WO2016101617A1 - Procédé de traitement d'informations de sécurité dans une procédure de commutation, passerelle d'accès, et station de base - Google Patents

Procédé de traitement d'informations de sécurité dans une procédure de commutation, passerelle d'accès, et station de base Download PDF

Info

Publication number
WO2016101617A1
WO2016101617A1 PCT/CN2015/085363 CN2015085363W WO2016101617A1 WO 2016101617 A1 WO2016101617 A1 WO 2016101617A1 CN 2015085363 W CN2015085363 W CN 2015085363W WO 2016101617 A1 WO2016101617 A1 WO 2016101617A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
response message
handover
path switch
base station
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2015/085363
Other languages
English (en)
Chinese (zh)
Inventor
高音
和峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Publication of WO2016101617A1 publication Critical patent/WO2016101617A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
    • H04W36/0038Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • H04W12/42Security arrangements using identity modules using virtual identity modules

Definitions

  • the present invention relates to a handover technology, and in particular, to a method, a access gateway, and a base station for processing security information in a handover process under an access gateway.
  • LTE Long Term Evolution
  • LTE Advanced enhanced advanced long-term evolution
  • eNB evolved base station
  • RLC Radio Link Control
  • MAC Medium Access Control
  • PHY Physical layer
  • LPN Low-power node
  • a cell Small Cell
  • Pico eNB micro base station
  • hotspot enhancement As the number of LPN cells increases, the network deployment environment becomes more complicated. It also brought some problems. First, because the number of LPN cells is relatively large, when a UE or a terminal moves within the network, frequent inter-cell handovers may occur, resulting in frequent data service terminals and even dropped calls, which may also result in The user's data throughput and user experience are declining.
  • the terminal and the network may also cause a large amount of signaling impact, which may cause system resources to be congested or even paralyzed.
  • the LPN base stations are all connected to the core network (ie, the S1 interface), and the number of interfaces that the core network needs to process is increasing.
  • the core network needs to send data on all relevant interfaces, which also poses great challenges to the processing power of the core network. This situation will become more and more serious with the increase in the number of LPN cells deployed by operators and individuals in the future. Therefore, a solution is needed to alleviate or solve the above problems.
  • a mobility anchor acts as an interface proxy between the base station eNB and the mobility management entity (MME) of the core network, and shields the core network from the existence of the eNB, namely: From the perspective of the base station, the access gateway is equivalent to the MME; from the perspective of the MME, the access gateway is equivalent to the ordinary base station.
  • the MA acts as the gateway of the access network, and carries data transmission between the serving gateway (S-GW) and the base station. From the perspective of the base station, the MA is equivalent to the S-GW; from the perspective of the S-GW, the MA is equivalent to Ordinary base station.
  • the path switching request procedure may be terminated at the access gateway to reduce the handover signaling pair.
  • the core network carries the UE security text information ⁇ NCC, NH ⁇ to the target base station in the S1 handover request message, and the target base station calculates the current handover usage key according to the foregoing security information.
  • the path switch request response message carries the UE security text information ⁇ NCC, NH ⁇ for the next X2. Key generation for handover or internal handover of the base station.
  • the access gateway terminates the path switching request process in the X2 handover, how to handle the security information is a problem to be solved.
  • the embodiment of the present invention is to provide a method for processing security information in a handover procedure, an access gateway, and a base station, and at least implements a scheme for processing security information in a scenario of a path switching request in an X2 handover.
  • a method for processing security information in a handover process includes:
  • the first response message is sent;
  • the user equipment UE security text information or the setting cell is not sent in the first response message, so that the target base station of the opposite end ignores the UE security text information or delivers the reset UE security text information.
  • the first request message is a path switch request message
  • the first response message is a path switch request response message, and the UE security text information is not sent in the path switch request response message.
  • the first request message is a path switch request message
  • the first response message is a path switch request response message
  • the UE security text information is set to a specified value in the path switch request response message, where the specified value is used to cause the target base station of the opposite end to ignore the UE security text. information.
  • the first request message is a path switch request message
  • the first response message is a path switch request response message, and the indication message is newly added in the path switch request response message, and the UE security text information is arbitrarily written, and the indication cell is used to ignore the target base station of the opposite end.
  • the UE security text information is arbitrarily written.
  • the first request message is a bearer modification indication message
  • the first response message is a bearer modification confirmation message, and the bearer modification confirmation message does not include the self-attribute of the UE security text information, and the UE security text information is not sent in the bearer modification confirmation message;
