[go: up one dir, main page]

WO2018201440A1 - Communication method, device and system - Google Patents

Communication method, device and system Download PDF

Info

Publication number
WO2018201440A1
WO2018201440A1 PCT/CN2017/083190 CN2017083190W WO2018201440A1 WO 2018201440 A1 WO2018201440 A1 WO 2018201440A1 CN 2017083190 W CN2017083190 W CN 2017083190W WO 2018201440 A1 WO2018201440 A1 WO 2018201440A1
Authority
WO
WIPO (PCT)
Prior art keywords
nas
rrc parameter
mac
user equipment
base station
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2017/083190
Other languages
French (fr)
Chinese (zh)
Inventor
胡力
陈璟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to PCT/CN2017/083190 priority Critical patent/WO2018201440A1/en
Publication of WO2018201440A1 publication Critical patent/WO2018201440A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/082Access security using revocation of authorisation

Definitions

  • the present application relates to the field of communications technologies, and in particular, to a communication method, apparatus, and system.
  • LTE Long Term Evolution
  • UE user equipment
  • CSFB Circuit Switched Fallback
  • E-UTRAN extended universal terrestrial radio access network
  • GSM/EDGE radio access network GSM/EDGE radio access network
  • UMTS terrestrial radio access network Universal
  • the terrestrial radio access network UTRAN enables the network to transmit telephone services through a Circuit Switched Domain (CS domain).
  • CS domain Circuit Switched Domain
  • the CSFB process occurs before the access layer (AS) is activated.
  • the network side sends a Radio Resource Control (RRC) Connection Release (RRC Connection Release) message to the user equipment.
  • RRC Connection Release is sent.
  • RRC Radio Resource Control
  • the RRC Connection Release message is sent.
  • RRC Connection Release With the indication that the user equipment is connected to a target base station, there is no risk of being tampered with, forged or intercepted because the RRC Connection Release message does not have any security protection.
  • RRC Connection Release message does not have any security protection.
  • there is a man-in-the-middle attack that is, a 4G pseudo-source base station or a 5G pseudo-source base station uses a strong signal to cause the user equipment to camp on the source base station, and then falsifies the RRC Connection Release message, and passes the indication information in the RRC Connection Release message.
  • the user equipment is connected to another 2G pseudo target base station controlled by the attacker. Because the security protection of 2G is relatively poor compared
  • the embodiment of the invention discloses a communication method, device and system, which can identify the source base station and improve the security of the user equipment to perform CSFB.
  • the embodiment of the present invention provides a communication method, in which a user equipment sends an Extended Service Request message to a source base station, and the source base station sends a Mobility Management Entity (MME) to the mobility management entity according to the extended service request message.
  • MME Mobility Management Entity
  • the MME Transmitting a first RRC parameter, the first RRC parameter includes redirection information; the MME generates a non-access stratum-message verification code according to the non-access stratum (NAS) integrity key of the user equipment and the NAS -Message Authentication Code)
  • the second RRC parameter of the NAS-MAC, the NAS-MAC is obtained, the second RRC parameter includes the plaintext or ciphertext of the first RRC parameter;
  • the MME sends the NAS-MAC to the source base station;
  • the source base station sends the RRC to the user equipment a connection release message, the RRC connection release message includes a NAS-MAC and a second RRC parameter for generating a NAS-MAC;
  • the user equipment checks the NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment; and when the NAS-MAC
  • the verification is successful, the user equipment is redirected to the target base station indicated by the redirection information; when the NAS-MAC verification fails
  • the pseudo base station is a base station in the UE side, but it is a UE in the base station side, and the pseudo base station cannot send the correct RRC parameters to the MME.
  • the MME according to the embodiment of the present invention is The second RRC parameter sent by the source base station generates a NAS-MAC, and the MME sends the NAS-MAC to the UE through the source base station, and the UE verifies NAS-MAC, when the NAS-MAC check succeeds, the user equipment identifies the source base station as a real base station, and then redirects to the target base station indicated by the redirection information; when the NAS-MAC check fails, the user equipment identifies the source base station.
  • the pseudo base station is disconnected from the source base station, that is, the user equipment can check whether the currently received RRC parameter is a forged parameter or a tampering parameter, thereby preventing the pseudo base station from actively triggering the CSFB.
  • the process is such that the terminal is connected to the pseudo base station of the 2G, and the source base station can be identified to improve the security of the user equipment to perform CSFB.
  • the extended service request message is encapsulated in an RRC Connection Setup Complete message, and the extended service request message may include service type indication information, where the service type indication information is used to indicate that the service type requested by the UE is CSFB. For example, the call originating CS fallback of the calling party, the mobile terminating CS fallback of the called party, the mobile originating CS fallback emergency call, and the like.
  • the first RRC parameter may include redirection information, where the redirection information is used to indicate the target base station to which the user equipment is redirected, and the redirection information may include redirection control information or physical cell identity (PCI). At least one of the PCIs, the PCI is used to indicate the base station identity of the target base station to which the user equipment is redirected.
  • the redirection information includes the redirection control information
  • the UE may search for the PCI corresponding to the redirection control information, and then the base station corresponding to the PCI is used as the target base station, and is redirected to the target base station.
  • the UE may use the base station corresponding to the PCI as the target base station, and redirect to the target base station.
  • the first RRC parameter may further include a release cause (ReleaseCause, the cause value is fixed as CS Fallback High Priority), or system information related to PCI, and the like.
  • the second RRC parameter may include plaintext or ciphertext of the first RRC parameter.
  • the second RRC parameter is the same as the first RRC parameter.
  • the MME may encrypt the first RRC parameter according to the NAS encryption key of the user equipment, to obtain the first RRC.
  • the ciphertext of the parameter, and the ciphertext of the first RRC parameter is used as the second RRC parameter.
  • the MME may be configured according to the Access Security Management Entity (ASME) of the user equipment. And the NAS count (NAS COUNT), the derived NAS encryption key is obtained, and the MME can encrypt the first RRC parameter by using the derived NAS encryption key to obtain the ciphertext of the first RRC parameter, and the first RRC parameter The ciphertext is used as the second RRC parameter.
  • ASME Access Security Management Entity
  • NAS COUNT NAS count
  • the MME can encrypt the first RRC parameter by using the derived NAS encryption key to obtain the ciphertext of the first RRC parameter, and the first RRC parameter
  • the ciphertext is used as the second RRC parameter.
  • the MME may perform integrity protection on the second RRC parameter by using a NAS integrity key of the user equipment to generate a NAS-MAC.
  • the MME may perform integrity protection on the second RRC parameter and the NAS count by using the NAS integrity key of the user equipment to generate a NAS-MAC; the MME sends the NAS-MAC and the NAS count part bits to the source.
  • the base station sends an RRC connection release message to the user equipment, where the connection release message includes a NAS-MAC, a second RRC parameter, and a partial bit of the NAS count; the user equipment acquires the NAS count according to a part of the bit counted by the NAS; the user equipment The NAS-MAC is verified according to the NAS integrity key, the second RRC parameter, and the NAS count of the user equipment.
  • the NAS count is the freshness parameter of the NAS layer, and the NAS count can be updated in real time, and the NAS-MAC generated by the MME is different each time, and can resist the replay attack.
  • the MME obtains the derived NAS integrity key according to the ASME key of the user equipment and the NAS count. Key; the MME uses the derived NAS integrity key to perform integrity protection on the second RRC parameter to generate a NAS-MAC; the MME sends the NAS-MAC and NAS counted partial bits to the source base station; the source base station sends the user base station RRC connection release message, the RRC connection release message includes the NAS-MAC, the second RRC parameter, and a partial bit of the NAS count; the user equipment acquires the NAS count according to the partial bit counted by the NAS; the user equipment is based on the ASME key of the user equipment And NAS counting, obtaining a derived NAS integrity key; the user equipment checks the NAS-MAC according to the derived NAS integrity key and the second RRC parameter.
  • the NAS count is the freshness parameter of the NAS layer, and the NAS count can be updated in real time, and the derived NAS integrity keys obtained according to the NAS count each time are different, based on the derived NAS integrity key.
  • the generated NAS-MACs are also different and can resist replay attacks.
  • the MME encrypts the first RRC parameter by using the NAS encryption key of the user equipment to obtain a second RRC parameter; the MME uses the NAS integrity key of the user equipment to perform integrity protection on the second RRC parameter to generate the NAS.
  • -MAC the MME sends the NAS-MAC to the source base station; the source base station sends an RRC connection release message to the user equipment, the connection release message includes a NAS-MAC and a second RRC parameter; and the user equipment is based on the NAS integrity of the user equipment.
  • the key and the second RRC parameter are used to check the NAS-MAC.
  • the user equipment decrypts the second RRC parameter by using the NAS encryption key of the user equipment to obtain redirection information; To the target base station indicated by the redirect information.
  • the MME encrypts and protects the first RRC parameter sent by the source base station, and prevents the first RRC parameter from being forged, falsified, or monitored, and improves the security of the user equipment.
  • the MME encrypts the first RRC parameter by using the NAS encryption key of the user equipment to obtain a second RRC parameter; the MME uses the NAS integrity key of the user equipment to perform integrity protection on the second RRC parameter and the NAS count.
  • Generating a NAS-MAC the MME sends the NAS-MAC and the NAS to count the partial bits to the source base station; the source base station sends an RRC connection release message to the user equipment, where the connection release message includes the NAS-MAC, the second RRC parameter, and the NAS.
  • the user equipment obtains the NAS count according to the partial bits counted by the NAS; the user equipment checks the NAS-MAC according to the NAS integrity key, the second RRC parameter, and the NAS count of the user equipment; when NAS- When the MAC check succeeds, the user equipment decrypts the second RRC parameter by using the NAS encryption key of the user equipment to obtain redirection information; the user equipment is redirected to the target base station indicated by the redirection information.
  • the NAS count is the freshness parameter of the NAS layer, and the NAS count can be updated in real time, and the NAS-MAC generated by the MME is different each time, and can resist the replay attack.
  • the MME encrypts and protects the first RRC parameter sent by the source eNB, and prevents the first RRC parameter from being forged, falsified, or monitored, and improves the security of the user equipment.
  • the MME obtains the derived NAS integrity key and the derived NAS encryption key according to the ASME key and the NAS count of the user equipment; the MME encrypts the first RRC parameter by using the derived NAS encryption key to obtain the first a second RRC parameter; the MME performs integrity protection on the second RRC parameter by using the derived NAS integrity key to generate a NAS-MAC; the MME sends the NAS-MAC and the NAS to count the partial bits to the source base station; the source base station to the user
  • the device sends an RRC connection release message, where the RRC connection release message includes the NAS-MAC, the second RRC parameter, and a part of the bit counted by the NAS; the user equipment acquires the NAS count according to part of the bit counted by the NAS; and the user equipment is based on the ASME of the user equipment.
  • the NAS count is a freshness parameter of the NAS layer, and the NAS count can be updated in real time, and each time the derived NAS integrity key and the derived NAS encryption key obtained according to the NAS count are different, based on The second RRC parameters obtained by the derived NAS encryption key are different, and the NAS-MAC generated based on the derived NAS integrity key is also different, and can resist the replay attack.
  • the MME encrypts and protects the first RRC parameter sent by the source eNB, and prevents the first RRC parameter from being forged, falsified, or monitored, and improves the security of the user equipment.
  • an embodiment of the present invention provides a computer storage medium, where the computer storage medium stores a program, and the program includes all or part of the steps of the communication method provided by the first aspect of the embodiment of the present invention.
  • an embodiment of the present invention provides a communication apparatus, where the communication apparatus includes a module for performing the communication method disclosed in the first aspect of the embodiment of the present invention.
  • an embodiment of the present invention provides a base station, including a processor, a memory, and a transceiver.
  • the memory stores a set of program codes
  • the processor calls the program code stored in the memory to perform the following operations. :
  • an embodiment of the present invention provides a user equipment, including: a processor, a memory, and a transceiver, wherein the memory stores a set of program codes, and the processor calls the program code stored in the memory, and is configured to execute the following: operating:
  • the NAS integrity key and the second RRC parameter check the NAS-MAC; when the NAS-MAC check succeeds, redirect to the target base station indicated by the redirect information.
  • an embodiment of the present invention provides an MME, including a processor, a memory, and a transceiver, where a set of program codes is stored in the memory, and the processor calls the program code stored in the memory to perform the following operations. :
  • the redirection information is used to indicate a target base station that is redirected by the user equipment, and the NAS integrity key is generated according to the user equipment and the NAS-MAC is generated.
  • the second RRC parameter obtains a NAS-MAC, and the second RRC parameter includes a plaintext or a ciphertext of the first RRC parameter; and sends the NAS-MAC to the source base station.
  • the seventh aspect of the present invention provides a communication system, including the base station disclosed in the fourth aspect of the embodiment of the present invention, the user equipment disclosed in the fifth aspect, and the MME disclosed in the sixth aspect.
  • FIG. 1 is a schematic structural diagram of a communication system according to an embodiment of the present invention.
  • FIG. 2 is a schematic flow chart of a communication method according to an embodiment of the present invention.
  • FIG. 3 is a schematic flow chart of a communication method according to another embodiment of the present invention.
  • FIG. 4 is a schematic flow chart of a communication method according to another embodiment of the present invention.
  • FIG. 5 is a schematic flowchart of a communication method according to another embodiment of the present invention.
  • FIG. 6 is a schematic flow chart of a communication method according to another embodiment of the present invention.
  • FIG. 7 is a schematic flowchart of a communication method according to another embodiment of the present invention.
  • FIG. 8 is a schematic flowchart diagram of a communication method according to another embodiment of the present invention.
  • FIG. 9 is a schematic flowchart diagram of a communication method according to another embodiment of the present invention.
  • FIG. 10 is a schematic flowchart diagram of a communication method according to another embodiment of the present invention.
  • FIG. 11 is a schematic structural diagram of a communication apparatus according to an embodiment of the present invention.
  • FIG. 12 is a schematic structural diagram of a base station according to an embodiment of the present disclosure.
  • FIG. 13 is a schematic structural diagram of a communication apparatus according to another embodiment of the present invention.
  • FIG. 14 is a schematic structural diagram of a user equipment according to an embodiment of the present disclosure.
  • FIG. 15 is a schematic structural diagram of a communication apparatus according to another embodiment of the present invention.
  • 16 is a schematic structural diagram of a mobility management entity according to an embodiment of the present invention.
  • FIG. 17 is a schematic structural diagram of a communication system according to an embodiment of the present invention.
  • FIG. 1 is a schematic structural diagram of a communication system according to an embodiment of the present invention.
  • the communication system may include a user equipment 10, a General Packet Radio Service (GPRS) service support node (SGSN) 20, and an MME 30.
  • GPRS General Packet Radio Service
  • the user equipment 10, the SGSN 20, and the MME 30 can perform data transmission through a communication connection.
  • GPRS General Packet Radio Service
  • the user equipment 10 may establish a communication connection with the MME 30 through the E-UTRAN, and the base station in the E-UTRAN may include an evolved base station (eNB) or the like.
  • the user equipment 10 can establish a communication connection with the SGSN 20 through the UTRAN or the GERAN.
  • the base station in the UTRAN can include a Base Transceiver Station (BTS) or a Base Station Controller (BSC), and the base station in the GERAN. It may include a base station (NodeB, NB) or a radio network controller (RNC). Wait.
  • BTS Base Transceiver Station
  • BSC Base Station Controller
  • RNC radio network controller
  • the user equipment 10 may be referred to as a mobile station, an access terminal, a subscriber unit, a subscriber station, a mobile station, a remote station, a remote terminal, a mobile device, a terminal, a wireless communication device, a user agent, or a user device, etc., which may specifically be Stations in the WLAN (Station, ST), cellular phones, cordless phones, Session Initiation Protocol (SIP) phones, Wireless Local Loop (WLL) stations, Personal Digital Assistant (PDA) ), handheld devices with wireless communication capabilities, computing devices, other processing devices connected to wireless modems, in-vehicle devices, wearable devices, mobile stations in future 5G networks, and the future evolution of the Public Land Mobile Network (Public Land Mobile Network, PLMN) Any of terminal devices and the like in the network.
  • WLAN Wireless Local Loop
  • PDA Personal Digital Assistant
  • the MME 30 is a key control node of the 3GPP protocol LTE access network, and can be used for encryption and integrity protection of NAS signaling.
  • GSM Global System for Mobile Communication
  • CDMA Code Division Multiple Access
  • WCDMA Wideband Code Division Multiple Access
  • GPRS General Packet Radio Service
  • LTE LTE
  • FDD Frequency Division Duplex
  • TDD Time Division Duplex
  • UMTS Universal Mobile Telecommunication System
  • WiMAX Worldwide Interoperability for Microwave Access
  • FIG. 2 is a schematic diagram of a communication method according to the embodiment of the present invention. The method includes, but is not limited to, the following steps:
  • Step S201 The source base station receives an extended service request message from the user equipment.
  • the source base station may be an eNB in an LTE system.
  • the extended service request message may be encapsulated in an RRC connection setup complete message.
  • the extended service request message may include service type indication information, where the service type indication information is used to indicate that the service type requested by the UE is CSFB, for example, the circuit switched domain of the calling party falls back, the called circuit switched domain falls back, and the emergency call is The circuit switched domain falls back and so on.
  • Step S202 The source base station sends a first RRC parameter to the MME according to the extended service request message, where the first RRC parameter includes redirection information.
  • the first RRC parameter includes redirection information, and the redirection information is used to indicate a target base station that is redirected by the user equipment.
  • the redirection information may include at least one of redirection control information and PCI.
  • the redirection control information may be used to indicate a target base station to which the user equipment is redirected, for example, may be an identifier of the target base station.
  • the PCI can be used to distinguish different cells. For example, the cell corresponding to the PCI can be searched, and the base station to which the cell belongs is used as the target base station, so as to be redirected to the target base station.
  • the first RRC parameter may be part or all parameters included in the RRC connection release message sent by the source base station to the UE, for example, redirection information, release reason, system information related to the PCI, and the like.
  • the PCI related system information includes system parameters of a cell corresponding to the PCI, for example, a service frequency point, a neighbor frequency point, normal or shared channel information, and the like.
  • Step S203 The source base station receives the NAS-MAC from the MME.
  • the method further includes the source base station receiving a partial bit of the NAS count from the MME.
  • the method further includes the source base station receiving the second RRC parameter from the MME.
  • the second RRC parameter is a generation parameter of the NAS-MAC, and the second RRC parameter includes a plaintext or a ciphertext of the first RRC parameter.
  • Step S204 The source base station sends an RRC connection release message to the user equipment, where the RRC connection release message includes a NAS-MAC and a second RRC parameter.
  • the RRC Connection Release message sent by the source base station to the user equipment may further include a partial bit of the NAS count, for example, the lower 4 bits of the NAS count.
  • the RRC connection release message sent by the source base station to the user equipment may further include the second RRC parameter.
  • the source base station sends a first RRC parameter to the MME according to the extended service request message sent by the user equipment, receives the NAS-MAC from the MME, and sends an RRC connection release message to the user equipment, where the RRC connection release message includes The NAS-MAC and the second RRC parameter, the second RRC parameter is a NAS-MAC generation parameter, and the second RRC parameter includes a plaintext or a ciphertext of the first RRC parameter, and the pseudo base station cannot notify the MME of the correct first RRC parameter. Therefore, the user equipment cannot be sunk to 2G by tampering with the first RRC parameter, and the security of the user equipment to perform CSFB is improved.
  • FIG. 3 is a schematic diagram of a communication method according to an embodiment of the present invention. The method includes, but is not limited to, the following steps:
  • Step S301 The user equipment sends an extended service request message to the source base station.
  • Step S302 The user equipment receives an RRC connection release message sent by the source base station, where the RRC connection release message includes a NAS-MAC and a second RRC parameter.
  • the second RRC parameter is a generation parameter of the NAS-MAC, and the second RRC parameter includes redirection information, where the redirection information is used to indicate the target base station to which the user equipment is redirected.
  • the second RRC parameter may include plaintext or ciphertext of the first RRC parameter.
  • the first RRC parameter may include redirection information.
  • the RRC Connection Release message may also include a partial bit of the NAS count.
  • Step S303 The user equipment checks the NAS-MAC according to the NAS integrity key of the user equipment and the second RRC parameter.
  • the user equipment may perform integrity protection on the second RRC parameter based on the NAS integrity algorithm between the MME and the NAS integrity key of the user equipment to generate a NAS-MAC; the user equipment the user The NAS-MAC generated by the device is compared with the NAS-MAC in the RRC connection release message.
  • the NAS-MAC check succeeds.
  • the NAS-MAC generated by the user equipment is different from the NAS-MAC in the RRC Connection Release message, the NAS-MAC check fails.
  • the user equipment may acquire the NAS count according to the partial bits of the NAS count, and according to the NAS integrity key, the second RRC parameter, and the NAS count. , verify the NAS-MAC.
  • the user equipment may obtain the NAS count corresponding to the partial bits of the NAS count according to the correspondence between the partial bits of the NAS count and the NAS count.
  • the user equipment may perform integrity protection on the second RRC parameter and the acquired NAS count based on the NAS integrity algorithm between the MME and the NAS integrity key of the user equipment to generate a NAS-MAC; the user equipment will The NAS-MAC generated by the user equipment is compared with the NAS-MAC in the RRC connection release message.
  • the NAS-MAC check succeeds;
  • the NAS-MAC generated by the user equipment is different from the NAS-MAC in the RRC Connection Release message, the NAS-MAC check fails.
  • the user equipment may acquire the NAS count according to the partial bits of the NAS count, according to the ASME key (eg, Kasme) and NAS count of the user equipment. Obtain a derived NAS integrity key and verify the NAS-MAC according to the derived NAS integrity key and the second RRC parameter.
  • ASME key eg, Kasme
  • the user equipment may process the ASME key of the user equipment and the obtained NAS count by using a key derivation algorithm between the user equipment and the MME to obtain a derived NAS integrity key.
  • the user equipment may perform integrity protection on the second RRC parameter based on the NAS integrity algorithm between the MME and the obtained NAS integrity algorithm to generate the NAS-MAC.
  • the user equipment compares the NAS-MAC generated by the user equipment with the NAS-MAC in the RRC connection release message.
  • the NAS-MAC school The success is successful; when the NAS-MAC generated by the user equipment and the NAS-MAC in the RRC Connection Release message are different, the NAS-MAC check fails.
  • Step S304 When the NAS-MAC verification is successful, the user equipment is redirected to the target base station indicated by the redirection information.
  • the user equipment may decrypt the second RRC parameter by using the NAS encryption key of the user equipment, and obtain the weight.
  • the information is directed and redirected to the target base station indicated by the redirect information.
  • the user equipment may obtain the derived NAS encryption key according to the ASME key and the NAS count of the user equipment. Decrypting the second RRC parameter using the derived NAS encryption key, obtaining redirection information, and redirecting to the target base station indicated by the redirection information.
  • the user equipment can disconnect from the source base station.
  • the user equipment receives the NAS-MAC and the second RRC parameter sent by the source base station, the second RRC parameter is a NAS-MAC generation parameter, and the second RRC parameter includes redirection information, and the user equipment is based on the user.
  • the NAS integrity key and the second RRC parameter of the device verify the NAS-MAC.
  • the user equipment is redirected to the target base station indicated by the redirection information, and the user equipment passes the verification NAS-MAC.
  • the identification of the source base station can improve the security of the user equipment to perform CSFB.
  • FIG. 4 is a schematic diagram of a communication method according to the embodiment of the present invention. The method includes, but is not limited to, the following steps:
  • Step S401 The MME receives the first RRC parameter from the source base station of the user equipment, where the first RRC parameter includes redirection information.
  • Step S402 The MME obtains the NAS-MAC according to the NAS integrity key of the user equipment and the second RRC parameter, and the second RRC parameter is a generation parameter of the NAS-MAC.
  • the MME may perform integrity protection on the second RRC parameter based on the NAS integrity algorithm negotiated with the user equipment and the NAS integrity key of the user equipment to generate a NAS-MAC.
  • the second RRC parameter may include plaintext or ciphertext of the first RRC parameter.
  • the second RRC parameter For the second RRC parameter, the first RRC parameter, and the redirection information, refer to the related description in the embodiment shown in FIG. 2, and details are not described herein.
  • the MME may perform integrity protection on the second RRC parameter using the NAS integrity key of the user equipment to generate a NAS-MAC.
  • the second RRC parameter in this example may be the plaintext of the first RRC parameter.
  • the MME may perform integrity protection on the second RRC parameter and the NAS count using the NAS integrity key of the user equipment to generate a NAS-MAC.
  • the second RRC parameter in this example may be the plaintext of the first RRC parameter.
  • the MME may use the NAS encryption key of the user equipment to encrypt the first RRC parameter to obtain the second RRC. parameter.
  • the second RRC parameter in this example may be the ciphertext of the first RRC parameter.
  • the MME may obtain a derived NAS integrity key according to the ASME key and the NAS count of the user equipment, and perform integrity protection on the second RRC parameter using the derived NAS integrity key to generate a NAS-MAC.
  • the second RRC parameter in this example may be the plaintext of the first RRC parameter.
  • the MME may obtain the derived NAS encryption key according to the ASME key and the NAS count of the user equipment, and use The derived NAS encryption key encrypts the first RRC parameter to obtain a second RRC parameter.
  • the second RRC parameter in this example may be the ciphertext of the first RRC parameter.
  • Step S403 The MME sends the NAS-MAC to the source base station.
  • the MME may send the NAS-MAC and the second RRC parameter to the source base station.
  • the MME may send the NAS-MAC and the second RRC parameter to the source base station.
  • the MME may send the NAS-MAC and the NAS to the source base station. Part of the bit counted.
  • the MME obtains the derived NAS integrity key according to the ASME key and the NAS count of the user equipment, and uses the derived NAS integrity key to perform integrity protection on the second RRC parameter to generate the NAS-MAC.
  • the MME may send the NAS-MAC and some bits of the NAS count to the source base station.
  • the MME obtains the derived NAS integrity key and the derived NAS encryption key according to the ASME key and the NAS count of the user equipment, and the MME uses the derived NAS encryption key to perform the first RRC parameter. Encrypting, obtaining the second RRC parameter, and performing integrity protection on the second RRC parameter by using the derived NAS integrity key to generate a NAS-MAC, where the MME may send the NAS-MAC and the NAS count part of the bit to the source base station. .
  • the MME receives a first RRC parameter from a source base station of the user equipment, where the first RRC parameter includes redirection information, and obtains NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment.
  • the second RRC parameter is a NAS-MAC generation parameter, and sends a NAS-MAC to the source base station.
  • the MME uses the NAS integrity key of the UE to perform integrity protection on the second RRC parameter, thereby avoiding tampering with the first RRC parameter. Improve the security of user equipment to perform CSFB.
  • FIG. 5 is a schematic diagram of a communication system according to the embodiment of the present invention. The method includes, but is not limited to, the following steps:
  • Step S501 The UE sends an extended service request message to the source base station.
  • the source base station may be an eNB in an LTE system.
  • the UE when the UE is ready to connect to the network, the UE may send an Extended Service Request message to the eNB.
  • the UE when the UE is ready to connect to the network, the UE may actively send an RRC Connection Request (RRC Conncetion Request) message to the eNB, and the RRC connection request message may carry an establishment cause of the UE requesting to establish an RRC connection.
  • the eNB transmits an RRC Connection Setup message to the UE in response to the RRC Connection Request message.
  • the UE transmits an extended service request message carrying the service type indication information to the eNB in response to the RRC connection setup message.
  • the service type indication information is used to indicate that the service type requested by the UE is CSFB, for example, the circuit switched domain of the calling party falls back, the circuit switched domain of the called party falls back, and the circuit switched domain of the emergency call falls back.
  • Step S502 The source base station sends the first RRC parameter to the MME according to the extended service request message.
  • the first RRC parameter includes redirection information, and the redirection information is used to indicate a target base station that is redirected by the user equipment.
  • the redirection information may include at least one of redirection control information and PCI.
  • redirection information the redirection control information, the PCI, the first RRC parameter, the second RRC parameter, and the like may be referred to the related description in the implementation shown in any of the figures in FIG.
  • the eNB may send an initializing UE message to the MME, and the initializing UE message carries the first RRC parameter.
  • the first RRC parameter may be part or all parameters included in the RRC connection release message sent by the eNB to the UE, for example, redirection information, release reason, system information related to the PCI, and the like.
  • the initialization UE message may be encapsulated with an extended service request message.
  • the eNB may The following two methods are used to learn that the first RRC parameter needs to be carried in the initialization UE message.
  • the first mode if the UE actively sends an RRC connection request message to the eNB, the eNB may acquire the reason that the UE carried in the RRC connection request message requests to establish an RRC connection, and the reason that the UE requests to establish an RRC connection indicates that the UE will initiate the CSFB or initiate the initiation.
  • the connection type includes CSFB
  • the eNB may send an initialization UE message carrying the first RRC parameter to the MME.
  • the second mode When the eNB receives the extended service request message, the eNB may send an initial UE message carrying the first RRC parameter to the MME.
  • the eNB may identify the service type indication information carried in the extended service request message, and when the service type indication information is used to indicate that the service type requested by the UE is CSFB, the eNB may send the initialization that carries the first RRC parameter to the MME. UE message.
  • Step S503 The MME performs integrity protection on the second RRC parameter by using the NAS integrity key of the UE, and generates a NAS-MAC.
  • the MME may decide to perform CSFB according to the extended service request message, and then based on the NAS integrity algorithm negotiated with the UE, and the NAS integrity key Knas-int pair of the UE.
  • the second RRC parameter performs integrity protection to generate a NAS-MAC.
  • the second RRC parameter may be the plaintext of the first RRC parameter.
  • Step S504 The MME sends the NAS-MAC to the source base station.
  • the MME may send a UE Context Modification Request message to the eNB, and the UE context change request message may include the generated NAS-MAC.
  • the UE context change request message may further include CS Fallback Indication information, where the CSFB indication information is used to indicate that the source base station performs CSFB on the UE.
  • Step S505 The source base station sends an RRC connection release message to the UE, where the RRC connection release message includes a NAS-MAC and a second RRC parameter.
  • the source base station may send an RRC connection release message to the UE in response to the CSFB indication information, where the RRC connection release message may include the NAS in the UE context change request message.
  • the source base station may update the first RRC parameter according to the UE context change request message, and the source base station may compare the first RRC parameter sent to the MME in step S502 with the updated first RRC parameter, When the first RRC parameter sent to the MME and the updated first RRC parameter are different in step S502, the source base station may send the updated first RRC parameter to the MME, and the MME is updated based on the updated first RRC parameter.
  • the second RRC parameter is followed, and the updated second RRC parameter is used for integrity protection using the NAS integrity key of the UE to generate an updated NAS-MAC, and the source base station receives the updated NAS-MAC sent by the MME.
  • the RRC connection release message may be sent to the UE, where the RRC connection release message includes the updated NAS-MAC and the updated second RRC parameter.
  • the source eNB may determine that the first RRC parameter remains unchanged, that is, the first RRC parameter sent to the MME in step S502 is the same as the second RRC parameter that needs to be sent to the UE, and the source The base station may send an RRC connection release message to the UE, where the RRC connection release message includes the NAS-MAC generated by the MME in step S503 and the first RRC parameter sent to the MME in step S502.
  • Step S506 The UE checks the NAS-MAC by using the NAS integrity key and the second RRC parameter of the UE.
  • the UE may use its own NAS based on the NAS integrity algorithm negotiated with the MME.
  • the integrity key protects the integrity of the second RRC parameter to generate a NAS-MAC, and the UE can compare the NAS-MAC generated by the UE with the NAS-MAC in the RRC Connection Release message, and the NAS-MAC generated by the UE
  • the UE may determine that the NAS-MAC check is successful; when the NAS-MAC generated by the UE and the NAS-MAC in the RRC Connection Release message are different, the UE may determine the NAS-MAC calibration. The test failed.
  • Step S507 When the NAS-MAC check succeeds, the UE redirects to the target base station indicated by the redirection information.
  • the UE may redirect to the 2G base station indicated by the redirection information to implement CSFB.
  • Step S508 When the NAS-MAC check fails, the UE disconnects from the source base station.
  • the UE may release the currently connected source base station and reselect one base station to access.
  • the MME performs integrity protection on the second RRC parameter using the NAS integrity key of the UE to generate a NAS-MAC, because the pseudo base station cannot notify the MME by initializing the UE message by correcting the first RRC parameter. It does not have the NAS integrity key of the UE, so the UE cannot be sunk to 2G by tampering with the second RRC parameter, and a threat scenario is solved. After the NAS-MAC check fails, the UE can disconnect from the pseudo base station. The connection between the two increases the security of the UE.
  • FIG. 6 is a schematic diagram of a communication method according to another embodiment of the present invention. The method includes, but is not limited to, the following steps:
  • Step S601 The UE sends an extended service request message to the source base station.
  • step S601 in the embodiment of the present invention reference may be made to the step S501 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.
  • Step S602 The source base station sends the first RRC parameter to the MME according to the extended service request message.
  • step S602 in the embodiment of the present invention reference may be made to the step S502 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.
  • Step S603 The MME performs integrity protection on the second RRC parameter and the NAS count by using the NAS integrity key of the UE, and generates a NAS-MAC.
  • the MME may acquire the NAS count in the context of the corresponding UE, and based on the NAS integrity algorithm negotiated with the UE, and the NAS integrity key of the UE. And performing integrity protection on the second RRC parameter and the acquired NAS count to generate a NAS-MAC.
  • the NAS count obtained by the MME may be a downlink NAS count.
  • the second RRC parameter may be the plaintext of the first RRC parameter.
  • Step S604 The MME sends partial bits of the NAS-MAC and NAS count to the source base station.
  • the MME may send a UE context change request message to the eNB, where the UE context change request message may include the generated NAS-MAC and a part of the bit counted by the NAS.
  • the partial bits of the NAS count can be the lower 3-8 bits of the NAS count.
  • the UE Context Change Request message may further include CSFB indication information for indicating that the source base station performs CSFB on the UE.
  • Step S605 The source base station sends an RRC connection release message to the UE, where the RRC connection release message includes a NAS-MAC, a second RRC parameter, and a partial bit of the NAS count.
  • the source base station may send an RRC connection release message to the UE in response to the CSFB indication information, where the RRC connection release message may include the NAS in the UE context change request message.
  • the source base station may update the first RRC parameter according to the UE context change request message, and the source base station may compare the first RRC parameter sent to the MME in step S602 with the updated first RRC parameter, When the first RRC parameter sent to the MME and the updated first RRC parameter are different in step S602, the source base station may send the updated first RRC parameter to the MME, and the MME is updated based on the updated first RRC parameter.
  • the second RRC parameter is followed, and the updated second RRC parameter and the NAS count are integrity-protected using the NAS integrity key of the UE, and the updated NAS-MAC is generated, and the source base station receives the updated MME sent After the NAS-MAC, the RRC connection release message may be sent to the UE, where the RRC connection release message includes the updated NAS-MAC, the updated second RRC parameter, and a partial bit of the NAS count.
  • the source eNB may determine that the first RRC parameter remains unchanged, that is, the first RRC parameter sent to the MME in step S602 is the same as the second RRC parameter that needs to be sent to the UE, and the source The base station may send an RRC connection release message to the UE, where the RRC connection release message includes the NAS-MAC generated by the MME in step S603, the first RRC parameter sent to the MME in step S602, and a partial bit of the NAS count.
  • Step S606 The UE acquires the NAS count according to part of the bits counted by the NAS.
