HK1195190A - A method for verifying a home enodeb - Google Patents

Description

Method for supporting verification of home base station

Technical Field

The invention relates to a mobile communication technology, in particular to a method for supporting verification of a home base station.

Background

In current mobile communication systems, in order to provide better service to a user group, it is often necessary to group a plurality of radio resource management entities (i.e. network entities in a radio access network that manage radio resources and are responsible for user equipment access, such as base stations or cells in various mobile communication systems) into a Closed Subscriber Group (CSG) for the specific user group — for example, all users in a company or a school are a specific user group, and group a plurality of radio resource management entities into a closed subscriber group for the user group to provide a special access service. The case of grouping a plurality of radio resource management entities into a closed subscriber group for a particular subscriber group is ubiquitous in mobile communication systems. To more clearly illustrate this situation, a Long Term Evolution (LTE) system of System Architecture Evolution (SAE) is taken as an example for explanation.

Fig. 1 is a schematic structural diagram of an LTE system, and as shown in the diagram, in a radio access network of the LTE system, a radio resource management entity includes a macro base station (eNB) and a home base station (HeNB), and a home base station gateway (HeNB GW) is optionally included in the radio access network. The eNB can be directly connected with a Mobile Management Entity (MME) in a core network, and when the HeNB GW is included in a wireless access network, the HeNB needs to be connected with the MME through the HeNB GW; and when the radio access network does not comprise the HeNB GW, the HeNB can be directly connected with the MME.

For a radio resource management entity in an LTE system, in order to provide a richer access service, taking henbs as an example, multiple types of henbs are provided in the prior art: including open, hybrid, and closed user group types. The open HeNB has no user group with specific access, and any User Equipment (UE) can access the user group; the closed subscriber group HeNB is the HeNB used by the user group introduced by all users in a company or a school, and only allows the user equipment in a specific user group served by the closed subscriber group HeNB (for convenience of description, the user equipment in the specific user group is hereinafter referred to as CSG user equipment for short) to access; the hybrid HeNB not only forms a closed subscriber group with other henbs and allows the CSG ue served by the hybrid HeNB to access, so as to provide a better access service for the CSG ue, but also allows other non-CSG ues (ues not belonging to the CSG) to access.

As can be seen from the above description, in the existing mobile communication system, for the radio resource management entity, not only a closed subscriber group can be composed of a plurality of radio resource management entities, and a radio resource management entity of a closed subscriber group type, such as a closed subscriber group type HeNB, is provided, but also a hybrid radio resource management entity, such as a hybrid HeNB, can be provided in order to provide richer access services. Meanwhile, a macro base station (eNB) may also support the CSG function or be used as a hybrid eNB when supporting the CSG function.

When an existing HeNB is registered to a HeNB GW, the HeNB GW does not authenticate the HeNB, and only a security gateway (SeGW) authenticates the HeNB. Such an aggressive HeNB may eavesdrop information of the accessed UE by assuming an identity of another HeNB, and there is no mechanism on the network side to guarantee such an HeNB attack at present. The 3GPP therefore proposes a need for verification of the identity of the HeNB and the messages to the accessed UE at the HeNB gateway or MME.

Especially for the UE accessing the home base station through S1, how to verify the message accessed by the UE is an unsolved problem.

Disclosure of Invention

The invention provides a method for supporting the verification of a home base station, which can avoid the influence of an attack base station on an operator network and ensure the safety of a user accessing the network. .

In order to achieve the purpose, the technical scheme of the invention is realized as follows:

a method of supporting authentication of a home base station, the method comprising:

the MME sends the access mode of the target home base station received from the source base station to a home base station gateway;

and the home base station gateway verifies the validity of the access mode of the target home base station.

It should be noted that, the MME also sends the CSG id to the femto gateway, and if the target cell is in the closed subscriber group mode, the femto gateway verifies the validity of the CSG id of the target femto.

It should be noted that the access mode sent by the source base station to the MME and/or sent by the MME to the femto as the femto gateway includes an open mode, and the femto gateway verifies the validity of the access mode of the femto in the target open mode.

It should be noted that the femto gateway knows that the target cell is in the open mode according to the fact that the access mode and the CSG identifier do not exist in the message received from the MME, and verifies the validity of the access mode of the femto in the target open mode.