  • the bearer modification confirmation message is a message in the existing handover or a new message.
  • the first request message is a path switch request message
  • the first response message is a path switch request response message
  • the reset UE security text information is encapsulated in the path switch request response message, where the reset UE security text information is used for next handover or internal base station Switched key generation.
  • a method for processing security information in a handover process includes:
  • the current handover is a handover between the base station and the base station, and the processing corresponding to the analysis result is performed.
  • the first request message is a path switch request message
  • the first response message is a path switch request response message
  • the path switch request response message is parsed to obtain that the UE security text information is not sent in the path switch request response message, and the current switch is determined to be the same
  • the handover of the gateway under the gateway and the processing corresponding to the parsing result are:
  • the current handover is a handover between the base station and the base station, and the current process is ended.
  • the first request message is a path switch request message
  • the first response message is a path switch request response message, and the path switch request response message is parsed, and the UE security text information is obtained in the path switch request response message. If the value is determined, the process of determining that the current handover is the same gateway cross-base station handover and executing the corresponding analysis result is:
  • the current handover is the handover of the base station under the same gateway, and the UE security text information is ignored according to the specified value, and the current process is ended.
  • the first request message is a path switch request message
  • the first response message is a path switch request response message
  • the path switch request response message is parsed to obtain that a new indication cell exists in the path switch request response message, and the current switch is determined to be the same gateway.
  • the process of switching across base stations and performing the corresponding parsing result is:
  • the first request message is a bearer modification indication message
  • the first response message is a bearer modification confirmation message, and the bearer modification confirmation message is parsed, so that the UE security text information is not sent in the bearer modification confirmation message, and the current handover is determined to be the same gateway downlink.
  • the handover of the base station and the processing corresponding to the parsing result are:
  • the current handover is a handover between the base station and the base station, and the current process is ended.
  • the first request message is a path switch request message
  • the first response message is a path switch request response message, and the path switch request response message is parsed, and the path switch request response message includes the key used for key generation for next handover or base station internal handover. If the UE security text information is reset, the process of determining that the current handover is the same gateway cross-base station handover and performing the corresponding analysis result is:
  • the current handover is the handover of the base station under the same gateway, and the reset UE security text information is used for key generation of the next handover or internal handover of the base station, and the current procedure is ended.
  • An access gateway according to an embodiment of the present invention, where the access gateway includes:
  • the first receiving unit is configured to receive the first request message, and determine, according to the result obtained by parsing the first request message, whether the current handover is a handover of the same gateway under the base station;
  • the determining and sending unit configured to determine that the current handover is the handover of the same gateway, the first response message, where the user equipment UE security text information is not sent or the set cell is set to be the peer end
  • the target base station ignores the UE security text information or delivers the reset UE security text information.
  • the first request message is a path switch request message
  • the determining and sending unit is further configured to: the first response message is a path switch request response message, and the UE security text information is not sent in the path switch request response message.
  • the first request message is a path switch request message
  • the determining and transmitting unit is further configured to: the first response message is a path switch request response message, and the path switch request response is sent after the UE security text information is set to a specified value in the path switch request response message.
  • the message, the specified value is used to cause the target base station of the opposite end to ignore the UE security text information.
  • the first request message is a path switch request message
  • the determining and transmitting unit is further configured to: the first response message is a path switch request response message, add an indication cell in the path switch request response message, and arbitrarily write the UE security text information, and then send the A path switch request response message, where the indication cell is used to cause the target base station of the opposite end to ignore the UE security text information.
  • the first request message is a bearer modification indication message
  • the determining and sending unit is further configured to: the first response message is a bearer modification confirmation message, and the bearer modification confirmation message does not include the self-attribute of the UE security text information, and is not included in the bearer modification confirmation message. Sending the UE security text information;
