE, as shown in fig. 9, including:
the third communication unit 91 transmits an RRC restoration request message to the first network device.
And the third processing unit 92 updates the key and calculates to obtain the short MAC-I according to the ARFCN and PCI information of the current SSB.
Correspondingly, the first network device performs integrity protection verification on the RRC recovery request message sent by the UE based on the configuration information of integrity protection verification.
It should be understood that the solutions provided in this embodiment may also refer to the scenarios described in fig. 4, 5, and 6, and the solutions described in the foregoing embodiments perform corresponding processing, which is not described herein again.
Therefore, by adopting the scheme, the first network equipment can carry out integrity protection verification by pre-configuring the configuration information of the RRC connection recovery request message integrity protection verification; therefore, data transmission caused by signaling interaction between the first network equipment, particularly between the serving base station and the anchor base station, can be reduced, and particularly, a scene that false UE attacks the network in the system can be avoided.
An embodiment of the present invention further provides a hardware composition architecture of a network device or a UE, as shown in fig. 10, including: at least one processor 1001, memory 1002, at least one network interface 1003. The various components are coupled together by a bus system 1004. It is understood that the bus system 1004 is used to enable communications among the components. The bus system 1004 includes a power bus, a control bus, and a status signal bus in addition to a data bus. For clarity of illustration, however, the various buses are labeled as the bus system 1004 in the diagram 100.
It is to be understood that the memory 1002 in embodiments of the present invention may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory.
In some embodiments, memory 1002 stores the following elements, executable modules or data structures, or a subset thereof, or an expanded set thereof:
an operating system 10021 and applications 10022.
Wherein the processor 1001 is configured to: the method steps of any one of the first to third embodiments can be processed, and are not described herein again.
In an embodiment of the present invention, a computer storage medium is provided, where computer-executable instructions are stored, and when executed, the computer-executable instructions implement the method steps of any one of the first to third embodiments.
The device according to the embodiment of the present invention may also be stored in a computer-readable storage medium if it is implemented in the form of a software functional module and sold or used as an independent product. Based on such understanding, the technical solutions of the embodiments of the present invention may be essentially implemented or a part contributing to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read Only Memory (ROM), a magnetic disk, or an optical disk. Thus, embodiments of the invention are not limited to any specific combination of hardware and software.
Correspondingly, the embodiment of the present invention further provides a computer storage medium, in which a computer program is stored, and the computer program is configured to execute the data scheduling method of the embodiment of the present invention.
Although the preferred embodiments of the present invention have been disclosed for illustrative purposes, those skilled in the art will appreciate that various modifications, additions and substitutions are possible, and the scope of the invention should not be limited to the embodiments described above.
Claims (32)
1. An integrity verification method applied to a first network device, the method comprising:
before User Equipment (UE) enters an inactive state, receiving integrity protection verification configuration information which is sent by an original service base station serving the UE and used for verifying an RRC recovery request message initiated by the UE;
performing integrity protection verification on an RRC recovery request message sent by the UE based on the configuration information of the integrity protection verification;
the integrity protection verification configuration information includes: identification information of an SSB corresponding to at least one synchronization information block SSB contained in a frequency domain range in a target cell managed by the first network equipment;
the first network equipment is a base station which currently provides service for the UE.
2. The method of claim 1, wherein the integrity protection verification configuration information comprises at least one of: at least one short MAC-I, UE context identifies the I-RNTI.
3. The method of claim 2, wherein,
the at least one short MAC-I corresponds to identification information of the at least one SSB.
4. The method of claim 1, wherein the integrity protection verification configuration information comprises at least one of: at least one secret key, UE context identification I-RNTI, a security algorithm, PCI of an original service base station and C-RNTI of the original service base station.
5. The method of claim 4, wherein,
the at least one key corresponds to identification information of the at least one SSB.