  • the UE may obtain the NAS count corresponding to the partial bits of the NAS count according to the correspondence between the partial bits of the NAS count and the NAS count.
  • the partial bits of each NAS count and their corresponding NAS counts may be pre-stored in the memory of the UE.
  • Step S607 The UE checks the NAS-MAC by using the NAS integrity key of the UE, the second RRC parameter, and the acquired NAS count.
  • the UE may perform integrity protection on the second RRC parameter and the acquired NAS count based on the NAS integrity algorithm negotiated with the MME and the NAS integrity key of the UE, and generate a NAS-MAC.
  • the UE may compare the NAS-MAC generated by the UE with the NAS-MAC in the RRC Connection Release message. When the NAS-MAC generated by the UE and the NAS-MAC in the RRC Connection Release message are the same, the UE may determine the NAS-MAC check. Successful; when the NAS-MAC generated by the UE and the NAS-MAC in the RRC Connection Release message are different, the UE may determine that the NAS-MAC check fails.
  • Step S608 When the NAS-MAC check succeeds, the UE redirects to the target base station indicated by the redirection information.
  • step S608 in the embodiment of the present invention reference may be made to the step S507 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.
  • Step S609 When the NAS-MAC check fails, the UE disconnects from the source base station.
  • step S609 in the embodiment of the present invention reference may be made to the step S508 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.
  • redirection information the redirection control information, the PCI, the first RRC parameter, the second RRC parameter, and the like may be referred to the related description in the implementation shown in any of the figures in FIG.
  • the MME In the method described in FIG. 6, the MME generates a NAS-MAC according to the NAS count and the RRC parameters, and carries a partial bit of the NAS count in the downlink message. Since the NAS count is a fresh parameter of the NAS layer, the NAS-MACs generated each time are different, and thus can resist the replay attack.
  • FIG. 7 is a schematic diagram of a communication method according to another embodiment of the present invention. The method includes, but is not limited to, the following steps:
  • Step S701 The UE sends an extended service request message to the source base station.
  • step S701 in the embodiment of the present invention reference may be made to the step S501 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.
  • Step S702 The source base station sends the first RRC parameter to the MME according to the extended service request message.
  • step S702 in the embodiment of the present invention reference may be made to the step S502 in the fifth embodiment, which is not repeatedly described in the embodiment of the present invention.
  • Step S703 The MME obtains the derived NAS integrity key according to the ASME key of the UE and the NAS count.
  • the MME may process the ASME key and the NAS count of the UE by using a key derivation algorithm that is preset or negotiated with the UE to obtain a derived NAS integrity key Kcsfb.
  • the MME may process the ASME key, the NAS count, and the first preset constant of the UE by using a key derivation algorithm negotiated with the UE to obtain a derived NAS integrity key Kcsfb.
  • the first preset constant can be a string such as "CSFB-INT”.
  • Step S704 The MME performs integrity protection on the second RRC parameter by using the derived NAS integrity key to generate a NAS-MAC.
  • the MME may decide to perform CSFB according to the extended service request message, and further obtain a NAS integrity algorithm based on the negotiated NAS integrity algorithm, and obtain the derived NAS integrity key pair second RRC.
  • the parameters are integrity protected and the NAS-MAC is generated.
  • the second RRC parameter may be the plaintext of the first RRC parameter.
  • Step S705 The MME sends partial bits of the NAS-MAC and NAS count to the source base station.
  • the MME may send a UE context change request message to the eNB, where the UE context change request message may include the generated NAS-MAC and a part of the bit counted by the NAS.
  • the partial bits of the NAS count can be the lower 3-8 bits of the NAS count.
  • the UE context change request message may also include a first preset constant.
  • the UE Context Change Request message may further include CSFB indication information for indicating that the source base station performs CSFB on the UE.
  • Step S706 The source base station sends an RRC connection release message to the UE, where the RRC connection release message includes a NAS-MAC, a second RRC parameter, and a partial bit of the NAS count.
  • the source base station may send an RRC connection release message to the UE in response to the CSFB indication information, where the RRC connection release message may include the NAS in the UE context change request message.
  • the RRC Connection Release message may further include a first preset constant.
  • the source eNB may update the first RRC parameter according to the UE context change request message, and the source eNB may compare the first RRC parameter sent to the MME in step S702 with the updated first RRC parameter, when When the first RRC parameter sent to the MME and the updated first RRC parameter are different, the source base station may send the updated first RRC parameter to the MME, and the MME obtains the derivative according to the ASME key and the NAS count of the UE.
  • the NAS integrity key the MME obtains the updated second RRC parameter based on the updated first RRC parameter, and performs integrity protection on the updated second RRC parameter by using the derived NAS integrity key, and generates an updated
  • the source base station may send an RRC connection release message to the UE, where the RRC connection release message includes the updated NAS-MAC, the updated second RRC parameter, and the Part of the bit counted by the NAS.
  • the source eNB may determine that the first RRC parameter remains unchanged, that is, the first RRC parameter sent to the MME in step S702 is the same as the second RRC parameter that needs to be sent to the UE, and the source The base station may send an RRC connection release message to the UE, where the RRC connection release message includes the NAS-MAC generated by the MME in step S704 and the first RRC parameter sent to the MME in step S702.
  • Step S707 The UE acquires the NAS count according to part of the bits counted by the NAS.
  • step S707 in the embodiment of the present invention reference may be made to the step S606 in the sixth embodiment, which is not repeatedly described in the embodiment of the present invention.
  • Step S708 The UE obtains the derived NAS integrity key by using the ASME key of the UE and the acquired NAS count.
  • the UE may process the ASME key and the acquired NAS count by using a key derivation algorithm that is preset or negotiated with the MME to obtain a derived NAS integrity key.
  • the UE may process its ASME key, NAS count, and first preset constant by a key derivation algorithm negotiated with the MME to obtain a derived NAS integrity key Kcsfb.
  • Step S709 The UE verifies the NAS-MAC by using the obtained derived NAS integrity key and the second RRC parameter.
  • the UE may perform integrity protection on the second RRC parameter based on the NAS integrity algorithm negotiated with the MME and the obtained derived NAS integrity key to generate a NAS-MAC, and then the UE may generate the UE.
  • the NAS-MAC compares with the NAS-MAC in the RRC Connection Release message. When the NAS-MAC generated by the UE and the NAS-MAC in the RRC Connection Release message are the same, the UE may determine that the NAS-MAC check is successful; when the UE generates When the NAS-MAC in the NAS-MAC and the RRC Connection Release message are different, the UE may determine that the NAS-MAC check fails.
  • Step S710 When the NAS-MAC check succeeds, the UE redirects to the target base station indicated by the redirection information.
  • step S710 in the embodiment of the present invention reference may be made to the step S507 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.
  • Step S711 When the NAS-MAC check fails, the UE disconnects from the source base station.
  • step S711 in the embodiment of the present invention refer to the step S508 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.
  • redirection information the redirection control information, the PCI, the first RRC parameter, the second RRC parameter, and the like may be referred to the related description in the implementation shown in any of the figures in FIG.
  • the MME obtains the derived NAS integrity key according to the ASME key and the NAS count of the UE, and performs integrity protection on the RRC parameters using the derived NAS integrity key to obtain the NAS-MAC. Since the NAS count is a fresh parameter of the NAS layer, the derived NAS integrity keys obtained each time are different, resulting in different NAS-MACs generated each time, thereby being resistant to replay attacks.
  • FIG. 8 is a schematic diagram of a communication method according to another embodiment of the present invention. The method includes, but is not limited to, the following steps:
  • Step S801 The UE sends an extended service request message to the source base station.
  • step S801 in the embodiment of the present invention reference may be made to the step S501 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.
  • Step S802 The source base station sends the first RRC parameter to the MME according to the extended service request message.
  • step S802 in the embodiment of the present invention reference may be made to the step S502 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.
  • Step S803 The MME encrypts the first RRC parameter by using the NAS encryption key of the UE, to obtain a second RRC parameter.
  • the MME may decide to perform CSFB according to the extended service request message, and further base the algorithm based on the NAS confidentiality algorithm negotiated with the UE and the NAS encryption key Knas-enc of the UE.
  • the first RRC parameter sent by the base station is encrypted to obtain a second RRC parameter.
  • the second RRC parameter may be a ciphertext of the first RRC parameter.
  • Step S804 The MME performs integrity protection on the second RRC parameter by using the NAS integrity key of the UE, and generates a NAS-MAC.
  • the MME may perform integrity protection on the second RRC parameter based on the NAS integrity algorithm negotiated with the UE and the NAS integrity key of the UE to generate a NAS-MAC.
  • the MME may perform integrity protection on the first RRC parameters based on the NAS integrity algorithm negotiated with the UE and the NAS integrity key of the UE to generate a NAS-MAC.
  • Step S805 The MME sends the NAS-MAC and the second RRC parameter to the source base station.
  • Step S806 The source base station sends an RRC connection release message to the UE, where the RRC connection release message includes a NAS-MAC and a second RRC parameter.
  • the source base station may update the first RRC parameter according to the UE context change request message, and the source base station may compare the first RRC parameter sent to the MME in step S802 with the updated first RRC parameter, when When the first RRC parameter sent to the MME in step S802 is different from the updated first RRC parameter, the source base station may send the updated first RRC parameter to the MME, and the MME uses the NAS encryption key pair of the UE to update the number. An RRC parameter is encrypted, and the updated second RRC parameter is obtained. The MME performs integrity protection on the updated second RRC parameter according to the NAS integrity key of the UE, generates an updated NAS-MAC, and the source base station receives the MME.
  • the RRC connection release message may be sent to the UE, where the RRC connection release message includes the updated NAS-MAC and the updated second RRC parameter.
  • the source eNB may determine that the first RRC parameter remains unchanged, that is, the information included in the first RRC parameter sent to the MME in step S802 and the second RRC that needs to be sent to the UE.
  • the information included in the parameter is the same, and the source base station may send an RRC connection release message to the UE, where the RRC connection release message includes the NAS-MAC and the second RRC parameter generated by the MME in step S804.
  • Step S807 The UE checks the NAS-MAC by using the NAS integrity key and the second RRC parameter of the UE.
  • the UE may perform integrity protection on the second RRC parameter based on the NAS integrity algorithm negotiated with the MME and the NAS integrity key of the UE, and generate a NAS-MAC, and then the UE may generate the NAS by the UE.
  • -MAC and NAS-MAC in the RRC Connection Release message are compared.
  • the UE may determine that the NAS-MAC check is successful; when the NAS generated by the UE When the MAC-MAC and the RRC Connection Release message are not the same, the UE may determine that the NAS-MAC check fails.
  • Step S808 When the NAS-MAC check succeeds, the UE decrypts the second RRC parameter by using the NAS encryption key of the UE, to obtain redirection information.
  • the UE may decrypt the second RRC parameter based on the NAS confidentiality algorithm negotiated with the MME and the NAS encryption key of the UE, to obtain redirection information.
  • Step S809 The UE redirects to the target base station indicated by the redirection information.
  • Step S810 When the NAS-MAC check fails, the UE disconnects from the source base station.
  • redirection information the redirection control information, the PCI, the first RRC parameter, the second RRC parameter, and the like may be referred to the related description in the implementation shown in any of the figures in FIG.
  • the MME adds encryption protection to the first RRC parameter sent by the source base station, which can prevent the first RRC parameter from being forged, falsified or monitored, and improve the security of the first RRC parameter.
  • FIG. 9 is a schematic diagram of a communication method according to another embodiment of the present invention. The method includes, but is not limited to, the following steps:
  • Step S901 The UE sends an extended service request message to the source base station.
  • step S901 in the embodiment of the present invention reference may be made to the step S501 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.
  • Step S902 The source base station sends the first RRC parameter to the MME according to the extended service request message.
  • step S902 in the embodiment of the present invention reference may be made to the step S502 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.
  • Step S903 The MME encrypts the first RRC parameter by using the NAS encryption key of the UE, to obtain a second RRC parameter.
  • step S903 in the embodiment of the present invention reference may be made to the step S803 in the eighth embodiment, which is not described in detail in the embodiment of the present invention.
  • Step S904 The MME performs integrity protection on the second RRC parameter and the NAS count by using the NAS integrity key of the UE, and generates a NAS-MAC.
  • the MME may perform integrity protection on the second RRC parameter and the NAS count based on the NAS integrity algorithm negotiated with the UE and the NAS integrity key of the UE to generate a NAS-MAC.
  • the MME may perform integrity protection on the first RRC parameters and the NAS count based on the NAS integrity algorithm negotiated with the UE and the NAS integrity key of the UE to generate a NAS-MAC.
  • Step S905 The MME sends the NAS-MAC, the second RRC parameter, and part of the bit counted by the NAS to the source base station.
  • Step S906 The source base station sends an RRC connection release message to the UE, where the RRC connection release message includes a NAS-MAC, a second RRC parameter, and a partial bit of the NAS count.
  • the source eNB may update the first RRC parameter according to the UE context change request message, and the source eNB may compare the first RRC parameter sent to the MME in step S902 with the updated first RRC parameter, when When the first RRC parameter sent to the MME in step S902 is different from the updated first RRC parameter, the source base station may send the updated first RRC parameter to the MME, and the MME uses the NAS encryption key pair of the UE to update the number.
  • An RRC parameter is encrypted to obtain an updated second RRC parameter, and the MME performs integrity protection on the updated second RRC parameter and the NAS count by using the NAS integrity key of the UE to generate an updated NAS-MAC, the source base station.
  • the RRC connection release message may be sent to the UE, where the RRC connection release message includes the updated NAS-MAC, the updated second RRC parameter, and a partial bit of the NAS count.
  • the source eNB may determine that the first RRC parameter remains unchanged, that is, the information included in the first RRC parameter sent to the MME in step S902 and the second RRC that needs to be sent to the UE.
  • the information included in the parameter is the same, and the source base station may send an RRC connection release message to the UE, where the RRC connection release message includes the NAS-MAC and the second RRC parameter generated by the MME in step S904.
  • Step S907 The UE acquires the NAS count according to part of the bits counted by the NAS.
  • step S907 in the embodiment of the present invention reference may be made to the step S606 in the sixth embodiment, which is not described in detail in the embodiment of the present invention.
  • Step S908 The UE checks the NAS-MAC by using the NAS integrity key of the UE, the second RRC parameter, and the acquired NAS count.
  • the UE may perform integrity protection on the second RRC parameter and the acquired NAS count based on the NAS integrity algorithm negotiated with the MME and the NAS integrity key of the UE, and generate a NAS-MAC.
  • the UE may compare the NAS-MAC generated by the UE with the NAS-MAC in the RRC Connection Release message. When the NAS-MAC generated by the UE and the NAS-MAC in the RRC Connection Release message are the same, the UE may determine the NAS-MAC check. Successful; when the NAS-MAC generated by the UE and the NAS-MAC in the RRC Connection Release message are different, the UE may determine that the NAS-MAC check fails.
  • Step S909 When the NAS-MAC check succeeds, the UE decrypts the second RRC parameter by using the NAS encryption key of the UE, to obtain redirection information.
  • the UE may decrypt the second RRC parameter based on the NAS confidentiality algorithm negotiated with the MME and the NAS encryption key of the UE, to obtain redirection information.
  • Step S910 The UE redirects to the target base station indicated by the redirection information.
  • Step S911 When the NAS-MAC check fails, the UE disconnects from the source base station.
  • redirection information the redirection control information, the PCI, the first RRC parameter, the second RRC parameter, and the like may be referred to the related description in the implementation shown in any of the figures in FIG.
  • the MME adds encryption protection to the first RRC parameter, which can prevent the first RRC parameter from being forged, falsified or monitored, and improve the security of the first RRC parameter.
  • the MME according to the NAS count and the number
  • the second RRC parameter generates the NAS-MAC. Since the NAS count is a fresh parameter of the NAS layer, the NAS-MACs generated each time are different, so that the replay attack can be resisted.
  • FIG. 10 is a schematic diagram of a communication method according to another embodiment of the present invention. The method includes, but is not limited to, the following steps:
  • Step S1001 The UE sends an extended service request message to the source base station.
  • step S1001 in the embodiment of the present invention reference may be made to the step S501 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.
  • Step S1002 The source base station sends a first RRC parameter to the MME according to the extended service request message.
  • step S1002 in the embodiment of the present invention reference may be made to the step S502 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.
  • Step S1003 The MME obtains the derived NAS integrity key and the derived NAS encryption key according to the ASME key and the NAS count of the UE.
  • the MME may process the ASME key and the NAS count of the UE by using a key derivation algorithm that is preset or negotiated with the UE, to obtain a derived NAS integrity key Kcsfb-int and derived NAS encryption. Key Kcsfb-enc.
  • the MME may process the ASME key, the NAS count, and the second preset constant of the UE by using a key derivation algorithm negotiated with the UE to obtain a derived NAS integrity key.
  • the second preset constant can be a string such as "CSFB-INT”.
  • the MME may process the ASME key, the NAS count, and the third preset constant of the UE by using a key derivation algorithm negotiated with the UE to obtain a derived NAS encryption key.
  • the third preset constant can be a string such as "CSFB-ENC”.
  • Step S1004 The MME encrypts the first RRC parameter by using the derived NAS encryption key to obtain a second RRC parameter.
  • the MME may decide to perform CSFB according to the extended service request message, and then encrypt the first RRC parameter by using the derived NAS encryption key based on the NAS confidentiality algorithm negotiated with the UE.
  • a second RRC parameter is obtained.
  • the second RRC parameter may be a ciphertext of the first RRC parameter.
  • Step S1005 The MME performs integrity protection on the second RRC parameter by using the derived NAS integrity key to generate a NAS-MAC.
  • the MME may perform integrity protection on the second RRC parameter based on the NAS integrity algorithm negotiated with the UE and the derived NAS integrity key to generate a NAS-MAC.
  • Step S1006 The MME sends the NAS-MAC, the second RRC parameter, and part of the bit counted by the NAS to the source base station.
  • Step S1007 The source base station sends an RRC connection release message to the UE, where the RRC connection release message includes a NAS-MAC, a second RRC parameter, and a partial bit of the NAS count.
  • the source eNB may update the first RRC parameter according to the UE context change request message, and the source eNB may compare the first RRC parameter sent to the MME in step S1002 with the updated first RRC parameter, when When the first RRC parameter sent to the MME and the updated first RRC parameter are different, the source base station may send the updated first RRC parameter to the MME, and the MME obtains the derivative according to the ASME key and the NAS count of the UE.
  • MME uses derived NAS encryption key pair
  • the updated first RRC parameter is encrypted to obtain the updated second RRC parameter
  • the MME performs integrity protection on the updated second RRC parameter by using the derived NAS integrity key to generate an updated NAS-MAC, source.
  • the base station may send an RRC connection release message to the UE, where the RRC connection release message includes the updated NAS-MAC, the updated second RRC parameter, and some bits of the NAS count. .
  • the source eNB may determine that the first RRC parameter remains unchanged, that is, the information included in the first RRC parameter sent to the MME in step S1002 and the second RRC that needs to be sent to the UE.
  • the information included in the parameter is the same, and the source base station may send an RRC connection release message to the UE, where the RRC connection release message includes the NAS-MAC and the second RRC parameter generated by the MME in step S1005.
  • Step S1008 The UE acquires the NAS count according to part of the bits counted by the NAS.
  • step S1008 in the embodiment of the present invention reference may be made to the step S606 in the sixth embodiment, which is not described in detail in the embodiment of the present invention.
  • Step S1009 The UE obtains the derived NAS integrity key and the derived NAS encryption key by using the ASME key of the UE and the acquired NAS count.
  • the UE may process the ASME key of the UE and the obtained NAS count by using a preset key derivation algorithm negotiated with the MME to obtain a derived NAS integrity key and derived NAS encryption. Key.
  • the UE may process the ASME key of the UE, the obtained NAS count, and the second preset constant by using a key derivation algorithm negotiated with the MME to obtain a derived NAS integrity key.
  • the UE may process the ASME key of the UE, the obtained NAS count, and the third preset constant by using a key derivation algorithm negotiated with the MME to obtain a derived NAS encryption key.
  • Step S1010 The UE verifies the NAS-MAC by using the obtained derived NAS integrity key and the second RRC parameter.
  • the UE may perform integrity protection on the second RRC parameter by using the obtained NAS integrity key based on the NAS integrity algorithm negotiated with the MME to generate a NAS-MAC, and then the UE may generate the UE.
  • the NAS-MAC compares with the NAS-MAC in the RRC Connection Release message. When the NAS-MAC generated by the UE and the NAS-MAC in the RRC Connection Release message are the same, the UE may determine that the NAS-MAC check is successful; when the UE generates When the NAS-MAC in the NAS-MAC and the RRC Connection Release message are different, the UE may determine that the NAS-MAC check fails.
  • Step S1011 When the NAS-MAC check succeeds, the UE decrypts the second RRC parameter by using the obtained derived NAS encryption key to obtain redirection information.
  • the UE may decrypt the second RRC parameter by using the obtained NAS encryption key based on the NAS confidentiality algorithm negotiated with the MME to obtain the redirection information.
  • Step S1012 The UE redirects to the target base station indicated by the redirection information.
  • Step S1013 When the NAS-MAC check fails, the UE disconnects from the source base station.
  • the MME adds encryption protection to the first RRC parameter, which can prevent the first RRC parameter from being forged, falsified or intercepted, and improve the security of the first RRC parameter.
  • the MME is based on the ASME of the UE.
  • the key and NAS counts the derived NAS integrity key and the derived NAS encryption key, and the first RRC parameter is encrypted using the derived NAS encryption key to obtain a second RRC parameter, using the derived NAS integrity key pair.
  • the second RRC parameter performs integrity protection to obtain NAS-MAC. Since the NAS count is a fresh parameter of the NAS layer, The derived NAS integrity key and the derived NAS encryption key obtained each time are different, resulting in different NAS-MACs generated each time, thereby being resistant to replay attacks.
  • FIG. 11 is a schematic structural diagram of a communication apparatus according to an embodiment of the present invention.
  • the communication apparatus may include a receiving module 1101 and a sending module 1102.
  • the detailed description of each module is as follows.
  • the receiving module 1101 is configured to receive an extended service request message from the user equipment.
  • the sending module 1102 is configured to send, according to the extended service request message, a first RRC parameter to the MME, where the first RRC parameter includes redirection information, where the redirection information is used to indicate a target base station that is redirected by the user equipment. .
  • the receiving module 1101 is further configured to receive a NAS-MAC from the MME.
  • the sending module 1102 is further configured to send an RRC connection release message to the user equipment, where the RRC connection release message includes the NAS-MAC and a second RRC parameter, and the second RRC parameter is the NAS-MAC a generating parameter, where the second RRC parameter includes a plaintext or a ciphertext of the first RRC parameter.
  • the RRC connection release message further includes a partial bit of the NAS
  • the receiving module 1101 is further configured to: after the sending, the module 1102 sends the first RRC parameter to the MME, The MME receives a partial bit of the NAS count.
  • the second RRC parameter includes the ciphertext of the first RRC parameter
  • the receiving module 1101 is further configured to receive the second RRC parameter from the MME.
  • the receiving module 1101 receives an extended service request message from the user equipment, and the sending module 1102 sends a first RRC parameter to the MME according to the extended service request message, where the first RRC parameter includes redirection.
  • the information receiving module 1101 receives the NAS-MAC from the MME, and the sending module 1102 sends an RRC connection release message to the user equipment, where the RRC connection release message includes the NAS-MAC and the second RRC parameter, and may be used by the source base station. Identification is performed to improve the security of the user equipment performing CSFB.
  • FIG. 12 is a base station according to an embodiment of the present invention.
  • the base station includes a processor 1201, a memory 1202, and a transceiver 1203.
  • the processor 1201, the memory 1202, and the transceiver 1203 are connected to each other through a bus.
  • the memory 1202 includes, but is not limited to, a random access memory (RAM), a read-only memory (ROM), an Erasable Programmable Read Only Memory (EPROM), or A Compact Disc Read-Only Memory (CD-ROM) for storing related instructions and data, such as an extended service request message, a first RRC parameter of the user equipment, and the like.
  • the transceiver 1203 is configured to receive and transmit data, for example, receive an extended service request message from a user equipment, or send a first RRC parameter or the like to the MME.
  • the processor 1201 may be one or more Central Processing Units (CPUs) or one or more Microcontroller Units (MCUs). In the case where the processor 1201 is a CPU, the CPU may be a single core CPU or a multi-core CPU. The processor 1201 can be combined with the communication shown in FIG. Letter device.
  • CPUs Central Processing Units
  • MCUs Microcontroller Units
  • the processor 1201 in the base station is configured to read the program code stored in the memory 1202 and perform the following operations:
  • the transceiver 1203 Transmitting, by the transceiver 1203, the first RRC parameter to the MME according to the extended service request message, where the first RRC parameter includes redirection information, where the redirection information is used to indicate a target base station that is redirected by the user equipment;
  • the transceiver 1203 Transmitting, by the transceiver 1203, an RRC connection release message to the user equipment, where the RRC connection release message includes the NAS-MAC and a second RRC parameter, where the second RRC parameter is a generation parameter of the NAS-MAC, where The second RRC parameter includes a plaintext or a ciphertext of the first RRC parameter.
  • the RRC connection release message further includes a partial bit of the NAS, and after the processor 1201 sends the first RRC parameter to the MME by using the transceiver 1203, the following operations may also be performed:
  • a portion of the bits of the NAS count is received from the MME by the transceiver 1203.
  • the second RRC parameter includes the ciphertext of the first RRC parameter
  • the processor 1201 may further perform, by using the transceiver 1203, the following: receiving the second RRC parameter from the MME.
  • the processor 1201 receives an extended service request message from the user equipment through the transceiver 1203, and sends a first RRC parameter to the MME according to the extended service request message, where the first RRC parameter includes redirection information, from the MME.
  • Receiving the NAS-MAC sending an RRC connection release message to the user equipment, where the RRC connection release message includes a NAS-MAC and a second RRC parameter, and the base station can be identified to improve the security of the user equipment to perform CSFB.
  • FIG. 13 is a schematic structural diagram of a communication apparatus according to an embodiment of the present invention.
  • the communication apparatus may include a sending module 1301, a receiving module 1302, a checking module 1303, and an orientation module 1304, where details of each module are provided. Described as follows.
  • the sending module 1301 is configured to send an extended service request message to the source base station.
  • the receiving module 1302 is configured to receive an RRC connection release message sent by the source base station, where the RRC connection release message includes a NAS-MAC and a second RRC parameter, where the second RRC parameter is a generation parameter of the NAS-MAC,
  • the second RRC parameter includes redirection information.
  • the verification module 1303 is configured to check the NAS-MAC according to the NAS integrity key of the communication device and the second RRC parameter.
  • the directional module 1304 is configured to redirect to the target base station indicated by the redirection information when the NAS-MAC check succeeds.
  • the RRC connection release message further includes a partial bit of the NAS count.
  • the verification module 1303 is specifically configured to:
  • the NAS-MAC is verified according to the NAS integrity key, the second RRC parameter, and the NAS count.
  • the directional module 1304 is specifically configured to:
  • the verification module 1303 is specifically configured to:
  • the NAS-MAC is verified according to the derived NAS integrity key and the second RRC parameter.
  • the directional module 1304 is specifically configured to:
  • the communications apparatus in the embodiment of the present invention may further include:
  • the disconnection module 1305 is configured to disconnect the connection with the source base station when the NAS-MAC check fails.
  • the sending module 1301 sends an extended service request message to the source base station
  • the receiving module 1302 receives the RRC connection release message sent by the source base station, where the RRC connection release message includes the NAS-MAC and the second RRC parameter,
  • the second RRC parameter includes redirection information
  • the verification module 1303 checks the NAS-MAC according to the NAS integrity key and the second RRC parameter of the communication device.
  • the orientation module 1304 redirects to the redirect.
  • the target base station indicated by the information can identify the source base station and improve the security of the user equipment to perform CSFB.
  • FIG. 14 is a user equipment, where the user equipment includes a processor 1401, a memory 1402, and a transceiver 1403.
  • the processor 1401, the memory 1402, and the transceiver 1403 are connected to each other through a bus. .
  • the memory 1402 includes, but is not limited to, a RAM, a ROM, an EPROM, or a CD-ROM for storing related instructions and data, such as NAS-MAC, second RRC parameters, and the like.
  • the transceiver 1403 is configured to receive and send data, for example, send an extended service request message to the source base station, or receive an RRC connection release message sent by the source base station, and the like.
  • the processor 1401 may be one or more CPUs, or one or more MCUs. In the case where the processor 1401 is a CPU, the CPU may be a single core CPU or a multi-core CPU. The processor 1401 can be combined with the communication device shown in FIG.
  • the processor 1401 in the user equipment is configured to read the program code stored in the memory 1402 and perform the following operations:
  • An extended service request message is sent to the source base station through the transceiver 1403.
  • the transceiver 1403 Receiving, by the transceiver 1403, an RRC connection release message sent by the source base station, where the RRC connection release message includes a NAS-MAC and a second RRC parameter, where the second RRC parameter is a generation parameter of the NAS-MAC, where The second RRC parameter includes redirection information.
  • the NAS-MAC check succeeds, it is redirected to the target base station indicated by the redirect information.
  • the RRC connection release message further includes a partial bit of the NAS count.
  • the processor 1401 verifies the NAS-MAC according to the NAS integrity key of the user equipment and the second RRC parameter, where specifically:
  • the NAS-MAC is verified according to the NAS integrity key, the second RRC parameter, and the NAS count.
  • the processor 1401 is redirected to the target base station indicated by the redirection information, which may be:
  • the processor 1401 verifies the NAS-MAC according to the NAS integrity key of the user equipment and the second RRC parameter, where specifically:
  • the NAS-MAC is verified according to the derived NAS integrity key and the second RRC parameter.
  • the processor 1401 is redirected to the target base station indicated by the redirection information, which may be:
  • processor 1401 can also perform the following operations:
  • the processor 1401 sends an extended service request message to the source base station by using the transceiver 1403, and receives an RRC connection release message sent by the source base station, where the RRC connection release message includes a NAS-MAC and a second RRC parameter.
  • the second RRC parameter includes redirection information, and the NAS-MAC is verified according to the NAS integrity key and the second RRC parameter of the user equipment, and when the NAS-MAC verification is successful, the target base station indicated by the redirection information is redirected.
  • the source base station can be identified to improve the security of the user equipment to perform CSFB.
  • FIG. 15 is a schematic structural diagram of a communication apparatus according to another embodiment of the present invention.
  • the communication apparatus may include a receiving module 1501, an obtaining module 1502, and a sending module 1503.
  • the detailed description of each module is as follows.
  • the receiving module 1501 is configured to receive, by using a source base station of the user equipment, a first RRC parameter, where the first RRC parameter packet And including redirection information, where the redirection information is used to indicate a target base station that is redirected by the user equipment.
  • the obtaining module 1502 is configured to obtain a NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment, where the second RRC parameter is a generation parameter of the NAS-MAC, and the second RRC parameter A plaintext or ciphertext containing the first RRC parameter.
  • the sending module 1503 is configured to send the NAS-MAC to the source base station.
  • the obtaining module 1502 is specifically configured to:
  • the obtaining module 1502 is further configured to use the NAS encryption key pair of the user equipment before obtaining the NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment.
  • the first RRC parameter is encrypted to obtain the second RRC parameter.
  • the obtaining module 1502 is specifically configured to:
  • the second RRC parameter is integrity protected using the derived NAS integrity key to generate the NAS-MAC.
  • the obtaining module 1502 is further configured to: before obtaining the NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment, according to the ASME key and the NAS count of the user equipment. Obtaining a derived NAS encryption key; encrypting the first RRC parameter by using the derived NAS encryption key to obtain the second RRC parameter.
  • the sending module 1503 is further configured to send the second RRC parameter to the source base station.
  • the sending module 1503 is further configured to send, to the source base station, part of the bits of the NAS count.
  • the redirection information includes at least one of redirection control information or a physical cell identifier PCI.
  • the receiving module 1501 receives the first RRC parameter from the source base station of the user equipment, where the first RRC parameter includes redirection information, and the obtaining module 1502 is configured according to the NAS integrity key of the user equipment and the second RRC.
  • the parameter obtains the NAS-MAC, and the sending module 1503 sends the NAS-MAC to the source base station, which can identify the source base station and improve the security of the user equipment to perform CSFB.
  • FIG. 16 is a mobility management entity according to an embodiment of the present invention.
  • the mobility management entity includes a processor 1601, a memory 1602, and a transceiver 1603.
  • the processor 1601, the memory 1602, and the transceiver 1603 Connected to each other via a bus.
  • the memory 1602 includes, but is not limited to, a RAM, a ROM, an EPROM, or a CD-ROM for storing related instructions and data, such as a first RRC parameter of the user equipment, NAS-MAC, and the like.
  • the transceiver 1603 is configured to receive and transmit data, for example, receive a first RRC parameter from a source base station of the user equipment, or send a NAS-MAC or the like to the source base station.
  • the processor 1601 may be one or more CPUs, or one or more MCUs. In the processor 1601 is a In the case of a CPU, the CPU can be a single core CPU or a multi-core CPU. The processor 1601 can be combined with the communication device shown in FIG.
  • the processor 1601 in the MME is configured to read the program code stored in the memory 1602, and perform the following operations:
  • a first RRC parameter from a source base station of the user equipment, where the first RRC parameter includes redirection information, where the redirection information is used to indicate a target base station that is redirected by the user equipment;
  • the NAS-MAC is transmitted to the source base station through the transceiver 1603.
  • the processor 1601 obtains the NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment, where specifically:
  • the following operations may also be performed:
  • the processor 1601 obtains the NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment, where specifically:
  • the second RRC parameter is integrity protected using the derived NAS integrity key to generate the NAS-MAC.
  • the following operations may also be performed:
  • processor 1601 can also perform the following operations:
  • the second RRC parameter is sent to the source base station by the transceiver 1603.
  • processor 1601 can also perform the following operations:
  • a portion of the bits of the NAS count is transmitted by the transceiver 1603 to the source base station.
  • the redirection information includes at least one of redirection control information or a physical cell identifier PCI.
  • the processor 1601 receives a first RRC parameter from a source base station of the user equipment, where the first RRC parameter includes redirection information, obtained according to the NAS integrity key and the second RRC parameter of the user equipment.
  • the NAS-MAC sends a NAS-MAC to the source base station to identify the base station and improve the security of the user equipment to perform CSFB.
  • FIG. 17 is a communication system according to an embodiment of the present invention.
  • the communication system includes a base station 1701 shown in FIG. 12, a user equipment 1702 shown in FIG. 14, and a mobility management entity 1703 shown in FIG.
  • a base station 1701 shown in FIG. 12 a user equipment 1702 shown in FIG. 14, and a mobility management entity 1703 shown in FIG.
  • the program can be stored in a computer readable storage medium, when the program is executed
  • the flow of the method embodiments as described above may be included.
  • the foregoing storage medium includes various media that can store program codes, such as a ROM or a random access memory RAM, a magnetic disk, or an optical disk.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Disclosed in the embodiments of the present invention are a communication method, device and system. Said method comprises: user equipment sending to a source base station an extended service request message; the user equipment receiving an RRC connection release message sent by the source base station, the RRC connection release message comprising an NAS-MAC and a second RRC parameter, the second RRC parameter being a parameter generated from the NAS-MAC, the second RRC parameter comprising redirection information; the user equipment checking the NAS-MAC according to an NAS integrity key of the user equipment and the second RRC parameter; if the NAS-MAC has successfully passed the check, the user equipment being redirected to a target base station indicated by the redirection information. The embodiments of the present invention can be used to perform identity recognition on the source base station, improving the security for the user equipment performing CSFB.

Description

通信方法、装置以及系统Communication method, device and system 技术领域Technical field

本申请涉及通信技术领域,尤其涉及通信方法、装置以及系统。The present application relates to the field of communications technologies, and in particular, to a communication method, apparatus, and system.

背景技术Background technique

在长期演进(Long Term Evolution,LTE)网络中,用户设备(User Equipment,UE)在拨打电话时,网络侧将触发电路域交换回落(Circuit Switched Fallback,CSFB)流程,使用户设备从演进型通用陆地无线接入网(evolved universal terrestrial radio access network,E-UTRAN)断开,并接入GSM/EDGE无线接入网(GSM/EDGE radio access network,GERAN),或者UMTS陆地无线接入网(universal terrestrial radio access network,UTRAN),使网络通过电路域(Circuit Switched Domain,CS domain)来传输电话业务。In a Long Term Evolution (LTE) network, when a user equipment (UE) makes a call, the network side triggers a Circuit Switched Fallback (CSFB) process to make the user equipment evolved from the generalized The extended universal terrestrial radio access network (E-UTRAN) is disconnected and connected to the GSM/EDGE radio access network (GERAN), or the UMTS terrestrial radio access network (universal) The terrestrial radio access network (UTRAN) enables the network to transmit telephone services through a Circuit Switched Domain (CS domain).

然而,CSFB流程发生于接入层(Access Stratum,AS)安全激活之前,由网络侧向用户设备发送无线资源控制(Radio Resource Control,RRC)连接释放(RRC Connection Release)消息,该RRC Connection Release消息带有指示用户设备连接到某个目标基站的指示信息,由于该RRC Connection Release消息没有任何安全保护,存在被篡改、伪造或者监听的风险。例如,存在一种中间人攻击,即一个4G伪源基站或者5G伪源基站利用强信号使用户设备驻留到该源基站上,再伪造上述RRC Connection Release消息,通过RRC Connection Release消息中的指示信息使用户设备连接到攻击者控制的另一个2G的伪目标基站,由于2G的安全保护相对4G、5G的安全保护较差,攻击者可以更容易地发起其他攻击,如钓鱼短信等,导致用户设备的安全性较低。However, the CSFB process occurs before the access layer (AS) is activated. The network side sends a Radio Resource Control (RRC) Connection Release (RRC Connection Release) message to the user equipment. The RRC Connection Release message is sent. With the indication that the user equipment is connected to a target base station, there is no risk of being tampered with, forged or intercepted because the RRC Connection Release message does not have any security protection. For example, there is a man-in-the-middle attack, that is, a 4G pseudo-source base station or a 5G pseudo-source base station uses a strong signal to cause the user equipment to camp on the source base station, and then falsifies the RRC Connection Release message, and passes the indication information in the RRC Connection Release message. The user equipment is connected to another 2G pseudo target base station controlled by the attacker. Because the security protection of 2G is relatively poor compared to 4G and 5G, the attacker can easily initiate other attacks, such as phishing messages, resulting in user equipment. The security is lower.

发明内容Summary of the invention

本发明实施例公开了通信方法、装置以及系统,可对源基站进行身份识别,提高用户设备执行CSFB的安全性。The embodiment of the invention discloses a communication method, device and system, which can identify the source base station and improve the security of the user equipment to perform CSFB.

第一方面,本发明实施例提供了一种通信方法,用户设备向源基站发送扩展服务请求(Extended Service Request)消息;源基站根据扩展服务请求消息,向移动性管理实体(Mobility Management Entity,MME)发送第一RRC参数,第一RRC参数包括重定向信息;MME根据该用户设备的非接入层(Non-access stratum,NAS)完整性密钥和生成非接入层-消息验证码(NAS-Message Authentication Code)NAS-MAC的第二RRC参数,获得NAS-MAC,第二RRC参数包含第一RRC参数的明文或密文;MME向源基站发送NAS-MAC;源基站向用户设备发送RRC连接释放消息,RRC连接释放消息包括NAS-MAC和生成NAS-MAC的第二RRC参数;用户设备根据用户设备的NAS完整性密钥和第二RRC参数,校验NAS-MAC;当NAS-MAC校验成功时,用户设备重定向到重定向信息所指示的目标基站;当NAS-MAC校验失败时,用户设备断开与源基站之间的连接。In a first aspect, the embodiment of the present invention provides a communication method, in which a user equipment sends an Extended Service Request message to a source base station, and the source base station sends a Mobility Management Entity (MME) to the mobility management entity according to the extended service request message. Transmitting a first RRC parameter, the first RRC parameter includes redirection information; the MME generates a non-access stratum-message verification code according to the non-access stratum (NAS) integrity key of the user equipment and the NAS -Message Authentication Code) The second RRC parameter of the NAS-MAC, the NAS-MAC is obtained, the second RRC parameter includes the plaintext or ciphertext of the first RRC parameter; the MME sends the NAS-MAC to the source base station; the source base station sends the RRC to the user equipment a connection release message, the RRC connection release message includes a NAS-MAC and a second RRC parameter for generating a NAS-MAC; the user equipment checks the NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment; and when the NAS-MAC When the verification is successful, the user equipment is redirected to the target base station indicated by the redirection information; when the NAS-MAC verification fails, the user equipment disconnects from the source base station.

在该技术方案中,伪基站在UE侧看来是一个基站,但在基站侧看来是一个UE,则伪基站无法将正确的RRC参数发送给MME,基于此,本发明实施例中MME根据源基站发送的第二RRC参数生成NAS-MAC,MME通过源基站将NAS-MAC发送给UE,UE校验 NAS-MAC,当NAS-MAC校验成功时,用户设备识别源基站为真实的基站,进而重定向到重定向信息所指示的目标基站;当NAS-MAC校验失败时,用户设备识别源基站为伪基站,进而断开与源基站之间的连接,也就是说,本发明实施例可以使用户设备校验当前收到的RRC参数是否为伪造参数或篡改参数,从而防止伪基站主动触发CSFB流程,使终端连接到2G的伪基站上,可对源基站进行身份识别,以提高用户设备执行CSFB的安全性。In this technical solution, the pseudo base station is a base station in the UE side, but it is a UE in the base station side, and the pseudo base station cannot send the correct RRC parameters to the MME. Based on this, the MME according to the embodiment of the present invention is The second RRC parameter sent by the source base station generates a NAS-MAC, and the MME sends the NAS-MAC to the UE through the source base station, and the UE verifies NAS-MAC, when the NAS-MAC check succeeds, the user equipment identifies the source base station as a real base station, and then redirects to the target base station indicated by the redirection information; when the NAS-MAC check fails, the user equipment identifies the source base station. The pseudo base station is disconnected from the source base station, that is, the user equipment can check whether the currently received RRC parameter is a forged parameter or a tampering parameter, thereby preventing the pseudo base station from actively triggering the CSFB. The process is such that the terminal is connected to the pseudo base station of the 2G, and the source base station can be identified to improve the security of the user equipment to perform CSFB.

其中,扩展服务请求消息封装在RRC连接设置完成(RRC ConnectionSetupComplete)消息中,扩展服务请求消息可以包含服务类型(Service Type)指示信息,服务类型指示信息用于指示UE请求执行的服务类型为CSFB,例如,主叫的电路交换域回落(mobile originating CS fallback),被叫的电路交换域回落(mobile terminating CS fallback),紧急呼叫的电路交换域回落(mobile originating CS fallback emergency call)等。The extended service request message is encapsulated in an RRC Connection Setup Complete message, and the extended service request message may include service type indication information, where the service type indication information is used to indicate that the service type requested by the UE is CSFB. For example, the call originating CS fallback of the calling party, the mobile terminating CS fallback of the called party, the mobile originating CS fallback emergency call, and the like.

其中,第一RRC参数可以包括重定向信息,重定向信息用于指示用户设备重定向的目标基站,重定向信息可以包括重定向控制信息(redirection control information)或者物理小区标识(physical cell identity,PCI)中的至少一种,PCI用于指示用户设备重定向的目标基站的基站标识。当重定向信息包括重定向控制信息时,UE可以查找重定向控制信息对应的PCI,进而将该PCI对应的基站作为目标基站,并重定向到该目标基站。当重定向信息包括PCI时,UE可以将该PCI对应的基站作为目标基站,并重定向到该目标基站。可选的,第一RRC参数还可以包括释放原因(ReleaseCause,原因值固定为CS Fallback High Priority),或者与PCI相关的系统信息(System Information)等。The first RRC parameter may include redirection information, where the redirection information is used to indicate the target base station to which the user equipment is redirected, and the redirection information may include redirection control information or physical cell identity (PCI). At least one of the PCIs, the PCI is used to indicate the base station identity of the target base station to which the user equipment is redirected. When the redirection information includes the redirection control information, the UE may search for the PCI corresponding to the redirection control information, and then the base station corresponding to the PCI is used as the target base station, and is redirected to the target base station. When the redirection information includes the PCI, the UE may use the base station corresponding to the PCI as the target base station, and redirect to the target base station. Optionally, the first RRC parameter may further include a release cause (ReleaseCause, the cause value is fixed as CS Fallback High Priority), or system information related to PCI, and the like.

其中,第二RRC参数可以包括第一RRC参数的明文或者密文。当第二RRC参数包括第一RRC参数的明文时,第二RRC参数与第一RRC参数相同。当第二RRC参数包括第一RRC参数的密文时,MME接收到源基站发送的第一RRC参数之后,可以根据该用户设备的NAS加密密钥对第一RRC参数进行加密,得到第一RRC参数的密文,并将该第一RRC参数的密文作为第二RRC参数。可选的,当第二RRC参数包括第一RRC参数的密文时,MME接收到源基站发送的第一RRC参数之后,可以根据该用户设备的接入安全管理实体(Access Security Management Entity,ASME)和NAS计数(NAS COUNT),获得衍生的NAS加密密钥,MME可以使用衍生的NAS加密密钥对第一RRC参数进行加密,得到第一RRC参数的密文,并将该第一RRC参数的密文作为第二RRC参数。The second RRC parameter may include plaintext or ciphertext of the first RRC parameter. When the second RRC parameter includes the plaintext of the first RRC parameter, the second RRC parameter is the same as the first RRC parameter. After the second RRC parameter includes the ciphertext of the first RRC parameter, after receiving the first RRC parameter sent by the source base station, the MME may encrypt the first RRC parameter according to the NAS encryption key of the user equipment, to obtain the first RRC. The ciphertext of the parameter, and the ciphertext of the first RRC parameter is used as the second RRC parameter. Optionally, when the second RRC parameter includes the ciphertext of the first RRC parameter, after receiving the first RRC parameter sent by the source base station, the MME may be configured according to the Access Security Management Entity (ASME) of the user equipment. And the NAS count (NAS COUNT), the derived NAS encryption key is obtained, and the MME can encrypt the first RRC parameter by using the derived NAS encryption key to obtain the ciphertext of the first RRC parameter, and the first RRC parameter The ciphertext is used as the second RRC parameter.

可选的,MME可以使用用户设备的NAS完整性密钥,对第二RRC参数进行完整性保护,生成NAS-MAC。Optionally, the MME may perform integrity protection on the second RRC parameter by using a NAS integrity key of the user equipment to generate a NAS-MAC.

可选的,MME可以使用用户设备的NAS完整性密钥,对第二RRC参数和NAS计数进行完整性保护,生成NAS-MAC;MME将该NAS-MAC和NAS计数的部分比特位发送给源基站;源基站向用户设备发送RRC连接释放消息,该连接释放消息包括NAS-MAC、第二RRC参数和NAS计数的部分比特位;用户设备根据NAS计数的部分比特位,获取NAS计数;用户设备根据该用户设备的NAS完整性密钥、第二RRC参数以及NAS计数,校验NAS-MAC。Optionally, the MME may perform integrity protection on the second RRC parameter and the NAS count by using the NAS integrity key of the user equipment to generate a NAS-MAC; the MME sends the NAS-MAC and the NAS count part bits to the source. The base station sends an RRC connection release message to the user equipment, where the connection release message includes a NAS-MAC, a second RRC parameter, and a partial bit of the NAS count; the user equipment acquires the NAS count according to a part of the bit counted by the NAS; the user equipment The NAS-MAC is verified according to the NAS integrity key, the second RRC parameter, and the NAS count of the user equipment.

在该技术方案中,NAS计数为NAS层的新鲜性参数,NAS计数可实时进行更新,则MME每次生成的NAS-MAC各不相同,可抵抗重放攻击。In this technical solution, the NAS count is the freshness parameter of the NAS layer, and the NAS count can be updated in real time, and the NAS-MAC generated by the MME is different each time, and can resist the replay attack.

可选的,MME根据用户设备的ASME密钥和NAS计数,获得衍生的NAS完整性密 钥;MME使用衍生的NAS完整性密钥对第二RRC参数进行完整性保护,生成NAS-MAC;MME将该NAS-MAC和NAS计数的部分比特位发送给源基站;源基站向用户设备发送RRC连接释放消息,RRC连接释放消息包括该NAS-MAC、第二RRC参数和NAS计数的部分比特位;用户设备根据NAS计数的部分比特位,获取NAS计数;用户设备根据用户设备的ASME密钥和NAS计数,获得衍生的NAS完整性密钥;用户设备根据衍生的NAS完整性密钥和第二RRC参数,校验NAS-MAC。Optionally, the MME obtains the derived NAS integrity key according to the ASME key of the user equipment and the NAS count. Key; the MME uses the derived NAS integrity key to perform integrity protection on the second RRC parameter to generate a NAS-MAC; the MME sends the NAS-MAC and NAS counted partial bits to the source base station; the source base station sends the user base station RRC connection release message, the RRC connection release message includes the NAS-MAC, the second RRC parameter, and a partial bit of the NAS count; the user equipment acquires the NAS count according to the partial bit counted by the NAS; the user equipment is based on the ASME key of the user equipment And NAS counting, obtaining a derived NAS integrity key; the user equipment checks the NAS-MAC according to the derived NAS integrity key and the second RRC parameter.

在该技术方案中,NAS计数为NAS层的新鲜性参数,NAS计数可实时进行更新,则每次根据NAS计数得到的衍生的NAS完整性密钥各不相同,基于衍生的NAS完整性密钥生成的NAS-MAC也各不相同,可抵抗重放攻击。In this technical solution, the NAS count is the freshness parameter of the NAS layer, and the NAS count can be updated in real time, and the derived NAS integrity keys obtained according to the NAS count each time are different, based on the derived NAS integrity key. The generated NAS-MACs are also different and can resist replay attacks.

可选的,MME使用用户设备的NAS加密密钥对第一RRC参数进行加密,得到第二RRC参数;MME使用用户设备的NAS完整性密钥,对第二RRC参数进行完整性保护,生成NAS-MAC;MME将该NAS-MAC发送给源基站;源基站向用户设备发送RRC连接释放消息,该连接释放消息包括NAS-MAC和第二RRC参数;用户设备根据该用户设备的NAS完整性密钥和第二RRC参数,校验NAS-MAC;当NAS-MAC校验成功时,用户设备使用该用户设备的NAS加密密钥对第二RRC参数进行解密,获得重定向信息;用户设备重定向到重定向信息所指示的目标基站。Optionally, the MME encrypts the first RRC parameter by using the NAS encryption key of the user equipment to obtain a second RRC parameter; the MME uses the NAS integrity key of the user equipment to perform integrity protection on the second RRC parameter to generate the NAS. -MAC; the MME sends the NAS-MAC to the source base station; the source base station sends an RRC connection release message to the user equipment, the connection release message includes a NAS-MAC and a second RRC parameter; and the user equipment is based on the NAS integrity of the user equipment. The key and the second RRC parameter are used to check the NAS-MAC. When the NAS-MAC check succeeds, the user equipment decrypts the second RRC parameter by using the NAS encryption key of the user equipment to obtain redirection information; To the target base station indicated by the redirect information.

在该技术方案中,MME对源基站发送的第一RRC参数进行加密保护,可防止第一RRC参数被伪造、篡改或者监听等,提升用户设备的安全性。In the technical solution, the MME encrypts and protects the first RRC parameter sent by the source base station, and prevents the first RRC parameter from being forged, falsified, or monitored, and improves the security of the user equipment.

可选的,MME使用用户设备的NAS加密密钥对第一RRC参数进行加密,得到第二RRC参数;MME使用用户设备的NAS完整性密钥,对第二RRC参数和NAS计数进行完整性保护,生成NAS-MAC;MME将该NAS-MAC和NAS计数的部分比特位发送给源基站;源基站向用户设备发送RRC连接释放消息,该连接释放消息包括NAS-MAC、第二RRC参数和NAS计数的部分比特位;用户设备根据NAS计数的部分比特位,获取NAS计数;用户设备根据该用户设备的NAS完整性密钥、第二RRC参数和NAS计数,校验NAS-MAC;当NAS-MAC校验成功时,用户设备使用该用户设备的NAS加密密钥对第二RRC参数进行解密,获得重定向信息;用户设备重定向到重定向信息所指示的目标基站。Optionally, the MME encrypts the first RRC parameter by using the NAS encryption key of the user equipment to obtain a second RRC parameter; the MME uses the NAS integrity key of the user equipment to perform integrity protection on the second RRC parameter and the NAS count. Generating a NAS-MAC; the MME sends the NAS-MAC and the NAS to count the partial bits to the source base station; the source base station sends an RRC connection release message to the user equipment, where the connection release message includes the NAS-MAC, the second RRC parameter, and the NAS. Counting the partial bits; the user equipment obtains the NAS count according to the partial bits counted by the NAS; the user equipment checks the NAS-MAC according to the NAS integrity key, the second RRC parameter, and the NAS count of the user equipment; when NAS- When the MAC check succeeds, the user equipment decrypts the second RRC parameter by using the NAS encryption key of the user equipment to obtain redirection information; the user equipment is redirected to the target base station indicated by the redirection information.

在该技术方案中,NAS计数为NAS层的新鲜性参数,NAS计数可实时进行更新,则MME每次生成的NAS-MAC各不相同,可抵抗重放攻击。另外,MME对源基站发送的第一RRC参数进行加密保护,可防止第一RRC参数被伪造、篡改或者监听等,提升用户设备的安全性。In this technical solution, the NAS count is the freshness parameter of the NAS layer, and the NAS count can be updated in real time, and the NAS-MAC generated by the MME is different each time, and can resist the replay attack. In addition, the MME encrypts and protects the first RRC parameter sent by the source eNB, and prevents the first RRC parameter from being forged, falsified, or monitored, and improves the security of the user equipment.

可选的,MME根据用户设备的ASME密钥和NAS计数,获得衍生的NAS完整性密钥和衍生的NAS加密密钥;MME使用衍生的NAS加密密钥对第一RRC参数进行加密,得到第二RRC参数;MME使用衍生的NAS完整性密钥对第二RRC参数进行完整性保护,生成NAS-MAC;MME将该NAS-MAC和NAS计数的部分比特位发送给源基站;源基站向用户设备发送RRC连接释放消息,RRC连接释放消息包括该NAS-MAC、第二RRC参数和NAS计数的部分比特位;用户设备根据NAS计数的部分比特位,获取NAS计数;用户设备根据用户设备的ASME密钥和NAS计数,获得衍生的NAS完整性密钥和衍生的NAS加密密钥;用户设备根据衍生的NAS完整性密钥和第二RRC参数,校验NAS-MAC; 当NAS-MAC校验成功时,用户设备使用衍生的NAS加密密钥对第二RRC参数进行解密,获得重定向信息;用户设备重定向到重定向信息所指示的目标基站。Optionally, the MME obtains the derived NAS integrity key and the derived NAS encryption key according to the ASME key and the NAS count of the user equipment; the MME encrypts the first RRC parameter by using the derived NAS encryption key to obtain the first a second RRC parameter; the MME performs integrity protection on the second RRC parameter by using the derived NAS integrity key to generate a NAS-MAC; the MME sends the NAS-MAC and the NAS to count the partial bits to the source base station; the source base station to the user The device sends an RRC connection release message, where the RRC connection release message includes the NAS-MAC, the second RRC parameter, and a part of the bit counted by the NAS; the user equipment acquires the NAS count according to part of the bit counted by the NAS; and the user equipment is based on the ASME of the user equipment. Key and NAS count, obtaining a derived NAS integrity key and a derived NAS encryption key; the user equipment verifies the NAS-MAC according to the derived NAS integrity key and the second RRC parameter; When the NAS-MAC check succeeds, the user equipment decrypts the second RRC parameter using the derived NAS encryption key to obtain redirection information; the user equipment redirects to the target base station indicated by the redirection information.

在该技术方案中,NAS计数为NAS层的新鲜性参数,NAS计数可实时进行更新,则每次根据NAS计数得到的衍生的NAS完整性密钥和衍生的NAS加密密钥各不相同,基于衍生的NAS加密密钥得到的第二RRC参数各不相同,基于衍生的NAS完整性密钥生成的NAS-MAC也各不相同,可抵抗重放攻击。另外,MME对源基站发送的第一RRC参数进行加密保护,可防止第一RRC参数被伪造、篡改或者监听等,提升用户设备的安全性。In this technical solution, the NAS count is a freshness parameter of the NAS layer, and the NAS count can be updated in real time, and each time the derived NAS integrity key and the derived NAS encryption key obtained according to the NAS count are different, based on The second RRC parameters obtained by the derived NAS encryption key are different, and the NAS-MAC generated based on the derived NAS integrity key is also different, and can resist the replay attack. In addition, the MME encrypts and protects the first RRC parameter sent by the source eNB, and prevents the first RRC parameter from being forged, falsified, or monitored, and improves the security of the user equipment.

第二方面,本发明实施例提供一种计算机存储介质,所述计算机存储介质存储有程序,所述程序执行时包括本发明实施例第一方面提供的通信方法中全部或部分的步骤。In a second aspect, an embodiment of the present invention provides a computer storage medium, where the computer storage medium stores a program, and the program includes all or part of the steps of the communication method provided by the first aspect of the embodiment of the present invention.

第三方面,本发明实施例提供一种通信装置,该通信装置包括用于执行本发明实施例第一方面公开的通信方法的模块。In a third aspect, an embodiment of the present invention provides a communication apparatus, where the communication apparatus includes a module for performing the communication method disclosed in the first aspect of the embodiment of the present invention.

第四方面,本发明实施例提供一种基站,其特征在于,包括处理器、存储器以及收发器,存储器中存储一组程序代码,且处理器调用存储器中存储的程序代码,用于执行以下操作:In a fourth aspect, an embodiment of the present invention provides a base station, including a processor, a memory, and a transceiver. The memory stores a set of program codes, and the processor calls the program code stored in the memory to perform the following operations. :

从用户设备接收扩展服务请求消息;根据扩展服务请求消息,向MME发送第一RRC参数,第一RRC参数包括重定向信息,重定向信息用于指示用户设备重定向的目标基站;从MME接收NAS-MAC;向用户设备发送RRC连接释放消息,RRC连接释放消息包括NAS-MAC和生成NAS-MAC的第二RRC参数,第二RRC参数包括第一RRC参数的明文或密文。Receiving an extended service request message from the user equipment, and sending, according to the extended service request message, a first RRC parameter, where the first RRC parameter includes redirection information, the redirection information is used to indicate a target base station that is redirected by the user equipment, and the NAS is received from the MME. -MAC; sending an RRC connection release message to the user equipment, the RRC connection release message including the NAS-MAC and the second RRC parameter for generating the NAS-MAC, the second RRC parameter including the plaintext or ciphertext of the first RRC parameter.

第五方面,本发明实施例提供一种用户设备,其特征在于,包括处理器、存储器以及收发器,存储器中存储一组程序代码,且处理器调用存储器中存储的程序代码,用于执行以下操作:In a fifth aspect, an embodiment of the present invention provides a user equipment, including: a processor, a memory, and a transceiver, wherein the memory stores a set of program codes, and the processor calls the program code stored in the memory, and is configured to execute the following: operating:

向源基站发送扩展服务请求消息;接收源基站发送的RRC连接释放消息,RRC连接释放消息包括NAS-MAC和生成NAS-MAC的第二RRC参数,第二RRC参数包括重定向信息;根据用户设备的NAS完整性密钥和第二RRC参数,校验NAS-MAC;当NAS-MAC校验成功时,重定向到重定向信息所指示的目标基站。Sending an extended service request message to the source base station; receiving an RRC connection release message sent by the source base station, where the RRC connection release message includes a NAS-MAC and a second RRC parameter for generating a NAS-MAC, where the second RRC parameter includes redirection information; The NAS integrity key and the second RRC parameter check the NAS-MAC; when the NAS-MAC check succeeds, redirect to the target base station indicated by the redirect information.

第六方面,本发明实施例提供一种MME,其特征在于,包括处理器、存储器以及收发器,存储器中存储一组程序代码,且处理器调用存储器中存储的程序代码,用于执行以下操作:In a sixth aspect, an embodiment of the present invention provides an MME, including a processor, a memory, and a transceiver, where a set of program codes is stored in the memory, and the processor calls the program code stored in the memory to perform the following operations. :

从用户设备的源基站接收第一RRC参数,第一RRC参数包括重定向信息,重定向信息用于指示用户设备重定向的目标基站;根据用户设备的NAS完整性密钥和生成NAS-MAC的第二RRC参数,获得NAS-MAC,第二RRC参数包含第一RRC参数的明文或密文;向源基站发送NAS-MAC。 Receiving a first RRC parameter from a source base station of the user equipment, where the first RRC parameter includes redirection information, the redirection information is used to indicate a target base station that is redirected by the user equipment, and the NAS integrity key is generated according to the user equipment and the NAS-MAC is generated. The second RRC parameter obtains a NAS-MAC, and the second RRC parameter includes a plaintext or a ciphertext of the first RRC parameter; and sends the NAS-MAC to the source base station.

第七方面,本发明实施例提供一种通信系统,包括本发明实施例第四方面所公开的基站、第五方面所公开的用户设备以及第六方面所公开的MME。The seventh aspect of the present invention provides a communication system, including the base station disclosed in the fourth aspect of the embodiment of the present invention, the user equipment disclosed in the fifth aspect, and the MME disclosed in the sixth aspect.

附图说明DRAWINGS

为了更清楚地说明本发明实施例或背景技术中的技术方案,下面将对本发明实施例或背景技术中所需要使用的附图进行说明。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the background art, the drawings to be used in the embodiments of the present invention or the background art will be described below.

图1是本发明实施例公开的一种通信系统的架构示意图;1 is a schematic structural diagram of a communication system according to an embodiment of the present invention;

图2是本发明实施例公开的一种通信方法的流程示意图;2 is a schematic flow chart of a communication method according to an embodiment of the present invention;

图3是本发明另一实施例公开的一种通信方法的流程示意图;3 is a schematic flow chart of a communication method according to another embodiment of the present invention;

图4是本发明另一实施例公开的一种通信方法的流程示意图;4 is a schematic flow chart of a communication method according to another embodiment of the present invention;

图5是本发明另一实施例公开的一种通信方法的流程示意图;FIG. 5 is a schematic flowchart of a communication method according to another embodiment of the present invention; FIG.

图6是本发明另一实施例公开的一种通信方法的流程示意图;6 is a schematic flow chart of a communication method according to another embodiment of the present invention;

图7是本发明另一实施例公开的一种通信方法的流程示意图;FIG. 7 is a schematic flowchart of a communication method according to another embodiment of the present invention; FIG.

图8是本发明另一实施例公开的一种通信方法的流程示意图;FIG. 8 is a schematic flowchart diagram of a communication method according to another embodiment of the present invention; FIG.

图9是本发明另一实施例公开的一种通信方法的流程示意图;FIG. 9 is a schematic flowchart diagram of a communication method according to another embodiment of the present invention; FIG.

图10是本发明另一实施例公开的一种通信方法的流程示意图;FIG. 10 is a schematic flowchart diagram of a communication method according to another embodiment of the present invention; FIG.

图11是本发明实施例公开的一种通信装置的结构示意图;11 is a schematic structural diagram of a communication apparatus according to an embodiment of the present invention;

图12是本发明实施例公开的一种基站的结构示意图;FIG. 12 is a schematic structural diagram of a base station according to an embodiment of the present disclosure;

图13是本发明另一实施例公开的一种通信装置的结构示意图;FIG. 13 is a schematic structural diagram of a communication apparatus according to another embodiment of the present invention; FIG.

图14是本发明实施例公开的一种用户设备的结构示意图;FIG. 14 is a schematic structural diagram of a user equipment according to an embodiment of the present disclosure;

图15是本发明另一实施例公开的一种通信装置的结构示意图;FIG. 15 is a schematic structural diagram of a communication apparatus according to another embodiment of the present invention; FIG.

图16是本发明实施例公开的一种移动性管理实体的结构示意图;16 is a schematic structural diagram of a mobility management entity according to an embodiment of the present invention;

图17是本发明实施例公开的一种通信系统的结构示意图。FIG. 17 is a schematic structural diagram of a communication system according to an embodiment of the present invention.

具体实施方式detailed description

下面结合本发明实施例中的附图对本发明实施例进行描述。The embodiments of the present invention are described below in conjunction with the accompanying drawings in the embodiments of the present invention.

为了更好的理解本发明实施例公开的一种通信方法及装置,下面首先对本发明实施例适用的网络架构进行描述。请参见图1,图1是本发明实施例公开的一种通信系统的架构示意图。如图1所示,该通信系统可以包括用户设备10、通用分组无线服务技术(General Packet Radio Service,GPRS)业务支撑节点(serving GPRS support node,SGSN)20以及MME30。其中,用户设备10、SGSN20以及MME30之间可以通过通信连接进行数据传输。For a better understanding of a communication method and apparatus disclosed in the embodiments of the present invention, a network architecture to which the embodiments of the present invention are applied is first described. Referring to FIG. 1, FIG. 1 is a schematic structural diagram of a communication system according to an embodiment of the present invention. As shown in FIG. 1, the communication system may include a user equipment 10, a General Packet Radio Service (GPRS) service support node (SGSN) 20, and an MME 30. The user equipment 10, the SGSN 20, and the MME 30 can perform data transmission through a communication connection.

其中,用户设备10可以通过E-UTRAN与MME30之间建立通信连接,E-UTRAN中的基站可以包括演进型基站(Evolutional Node B,eNB)等。用户设备10可以通过UTRAN或者GERAN与SGSN20之间建立通信连接,UTRAN中的基站可以包括基站收发信台(Base Transceiver Station,BTS)或者基站控制器(Base Station Controller,BSC)等,GERAN中的基站可以包括基站(NodeB,NB)或者无线网络控制器(Radio Network Controller,RNC) 等。The user equipment 10 may establish a communication connection with the MME 30 through the E-UTRAN, and the base station in the E-UTRAN may include an evolved base station (eNB) or the like. The user equipment 10 can establish a communication connection with the SGSN 20 through the UTRAN or the GERAN. The base station in the UTRAN can include a Base Transceiver Station (BTS) or a Base Station Controller (BSC), and the base station in the GERAN. It may include a base station (NodeB, NB) or a radio network controller (RNC). Wait.

其中,用户设备10可以称为移动台、接入终端、用户单元、用户站、移动站、远方站、远程终端、移动设备、终端、无线通信设备、用户代理或用户装置等,其具体可以是WLAN中的站点(Station,ST)、蜂窝电话、无绳电话、会话启动协议(Session Initiation Protocol,SIP)电话、无线本地环路(Wireless Local Loop,WLL)站、个人数字处理(Personal Digital Assistant,PDA)、具有无线通信功能的手持设备、计算设备、连接到无线调制解调器的其它处理设备、车载设备、可穿戴设备、未来5G网络中的移动台以及未来演进的公共陆地移动网络(Public Land Mobile Network,PLMN)网络中的终端设备等中的任意一种。The user equipment 10 may be referred to as a mobile station, an access terminal, a subscriber unit, a subscriber station, a mobile station, a remote station, a remote terminal, a mobile device, a terminal, a wireless communication device, a user agent, or a user device, etc., which may specifically be Stations in the WLAN (Station, ST), cellular phones, cordless phones, Session Initiation Protocol (SIP) phones, Wireless Local Loop (WLL) stations, Personal Digital Assistant (PDA) ), handheld devices with wireless communication capabilities, computing devices, other processing devices connected to wireless modems, in-vehicle devices, wearable devices, mobile stations in future 5G networks, and the future evolution of the Public Land Mobile Network (Public Land Mobile Network, PLMN) Any of terminal devices and the like in the network.

其中,MME30是3GPP协议LTE接入网络的关键控制节点,可用于NAS信令的加密和完整性保护。The MME 30 is a key control node of the 3GPP protocol LTE access network, and can be used for encryption and integrity protection of NAS signaling.

应理解,本发明实施例的技术方案可以应用于各种通信系统,例如:全球移动通信系统(Global System for Mobile Communication,GSM)、码分多址(Code Division Multiple Access,CDMA)系统、宽带码分多址(Wideband Code Division Multiple Access,WCDMA)系统、通用分组无线业务(General Packet Radio Service,简称GPRS)、LTE系统、LTE频分双工(Frequency Division Duplex,简称FDD)系统、LTE时分双工(Time Division Duplex,简称TDD)、通用移动通信系统(Universal Mobile Telecommunication System,简称UMTS)或全球互联微波接入(Worldwide Interoperability for Microwave Access,简称WiMAX)通信系统等。It should be understood that the technical solutions of the embodiments of the present invention can be applied to various communication systems, for example, Global System for Mobile Communication (GSM), Code Division Multiple Access (CDMA) system, and wideband code. Wideband Code Division Multiple Access (WCDMA) system, General Packet Radio Service (GPRS), LTE system, LTE Frequency Division Duplex (FDD) system, LTE time division duplex (Time Division Duplex, referred to as TDD), Universal Mobile Telecommunication System (UMTS) or Worldwide Interoperability for Microwave Access (WiMAX) communication system.

基于图1所示的通信系统的架构示意图,请参见图2,图2是本发明实施例提供的一种通信方法,该方法包括但不限于如下步骤:FIG. 2 is a schematic diagram of a communication method according to the embodiment of the present invention. The method includes, but is not limited to, the following steps:

步骤S201:源基站从用户设备接收扩展服务请求消息。Step S201: The source base station receives an extended service request message from the user equipment.

其中,上述源基站可以是LTE系统中的eNB。The source base station may be an eNB in an LTE system.

其中,扩展服务请求消息可以封装在RRC连接设置完成消息中。The extended service request message may be encapsulated in an RRC connection setup complete message.

其中,扩展服务请求消息可以包含服务类型指示信息,服务类型指示信息用于指示UE请求执行的服务类型为CSFB,例如,主叫的电路交换域回落,被叫的电路交换域回落,紧急呼叫的电路交换域回落等。The extended service request message may include service type indication information, where the service type indication information is used to indicate that the service type requested by the UE is CSFB, for example, the circuit switched domain of the calling party falls back, the called circuit switched domain falls back, and the emergency call is The circuit switched domain falls back and so on.

步骤S202:源基站根据扩展服务请求消息,向MME发送第一RRC参数,第一RRC参数包括重定向信息。Step S202: The source base station sends a first RRC parameter to the MME according to the extended service request message, where the first RRC parameter includes redirection information.

其中,第一RRC参数包括重定向信息,重定向信息用于指示用户设备重定向的目标基站。The first RRC parameter includes redirection information, and the redirection information is used to indicate a target base station that is redirected by the user equipment.

其中,重定向信息可以包括重定向控制信息和PCI中的至少一种。The redirection information may include at least one of redirection control information and PCI.

其中,重定向控制信息可以用于指示用户设备重定向的目标基站,例如,可以是目标基站的标识。The redirection control information may be used to indicate a target base station to which the user equipment is redirected, for example, may be an identifier of the target base station.

其中,PCI可以用于区分不同的小区,例如,可以查找该PCI对应的小区,将该小区所属基站作为目标基站,以便重定向到该目标基站。The PCI can be used to distinguish different cells. For example, the cell corresponding to the PCI can be searched, and the base station to which the cell belongs is used as the target base station, so as to be redirected to the target base station.

其中,第一RRC参数可以是源基站发送给UE的RRC连接释放消息所包含的部分或者全部参数,例如,重定向信息、释放原因,以及与PCI相关的系统信息等。 The first RRC parameter may be part or all parameters included in the RRC connection release message sent by the source base station to the UE, for example, redirection information, release reason, system information related to the PCI, and the like.

其中,PCI相关的系统信息包括PCI对应的小区的系统参数,例如,服务频点,邻区频点,普通或共享的信道信息等。The PCI related system information includes system parameters of a cell corresponding to the PCI, for example, a service frequency point, a neighbor frequency point, normal or shared channel information, and the like.

步骤S203:源基站从MME接收NAS-MAC。Step S203: The source base station receives the NAS-MAC from the MME.

在一个示例中,上述方法还包括:源基站可以从MME接收NAS计数的部分比特位。In one example, the method further includes the source base station receiving a partial bit of the NAS count from the MME.

在一个示例中,上述方法还包括:源基站可以从MME接收第二RRC参数。其中,第二RRC参数为NAS-MAC的生成参数,第二RRC参数包括第一RRC参数的明文或密文。In an example, the method further includes the source base station receiving the second RRC parameter from the MME. The second RRC parameter is a generation parameter of the NAS-MAC, and the second RRC parameter includes a plaintext or a ciphertext of the first RRC parameter.

步骤S204:源基站向用户设备发送RRC连接释放消息,RRC连接释放消息包括NAS-MAC和第二RRC参数。Step S204: The source base station sends an RRC connection release message to the user equipment, where the RRC connection release message includes a NAS-MAC and a second RRC parameter.

在一个示例中,若源基站从MME接收到NAS计数的部分比特位,则源基站向用户设备发送的RRC连接释放消息还可以包括NAS计数的部分比特位,例如,NAS计数的低4比特。In an example, if the source base station receives a partial bit of the NAS count from the MME, the RRC Connection Release message sent by the source base station to the user equipment may further include a partial bit of the NAS count, for example, the lower 4 bits of the NAS count.

在一个示例中,若源基站从MME接收到的第二RRC参数,则源基站发送给用户设备的RRC连接释放消息还可以包括第二RRC参数。In an example, if the source eNB receives the second RRC parameter from the MME, the RRC connection release message sent by the source base station to the user equipment may further include the second RRC parameter.

在图2所描述的方法中,源基站根据用户设备发送的扩展服务请求消息,向MME发送第一RRC参数,从MME接收NAS-MAC,向用户设备发送RRC连接释放消息,RRC连接释放消息包括NAS-MAC和第二RRC参数,第二RRC参数为NAS-MAC的生成参数,第二RRC参数包括第一RRC参数的明文或密文,由于伪基站无法将正确的第一RRC参数告知MME,因此无法通过篡改第一RRC参数使用户设备下沉至2G,提升用户设备执行CSFB的安全性。In the method described in FIG. 2, the source base station sends a first RRC parameter to the MME according to the extended service request message sent by the user equipment, receives the NAS-MAC from the MME, and sends an RRC connection release message to the user equipment, where the RRC connection release message includes The NAS-MAC and the second RRC parameter, the second RRC parameter is a NAS-MAC generation parameter, and the second RRC parameter includes a plaintext or a ciphertext of the first RRC parameter, and the pseudo base station cannot notify the MME of the correct first RRC parameter. Therefore, the user equipment cannot be sunk to 2G by tampering with the first RRC parameter, and the security of the user equipment to perform CSFB is improved.

基于图1所示的通信系统的架构示意图,请参见图3,图3是本发明实施例提供的一种通信方法,该方法包括但不限于如下步骤:FIG. 3 is a schematic diagram of a communication method according to an embodiment of the present invention. The method includes, but is not limited to, the following steps:

步骤S301:用户设备向源基站发送扩展服务请求消息。Step S301: The user equipment sends an extended service request message to the source base station.

步骤S302:用户设备接收源基站发送的RRC连接释放消息,RRC连接释放消息包括NAS-MAC和第二RRC参数。Step S302: The user equipment receives an RRC connection release message sent by the source base station, where the RRC connection release message includes a NAS-MAC and a second RRC parameter.

其中,第二RRC参数为NAS-MAC的生成参数,第二RRC参数包括重定向信息,重定向信息用于指示用户设备重定向的目标基站。The second RRC parameter is a generation parameter of the NAS-MAC, and the second RRC parameter includes redirection information, where the redirection information is used to indicate the target base station to which the user equipment is redirected.

其中,第二RRC参数可以包括第一RRC参数的明文或者密文。The second RRC parameter may include plaintext or ciphertext of the first RRC parameter.

其中,第一RRC参数可以包括重定向信息。The first RRC parameter may include redirection information.

在一个示例中,RRC连接释放消息还可以包括NAS计数的部分比特位。In one example, the RRC Connection Release message may also include a partial bit of the NAS count.

需要指出的是,上述第一RRC参数,第二RRC参数,NAS计数以及重定向信息均可以参见图2所示实施例中的相关描述,不再赘述。It should be noted that the foregoing first RRC parameter, the second RRC parameter, the NAS count, and the redirection information can be referred to the related description in the embodiment shown in FIG. 2, and details are not described herein again.

步骤S303:用户设备根据用户设备的NAS完整性密钥和第二RRC参数,校验NAS-MAC。Step S303: The user equipment checks the NAS-MAC according to the NAS integrity key of the user equipment and the second RRC parameter.

在一个示例中,用户设备可以基于其与MME之间的NAS完整性算法以及该用户设备的NAS完整性密钥,对第二RRC参数进行完整性保护,生成NAS-MAC;用户设备将该用户设备生成的NAS-MAC和RRC连接释放消息中的NAS-MAC进行比较,当该用户设备生成的NAS-MAC和RRC连接释放消息中的NAS-MAC相同时,NAS-MAC校验成功; 当该用户设备生成的NAS-MAC和RRC连接释放消息中的NAS-MAC不相同时,NAS-MAC校验失败。In an example, the user equipment may perform integrity protection on the second RRC parameter based on the NAS integrity algorithm between the MME and the NAS integrity key of the user equipment to generate a NAS-MAC; the user equipment the user The NAS-MAC generated by the device is compared with the NAS-MAC in the RRC connection release message. When the NAS-MAC generated by the user equipment and the NAS-MAC in the RRC connection release message are the same, the NAS-MAC check succeeds. When the NAS-MAC generated by the user equipment is different from the NAS-MAC in the RRC Connection Release message, the NAS-MAC check fails.

在另一个示例中,若RRC连接释放消息包括NAS计数的部分比特位,则用户设备可以根据NAS计数的部分比特位,获取NAS计数,并根据NAS完整性密钥、第二RRC参数以及NAS计数,校验NAS-MAC。In another example, if the RRC connection release message includes a partial bit of the NAS count, the user equipment may acquire the NAS count according to the partial bits of the NAS count, and according to the NAS integrity key, the second RRC parameter, and the NAS count. , verify the NAS-MAC.

具体实现中,用户设备可以根据NAS计数的部分比特位和NAS计数的对应关系,获取上述NAS计数的部分比特位对应的NAS计数。用户设备可以基于其与MME之间的NAS完整性算法以及该用户设备的NAS完整性密钥,对第二RRC参数和获取到的NAS计数进行完整性保护,生成NAS-MAC;用户设备将该用户设备生成的NAS-MAC和RRC连接释放消息中的NAS-MAC进行比较,当该用户设备生成的NAS-MAC和RRC连接释放消息中的NAS-MAC相同时,NAS-MAC校验成功;当该用户设备生成的NAS-MAC和RRC连接释放消息中的NAS-MAC不相同时,NAS-MAC校验失败。In a specific implementation, the user equipment may obtain the NAS count corresponding to the partial bits of the NAS count according to the correspondence between the partial bits of the NAS count and the NAS count. The user equipment may perform integrity protection on the second RRC parameter and the acquired NAS count based on the NAS integrity algorithm between the MME and the NAS integrity key of the user equipment to generate a NAS-MAC; the user equipment will The NAS-MAC generated by the user equipment is compared with the NAS-MAC in the RRC connection release message. When the NAS-MAC generated by the user equipment and the NAS-MAC in the RRC connection release message are the same, the NAS-MAC check succeeds; When the NAS-MAC generated by the user equipment is different from the NAS-MAC in the RRC Connection Release message, the NAS-MAC check fails.

在另一个示例中,若RRC连接释放消息包括NAS计数的部分比特位,则用户设备可以根据NAS计数的部分比特位,获取NAS计数,根据用户设备的ASME密钥(例如,Kasme)和NAS计数,获得衍生的NAS完整性密钥,并根据衍生的NAS完整性密钥和第二RRC参数,校验NAS-MAC。In another example, if the RRC connection release message includes a partial bit of the NAS count, the user equipment may acquire the NAS count according to the partial bits of the NAS count, according to the ASME key (eg, Kasme) and NAS count of the user equipment. Obtain a derived NAS integrity key and verify the NAS-MAC according to the derived NAS integrity key and the second RRC parameter.

具体实现中,用户设备可以通过预设的或者其与MME之间的密钥衍生算法,对该用户设备的ASME密钥和获取到的NAS计数进行处理,得到衍生的NAS完整性密钥。用户设备可以基于其与MME之间的NAS完整性算法以及获得的衍生的NAS完整性密钥,对第二RRC参数进行完整性保护,生成NAS-MAC。用户设备将该用户设备生成的NAS-MAC和RRC连接释放消息中的NAS-MAC进行比较,当该用户设备生成的NAS-MAC和RRC连接释放消息中的NAS-MAC相同时,NAS-MAC校验成功;当该用户设备生成的NAS-MAC和RRC连接释放消息中的NAS-MAC不相同时,NAS-MAC校验失败。In a specific implementation, the user equipment may process the ASME key of the user equipment and the obtained NAS count by using a key derivation algorithm between the user equipment and the MME to obtain a derived NAS integrity key. The user equipment may perform integrity protection on the second RRC parameter based on the NAS integrity algorithm between the MME and the obtained NAS integrity algorithm to generate the NAS-MAC. The user equipment compares the NAS-MAC generated by the user equipment with the NAS-MAC in the RRC connection release message. When the NAS-MAC generated by the user equipment and the NAS-MAC in the RRC connection release message are the same, the NAS-MAC school The success is successful; when the NAS-MAC generated by the user equipment and the NAS-MAC in the RRC Connection Release message are different, the NAS-MAC check fails.

步骤S304:当NAS-MAC校验成功时,用户设备重定向到重定向信息所指示的目标基站。Step S304: When the NAS-MAC verification is successful, the user equipment is redirected to the target base station indicated by the redirection information.

在一个示例中,当NAS-MAC校验成功,且第二RRC参数为第一RRC参数的密文时,用户设备可以使用该用户设备的NAS加密密钥对第二RRC参数进行解密,获得重定向信息,并重定向到该重定向信息所指示的目标基站。In an example, when the NAS-MAC check succeeds and the second RRC parameter is the ciphertext of the first RRC parameter, the user equipment may decrypt the second RRC parameter by using the NAS encryption key of the user equipment, and obtain the weight. The information is directed and redirected to the target base station indicated by the redirect information.

在另一个示例中,当NAS-MAC校验成功,且第二RRC参数为第一RRC参数的密文时,用户设备可以根据用户设备的ASME密钥和NAS计数,获得衍生的NAS加密密钥,使用衍生的NAS加密密钥对第二RRC参数进行解密,获得重定向信息,并重定向到重定向信息所指示的目标基站。In another example, when the NAS-MAC check succeeds and the second RRC parameter is the ciphertext of the first RRC parameter, the user equipment may obtain the derived NAS encryption key according to the ASME key and the NAS count of the user equipment. Decrypting the second RRC parameter using the derived NAS encryption key, obtaining redirection information, and redirecting to the target base station indicated by the redirection information.

在另一个示例中,当NAS-MAC校验失败时,用户设备可以断开与源基站之间的连接。In another example, when the NAS-MAC check fails, the user equipment can disconnect from the source base station.

在图3所描述的方法中,用户设备接收源基站发送的NAS-MAC和第二RRC参数,第二RRC参数为NAS-MAC的生成参数,第二RRC参数包括重定向信息,用户设备根据用户设备的NAS完整性密钥和第二RRC参数,校验NAS-MAC,当NAS-MAC校验成功时,用户设备重定向到重定向信息所指示的目标基站,用户设备通过校验NAS-MAC,对源基站进行身份识别,可提高用户设备执行CSFB的安全性。 In the method described in FIG. 3, the user equipment receives the NAS-MAC and the second RRC parameter sent by the source base station, the second RRC parameter is a NAS-MAC generation parameter, and the second RRC parameter includes redirection information, and the user equipment is based on the user. The NAS integrity key and the second RRC parameter of the device verify the NAS-MAC. When the NAS-MAC check succeeds, the user equipment is redirected to the target base station indicated by the redirection information, and the user equipment passes the verification NAS-MAC. The identification of the source base station can improve the security of the user equipment to perform CSFB.

基于图1所示的通信系统的架构示意图,请参见图4,图4是本发明实施例提供的一种通信方法,该方法包括但不限于如下步骤:FIG. 4 is a schematic diagram of a communication method according to the embodiment of the present invention. The method includes, but is not limited to, the following steps:

步骤S401:MME从用户设备的源基站接收第一RRC参数,第一RRC参数包括重定向信息。Step S401: The MME receives the first RRC parameter from the source base station of the user equipment, where the first RRC parameter includes redirection information.

步骤S402:MME根据用户设备的NAS完整性密钥和第二RRC参数,获得NAS-MAC,第二RRC参数为NAS-MAC的生成参数。Step S402: The MME obtains the NAS-MAC according to the NAS integrity key of the user equipment and the second RRC parameter, and the second RRC parameter is a generation parameter of the NAS-MAC.

例如,MME可以基于其与用户设备协商得到的NAS完整性算法,以及该用户设备的NAS完整性密钥,对第二RRC参数进行完整性保护,生成NAS-MAC。For example, the MME may perform integrity protection on the second RRC parameter based on the NAS integrity algorithm negotiated with the user equipment and the NAS integrity key of the user equipment to generate a NAS-MAC.

其中,第二RRC参数可以包括第一RRC参数的明文或者密文。The second RRC parameter may include plaintext or ciphertext of the first RRC parameter.

其中,第二RRC参数,第一RRC参数,以及重定向信息等均可以参见图2所示实施例中的相关描述,不再赘述。For the second RRC parameter, the first RRC parameter, and the redirection information, refer to the related description in the embodiment shown in FIG. 2, and details are not described herein.

在一个示例中,MME可以使用用户设备的NAS完整性密钥,对该第二RRC参数进行完整性保护,生成NAS-MAC。其中,该示例中的第二RRC参数可以为第一RRC参数的明文。In an example, the MME may perform integrity protection on the second RRC parameter using the NAS integrity key of the user equipment to generate a NAS-MAC. The second RRC parameter in this example may be the plaintext of the first RRC parameter.

在另一个示例中,MME可以使用用户设备的NAS完整性密钥,对第二RRC参数和NAS计数进行完整性保护,生成NAS-MAC。其中,该示例中的第二RRC参数可以为第一RRC参数的明文。In another example, the MME may perform integrity protection on the second RRC parameter and the NAS count using the NAS integrity key of the user equipment to generate a NAS-MAC. The second RRC parameter in this example may be the plaintext of the first RRC parameter.

在另一个示例中,MME根据用户设备的NAS完整性密钥和第二RRC参数,获得NAS-MAC之前,可以使用该用户设备的NAS加密密钥对第一RRC参数进行加密,得到第二RRC参数。其中,该示例中的第二RRC参数可以为第一RRC参数的密文。In another example, before obtaining the NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment, the MME may use the NAS encryption key of the user equipment to encrypt the first RRC parameter to obtain the second RRC. parameter. The second RRC parameter in this example may be the ciphertext of the first RRC parameter.

在另一个示例中,MME可以根据用户设备的ASME密钥和NAS计数,获得衍生的NAS完整性密钥,使用衍生的NAS完整性密钥对第二RRC参数进行完整性保护,生成NAS-MAC。其中,该示例中的第二RRC参数可以为第一RRC参数的明文。In another example, the MME may obtain a derived NAS integrity key according to the ASME key and the NAS count of the user equipment, and perform integrity protection on the second RRC parameter using the derived NAS integrity key to generate a NAS-MAC. . The second RRC parameter in this example may be the plaintext of the first RRC parameter.

在另一个示例中,MME根据用户设备的NAS完整性密钥和第二RRC参数,获得NAS-MAC之前,可以根据该用户设备的ASME密钥和NAS计数,获得衍生的NAS加密密钥,使用衍生的NAS加密密钥对第一RRC参数进行加密,得到第二RRC参数。其中,该示例中的第二RRC参数可以为第一RRC参数的密文。In another example, before obtaining the NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment, the MME may obtain the derived NAS encryption key according to the ASME key and the NAS count of the user equipment, and use The derived NAS encryption key encrypts the first RRC parameter to obtain a second RRC parameter. The second RRC parameter in this example may be the ciphertext of the first RRC parameter.

步骤S403:MME向源基站发送NAS-MAC。Step S403: The MME sends the NAS-MAC to the source base station.

在一个示例中,若MME使用该用户设备的NAS加密密钥对第一RRC参数进行加密,得到第二RRC参数,并根据用户设备的NAS完整性密钥和该第二RRC参数,获得NAS-MAC,则MME可以向源基站发送该NAS-MAC和该第二RRC参数。In an example, if the MME encrypts the first RRC parameter by using the NAS encryption key of the user equipment, the second RRC parameter is obtained, and the NAS is obtained according to the NAS integrity key of the user equipment and the second RRC parameter. MAC, the MME may send the NAS-MAC and the second RRC parameter to the source base station.

在另一个示例中,若MME根据该用户设备的ASME密钥和NAS计数,获得衍生的NAS加密密钥,使用衍生的NAS加密密钥对第一RRC参数进行加密,得到第二RRC参数,并根据用户设备的NAS完整性密钥和该第二RRC参数,获得NAS-MAC,则MME可以向源基站发送该NAS-MAC和该第二RRC参数。In another example, if the MME obtains the derived NAS encryption key according to the ASME key and the NAS count of the user equipment, the first RRC parameter is encrypted by using the derived NAS encryption key to obtain the second RRC parameter, and Obtaining the NAS-MAC according to the NAS integrity key of the user equipment and the second RRC parameter, the MME may send the NAS-MAC and the second RRC parameter to the source base station.

在另一个示例中,若MME使用用户设备的NAS完整性密钥,对第二RRC参数和NAS计数进行完整性保护,生成NAS-MAC,则MME可以向源基站发送该NAS-MAC和该NAS 计数的部分比特位。In another example, if the MME performs integrity protection on the second RRC parameter and the NAS count using the NAS integrity key of the user equipment to generate the NAS-MAC, the MME may send the NAS-MAC and the NAS to the source base station. Part of the bit counted.

在另一个示例中,若MME根据用户设备的ASME密钥和NAS计数,获得衍生的NAS完整性密钥,使用衍生的NAS完整性密钥对第二RRC参数进行完整性保护,生成NAS-MAC,则MME可以向源基站发送该NAS-MAC和该NAS计数的部分比特位。In another example, if the MME obtains the derived NAS integrity key according to the ASME key and the NAS count of the user equipment, and uses the derived NAS integrity key to perform integrity protection on the second RRC parameter to generate the NAS-MAC. The MME may send the NAS-MAC and some bits of the NAS count to the source base station.

在另一个示例中,若MME根据用户设备的ASME密钥和NAS计数,获得衍生的NAS完整性密钥和衍生的NAS加密密钥,且MME使用衍生的NAS加密密钥对第一RRC参数进行加密,得到第二RRC参数,并使用衍生的NAS完整性密钥对第二RRC参数进行完整性保护,生成NAS-MAC,则MME可以向源基站发送该NAS-MAC和NAS计数的部分比特位。In another example, if the MME obtains the derived NAS integrity key and the derived NAS encryption key according to the ASME key and the NAS count of the user equipment, and the MME uses the derived NAS encryption key to perform the first RRC parameter. Encrypting, obtaining the second RRC parameter, and performing integrity protection on the second RRC parameter by using the derived NAS integrity key to generate a NAS-MAC, where the MME may send the NAS-MAC and the NAS count part of the bit to the source base station. .

在图4所描述的方法中,MME从用户设备的源基站接收第一RRC参数,第一RRC参数包括重定向信息,根据用户设备的NAS完整性密钥和第二RRC参数,获得NAS-MAC,第二RRC参数为NAS-MAC的生成参数,并向源基站发送NAS-MAC,MME使用UE的NAS完整性密钥对第二RRC参数进行完整性保护,可避免对第一RRC参数进行篡改,提高用户设备执行CSFB的安全性。In the method described in FIG. 4, the MME receives a first RRC parameter from a source base station of the user equipment, where the first RRC parameter includes redirection information, and obtains NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment. The second RRC parameter is a NAS-MAC generation parameter, and sends a NAS-MAC to the source base station. The MME uses the NAS integrity key of the UE to perform integrity protection on the second RRC parameter, thereby avoiding tampering with the first RRC parameter. Improve the security of user equipment to perform CSFB.

基于图1所示的通信系统的架构示意图,请参见图5,图5是本发明实施例提供的一种通信方法,该方法包括但不限于如下步骤:FIG. 5 is a schematic diagram of a communication system according to the embodiment of the present invention. The method includes, but is not limited to, the following steps:

步骤S501:UE向源基站发送扩展服务请求消息。Step S501: The UE sends an extended service request message to the source base station.

其中,上述源基站可以是LTE系统中的eNB。The source base station may be an eNB in an LTE system.

在一个示例中,当UE准备连接到网络时,UE可以向eNB发送扩展服务请求消息。In one example, when the UE is ready to connect to the network, the UE may send an Extended Service Request message to the eNB.

在另一个示例中,当UE准备连接到网络时,UE可以主动发送RRC连接请求(RRC Conncetion Request)消息到eNB,RRC连接请求消息可以携带UE请求建立RRC连接的原因(establishment Cause)。eNB响应该RRC连接请求消息,向UE发送RRC连接设置(RRC Connection Setup)消息。UE响应该RRC连接设置消息,向eNB发送携带有服务类型指示信息的扩展服务请求消息。In another example, when the UE is ready to connect to the network, the UE may actively send an RRC Connection Request (RRC Conncetion Request) message to the eNB, and the RRC connection request message may carry an establishment cause of the UE requesting to establish an RRC connection. The eNB transmits an RRC Connection Setup message to the UE in response to the RRC Connection Request message. The UE transmits an extended service request message carrying the service type indication information to the eNB in response to the RRC connection setup message.

其中,服务类型指示信息用于指示UE请求执行的服务类型为CSFB,例如,主叫的电路交换域回落,被叫的电路交换域回落,紧急呼叫的电路交换域回落等。The service type indication information is used to indicate that the service type requested by the UE is CSFB, for example, the circuit switched domain of the calling party falls back, the circuit switched domain of the called party falls back, and the circuit switched domain of the emergency call falls back.

步骤S502:源基站根据扩展服务请求消息,向MME发送第一RRC参数。Step S502: The source base station sends the first RRC parameter to the MME according to the extended service request message.

其中,第一RRC参数包括重定向信息,重定向信息用于指示用户设备重定向的目标基站。The first RRC parameter includes redirection information, and the redirection information is used to indicate a target base station that is redirected by the user equipment.

其中,重定向信息可以包括重定向控制信息和PCI中的至少一种。The redirection information may include at least one of redirection control information and PCI.

需要说明的是,重定向信息,重定向控制信息,PCI,第一RRC参数,第二RRC参数等均可以参见图2-4任一附图所示实施中的相关描述,不再赘述。It should be noted that the redirection information, the redirection control information, the PCI, the first RRC parameter, the second RRC parameter, and the like may be referred to the related description in the implementation shown in any of the figures in FIG.

以源基站为eNB为例,UE向eNB发送扩展服务请求消息之后,eNB可以向MME发送初始化UE消息,初始化UE消息携带第一RRC参数。该第一RRC参数可以是eNB发送给UE的RRC连接释放消息所包含的部分或者全部参数,例如,重定向信息、释放原因,以及与PCI相关的系统信息等。其中,初始化UE消息可以封装有扩展服务请求消息。Taking the source base station as an eNB as an example, after the UE sends an extended service request message to the eNB, the eNB may send an initializing UE message to the MME, and the initializing UE message carries the first RRC parameter. The first RRC parameter may be part or all parameters included in the RRC connection release message sent by the eNB to the UE, for example, redirection information, release reason, system information related to the PCI, and the like. The initialization UE message may be encapsulated with an extended service request message.

可选的,以源基站为eNB为例,eNB向MME发送初始化UE消息之前,eNB可以通 过以下两种方式得知需要在初始化UE消息中携带第一RRC参数。Optionally, taking the source base station as an eNB as an example, before the eNB sends the initializing UE message to the MME, the eNB may The following two methods are used to learn that the first RRC parameter needs to be carried in the initialization UE message.

第一种方式:若UE主动发送RRC连接请求消息到eNB,则eNB可以获取RRC连接请求消息携带的UE请求建立RRC连接的原因,当UE请求建立RRC连接的原因指示UE将发起CSFB或指示发起的连接类型包含CSFB时,eNB可以向MME发送携带有第一RRC参数的初始化UE消息。The first mode: if the UE actively sends an RRC connection request message to the eNB, the eNB may acquire the reason that the UE carried in the RRC connection request message requests to establish an RRC connection, and the reason that the UE requests to establish an RRC connection indicates that the UE will initiate the CSFB or initiate the initiation. When the connection type includes CSFB, the eNB may send an initialization UE message carrying the first RRC parameter to the MME.

第二种方式:当eNB接收到扩展服务请求消息时,eNB可以向MME发送携带有第一RRC参数的初始化UE消息。可选的,eNB可以识别扩展服务请求消息携带的服务类型指示信息,当该服务类型指示信息用于指示UE请求执行的服务类型为CSFB时,eNB可以向MME发送携带有第一RRC参数的初始化UE消息。The second mode: When the eNB receives the extended service request message, the eNB may send an initial UE message carrying the first RRC parameter to the MME. Optionally, the eNB may identify the service type indication information carried in the extended service request message, and when the service type indication information is used to indicate that the service type requested by the UE is CSFB, the eNB may send the initialization that carries the first RRC parameter to the MME. UE message.

步骤S503:MME使用UE的NAS完整性密钥对第二RRC参数进行完整性保护,生成NAS-MAC。Step S503: The MME performs integrity protection on the second RRC parameter by using the NAS integrity key of the UE, and generates a NAS-MAC.

在一个示例中,MME接收到初始化UE消息之后,可以根据扩展服务请求消息决定进行CSFB,进而基于其与UE协商得到的NAS完整性算法,以及该UE的NAS完整性密钥Knas-int对第二RRC参数进行完整性保护,生成NAS-MAC。In an example, after receiving the initialization UE message, the MME may decide to perform CSFB according to the extended service request message, and then based on the NAS integrity algorithm negotiated with the UE, and the NAS integrity key Knas-int pair of the UE. The second RRC parameter performs integrity protection to generate a NAS-MAC.

其中,第二RRC参数可以为第一RRC参数的明文。The second RRC parameter may be the plaintext of the first RRC parameter.

步骤S504:MME向源基站发送NAS-MAC。Step S504: The MME sends the NAS-MAC to the source base station.

以源基站为eNB为例,MME可以向eNB发送UE上下文改变请求(UE Context Modification Request)消息,UE上下文改变请求消息可以包括上述生成得到的NAS-MAC。Taking the source base station as an eNB as an example, the MME may send a UE Context Modification Request message to the eNB, and the UE context change request message may include the generated NAS-MAC.

在一个示例中,UE上下文改变请求消息还可以包括CSFB指示(CS Fallback Indication)信息,CSFB指示信息用于指示源基站对UE执行CSFB。In an example, the UE context change request message may further include CS Fallback Indication information, where the CSFB indication information is used to indicate that the source base station performs CSFB on the UE.

步骤S505:源基站向UE发送RRC连接释放消息,RRC连接释放消息包括NAS-MAC和第二RRC参数。Step S505: The source base station sends an RRC connection release message to the UE, where the RRC connection release message includes a NAS-MAC and a second RRC parameter.

在一个示例中,若UE上下文改变请求消息包括CSFB指示信息,则源基站可以响应该CSFB指示信息,向UE发送RRC连接释放消息,该RRC连接释放消息可以包括UE上下文改变请求消息中的NAS-MAC和第二RRC参数。In an example, if the UE context change request message includes CSFB indication information, the source base station may send an RRC connection release message to the UE in response to the CSFB indication information, where the RRC connection release message may include the NAS in the UE context change request message. MAC and second RRC parameters.

在另一个示例中,源基站可以根据UE上下文改变请求消息对第一RRC参数进行更新,则源基站可以将在步骤S502发送给MME的第一RRC参数和更新后的第一RRC参数进行比较,当在步骤S502发送给MME的第一RRC参数和更新后的第一RRC参数不相同时,源基站可以将更新后的第一RRC参数发送给MME,MME基于更新后的第一RRC参数得到更新后的第二RRC参数,并使用UE的NAS完整性密钥对更新后的第二RRC参数进行完整性保护,生成更新后的NAS-MAC,源基站接收到MME发送的更新后的NAS-MAC之后,可以向UE发送RRC连接释放消息,RRC连接释放消息包括更新后的NAS-MAC和更新后的第二RRC参数。当源基站未对第一RRC参数进行更新时,源基站可以确定第一RRC参数保持不变,即在步骤S502发送给MME的第一RRC参数和需要发送给UE的第二RRC参数相同,源基站可以向UE发送RRC连接释放消息,RRC连接释放消息包括MME在步骤S503生成的NAS-MAC和在步骤S502发送给MME的第一RRC参数。In another example, the source base station may update the first RRC parameter according to the UE context change request message, and the source base station may compare the first RRC parameter sent to the MME in step S502 with the updated first RRC parameter, When the first RRC parameter sent to the MME and the updated first RRC parameter are different in step S502, the source base station may send the updated first RRC parameter to the MME, and the MME is updated based on the updated first RRC parameter. The second RRC parameter is followed, and the updated second RRC parameter is used for integrity protection using the NAS integrity key of the UE to generate an updated NAS-MAC, and the source base station receives the updated NAS-MAC sent by the MME. Thereafter, the RRC connection release message may be sent to the UE, where the RRC connection release message includes the updated NAS-MAC and the updated second RRC parameter. When the source eNB does not update the first RRC parameter, the source eNB may determine that the first RRC parameter remains unchanged, that is, the first RRC parameter sent to the MME in step S502 is the same as the second RRC parameter that needs to be sent to the UE, and the source The base station may send an RRC connection release message to the UE, where the RRC connection release message includes the NAS-MAC generated by the MME in step S503 and the first RRC parameter sent to the MME in step S502.

步骤S506:UE使用该UE的NAS完整性密钥和第二RRC参数,校验NAS-MAC。Step S506: The UE checks the NAS-MAC by using the NAS integrity key and the second RRC parameter of the UE.

具体实现中,UE可以基于与MME协商得到的NAS完整性算法,使用自己的NAS完 整性密钥对第二RRC参数进行完整性保护,生成NAS-MAC,进而UE可以将UE生成的NAS-MAC和RRC连接释放消息中的NAS-MAC进行比较,当UE生成的NAS-MAC和RRC连接释放消息中的NAS-MAC相同时,UE可以确定NAS-MAC校验成功;当UE生成的NAS-MAC和RRC连接释放消息中的NAS-MAC不相同时,UE可以确定NAS-MAC校验失败。In a specific implementation, the UE may use its own NAS based on the NAS integrity algorithm negotiated with the MME. The integrity key protects the integrity of the second RRC parameter to generate a NAS-MAC, and the UE can compare the NAS-MAC generated by the UE with the NAS-MAC in the RRC Connection Release message, and the NAS-MAC generated by the UE When the NAS-MAC in the RRC Connection Release message is the same, the UE may determine that the NAS-MAC check is successful; when the NAS-MAC generated by the UE and the NAS-MAC in the RRC Connection Release message are different, the UE may determine the NAS-MAC calibration. The test failed.

步骤S507:当NAS-MAC校验成功时,UE重定向到重定向信息所指示的目标基站。Step S507: When the NAS-MAC check succeeds, the UE redirects to the target base station indicated by the redirection information.

示例性的,当NAS-MAC校验成功时,UE可以重定向到重定向信息所指示的2G基站,以实现CSFB。Exemplarily, when the NAS-MAC check is successful, the UE may redirect to the 2G base station indicated by the redirection information to implement CSFB.

步骤S508:当NAS-MAC校验失败时,UE断开与源基站之间的连接。Step S508: When the NAS-MAC check fails, the UE disconnects from the source base station.

具体实现中,当NAS-MAC校验失败时,UE可以释放当前连接的源基站,重选一个基站接入。In a specific implementation, when the NAS-MAC check fails, the UE may release the currently connected source base station and reselect one base station to access.

在图5所描述的方法中,MME使用UE的NAS完整性密钥对第二RRC参数进行完整性保护,生成NAS-MAC,由于伪基站无法将正确的第一RRC参数通过初始化UE消息告知MME,也不具备UE的NAS完整性密钥,因此无法通过篡改第二RRC参数使UE下沉至2G,解决了一个威胁场景,另外NAS-MAC校验失败后,UE可以断开与伪基站之间的连接,提升UE的安全性。In the method described in FIG. 5, the MME performs integrity protection on the second RRC parameter using the NAS integrity key of the UE to generate a NAS-MAC, because the pseudo base station cannot notify the MME by initializing the UE message by correcting the first RRC parameter. It does not have the NAS integrity key of the UE, so the UE cannot be sunk to 2G by tampering with the second RRC parameter, and a threat scenario is solved. After the NAS-MAC check fails, the UE can disconnect from the pseudo base station. The connection between the two increases the security of the UE.

基于图1所示的通信系统的架构示意图,请参见图6,图6是本发明另一实施例提供的一种通信方法,该方法包括但不限于如下步骤:FIG. 6 is a schematic diagram of a communication method according to another embodiment of the present invention. The method includes, but is not limited to, the following steps:

步骤S601:UE向源基站发送扩展服务请求消息。Step S601: The UE sends an extended service request message to the source base station.

本发明实施例中的步骤S601具体可以参见实施例五中的步骤S501,本发明实施例不再赘述。For the step S601 in the embodiment of the present invention, reference may be made to the step S501 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.

步骤S602:源基站根据扩展服务请求消息,向MME发送第一RRC参数。Step S602: The source base station sends the first RRC parameter to the MME according to the extended service request message.

本发明实施例中的步骤S602具体可以参见实施例五中的步骤S502,本发明实施例不再赘述。For the step S602 in the embodiment of the present invention, reference may be made to the step S502 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.

步骤S603:MME使用UE的NAS完整性密钥对第二RRC参数和NAS计数进行完整性保护,生成NAS-MAC。Step S603: The MME performs integrity protection on the second RRC parameter and the NAS count by using the NAS integrity key of the UE, and generates a NAS-MAC.

在一个示例中,MME接收到源基站发送的初始化UE消息之后,可以获取对应UE的上下文中的NAS计数,并基于其与UE协商得到的NAS完整性算法,以及该UE的NAS完整性密钥,对第二RRC参数和获取到的NAS计数进行完整性保护,生成NAS-MAC。In an example, after receiving the initial UE message sent by the source base station, the MME may acquire the NAS count in the context of the corresponding UE, and based on the NAS integrity algorithm negotiated with the UE, and the NAS integrity key of the UE. And performing integrity protection on the second RRC parameter and the acquired NAS count to generate a NAS-MAC.

其中,MME获取到的NAS计数可以为下行NAS计数。The NAS count obtained by the MME may be a downlink NAS count.

其中,第二RRC参数可以为第一RRC参数的明文。The second RRC parameter may be the plaintext of the first RRC parameter.

步骤S604:MME向源基站发送NAS-MAC和NAS计数的部分比特位。Step S604: The MME sends partial bits of the NAS-MAC and NAS count to the source base station.

以源基站为eNB为例,MME可以向eNB发送UE上下文改变请求消息,UE上下文改变请求消息可以包括上述生成得到的NAS-MAC和NAS计数的部分比特位。示例性的,NAS计数的部分比特位可以为NAS计数的低3-8位。Taking the source base station as an eNB as an example, the MME may send a UE context change request message to the eNB, where the UE context change request message may include the generated NAS-MAC and a part of the bit counted by the NAS. Illustratively, the partial bits of the NAS count can be the lower 3-8 bits of the NAS count.

在一个示例中,UE上下文改变请求消息还可以包括CSFB指示信息,CSFB指示信息用于指示源基站对UE执行CSFB。 In one example, the UE Context Change Request message may further include CSFB indication information for indicating that the source base station performs CSFB on the UE.

步骤S605:源基站向UE发送RRC连接释放消息,RRC连接释放消息包括NAS-MAC、第二RRC参数和NAS计数的部分比特位。Step S605: The source base station sends an RRC connection release message to the UE, where the RRC connection release message includes a NAS-MAC, a second RRC parameter, and a partial bit of the NAS count.

在一个示例中,若UE上下文改变请求消息包括CSFB指示信息,则源基站可以响应该CSFB指示信息,向UE发送RRC连接释放消息,该RRC连接释放消息可以包括UE上下文改变请求消息中的NAS-MAC、第二RRC参数以及MME发送给源基站的NAS计数的部分比特位。In an example, if the UE context change request message includes CSFB indication information, the source base station may send an RRC connection release message to the UE in response to the CSFB indication information, where the RRC connection release message may include the NAS in the UE context change request message. The MAC, the second RRC parameter, and a partial bit of the NAS count sent by the MME to the source base station.

在另一个示例中,源基站可以根据UE上下文改变请求消息对第一RRC参数进行更新,则源基站可以将在步骤S602发送给MME的第一RRC参数和更新后的第一RRC参数进行比较,当在步骤S602发送给MME的第一RRC参数和更新后的第一RRC参数不相同时,源基站可以将更新后的第一RRC参数发送给MME,MME基于更新后的第一RRC参数得到更新后的第二RRC参数,并使用UE的NAS完整性密钥对更新后的第二RRC参数和NAS计数进行完整性保护,生成更新后的NAS-MAC,源基站接收到MME发送的更新后的NAS-MAC之后,可以向UE发送RRC连接释放消息,RRC连接释放消息包括更新后的NAS-MAC、更新后的第二RRC参数和NAS计数的部分比特位。当源基站未对第一RRC参数进行更新时,源基站可以确定第一RRC参数保持不变,即在步骤S602发送给MME的第一RRC参数和需要发送给UE的第二RRC参数相同,源基站可以向UE发送RRC连接释放消息,RRC连接释放消息包括MME在步骤S603生成的NAS-MAC、在步骤S602发送给MME的第一RRC参数和NAS计数的部分比特位。In another example, the source base station may update the first RRC parameter according to the UE context change request message, and the source base station may compare the first RRC parameter sent to the MME in step S602 with the updated first RRC parameter, When the first RRC parameter sent to the MME and the updated first RRC parameter are different in step S602, the source base station may send the updated first RRC parameter to the MME, and the MME is updated based on the updated first RRC parameter. The second RRC parameter is followed, and the updated second RRC parameter and the NAS count are integrity-protected using the NAS integrity key of the UE, and the updated NAS-MAC is generated, and the source base station receives the updated MME sent After the NAS-MAC, the RRC connection release message may be sent to the UE, where the RRC connection release message includes the updated NAS-MAC, the updated second RRC parameter, and a partial bit of the NAS count. When the source eNB does not update the first RRC parameter, the source eNB may determine that the first RRC parameter remains unchanged, that is, the first RRC parameter sent to the MME in step S602 is the same as the second RRC parameter that needs to be sent to the UE, and the source The base station may send an RRC connection release message to the UE, where the RRC connection release message includes the NAS-MAC generated by the MME in step S603, the first RRC parameter sent to the MME in step S602, and a partial bit of the NAS count.

步骤S606:UE根据NAS计数的部分比特位获取该NAS计数。Step S606: The UE acquires the NAS count according to part of the bits counted by the NAS.

具体实现中,UE可以根据NAS计数的部分比特位和NAS计数的对应关系,获取上述NAS计数的部分比特位对应的NAS计数。其中,各个NAS计数的部分比特位及其对应的NAS计数可以是预先存储到UE的存储器中的。In a specific implementation, the UE may obtain the NAS count corresponding to the partial bits of the NAS count according to the correspondence between the partial bits of the NAS count and the NAS count. The partial bits of each NAS count and their corresponding NAS counts may be pre-stored in the memory of the UE.

步骤S607:UE使用该UE的NAS完整性密钥、第二RRC参数和获取到的NAS计数,校验NAS-MAC。Step S607: The UE checks the NAS-MAC by using the NAS integrity key of the UE, the second RRC parameter, and the acquired NAS count.

具体实现中,UE可以基于其与MME协商得到的NAS完整性算法,以及该UE的NAS完整性密钥,对第二RRC参数和获取到的NAS计数进行完整性保护,生成NAS-MAC,进而UE可以将UE生成的NAS-MAC和RRC连接释放消息中的NAS-MAC进行比较,当UE生成的NAS-MAC和RRC连接释放消息中的NAS-MAC相同时,UE可以确定NAS-MAC校验成功;当UE生成的NAS-MAC和RRC连接释放消息中的NAS-MAC不相同时,UE可以确定NAS-MAC校验失败。In a specific implementation, the UE may perform integrity protection on the second RRC parameter and the acquired NAS count based on the NAS integrity algorithm negotiated with the MME and the NAS integrity key of the UE, and generate a NAS-MAC. The UE may compare the NAS-MAC generated by the UE with the NAS-MAC in the RRC Connection Release message. When the NAS-MAC generated by the UE and the NAS-MAC in the RRC Connection Release message are the same, the UE may determine the NAS-MAC check. Successful; when the NAS-MAC generated by the UE and the NAS-MAC in the RRC Connection Release message are different, the UE may determine that the NAS-MAC check fails.

步骤S608:当NAS-MAC校验成功时,UE重定向到重定向信息所指示的目标基站。Step S608: When the NAS-MAC check succeeds, the UE redirects to the target base station indicated by the redirection information.

本发明实施例中的步骤S608具体可以参见实施例五中的步骤S507,本发明实施例不再赘述。For the step S608 in the embodiment of the present invention, reference may be made to the step S507 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.

步骤S609:当NAS-MAC校验失败时,UE断开与源基站之间的连接。Step S609: When the NAS-MAC check fails, the UE disconnects from the source base station.

本发明实施例中的步骤S609具体可以参见实施例五中的步骤S508,本发明实施例不再赘述。For the step S609 in the embodiment of the present invention, reference may be made to the step S508 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.

需要说明的是,重定向信息,重定向控制信息,PCI,第一RRC参数,第二RRC参数等均可以参见图2-4任一附图所示实施中的相关描述,不再赘述。 It should be noted that the redirection information, the redirection control information, the PCI, the first RRC parameter, the second RRC parameter, and the like may be referred to the related description in the implementation shown in any of the figures in FIG.

在图6所描述的方法中,MME根据NAS计数和RRC参数生成NAS-MAC,并在下行消息中带上NAS计数的部分比特位。由于NAS计数为NAS层的新鲜参数,可使每次生成的NAS-MAC各不相同,从而可以抵抗重放攻击。In the method described in FIG. 6, the MME generates a NAS-MAC according to the NAS count and the RRC parameters, and carries a partial bit of the NAS count in the downlink message. Since the NAS count is a fresh parameter of the NAS layer, the NAS-MACs generated each time are different, and thus can resist the replay attack.

基于图1所示的通信系统的架构示意图,请参见图7,图7是本发明另一实施例提供的一种通信方法,该方法包括但不限于如下步骤:FIG. 7 is a schematic diagram of a communication method according to another embodiment of the present invention. The method includes, but is not limited to, the following steps:

步骤S701:UE向源基站发送扩展服务请求消息。Step S701: The UE sends an extended service request message to the source base station.

本发明实施例中的步骤S701具体可以参见实施例五中的步骤S501,本发明实施例不再赘述。For the step S701 in the embodiment of the present invention, reference may be made to the step S501 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.

步骤S702:源基站根据扩展服务请求消息,向MME发送第一RRC参数。Step S702: The source base station sends the first RRC parameter to the MME according to the extended service request message.

本发明实施例中的步骤S702具体可以参见实施例五中的步骤S502,本发明实施例不再赘述。For the step S702 in the embodiment of the present invention, reference may be made to the step S502 in the fifth embodiment, which is not repeatedly described in the embodiment of the present invention.

步骤S703:MME根据UE的ASME密钥和NAS计数,获得衍生的NAS完整性密钥。Step S703: The MME obtains the derived NAS integrity key according to the ASME key of the UE and the NAS count.

具体实现中,MME可以通过预设的或者与UE协商得到的密钥衍生算法对UE的ASME密钥和NAS计数进行处理,得到衍生的NAS完整性密钥Kcsfb。In a specific implementation, the MME may process the ASME key and the NAS count of the UE by using a key derivation algorithm that is preset or negotiated with the UE to obtain a derived NAS integrity key Kcsfb.

在一个示例中,MME可以通过与UE协商得到的密钥衍生算法对UE的ASME密钥、NAS计数和第一预设常量进行处理,得到衍生的NAS完整性密钥Kcsfb。示例性的,第一预设常量可以是一个字符串,如“CSFB-INT”。In an example, the MME may process the ASME key, the NAS count, and the first preset constant of the UE by using a key derivation algorithm negotiated with the UE to obtain a derived NAS integrity key Kcsfb. Exemplarily, the first preset constant can be a string such as "CSFB-INT".

步骤S704:MME使用衍生的NAS完整性密钥对第二RRC参数进行完整性保护,生成NAS-MAC。Step S704: The MME performs integrity protection on the second RRC parameter by using the derived NAS integrity key to generate a NAS-MAC.

在一个示例中,MME接收到初始化UE消息之后,可以根据扩展服务请求消息决定进行CSFB,进而基于其与UE协商得到的NAS完整性算法,以及获得的衍生的NAS完整性密钥对第二RRC参数进行完整性保护,生成NAS-MAC。In an example, after receiving the initialization UE message, the MME may decide to perform CSFB according to the extended service request message, and further obtain a NAS integrity algorithm based on the negotiated NAS integrity algorithm, and obtain the derived NAS integrity key pair second RRC. The parameters are integrity protected and the NAS-MAC is generated.

其中,第二RRC参数可以为第一RRC参数的明文。The second RRC parameter may be the plaintext of the first RRC parameter.

步骤S705:MME向源基站发送NAS-MAC和NAS计数的部分比特位。Step S705: The MME sends partial bits of the NAS-MAC and NAS count to the source base station.

以源基站为eNB为例,MME可以向eNB发送UE上下文改变请求消息,UE上下文改变请求消息可以包括上述生成得到的NAS-MAC和NAS计数的部分比特位。示例性的,NAS计数的部分比特位可以为NAS计数的低3-8位。Taking the source base station as an eNB as an example, the MME may send a UE context change request message to the eNB, where the UE context change request message may include the generated NAS-MAC and a part of the bit counted by the NAS. Illustratively, the partial bits of the NAS count can be the lower 3-8 bits of the NAS count.

在一个示例中,UE上下文改变请求消息还可以包括第一预设常量。In one example, the UE context change request message may also include a first preset constant.

在另一个示例中,UE上下文改变请求消息还可以包括CSFB指示信息,CSFB指示信息用于指示源基站对UE执行CSFB。In another example, the UE Context Change Request message may further include CSFB indication information for indicating that the source base station performs CSFB on the UE.

步骤S706:源基站向UE发送RRC连接释放消息,RRC连接释放消息包括NAS-MAC、第二RRC参数和NAS计数的部分比特位。Step S706: The source base station sends an RRC connection release message to the UE, where the RRC connection release message includes a NAS-MAC, a second RRC parameter, and a partial bit of the NAS count.

在一个示例中,若UE上下文改变请求消息包括CSFB指示信息,则源基站可以响应该CSFB指示信息,向UE发送RRC连接释放消息,该RRC连接释放消息可以包括UE上下文改变请求消息中的NAS-MAC、第二RRC参数以及MME发送给源基站的NAS计数的部分比特位。In an example, if the UE context change request message includes CSFB indication information, the source base station may send an RRC connection release message to the UE in response to the CSFB indication information, where the RRC connection release message may include the NAS in the UE context change request message. The MAC, the second RRC parameter, and a partial bit of the NAS count sent by the MME to the source base station.

在另一个示例中,该RRC连接释放消息还可以包括第一预设常量。 In another example, the RRC Connection Release message may further include a first preset constant.

可选的,源基站可以根据UE上下文改变请求消息对第一RRC参数进行更新,则源基站可以将在步骤S702发送给MME的第一RRC参数和更新后的第一RRC参数进行比较,当在步骤S702发送给MME的第一RRC参数和更新后的第一RRC参数不相同时,源基站可以将更新后的第一RRC参数发送给MME,MME根据UE的ASME密钥和NAS计数,获得衍生的NAS完整性密钥,MME基于更新后的第一RRC参数得到更新后的第二RRC参数,并使用衍生的NAS完整性密钥对更新后的第二RRC参数进行完整性保护,生成更新后的NAS-MAC,源基站接收到MME发送的更新后的NAS-MAC之后,可以向UE发送RRC连接释放消息,RRC连接释放消息包括更新后的NAS-MAC、更新后的第二RRC参数和该NAS计数的部分比特位。当源基站未对第一RRC参数进行更新时,源基站可以确定第一RRC参数保持不变,即在步骤S702发送给MME的第一RRC参数和需要发送给UE的第二RRC参数相同,源基站可以向UE发送RRC连接释放消息,RRC连接释放消息包括MME在步骤S704生成的NAS-MAC和在步骤S702发送给MME的第一RRC参数。Optionally, the source eNB may update the first RRC parameter according to the UE context change request message, and the source eNB may compare the first RRC parameter sent to the MME in step S702 with the updated first RRC parameter, when When the first RRC parameter sent to the MME and the updated first RRC parameter are different, the source base station may send the updated first RRC parameter to the MME, and the MME obtains the derivative according to the ASME key and the NAS count of the UE. The NAS integrity key, the MME obtains the updated second RRC parameter based on the updated first RRC parameter, and performs integrity protection on the updated second RRC parameter by using the derived NAS integrity key, and generates an updated After receiving the updated NAS-MAC sent by the MME, the source base station may send an RRC connection release message to the UE, where the RRC connection release message includes the updated NAS-MAC, the updated second RRC parameter, and the Part of the bit counted by the NAS. When the source eNB does not update the first RRC parameter, the source eNB may determine that the first RRC parameter remains unchanged, that is, the first RRC parameter sent to the MME in step S702 is the same as the second RRC parameter that needs to be sent to the UE, and the source The base station may send an RRC connection release message to the UE, where the RRC connection release message includes the NAS-MAC generated by the MME in step S704 and the first RRC parameter sent to the MME in step S702.

步骤S707:UE根据NAS计数的部分比特位获取该NAS计数。Step S707: The UE acquires the NAS count according to part of the bits counted by the NAS.

本发明实施例中的步骤S707具体可以参见实施例六中的步骤S606,本发明实施例不再赘述。For the step S707 in the embodiment of the present invention, reference may be made to the step S606 in the sixth embodiment, which is not repeatedly described in the embodiment of the present invention.

步骤S708:UE使用该UE的ASME密钥和获取到的NAS计数,获得衍生的NAS完整性密钥。Step S708: The UE obtains the derived NAS integrity key by using the ASME key of the UE and the acquired NAS count.

具体实现中,UE可以通过预设的或者与MME协商得到的密钥衍生算法对自己的ASME密钥和获取到的NAS计数进行处理,得到衍生的NAS完整性密钥。In a specific implementation, the UE may process the ASME key and the acquired NAS count by using a key derivation algorithm that is preset or negotiated with the MME to obtain a derived NAS integrity key.

在一个示例中,UE可以通过与MME协商得到的密钥衍生算法对自己的ASME密钥、NAS计数和第一预设常量进行处理,得到衍生的NAS完整性密钥Kcsfb。In an example, the UE may process its ASME key, NAS count, and first preset constant by a key derivation algorithm negotiated with the MME to obtain a derived NAS integrity key Kcsfb.

步骤S709:UE使用获得的衍生的NAS完整性密钥和第二RRC参数,校验NAS-MAC。Step S709: The UE verifies the NAS-MAC by using the obtained derived NAS integrity key and the second RRC parameter.

具体实现中,UE可以基于其与MME协商得到的NAS完整性算法以及获得的衍生的NAS完整性密钥,对第二RRC参数进行完整性保护,生成NAS-MAC,进而UE可以将UE生成的NAS-MAC和RRC连接释放消息中的NAS-MAC进行比较,当UE生成的NAS-MAC和RRC连接释放消息中的NAS-MAC相同时,UE可以确定NAS-MAC校验成功;当UE生成的NAS-MAC和RRC连接释放消息中的NAS-MAC不相同时,UE可以确定NAS-MAC校验失败。In a specific implementation, the UE may perform integrity protection on the second RRC parameter based on the NAS integrity algorithm negotiated with the MME and the obtained derived NAS integrity key to generate a NAS-MAC, and then the UE may generate the UE. The NAS-MAC compares with the NAS-MAC in the RRC Connection Release message. When the NAS-MAC generated by the UE and the NAS-MAC in the RRC Connection Release message are the same, the UE may determine that the NAS-MAC check is successful; when the UE generates When the NAS-MAC in the NAS-MAC and the RRC Connection Release message are different, the UE may determine that the NAS-MAC check fails.

步骤S710:当NAS-MAC校验成功时,UE重定向到重定向信息所指示的目标基站。Step S710: When the NAS-MAC check succeeds, the UE redirects to the target base station indicated by the redirection information.

本发明实施例中的步骤S710具体可以参见实施例五中的步骤S507,本发明实施例不再赘述。For the step S710 in the embodiment of the present invention, reference may be made to the step S507 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.

步骤S711:当NAS-MAC校验失败时,UE断开与源基站之间的连接。Step S711: When the NAS-MAC check fails, the UE disconnects from the source base station.

本发明实施例中的步骤S711具体可以参见实施例五中的步骤S508,本发明实施例不再赘述。For the step S711 in the embodiment of the present invention, refer to the step S508 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.

需要说明的是,重定向信息,重定向控制信息,PCI,第一RRC参数,第二RRC参数等均可以参见图2-4任一附图所示实施中的相关描述,不再赘述。It should be noted that the redirection information, the redirection control information, the PCI, the first RRC parameter, the second RRC parameter, and the like may be referred to the related description in the implementation shown in any of the figures in FIG.

在图7所描述的方法中,MME根据UE的ASME密钥和NAS计数得到衍生的NAS完整性密钥,使用衍生的NAS完整性密钥对RRC参数进行完整性保护,获得NAS-MAC。 由于NAS计数为NAS层的新鲜参数,可使每次得到的衍生的NAS完整性密钥各不相同,导致每次生成的NAS-MAC也各不相同,从而可以抵抗重放攻击。In the method described in FIG. 7, the MME obtains the derived NAS integrity key according to the ASME key and the NAS count of the UE, and performs integrity protection on the RRC parameters using the derived NAS integrity key to obtain the NAS-MAC. Since the NAS count is a fresh parameter of the NAS layer, the derived NAS integrity keys obtained each time are different, resulting in different NAS-MACs generated each time, thereby being resistant to replay attacks.

基于图1所示的通信系统的架构示意图,请参见图8,图8是本发明另一实施例提供的一种通信方法,该方法包括但不限于如下步骤:FIG. 8 is a schematic diagram of a communication method according to another embodiment of the present invention. The method includes, but is not limited to, the following steps:

步骤S801:UE向源基站发送扩展服务请求消息。Step S801: The UE sends an extended service request message to the source base station.

本发明实施例中的步骤S801具体可以参见实施例五中的步骤S501,本发明实施例不再赘述。For the step S801 in the embodiment of the present invention, reference may be made to the step S501 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.

步骤S802:源基站根据扩展服务请求消息,向MME发送第一RRC参数。Step S802: The source base station sends the first RRC parameter to the MME according to the extended service request message.

本发明实施例中的步骤S802具体可以参见实施例五中的步骤S502,本发明实施例不再赘述。For the step S802 in the embodiment of the present invention, reference may be made to the step S502 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.

步骤S803:MME使用UE的NAS加密密钥对第一RRC参数进行加密,得到第二RRC参数。Step S803: The MME encrypts the first RRC parameter by using the NAS encryption key of the UE, to obtain a second RRC parameter.

在一个示例中,MME接收到初始化UE消息之后,可以根据扩展服务请求消息决定进行CSFB,进而基于其与UE协商得到的NAS机密性算法,以及该UE的NAS加密密钥Knas-enc,对源基站发送的第一RRC参数进行加密,得到第二RRC参数。In an example, after receiving the initialization UE message, the MME may decide to perform CSFB according to the extended service request message, and further base the algorithm based on the NAS confidentiality algorithm negotiated with the UE and the NAS encryption key Knas-enc of the UE. The first RRC parameter sent by the base station is encrypted to obtain a second RRC parameter.

其中,第二RRC参数可以为第一RRC参数的密文。The second RRC parameter may be a ciphertext of the first RRC parameter.

步骤S804:MME使用UE的NAS完整性密钥对第二RRC参数进行完整性保护,生成NAS-MAC。Step S804: The MME performs integrity protection on the second RRC parameter by using the NAS integrity key of the UE, and generates a NAS-MAC.

在一个示例中,MME可以基于其与UE协商得到的NAS完整性算法,以及该UE的NAS完整性密钥对第二RRC参数进行完整性保护,生成NAS-MAC。In an example, the MME may perform integrity protection on the second RRC parameter based on the NAS integrity algorithm negotiated with the UE and the NAS integrity key of the UE to generate a NAS-MAC.

在另一个示例中,MME可以基于其与UE协商得到的NAS完整性算法,以及该UE的NAS完整性密钥对第一RRC参数进行完整性保护,生成NAS-MAC。In another example, the MME may perform integrity protection on the first RRC parameters based on the NAS integrity algorithm negotiated with the UE and the NAS integrity key of the UE to generate a NAS-MAC.

步骤S805:MME向源基站发送NAS-MAC和第二RRC参数。Step S805: The MME sends the NAS-MAC and the second RRC parameter to the source base station.

步骤S806:源基站向UE发送RRC连接释放消息,RRC连接释放消息包括NAS-MAC和第二RRC参数。Step S806: The source base station sends an RRC connection release message to the UE, where the RRC connection release message includes a NAS-MAC and a second RRC parameter.

可选的,源基站可以根据UE上下文改变请求消息对第一RRC参数进行更新,则源基站可以将在步骤S802发送给MME的第一RRC参数和更新后的第一RRC参数进行比较,当在步骤S802发送给MME的第一RRC参数和更新后的第一RRC参数不相同时,源基站可以将更新后的第一RRC参数发送给MME,MME使用UE的NAS加密密钥对更新后的第一RRC参数进行加密,得到更新后的第二RRC参数,MME根据UE的NAS完整性密钥对更新后的第二RRC参数进行完整性保护,生成更新后的NAS-MAC,源基站接收到MME发送的更新后的NAS-MAC之后,可以向UE发送RRC连接释放消息,RRC连接释放消息包括更新后的NAS-MAC和更新后的第二RRC参数。当源基站未对第一RRC参数进行更新时,源基站可以确定第一RRC参数保持不变,即在步骤S802发送给MME的第一RRC参数所包含的信息和需要发送给UE的第二RRC参数所包含的信息相同,源基站可以向UE发送RRC连接释放消息,RRC连接释放消息包括MME在步骤S804生成的NAS-MAC和第二RRC参数。 Optionally, the source base station may update the first RRC parameter according to the UE context change request message, and the source base station may compare the first RRC parameter sent to the MME in step S802 with the updated first RRC parameter, when When the first RRC parameter sent to the MME in step S802 is different from the updated first RRC parameter, the source base station may send the updated first RRC parameter to the MME, and the MME uses the NAS encryption key pair of the UE to update the number. An RRC parameter is encrypted, and the updated second RRC parameter is obtained. The MME performs integrity protection on the updated second RRC parameter according to the NAS integrity key of the UE, generates an updated NAS-MAC, and the source base station receives the MME. After the updated NAS-MAC is sent, the RRC connection release message may be sent to the UE, where the RRC connection release message includes the updated NAS-MAC and the updated second RRC parameter. When the source eNB does not update the first RRC parameter, the source eNB may determine that the first RRC parameter remains unchanged, that is, the information included in the first RRC parameter sent to the MME in step S802 and the second RRC that needs to be sent to the UE. The information included in the parameter is the same, and the source base station may send an RRC connection release message to the UE, where the RRC connection release message includes the NAS-MAC and the second RRC parameter generated by the MME in step S804.

步骤S807:UE使用该UE的NAS完整性密钥和第二RRC参数,校验NAS-MAC。Step S807: The UE checks the NAS-MAC by using the NAS integrity key and the second RRC parameter of the UE.

具体实现中,UE可以基于其与MME协商得到的NAS完整性算法,以及该UE的NAS完整性密钥对第二RRC参数进行完整性保护,生成NAS-MAC,进而UE可以将UE生成的NAS-MAC和RRC连接释放消息中的NAS-MAC进行比较,当UE生成的NAS-MAC和RRC连接释放消息中的NAS-MAC相同时,UE可以确定NAS-MAC校验成功;当UE生成的NAS-MAC和RRC连接释放消息中的NAS-MAC不相同时,UE可以确定NAS-MAC校验失败。In a specific implementation, the UE may perform integrity protection on the second RRC parameter based on the NAS integrity algorithm negotiated with the MME and the NAS integrity key of the UE, and generate a NAS-MAC, and then the UE may generate the NAS by the UE. -MAC and NAS-MAC in the RRC Connection Release message are compared. When the NAS-MAC generated by the UE and the NAS-MAC in the RRC Connection Release message are the same, the UE may determine that the NAS-MAC check is successful; when the NAS generated by the UE When the MAC-MAC and the RRC Connection Release message are not the same, the UE may determine that the NAS-MAC check fails.

步骤S808:当NAS-MAC校验成功时,UE使用该UE的NAS加密密钥对第二RRC参数进行解密,得到重定向信息。Step S808: When the NAS-MAC check succeeds, the UE decrypts the second RRC parameter by using the NAS encryption key of the UE, to obtain redirection information.

当NAS-MAC校验成功时,UE可以基于其与MME协商得到的NAS机密性算法,以及该UE的NAS加密密钥,对第二RRC参数进行解密,得到重定向信息。When the NAS-MAC check succeeds, the UE may decrypt the second RRC parameter based on the NAS confidentiality algorithm negotiated with the MME and the NAS encryption key of the UE, to obtain redirection information.

步骤S809:UE重定向到重定向信息所指示的目标基站。Step S809: The UE redirects to the target base station indicated by the redirection information.

步骤S810:当NAS-MAC校验失败时,UE断开与源基站之间的连接。Step S810: When the NAS-MAC check fails, the UE disconnects from the source base station.

需要说明的是,重定向信息,重定向控制信息,PCI,第一RRC参数,第二RRC参数等均可以参见图2-4任一附图所示实施中的相关描述,不再赘述。It should be noted that the redirection information, the redirection control information, the PCI, the first RRC parameter, the second RRC parameter, and the like may be referred to the related description in the implementation shown in any of the figures in FIG.

在图8所描述的方法中,MME对源基站发送的第一RRC参数增加了加密保护,可避免第一RRC参数被伪造、篡改或者监听,提升第一RRC参数的安全性。In the method described in FIG. 8, the MME adds encryption protection to the first RRC parameter sent by the source base station, which can prevent the first RRC parameter from being forged, falsified or monitored, and improve the security of the first RRC parameter.

基于图1所示的通信系统的架构示意图,请参见图9,图9是本发明另一实施例提供的一种通信方法,该方法包括但不限于如下步骤:FIG. 9 is a schematic diagram of a communication method according to another embodiment of the present invention. The method includes, but is not limited to, the following steps:

步骤S901:UE向源基站发送扩展服务请求消息。Step S901: The UE sends an extended service request message to the source base station.

本发明实施例中的步骤S901具体可以参见实施例五中的步骤S501,本发明实施例不再赘述。For the step S901 in the embodiment of the present invention, reference may be made to the step S501 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.

步骤S902:源基站根据扩展服务请求消息,向MME发送第一RRC参数。Step S902: The source base station sends the first RRC parameter to the MME according to the extended service request message.

本发明实施例中的步骤S902具体可以参见实施例五中的步骤S502,本发明实施例不再赘述。For the step S902 in the embodiment of the present invention, reference may be made to the step S502 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.

步骤S903:MME使用UE的NAS加密密钥对第一RRC参数进行加密,得到第二RRC参数。Step S903: The MME encrypts the first RRC parameter by using the NAS encryption key of the UE, to obtain a second RRC parameter.

本发明实施例中的步骤S903具体可以参见实施例八中的步骤S803,本发明实施例不再赘述。For the step S903 in the embodiment of the present invention, reference may be made to the step S803 in the eighth embodiment, which is not described in detail in the embodiment of the present invention.

步骤S904:MME使用UE的NAS完整性密钥对第二RRC参数和NAS计数进行完整性保护,生成NAS-MAC。Step S904: The MME performs integrity protection on the second RRC parameter and the NAS count by using the NAS integrity key of the UE, and generates a NAS-MAC.

在一个示例中,MME可以基于其与UE协商得到的NAS完整性算法,以及该UE的NAS完整性密钥,对第二RRC参数和NAS计数进行完整性保护,生成NAS-MAC。In an example, the MME may perform integrity protection on the second RRC parameter and the NAS count based on the NAS integrity algorithm negotiated with the UE and the NAS integrity key of the UE to generate a NAS-MAC.

在另一个示例中,MME可以基于其与UE协商得到的NAS完整性算法,以及该UE的NAS完整性密钥,对第一RRC参数和NAS计数进行完整性保护,生成NAS-MAC。In another example, the MME may perform integrity protection on the first RRC parameters and the NAS count based on the NAS integrity algorithm negotiated with the UE and the NAS integrity key of the UE to generate a NAS-MAC.

步骤S905:MME向源基站发送NAS-MAC、第二RRC参数和NAS计数的部分比特位。 Step S905: The MME sends the NAS-MAC, the second RRC parameter, and part of the bit counted by the NAS to the source base station.

步骤S906:源基站向UE发送RRC连接释放消息,RRC连接释放消息包括NAS-MAC、第二RRC参数和NAS计数的部分比特位。Step S906: The source base station sends an RRC connection release message to the UE, where the RRC connection release message includes a NAS-MAC, a second RRC parameter, and a partial bit of the NAS count.

可选的,源基站可以根据UE上下文改变请求消息对第一RRC参数进行更新,则源基站可以将在步骤S902发送给MME的第一RRC参数和更新后的第一RRC参数进行比较,当在步骤S902发送给MME的第一RRC参数和更新后的第一RRC参数不相同时,源基站可以将更新后的第一RRC参数发送给MME,MME使用UE的NAS加密密钥对更新后的第一RRC参数进行加密,得到更新后的第二RRC参数,MME使用UE的NAS完整性密钥对更新后的第二RRC参数和NAS计数进行完整性保护,生成更新后的NAS-MAC,源基站接收到MME发送的更新后的NAS-MAC之后,可以向UE发送RRC连接释放消息,RRC连接释放消息包括更新后的NAS-MAC、更新后的第二RRC参数和该NAS计数的部分比特位。当源基站未对第一RRC参数进行更新时,源基站可以确定第一RRC参数保持不变,即在步骤S902发送给MME的第一RRC参数所包含的信息和需要发送给UE的第二RRC参数所包含的信息相同,源基站可以向UE发送RRC连接释放消息,RRC连接释放消息包括MME在步骤S904生成的NAS-MAC和第二RRC参数。Optionally, the source eNB may update the first RRC parameter according to the UE context change request message, and the source eNB may compare the first RRC parameter sent to the MME in step S902 with the updated first RRC parameter, when When the first RRC parameter sent to the MME in step S902 is different from the updated first RRC parameter, the source base station may send the updated first RRC parameter to the MME, and the MME uses the NAS encryption key pair of the UE to update the number. An RRC parameter is encrypted to obtain an updated second RRC parameter, and the MME performs integrity protection on the updated second RRC parameter and the NAS count by using the NAS integrity key of the UE to generate an updated NAS-MAC, the source base station. After receiving the updated NAS-MAC sent by the MME, the RRC connection release message may be sent to the UE, where the RRC connection release message includes the updated NAS-MAC, the updated second RRC parameter, and a partial bit of the NAS count. When the source eNB does not update the first RRC parameter, the source eNB may determine that the first RRC parameter remains unchanged, that is, the information included in the first RRC parameter sent to the MME in step S902 and the second RRC that needs to be sent to the UE. The information included in the parameter is the same, and the source base station may send an RRC connection release message to the UE, where the RRC connection release message includes the NAS-MAC and the second RRC parameter generated by the MME in step S904.

步骤S907:UE根据NAS计数的部分比特位获取该NAS计数。Step S907: The UE acquires the NAS count according to part of the bits counted by the NAS.

本发明实施例中的步骤S907具体可以参见实施例六中的步骤S606,本发明实施例不再赘述。For the step S907 in the embodiment of the present invention, reference may be made to the step S606 in the sixth embodiment, which is not described in detail in the embodiment of the present invention.

步骤S908:UE使用该UE的NAS完整性密钥、第二RRC参数和获取到的NAS计数,校验NAS-MAC。Step S908: The UE checks the NAS-MAC by using the NAS integrity key of the UE, the second RRC parameter, and the acquired NAS count.

具体实现中,UE可以基于其与MME协商得到的NAS完整性算法,以及该UE的NAS完整性密钥,对第二RRC参数和获取到的NAS计数进行完整性保护,生成NAS-MAC,进而UE可以将UE生成的NAS-MAC和RRC连接释放消息中的NAS-MAC进行比较,当UE生成的NAS-MAC和RRC连接释放消息中的NAS-MAC相同时,UE可以确定NAS-MAC校验成功;当UE生成的NAS-MAC和RRC连接释放消息中的NAS-MAC不相同时,UE可以确定NAS-MAC校验失败。In a specific implementation, the UE may perform integrity protection on the second RRC parameter and the acquired NAS count based on the NAS integrity algorithm negotiated with the MME and the NAS integrity key of the UE, and generate a NAS-MAC. The UE may compare the NAS-MAC generated by the UE with the NAS-MAC in the RRC Connection Release message. When the NAS-MAC generated by the UE and the NAS-MAC in the RRC Connection Release message are the same, the UE may determine the NAS-MAC check. Successful; when the NAS-MAC generated by the UE and the NAS-MAC in the RRC Connection Release message are different, the UE may determine that the NAS-MAC check fails.

步骤S909:当NAS-MAC校验成功时,UE使用该UE的NAS加密密钥对第二RRC参数进行解密,得到重定向信息。Step S909: When the NAS-MAC check succeeds, the UE decrypts the second RRC parameter by using the NAS encryption key of the UE, to obtain redirection information.

当NAS-MAC校验成功时,UE可以基于其与MME协商得到的NAS机密性算法,以及该UE的NAS加密密钥,对第二RRC参数进行解密,得到重定向信息。When the NAS-MAC check succeeds, the UE may decrypt the second RRC parameter based on the NAS confidentiality algorithm negotiated with the MME and the NAS encryption key of the UE, to obtain redirection information.

步骤S910:UE重定向到重定向信息所指示的目标基站。Step S910: The UE redirects to the target base station indicated by the redirection information.

步骤S911:当NAS-MAC校验失败时,UE断开与源基站之间的连接。Step S911: When the NAS-MAC check fails, the UE disconnects from the source base station.

需要说明的是,重定向信息,重定向控制信息,PCI,第一RRC参数,第二RRC参数等均可以参见图2-4任一附图所示实施中的相关描述,不再赘述。It should be noted that the redirection information, the redirection control information, the PCI, the first RRC parameter, the second RRC parameter, and the like may be referred to the related description in the implementation shown in any of the figures in FIG.

在图9所描述的方法中,MME对第一RRC参数增加了加密保护,可避免第一RRC参数被伪造、篡改或者监听,提升第一RRC参数的安全性,另外,MME根据NAS计数和第二RRC参数生成NAS-MAC,由于NAS计数为NAS层的新鲜参数,可使每次生成的NAS-MAC各不相同,从而可以抵抗重放攻击。 In the method described in FIG. 9, the MME adds encryption protection to the first RRC parameter, which can prevent the first RRC parameter from being forged, falsified or monitored, and improve the security of the first RRC parameter. In addition, the MME according to the NAS count and the number The second RRC parameter generates the NAS-MAC. Since the NAS count is a fresh parameter of the NAS layer, the NAS-MACs generated each time are different, so that the replay attack can be resisted.

基于图1所示的通信系统的架构示意图,请参见图10,图10是本发明另一实施例提供的一种通信方法,该方法包括但不限于如下步骤:FIG. 10 is a schematic diagram of a communication method according to another embodiment of the present invention. The method includes, but is not limited to, the following steps:

步骤S1001:UE向源基站发送扩展服务请求消息。Step S1001: The UE sends an extended service request message to the source base station.

本发明实施例中的步骤S1001具体可以参见实施例五中的步骤S501,本发明实施例不再赘述。For the step S1001 in the embodiment of the present invention, reference may be made to the step S501 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.

步骤S1002:源基站根据扩展服务请求消息,向MME发送第一RRC参数。Step S1002: The source base station sends a first RRC parameter to the MME according to the extended service request message.

本发明实施例中的步骤S1002具体可以参见实施例五中的步骤S502,本发明实施例不再赘述。For the step S1002 in the embodiment of the present invention, reference may be made to the step S502 in the fifth embodiment, which is not described in detail in the embodiment of the present invention.

步骤S1003:MME根据UE的ASME密钥和NAS计数,获得衍生的NAS完整性密钥和衍生的NAS加密密钥。Step S1003: The MME obtains the derived NAS integrity key and the derived NAS encryption key according to the ASME key and the NAS count of the UE.

具体实现中,MME可以通过预设的或其与UE协商得到的密钥衍生算法对该UE的ASME密钥和NAS计数进行处理,得到衍生的NAS完整性密钥Kcsfb-int和衍生的NAS加密密钥Kcsfb-enc。In a specific implementation, the MME may process the ASME key and the NAS count of the UE by using a key derivation algorithm that is preset or negotiated with the UE, to obtain a derived NAS integrity key Kcsfb-int and derived NAS encryption. Key Kcsfb-enc.

在一个示例中,MME可以通过其与UE协商得到的密钥衍生算法对该UE的ASME密钥、NAS计数和第二预设常量进行处理,得到衍生的NAS完整性密钥。示例性的,第二预设常量可以是一个字符串,如“CSFB-INT”。In an example, the MME may process the ASME key, the NAS count, and the second preset constant of the UE by using a key derivation algorithm negotiated with the UE to obtain a derived NAS integrity key. Exemplarily, the second preset constant can be a string such as "CSFB-INT".

在一个示例中,MME可以通过其与UE协商得到的密钥衍生算法对该UE的ASME密钥、NAS计数和第三预设常量进行处理,得到衍生的NAS加密密钥。示例性的,第三预设常量可以是一个字符串,如“CSFB-ENC”。In an example, the MME may process the ASME key, the NAS count, and the third preset constant of the UE by using a key derivation algorithm negotiated with the UE to obtain a derived NAS encryption key. Exemplarily, the third preset constant can be a string such as "CSFB-ENC".

步骤S1004:MME使用衍生的NAS加密密钥对第一RRC参数进行加密,得到第二RRC参数。Step S1004: The MME encrypts the first RRC parameter by using the derived NAS encryption key to obtain a second RRC parameter.

在一个示例中,MME接收到初始化UE消息之后,可以根据扩展服务请求消息决定进行CSFB,进而基于与UE协商得到的NAS机密性算法,使用衍生的NAS加密密钥对第一RRC参数进行加密,得到第二RRC参数。In an example, after receiving the initialization UE message, the MME may decide to perform CSFB according to the extended service request message, and then encrypt the first RRC parameter by using the derived NAS encryption key based on the NAS confidentiality algorithm negotiated with the UE. A second RRC parameter is obtained.

其中,第二RRC参数可以为第一RRC参数的密文。The second RRC parameter may be a ciphertext of the first RRC parameter.

步骤S1005:MME使用衍生的NAS完整性密钥对第二RRC参数进行完整性保护,生成NAS-MAC。Step S1005: The MME performs integrity protection on the second RRC parameter by using the derived NAS integrity key to generate a NAS-MAC.

MME可以基于其与UE协商得到的NAS完整性算法,以及衍生的NAS完整性密钥,对第二RRC参数进行完整性保护,生成NAS-MAC。The MME may perform integrity protection on the second RRC parameter based on the NAS integrity algorithm negotiated with the UE and the derived NAS integrity key to generate a NAS-MAC.

步骤S1006:MME向源基站发送NAS-MAC、第二RRC参数和NAS计数的部分比特位。Step S1006: The MME sends the NAS-MAC, the second RRC parameter, and part of the bit counted by the NAS to the source base station.

步骤S1007:源基站向UE发送RRC连接释放消息,RRC连接释放消息包括NAS-MAC、第二RRC参数和NAS计数的部分比特位。Step S1007: The source base station sends an RRC connection release message to the UE, where the RRC connection release message includes a NAS-MAC, a second RRC parameter, and a partial bit of the NAS count.

可选的,源基站可以根据UE上下文改变请求消息对第一RRC参数进行更新,则源基站可以将在步骤S1002发送给MME的第一RRC参数和更新后的第一RRC参数进行比较,当在步骤S1002发送给MME的第一RRC参数和更新后的第一RRC参数不相同时,源基站可以将更新后的第一RRC参数发送给MME,MME根据UE的ASME密钥和NAS计数,获得衍生的NAS完整性密钥和衍生的NAS加密密钥,MME使用衍生的NAS加密密钥对 更新后的第一RRC参数进行加密,得到更新后的第二RRC参数,MME使用衍生的NAS完整性密钥对更新后的第二RRC参数进行完整性保护,生成更新后的NAS-MAC,源基站接收到MME发送的更新后的NAS-MAC之后,可以向UE发送RRC连接释放消息,RRC连接释放消息包括更新后的NAS-MAC、更新后的第二RRC参数和该NAS计数的部分比特位。当源基站未对第一RRC参数进行更新时,源基站可以确定第一RRC参数保持不变,即在步骤S1002发送给MME的第一RRC参数所包含的信息和需要发送给UE的第二RRC参数所包含的信息相同,源基站可以向UE发送RRC连接释放消息,RRC连接释放消息包括MME在步骤S1005生成的NAS-MAC和第二RRC参数。Optionally, the source eNB may update the first RRC parameter according to the UE context change request message, and the source eNB may compare the first RRC parameter sent to the MME in step S1002 with the updated first RRC parameter, when When the first RRC parameter sent to the MME and the updated first RRC parameter are different, the source base station may send the updated first RRC parameter to the MME, and the MME obtains the derivative according to the ASME key and the NAS count of the UE. NAS integrity key and derived NAS encryption key, MME uses derived NAS encryption key pair The updated first RRC parameter is encrypted to obtain the updated second RRC parameter, and the MME performs integrity protection on the updated second RRC parameter by using the derived NAS integrity key to generate an updated NAS-MAC, source. After receiving the updated NAS-MAC sent by the MME, the base station may send an RRC connection release message to the UE, where the RRC connection release message includes the updated NAS-MAC, the updated second RRC parameter, and some bits of the NAS count. . When the source eNB does not update the first RRC parameter, the source eNB may determine that the first RRC parameter remains unchanged, that is, the information included in the first RRC parameter sent to the MME in step S1002 and the second RRC that needs to be sent to the UE. The information included in the parameter is the same, and the source base station may send an RRC connection release message to the UE, where the RRC connection release message includes the NAS-MAC and the second RRC parameter generated by the MME in step S1005.

步骤S1008:UE根据NAS计数的部分比特位获取该NAS计数。Step S1008: The UE acquires the NAS count according to part of the bits counted by the NAS.

本发明实施例中的步骤S1008具体可以参见实施例六中的步骤S606,本发明实施例不再赘述。For the step S1008 in the embodiment of the present invention, reference may be made to the step S606 in the sixth embodiment, which is not described in detail in the embodiment of the present invention.

步骤S1009:UE使用该UE的ASME密钥和获取到的NAS计数,获得衍生的NAS完整性密钥和衍生的NAS加密密钥。Step S1009: The UE obtains the derived NAS integrity key and the derived NAS encryption key by using the ASME key of the UE and the acquired NAS count.

具体实现中,UE可以通过预设的或其与MME协商得到的密钥衍生算法对该UE的ASME密钥和获取到的NAS计数进行处理,得到衍生的NAS完整性密钥和衍生的NAS加密密钥。In a specific implementation, the UE may process the ASME key of the UE and the obtained NAS count by using a preset key derivation algorithm negotiated with the MME to obtain a derived NAS integrity key and derived NAS encryption. Key.

在一个示例中,UE可以通过其与MME协商得到的密钥衍生算法对该UE的ASME密钥、获取到的NAS计数和第二预设常量进行处理,得到衍生的NAS完整性密钥。In an example, the UE may process the ASME key of the UE, the obtained NAS count, and the second preset constant by using a key derivation algorithm negotiated with the MME to obtain a derived NAS integrity key.

在一个示例中,UE可以通过其与MME协商得到的密钥衍生算法对该UE的ASME密钥、获取到的NAS计数和第三预设常量进行处理,得到衍生的NAS加密密钥。In an example, the UE may process the ASME key of the UE, the obtained NAS count, and the third preset constant by using a key derivation algorithm negotiated with the MME to obtain a derived NAS encryption key.

步骤S1010:UE使用获得的衍生的NAS完整性密钥和第二RRC参数,校验NAS-MAC。Step S1010: The UE verifies the NAS-MAC by using the obtained derived NAS integrity key and the second RRC parameter.

具体实现中,UE可以基于其与MME协商得到的NAS完整性算法,使用获得的衍生的NAS完整性密钥对第二RRC参数进行完整性保护,生成NAS-MAC,进而UE可以将UE生成的NAS-MAC和RRC连接释放消息中的NAS-MAC进行比较,当UE生成的NAS-MAC和RRC连接释放消息中的NAS-MAC相同时,UE可以确定NAS-MAC校验成功;当UE生成的NAS-MAC和RRC连接释放消息中的NAS-MAC不相同时,UE可以确定NAS-MAC校验失败。In a specific implementation, the UE may perform integrity protection on the second RRC parameter by using the obtained NAS integrity key based on the NAS integrity algorithm negotiated with the MME to generate a NAS-MAC, and then the UE may generate the UE. The NAS-MAC compares with the NAS-MAC in the RRC Connection Release message. When the NAS-MAC generated by the UE and the NAS-MAC in the RRC Connection Release message are the same, the UE may determine that the NAS-MAC check is successful; when the UE generates When the NAS-MAC in the NAS-MAC and the RRC Connection Release message are different, the UE may determine that the NAS-MAC check fails.

步骤S1011:当NAS-MAC校验成功时,UE使用获得的衍生的NAS加密密钥对第二RRC参数进行解密,得到重定向信息。Step S1011: When the NAS-MAC check succeeds, the UE decrypts the second RRC parameter by using the obtained derived NAS encryption key to obtain redirection information.

当NAS-MAC校验成功时,UE可以基于其与MME协商得到的NAS机密性算法,使用获得的衍生的NAS加密密钥对第二RRC参数进行解密,得到重定向信息。When the NAS-MAC check succeeds, the UE may decrypt the second RRC parameter by using the obtained NAS encryption key based on the NAS confidentiality algorithm negotiated with the MME to obtain the redirection information.

步骤S1012:UE重定向到重定向信息所指示的目标基站。Step S1012: The UE redirects to the target base station indicated by the redirection information.

步骤S1013:当NAS-MAC校验失败时,UE断开与源基站之间的连接。Step S1013: When the NAS-MAC check fails, the UE disconnects from the source base station.

在图10所描述的方法中,MME对第一RRC参数增加了加密保护,可避免第一RRC参数被伪造、篡改或者监听,提升第一RRC参数的安全性,另外,MME根据UE的ASME密钥和NAS计数得到衍生的NAS完整性密钥和衍生的NAS加密密钥,使用衍生的NAS加密密钥对第一RRC参数进行加密,得到第二RRC参数,使用衍生的NAS完整性密钥对第二RRC参数进行完整性保护,获得NAS-MAC,由于NAS计数为NAS层的新鲜参数, 可使每次得到的衍生的NAS完整性密钥和衍生的NAS加密密钥各不相同,导致每次生成的NAS-MAC也各不相同,从而可以抵抗重放攻击。In the method described in FIG. 10, the MME adds encryption protection to the first RRC parameter, which can prevent the first RRC parameter from being forged, falsified or intercepted, and improve the security of the first RRC parameter. In addition, the MME is based on the ASME of the UE. The key and NAS counts the derived NAS integrity key and the derived NAS encryption key, and the first RRC parameter is encrypted using the derived NAS encryption key to obtain a second RRC parameter, using the derived NAS integrity key pair. The second RRC parameter performs integrity protection to obtain NAS-MAC. Since the NAS count is a fresh parameter of the NAS layer, The derived NAS integrity key and the derived NAS encryption key obtained each time are different, resulting in different NAS-MACs generated each time, thereby being resistant to replay attacks.

上述详细阐述了本发明实施例的方法,下面提供了本发明实施例的装置。The above describes the method of the embodiment of the present invention in detail, and the apparatus of the embodiment of the present invention is provided below.

请参见图11,图11是本发明实施例提供的一种通信装置的结构示意图,该通信装置可以包括接收模块1101以及发送模块1102,其中,各个模块的详细描述如下。Referring to FIG. 11, FIG. 11 is a schematic structural diagram of a communication apparatus according to an embodiment of the present invention. The communication apparatus may include a receiving module 1101 and a sending module 1102. The detailed description of each module is as follows.

接收模块1101,用于从用户设备接收扩展服务请求消息。The receiving module 1101 is configured to receive an extended service request message from the user equipment.

发送模块1102,用于根据所述扩展服务请求消息,向MME发送第一RRC参数,所述第一RRC参数包括重定向信息,所述重定向信息用于指示所述用户设备重定向的目标基站。The sending module 1102 is configured to send, according to the extended service request message, a first RRC parameter to the MME, where the first RRC parameter includes redirection information, where the redirection information is used to indicate a target base station that is redirected by the user equipment. .

所述接收模块1101,还用于从所述MME接收NAS-MAC。The receiving module 1101 is further configured to receive a NAS-MAC from the MME.

所述发送模块1102,还用于向所述用户设备发送RRC连接释放消息,所述RRC连接释放消息包括所述NAS-MAC和第二RRC参数,所述第二RRC参数为所述NAS-MAC的生成参数,所述第二RRC参数包括所述第一RRC参数的明文或密文。The sending module 1102 is further configured to send an RRC connection release message to the user equipment, where the RRC connection release message includes the NAS-MAC and a second RRC parameter, and the second RRC parameter is the NAS-MAC a generating parameter, where the second RRC parameter includes a plaintext or a ciphertext of the first RRC parameter.

可选的,所述RRC连接释放消息还包括NAS计数的部分比特位,则所述接收模块1101,还用于所述发送模块1102向所述MME发送所述第一RRC参数之后,从所述MME接收所述NAS计数的部分比特位。Optionally, the RRC connection release message further includes a partial bit of the NAS, and the receiving module 1101 is further configured to: after the sending, the module 1102 sends the first RRC parameter to the MME, The MME receives a partial bit of the NAS count.

可选的,所述第二RRC参数包括所述第一RRC参数的密文,则所述接收模块1101,还用于从所述MME接收所述第二RRC参数。Optionally, the second RRC parameter includes the ciphertext of the first RRC parameter, and the receiving module 1101 is further configured to receive the second RRC parameter from the MME.

需要说明的是,本发明实施例可具体参见图2、5~10所示实施例的相关描述,不再赘述。It should be noted that the embodiments of the present invention may be specifically referred to the related descriptions of the embodiments shown in FIG. 2 and FIG.

在图11所描述的通信装置中,接收模块1101从用户设备接收扩展服务请求消息,发送模块1102根据所述扩展服务请求消息,向MME发送第一RRC参数,所述第一RRC参数包括重定向信息,接收模块1101从所述MME接收NAS-MAC,发送模块1102向所述用户设备发送RRC连接释放消息,所述RRC连接释放消息包括所述NAS-MAC和第二RRC参数,可对源基站进行身份识别,提高用户设备执行CSFB的安全性。In the communication device described in FIG. 11, the receiving module 1101 receives an extended service request message from the user equipment, and the sending module 1102 sends a first RRC parameter to the MME according to the extended service request message, where the first RRC parameter includes redirection. The information receiving module 1101 receives the NAS-MAC from the MME, and the sending module 1102 sends an RRC connection release message to the user equipment, where the RRC connection release message includes the NAS-MAC and the second RRC parameter, and may be used by the source base station. Identification is performed to improve the security of the user equipment performing CSFB.

请参见图12,图12是本发明实施例提供的一种基站,该基站包括处理器1201、存储器1202以及收发器1203,所述处理器1201、存储器1202以及收发器1203通过总线相互连接。Referring to FIG. 12, FIG. 12 is a base station according to an embodiment of the present invention. The base station includes a processor 1201, a memory 1202, and a transceiver 1203. The processor 1201, the memory 1202, and the transceiver 1203 are connected to each other through a bus.

存储器1202包括但不限于是随机存储记忆体(Random Access Memory,RAM)、只读存储器(Read-Only Memory,ROM)、可擦除可编程只读存储器(Erasable Programmable Read Only Memory,EPROM)、或便携式只读存储器(Compact Disc Read-Only Memory,CD-ROM),该存储器1202用于存储相关指令及数据,例如扩展服务请求消息、用户设备的第一RRC参数等。收发器1203用于接收和发送数据,例如从用户设备接收扩展服务请求消息,或者向MME发送第一RRC参数等。The memory 1202 includes, but is not limited to, a random access memory (RAM), a read-only memory (ROM), an Erasable Programmable Read Only Memory (EPROM), or A Compact Disc Read-Only Memory (CD-ROM) for storing related instructions and data, such as an extended service request message, a first RRC parameter of the user equipment, and the like. The transceiver 1203 is configured to receive and transmit data, for example, receive an extended service request message from a user equipment, or send a first RRC parameter or the like to the MME.

处理器1201可以是一个或多个中央处理器(Central Processing Unit,CPU),或者一个或多个微控制单元(Microcontroller Unit,MCU)。在处理器1201是一个CPU的情况下,该CPU可以是单核CPU,也可以是多核CPU。其中,处理器1201可结合图11所示的通 信装置。The processor 1201 may be one or more Central Processing Units (CPUs) or one or more Microcontroller Units (MCUs). In the case where the processor 1201 is a CPU, the CPU may be a single core CPU or a multi-core CPU. The processor 1201 can be combined with the communication shown in FIG. Letter device.

该基站中的处理器1201用于读取所述存储器1202中存储的程序代码,执行以下操作:The processor 1201 in the base station is configured to read the program code stored in the memory 1202 and perform the following operations:

通过收发器1203从用户设备接收扩展服务请求消息;Receiving an extended service request message from the user equipment through the transceiver 1203;

根据扩展服务请求消息,通过收发器1203向MME发送第一RRC参数,所述第一RRC参数包括重定向信息,所述重定向信息用于指示所述用户设备重定向的目标基站;Transmitting, by the transceiver 1203, the first RRC parameter to the MME according to the extended service request message, where the first RRC parameter includes redirection information, where the redirection information is used to indicate a target base station that is redirected by the user equipment;

通过收发器1203从所述MME接收NAS-MAC;Receiving a NAS-MAC from the MME through the transceiver 1203;

通过收发器1203向所述用户设备发送RRC连接释放消息,所述RRC连接释放消息包括所述NAS-MAC和第二RRC参数,所述第二RRC参数为所述NAS-MAC的生成参数,所述第二RRC参数包括所述第一RRC参数的明文或密文。Transmitting, by the transceiver 1203, an RRC connection release message to the user equipment, where the RRC connection release message includes the NAS-MAC and a second RRC parameter, where the second RRC parameter is a generation parameter of the NAS-MAC, where The second RRC parameter includes a plaintext or a ciphertext of the first RRC parameter.

可选的,所述RRC连接释放消息还包括NAS计数的部分比特位,处理器1201通过收发器1203向MME发送所述第一RRC参数之后,还可以执行以下操作:Optionally, the RRC connection release message further includes a partial bit of the NAS, and after the processor 1201 sends the first RRC parameter to the MME by using the transceiver 1203, the following operations may also be performed:

通过收发器1203从所述MME接收所述NAS计数的部分比特位。A portion of the bits of the NAS count is received from the MME by the transceiver 1203.

可选的,所述第二RRC参数包括所述第一RRC参数的密文,处理器1201通过收发器1203还可以执行以下操作:从所述MME接收所述第二RRC参数。Optionally, the second RRC parameter includes the ciphertext of the first RRC parameter, and the processor 1201 may further perform, by using the transceiver 1203, the following: receiving the second RRC parameter from the MME.

需要说明的是,本发明实施例可具体参见图2、5~10所示实施例的相关描述,不再赘述。It should be noted that the embodiments of the present invention may be specifically referred to the related descriptions of the embodiments shown in FIG. 2 and FIG.

在图12所描述的基站中,处理器1201通过收发器1203从用户设备接收扩展服务请求消息,根据扩展服务请求消息,向MME发送第一RRC参数,第一RRC参数包括重定向信息,从MME接收NAS-MAC,向用户设备发送RRC连接释放消息,RRC连接释放消息包括NAS-MAC和第二RRC参数,可对该基站进行身份识别,提高用户设备执行CSFB的安全性。In the base station depicted in FIG. 12, the processor 1201 receives an extended service request message from the user equipment through the transceiver 1203, and sends a first RRC parameter to the MME according to the extended service request message, where the first RRC parameter includes redirection information, from the MME. Receiving the NAS-MAC, sending an RRC connection release message to the user equipment, where the RRC connection release message includes a NAS-MAC and a second RRC parameter, and the base station can be identified to improve the security of the user equipment to perform CSFB.

请参见图13,图13是本发明实施例提供的一种通信装置的结构示意图,该通信装置可以包括发送模块1301、接收模块1302、校验模块1303以及定向模块1304,其中,各个模块的详细描述如下。Referring to FIG. 13, FIG. 13 is a schematic structural diagram of a communication apparatus according to an embodiment of the present invention. The communication apparatus may include a sending module 1301, a receiving module 1302, a checking module 1303, and an orientation module 1304, where details of each module are provided. Described as follows.

发送模块1301,用于向源基站发送扩展服务请求消息。The sending module 1301 is configured to send an extended service request message to the source base station.

接收模块1302,用于接收所述源基站发送的RRC连接释放消息,所述RRC连接释放消息包括NAS-MAC和第二RRC参数,所述第二RRC参数为所述NAS-MAC的生成参数,所述第二RRC参数包括重定向信息。The receiving module 1302 is configured to receive an RRC connection release message sent by the source base station, where the RRC connection release message includes a NAS-MAC and a second RRC parameter, where the second RRC parameter is a generation parameter of the NAS-MAC, The second RRC parameter includes redirection information.

校验模块1303,用于根据所述通信装置的NAS完整性密钥和所述第二RRC参数,校验所述NAS-MAC。The verification module 1303 is configured to check the NAS-MAC according to the NAS integrity key of the communication device and the second RRC parameter.

定向模块1304,用于当所述NAS-MAC校验成功时,重定向到所述重定向信息所指示的目标基站。The directional module 1304 is configured to redirect to the target base station indicated by the redirection information when the NAS-MAC check succeeds.

可选的,所述RRC连接释放消息还包括NAS计数的部分比特位。Optionally, the RRC connection release message further includes a partial bit of the NAS count.

可选的,所述校验模块1303,具体用于:Optionally, the verification module 1303 is specifically configured to:

根据所述NAS计数的部分比特位,获取所述NAS计数;Obtaining the NAS count according to a part of the bits counted by the NAS;

根据所述NAS完整性密钥、所述第二RRC参数以及所述NAS计数,校验所述NAS-MAC。 The NAS-MAC is verified according to the NAS integrity key, the second RRC parameter, and the NAS count.

可选的,当所述第二RRC参数为密文时,所述定向模块1304,具体用于:Optionally, when the second RRC parameter is a ciphertext, the directional module 1304 is specifically configured to:

使用所述通信装置的NAS加密密钥对所述第二RRC参数进行解密,获得所述重定向信息;Decrypting the second RRC parameter by using a NAS encryption key of the communication device to obtain the redirection information;

重定向到所述重定向信息所指示的目标基站。Redirected to the target base station indicated by the redirect information.

可选的,所述校验模块1303,具体用于:Optionally, the verification module 1303 is specifically configured to:

根据所述NAS计数的部分比特位,获取所述NAS计数;Obtaining the NAS count according to a part of the bits counted by the NAS;

根据所述通信装置的ASME密钥和所述NAS计数,获得衍生的NAS完整性密钥;Obtaining a derived NAS integrity key according to an ASME key of the communication device and the NAS count;

根据所述衍生的NAS完整性密钥和所述第二RRC参数,校验所述NAS-MAC。The NAS-MAC is verified according to the derived NAS integrity key and the second RRC parameter.

可选的,当所述第二RRC参数为密文时,所述定向模块1304,具体用于:Optionally, when the second RRC parameter is a ciphertext, the directional module 1304 is specifically configured to:

根据所述通信装置的ASME密钥和所述NAS计数,获得衍生的NAS加密密钥;Obtaining a derived NAS encryption key according to an ASME key of the communication device and the NAS count;

使用所述衍生的NAS加密密钥对所述第二RRC参数进行解密,获得所述重定向信息;Decrypting the second RRC parameter by using the derived NAS encryption key to obtain the redirection information;

重定向到所述重定向信息所指示的目标基站。Redirected to the target base station indicated by the redirect information.

可选的,本发明实施例中的通信装置还可以包括:Optionally, the communications apparatus in the embodiment of the present invention may further include:

断开模块1305,用于当所述NAS-MAC校验失败时,断开与所述源基站之间的连接。The disconnection module 1305 is configured to disconnect the connection with the source base station when the NAS-MAC check fails.

需要说明的是,本发明实施例可具体参见图3、5~10所示实施例的相关描述,不再赘述。It should be noted that the embodiments of the present invention may be specifically referred to the related descriptions of the embodiments shown in FIG. 3 and FIG. 5 to FIG. 10, and details are not described herein again.

在图13所描述的通信装置中,发送模块1301向源基站发送扩展服务请求消息,接收模块1302接收源基站发送的RRC连接释放消息,RRC连接释放消息包括NAS-MAC和第二RRC参数,第二RRC参数包括重定向信息,校验模块1303根据通信装置的NAS完整性密钥和第二RRC参数,校验NAS-MAC,当NAS-MAC校验成功时,定向模块1304重定向到重定向信息所指示的目标基站,可对源基站进行身份识别,提高用户设备执行CSFB的安全性。In the communication device described in FIG. 13, the sending module 1301 sends an extended service request message to the source base station, and the receiving module 1302 receives the RRC connection release message sent by the source base station, where the RRC connection release message includes the NAS-MAC and the second RRC parameter, The second RRC parameter includes redirection information, and the verification module 1303 checks the NAS-MAC according to the NAS integrity key and the second RRC parameter of the communication device. When the NAS-MAC check succeeds, the orientation module 1304 redirects to the redirect. The target base station indicated by the information can identify the source base station and improve the security of the user equipment to perform CSFB.

请参见图14,图14是本发明实施例提供的一种用户设备,该用户设备包括处理器1401、存储器1402以及收发器1403,所述处理器1401、存储器1402以及收发器1403通过总线相互连接。Referring to FIG. 14, FIG. 14 is a user equipment, where the user equipment includes a processor 1401, a memory 1402, and a transceiver 1403. The processor 1401, the memory 1402, and the transceiver 1403 are connected to each other through a bus. .

存储器1402包括但不限于是RAM、ROM、EPROM、或CD-ROM,该存储器1402用于存储相关指令及数据,例如NAS-MAC、第二RRC参数等。收发器1403用于接收和发送数据,例如向源基站发送扩展服务请求消息,或者接收源基站发送的RRC连接释放消息等。The memory 1402 includes, but is not limited to, a RAM, a ROM, an EPROM, or a CD-ROM for storing related instructions and data, such as NAS-MAC, second RRC parameters, and the like. The transceiver 1403 is configured to receive and send data, for example, send an extended service request message to the source base station, or receive an RRC connection release message sent by the source base station, and the like.

处理器1401可以是一个或多个CPU,或者一个或多个MCU。在处理器1401是一个CPU的情况下,该CPU可以是单核CPU,也可以是多核CPU。其中,处理器1401可结合图13所示的通信装置。The processor 1401 may be one or more CPUs, or one or more MCUs. In the case where the processor 1401 is a CPU, the CPU may be a single core CPU or a multi-core CPU. The processor 1401 can be combined with the communication device shown in FIG.

该用户设备中的处理器1401用于读取所述存储器1402中存储的程序代码,执行以下操作:The processor 1401 in the user equipment is configured to read the program code stored in the memory 1402 and perform the following operations:

通过收发器1403向源基站发送扩展服务请求消息。An extended service request message is sent to the source base station through the transceiver 1403.

通过收发器1403接收所述源基站发送的RRC连接释放消息,所述RRC连接释放消息包括NAS-MAC和第二RRC参数,所述第二RRC参数为所述NAS-MAC的生成参数,所 述第二RRC参数包括重定向信息。Receiving, by the transceiver 1403, an RRC connection release message sent by the source base station, where the RRC connection release message includes a NAS-MAC and a second RRC parameter, where the second RRC parameter is a generation parameter of the NAS-MAC, where The second RRC parameter includes redirection information.

根据所述用户设备的NAS完整性密钥和所述第二RRC参数,校验所述NAS-MAC。And verifying the NAS-MAC according to the NAS integrity key of the user equipment and the second RRC parameter.

当所述NAS-MAC校验成功时,重定向到所述重定向信息所指示的目标基站。When the NAS-MAC check succeeds, it is redirected to the target base station indicated by the redirect information.

可选的,所述RRC连接释放消息还包括NAS计数的部分比特位。Optionally, the RRC connection release message further includes a partial bit of the NAS count.

可选的,处理器1401根据所述用户设备的NAS完整性密钥和所述第二RRC参数,校验所述NAS-MAC,具体可以为:Optionally, the processor 1401 verifies the NAS-MAC according to the NAS integrity key of the user equipment and the second RRC parameter, where specifically:

根据所述NAS计数的部分比特位,获取所述NAS计数;Obtaining the NAS count according to a part of the bits counted by the NAS;

根据所述NAS完整性密钥、所述第二RRC参数以及所述NAS计数,校验所述NAS-MAC。The NAS-MAC is verified according to the NAS integrity key, the second RRC parameter, and the NAS count.

可选的,当所述第二RRC参数为密文时,处理器1401重定向到所述重定向信息所指示的目标基站,具体可以为:Optionally, when the second RRC parameter is a ciphertext, the processor 1401 is redirected to the target base station indicated by the redirection information, which may be:

使用所述用户设备的NAS加密密钥对所述第二RRC参数进行解密,获得所述重定向信息;Decrypting the second RRC parameter by using a NAS encryption key of the user equipment, to obtain the redirection information;

重定向到所述重定向信息所指示的目标基站。Redirected to the target base station indicated by the redirect information.

可选的,处理器1401根据所述用户设备的NAS完整性密钥和所述第二RRC参数,校验所述NAS-MAC,具体可以为:Optionally, the processor 1401 verifies the NAS-MAC according to the NAS integrity key of the user equipment and the second RRC parameter, where specifically:

根据所述NAS计数的部分比特位,获取所述NAS计数;Obtaining the NAS count according to a part of the bits counted by the NAS;

根据所述用户设备的ASME密钥和所述NAS计数,获得衍生的NAS完整性密钥;Obtaining a derived NAS integrity key according to the ASME key of the user equipment and the NAS count;

根据所述衍生的NAS完整性密钥和所述第二RRC参数,校验所述NAS-MAC。The NAS-MAC is verified according to the derived NAS integrity key and the second RRC parameter.

可选的,当所述第二RRC参数为密文时,处理器1401重定向到所述重定向信息所指示的目标基站,具体可以为:Optionally, when the second RRC parameter is a ciphertext, the processor 1401 is redirected to the target base station indicated by the redirection information, which may be:

根据所述用户设备的ASME密钥和所述NAS计数,获得衍生的NAS加密密钥;Obtaining a derived NAS encryption key according to the ASME key of the user equipment and the NAS count;

使用所述衍生的NAS加密密钥对所述第二RRC参数进行解密,获得所述重定向信息;Decrypting the second RRC parameter by using the derived NAS encryption key to obtain the redirection information;

重定向到所述重定向信息所指示的目标基站。Redirected to the target base station indicated by the redirect information.

可选的,处理器1401还可以执行以下操作:Optionally, the processor 1401 can also perform the following operations:

当所述NAS-MAC校验失败时,断开与所述源基站之间的连接。When the NAS-MAC check fails, the connection with the source base station is disconnected.

需要说明的是,本发明实施例可具体参见图3、5~10所示实施例的相关描述,不再赘述。It should be noted that the embodiments of the present invention may be specifically referred to the related descriptions of the embodiments shown in FIG. 3 and FIG. 5 to FIG. 10, and details are not described herein again.

在图14所描述的用户设备中,处理器1401通过收发器1403向源基站发送扩展服务请求消息,接收源基站发送的RRC连接释放消息,RRC连接释放消息包括NAS-MAC和第二RRC参数,第二RRC参数包括重定向信息,根据用户设备的NAS完整性密钥和第二RRC参数,校验NAS-MAC,当NAS-MAC校验成功时,重定向到重定向信息所指示的目标基站,可对源基站进行身份识别,提高用户设备执行CSFB的安全性。In the user equipment described in FIG. 14, the processor 1401 sends an extended service request message to the source base station by using the transceiver 1403, and receives an RRC connection release message sent by the source base station, where the RRC connection release message includes a NAS-MAC and a second RRC parameter. The second RRC parameter includes redirection information, and the NAS-MAC is verified according to the NAS integrity key and the second RRC parameter of the user equipment, and when the NAS-MAC verification is successful, the target base station indicated by the redirection information is redirected. The source base station can be identified to improve the security of the user equipment to perform CSFB.

请参见图15,图15是本发明另一实施例提供的一种通信装置的结构示意图,该通信装置可以包括接收模块1501、获取模块1502以及发送模块1503,其中,各个模块的详细描述如下。Referring to FIG. 15, FIG. 15 is a schematic structural diagram of a communication apparatus according to another embodiment of the present invention. The communication apparatus may include a receiving module 1501, an obtaining module 1502, and a sending module 1503. The detailed description of each module is as follows.

接收模块1501,用于从用户设备的源基站接收第一RRC参数,所述第一RRC参数包 括重定向信息,所述重定向信息用于指示所述用户设备重定向的目标基站。The receiving module 1501 is configured to receive, by using a source base station of the user equipment, a first RRC parameter, where the first RRC parameter packet And including redirection information, where the redirection information is used to indicate a target base station that is redirected by the user equipment.

获取模块1502,用于根据所述用户设备的NAS完整性密钥和第二RRC参数,获得NAS-MAC,所述第二RRC参数为所述NAS-MAC的生成参数,所述第二RRC参数包含所述第一RRC参数的明文或密文。The obtaining module 1502 is configured to obtain a NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment, where the second RRC parameter is a generation parameter of the NAS-MAC, and the second RRC parameter A plaintext or ciphertext containing the first RRC parameter.

发送模块1503,用于向所述源基站发送所述NAS-MAC。The sending module 1503 is configured to send the NAS-MAC to the source base station.

可选的,所述获取模块1502,具体用于:Optionally, the obtaining module 1502 is specifically configured to:

使用所述用户设备的NAS完整性密钥,对所述第二RRC参数进行完整性保护,生成所述NAS-MAC;或者,Performing integrity protection on the second RRC parameter to generate the NAS-MAC by using a NAS integrity key of the user equipment; or

使用所述用户设备的NAS完整性密钥,对所述第二RRC参数和NAS计数进行完整性保护,生成所述NAS-MAC。And using the NAS integrity key of the user equipment to perform integrity protection on the second RRC parameter and the NAS count to generate the NAS-MAC.

可选的,所述获取模块1502,还用于根据所述用户设备的NAS完整性密钥和第二RRC参数,获得所述NAS-MAC之前,使用所述用户设备的NAS加密密钥对所述第一RRC参数进行加密,得到所述第二RRC参数。Optionally, the obtaining module 1502 is further configured to use the NAS encryption key pair of the user equipment before obtaining the NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment. The first RRC parameter is encrypted to obtain the second RRC parameter.

可选的,所述获取模块1502,具体用于:Optionally, the obtaining module 1502 is specifically configured to:

根据所述用户设备的ASME密钥和NAS计数,获得衍生的NAS完整性密钥;Obtaining a derived NAS integrity key according to the ASME key and the NAS count of the user equipment;

使用所述衍生的NAS完整性密钥对所述第二RRC参数进行完整性保护,生成所述NAS-MAC。The second RRC parameter is integrity protected using the derived NAS integrity key to generate the NAS-MAC.

可选的,所述获取模块1502,还用于根据所述用户设备的NAS完整性密钥和第二RRC参数,获得所述NAS-MAC之前,根据所述用户设备的ASME密钥和NAS计数,获得衍生的NAS加密密钥;使用所述衍生的NAS加密密钥对所述第一RRC参数进行加密,得到所述第二RRC参数。Optionally, the obtaining module 1502 is further configured to: before obtaining the NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment, according to the ASME key and the NAS count of the user equipment. Obtaining a derived NAS encryption key; encrypting the first RRC parameter by using the derived NAS encryption key to obtain the second RRC parameter.

可选的,所述发送模块1503,还用于向所述源基站发送所述第二RRC参数。Optionally, the sending module 1503 is further configured to send the second RRC parameter to the source base station.

可选的,所述发送模块1503,还用于向所述源基站发送所述NAS计数的部分比特位。Optionally, the sending module 1503 is further configured to send, to the source base station, part of the bits of the NAS count.

可选的,所述重定向信息包括重定向控制信息或者物理小区标识PCI中的至少一种。Optionally, the redirection information includes at least one of redirection control information or a physical cell identifier PCI.

需要说明的是,本发明实施例可具体参见图4~10所示实施例的相关描述,不再赘述。It should be noted that the embodiments of the present invention may be specifically referred to the related descriptions of the embodiments shown in FIG. 4 to FIG. 10, and details are not described herein again.

在图15所描述的通信装置中,接收模块1501从用户设备的源基站接收第一RRC参数,第一RRC参数包括重定向信息,获取模块1502根据用户设备的NAS完整性密钥和第二RRC参数,获得NAS-MAC,发送模块1503向源基站发送NAS-MAC,可对源基站进行身份识别,提高用户设备执行CSFB的安全性。In the communication device described in FIG. 15, the receiving module 1501 receives the first RRC parameter from the source base station of the user equipment, where the first RRC parameter includes redirection information, and the obtaining module 1502 is configured according to the NAS integrity key of the user equipment and the second RRC. The parameter obtains the NAS-MAC, and the sending module 1503 sends the NAS-MAC to the source base station, which can identify the source base station and improve the security of the user equipment to perform CSFB.

请参见图16,图16是本发明实施例提供的一种移动性管理实体,该移动性管理实体包括处理器1601、存储器1602以及收发器1603,所述处理器1601、存储器1602以及收发器1603通过总线相互连接。Referring to FIG. 16, FIG. 16 is a mobility management entity according to an embodiment of the present invention. The mobility management entity includes a processor 1601, a memory 1602, and a transceiver 1603. The processor 1601, the memory 1602, and the transceiver 1603 Connected to each other via a bus.

存储器1602包括但不限于是RAM、ROM、EPROM、或CD-ROM,该存储器1602用于存储相关指令及数据,例如用户设备的第一RRC参数,NAS-MAC等。收发器1603用于接收和发送数据,例如从用户设备的源基站接收第一RRC参数,或者向源基站发送NAS-MAC等。The memory 1602 includes, but is not limited to, a RAM, a ROM, an EPROM, or a CD-ROM for storing related instructions and data, such as a first RRC parameter of the user equipment, NAS-MAC, and the like. The transceiver 1603 is configured to receive and transmit data, for example, receive a first RRC parameter from a source base station of the user equipment, or send a NAS-MAC or the like to the source base station.

处理器1601可以是一个或多个CPU,或者一个或多个MCU。在处理器1601是一个 CPU的情况下,该CPU可以是单核CPU,也可以是多核CPU。其中,处理器1601可结合图15所示的通信装置。The processor 1601 may be one or more CPUs, or one or more MCUs. In the processor 1601 is a In the case of a CPU, the CPU can be a single core CPU or a multi-core CPU. The processor 1601 can be combined with the communication device shown in FIG.

该MME中的处理器1601用于读取所述存储器1602中存储的程序代码,执行以下操作:The processor 1601 in the MME is configured to read the program code stored in the memory 1602, and perform the following operations:

通过收发器1603从用户设备的源基站接收第一RRC参数,所述第一RRC参数包括重定向信息,所述重定向信息用于指示所述用户设备重定向的目标基站;Receiving, by the transceiver 1603, a first RRC parameter from a source base station of the user equipment, where the first RRC parameter includes redirection information, where the redirection information is used to indicate a target base station that is redirected by the user equipment;

根据所述用户设备的NAS完整性密钥和第二RRC参数,获得NAS-MAC,所述第二RRC参数为所述NAS-MAC的生成参数,所述第二RRC参数包含所述第一RRC参数的明文或密文;Obtaining a NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment, where the second RRC parameter is a generation parameter of the NAS-MAC, and the second RRC parameter includes the first RRC Plain text or cipher text of the parameter;

通过收发器1603向所述源基站发送所述NAS-MAC。The NAS-MAC is transmitted to the source base station through the transceiver 1603.

可选的,处理器1601根据所述用户设备的NAS完整性密钥和第二RRC参数,获得NAS-MAC,具体可以为:Optionally, the processor 1601 obtains the NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment, where specifically:

使用所述用户设备的NAS完整性密钥,对所述第二RRC参数进行完整性保护,生成所述NAS-MAC;或者,Performing integrity protection on the second RRC parameter to generate the NAS-MAC by using a NAS integrity key of the user equipment; or

使用所述用户设备的NAS完整性密钥,对所述第二RRC参数和NAS计数进行完整性保护,生成所述NAS-MAC。And using the NAS integrity key of the user equipment to perform integrity protection on the second RRC parameter and the NAS count to generate the NAS-MAC.

可选的,处理器1601根据所述用户设备的NAS完整性密钥和第二RRC参数,获得所述NAS-MAC之前,还可以执行以下操作:Optionally, before the obtaining, by the processor 1601, the NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment, the following operations may also be performed:

使用所述用户设备的NAS加密密钥对所述第一RRC参数进行加密,得到所述第二RRC参数。And encrypting the first RRC parameter by using a NAS encryption key of the user equipment, to obtain the second RRC parameter.

可选的,处理器1601根据所述用户设备的NAS完整性密钥和第二RRC参数,获得NAS-MAC,具体可以为:Optionally, the processor 1601 obtains the NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment, where specifically:

根据所述用户设备的ASME密钥和NAS计数,获得衍生的NAS完整性密钥;Obtaining a derived NAS integrity key according to the ASME key and the NAS count of the user equipment;

使用所述衍生的NAS完整性密钥对所述第二RRC参数进行完整性保护,生成所述NAS-MAC。The second RRC parameter is integrity protected using the derived NAS integrity key to generate the NAS-MAC.

可选的,处理器1601根据所述用户设备的NAS完整性密钥和第二RRC参数,获得所述NAS-MAC之前,还可以执行以下操作:Optionally, before the obtaining, by the processor 1601, the NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment, the following operations may also be performed:

根据所述用户设备的ASME密钥和NAS计数,获得衍生的NAS加密密钥;Obtaining a derived NAS encryption key according to the ASME key and the NAS count of the user equipment;

使用所述衍生的NAS加密密钥对所述第一RRC参数进行加密,得到所述第二RRC参数。And encrypting the first RRC parameter by using the derived NAS encryption key to obtain the second RRC parameter.

可选的,处理器1601还可以执行以下操作:Optionally, the processor 1601 can also perform the following operations:

通过收发器1603向所述源基站发送所述第二RRC参数。The second RRC parameter is sent to the source base station by the transceiver 1603.

可选的,处理器1601还可以执行以下操作:Optionally, the processor 1601 can also perform the following operations:

通过收发器1603向所述源基站发送所述NAS计数的部分比特位。A portion of the bits of the NAS count is transmitted by the transceiver 1603 to the source base station.

可选的,所述重定向信息包括重定向控制信息或者物理小区标识PCI中的至少一种。Optionally, the redirection information includes at least one of redirection control information or a physical cell identifier PCI.

需要说明的是,本发明实施例可具体参见图4~10所示实施例的相关描述,不再赘述。It should be noted that the embodiments of the present invention may be specifically referred to the related descriptions of the embodiments shown in FIG. 4 to FIG. 10, and details are not described herein again.

在图16所描述的基站中,处理器1601从用户设备的源基站接收第一RRC参数,第一RRC参数包括重定向信息,根据用户设备的NAS完整性密钥和第二RRC参数,获得 NAS-MAC,向源基站发送NAS-MAC,可对该基站进行身份识别,提高用户设备执行CSFB的安全性。In the base station described in FIG. 16, the processor 1601 receives a first RRC parameter from a source base station of the user equipment, where the first RRC parameter includes redirection information, obtained according to the NAS integrity key and the second RRC parameter of the user equipment. The NAS-MAC sends a NAS-MAC to the source base station to identify the base station and improve the security of the user equipment to perform CSFB.

请参见图17,图17是本发明实施例提供的一种通信系统,该通信系统包括图12所示的基站1701、图14所示的用户设备1702以及图16所示的移动性管理实体1703,具体可以参见图12、14以及16的描述,本发明实施例不再赘述。Referring to FIG. 17, FIG. 17 is a communication system according to an embodiment of the present invention. The communication system includes a base station 1701 shown in FIG. 12, a user equipment 1702 shown in FIG. 14, and a mobility management entity 1703 shown in FIG. For details, refer to the description of FIG. 12, FIG. 14 and FIG.

本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,该流程可以由计算机程序来指令相关的硬件完成,该程序可存储于计算机可读取存储介质中,该程序在执行时,可包括如上述各方法实施例的流程。而前述的存储介质包括:ROM或随机存储记忆体RAM、磁碟或者光盘等各种可存储程序代码的介质。 One of ordinary skill in the art can understand all or part of the process of implementing the above embodiments, which can be completed by a computer program to instruct related hardware, the program can be stored in a computer readable storage medium, when the program is executed The flow of the method embodiments as described above may be included. The foregoing storage medium includes various media that can store program codes, such as a ROM or a random access memory RAM, a magnetic disk, or an optical disk.

Claims (39)

一种通信方法,其特征在于,所述方法包括:A communication method, characterized in that the method comprises: 源基站从用户设备接收扩展服务请求消息;The source base station receives an extended service request message from the user equipment; 所述源基站根据所述扩展服务请求消息,向移动性管理实体MME发送第一无线资源控制RRC参数,所述第一RRC参数包括重定向信息,所述重定向信息用于指示所述用户设备重定向的目标基站;The source eNB sends a first RRC parameter to the mobility management entity MME according to the extended service request message, where the first RRC parameter includes redirection information, and the redirection information is used to indicate the user equipment. Redirected target base station; 所述源基站从所述MME接收非接入层-消息验证码NAS-MAC;The source base station receives a non-access stratum-message verification code NAS-MAC from the MME; 所述源基站向所述用户设备发送RRC连接释放消息,所述RRC连接释放消息包括所述NAS-MAC和第二RRC参数,所述第二RRC参数为所述NAS-MAC的生成参数,所述第二RRC参数包括所述第一RRC参数的明文或密文。The source base station sends an RRC connection release message to the user equipment, where the RRC connection release message includes the NAS-MAC and a second RRC parameter, and the second RRC parameter is a generation parameter of the NAS-MAC. The second RRC parameter includes a plaintext or a ciphertext of the first RRC parameter. 如权利要求1所述的方法,其特征在于,所述RRC连接释放消息还包括NAS计数的部分比特位,所述源基站向MME发送所述第一RRC参数之后,还包括:The method according to claim 1, wherein the RRC connection release message further includes a partial bit of the NAS, and after the source base station sends the first RRC parameter to the MME, the method further includes: 所述源基站从所述MME接收所述NAS计数的部分比特位。The source base station receives a partial bit of the NAS count from the MME. 如权利要求1或2所述的方法,其特征在于,所述第二RRC参数包括所述第一RRC参数的密文,所述方法还包括:The method according to claim 1 or 2, wherein the second RRC parameter includes the ciphertext of the first RRC parameter, and the method further includes: 所述源基站从所述MME接收所述第二RRC参数。The source base station receives the second RRC parameter from the MME. 一种通信方法,其特征在于,所述方法包括:A communication method, characterized in that the method comprises: 用户设备向源基站发送扩展服务请求消息;The user equipment sends an extended service request message to the source base station; 所述用户设备接收所述源基站发送的无线资源控制RRC连接释放消息,所述RRC连接释放消息包括非接入层-消息验证码NAS-MAC和第二RRC参数,所述第二RRC参数为所述NAS-MAC的生成参数,所述第二RRC参数包括重定向信息;Receiving, by the user equipment, a radio resource control RRC connection release message sent by the source base station, where the RRC connection release message includes a non-access stratum-message verification code NAS-MAC and a second RRC parameter, where the second RRC parameter is a generation parameter of the NAS-MAC, where the second RRC parameter includes redirection information; 所述用户设备根据所述用户设备的NAS完整性密钥和所述第二RRC参数,校验所述NAS-MAC;The user equipment verifies the NAS-MAC according to the NAS integrity key of the user equipment and the second RRC parameter; 当所述NAS-MAC校验成功时,所述用户设备重定向到所述重定向信息所指示的目标基站。When the NAS-MAC check is successful, the user equipment is redirected to the target base station indicated by the redirection information. 如权利要求4所述的方法,其特征在于,所述RRC连接释放消息还包括NAS计数的部分比特位。The method of claim 4 wherein said RRC Connection Release message further comprises a partial bit of the NAS count. 如权利要求5所述的方法,其特征在于,所述用户设备根据所述用户设备的NAS完整性密钥和所述第二RRC参数,校验所述NAS-MAC,包括:The method of claim 5, wherein the user equipment verifies the NAS-MAC according to the NAS integrity key of the user equipment and the second RRC parameter, including: 所述用户设备根据所述NAS计数的部分比特位,获取所述NAS计数;The user equipment acquires the NAS count according to a part of the bit counted by the NAS; 所述用户设备根据所述NAS完整性密钥、所述第二RRC参数以及所述NAS计数,校验所述NAS-MAC。 The user equipment checks the NAS-MAC according to the NAS integrity key, the second RRC parameter, and the NAS count. 如权利要求4或6所述的方法,其特征在于,当所述第二RRC参数为密文时,所述用户设备重定向到所述重定向信息所指示的目标基站,包括:The method according to claim 4 or 6, wherein when the second RRC parameter is a ciphertext, the user equipment is redirected to the target base station indicated by the redirection information, including: 所述用户设备使用所述用户设备的NAS加密密钥对所述第二RRC参数进行解密,获得所述重定向信息;The user equipment decrypts the second RRC parameter by using a NAS encryption key of the user equipment, to obtain the redirection information; 所述用户设备重定向到所述重定向信息所指示的目标基站。The user equipment is redirected to a target base station indicated by the redirection information. 如权利要求5所述的方法,其特征在于,所述用户设备根据所述用户设备的NAS完整性密钥和所述第二RRC参数,校验所述NAS-MAC,包括:The method of claim 5, wherein the user equipment verifies the NAS-MAC according to the NAS integrity key of the user equipment and the second RRC parameter, including: 所述用户设备根据所述NAS计数的部分比特位,获取所述NAS计数;The user equipment acquires the NAS count according to a part of the bit counted by the NAS; 所述用户设备根据所述用户设备的接入安全管理实体ASME密钥和所述NAS计数,获得衍生的NAS完整性密钥;Determining, by the user equipment, the derived NAS integrity key according to the access security management entity ASME key of the user equipment and the NAS count; 所述用户设备根据所述衍生的NAS完整性密钥和所述第二RRC参数,校验所述NAS-MAC。The user equipment checks the NAS-MAC according to the derived NAS integrity key and the second RRC parameter. 如权利要求8所述的方法,其特征在于,当所述第二RRC参数为密文时,所述用户设备重定向到所述重定向信息所指示的目标基站,包括:The method according to claim 8, wherein when the second RRC parameter is a ciphertext, the user equipment is redirected to the target base station indicated by the redirection information, including: 所述用户设备根据所述用户设备的ASME密钥和所述NAS计数,获得衍生的NAS加密密钥;The user equipment obtains a derived NAS encryption key according to the ASME key of the user equipment and the NAS count; 所述用户设备使用所述衍生的NAS加密密钥对所述第二RRC参数进行解密,获得所述重定向信息;Decrypting the second RRC parameter by using the derived NAS encryption key to obtain the redirection information; 所述用户设备重定向到所述重定向信息所指示的目标基站。The user equipment is redirected to a target base station indicated by the redirection information. 如权利要求4~9任一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 4 to 9, wherein the method further comprises: 当所述NAS-MAC校验失败时,所述用户设备断开与所述源基站之间的连接。When the NAS-MAC check fails, the user equipment disconnects from the source base station. 一种通信方法,其特征在于,所述方法包括:A communication method, characterized in that the method comprises: 移动性管理实体MME从用户设备的源基站接收第一无线资源控制RRC参数,所述第一RRC参数包括重定向信息,所述重定向信息用于指示所述用户设备重定向的目标基站;The mobility management entity MME receives the first radio resource control RRC parameter from the source base station of the user equipment, where the first RRC parameter includes redirection information, and the redirection information is used to indicate the target base station that is redirected by the user equipment; 所述MME根据所述用户设备的非接入层NAS完整性密钥和第二RRC参数,获得非接入层-消息验证码NAS-MAC,所述第二RRC参数为所述NAS-MAC的生成参数,所述第二RRC参数包含所述第一RRC参数的明文或密文;The MME obtains a non-access stratum-message verification code NAS-MAC according to the non-access stratum NAS integrity key and the second RRC parameter of the user equipment, where the second RRC parameter is the NAS-MAC Generating a parameter, where the second RRC parameter includes a plaintext or a ciphertext of the first RRC parameter; 所述MME向所述源基站发送所述NAS-MAC。The MME sends the NAS-MAC to the source base station. 如权利要求11所述的方法,其特征在于,所述MME根据所述用户设备的NAS完整性密钥和第二RRC参数,获得所述NAS-MAC,包括:The method according to claim 11, wherein the MME obtains the NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment, including: 所述MME使用所述用户设备的NAS完整性密钥,对所述第二RRC参数进行完整性保护,生成所述NAS-MAC;或者,The MME performs integrity protection on the second RRC parameter to generate the NAS-MAC by using the NAS integrity key of the user equipment; or 所述MME使用所述用户设备的NAS完整性密钥,对所述第二RRC参数和NAS计数 进行完整性保护,生成所述NAS-MAC。The MME counts the second RRC parameter and the NAS by using a NAS integrity key of the user equipment. Perform integrity protection to generate the NAS-MAC. 如权利要求12所述的方法,其特征在于,所述MME根据所述用户设备的NAS完整性密钥和第二RRC参数,获得所述NAS-MAC之前,所述方法还包括:The method according to claim 12, wherein the method further comprises: before the obtaining, by the MME, the NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment, the method further comprises: 所述MME使用所述用户设备的NAS加密密钥对所述第一RRC参数进行加密,得到所述第二RRC参数。The MME encrypts the first RRC parameter by using a NAS encryption key of the user equipment, to obtain the second RRC parameter. 如权利要求11所述的方法,其特征在于,所述MME根据所述用户设备的NAS完整性密钥和第二RRC参数,获得所述NAS-MAC,包括:The method according to claim 11, wherein the MME obtains the NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment, including: 所述MME根据所述用户设备的接入安全管理实体ASME密钥和NAS计数,获得衍生的NAS完整性密钥;Determining, by the MME, the derived NAS integrity key according to the access security management entity ASME key and the NAS count of the user equipment; 所述MME使用所述衍生的NAS完整性密钥对所述第二RRC参数进行完整性保护,生成所述NAS-MAC。The MME performs integrity protection on the second RRC parameter by using the derived NAS integrity key to generate the NAS-MAC. 如权利要求14所述的方法,其特征在于,所述MME根据所述用户设备的NAS完整性密钥和第二RRC参数,获得所述NAS-MAC之前,所述方法还包括:The method according to claim 14, wherein the method further comprises: before the obtaining, by the MME, the NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment, the method further comprises: 所述MME根据所述用户设备的ASME密钥和NAS计数,获得衍生的NAS加密密钥;Determining, by the MME, the derived NAS encryption key according to the ASME key and the NAS count of the user equipment; 所述MME使用所述衍生的NAS加密密钥对所述第一RRC参数进行加密,得到所述第二RRC参数。The MME encrypts the first RRC parameter by using the derived NAS encryption key to obtain the second RRC parameter. 如权利要求13或15所述的方法,其特征在于,所述方法还包括:The method of claim 13 or 15, wherein the method further comprises: 所述MME向所述源基站发送所述第二RRC参数。The MME sends the second RRC parameter to the source base station. 如权利要求12,14或15所述的方法,其特征在于,所述方法还包括:The method of claim 12, 14 or 15, wherein the method further comprises: 所述MME向所述源基站发送所述NAS计数的部分比特位。The MME sends a partial bit of the NAS count to the source base station. 如权利要求1-17任一项所述的方法,其特征在于,所述重定向信息包括重定向控制信息或者物理小区标识PCI中的至少一种。The method according to any one of claims 1 to 17, wherein the redirection information comprises at least one of redirection control information or a physical cell identity PCI. 一种通信装置,其特征在于,所述装置包括:A communication device, characterized in that the device comprises: 接收模块,用于从用户设备接收扩展服务请求消息;a receiving module, configured to receive an extended service request message from the user equipment; 发送模块,用于根据所述扩展服务请求消息,向移动性管理实体MME发送第一无线资源控制RRC参数,所述第一RRC参数包括重定向信息,所述重定向信息用于指示所述用户设备重定向的目标基站;a sending module, configured to send, according to the extended service request message, a first radio resource control RRC parameter to the mobility management entity MME, where the first RRC parameter includes redirection information, where the redirection information is used to indicate the user Target base station for device redirection; 所述接收模块,还用于从所述MME接收非接入层-消息验证码NAS-MAC;The receiving module is further configured to receive a non-access stratum-message verification code NAS-MAC from the MME; 所述发送模块,还用于向所述用户设备发送RRC连接释放消息,所述RRC连接释放消息包括所述NAS-MAC和第二RRC参数,所述第二RRC参数为所述NAS-MAC的生成参数,所述第二RRC参数包括所述第一RRC参数的明文或密文。 The sending module is further configured to send an RRC connection release message to the user equipment, where the RRC connection release message includes the NAS-MAC and a second RRC parameter, where the second RRC parameter is the NAS-MAC And generating a parameter, where the second RRC parameter includes a plaintext or a ciphertext of the first RRC parameter. 如权利要求19所述的装置,其特征在于,所述RRC连接释放消息还包括NAS计数的部分比特位;The apparatus according to claim 19, wherein said RRC Connection Release message further comprises a partial bit of the NAS count; 所述接收模块,还用于所述发送模块向所述MME发送所述第一RRC参数之后,从所述MME接收所述NAS计数的部分比特位。The receiving module is further configured to: after the sending module sends the first RRC parameter to the MME, receive a partial bit of the NAS count from the MME. 如权利要求19或20所述的装置,其特征在于,所述第二RRC参数包括所述第一RRC参数的密文;The apparatus according to claim 19 or 20, wherein the second RRC parameter comprises a ciphertext of the first RRC parameter; 所述接收模块,还用于从所述MME接收所述第二RRC参数。The receiving module is further configured to receive the second RRC parameter from the MME. 一种基站,其特征在于,所述基站包括处理器、存储器以及收发器,其中,所述存储器中存储一组程序代码,且所述处理器用于调用存储器中存储的程序代码,用于执行以下操作:A base station, comprising: a processor, a memory, and a transceiver, wherein the memory stores a set of program codes, and the processor is configured to call program code stored in the memory for performing the following operating: 从用户设备接收扩展服务请求消息;Receiving an extended service request message from the user equipment; 根据所述扩展服务请求消息,向移动性管理实体MME发送第一无线资源控制RRC参数,所述第一RRC参数包括重定向信息,所述重定向信息用于指示所述用户设备重定向的目标基站;Transmitting, according to the extended service request message, a first radio resource control RRC parameter to the mobility management entity MME, where the first RRC parameter includes redirection information, where the redirection information is used to indicate a target that is redirected by the user equipment. Base station 从所述MME接收非接入层-消息验证码NAS-MAC;Receiving a non-access stratum-message verification code NAS-MAC from the MME; 向所述用户设备发送RRC连接释放消息,所述RRC连接释放消息包括所述NAS-MAC和第二RRC参数,所述第二RRC参数为所述NAS-MAC的生成参数,所述第二RRC参数包括所述第一RRC参数的明文或密文。Sending an RRC connection release message to the user equipment, where the RRC connection release message includes the NAS-MAC and a second RRC parameter, the second RRC parameter is a generation parameter of the NAS-MAC, and the second RRC The parameter includes a plaintext or a ciphertext of the first RRC parameter. 一种通信装置,其特征在于,所述装置包括:A communication device, characterized in that the device comprises: 发送模块,用于向源基站发送扩展服务请求消息;a sending module, configured to send an extended service request message to the source base station; 接收模块,用于接收所述源基站发送的无线资源控制RRC连接释放消息,所述RRC连接释放消息包括非接入层-消息验证码NAS-MAC和第二RRC参数,所述第二RRC参数为所述NAS-MAC的生成参数,所述第二RRC参数包括重定向信息;a receiving module, configured to receive a radio resource control RRC connection release message sent by the source base station, where the RRC connection release message includes a non-access stratum-message verification code NAS-MAC and a second RRC parameter, where the second RRC parameter For the generation parameter of the NAS-MAC, the second RRC parameter includes redirection information; 校验模块,用于根据所述通信装置的NAS完整性密钥和所述第二RRC参数,校验所述NAS-MAC;a verification module, configured to verify the NAS-MAC according to the NAS integrity key of the communication device and the second RRC parameter; 定向模块,用于当所述NAS-MAC校验成功时,重定向到所述重定向信息所指示的目标基站。And an directional module, configured to redirect to the target base station indicated by the redirect information when the NAS-MAC check succeeds. 如权利要求23所述的装置,其特征在于,所述RRC连接释放消息还包括NAS计数的部分比特位。The apparatus of claim 23, wherein the RRC Connection Release message further comprises a partial bit of the NAS count. 如权利要求24所述的装置,其特征在于,所述校验模块,具体用于:The device according to claim 24, wherein the verification module is specifically configured to: 根据所述NAS计数的部分比特位,获取所述NAS计数;Obtaining the NAS count according to a part of the bits counted by the NAS; 根据所述NAS完整性密钥、所述第二RRC参数以及所述NAS计数,校验所述 NAS-MAC。Verifying the according to the NAS integrity key, the second RRC parameter, and the NAS count NAS-MAC. 如权利要求23或25所述的装置,其特征在于,当所述第二RRC参数为密文时,所述定向模块,具体用于:The apparatus according to claim 23 or 25, wherein when the second RRC parameter is a ciphertext, the directional module is specifically configured to: 使用所述通信装置的NAS加密密钥对所述第二RRC参数进行解密,获得所述重定向信息;Decrypting the second RRC parameter by using a NAS encryption key of the communication device to obtain the redirection information; 重定向到所述重定向信息所指示的目标基站。Redirected to the target base station indicated by the redirect information. 如权利要求24所述的装置,其特征在于,所述校验模块,具体用于:The device according to claim 24, wherein the verification module is specifically configured to: 根据所述NAS计数的部分比特位,获取所述NAS计数;Obtaining the NAS count according to a part of the bits counted by the NAS; 根据所述通信装置的接入安全管理实体ASME密钥和所述NAS计数,获得衍生的NAS完整性密钥;Obtaining a derived NAS integrity key according to an access security management entity ASME key and the NAS count of the communication device; 根据所述衍生的NAS完整性密钥和所述第二RRC参数,校验所述NAS-MAC。The NAS-MAC is verified according to the derived NAS integrity key and the second RRC parameter. 如权利要求27所述的装置,其特征在于,当所述第二RRC参数为密文时,所述定向模块,具体用于:The apparatus according to claim 27, wherein when the second RRC parameter is a ciphertext, the directional module is specifically configured to: 根据所述通信装置的ASME密钥和所述NAS计数,获得衍生的NAS加密密钥;Obtaining a derived NAS encryption key according to an ASME key of the communication device and the NAS count; 使用所述衍生的NAS加密密钥对所述第二RRC参数进行解密,获得所述重定向信息;Decrypting the second RRC parameter by using the derived NAS encryption key to obtain the redirection information; 重定向到所述重定向信息所指示的目标基站。Redirected to the target base station indicated by the redirect information. 如权利要求23~28任一项所述的装置,其特征在于,所述装置还包括:The device according to any one of claims 23 to 28, wherein the device further comprises: 断开模块,用于当所述NAS-MAC校验失败时,断开与所述源基站之间的连接。And a disconnecting module, configured to disconnect the connection with the source base station when the NAS-MAC check fails. 一种用户设备,其特征在于,所述用户设备包括处理器、存储器以及收发器,其中,所述存储器中存储一组程序代码,且所述处理器用于调用存储器中存储的程序代码,用于执行以下操作:A user equipment, comprising: a processor, a memory, and a transceiver, wherein the memory stores a set of program codes, and the processor is configured to call program code stored in the memory, for Do the following: 向源基站发送扩展服务请求消息;Sending an extended service request message to the source base station; 接收所述源基站发送的无线资源控制RRC连接释放消息,所述RRC连接释放消息包括非接入层-消息验证码NAS-MAC和第二RRC参数,所述第二RRC参数为所述NAS-MAC的生成参数,所述第二RRC参数包括重定向信息;Receiving, by the source base station, a radio resource control RRC connection release message, where the RRC connection release message includes a non-access stratum-message verification code NAS-MAC and a second RRC parameter, where the second RRC parameter is the NAS- a generation parameter of the MAC, where the second RRC parameter includes redirection information; 根据所述用户设备的NAS完整性密钥和所述第二RRC参数,校验所述NAS-MAC;Verifying the NAS-MAC according to the NAS integrity key of the user equipment and the second RRC parameter; 当所述NAS-MAC校验成功时,重定向到所述重定向信息所指示的目标基站。When the NAS-MAC check succeeds, it is redirected to the target base station indicated by the redirect information. 一种通信装置,其特征在于,所述装置包括:A communication device, characterized in that the device comprises: 接收模块,用于从用户设备的源基站接收第一无线资源控制RRC参数,所述第一RRC参数包括重定向信息,所述重定向信息用于指示所述用户设备重定向的目标基站;a receiving module, configured to receive a first radio resource control RRC parameter from a source base station of the user equipment, where the first RRC parameter includes redirection information, where the redirection information is used to indicate a target base station that is redirected by the user equipment; 获取模块,用于根据所述用户设备的非接入层NAS完整性密钥和第二RRC参数,获得非接入层-消息验证码NAS-MAC,所述第二RRC参数为所述NAS-MAC的生成参数, 所述第二RRC参数包含所述第一RRC参数的明文或密文;An acquiring module, configured to obtain a non-access stratum-message verification code NAS-MAC according to the non-access stratum NAS integrity key and the second RRC parameter of the user equipment, where the second RRC parameter is the NAS- MAC generation parameters, The second RRC parameter includes a plaintext or a ciphertext of the first RRC parameter; 发送模块,用于向所述源基站发送所述NAS-MAC。And a sending module, configured to send the NAS-MAC to the source base station. 如权利要求31所述的装置,其特征在于,所述获取模块,具体用于:The device according to claim 31, wherein the obtaining module is specifically configured to: 使用所述用户设备的NAS完整性密钥,对所述第二RRC参数进行完整性保护,生成所述NAS-MAC;或者,Performing integrity protection on the second RRC parameter to generate the NAS-MAC by using a NAS integrity key of the user equipment; or 使用所述用户设备的NAS完整性密钥,对所述第二RRC参数和NAS计数进行完整性保护,生成所述NAS-MAC。And using the NAS integrity key of the user equipment to perform integrity protection on the second RRC parameter and the NAS count to generate the NAS-MAC. 如权利要求32所述的装置,其特征在于,The device of claim 32, wherein 所述获取模块,还用于根据所述用户设备的NAS完整性密钥和第二RRC参数,获得所述NAS-MAC之前,使用所述用户设备的NAS加密密钥对所述第一RRC参数进行加密,得到所述第二RRC参数。The obtaining module is further configured to use the NAS encryption key of the user equipment to obtain the first RRC parameter before obtaining the NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment. Encryption is performed to obtain the second RRC parameter. 如权利要求31所述的装置,其特征在于,所述获取模块,具体用于:The device according to claim 31, wherein the obtaining module is specifically configured to: 根据所述用户设备的接入安全管理实体ASME密钥和NAS计数,获得衍生的NAS完整性密钥;Obtaining a derived NAS integrity key according to the access security management entity ASME key and the NAS count of the user equipment; 使用所述衍生的NAS完整性密钥对所述第二RRC参数进行完整性保护,生成所述NAS-MAC。The second RRC parameter is integrity protected using the derived NAS integrity key to generate the NAS-MAC. 如权利要求34所述的装置,其特征在于,The device of claim 34, wherein 所述获取模块,还用于根据所述用户设备的NAS完整性密钥和第二RRC参数,获得所述NAS-MAC之前,根据所述用户设备的ASME密钥和NAS计数,获得衍生的NAS加密密钥;使用所述衍生的NAS加密密钥对所述第一RRC参数进行加密,得到所述第二RRC参数。The obtaining module is further configured to obtain the derived NAS according to the ASME key and the NAS count of the user equipment before obtaining the NAS-MAC according to the NAS integrity key and the second RRC parameter of the user equipment. Encrypting a key; encrypting the first RRC parameter by using the derived NAS encryption key to obtain the second RRC parameter. 如权利要求33或35所述的装置,其特征在于,A device according to claim 33 or 35, wherein 所述发送模块,还用于向所述源基站发送所述第二RRC参数。The sending module is further configured to send the second RRC parameter to the source base station. 如权利要求32,34或35所述的装置,其特征在于,A device according to claim 32, 34 or 35, wherein 所述发送模块,还用于向所述源基站发送所述NAS计数的部分比特位。The sending module is further configured to send, to the source base station, part of the bits of the NAS count. 如权利要求19-37任一项所述的方法,其特征在于,所述重定向信息包括重定向控制信息或者物理小区标识PCI中的至少一种。The method according to any one of claims 19 to 37, wherein the redirection information comprises at least one of redirection control information or a physical cell identity PCI. 一种通信系统,其特征在于,所述通信系统包括如权利要求19-21任一项所述的基站、如权利要求23-29任一项所述的用户设备以及如权利要求31-38任一项所述的移动性管理实体MME。 A communication system, comprising: the base station according to any one of claims 19-21, the user equipment according to any one of claims 23-29, and the claims 31-38 A mobility management entity MME as described.
PCT/CN2017/083190 2017-05-05 2017-05-05 Communication method, device and system Ceased WO2018201440A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/083190 WO2018201440A1 (en) 2017-05-05 2017-05-05 Communication method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/083190 WO2018201440A1 (en) 2017-05-05 2017-05-05 Communication method, device and system

Publications (1)

Publication Number Publication Date
WO2018201440A1 true WO2018201440A1 (en) 2018-11-08

Family

ID=64016909

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/083190 Ceased WO2018201440A1 (en) 2017-05-05 2017-05-05 Communication method, device and system

Country Status (1)

Country Link
WO (1) WO2018201440A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101867986A (en) * 2009-04-20 2010-10-20 大唐移动通信设备有限公司 CSFB function activating method and system thereof
CN102232317A (en) * 2010-10-26 2011-11-02 华为技术有限公司 Method and device for processing paging in MSC pool
US20130201924A1 (en) * 2012-02-07 2013-08-08 Qualcomm Incorporated Data radio bearer (drb) enhancements for small data transmissions apparatus, systems, and methods
CN103607783A (en) * 2013-12-06 2014-02-26 中国联合网络通信集团有限公司 CSFB (Circuit Switched Domain Fall Back) call establishment method and user equipment
CN103813300A (en) * 2012-11-14 2014-05-21 华为终端有限公司 Data transmission method, device and system
US20160007239A1 (en) * 2013-02-26 2016-01-07 Samsung Electronics Co., Ltd. Method and system for improving circuit switched fall back (csfb) performance

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101867986A (en) * 2009-04-20 2010-10-20 大唐移动通信设备有限公司 CSFB function activating method and system thereof
CN102232317A (en) * 2010-10-26 2011-11-02 华为技术有限公司 Method and device for processing paging in MSC pool
US20130201924A1 (en) * 2012-02-07 2013-08-08 Qualcomm Incorporated Data radio bearer (drb) enhancements for small data transmissions apparatus, systems, and methods
CN103813300A (en) * 2012-11-14 2014-05-21 华为终端有限公司 Data transmission method, device and system
US20160007239A1 (en) * 2013-02-26 2016-01-07 Samsung Electronics Co., Ltd. Method and system for improving circuit switched fall back (csfb) performance
CN103607783A (en) * 2013-12-06 2014-02-26 中国联合网络通信集团有限公司 CSFB (Circuit Switched Domain Fall Back) call establishment method and user equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
HUAWEI ET AL.: "Enhanced NAS Token Solution for LTE Redirection Attack", 3GPP TSG SA WG3 (SECURITY) MEETING #87 S 3-171245, 9 May 2017 (2017-05-09), XP051269217 *

Similar Documents

Publication Publication Date Title
US11582602B2 (en) Key obtaining method and device, and communications system
CN107409133B (en) A method and device for authentication and key agreement with perfect forward secrecy
CN112154624B (en) User identity privacy protection for pseudo base stations
EP3917187A1 (en) Security implementation method and related apparatus
US9241261B2 (en) Method, system and device for negotiating security capability when terminal moves
CN109906624B (en) Method for supporting authentication in wireless communication network and related network nodes and wireless terminals
US20090209259A1 (en) System and method for performing handovers, or key management while performing handovers in a wireless communication system
EP3709692A1 (en) Routing method, apparatus and system
CN106922216A (en) Apparatus and method for wireless communication
WO2014134786A1 (en) Key interaction method and device
WO2009122260A2 (en) Methods, apparatuses, and computer program products for providing multi-hop cryptographic separation for handovers
WO2022127656A1 (en) Authentication method and related apparatus
JP2009253985A (en) Method and apparatus for generating new key
US20190149326A1 (en) Key obtaining method and apparatus
CN113170369A (en) Method and apparatus for security context handling during inter-system changes
JP6651613B2 (en) Wireless communication
KR20100126691A (en) System and method for performing key management while performing handovers or performing handovers in a wireless communication system
CN106714151B (en) Information transmission method
CN114245372B (en) Authentication method, device and system
CN109842881B (en) Communication method, related device, and system
WO2008152611A1 (en) Apparatus, method and computer program product providing transparent container
WO2018201440A1 (en) Communication method, device and system
CN115668859A (en) Processing module for authenticating a communication device in a 3G-enabled network
WO2018176273A1 (en) Communication method, apparatus and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17908269

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17908269

Country of ref document: EP

Kind code of ref document: A1