  • the bearer modification confirmation message is a message in the existing handover or a new message.
  • the first receiving unit, the determining and transmitting unit may use a central processing unit (CPU), a digital signal processor (DSP, Digital Singnal Processor) or a programmable logic array (FPGA) when performing processing.
  • CPU central processing unit
  • DSP digital signal processor
  • FPGA programmable logic array
  • Field-Programmable Gate Array implementation.
  • a first sending unit configured to send a first request message
  • the first request message is a path switch request message
  • the processing unit is further configured to: the first response message is a path switch request response message, and the path switch request response message is parsed, so that the UE security text information is not sent in the path switch request response message, and the current Switch to the switchover between the base stations and the base station to end the current process.
  • the first request message is a path switch request message
  • the processing unit is further configured to: the first response message is a path switch request response message, parse the path switch request response message, and obtain, in the path switch request response message, the UE security text information is a specified value, and determine Currently switching to the handover of the base station under the same gateway, The UE security text information is ignored according to the specified value, and the current flow is ended.
  • the first request message is a path switch request message
  • the processing unit is further configured to: the first response message is a path switch request response message, parse the path switch request response message, and obtain a new indication cell in the path switch request response message, and determine that the current switch is The handover between the same gateway and the base station ignores the UE security text information according to the newly added indicator cell, and ends the current process.
  • the first request message is a bearer modification indication message
  • the processing unit is further configured to: the first response message is a bearer modification confirmation message, and the bearer modification confirmation message is parsed, so that the UE security text information is not sent in the bearer modification confirmation message, and the current handover is determined to be the same
  • the handover between the gateways and the base station ends the current process.
  • the first response message is a path switch request response message, and the path switch request response message is parsed, and the path switch request response message includes the key used for key generation for next handover or base station internal handover.
  • the reset UE security text information determines that the current handover is the handover of the same gateway under the base station, and the reset UE security text information is used for the next handover or key handover of the base station internal handover, and the current flow is ended.
  • the first sending unit and the processing unit may use a central processing unit (CPU), a digital signal processor (DSP), or a programmable logic array (FPGA, Field-) when performing processing. Programmable Gate Array) implementation.
  • CPU central processing unit
  • DSP digital signal processor
  • FPGA programmable logic array
  • Field- Programmable Gate Array
  • the method for processing the security information in the handover process of the access gateway in the embodiment of the present invention includes: receiving the first request message, determining, according to the result obtained by parsing the first request message, whether the current handover is a handover of the same gateway under the base station; The first response message is sent when the current handover is the same as the cross-base station of the same gateway; the user equipment UE security text information is not sent in the first response message, or the set cell is configured to make the target base station of the opposite end ignore the UE security text. Information or delivery Reset UE security text information.
  • the user equipment UE security text information is not sent in the first response message or the setting cell is configured to cause the peer target base station to ignore the UE security text information, so that the path switching request procedure can be terminated at the access gateway to reduce the handover information.
  • the impact on the core network is achieved, and the security information processing in the scenario of the path switching request process in the X2 handover is terminated by the access gateway.
  • FIG. 1 is a schematic structural diagram of an access gateway system in the prior art
  • FIG. 2 is a schematic diagram of an implementation process of an embodiment of a method according to the present invention.
  • FIG. 4 is a schematic diagram of a security information processing flow of application scenario 2 in which an embodiment of the present invention is applied;
  • FIG. 5 is a schematic diagram of a security information processing flow of an application scenario 3 in which an embodiment of the present invention is applied;
  • FIG. 7 is a schematic diagram of a security information processing flow of an application scenario 5 in which an embodiment of the present invention is applied;
  • FIG. 8 is a schematic structural diagram of an embodiment of an access gateway according to the present invention.
  • a method for processing security information in a handover process of an access gateway specifically relates to an access gateway architecture and a function implementation method in a mobile communication system, which is a long-term evolution system in which an access network is introduced under an anchor point.
  • the processing scheme for switching security information in the process is a long-term evolution system in which an access network is introduced under an anchor point.
  • FIG. 2 A method for processing security information in a handover process of an access gateway in an embodiment of the present invention is as shown in FIG. 2, where the method includes:
  • Step 102 When it is determined that the current handover is a handover of the same gateway under the base station, the first response message is sent.
  • Step 103 The user equipment UE security text information or the setting cell is not sent in the first response message, so that the target base station of the opposite end ignores the UE security text information or delivers the reset UE security text information.
  • the first request message is a path switch request message; correspondingly, the first response message is a path switch request response message, and is not sent in the path switch request response message.
  • the UE security text information is not sent in the path switch request response message.
  • the first request message is a path switch request message; correspondingly, the first response message is a path switch request response message, and the path is set in the path switch request response message.
  • the UE security text information is a specified value, and the specified value is used to cause the target base station of the opposite end to ignore the UE security text information.
  • the first request message is a path switch request message; correspondingly, the first response message is a path switch request response message, and an indication cell is added in the path switch request response message.
  • the indication information element is used to cause the target base station of the opposite end to ignore the UE security text information.
  • the first request message is a bearer modification indication message; correspondingly, the first response message is a bearer modification acknowledgement message, and the bearer modification acknowledgement message does not include the UE security.
  • the UE security text information is not sent in the bearer modification confirmation message; the bearer modification confirmation message is an existing handover message or a new message.
  • the first request message is a path switch request message; correspondingly, the first response message is a path switch request response message, and the path is encapsulated in the path switch request response message.
  • the reset UE security text information is used for key handover of the next handover or base station internal handover.
  • a method for processing security information in a handover process of an access gateway includes:
  • Step 201 Send a first request message.
  • Step 202 Receive a first response message, parse the first response message, and obtain a cell that does not include the user equipment UE security text information or parsing the first response message to ignore the UE security text information or parse the re Set the UE security text information.
  • Step 203 Determine that the current handover is a handover of the same gateway under the base station and perform processing corresponding to the analysis result.
  • the first request message is a path switch request message; correspondingly, the first response message is a path switch request response message, and the path switch request response message is parsed to obtain If the UE security text information is not sent in the path switch request response message, the process of determining that the current handover is the same gateway cross-base station handover and performing the analysis result is: determining that the current handover is the same gateway. Switching across base stations ends the current process.
  • the first request message is a path switch request message; correspondingly, the first response message is a path switch request response message, and the path switch request response message is parsed to obtain If the UE security text information in the path switch request response message is a specified value, the process of determining that the current handover is the same gateway cross-base station handover and executing the analysis result is: determining that the current handover is the same gateway. The handover of the base station is performed, and the UE security text information is ignored according to the specified value, and the current process is ended.
  • the first request message is a path switch request message; correspondingly, the first response message is a path switch request response message, and the path switch request response message is parsed to obtain If there is a new indication cell in the path switch request response message, the process of determining that the current handover is the same gateway cross-base station handover and performing the analysis result is: determining that the current handover is the same gateway downlink base station Switching according to the The new indicator cell ignores the UE security text information and ends the current process.
  • the first request message is a bearer modification indication message; correspondingly, the first response message is a bearer modification confirmation message, and the bearer modification confirmation message is parsed, and the bearer is obtained in the bearer. If the UE security text information is not sent in the modification confirmation message, the process of determining that the current handover is the same gateway cross-base station handover and performing the analysis result is: determining that the current handover is the same gateway cross-base station Switch to end the current process.
  • the first request message is a path switch request message; correspondingly, the first response message is a path switch request response message, and the path switch request response message is parsed to obtain the
  • the path switch request response message includes the reset UE security text information used for key generation of the next handover or the base station internal handover, and the determining that the current handover is the handover of the same gateway and the execution of the cross-base station
  • the processing corresponding to the analysis result is: determining that the current handover is the same gateway cross-base station handover, and the reset UE security text information is used for next handover or key handover of the base station internal handover, and the current procedure is ended.
  • the embodiment of the present invention interacts between the access gateway and the target base station, and is applicable to the cross-base station X2 handover of the UE under the same gateway, and at least the following five specific implementation schemes.
  • the target base station sends a path switch request message to the access gateway, and the access gateway determines that the current switch is the same gateway cross-base station X2 handover, and sets the UE security text information to a special value, such as NULL, in the path switch request response message.
  • a special value such as NULL
  • the target base station sends a path switch request message to the access gateway, and the access gateway determines that the current switch is the same gateway cross-base station X2 handover, then adds an indication cell in the path switch request response message, and arbitrarily fills in the UE security text information.
  • the target base station receives the path switch request response message sent by the access gateway, the UE secure text information is ignored according to the indication cell content.
  • the target base station determines that the current handover is the same gateway cross-base station X2 handover, and sends a bearer modification indication message to the access gateway, where the message includes the S1 interface connection identifier information, the Source MME UE S1AP ID, and/or the MME allocated to the UE.
  • S1 interface connection flag information assigned by the gateway to the UE, source MA UE S1AP ID.
  • the access gateway sends a bearer modification confirmation message, where the message includes the information of the service bearer that is successfully modified and the service bearer information that fails to be modified.
  • the bearer modification indication/confirmation message may use an existing S1AP message or a new message.
  • the target base station sends a path switch request message to the access gateway, and the access gateway determines that the current switch is the same gateway cross-base station X2 handover, and then resets the UE security text information in the path switch request response message, for example, calculates a new ⁇ NCC, NH ⁇ .
  • the target base station receives the path switch request response message sent by the access gateway, the target cell is parsed and used for key generation of the next X2 handover or base station internal handover.
  • the X2 handover procedure under the same access gateway can be terminated on the access gateway, and the impact on the core network due to frequent handover of the user equipment between the cells is avoided.
  • the processing of the security information of the handover process is realized, and the processing load of the core network is alleviated.
  • the architecture of the access gateway in the following application scenarios includes: the access gateway acts as an interface proxy between the base station and the core network, respectively connects the base station and the core network, and shields the impact of the access network on the core network; The screening is performed to ensure that the UE is used as an access anchor of the user equipment in the access network, as shown in FIG. 1 .
  • the access gateway is used as an access anchor of the user equipment in the access network. When the user equipment moves between cells served by the access gateway, the access gateway remains unchanged.
  • the X2 handover procedure may terminate at the access gateway, the source SeNB is an instance of the source base station, the target SeNB is an instance of the target base station, and the access anchor MA is connected. An instance of the gateway.
  • the specific implementation steps in the application scenario 1 include:
  • Step 301 After the X2 handover preparation, the air interface reconfiguration, and the ground data forwarding are completed, the target base station sends a path switch request message to the access gateway.
  • Step 302 The access gateway determines that the current handover is the same gateway, and the UE security text information is not sent in the path switch request response message sent by the target base station.
  • the specific implementation steps in the application scenario 2 include:
  • Step 401 After the X2 handover preparation, the air interface reconfiguration, and the ground data forwarding are completed, the target base station sends a path switch request message to the access gateway.
  • Step 402 The access gateway determines that the current handover is the same gateway cross-base station X2 handover, and sets the UE security text information to a special value, such as NULL, in the path switch request response message sent to the target base station.
  • a special value such as NULL
  • Step 403 When the target base station receives the path switch request response message sent by the access gateway, if the cell is determined to be a specified special value, it is determined that the current switch is the same gateway. Change, the cell information is ignored.
  • the specific implementation steps in the application scenario 3 include:
  • Step 501 After the X2 handover preparation, the air interface reconfiguration, and the ground data forwarding are completed, the target base station sends a path switch request message to the access gateway.
  • Step 502 The access gateway determines that the current handover is the same gateway cross-base station X2 handover, and adds a security information ignore indication cell in the path switch request response message, for example, the presence of the cell indicates that the UE security text information needs to be ignored, or The cell is set to TRUE, indicating that the UE security text information needs to be ignored; or the handover type indication cell is added, for example, indicating that the current handover is a handover under the same access gateway; and the UE security text information is arbitrarily filled.
  • a security information ignore indication cell in the path switch request response message, for example, the presence of the cell indicates that the UE security text information needs to be ignored, or The cell is set to TRUE, indicating that the UE security text information needs to be ignored; or the handover type indication cell is added, for example, indicating that the current handover is a handover under the same access gateway; and the UE security text information is arbitrarily filled.
  • Step 503 When the target base station receives the path switch request response message sent by the access gateway, the secure text information of the UE is ignored according to the newly added indication cell.
  • the specific implementation steps in the application scenario 4 include:
  • Step 601 After the X2 handover preparation, the air interface reconfiguration, and the ground data forwarding are completed, the target base station determines that the current handover is the same gateway cross-base station X2 handover, and sends a bearer modification indication message to the access gateway, where the message includes the MME to allocate to the UE.
  • Step 602 The access gateway sends a bearer modification confirmation message, where the message includes the information of the service bearer that is successfully modified and the service bearer information that fails to be modified. And the S1 interface connection flag information that is allocated by the MME to the UE, and/or the S1 interface connection flag information that the access gateway allocates to the UE. Does not contain UE security text information.
  • the bearer modification indication/confirmation message may use an existing S1AP message or a new message.
  • Step 701 After the X2 handover preparation, the air interface reconfiguration, and the ground data forwarding are completed, the target base station sends a path switch request message to the access gateway.
  • Step 702 The access gateway determines that the current handover is the same gateway cross-base station X2 handover, and then resets the UE security text information in the path switch request response message, for example, calculates a new ⁇ NCC, NH ⁇ .
  • the target base station receives the path switch request response message sent by the access gateway, the target cell is parsed and used for key generation of the next X2 handover or base station internal handover.
  • the access gateway of the embodiment of the present invention includes:
  • the first receiving unit 11 is configured to receive the first request message, and determine, according to the result obtained by parsing the first request message, whether the current handover is a handover of the same gateway under the base station;
  • the determining and transmitting unit 12 is configured to send a first response message when the current handover is the same as the handover of the same gateway, and the user response message is not sent in the first response message.
  • the target base station of the terminal ignores the UE security text information or delivers the reset UE security text information.
  • the first request message is a path switch request message
  • the determining and sending unit is further configured to: the first response message is a path switch request response message, and the UE security text information is not sent in the path switch request response message.
  • the first request message is a path switch request message
  • the determining and transmitting unit is further configured to: the first response message is a path switch request response message, and the path switch request response is sent after the UE security text information is set to a specified value in the path switch request response message.
  • the message, the specified value is used to cause the target base station of the opposite end to ignore the UE security text information.
  • the first request message is a path switch request message
  • the determining and transmitting unit is further configured to: the first response message is a path switching request In response to the message, the indication cell is newly added in the path switch request response message, and the path switch request response message is sent after the security text information is arbitrarily written, and the indication cell is used to make the target base station of the opposite end ignore the The UE security text information.
  • the first request message is a bearer modification indication message
  • the determining and sending unit is further configured to: the first response message is a bearer modification confirmation message, and the bearer modification confirmation message does not include the self-attribute of the UE security text information, and is not included in the bearer modification confirmation message. Sending the UE security text information;
  • the bearer modification confirmation message is a message in the existing handover or a new message.
  • the first request message is a path switch request message
  • the determining and sending unit is further configured to: the first response message is a path switch request response message, and the path switch request response is sent after the reset UE security text information is encapsulated in the path switch request response message The message, the reset UE security text information is used for key generation of the next handover or internal handover of the base station.
  • the base station is a target base station, and includes:
  • a first sending unit configured to send a first request message
  • the processing unit is configured to receive the first response message, parse the first response message, and obtain a cell that does not include the user equipment UE security text information or parse the first response message to ignore the UE security text information.
  • the analysis result or the reconfigured UE security text information is analyzed, and it is determined that the current handover is the handover of the same gateway under the base station and the processing corresponding to the analysis result is executed.
  • the first request message is a path switch request message
  • the processing unit is further configured to: the first response message is a path switch request response message, and the path switch request response message is parsed, so that the UE security text information is not sent in the path switch request response message, and the current Switch to the switchover between the base stations and the base station to end the current process.
  • the first request message is a path switch request message
  • the processing unit is further configured to: the first response message is a path switch request response message, parse the path switch request response message, and obtain, in the path switch request response message, the UE security text information is a specified value, and determine Currently, switching to the handover of the base station under the same gateway, omitting the UE security text information according to the specified value, and ending the current process.
  • the first request message is a path switch request message
  • the processing unit is further configured to: the first response message is a path switch request response message, parse the path switch request response message, and obtain a new indication cell in the path switch request response message, and determine that the current switch is The handover between the same gateway and the base station ignores the UE security text information according to the newly added indicator cell, and ends the current process.
  • the first request message is a bearer modification indication message
  • the processing unit is further configured to: the first response message is a bearer modification confirmation message, and the bearer modification confirmation message is parsed, so that the UE security text information is not sent in the bearer modification confirmation message, and the current handover is determined to be the same
  • the handover between the gateways and the base station ends the current process.
  • the first request message is a path switch request message
  • the first response message is a path switch request response message, and the path switch request response message is parsed, and the path switch request response message includes the key used for key generation for next handover or base station internal handover.
  • the reset UE security text information determines that the current handover is the handover of the same gateway under the base station, and the reset UE security text information is used for the next handover or key handover of the base station internal handover, and the current flow is ended.
  • Mobility anchor A Mobility anchor A;
  • Mobility anchor B Mobility anchor B
  • Macro eNB Enhanced Macro Base Station
  • MME mobile management entity
  • S-GW Service Gateway
  • SeNB1 a base station 1 under the mobility anchor
  • SeNB2 a base station 2 under the mobility anchor point
  • SeNB3 a base station 3 under the mobility anchor
  • UE User equipment.
  • the integrated modules described in the embodiments of the present invention may also be stored in a computer readable storage medium if they are implemented in the form of software functional modules and sold or used as separate products. Based on such understanding, the technical solution of the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product stored in a storage medium, including a plurality of instructions.
  • a computer device (which may be a personal computer, server, or network device, etc.) is caused to perform all or part of the methods described in various embodiments of the present invention.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .
  • embodiments of the invention are not limited to any specific combination of hardware and software.
  • the embodiment of the present invention further provides a computer storage medium, wherein the computer program is used to execute a method for processing security information in a handover process under the access gateway according to the embodiment of the present invention.
  • the method for processing the security information in the handover process of the access gateway in the embodiment of the present invention includes: receiving the first request message, determining, according to the result obtained by parsing the first request message, whether the current handover is a handover of the same gateway under the base station; The first response message is sent when the current handover to the handover of the same gateway is performed, and the user equipment UE security text is not sent in the first response message.
  • the information or setting cell is such that the target base station of the opposite end ignores the UE security text information or delivers the reset UE security text information.
  • the user equipment UE security text information is not sent in the first response message or the setting cell is configured to cause the peer target base station to ignore the UE security text information, so that the path switching request procedure can be terminated at the access gateway to reduce the handover information.
  • the impact on the core network is achieved, and the security information processing in the scenario of the path switching request process in the X2 handover is terminated by the access gateway.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé de traitement d'informations de sécurité dans une procédure de commutation, une passerelle d'accès et une station de base. Le procédé consiste : à recevoir un premier message de demande, et déterminer, selon un résultat obtenu en analysant le premier message de demande, si la commutation en cours est une commutation transversale entre stations de base dans une même passerelle ; et, lorsqu'il est déterminé que la commutation en cours est une commutation transversale entre stations de base dans une même passerelle, à envoyer un premier message de réponse, des informations de texte de sécurité d'un équipement d'utilisateur (UE) n'étant pas fournies ou un élément d'informations étant établit dans le premier message de réponse, de manière à permettre à une station de base cible, au niveau d'une extrémité homologue, d'ignorer les informations de texte de sécurité de l'UE ou de fournir des informations de texte de sécurité réinitialisées de l'UE.
PCT/CN2015/085363 2014-12-26 2015-07-28 Procédé de traitement d'informations de sécurité dans une procédure de commutation, passerelle d'accès, et station de base Ceased WO2016101617A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410837576.3A CN105792189A (zh) 2014-12-26 2014-12-26 一种切换流程中安全信息的处理方法、接入网关及基站
CN201410837576.3 2014-12-26

Publications (1)

Publication Number Publication Date
WO2016101617A1 true WO2016101617A1 (fr) 2016-06-30

Family

ID=56149161

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/085363 Ceased WO2016101617A1 (fr) 2014-12-26 2015-07-28 Procédé de traitement d'informations de sécurité dans une procédure de commutation, passerelle d'accès, et station de base

Country Status (2)

Country Link
CN (1) CN105792189A (fr)
WO (1) WO2016101617A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11044643B2 (en) * 2017-01-11 2021-06-22 Telefonaktiebolaget Lm Ericsson (Publ) 5G QoS flow to radio bearer remapping
CN112789896B (zh) * 2019-01-07 2022-06-14 华为技术有限公司 切换传输路径的方法及装置

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101841807A (zh) * 2009-03-19 2010-09-22 大唐移动通信设备有限公司 一种安全过程的执行方法和系统
CN102572816A (zh) * 2011-12-27 2012-07-11 电信科学技术研究院 一种移动切换的方法及装置
CN102598786A (zh) * 2011-11-11 2012-07-18 华为技术有限公司 基站间的切换方法、基站、和通讯系统
CN102638858A (zh) * 2007-08-22 2012-08-15 华为技术有限公司 一种演进网络切换处理方法与系统

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013110351A1 (fr) * 2012-01-26 2013-08-01 Telefonaktiebolaget L M Ericsson (Publ) Fonctionnement d'un nœud de desserte dans un réseau

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102638858A (zh) * 2007-08-22 2012-08-15 华为技术有限公司 一种演进网络切换处理方法与系统
CN101841807A (zh) * 2009-03-19 2010-09-22 大唐移动通信设备有限公司 一种安全过程的执行方法和系统
CN102598786A (zh) * 2011-11-11 2012-07-18 华为技术有限公司 基站间的切换方法、基站、和通讯系统
CN102572816A (zh) * 2011-12-27 2012-07-11 电信科学技术研究院 一种移动切换的方法及装置

Also Published As

Publication number Publication date
CN105792189A (zh) 2016-07-20

Similar Documents

Publication Publication Date Title
US11950314B2 (en) Configuration method and apparatus, and system
EP3032871B1 (fr) Procédé, dispositif et système de transmission de données
CN110546992A (zh) 用于双连接通信系统中切换的系统和方法
US10798766B2 (en) Multi-connectivity communication method and device
CN103974238B (zh) 一种在异构网络中实现安全检测的方法、装置和系统
JP6133970B2 (ja) データ分流のための方法およびデバイス
EP3267724A1 (fr) Procédé de transmission de données destiné à être utilisé pendant le transfert d'une station de base, dispositif d'utilisateur et station de base, et support de stockage
JP7652263B2 (ja) Iabの通信方法及び装置
KR20240004972A (ko) 노드의 마이그레이션을 처리하기 위한 제1 노드, 제2 노드, 및 그에 의해 실행되는 방법
WO2016101586A1 (fr) Procédé et système de commutation de station de base, dispositif associé, et support d'informations
CN110446274B (zh) 一种隧道建立的方法及装置
US20170230867A1 (en) Base station, wireless communication system, and communication method
US20230397055A1 (en) Inter-system handover involving e1 interface
KR20230070483A (ko) Iab-노드 마이그레이션 방법 및 장치
WO2016101617A1 (fr) Procédé de traitement d'informations de sécurité dans une procédure de commutation, passerelle d'accès, et station de base
CN106034363A (zh) 一种数据转发方法及移动锚点
JP2026513309A (ja) 信号の送受信方法と装置及び通信システム
WO2023150968A1 (fr) Procédé et appareil d'émission-réception de signal et système de communication
WO2015042883A1 (fr) Procédé de transmission de service de liaison montante, procédé de transmission de service de liaison descendante, et dispositif
KR20150061856A (ko) 호 설정을 위한 메시지 처리 방법 및 장치와 그를 위한 이동통신 시스템

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15871691

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15871691

Country of ref document: EP

Kind code of ref document: A1