It should be noted that the femto gateway knows that the target cell is the hybrid mode according to the existence of the member status and the CSG identifier in the message received from the MME, and verifies the validity of the access mode of the target base station for the hybrid mode.

The invention also provides a method for supporting the verification of the home base station, which comprises the following steps:

the target home base station receives the switching request message;

the target home base station sends the access mode and the CSG identification to an upper node thereof;

and the upper node of the target home base station verifies the validity of the access mode of the target home base station, and if the access mode is the closed user group mode, the validity of the CSG identification of the target home base station is verified.

It should be noted that, in the case of deployment of a femto gateway, the upper node of the destination femto is the femto gateway.

It should be noted that, in the case that there is no femto gateway deployed, the upper node of the destination femto is an MME.

Another method for supporting the verification of the home base station of the present invention comprises the steps of:

a source base station sends a switching demand message to an MME, wherein the switching demand message comprises an access mode and a CSG mark of a target home base station;

and the MME verifies the validity of the access mode of the target home base station, and if the access mode is the closed user group mode, the MME verifies the validity of the CSG identification of the target home base station.

According to the technical scheme, the method for supporting the verification of the home base station provided by the embodiment of the invention avoids the influence of an attack base station on an operator network and ensures the safety of a user accessing the network.

Drawings

Fig. 1 is a schematic structural diagram of an LTE system in the prior art.

Fig. 2 is a first embodiment of the present invention supporting authentication of a femto cell.

Fig. 3 is a second embodiment of the present invention supporting authentication of the hnb.

Fig. 4 shows a third embodiment of the present invention supporting authentication of the hnb.

Fig. 5 is a fourth embodiment of the present invention supporting authentication of the hnb.

Fig. 6 is a fifth embodiment of the present invention supporting authentication of the hnb.

Fig. 7 shows a sixth embodiment of the present invention supporting authentication of the femto bs.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings and examples.

The first embodiment is as follows:

an embodiment of the present invention supporting authentication of a femto cell is shown in fig. 2. In this embodiment, a HeNB GW is deployed, and a HeNB accesses a core network through the HeNB GW. In this embodiment, the HeNB GW verifies the femto base station according to the information of the target femto base station received from the MME. The following is a detailed description of this embodiment. Detailed descriptions of steps not related to the present invention are omitted herein.

Step 201: the UE sends a measurement report to the source base station.

The measurement report includes the PCI of the measuring cell.

Step 202: the source base station configures the UE to perform system information, SI, requests and reports for the particular PCI corresponding cell.

Step 203, the target femtocell broadcasts the cell identifier, TAI and CSG identifier of the controlled cell.

In step 204, the UE sends a measurement report to the source base station.

The UE acquires the relevant system information of the destination HeNB with the automatic gap.

The measurement report includes global cell identity (ECGI) of the destination HeNB cell, routing area code (TAC), CSG ID and member.

Step 205: and the source base station sends a switching demand message to the MME.

The handover requirement message includes ECGI and CSG ID of the target HeNB cell, and further includes that the cell access mode is a hybrid mode if the target cell is in the hybrid access mode. If the target cell is in the open access mode, the handover required message may further include that the cell access mode is in the open mode, and at this time, the corresponding CSG id does not exist. Or when the destination HeNB is in the open mode, the MME knows that the destination HeNB is in the open mode according to the HeNB in which the access mode and the CSG identity do not exist and the destination eNB identity is 28bit, so as to verify the access mode of the destination HeNB in step 208.

Step 206: and the MME performs access control on the UE according to the received CSG ID and the stored subscription CSG information of the UE.

In this step, if the access control fails, the MME sends a handover preparation failure message to the source base station to end the handover process, and if the handover request message includes that the access mode is the hybrid mode, the MME determines the member status of the UE and sends the member status to the destination base station through the handover request message.

Step 207: and the MME sends a switching request message to a destination HeNB GW.

The handover request message includes a CSG ID, and if the destination cell is in hybrid access mode, the message also includes a CSG member indication. The handover request message also includes an access mode. The access mode may comprise a hybrid mode. The access mode may also include an open mode, when the corresponding CSG id does not exist. Or when the destination HeNB is in the open mode, the MME does not need to include the access mode and the CSG ID, and the HeNB GW knows that the destination HeNB is in the open mode according to the absence of the access mode and the CSG ID, thereby verifying the access mode of the destination HeNB in the open mode in step 208. The message may not include an information element access mode, the HeNB GW may know that the target HeNB cell is the CSG mode according to the existence of the CSG identity and the absence of the member state, the CSG identity and the member state may exist at the same time and know that the target HeNB cell is the hybrid mode, and the CSG identity and the member state may not know that the target HeNB cell is the open mode, thereby verifying the validity of the access mode of the target HeNB in step 208.

In step 208, the HeNB GW verifies that the access mode of the destination HeNB is valid. If the destination cell is a CSG cell, the HeNB GW verifies that the CSG ID of the destination HeNB cell is valid.

In step 209, the HeNB GW sends a handover request message to the HeNB.

Step 210, the HeNB sends a handover request acknowledge message to the HeNB GW.

Step 211: the HeNB GW sends a switching request confirmation message to the MME.

Step 212: and the MME sends a switching command message to the source base station.

Step 213: the source base station sends a handover command message to the UE.

Thus, the whole work flow of the first embodiment of the present invention is completed.

Example two

The second embodiment of the present invention supporting the authentication of the femto cell is shown in fig. 3. In this embodiment, there is no HeNB GW deployment. In this embodiment, the MME verifies the home base station according to the information received from the source base station. The following is a detailed description of this embodiment. Detailed descriptions of steps not related to the present invention are omitted herein.

Step 301: the UE sends a measurement report to the source base station.

The measurement report includes the PCI of the measuring cell.

Step 302: the source base station configures the UE to perform system information, SI, requests and reports for the particular PCI corresponding cell.

Step 303, the target hnb broadcasts the cell id, TAI, and CSG id of the controlled cell.

In step 304, the UE sends a measurement report to the source base station.

The UE acquires the relevant system information of the destination HeNB with the automatic gap.

The measurement report includes global cell identity (ECGI) of the destination HeNB cell, routing area code (TAC), CSG ID and member.

Step 305: and the source base station sends a switching demand message to the MME.

The handover requirement message includes ECGI and CSG ID of the target HeNB cell, and further includes that the cell access mode is a hybrid mode if the target cell is in the hybrid access mode. If the target cell is in the open access mode, the handover required message may further include that the cell access mode is in the open mode, and at this time, the corresponding CSG id does not exist. Or when the destination HeNB is in the open mode, the MME does not need to include the access mode and the CSG ID, and the MME knows that the destination HeNB is in the open mode according to the fact that the access mode and the CSG ID do not exist and the HeNB ID of the destination eNB is 28bit, so as to verify the access mode of the destination HeNB in the open mode in step 307.

Step 306: and the MME performs access control on the UE according to the received CSG ID and the stored subscription CSG information of the UE.

In this step, if the access control fails, the MME sends a handover preparation failure message to the source base station to end the handover process, and if the handover request message includes that the access mode is the hybrid mode, the MME determines the member status of the UE and sends the member status to the destination base station through the handover request message.

In step 307, the MME verifies that the access mode of the destination HeNB is valid. If the destination cell is a CSG cell, the MME verifies that the CSG ID of the destination HeNB cell is valid.

Step 306 and step 307 have no absolute precedence order.

Step 308: and the MME sends a switching request message to the destination HeNB.

The handover request message includes a CSG ID, and if the destination cell is in hybrid access mode, the message also includes a CSG member indication.

In step 309, the HeNB sends a handover request acknowledgement message to the MME.

Step 310: and the MME sends a switching command message to the source base station.

Step 311: the source base station sends a handover command message to the UE.

Thus, the whole work flow of the second embodiment of the present invention is completed.

EXAMPLE III

Fig. 4 shows a third embodiment of the present invention supporting authentication of a femto cell. In this embodiment, a HeNB GW is deployed, and a HeNB accesses a core network through the HeNB GW. In this embodiment, the HeNB GW verifies the femto base station according to the information received from the destination femto base station. The following is a detailed description of this embodiment. Detailed descriptions of steps not related to the present invention are omitted herein.

Steps 401 to 404 are the same as steps 201 to 204, and are not described again here.

Step 405: and the source base station sends a switching demand message to the MME.

The handover requirement message includes ECGI and CSG ID of the target HeNB cell, and further includes that the cell access mode is a hybrid mode if the target cell is in the hybrid access mode.

Step 406: and the MME performs access control on the UE according to the received CSG ID and the stored subscription CSG information of the UE.

In this step, if the access control fails, the MME sends a handover preparation failure message to the source base station to end the handover process, and if the handover request message includes that the access mode is the hybrid mode, the MME determines the member status of the UE and sends the member status to the destination base station through the handover request message.

Step 407: and the MME sends a switching request message to a destination HeNB GW.

The handover request message includes a CSG ID, and if the destination cell is in hybrid access mode, the message also includes a CSG member indication.

In step 408, the HeNB GW sends a handover request message to the HeNB.

In step 409, the HeNB sends a handover request acknowledge message to the HeNB GW. The handover request confirmation message includes an access mode of the target HeNB cell, and if the target HeNB cell is a closed subscriber group type or a hybrid type, the message further includes a CSG identity. The access mode includes a hybrid access mode. The access mode may also include an open mode, when the corresponding CSG id does not exist. Or when the destination HeNB is in the open mode, the HeNB does not need to include the access mode and the CSG ID, and the HeNB GW knows that the destination HeNB is in the open mode according to the absence of the access mode and the CSG ID, so as to verify the access mode of the destination HeNB in the open mode in step 410.

In step 410, the HeNB GW verifies that the access mode of the destination HeNB is valid. If the destination cell is a CSG cell, the HeNB GW verifies that the CSG ID of the destination HeNB cell is valid.

Steps 411 to 413 are the same as steps 211 to 213, and are not described herein again.

Thus, the whole work flow of the third embodiment of the present invention is completed.

Example four

The fourth embodiment of the present invention supporting the authentication of the femto cell is shown in fig. 5. In this embodiment, there is no HeNB GW deployment. In this embodiment, the MME verifies the femto base station according to the information received from the destination femto base station. The following is a detailed description of this embodiment. Detailed descriptions of steps not related to the present invention are omitted herein.

Steps 501 to 504 are the same as steps 301 to 304, and are not described herein again.

Step 505: and the source base station sends a switching demand message to the MME.

The handover requirement message includes ECGI and CSG ID of the target HeNB cell, and further includes that the cell access mode is a hybrid mode if the target cell is in the hybrid access mode.

Step 506: and the MME performs access control on the UE according to the received CSG ID and the stored subscription CSG information of the UE.

In this step, if the access control fails, the MME sends a handover preparation failure message to the source base station to end the handover process, and if the handover request message includes that the access mode is the hybrid mode, the MME determines the member status of the UE and sends the member status to the destination base station through the handover request message.

Step 507: and the MME sends a switching request message to the destination HeNB.

The handover request message includes a CSG ID, and if the destination cell is in hybrid access mode, the message also includes a CSG member indication.

In step 508, the HeNB sends a handover request acknowledgement message to the MME. The handover request confirmation message includes an access mode of the target HeNB cell, and if the target HeNB cell is a closed subscriber group type or a hybrid type, the message further includes a CSG identity. The access mode includes a hybrid access mode. The access mode may also include an open mode, when the corresponding CSG id does not exist. Or when the destination HeNB is in the open mode, the HeNB does not need to include the access mode and the CSG ID, and the MME knows that the destination HeNB is in the open mode according to the fact that the access mode and the CSG ID do not exist and that the identity of the destination eNB is 28bit, so as to verify the access mode of the destination HeNB in the open mode in step 509.

In step 509, the MME verifies that the access mode of the destination HeNB is valid. If the destination cell is a CSG cell, the MME verifies that the CSG ID of the destination HeNB cell is valid.

Steps 510 to 511 are the same as steps 310 to 311, and are not described herein again.

Thus, the whole work flow of the fourth embodiment of the present invention is completed.

EXAMPLE five

Fig. 6 shows an embodiment of the present invention supporting authentication of the femto bs. In the process of initially accessing the HeNB by the UE in the embodiment, the HeNB GW or the MME verifies the home base station according to the information received from the HeNB base station. The following is a detailed description of this embodiment. Detailed descriptions of steps not related to the present invention are omitted herein.

Step 601: the UE sends a NAS message, such as an Attach message or a TA update request message, to the HeNB. In this step, the UE may send an uplink NAS message to the HeNB through uplink information transmission or RRC connection setup completion.

Step 602, the HeNB sends an initial UE message to the HeNB GW or MME. The message contains a NAS message received from the UE. And under the condition that the HeNB GW is deployed, the message is firstly sent to the HeNB GW and then sent to the MME through the HeNB GW, and under the condition that the HeNB GW is not deployed, the message is directly sent to the MME.

The initial UE message includes the CSG ID of the HeNB cell, and further includes that the cell access mode is a hybrid mode if the HeNB cell is in the hybrid access mode. If the target cell is in the open access mode, the initial UE message may further include that the cell access mode is in the open mode, and the corresponding CSG id does not exist. Or when the HeNB is in the open mode, the HeNB does not need to include the access mode and the CSG ID, the HeNB GW knows that the target HeNB is in the open mode according to the absence of the access mode and the CSG identity, and the MME knows that the HeNB is in the open mode according to the absence of the access mode and the CSG identity and the HeNB identity that the eNB identity is 28bit under the condition that the HeNB GW is not deployed, so that the access mode of the target HeNB in the open mode is verified in step 603.

Step 603: the HeNB GW or MME verifies that the access mode of the destination HeNB is valid. If the target cell is a CSG cell, the HeNB GW or the MME verifies that the CSG ID of the target HeNB cell is valid.

In case of HeNB GW deployment, the above verification is done by the HeNB GW. In case of no HeNBGW deployment, the above verification is done by the MME.

And under the condition that the HeNB GW is deployed, the HeNB GW sends an initial UE message to the MME.

In step 604, the other processes are the same as the existing processes and are not described herein again.

Thus, the whole work flow of the fifth embodiment of the present invention is completed.

EXAMPLE six

Fig. 7 shows an embodiment of the present invention supporting authentication of the femto bs. In the embodiment, the HeNB GW or the MME verifies the home base station according to the information received from the HeNB base station in the process that the UE is switched to the HeNB through the X2. The following is a detailed description of this embodiment. Detailed descriptions of steps not related to the present invention are omitted herein.

Step 701, an eNB sends a switching request message to an HeNB;

step 702, the HeNB sends a switching request confirmation message to the eNB;

step 703, the eNB sends an RRC connection reconfiguration message to the UE;

step 704, the UE sends an RRC connection reconfiguration complete message to the HeNB;

step 705, the HeNB sends a path switching request message to the HeNB GW or MME. And the message is sent to a HeNB GW under the condition that HeNB BGW deployment exists, and is sent to an MME through the HeNB GW, and the message is directly sent to the MME under the condition that HeNB GW deployment does not exist.

The path switching request message includes CSG ID of the HeNB cell, and further includes that the cell access mode is a hybrid mode if the HeNB cell is in the hybrid access mode. If the destination cell is in the open access mode, the path switch request message may further include that the cell access mode is in the open mode, and at this time, the corresponding CSG id does not exist. Or when the HeNB is in the open mode, the HeNB does not need to include the access mode and the CSG ID, the HeNB GW knows that the target HeNB is in the open mode according to the absence of the access mode and the CSG identity, and the MME knows that the target HeNB is in the open mode according to the absence of the access mode and the CSG identity and the HeNB identity that the eNB identity is 28bit under the condition that the HeNB GW is not deployed, so that the access mode of the target HeNB in the open mode is verified in step 706.

Step 706: the HeNB GW or MME verifies that the access mode of the destination HeNB is valid. If the target cell is a CSG cell, the HeNB GW or the MME verifies that the CSG ID of the target HeNB cell is valid.

In case of HeNB GW deployment, the above verification is done by the HeNB GW. In case of no HeNBGW deployment, the above verification is done by the MME.

And under the condition that the HeNB GW is deployed, the HeNB GW sends a path switching request to the MME.

In step 707, the HeNB receives the path switching request acknowledgement message. The MME sends the message to the HeNB under the condition that the HeNB GW is not deployed, and the MME sends the message to the HeNB through the HeNB GW under the condition that the HeNB GW is deployed;

in step 708, the HeNB sends a release UE context message to the eNB.

Thus, the whole work flow of the sixth embodiment of the present invention is completed.

EXAMPLE seven

The seventh embodiment of the present invention supporting verification of a femto is specifically as follows:

in the process that the UE is switched to access the HeNB through S1, under the condition that the HeNB GW is deployed, the HeNB BGW executes the process of verifying the HeNB twice, the first verification is the same as that in the embodiment I, namely figure 2, the HeNB GW verifies the HeNB according to the information received from the MME, and the step of verification can be used for terminating the UE access attack base station as soon as possible. In order to avoid that the UE provides wrong information to the source base station, the verification in the second step is the same as that in the third embodiment, that is, fig. 4, and the HeNB GW verifies the HeNB according to the information from the destination HeNB, which ensures that the information received from the UE in the first step is correct. Through the two-step verification, incomplete verification is avoided on the basis of ensuring early verification.

Similarly, under the condition that no HeNB GW is deployed, in the process that the UE accesses the HeNB through S1 handover, the MME performs a process of verifying the HeNB twice, the first verification is the same as that in embodiment two, that is, fig. 3, and the MME verifies the HeNB according to the information received from the source base station, and through the verification in this step, the UE can be terminated to access the attack base station as early as possible. In order to avoid the UE providing wrong information to the source base station, the second step of verification is the same as the fourth embodiment, that is, fig. 5, and the MME verifies the HeNB according to the information from the destination HeNB, which ensures that the first step of verification that the information received from the UE is correct. Through the two-step verification, incomplete verification is avoided on the basis of ensuring early verification.

Thus, the whole work flow of the seventh embodiment of the present invention is completed.

As can be seen from the above, the method for supporting verification of the femtocell provided by the embodiment of the present invention can avoid the influence of an attack base station on the operator network, and ensure the security of the user accessing the network.

Finally, it should be understood that the above-mentioned embodiments are merely preferred embodiments of the present invention, and not intended to limit the present invention, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (9)

1. A method for supporting authentication of a home base station, the method comprising:

the MME sends the access mode of the target home base station received from the source base station to a home base station gateway;

and the home base station gateway verifies the validity of the access mode of the target home base station.

2. The method according to claim 1, wherein the MME further sends the CSG id to the hnb gateway, and the hnb gateway verifies the validity of the CSG id of the target hnb if the target cell is in closed subscriber group mode.

3. The method according to claim 1, wherein the access mode sent by the source base station to the MME and/or sent by the MME to the femto-gateway comprises an open mode, and the femto-gateway verifies the validity of the access mode of the femto-gateway in the open mode.

4. The method of claim 1, wherein the femto gateway knows that the destination cell is in the open mode based on the absence of the access mode and the CSG id in the message received from the MME, and wherein the femto gateway verifies the validity of the access mode of the femto in the open mode.

5. The method of claim 1, wherein the femto gateway knows that the target cell is a hybrid mode according to the existence of the CSG id and the member status in the message received from the MME, and wherein the femto gateway verifies the validity of the access mode of the target hybrid mode base station.

6. A method for supporting authentication of a home base station, the method comprising:

the target home base station receives the switching request message;

the target home base station sends the access mode and the CSG identification to an upper node thereof;

and the upper node of the target home base station verifies the validity of the access mode of the target home base station, and if the access mode is the closed user group mode, the validity of the CSG identification of the target home base station is verified.

7. The method according to claim 6, wherein the upper node of the destination hnb is the hnb gateway in case of the hnb gateway deployment.

8. The method according to claim 6, wherein the upper node of the destination hnb is MME without hnb gateway deployment.

9. A method for supporting authentication of a home base station, the method comprising:

a source base station sends a switching demand message to an MME, wherein the switching demand message comprises an access mode and a CSG mark of a target home base station;

and the MME verifies the validity of the access mode of the target home base station, and if the access mode is the closed user group mode, the MME verifies the validity of the CSG identification of the target home base station.