6. The method according to any of claims 1-5, wherein performing integrity protection verification on the RRC recovery request message sent by the UE based on the configuration information of the integrity protection verification further comprises:
receiving an RRC recovery request message sent by the UE;
when the integrity protection verification configuration information corresponding to the UE exists, performing integrity protection verification on an RRC recovery request message sent by the UE based on the integrity protection verification configuration information;
and when the integrity protection verification configuration information corresponding to the UE does not exist, addressing the anchor base station corresponding to the UE, so that the anchor base station performs integrity protection verification on the RRC recovery request message.
7. The method according to any of claims 1-3, wherein the performing integrity protection verification on the RRC recovery request message from the UE further comprises:
searching for a stored short MAC-I according to the UE identification information carried in the RRC recovery request message;
performing integrity protection verification based on the short MAC-I;
when the verification is successful, addressing target network equipment for the UE, and obtaining the context of the UE;
rejecting the UE when the authentication fails.
8. The method according to any one of claims 1, 4 or 5, wherein the performing integrity protection verification on the RRC recovery request message sent by the UE further comprises:
searching a stored key according to the identification information carried in the RRC recovery request message;
calculating to obtain a short MAC-I at least based on the secret key and a security algorithm;
performing integrity protection verification based on the short MAC-I obtained by calculation;
when the verification is successful, addressing target network equipment for the UE, and obtaining the context of the UE;
rejecting the UE when the authentication fails.
9. An integrity verification method applied to a second network device, the method comprising:
when serving as an original serving base station of UE and storing the context of the UE, before releasing the UE to enter an inactive state, sending integrity protection verification configuration information about an RRC recovery request message initiated by the verification UE to a base station serving the UE at present;
the integrity protection verification configuration information includes: identification information of an SSB corresponding to at least one synchronization information block SSB contained in a frequency domain range in a target cell managed by first network equipment;
the first network equipment is a base station which currently provides service for the UE.
10. The method of claim 9, wherein the first network device and the cell managed by the first network device inform the RAN of all base stations and cells of one of at least some of the base stations and cells managed by all base stations within an area.
11. The method of claim 10, wherein the integrity protection verification configuration information comprises at least one of: at least one short MAC-I, UE context identifies the I-RNTI.
12. The method of claim 11, wherein,
the at least one short MAC-I corresponds to identification information of the at least one SSB.
13. The method of claim 10, wherein the integrity protection verification configuration information comprises at least one of: at least one secret key, UE context identification I-RNTI, a security algorithm, PCI of an original service base station and C-RNTI of the original service base station.
14. The method of claim 13, wherein
The at least one key corresponds to identification information of the at least one SSB.
15. The method according to any of claims 9-14, before sending integrity protection verification configuration information on verifying the UE-initiated RRC resume request message to the first network device, the method further comprising:
calculating a key corresponding to at least one SSB and a corresponding short MAC-I according to the frequency domain SSB configuration information of the adjacent cell;
or
And calculating a key corresponding to at least one SSB according to the frequency domain SSB configuration information of the adjacent cell.
16. A first network device, comprising:
the first communication unit receives integrity protection verification configuration information which is sent by an original service base station serving the User Equipment (UE) and is used for verifying an RRC recovery request message initiated by the UE before the UE enters an inactive state;
a first processing unit, configured to perform integrity protection verification on the RRC recovery request message sent by the UE based on the configuration information of the integrity protection verification;
the integrity protection verification configuration information includes: identification information of an SSB corresponding to at least one synchronization information block SSB contained in a frequency domain range in a target cell managed by the first network equipment;
the first network equipment is a base station which currently provides service for the UE.
17. The first network device of claim 16, wherein the integrity protection verification configuration information comprises at least one of: at least one short MAC-I, UE context identifies the I-RNTI.
18. The first network device of claim 17,
the at least one short MAC-I corresponds to identification information of the at least one SSB.
19. The first network device of claim 16, wherein the integrity protection verification configuration information comprises at least one of: at least one secret key, UE context identification I-RNTI, a security algorithm, PCI of an original service base station and C-RNTI of the original service base station.
20. The first network device of claim 19,
the at least one key corresponds to identification information of the at least one SSB.
21. The first network device according to any of claims 16-20, wherein the first communication unit receives an RRC recovery request message from the UE;
a first processing unit, configured to perform integrity protection verification on an RRC recovery request message sent by the UE based on configuration information of integrity protection verification when there is the configuration information of integrity protection verification corresponding to the UE;
and when the integrity protection verification configuration information corresponding to the UE does not exist, addressing the anchor base station corresponding to the UE, so that the anchor base station performs integrity protection verification on the RRC recovery request message.
22. The first network device according to any of claims 16-18, wherein the first processing unit finds a stored short MAC-I according to UE identification information carried in the RRC recovery request message; performing integrity protection verification based on the short MAC-I; when the verification is successful, addressing target network equipment for the UE, and obtaining the context of the UE; rejecting the UE when the authentication fails.
23. The first network device of any one of claims 16, 19, or 20, wherein the first processing unit finds a stored key according to identification information carried in the RRC recovery request message; calculating to obtain a short MAC-I at least based on the secret key and a security algorithm; performing integrity protection verification based on the short MAC-I obtained by calculation; when the verification is successful, addressing target network equipment for the UE, and obtaining the context of the UE; rejecting the UE when the authentication fails.
24. A second network device, comprising:
a second processing unit, configured to, when the second network device serves as an original serving base station of the UE and stores a context of the UE, send integrity protection verification configuration information about verifying an RRC recovery request message initiated by the UE to a base station currently serving the UE through a second communication unit before releasing the UE to enter an inactive state;
the second communication unit is used for sending the integrity protection verification configuration information to the first network equipment;
the integrity protection verification configuration information includes: identification information of an SSB corresponding to at least one synchronization information block SSB contained in a frequency domain range in a target cell managed by the first network equipment;
the first network equipment is a base station which currently provides service for the UE.
25. The second network device of claim 24, wherein the first network device and the cells managed by the first network device inform the RAN of all base stations and cells of one of at least some of the base stations and cells managed by all base stations within an area.
26. The second network device of claim 25, wherein the integrity protection verification configuration information comprises at least one of: at least one short MAC-I, UE context identifies the I-RNTI.
27. The second network device of claim 26,
the at least one short MAC-I corresponds to identification information of the at least one SSB.
28. The second network device of claim 25, wherein the integrity protection verification configuration information comprises at least one of: at least one secret key, UE context identification I-RNTI, a security algorithm, PCI of an original service base station and C-RNTI of the original service base station.
29. The second network device of claim 28,
the at least one key corresponds to identification information of the at least one SSB.
30. The second network device of any of claims 24 to 29, wherein the second processing unit calculates, according to the frequency-domain SSB configuration information of the neighboring cell, a key corresponding to at least one SSB and a corresponding short MAC-I;
or
And calculating a key corresponding to at least one SSB according to the frequency domain SSB configuration information of the adjacent cell.
31. A network device, comprising: a processor and a memory for storing a computer program capable of running on the processor,
wherein the processor is adapted to perform the steps of the method of any one of claims 1 to 15 when running the computer program.
32. A computer storage medium storing computer-executable instructions that, when executed, implement the method steps of any of claims 1-15.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2018/079684 WO2019178755A1 (en) | 2018-03-20 | 2018-03-20 | Method for integrity validation, network device, ue, and computer storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109644354A CN109644354A (en) | 2019-04-16 |
CN109644354B true CN109644354B (en) | 2021-10-26 |
Family
ID=66060201
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201880002951.9A Active CN109644354B (en) | 2018-03-20 | 2018-03-20 | Integrity verification method, network equipment, UE and computer storage medium |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN109644354B (en) |
WO (1) | WO2019178755A1 (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019161538A1 (en) * | 2018-02-23 | 2019-08-29 | Oppo广东移动通信有限公司 | Method and device for determining security algorithm, and computer storage medium |
CN112788795B (en) * | 2019-11-08 | 2023-04-07 | 华为技术有限公司 | Connection recovery method and device |
CN115175181A (en) * | 2021-04-02 | 2022-10-11 | 华为技术有限公司 | Communication method and device |
CN116074005A (en) * | 2021-10-29 | 2023-05-05 | 华为技术有限公司 | Secure communication method and related equipment |
EP4430868B1 (en) * | 2021-11-10 | 2024-10-30 | Telefonaktiebolaget LM Ericsson (publ) | Generating an authentication token |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101848536A (en) * | 2010-04-28 | 2010-09-29 | 新邮通信设备有限公司 | Radio resource control connection reestablishment method and base station |
CN102238542A (en) * | 2010-04-20 | 2011-11-09 | 中兴通讯股份有限公司 | Method and system for reestablishing radio resource control (RRC) of user equipment (UE) under relay node (RN) |
CN102487507A (en) * | 2010-12-01 | 2012-06-06 | 中兴通讯股份有限公司 | Method and system for realizing integrality protection |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102036243B (en) * | 2009-09-29 | 2015-07-15 | 北京三星通信技术研究有限公司 | Methods for processing radio link failure report |
WO2015018074A1 (en) * | 2013-08-09 | 2015-02-12 | Nokia Solutions And Networks Oy | Methods and apparatus |
EP3403467B1 (en) * | 2016-01-14 | 2020-07-22 | LG Electronics Inc. -1- | Method for connecting with network at ue in wireless communication system and apparatus therefor |
CN107294723A (en) * | 2016-03-31 | 2017-10-24 | 中兴通讯股份有限公司 | The generation of message integrity authentication information and verification method, device and checking system |
-
2018
- 2018-03-20 CN CN201880002951.9A patent/CN109644354B/en active Active
- 2018-03-20 WO PCT/CN2018/079684 patent/WO2019178755A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102238542A (en) * | 2010-04-20 | 2011-11-09 | 中兴通讯股份有限公司 | Method and system for reestablishing radio resource control (RRC) of user equipment (UE) under relay node (RN) |
CN101848536A (en) * | 2010-04-28 | 2010-09-29 | 新邮通信设备有限公司 | Radio resource control connection reestablishment method and base station |
CN102487507A (en) * | 2010-12-01 | 2012-06-06 | 中兴通讯股份有限公司 | Method and system for realizing integrality protection |
Also Published As
Publication number | Publication date |
---|---|
WO2019178755A1 (en) | 2019-09-26 |
CN109644354A (en) | 2019-04-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109644354B (en) | Integrity verification method, network equipment, UE and computer storage medium | |
US10034324B2 (en) | Optimization of power consumption in dual SIM mobiles in connected mode in a wireless network | |
KR102264618B1 (en) | Communication method, access network device, and terminal | |
CN112040567B (en) | Method and device for recovering RRC connection and computer storage medium | |
EP3596985B1 (en) | Method and apparatus for protection of privacy in paging of user equipment | |
EP3197191B1 (en) | Method and apparatuses for avoiding network security desynchronization | |
CN108696872B (en) | Redirection method and device | |
US20120094656A1 (en) | Mobile communication method, device, and system for ensuring service continuity | |
CN108293259B (en) | NAS message processing and cell list updating method and equipment | |
CN109792661B (en) | CSFB (Circuit switched Fall Back) fall result detection method and device and computer storage medium | |
CN112806044A (en) | Pseudo base station identification method and device, mobile terminal and storage medium | |
US8995959B2 (en) | Prevention of mismatch of authentication parameter in hybrid communication system | |
CN102448043A (en) | Circuit switching domain rollback method and device | |
WO2019223774A1 (en) | Method and device for improving reliability of paging , and computer storage medium | |
CN108064461B (en) | CSFB (Circuit switched Fall Back) fall result detection method and device and computer storage medium | |
CN108235826B (en) | CSFB (Circuit switched Fall Back) fall result detection method and device and computer storage medium | |
WO2022067815A1 (en) | Communication method and apparatus, and device | |
CN115942307A (en) | Enhanced user equipment security against attacks in 4G or 5G networks | |
EP3174331B1 (en) | Method and device for initiating mobility management process | |
CN112399443B (en) | Release method, terminal, core network element and computer storage medium | |
CN118764852A (en) | Network fault recovery method and device for long term evolution network | |
KR101568688B1 (en) | Base station apparatus and control method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |