CN102547689B - Method and device for synchronizing encrypting and decrypting parameters - Google Patents
Method and device for synchronizing encrypting and decrypting parameters Download PDFInfo
- Publication number
- CN102547689B CN102547689B CN201210063560.2A CN201210063560A CN102547689B CN 102547689 B CN102547689 B CN 102547689B CN 201210063560 A CN201210063560 A CN 201210063560A CN 102547689 B CN102547689 B CN 102547689B
- Authority
- CN
- China
- Prior art keywords
- hfn
- reset
- sent
- data
- decrypting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a method and a device for synchronizing encrypting and decrypting parameters, which relate to the technical field of communication networks. Data transmitted by network equipment can be correctly decrypted, and the efficiency of data transmission is enhanced. By configuring a new encrypting parameter according to the method and the device for synchronizing the encrypting and decrypting parameters, the encrypting parameter comprises a first hyper frame number (HFN) in an encrypting configuration to be effected, which is used for downlink decrypting data. When a radio link control (RLC) Reset triggering condition is met, Reset is transmitted to network equipment, and Reset Acknowledgement (Ack) transmitted by the network equipment is also received, wherein the Reset Ack comprises a second HFN; or, Reset transmitted by the network equipment is received, and the Reset Ack is also reverted, wherein the Reset comprises the second HFN; and a target HFN for decrypting downlink data is determined according to the first HFN and the second HFN. The method and the device for synchronizing the encrypting and decrypting parameters are suitable for a data transmission process in which similar access management (AM) exists and an acknowledgement and retransmission mechanism is arranged, and the efficiency of data transmission can be enhanced.
Description
Technical Field
The present invention relates to the field of communications network technologies, and in particular, to a method and an apparatus for synchronizing encryption and decryption parameters.
Background
When a link is initially established, a network device establishes a Radio Bearer (RB), allocates Radio resources to a User Equipment (UE), and notifies the UE of a handover state through an air interface message of RB reconfiguration when a network side needs to schedule resources or monitors that a traffic flow changes during a data transmission process.
When the UE establishes the RB or reconfigures the RB, after the UE receives the RB reconfiguration message sent by the network equipment, the UE configures the new encryption parameters, and sends a reconfiguration completion message to the network equipment after the RB reconfiguration is completed. At this time, if the network device triggers Reset, a Reset response Reset Ack is replied, and the downlink HFN (Hyper Frame Number) is updated according to the protocol, because the new ciphering configuration to be activated at this time is set as the new ciphering parameter configuration according to the HFN of the protocol UE. Due to the time delay, the network device has new data to be sent before receiving the RB reconfiguration complete message of the UE, and the network device encrypts the new data and sends the encrypted data to the UE. And after receiving the RB reconfiguration completion message of the UE, the network side updates the HFN into the configured new encryption parameter, uses the updated HFN to encrypt data and issues the data, and at the moment, the sent data can be correctly analyzed by the UE.
However, when the prior art is used to establish or re-establish the RB, the UE or the network device triggers the RLC Reset procedure, and the network side starts to send data, which results in an error in decrypting the downlink data, and if the decryption has an error, multiple retransmissions are performed, thereby reducing the efficiency of data transmission.
Disclosure of Invention
Embodiments of the present invention provide a method and an apparatus for synchronizing encryption and decryption parameters, which can correctly decrypt data sent by a network device, thereby improving data transmission efficiency.
In order to achieve the above purpose, the embodiment of the invention adopts the following technical scheme:
a method for synchronizing encryption and decryption parameters, comprising:
receiving a Radio Bearer (RB) reconfiguration message sent by network equipment, and configuring new encryption parameters, wherein the new encryption parameters comprise a first Hyper Frame Number (HFN) used for decrypting downlink data in to-be-generated encryption configuration;
when a radio link control Reset RLC Reset triggering condition is met, sending a Reset to network equipment, and receiving a Reset response Reset Ack sent by the network equipment, wherein the Reset Ack comprises a second HFN; or receiving a Reset sent by the network device, and replying to a Reset Ack, where the Reset includes a second HFN;
and determining a target HFN for decrypting the downlink data according to the first HFN and the second HFN.
A method for synchronizing encryption and decryption parameters, comprising:
sending a Radio Bearer (RB) reconfiguration message to User Equipment (UE);
when a radio link control Reset RLC Reset triggering condition is met, receiving a Reset sent by the UE, and replying a Reset response (Reset Ack), wherein the Reset Ack comprises a second Hyper Frame Number (HFN), so that the UE can determine a target HFN for decrypting downlink data; or sending a Reset to the UE, and receiving a Reset Ack sent by the UE, where the Reset includes the second HFN, so that the UE may determine a target HFN for decrypting downlink data.
A method for synchronizing encryption and decryption parameters, comprising:
sending a Radio Bearer (RB) reconfiguration message to User Equipment (UE) and suspending a service RB;
and when an RB reconfiguration completion message sent by the UE is received, the service RB is hung off, wherein the RB reconfiguration completion message comprises a first HFN.
A terminal, comprising:
a configuration unit, configured to receive a RB reconfiguration message sent by a network device, and configure a new ciphering parameter, where the new ciphering parameter includes a first HFN used for decrypting downlink data in a to-be-generated ciphering configuration;
the processing unit is used for sending a Reset to the network equipment and receiving a Reset response Reset Ack sent by the network equipment when a radio link control Reset RLC Reset triggering condition is met, wherein the Reset Ack comprises a second HFN; or, the processing unit is configured to receive a Reset sent by the network device, and reply to a Reset Ack, where the Reset includes the second HFN;
a determining unit, configured to determine a target HFN for decrypting the downlink data according to the first HFN and the second HFN.
A network device, comprising:
a sending unit, configured to send a RB reconfiguration message to a UE;
the processing unit is used for receiving the Reset sent by the UE and replying a Reset response Reset Ack when a radio link control Reset RLC Reset triggering condition is met, wherein the Reset Ack comprises a second HFN, so that the UE can determine a target HFN for decrypting downlink data; or, the processing unit is configured to send a Reset to the UE, and receive a Reset Ack sent by the UE, where the Reset includes the second HFN, so that the UE may determine a target HFN for decrypting downlink data.
A network device, comprising:
a suspension unit, configured to send a RB reconfiguration message for radio bearer to a user equipment UE and suspend a service RB;
a release unit, configured to release the service RB when receiving an RB reconfiguration complete message sent by the UE, where the RB reconfiguration complete message includes the first HFN.
A network communication system includes a terminal and a network device,
the terminal is used for receiving a Radio Bearer (RB) reconfiguration message sent by network equipment and configuring new encryption parameters, wherein the new encryption parameters comprise a first Hyper Frame Number (HFN) used for decrypting downlink data in to-be-generated encryption configuration; when a radio link control Reset RLC Reset triggering condition is met, sending a Reset to the network equipment, and receiving a Reset response Reset Ack sent by the network equipment, wherein the Reset Ack comprises a second HFN; or, when a radio link control Reset RLC Reset triggering condition is met, receiving a Reset sent by the network equipment, and replying a Reset Ack, wherein the Reset comprises a second HFN; determining a target HFN for decrypting the downlink data according to the first HFN and the second HFN;
the network equipment is used for sending a Radio Bearer (RB) reconfiguration message to User Equipment (UE); when a radio link control Reset RLC Reset triggering condition is met, receiving a Reset sent by the UE, and replying a Reset response (Reset Ack), wherein the Reset Ack comprises a second Hyper Frame Number (HFN), so that the UE can determine a target HFN for decrypting downlink data; or, when a radio link control Reset RLC Reset trigger condition is satisfied, sending a Reset to the UE, and receiving a Reset Ack sent by the UE, where the Reset includes the second HFN, so that the UE may determine a target HFN for decrypting downlink data.
The embodiment of the invention provides a method and a device for synchronizing encryption and decryption parameters, wherein a first HFN (high frequency network) used for decrypting downlink data in to-be-generated encryption configuration included in new encryption parameters is configured; when an RLC Reset triggering condition is met, sending a Reset to network equipment, and receiving a Reset response (Reset Ack) sent by the network equipment, wherein the Reset Ack comprises a second HFN; or receiving a Reset sent by the network device, and replying to a Reset Ack, where the Reset includes a second HFN; and determining a target HFN for decrypting the downlink data according to the first HFN and the second HFN. When RB is established or is Reset in the prior art, the UE or the network equipment triggers an RLC Reset flow, the UE directly adopts the configured HFN parameter to decrypt under the condition that encryption configuration which is not effective exists in the UE, or the network side starts to send data when the UE and the network side are not synchronous, so that downlink data decryption is wrong, and if the downlink data decryption is wrong, repeated retransmission is caused, and the data transmission efficiency is reduced. In contrast, the scheme provided by the embodiment of the invention can correctly decrypt the data sent by the network equipment under the condition that the RLC Reset flow is triggered by the UE or the network equipment and the UE has the invalid encryption configuration, thereby improving the efficiency of data transmission.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flowchart of a method for synchronizing encryption and decryption parameters according to embodiment 1 of the present invention;
fig. 2 is a flowchart of another encryption/decryption parameter synchronization method according to embodiment 1 of the present invention;
fig. 3 is a flowchart of another encryption/decryption parameter synchronization method according to embodiment 1 of the present invention;
fig. 4 is a block diagram of a terminal according to embodiment 1 of the present invention;
fig. 5 is a block diagram of a network device according to embodiment 1 of the present invention;
fig. 6 is a block diagram of another network device provided in embodiment 1 of the present invention;
fig. 7 is a flowchart of a method for synchronizing encryption and decryption parameters according to embodiment 2 of the present invention;
fig. 8 is a flowchart of determining a target HFN for decrypting data according to embodiment 2 of the present invention;
fig. 9 is a flowchart of another encryption/decryption parameter synchronization method according to embodiment 2 of the present invention;
fig. 10 is a block diagram of a terminal according to embodiment 2 of the present invention;
fig. 11 is a block diagram of a network device according to embodiment 2 of the present invention;
fig. 12 is a block diagram of another network device according to embodiment 2 of the present invention;
fig. 13 is a schematic diagram of a network communication system according to embodiment 2 of the present invention;
fig. 14 is a schematic physical structure diagram of a network communication system according to embodiment 2 of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
The embodiment of the invention provides a method for synchronizing encryption and decryption parameters. As shown in fig. 1, the method comprises the steps of:
step 101, receiving a radio bearer RB reconfiguration message sent by a network device, and configuring a new ciphering parameter, where the new ciphering parameter includes a first hyper frame number HFN used for decrypting downlink data in a to-be-generated ciphering configuration;
further, an RB reconfiguration complete message is sent to the network device, the RB reconfiguration complete message including the first HFN.
Step 102, when a radio link control Reset RLC Reset triggering condition is met, sending a Reset to a network device, and receiving a Reset response Reset Ack sent by the network device, wherein the Reset Ack includes a second HFN; or,
when a radio link control Reset RLC Reset triggering condition is met, receiving a Reset sent by the network equipment, and replying a Reset Ack, wherein the Reset comprises a second HFN;
step 103, determining a target HFN for decrypting the downlink data according to the first HFN and the second HFN.
Further, determining whether the first HFN and the second HFN are the same;
determining a fourth HFN as the target HFN and decrypting data using the fourth HFN when the first HFN and the second HFN are the same; wherein the fourth HFN is the sum of the second HFN and 1;
when the first HFN and the second HFN are not the same, determining that the first HFN is the target HFN and decrypting data by using the first HFN.
It should be noted that the communication between the terminal and the network device may be accomplished through the transceiving of the base station, which is common knowledge in the art, and therefore, will not be described in detail.
In the encryption and decryption parameter synchronization method provided in the embodiment of the present invention, after RB reconfiguration is completed and before network equipment does not receive an RB reconfiguration complete message, if data is transmitted between UE and network equipment, a target HFN for decrypting downlink data is determined according to a first HFN of a new encryption parameter and a second HFN in a reset or reset response message. When RB is established or is Reset in the prior art, the UE or the network equipment triggers an RLC Reset flow, the UE directly adopts the configured HFN parameter to decrypt under the condition that encryption configuration which is not effective exists in the UE, or the network side starts to send data when the UE and the network side are not synchronous, so that downlink data decryption is wrong, and if the downlink data decryption is wrong, repeated retransmission is caused, and the data transmission efficiency is reduced. In contrast, the scheme provided by the embodiment of the invention can correctly decrypt the data sent by the network equipment under the condition that the RLC Reset flow is triggered by the UE or the network equipment and the UE has the invalid encryption configuration, thereby improving the efficiency of data transmission.
An embodiment of the present invention provides another method for synchronizing encryption and decryption parameters, where an execution main body in this embodiment may be a network device, as shown in fig. 2, the method includes the following steps:
step 201, sending a radio bearer RB reconfiguration message to a user equipment UE;
step 202, when a radio link control Reset RLC Reset triggering condition is met, receiving a Reset sent by the UE, and replying a Reset response (Reset Ack), wherein the Reset Ack comprises a second Hyper Frame Number (HFN); or sending Reset to the UE, and receiving Reset Ack sent by the UE, wherein the Reset comprises a second HFN.
The method further comprises the steps that when an RB reconfiguration completion message sent by the UE is received, the RB reconfiguration completion message comprises a first HFN, and data are encrypted by the first HFN and sent to the UE; and when the RB reconfiguration completion message sent by the UE is not received, encrypting data by adopting a fourth HFN (high frequency network) and sending the data to the UE, wherein the fourth HFN is the sum of the second HFN and 1.
Before receiving an RB reconfiguration complete message sent by a UE, when a radio link control Reset RLC Reset triggering condition is satisfied, receiving a Reset sent by the UE, and replying a Reset response Reset Ack, where the Reset Ack includes a second hyper frame number HFN; or sending a Reset to the UE, and receiving a Reset Ack sent by the UE, wherein the Reset comprises a second HFN. Compared with the prior art that when RB is established or re-established, the UE or the network equipment triggers the RLC Reset flow, when the UE has encryption configuration which is not in effect, the UE directly adopts the configured HFN parameter to decrypt, or when the UE and the network side are not synchronous, the network side starts to send data, so that errors occur in decryption of downlink data, and if the decryption is in error, repeated retransmission is caused, and the efficiency of data transmission is reduced, the scheme provided by the embodiment of the invention can correctly decrypt the data sent by the network equipment when the UE or the network equipment triggers the RLC Reset flow and the UE has encryption configuration which is not in effect, so that the efficiency of data transmission is improved.
An embodiment of the present invention provides another method for synchronizing encryption and decryption parameters, where an execution main body in this embodiment may be a network device, as shown in fig. 3, the method includes the following steps:
step 301, sending a radio bearer RB reconfiguration message to a user equipment UE and suspending a service RB;
step 302, when receiving an RB reconfiguration complete message sent by the UE, the RB reconfiguration complete message includes the first HFN.
It should be noted that, before receiving the RB reconfiguration complete message sent by the UE, the data of the service RB is not sent down, and when receiving the RB reconfiguration complete message sent by the UE, the service RB is suspended, so that the UE can use the HFN synchronized with the UE and the network device when decrypting the parameters, thereby correctly decrypting the data.
The method also includes encrypting data with the first HFN and transmitting to the UE.
According to the encryption and decryption parameter synchronization method provided by the embodiment of the invention, the RB reconfiguration message of the wireless bearer is sent to the UE, the service RB is suspended, and when the RB reconfiguration completion message sent by the UE is received, the service RB is suspended, and the RB reconfiguration completion message comprises the first HFN. When the RB is established or re-established in the prior art, the UE or the network device triggers the RLC Reset procedure, and when the UE and the network side are not synchronized, the network device starts to issue data, which results in an error in decrypting downlink data, and if the decryption is in error, multiple retransmissions are caused, thereby reducing the efficiency of data transmission. In contrast, the scheme provided by the embodiment of the invention can correctly decrypt the data sent by the network equipment under the condition that the RLC Reset flow is triggered by the UE or the network equipment and the UE has the invalid encryption configuration, thereby improving the efficiency of data transmission.
An embodiment of the present invention provides a terminal, where the terminal may be a UE, and as shown in fig. 4, the terminal includes: configuration unit 401, processing unit 402, determination unit 403.
A configuration unit 401, configured to receive a RB reconfiguration message sent by a network device, and configure a new ciphering parameter, where the new ciphering parameter includes a first HFN used for decrypting downlink data in a to-be-generated ciphering configuration;
a processing unit 402, configured to send a Reset to the network device when a radio link control Reset RLC Reset trigger condition is met, and receive a Reset acknowledgement Reset Ack sent by the network device, where the Reset Ack includes a second HFN; or, the processing unit 402 is configured to receive a Reset sent by the network device and reply to a Reset Ack when a radio link control Reset RLC Reset triggering condition is met, where the Reset includes a second HFN;
an updating unit 403, configured to determine a target HFN for decrypting the downlink data according to the first HFN and the second HFN.
In the terminal provided in the embodiment of the present invention, the configuration unit configures a first HFN used for decrypting downlink data in a to-be-generated ciphering configuration included in a new ciphering parameter, and when an RLC Reset triggering condition is satisfied, the processing unit sends a Reset to the network device and receives a Reset response ResetAck sent by the network device, where the Reset Ack includes a second HFN; or receiving a Reset sent by the network device, and replying to a Reset Ack, where the Reset includes a second HFN; a determination unit determines a target HFN to be used for decrypting downstream data based on the first HFN and the second HFN. Compared with the prior art that when RB is established or re-established, the UE or the network equipment triggers the RLC Reset flow, when the UE has encryption configuration which is not in effect, the UE directly adopts the configured HFN parameter to decrypt, or when the UE and the network side are not synchronous, the network side starts to send data, so that errors occur in decryption of downlink data, and if the decryption is in error, repeated retransmission is caused, and the efficiency of data transmission is reduced, the scheme provided by the embodiment of the invention can correctly decrypt the data sent by the network equipment when the UE or the network equipment triggers the RLC Reset flow and the UE has encryption configuration which is not in effect, so that the efficiency of data transmission is improved.
An embodiment of the present invention provides a Network device, where the Network device may specifically be a UTRAN (universal terrestrial Radio Access Network), as shown in fig. 5, the Network device includes: a sending unit 501 and a processing unit 502.
A sending unit 501, configured to send a RB reconfiguration message to a UE;
a processing unit 502, configured to receive a Reset sent by the UE when a radio link control Reset RLC Reset triggering condition is met, and reply a Reset response Ack, where the Reset Ack includes a second HFN, so that the UE may determine a target HFN for decrypting downlink data; or, the processing unit 502 is configured to send a Reset to the UE, and receive a Reset Ack sent by the UE, where the Reset includes the second HFN, so that the UE may determine a target HFN for decrypting downlink data.
The embodiment of the invention provides network equipment, wherein a sending unit sends RB reconfiguration information to UE, when RLC Reset triggering conditions are met, a processing unit receives Reset sent by the UE and replies a Reset response Reset Ack, and the Reset Ack comprises a second HFN; or sending a Reset to the UE, and receiving a Reset Ack sent by the UE, where the Reset includes the second HFN, so that the UE may determine a target HFN for decrypting downlink data. When RB is established or is Reset in the prior art, the UE or the network equipment triggers an RLC Reset flow, the UE directly adopts the configured HFN parameter to decrypt under the condition that encryption configuration which is not effective exists in the UE, or the network side starts to send data when the UE and the network side are not synchronous, so that downlink data decryption is wrong, and if the downlink data decryption is wrong, repeated retransmission is caused, and the data transmission efficiency is reduced. In contrast, the scheme provided by the embodiment of the invention can correctly decrypt the data sent by the network equipment under the condition that the RLC Reset flow is triggered by the UE or the network equipment and the UE has the invalid encryption configuration, thereby improving the efficiency of data transmission.
An embodiment of the present invention provides a Network device, where the Network device may specifically be a UTRAN (universal terrestrial Radio Access Network), as shown in fig. 6, the Network device includes: a suspending unit 601 and an suspending unit 602.
A suspending unit 601, configured to send a RB reconfiguration message for radio bearer to a user equipment UE and suspend a service RB;
a suspending unit 602, configured to suspend the service RB when receiving an RB reconfiguration complete message sent by the UE, where the RB reconfiguration complete message includes the first HFN.
The network device further includes: and the encryption sending unit is used for encrypting the data by adopting the first HFN and sending the data to the UE.
In the network device provided by the embodiment of the present invention, a suspension unit sends a RB reconfiguration message for radio bearer to a user equipment UE and suspends a service RB, and when receiving an RB reconfiguration complete message sent by the UE, a suspension unit suspends the service RB, where the RB reconfiguration complete message includes a first HFN. When RB is established or re-established in the prior art, the UE or the network equipment triggers an RLC Reset flow, when the UE and the network side are not synchronized, the network equipment starts to send data, so that downlink data decryption is wrong, and if the downlink data decryption is wrong, repeated retransmission is caused, and the data transmission efficiency is reduced. In contrast, the scheme provided by the embodiment of the invention can correctly decrypt the data sent by the network equipment under the condition that the RLC Reset flow is triggered by the UE or the network equipment and the UE has the invalid encryption configuration, thereby improving the efficiency of data transmission.
Example 2
An embodiment of the present invention provides a method for synchronizing encryption and decryption parameters, where a network device in the embodiment of the present invention may be a universal terrestrial radio access network UTRAN, as shown in fig. 7, the method includes the following steps:
step 701, a network device sends a radio bearer RB reconfiguration message to a user equipment UE;
and informing the UE to perform single-side reconstruction or double-side reconstruction in the RB reconfiguration message, wherein the single-side reconstruction refers to reconstructing an uplink or a downlink, and the double-side reconstruction refers to reconstructing the uplink and the downlink. The embodiment of the invention takes CELL _ FACH- > CELL _ DCH and the service RB carries out downlink unilateral reconstruction as an example for detailed description. Specifically, the network device first notifies the UE to perform RB reestablishment, then establishes a downlink physical channel in the CELL _ DCH state, synchronizes the downlink of the UE, and then establishes an uplink physical channel to synchronize the uplink of the UE.
Among them, CELL _ FACH (Forward Access Channel) and CELL _ DCH (Dedicated Channel) are different states in a connection mode, the states are different, the amount of data to be transmitted is also different, CELL _ FACH is a common Channel, and the amount of data is small, and often a downlink RLC (Radio Link Control) SIZE configured in this state is small and fixed, such as 336 bit. CELL _ DCH is a dedicated physical channel for high-speed high-throughput services, and the configured downlink rlc size in this state is large and the length is not fixed, for example 2416 bits.
Step 702, the UE receives the RB reconfiguration message sent by the network device, and configures a new ciphering parameter, where the new ciphering parameter includes a first hyper frame number HFN used for decrypting downlink data in a to-be-generated ciphering configuration;
after receiving the RB reconfiguration message, the UE first releases the physical channel in the CELL _ FACH state, synchronizes the downlink dedicated physical channel CELL _ DCH of the network device, establishes a corresponding dedicated physical channel after successful synchronization, and then configures an MAC (Media Access Control) and an RLC (radio link Control), and configures a new ciphering parameter when configuring the RLC, where the configured new ciphering parameter includes a first hyper frame Number HFN, and in addition, a new ciphering activation time SN (Sequence Number), where the SN may be 0.
Step 703, the UE sends an RB reconfiguration complete message to the network device, where the RB reconfiguration complete message includes the first HFN.
When the RB reconstruction is sent in the encryption condition, the encryption HFN is synchronized through a start value in the RB reconfiguration completion message, and the start value is the first HFN.
When the UE sends an RB reconfiguration message to the network device, and a periodic trigger status report is configured, the RLC may trigger a status packet with an ACK type, where an SN of the status packet is 0, that is, a new ciphering activation Time SN, and a TTI (Transmission Time Interval) of a service RB is 10ms, and then the network device receives the status packet first and then receives the RB reconfiguration message. After the network device receives the status packet, the network device end does not start to re-establish the RLC, so that the SN of the received status packet is not in the receiving range, and at this time, the triggering condition is met, and Reset is triggered.
In addition, the method for triggering the RLC Reset includes at least two methods, namely, the sender sends data packets in a range from Vt (A) to Vt (S), and when receiving state packets outside the range from Vt (A) to Vt (S), the RLC Reset is triggered; where vt (a) represents an SN value that the receiving side has confirmed, and vt(s) represents a maximum SN value transmitted; secondly, when the number of times of repeatedly sending certain data by the sender reaches the configured maximum retransmission number, RLC Reset is triggered; when the trigger condition is satisfied, the party satisfying the trigger condition transmits a Reset packet. In the embodiment of the present invention, the UE or the network device may satisfy the trigger condition.
The UE meeting the triggering condition comprises the following steps:
step 704, when the RLC Reset triggering condition is satisfied, the UE sends Reset to the network device;
when the Reset is sent, the HFN adopted by the UE at the moment is carried in a Reset packet;
step 705, the network device receives a Reset sent by the UE, and replies a Reset acknowledgement ResetAck, where the ResetAck includes a second hyper frame number HFN, so that the UE may determine a target HFN for decrypting downlink data;
here, the second HFN is an HFN employed by the network device side at this time.
Step 706, the UE receives a Reset Ack sent by the network device, where the Reset Ack includes a second HFN;
the network device meeting the triggering condition comprises the following steps:
step 707, when an RLC Reset triggering condition is satisfied, the network device sends a Reset to the UE, where the Reset includes a second HFN, so that the UE may determine a target HFN for decrypting data; here, the second HFN is an HFN employed by the network device side at this time.
Step 708, the UE receives the Reset sent by the network device, and replies a Reset response ResetAck;
step 709, the network device receives a Reset response Ack sent by the UE;
step 710, determining, by the UE, a target HFN for decrypting downlink data according to the first HFN and the second HFN;
step 711, the network device receives an RB reconfiguration complete message sent by the UE, where the RB reconfiguration complete message includes a first HFN, and encrypts data by using the first HFN and sends the encrypted data to the UE;
step 712, when the RB reconfiguration complete message sent by the UE is not received, encrypting data by using a fourth HFN, and sending the encrypted data to the UE, where the fourth HFN is a sum of the second HFN and 1.
Only step 711 or step 712 is executed, and both steps are parallel and are not executed at the same time.
Specifically, as shown in fig. 8, the following sub-steps may be adopted when the UE determines the target HFN for decrypting the downlink data:
step 801, the UE determines whether the first HFN and the second HFN are the same;
step 802, when the first HFN and the second HFN are the same, determining a fourth HFN as the target HFN and decrypting downlink data using the fourth HFN;
the fourth HFN is a sum of the second HFN and 1.
It should be noted that, since the HFN varies with the SN in the transmitted data packet, that is, during the transmission, the UE and the network device maintain the local downlink HFN, and when the RLC SN of the downlink makes a revolution, that is, after one period is completed, the HFN is incremented by 1.
Therefore, when the first HFN and the second HFN are the same, that is, the network device has received the RB reconfiguration complete message sent by the UE, the new ciphering configuration is already activated, and at this time, if the RLC Reset procedure is triggered, the RLC Reset procedure is a self-synchronization mechanism during the transmission in AM mode, so that the second HFN needs to be added by 1 according to the protocol specification.
Step 803, when the first HFN and the second HFN are different, determining that the first HFN is the target HFN, and decrypting the downlink data using the first HFN.
And when the first HFN is different from the second HFN, that is, the network device has not received the RB reconfiguration complete message sent by the UE, and the new ciphering configuration has not been activated, at this time, the configured new ciphering parameter first HFN is adopted as the HFN for subsequent deciphering.
The embodiment of the invention provides a method for synchronizing encryption and decryption parameters, which compares a first HFN in new encryption parameters configured by UE with a second HFN carried in a Reset triggering process, so as to determine a target HFN for decoding downlink data. When RB is established or is Reset in the prior art, the UE or the network equipment triggers an RLC Reset flow, the UE directly adopts the configured HFN parameter to decrypt under the condition that encryption configuration which is not effective exists in the UE, or the network side starts to send data when the UE and the network side are not synchronous, so that downlink data decryption is wrong, and if the downlink data decryption is wrong, repeated retransmission is caused, and the data transmission efficiency is reduced. In contrast, the scheme provided by the embodiment of the invention can correctly decrypt the data sent by the network equipment under the condition that the RLC Reset flow is triggered by the UE or the network equipment and the UE has the invalid encryption configuration, thereby improving the efficiency of data transmission.
An embodiment of the present invention provides another method for synchronizing encryption and decryption parameters, as shown in fig. 9, where the method includes:
step 901, the network equipment sends a radio bearer RB reconfiguration message to the UE and suspends the service RB;
in the RB reconfiguration process, data of the traffic RB is not transmitted.
Step 902, the UE receives an RB reconfiguration message sent by the network device, and performs RB reconfiguration;
step 903, the UE sends an RB reconfiguration complete message to the network device;
step 904, the network device receives an RB reconfiguration complete message sent by the UE and suspends the service RB, where the RB reconfiguration complete message includes a first HFN;
step 905, the network device encrypts data by using the first HFN and sends the encrypted data to the UE.
After the service RB is hung off, the data of the service RB can be transmitted and processed, and when the data of the service RB is transmitted, the new configured encryption and decryption parameter first HFN is adopted for encryption and decryption.
According to the encryption and decryption parameter synchronization method provided by the embodiment of the invention, the service RB is suspended in the RB reconfiguration process, and after the reconfiguration is finished, the service RB is then suspended, so that the encryption and decryption parameter HFN can be ensured to be synchronous between the UE and the network equipment, the downlink data can be correctly decrypted, and the data transmission efficiency is improved.
The present embodiment of the method provides a terminal, which may specifically be a UE, and as shown in fig. 10, the apparatus includes: configuration unit 1001, transmission unit 1002, processing unit 1003, determination unit 1004, determination unit 10041, first determination unit 10042, and second determination unit 10043.
A configuration unit 1001, configured to receive a RB reconfiguration message sent by a network device, and configure a new ciphering parameter, where the new ciphering parameter includes a first HFN used for decrypting downlink data in a to-be-generated ciphering configuration;
after RB reconfiguration is completed, a sending unit 1002, configured to send an RB reconfiguration complete message to the network device, where the RB reconfiguration complete message includes the first HFN;
before the network device does not receive the RB reconfiguration complete message, an RLC Reset may be triggered, and the RLC Reset may be triggered by the UE or the network device.
When the RLC Reset is triggered to be UE and when the RLC Reset triggering condition is satisfied, the processing unit 1003 is configured to send a Reset to the network device, and receive a Reset response Reset Ack sent by the network device, where the Reset Ack includes a second HFN;
or, when the RLC Reset is triggered as a network device and when an RLC Reset triggering condition is satisfied, the processing unit 1003 is configured to receive a Reset sent by the network device and reply to a Reset acknowledge, where the Reset includes a second HFN;
a determining unit 1004 configured to determine a target HFN for decrypting downstream data according to the first HFN and the second HFN, specifically, a determining unit 10041 in the determining unit 1004 configured to determine whether the first HFN and the second HFN are the same;
when the first HFN and the second HFN are the same, that is, the network device may receive an RB reconfiguration complete message sent by the UE, and a new ciphering configuration is activated, the first determining unit 10042 in the determining unit 1004 is configured to determine that the target HFN is a fourth HFN according to the second HFN, and decrypt downlink data using the fourth HFN; the fourth HFN is a sum of the second HFN and 1.
When the first HFN and the second HFN are not the same, that is, the network device has not received the RB reconfiguration complete message sent by the UE, and the new ciphering configuration has not been activated, the second determining unit 10043 in the determining unit 1004 is configured to determine that the first HFN is the target HFN and decrypt downlink data using the first HFN.
The embodiment of the invention provides a terminal, which configures a new encryption parameter first HFN through a configuration unit, when a trigger condition is met, a processing unit sends a Reset to network equipment and receives a Reset response Reset Ack sent by the network equipment, wherein the Reset Ack comprises a second HFN; or receiving a Reset sent by the network device, and replying a Reset acknowledge Reset Ack, where the Reset includes a second HFN; a determination unit determines a target HFN to decrypt data based on the first HFN and the second HFN. When RB is established or is Reset in the prior art, the UE or the network equipment triggers an RLC Reset flow, the UE directly adopts the configured HFN parameter to decrypt under the condition that encryption configuration which is not effective exists in the UE, or the network side starts to send data when the UE and the network side are not synchronous, so that downlink data decryption is wrong, and if the downlink data decryption is wrong, repeated retransmission is caused, and the data transmission efficiency is reduced. In contrast, the scheme provided by the embodiment of the invention can correctly decrypt the data sent by the network equipment under the condition that the RLC Reset flow is triggered by the UE or the network equipment and the UE has the invalid encryption configuration, thereby improving the efficiency of data transmission.
An embodiment of the present invention provides a network device, where the network device may specifically be a UTRAN, and as shown in fig. 11, the network device includes: transmitting section 1101, processing section 1102, receiving section 1103, and encryption transmitting section 1104.
A sending unit 1101, configured to send a radio bearer RB reconfiguration message to a user equipment UE;
before the network device does not receive the RB reconfiguration complete message sent by the UE, RLC Reset may be triggered, and the network device may be the UE or the network device.
When the UE triggers an RLC Reset and when an RLC Reset triggering condition is satisfied, the processing unit 1102 is configured to receive a Reset sent by the UE and reply a Reset response, where the Reset response includes a second HFN, so that the UE may determine a target HFN for decrypting downlink data;
alternatively, when the network device triggers an RLC Reset and when an RLC Reset triggering condition is satisfied, the processing unit 1102 sends a Reset to the UE, and receives a Reset response Ack sent by the UE, where the Reset includes the second HFN, so that the UE may determine a target HFN for decrypting downlink data.
In the RB reconfiguration process, when the Reset is triggered, the second HFN is carried in the Reset Ack or the Reset, so that the UE can determine the target HFN for decrypting the downlink data, the UE can correctly decrypt the data sent by the network equipment, and the efficiency of data transmission is improved.
A receiving unit 1103, configured to receive an RB reconfiguration complete message sent by the UE, where the RB reconfiguration complete message includes a first HFN; when receiving an RB reconfiguration complete message sent by the UE, an encryption sending unit 1104, configured to encrypt data by using the first HFN and send the encrypted data to the UE;
when the RB reconfiguration complete message sent by the UE is not received, the ciphering sending unit 1104 is further configured to cipher data by using a fourth HFN, and send the data to the UE, where the fourth HFN is a sum of the second HFN and 1.
According to the network equipment provided by the embodiment of the invention, the service RB is suspended in the RB reconfiguration process, and after the reconfiguration is finished, the service RB is then suspended, so that the encryption and decryption parameter HFN can be ensured to be synchronous between the UE and the network equipment, data can be correctly decrypted, and the data transmission efficiency is improved.
Another network device provided in this embodiment of the present invention may specifically be a UTRAN, and as shown in fig. 12, the network device includes: a suspending unit 1201, an suspending unit 1202, and an encryption transmitting unit 1203;
a suspending unit 1201, configured to send a RB reconfiguration message to the UE and suspend the RB service, where data of the RB service is not transmitted during the RB reconfiguration process. When receiving an RB reconfiguration complete message sent by the UE, an unlinking unit 1202 is configured to unlink the traffic RB, where the RB reconfiguration complete message includes the first HFN. After the RB is disconnected, the data of the RB can be transmitted and processed, and the encryption sending unit 1203 is configured to encrypt the data by using the first HFN and send the encrypted data to the UE.
According to the network equipment provided by the embodiment of the invention, the service RB is suspended in the RB reconfiguration process, and after the reconfiguration is finished, the service RB is then suspended, so that the encryption and decryption parameter HFN can be ensured to be synchronous between the UE and the network equipment, data can be correctly decrypted, and the data transmission efficiency is improved.
It should be noted that the network device shown in fig. 11 and 12 of the present invention may be a single network device, that is, the modules of the network device shown in fig. 11 and 12 are integrated together, and the two network devices may also be independent devices, which is not limited by the embodiment of the present invention.
A network communication system provided in an embodiment of the present invention, as shown in fig. 13, includes a terminal 1301 and a network device 1302, wherein,
the terminal 1301 is configured to receive a RB reconfiguration message sent by the network device 1302, and configure a new ciphering parameter, where the new ciphering parameter includes a first hyper frame number HFN used to decrypt downlink data in a to-be-generated ciphering configuration; when a radio link control Reset (RLC) Reset triggering condition is met, sending a Reset to the network equipment 1302, and receiving a Reset response (Reset Ack) sent by the network equipment 1302, wherein the Reset Ack comprises a second HFN; or, when the radio link control Reset RLC Reset triggering condition is satisfied, receiving a Reset sent by the network device 1302, and replying a Reset Ack, where the Reset includes the second HFN; determining a target HFN for decrypting the downlink data according to the first HFN and the second HFN;
the network device 1302 is configured to send a radio bearer RB reconfiguration message to the user equipment UE 1301; when a radio link control Reset RLC Reset triggering condition is met, receiving a Reset sent by the UE1301, and replying a Reset response (Reset Ack), wherein the Reset Ack comprises a second Hyper Frame Number (HFN), so that the UE1301 can determine a target HFN for decrypting downlink data; or, when a radio link control Reset RLCReset trigger condition is satisfied, sending a Reset to the UE1301, and receiving a Reset Ack sent by the UE1301, where the Reset includes a second HFN, so that the UE1301 can determine a target HFN for decrypting downlink data;
optionally, the network device 1302 is further configured to suspend the service RB after sending a radio bearer RB reconfiguration message to the user equipment UE 1301; and when receiving an RB reconfiguration complete message sent by the UE1301, releasing the service RB, wherein the RB reconfiguration complete message comprises the first HFN.
The terminal 1301 includes:
a configuration unit 13011, configured to receive a RB reconfiguration message sent by a network device, and configure a new ciphering parameter, where the new ciphering parameter includes a first HFN used for decrypting downlink data in a to-be-generated ciphering configuration;
a processing unit 13012, configured to send a Reset to a network device when a radio link control Reset RLC Reset triggering condition is met, and receive a Reset response Reset Ack sent by the network device, where the Reset Ack includes a second HFN; or, the processing unit 13012 is configured to receive a Reset sent by the network device, and reply to a Reset Ack, where the Reset includes the second HFN;
a determining unit 13013, configured to determine a target HFN for decrypting the downstream data according to the first HFN and the second HFN;
the network device 1302 includes:
a sending unit 13021, configured to send a radio bearer RB reconfiguration message to the user equipment UE;
a processing unit 13022, configured to receive a Reset sent by the UE when a radio link control Reset RLC Reset trigger condition is met, and reply to a Reset response Ack, where the Reset Ack includes a second HFN, so that the UE may determine a target HFN for decrypting downlink data; or, the processing unit 13022 is configured to send a Reset to the UE, and receive a Reset Ack sent by the UE, where the Reset includes the second HFN, so that the UE may determine a target HFN for decrypting downlink data;
optionally, the network device 1302 further includes:
a suspending unit 13023, configured to send a RB reconfiguration message for radio bearer to the user equipment UE and suspend the RB service;
a suspending unit 13024, configured to suspend the service RB when receiving an RB reconfiguration complete message sent by the UE, where the RB reconfiguration complete message includes the first HFN.
Optionally, the terminal in the embodiment of the present invention is a terminal shown in fig. 10 of the present invention, and the network device is a network device shown in fig. 11 and fig. 2 of the present invention.
As shown in fig. 14, which is a schematic diagram of a physical structure of a network communication system, the diagram includes a terminal 1403 (for example, a smart phone), a terminal 1405 (for example, a cellular portable wireless phone), a terminal 1407 (for example, a tablet), a base station 1401 and a network device 1402 (for example, a radio network controller), wherein the network device sends a RB reconfiguration message to the terminal through the base station, and the terminal receives the RB reconfiguration message sent by the network device through the base station and configures new encryption parameters, and the new encryption parameters include a first HFN used for decrypting downlink data in the to-be-generated encryption configuration; when a radio link control Reset RLC Reset triggering condition is met, the terminal sends a Reset to the network equipment and receives a Reset response Reset Ack sent by the network equipment, wherein the Reset Ack comprises a second HFN; or the terminal receives a Reset sent by the network equipment and replies a Reset Ack, wherein the Reset comprises a second HFN; and the terminal determines a target HFN for decrypting the downlink data according to the first HFN and the second HFN. The scheme provided by the embodiment of the invention can correctly decrypt the data sent by the network equipment under the condition that the UE or the network equipment triggers the RLC Reset flow and the UE has the invalid encryption configuration, thereby improving the efficiency of data transmission.
The scheme provided by the embodiment of the invention is suitable for being applied to the data transmission process with an acknowledgement and retransmission mechanism similar to an AM (Acknowledged Mode).
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (12)
1. A method for synchronizing encryption and decryption parameters, comprising:
receiving a Radio Bearer (RB) reconfiguration message sent by network equipment, and configuring new encryption parameters, wherein the new encryption parameters comprise a first Hyper Frame Number (HFN) used for decrypting downlink data in to-be-generated encryption configuration;
when a radio link control Reset RLC Reset triggering condition is met, sending a Reset to the network equipment, and receiving a Reset response Reset Ack sent by the network equipment, wherein the Reset Ack comprises a second HFN; or, when a radio link control Reset RLC Reset triggering condition is met, receiving a Reset sent by the network device, and replying a Reset Ack, where the Reset includes a second HFN, and the second HFN is an HFN used by a current network device;
determining a target HFN for decrypting the downlink data according to the first HFN and the second HFN;
the determining a target HFN for decrypting downstream data according to the first HFN and the second HFN comprises:
judging whether the first HFN and the second HFN are the same;
when the first HFN and the second HFN are the same, determining the target HFN as a fourth HFN according to the second HFN, and decrypting data by using the fourth HFN;
when the first HFN and the second HFN are not the same, determining the first HFN as the target HFN and decrypting data by using the first HFN;
the fourth HFN is a sum of the second HFN and 1.
2. The method for synchronizing encryption and decryption parameters according to claim 1, wherein after the receiving a RB reconfiguration message sent by a network device and configuring new encryption parameters, the method further comprises:
sending an RB reconfiguration complete message to the network device, the RB reconfiguration complete message including the first HFN.
3. A method for synchronizing encryption and decryption parameters, comprising:
sending a Radio Bearer (RB) reconfiguration message to User Equipment (UE);
when a radio link control Reset RLC Reset triggering condition is met, receiving a Reset sent by the UE, and replying a Reset response (Reset Ack), wherein the Reset Ack comprises a second Hyper Frame Number (HFN), so that the UE can determine a target HFN for decrypting downlink data; or, when a radio link control Reset RLC Reset trigger condition is met, sending a Reset to the UE, and receiving a Reset Ack sent by the UE, where the Reset includes a second HFN, so that the UE can determine a target HFN for decrypting downlink data, where the second HFN is an HFN used by a current network equipment;
when the radio link control Reset RLC Reset triggering condition is met, receiving a Reset sent by the UE, and replying a Reset response (Reset Ack), wherein the Reset Ack comprises a second Hyper Frame Number (HFN); or, when a radio link control Reset RLC Reset triggering condition is satisfied, sending a Reset to the UE, and receiving a Reset Ack sent by the UE, where the Reset includes a second HFN, and then:
when receiving an RB reconfiguration complete message sent by the UE, the RB reconfiguration complete message comprises a first HFN, and data is encrypted by adopting the first HFN and sent to the UE;
and when the RB reconfiguration completion message sent by the UE is not received, encrypting data by adopting a fourth HFN (high frequency network) and sending the data to the UE, wherein the fourth HFN is the sum of the second HFN and 1.
4. The method for synchronizing encryption and decryption parameters according to claim 3, wherein the sending the RB reconfiguration message to the UE specifically includes:
sending a Radio Bearer (RB) reconfiguration message to User Equipment (UE) and suspending a service RB;
the method further comprises the following steps:
and when an RB reconfiguration completion message sent by the UE is received, the service RB is hung off, wherein the RB reconfiguration completion message comprises a first HFN.
5. The method for synchronizing encryption and decryption parameters according to claim 4, wherein after the suspending the service RB when receiving the RB reconfiguration complete message sent by the UE, the method further comprises:
and encrypting data by adopting the first HFN and sending the data to the UE.
6. A terminal, comprising:
a configuration unit, configured to receive a RB reconfiguration message sent by a network device, and configure a new ciphering parameter, where the new ciphering parameter includes a first HFN used for decrypting downlink data in a to-be-generated ciphering configuration;
the processing unit is used for sending a Reset to the network equipment and receiving a Reset response Reset Ack sent by the network equipment when a radio link control Reset RLC Reset triggering condition is met, wherein the Reset Ack comprises a second HFN; or, the processing unit is configured to receive a Reset sent by the network device and reply a Reset Ack when a radio link control Reset RLC Reset triggering condition is met, where the Reset includes a second HFN, and the second HFN is an HFN used by a current network device end;
a determining unit, configured to determine a target HFN for decrypting the downlink data according to the first HFN and the second HFN;
the determination unit includes:
a determination unit configured to determine whether the first HFN and the second HFN are the same;
a first determining unit configured to determine that the target HFN is a fourth HFN according to the second HFN when the first HFN and the second HFN are the same, and decrypt data using the fourth HFN;
a second determining unit configured to determine that the first HFN is the target HFN and decrypt data using the first HFN, when the first HFN and the second HFN are not the same;
the fourth HFN is a sum of the second HFN and 1.
7. The terminal of claim 6, further comprising:
a sending unit, configured to send an RB reconfiguration complete message to the network device, where the RB reconfiguration complete message includes the first HFN.
8. A network device, comprising:
a sending unit, configured to send a RB reconfiguration message to a UE;
the processing unit is used for receiving the Reset sent by the UE and replying a Reset response Reset Ack when a radio link control Reset RLC Reset triggering condition is met, wherein the Reset Ack comprises a second HFN, so that the UE can determine a target HFN for decrypting downlink data; or, the processing unit is configured to send a Reset to the UE and receive a Reset Ack sent by the UE when a radio link control Reset RLC Reset trigger condition is met, where the Reset includes a second HFN, so that the UE may determine a target HFN for decrypting downlink data, where the second HFN is an HFN used by a current network device;
the network device further includes:
a receiving unit, configured to receive an RB reconfiguration complete message sent by the UE, where the RB reconfiguration complete message includes a first HFN; an encryption sending unit, configured to encrypt data by using the first HFN and send the encrypted data to the UE when receiving an RB reconfiguration complete message sent by the UE; and when the RB reconfiguration completion message sent by the UE is not received, encrypting data by adopting a fourth HFN (high frequency network) and sending the data to the UE, wherein the fourth HFN is the sum of the second HFN and 1.
9. The network device of claim 8, wherein the network device further comprises a suspend unit and a suspend unit,
the suspension unit is used for suspending the service RB when the sending unit sends a radio bearer RB reconfiguration message to the user equipment UE;
the suspending unit is configured to suspend the service RB when the receiving unit receives an RB reconfiguration complete message sent by the UE, where the RB reconfiguration complete message includes the first HFN.
10. The network device of claim 9, wherein the network device further comprises:
and the encryption sending unit is used for encrypting the data by adopting the first HFN and sending the data to the UE.
11. A network communication system, comprising a terminal and a network device, wherein,
the terminal is used for receiving a Radio Bearer (RB) reconfiguration message sent by network equipment and configuring new encryption parameters, wherein the new encryption parameters comprise a first Hyper Frame Number (HFN) used for decrypting downlink data in to-be-generated encryption configuration; when a radio link control Reset RLC Reset triggering condition is met, sending a Reset to the network equipment, and receiving a Reset response Reset Ack sent by the network equipment, wherein the Reset Ack comprises a second HFN; or, when a radio link control Reset RLC Reset triggering condition is met, receiving a Reset sent by the network device, and replying a Reset Ack, where the Reset includes a second HFN, and the second HFN is an HFN used by a current network device; determining a target HFN for decrypting the downlink data according to the first HFN and the second HFN;
the network equipment is used for sending a Radio Bearer (RB) reconfiguration message to User Equipment (UE); when a radio link control Reset RLC Reset triggering condition is met, receiving a Reset sent by the UE, and replying a Reset response (Reset Ack), wherein the Reset Ack comprises a second Hyper Frame Number (HFN), so that the UE can determine a target HFN for decrypting downlink data; or, when a radio link control Reset RLC Reset trigger condition is met, sending a Reset to the UE, and receiving a Reset Ack sent by the UE, where the Reset includes a second HFN, so that the UE may determine a target HFN for decrypting downlink data;
the terminal is further configured to determine whether the first HFN and the second HFN are the same;
when the first HFN and the second HFN are the same, determining the target HFN as a fourth HFN according to the second HFN, and decrypting data by using the fourth HFN;
when the first HFN and the second HFN are not the same, determining the first HFN as the target HFN and decrypting data by using the first HFN;
the fourth HFN is the sum of the second HFN and 1;
the network device is further configured to, when receiving an RB reconfiguration complete message sent by the UE, the RB reconfiguration complete message includes a first HFN; an encryption sending unit, configured to encrypt data by using the first HFN and send the encrypted data to the UE when receiving an RB reconfiguration complete message sent by the UE; and when the RB reconfiguration completion message sent by the UE is not received, encrypting data by adopting a fourth HFN (high frequency network) and sending the data to the UE, wherein the fourth HFN is the sum of the second HFN and 1.
12. The network communication system according to claim 11,
the terminal includes:
a configuration unit, configured to receive a RB reconfiguration message sent by a network device, and configure a new ciphering parameter, where the new ciphering parameter includes a first HFN used for decrypting downlink data in a to-be-generated ciphering configuration;
the processing unit is used for sending a Reset to the network equipment and receiving a Reset response Reset Ack sent by the network equipment when a radio link control Reset RLC Reset triggering condition is met, wherein the Reset Ack comprises a second HFN; or, the processing unit is configured to receive a Reset sent by the network device, and reply to a Reset Ack, where the Reset includes the second HFN;
a determining unit, configured to determine a target HFN for decrypting the downlink data according to the first HFN and the second HFN;
the network device includes:
a sending unit, configured to send a RB reconfiguration message to a UE;
the processing unit is used for receiving the Reset sent by the UE and replying a Reset response Reset Ack when a radio link control Reset RLC Reset triggering condition is met, wherein the Reset Ack comprises a second HFN, so that the UE can determine a target HFN for decrypting downlink data; or, the processing unit is configured to send a Reset to the UE, and receive a Reset Ack sent by the UE, where the Reset includes the second HFN, so that the UE may determine a target HFN for decrypting downlink data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210063560.2A CN102547689B (en) | 2012-03-12 | 2012-03-12 | Method and device for synchronizing encrypting and decrypting parameters |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210063560.2A CN102547689B (en) | 2012-03-12 | 2012-03-12 | Method and device for synchronizing encrypting and decrypting parameters |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102547689A CN102547689A (en) | 2012-07-04 |
| CN102547689B true CN102547689B (en) | 2014-12-24 |
Family
ID=46353396
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210063560.2A Active CN102547689B (en) | 2012-03-12 | 2012-03-12 | Method and device for synchronizing encrypting and decrypting parameters |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102547689B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106559912B (en) * | 2015-09-24 | 2020-03-20 | 联芯科技有限公司 | Triggering method and device of RLC reset procedure |
| BR112023019809A2 (en) * | 2021-03-31 | 2024-01-16 | Beijing Xiaomi Mobile Software Co Ltd | METHOD FOR DETERMINING A HYPERFRAME NUMBER OF A PACKET DATA CONVERGENCE PROTOCOL ENTITY, COMMUNICATION DEVICE, AND, COMPUTER READABLE STORAGE MEDIUM HAVING INSTRUCTIONS STORED THEREON |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101360040A (en) * | 2007-08-03 | 2009-02-04 | 上海摩波彼克半导体有限公司 | Method assuring ciphered parameter synchronization when resetting mobile terminal and link between networks |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100559979B1 (en) * | 2003-04-03 | 2006-03-13 | 엘지전자 주식회사 | Message transmission method in mobile communication system |
-
2012
- 2012-03-12 CN CN201210063560.2A patent/CN102547689B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101360040A (en) * | 2007-08-03 | 2009-02-04 | 上海摩波彼克半导体有限公司 | Method assuring ciphered parameter synchronization when resetting mobile terminal and link between networks |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102547689A (en) | 2012-07-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109691155B (en) | Method and apparatus for managing user plane operations in a wireless communication system | |
| KR102460648B1 (en) | Method and apparatus for implementing bearer specific changes as part of connection reconfiguration affecting the security keys used | |
| CN103458402B (en) | Evolved universal terrestrial radio access network, its communication method, and user equipment | |
| US7817595B2 (en) | Communication system, user device thereof and synchronization method thereof | |
| US8379855B2 (en) | Ciphering in a packet-switched telecommunications system | |
| US20070265875A1 (en) | Method and apparatus for setting ciphering activation time in a wireless communications system | |
| US11297493B2 (en) | Data transmission method, related device, and communications system | |
| CN108282292B (en) | Method, sending end and receiving end for processing data | |
| JP6806411B2 (en) | Systems and methods for maintaining synchronization in connectionless transmission | |
| WO2017020302A1 (en) | Method and apparatus for establishing data radio bearer | |
| CN111163081B (en) | Data transmission method, device, equipment and storage medium | |
| CN102348203B (en) | Method for realizing encryption synchronization | |
| CN103607261A (en) | Data transmission method and device | |
| CN112673675B (en) | Sequence Number (SN) synchronization mechanism in RLC-based packet forwarding | |
| EP3456146B1 (en) | Method and device for loss mitigation during device to device communication mode switching | |
| US10880737B2 (en) | Method and apparatus for refreshing the security keys of a subset of configured radio bearers | |
| CN102547689B (en) | Method and device for synchronizing encrypting and decrypting parameters | |
| CN109327833B (en) | Communication method and device | |
| JP6516402B2 (en) | User apparatus and layer 2 state control method | |
| KR20210023687A (en) | Method for managing security key of mobile communication system, and apparatus therefor | |
| CN113573357B (en) | Method, system, storage medium and terminal for receiving downlink data | |
| CN116456333A (en) | Encrypting a MAC header field for WLAN privacy enhancement | |
| JP2014216847A (en) | Base station and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |