CN119155677A - Communication method and communication device - Google Patents

Abstract

A communication method includes: a core network device sends a security mode command message including a first value of a first identifier to a terminal device, receives a security mode completion message including a first value of a second identifier from the terminal device, and when the first value of the first identifier and the first value of the second identifier are the same, the core network device derives a key according to the parameters included in the security mode completion message, and provides the derived key to the access network device. The identifier is carried in the security mode command message and the security mode completion message, and the core network device can determine that the received security mode completion message is a response to a certain security mode command message according to the identifier, so that the core network device and the terminal device can derive the key according to the same parameters, so that the terminal side and the access network device side can perform subsequent access layer security verification based on the same key, thereby increasing the possibility of successful access layer security verification.

Description

Communication method and communication device

Technical Field

The present application relates to the field of communications, and more particularly, to a communication method and a communication apparatus.

Background

When the network device starts the security mode control flow (Security mode control procedure), after the network side sends a security mode command (Security mode command) message to the terminal side, the terminal device responds to the Security modecommand message and replies a security mode completion (Security mode complete) message to the network side.

Specifically, the terminal device and the network side may derive the key based on parameters in Security mode complete messages, if there is a Security mode command message retransmission, some parameters such as NAS count may be misaligned, which may further cause the network side to use parameters different from those of the terminal side to perform key derivation, and the key derived by the network side may be provided to the access network device side, so that the access network device may perform subsequent access layer security verification based on the key. If the network side uses different parameters from the terminal side to conduct key deduction, the terminal side and the access network equipment side use different keys to conduct subsequent access layer security check, and the access layer security check fails. How to improve the possibility of successful security check of the access layer becomes a problem to be solved.

Disclosure of Invention

The application provides a communication method which is beneficial to realizing that a terminal side and an access network equipment side can carry out subsequent access layer security check based on the same secret key and improving the possibility of success of the access layer security check.

In a first aspect, a method of communication is provided. The method may be performed by a core network device or may be performed by a component (e.g., a chip or a circuit) of the core network device, which is not limited by the present application. For convenience of description, a core network device implementation example will be described below.

The communication method comprises the steps that core network equipment sends a first security mode command message to terminal equipment, the first security mode command message comprises a first value of a first identifier, the first value of the first identifier is used for identifying the first security mode command message, the core network equipment receives a first security mode completion message from the terminal equipment, the first security mode completion message comprises a first value of a second identifier, the first value of the second identifier is used for identifying the first security mode completion message, under the condition that the first value of the first identifier is the same as the first value of the second identifier, the core network equipment deduces a secret key according to parameters included in the first security mode completion message, and the core network equipment sends the secret key to access network equipment.

Based on the above scheme, the security mode command message sent by the core network device carries the value of the first identifier, so as to identify the security mode command message. And the security mode completion message sent by the terminal device also carries a value of the second identifier, so as to identify which security mode command message the security mode completion message is a response message of. The core network device can determine whether the security mode completion message is a response of the security mode command message according to the value of the second identifier carried in the received security mode completion message, namely, the core network device can determine the current message process, and further, the core network device can more accurately judge which parameter carried by the security mode completion message is used for deducing the key, so that the parameter of the key deduced by the core network device can be the same as the parameter of the key deduced by the terminal, and the core network device can provide the deduced key to the access network device, so that the terminal side and the access network device side can carry out subsequent access layer security verification based on the same key, and the possibility of successful access layer security verification is improved.

Illustratively, the key is used to generate the key required for access stratum security check.

With reference to the first aspect, in certain implementation manners of the first aspect, before the core network device sends the first security mode command message to the terminal device, the method further includes sending, by the core network device, a second security mode command message to the terminal device, where the second security mode command message includes a second value of the first identifier, and the second value of the first identifier is used to identify the second security mode command message, and the first value of the first identifier is different from the second value of the first identifier.

Based on the above scheme, in the case that the core network device retransmits the security mode command message, the retransmitted security mode command message and the first identifier carried in the primary security mode command message have different values, so that the core network device can determine whether the security mode command message is a response of the retransmitted security mode command message or a response of the primary security mode command message according to the value of the first identifier carried in the received security mode command message.

Furthermore, the core network device may derive the key according to the parameter carried by the response message of the retransmitted security mode command message, so that, in the case of retransmission of the message, the parameter of the core network device derived key may still be the same as the parameter of the terminal derived key.

With reference to the first aspect, in certain implementation manners of the first aspect, before the core network device receives the first security mode completion message from the terminal device, the method further includes the core network device receiving a second security mode completion message from the terminal device, where the second security mode completion message includes a second value of the second identifier, and the second value of the second identifier is used to identify the second security mode completion message, and where the second value of the second identifier is the same as the second value of the first identifier.

In this way, the core network device may determine, according to the second value of the first identifier carried in the second secure mode command message, that the second secure mode completion message is a response message of the first transmitted second secure mode command message, instead of a response message of the retransmitted first secure mode command message, which is the same as the second value of the second identifier carried in the second secure mode completion message. The core network device may derive the key not from parameters included in the second security mode complete message, but from parameters of the first security mode complete message after receiving the first security mode complete message. Or the core network device may derive the key from the parameters included in the second security mode complete message, but temporarily without first sending the key to the access network device.

With reference to the first aspect, in some implementations of the first aspect, before the core network device sends a first security mode command message to the terminal device, the method further includes sending, by the core network device, a third security mode command message to the terminal device, where the third security mode command message includes a third value of the first identifier, the third value of the first identifier being used to identify the third security mode command message, sending, by the core network device, a fourth security mode command message to the terminal device, where the fourth security mode command message includes a fourth value of the first identifier, where the fourth value of the first identifier is used to identify the fourth security mode command message, where the fourth security mode command message is a retransmission message of the third security mode command message, where the fourth value of the first identifier is different from the third value of the first identifier, and receiving, by the core network device, a fourth security mode completion message from the terminal device, where the fourth security mode completion message includes the fourth value of the second identifier, where the fourth value of the fourth identifier is used to identify the fourth security mode completion message.

The core network device sending a first security mode command message to a terminal device includes that the core network device sends the first security mode command message to the terminal device when a fourth value of the second identifier is the same as a fourth value of the first identifier, and the fourth security mode completion message is used for indicating that the terminal device supports long term evolution LTE communication.

Based on the above scheme, the core network device may have retransmitted a certain security mode command message before transmitting the first security mode command message, for example, the core network device transmits a third security mode command message to the terminal device, and after the timer expires, transmits a fourth security mode command message to the terminal device, where the fourth security mode command message is a retransmission message of the third security mode command message. In this case, the core network device may send the first security mode command message to the terminal device after receiving a response message (e.g., the fourth security mode completion message) of the retransmitted security mode command message, so that the core network device explicitly knows the capability of the terminal device from the response message of the retransmitted security mode command message, thereby sending parameters matching the capability of the terminal device to the terminal device. For example, when the technical scheme is applied to a scenario that the core network device activates the security key and the encryption and decryption algorithm through the security mode command message, and configures the encryption and decryption algorithm through another security mode command message, before sending the security mode command message configuring the encryption and decryption algorithm, the core network device needs to determine that the response of the terminal device to the security mode command message activating the security key and the encryption and decryption algorithm has been received, so as to avoid performing key deduction under the condition that the flow of activating the security key and the encryption and decryption algorithm fails.

With reference to the first aspect, in certain implementation manners of the first aspect, before the core network device receives the fourth security mode completion message from the terminal device, the method further includes the core network device receiving a third security mode completion message from the terminal device, where the third security mode completion message includes a third value of the second identifier, where the third value of the second identifier is used to identify the third security mode completion message, and discarding the third security mode completion message by the core network device if the third value of the second identifier is different from the fourth value of the first identifier.

Based on the above scheme, if the core network device retransmits a certain security mode completion message, the core network device receives a response of the security mode completion message, and can determine that the response message is not a response of retransmitting the security mode completion message according to the value of the second identifier carried in the response message of the security mode completion message, so that the response message can be discarded, and the processing is not performed, thereby saving resources.

With reference to the first aspect, in certain implementation manners of the first aspect, a parameter included in the first security mode completion message is uplink count value information. The specific parameter is a non-access stratum NAS uplink count value.

With reference to the first aspect, in certain implementation manners of the first aspect, the core network device is an access mobility management network element.

With reference to the first aspect, in certain implementations of the first aspect, the first identifier is carried in a message header of the first secure mode command message.

With reference to the first aspect, in certain implementation manners of the first aspect, the method further includes the core network device saving a first value of the first identifier.

In a second aspect, a communication method is provided, which may be performed by a terminal device, or may also be performed by a chip or a circuit configured in the terminal device, which is not limited by the present application. For convenience, the following description will be made with a terminal device execution example.

The communication method comprises the steps that a terminal device receives a first security mode command message from core network equipment, the first security mode command message comprises a first value of a first identifier, the first value of the first identifier is used for identifying the first security mode command message, the terminal device responds to the first security mode command message to send a first security mode completion message to the core network equipment, the first security mode completion message comprises a first value of a second identifier, the first value of the second identifier is used for identifying the first security mode completion message, and the first value of the first identifier is identical to the first value of the second identifier, and the terminal device deduces a secret key according to parameters included in the first security mode completion message.

Illustratively, the key is used to generate the key required for access stratum security check.

With reference to the second aspect, in some implementations of the second aspect, before the terminal device receives the first security mode command message from the core network device, the method further includes the terminal device receiving a second security mode command message from the core network device, the second security mode command message including a second value of the first identifier, the second value of the first identifier being used to identify the second security mode command message, the terminal device sending a second security mode complete message to the core network device in response to the second security mode command message, the second security mode complete message including a second value of the second identifier, the second value of the second identifier being used to identify the second security mode complete message, wherein the second value of the second identifier is the same as the second value of the first identifier, and the first value of the first identifier and the second value of the first identifier are different.

With reference to the second aspect, in some implementations of the second aspect, before the terminal device receives the first security mode command message from the core network device, the method further includes the terminal device receiving a third security mode command message from the core network device, the third security mode command message including a third value of the first identifier, the third value of the first identifier being used to identify the third security mode command message, the terminal device sending a third security mode complete message to the core network device in response to the third security mode command message, the third security mode complete message including a third value of the second identifier, the third value of the second identifier being used to identify the third security mode complete message, the terminal device receiving a fourth security mode command message from the core network device, the fourth security mode command message including a fourth value of the first identifier, the fourth value of the first identifier being used to identify the fourth security mode command message, the terminal device sending a fourth value of the first identifier and the fourth value of the fourth identifier being used to identify the fourth security mode command message, the terminal device sending the fourth security mode command message including a fourth value of the fourth identifier, the fourth value of the fourth security mode command message being used to trigger the fourth security mode command message to complete the fourth security mode command message.

The technical effects of the method shown in the above second aspect and its possible designs can be referred to the technical effects in the first aspect and its possible designs.

In a third aspect, a communication device is provided for implementing the method shown in the first aspect. The device comprises a receiving and transmitting unit and a processing unit, wherein the receiving and transmitting unit is used for receiving and transmitting information, and the processing unit is used for executing internal processing actions.

In a fourth aspect, a communication device is provided for implementing the method shown in the second aspect. The device comprises a receiving and transmitting unit and a processing unit, wherein the receiving and transmitting unit is used for receiving and transmitting information, and the processing unit is used for executing internal processing actions.

In a fifth aspect, a communication method is provided, which may be performed by a terminal device, or may also be performed by a chip or a circuit configured in the terminal device, which is not limited by the present application. For convenience, the following description will be made with a terminal device execution example.

The communication method comprises the steps that a terminal device receives a fifth security mode command message from an access network device, the terminal device conducts integrity protection checking and/or decryption on the fifth security mode command message based on a first key, if the integrity protection checking and/or decryption fails, the terminal device conducts integrity protection checking and/or decryption on the fifth security mode command message based on a second key, wherein the first key is derived based on a first parameter in a seventh security mode completion message, the second key is derived based on a second parameter in a sixth security mode completion message, the seventh security mode completion message and the sixth security mode completion message are sent in a non-access layer security mode control flow, and the sixth security mode completion message is sent before the seventh security mode completion message.

Based on the above scheme, after receiving the security mode command message of the access network device, the terminal device performs integrity protection check and/or decryption on the security mode command message, if the integrity protection check and/or decryption fails, the integrity protection check and/or decryption can be performed again by the rollback key, where the key used by the terminal device is derived based on different parameters, and the different parameters are carried in different security mode completion messages, where the different security mode completion messages are security mode completion messages sent by the terminal device to the core network device in the non-access layer security mode control flow, and the core network device may also perform key derivation based on the parameters in the different security mode completion messages to obtain a corresponding key, and provide the derived key to the access network device, so that the access network device may perform subsequent access layer security check based on the corresponding key.

In the technical scheme, the key at the access network device side is provided by the core network device, the core network device receives a plurality of security mode completion messages from the terminal device, the parameter used by the core network device to deduce the key may be a parameter carried in a certain security mode completion message in the plurality of security mode completion messages, and the parameter used by the terminal device to deduce the key may be different, so if the terminal device fails to verify the rollback key again, the used key may be exactly the same as the key provided by the core network device to the access network device, so that the terminal side and the access network device side can carry out subsequent access layer security verification based on the same key, and the possibility of successful access layer security verification is improved.

With reference to the fifth aspect, in some implementation manners of the fifth aspect, the method further includes, in the non-access stratum security mode control flow, the terminal device receiving a sixth security mode command message from a core network device, in response to the sixth security mode command message, the terminal device sending the sixth security mode completion message to the core network device, deriving the second key based on a second parameter, the terminal device receiving a seventh security mode command message from the core network device, after sending the sixth security mode completion message, the terminal device sending the seventh security mode completion message to the core network device in response to the seventh security mode command message, deriving the first key based on the first parameter.

With reference to the fifth aspect, in certain implementation manners of the fifth aspect, the method further includes the terminal device saving the second key, where the terminal device deduces the second key after the terminal device generates the sixth secure mode complete message or after the terminal device sends the sixth secure mode complete message, or after the terminal device determines the second parameter in the sixth secure mode complete message.

Based on the scheme, the terminal equipment can store the deduced secret key, so that the secret key is directly used for verification under the condition that the follow-up needs to use the secret key for carrying out integrity protection verification on the security mode command message received from the access network equipment, and the verification processing speed is improved.

With reference to the fifth aspect, in certain implementation manners of the fifth aspect, after the terminal device generates the sixth security mode complete message or after the terminal device sends the sixth security mode complete message, or after the terminal device determines the second parameter in the sixth security mode complete message, the method further includes the terminal device saving the second parameter, and the terminal device deducing that the second key is performed after the verification fails based on the second parameter.

Based on the scheme, the terminal equipment can save the parameters in the security mode completion message, and when the parameter deduction key is needed and the integrity protection verification is carried out on the security mode command message received from the access network equipment based on the key, the parameter deduction key is used, and compared with the key obtained by saving the parameter deduction, a certain saving space can be saved.

With reference to the fifth aspect, in certain implementation manners of the fifth aspect, before the terminal device performs integrity protection checking on the fifth security mode command message based on the second key, the method further includes the terminal device determining that a number of times of integrity protection checking on the fifth security mode command message is less than a first threshold.

Based on the scheme, the terminal equipment can determine the times of multiple checks according to the first threshold value, so that the situation that security risks are brought due to the fact that security heuristics are continuously performed is avoided.

With reference to the fifth aspect, in some implementations of the fifth aspect, if the terminal device fails to perform integrity protection checking on the fifth security mode command message based on the second key, the method further includes the terminal device determining that checking fails, or the terminal device performs integrity protection checking on the fifth security mode command message based on a third key, where the third key is derived based on a third parameter in a fifth security mode completion message, and the fifth security mode completion message is sent in the non-access stratum security mode control flow and is sent earlier than the sixth security mode completion message.

With reference to the fifth aspect, in some implementations of the fifth aspect, the first parameter is first uplink count value information, the second parameter is second uplink count value information, and the third parameter is third uplink count value information.

With reference to the fifth aspect, in certain implementations of the fifth aspect, the core network device is an access mobility management network element.

In a sixth aspect, a communication device is provided for implementing the method shown in the sixth aspect. The device comprises a receiving and transmitting unit and a processing unit, wherein the receiving and transmitting unit is used for receiving and transmitting information, and the processing unit is used for executing internal processing actions.

In a seventh aspect, a communication method is provided. The method may be performed by a core network device or may be performed by a component (e.g., a chip or a circuit) of the core network device, which is not limited by the present application. For convenience of description, a core network device implementation example will be described below.

The communication method comprises the steps that core network equipment receives an eighth safety mode completion message from terminal equipment, wherein the eighth safety mode completion message comprises a fourth parameter, and if the safety mode command message is retransmitted due to overtime of a first timer before the eighth safety mode completion message is received, the core network equipment starts a second timer;

In case the second timer has expired without receiving further security mode complete messages from the terminal device, the core network device sends a fourth key to the access network device, the fourth key being derived from the fourth parameter, or

Before the second timer times out, the core network device receives a ninth security mode completion message from the terminal device, and the core network device derives a fifth key according to a fifth parameter in the ninth security mode completion message, and sends the fifth key to the access network device.

Based on the above scheme, before receiving the secure mode completion message deduction key from the terminal device, if it is determined that the secure mode command message is retransmitted before due to the timeout of the first timer, the core network device does not transmit the key to the access network device temporarily, starts a second timer, waits for the timeout of the second timer and transmits the key to the access network device or receives the secure mode completion message again and deducts a new key and transmits the new key to the access network device. The core network is prevented from sending the key deduced based on the parameters in the received eighth security mode completion message to the access network device too early, the terminal device sends the ninth security mode completion message after sending the ninth security mode completion message, the terminal device can deduce the key based on the parameters carried in the ninth security mode completion message, if the core network device delays sending the key, the core network device can deduce the key based on the parameters carried in the ninth security mode completion message after receiving the ninth security mode completion message, so that the key sent by the core network device to the access network device can be the same as the key used by the terminal, the terminal side and the access network device side can carry out subsequent access layer security verification based on the same key, and the possibility of successful access layer security verification is improved.

With reference to the seventh aspect, in some implementation manners of the seventh aspect, the method further includes the core network device deriving the fourth key according to the fourth parameter. Optionally, the deriving the fourth key is performed after the second timer expires. Alternatively, the deriving of the fourth key may not be limited to being performed after the second timer expires, for example, after receiving the eighth security mode complete message.

With reference to the seventh aspect, in some implementation manners of the seventh aspect, before the core network device receives the eighth security mode completion message from the terminal device, the method further includes the core network device sending an eighth security mode command message to the terminal device and starting the first timer, and after the first timer expires, the core network device sending a ninth security mode command message to the terminal device, where the ninth security mode command message is a retransmission message of the eighth security mode command message.

With reference to the seventh aspect, in certain implementations of the seventh aspect, the fourth parameter is fourth uplink count value information, and the fifth parameter is fifth uplink count value information.

With reference to the seventh aspect, in certain implementations of the seventh aspect, the core network device is an access mobility management network element.

In an eighth aspect, a communication device is provided for implementing the method shown in the seventh aspect. The device comprises a receiving and transmitting unit and a processing unit, wherein the receiving and transmitting unit is used for receiving and transmitting information, and the processing unit is used for executing internal processing actions.

In a ninth aspect, a communication method is provided. The method may be performed by a core network device or may be performed by a component (e.g., a chip or a circuit) of the core network device, which is not limited by the present application. For convenience of description, a core network device implementation example will be described below.

The communication method comprises the steps that core network equipment receives an eighth security mode completion message from terminal equipment, if the eighth security mode completion message is received, the core network equipment starts a third timer due to the fact that a first timer is overtime to retransmit a security mode command message, and if other security mode completion messages from the terminal equipment are not yet overtime, the core network equipment sends a tenth security mode command message to the terminal equipment and restarts the first timer, or

And before the third timer is overtime, the core network device receives a ninth safety mode completion message from the terminal device, and after receiving the ninth safety mode completion message, the core network device sends a tenth safety mode command message to the terminal device and restarts the first timer.

Based on the above scheme, when the security mode command message sequentially sent by the core network device to the terminal device includes an eighth security mode command message and a ninth security mode command message, and the ninth security mode command message is a retransmission message of the eighth security mode command message, the sending time of the subsequent security mode command message is deferred, so that the core network device can send the subsequent security mode command message after receiving a response message of the retransmitted security mode command message (e.g., the ninth security mode command message), thereby avoiding that the core network device misconsiders that the received response message of the ninth security mode command message is the response message of the subsequently sent security mode command message, and using parameters different from the terminal device side to deduce a key, and leading to failure of security check of the access layer.

With reference to the ninth aspect, in some implementation manners of the ninth aspect, before the core network device receives the eighth security mode completion message from the terminal device, the method further includes the core network device sending an eighth security mode command message to the terminal device and starting the first timer, and after the first timer expires, the core network device sending a ninth security mode command message to the terminal device, where the ninth security mode command message is a retransmission message of the eighth security mode command message.

With reference to the ninth aspect, in some implementations of the ninth aspect, the core network device is an access mobility management network element.

In a tenth aspect, a communication device is provided for implementing the method shown in the ninth aspect. The device comprises a receiving and transmitting unit and a processing unit, wherein the receiving and transmitting unit is used for receiving and transmitting information, and the processing unit is used for executing internal processing actions.

In an eleventh aspect, a communication method is provided. The method may be performed by the access network device or may be performed by a component (e.g., a chip or a circuit) of the access network device, which is not limited by the present application. For ease of description, the following description will be given by taking an access network device implementation as an example.

The communication method comprises the steps that access network equipment receives a fourth key from core network equipment, the access network equipment sends an access layer security mode command message to terminal equipment after carrying out integrity protection on the access layer security mode command message based on the fourth key, the access network equipment receives an access layer security mode failure message from the terminal equipment, the access network equipment sends a first request message to the core network equipment, the first request message is used for requesting the key, the access network equipment receives a fifth key from the core network equipment, and the access network equipment carries out access layer security mode control flow again based on the fifth key.

Based on the above scheme, when the access network device receives the security mode failure message from the terminal device, the access network device does not directly send the connection release message to the UE, but can re-request the core network device to provide the key, and re-initiate the access layer security mode control flow based on the key re-acquired from the core network device, wherein the key used by the access network device to initiate the access layer security mode control flow twice is derived based on different parameters, and the different parameters are carried in different security mode completion messages, which are security mode completion messages sent by the terminal device to the core network device in the non-access layer security mode control flow. Specifically, the core network device performs key deduction based on parameters in the different security mode completion messages to obtain corresponding keys, and provides the deduced keys to the access network device, so that the access network device can perform subsequent access layer security verification based on the corresponding keys.

With reference to the eleventh aspect, in certain implementations of the eleventh aspect, the fourth key is derived based on a fourth parameter in an eighth security mode complete message, the fifth key is derived based on a fifth parameter in a ninth security mode complete message, the eighth security mode complete message and the ninth security mode complete message are sent in a non-access stratum security mode control flow, and the eighth security mode complete message is sent before the ninth security mode complete message.

In the technical scheme, the key at the access network device side is provided by the core network device, the core network device receives a plurality of security mode completion messages from the terminal device, the parameter used by the core network device to deduce the key may be a parameter carried in a certain security mode completion message in the plurality of security mode completion messages, and the parameter used by the terminal device to deduce the key may be different, so if the access network device receives the access layer security mode failure message, the key is acquired from the core network device again, and the access layer security mode control flow is initiated again based on the acquired key, the used key may be exactly the same as the key based on which the terminal device verifies the access layer security mode command message, so that the terminal side and the access network device side can carry out subsequent access layer security verification based on the same key, and the possibility of success of the access layer security verification is improved.

With reference to the eleventh aspect, in some implementations of the eleventh aspect, the sending, by the access network device, the first request message to the core network device includes sending, by the access network device, the first request message to the core network device if the access layer security mode failure message indicates that integrity protection checking of the access layer security mode command message fails.

With reference to the eleventh aspect, in some implementations of the eleventh aspect, the core network device is an access mobility management network element.

In a twelfth aspect, a communication method is provided. The method may be performed by a core network device or may be performed by a component (e.g., a chip or a circuit) of the core network device, which is not limited by the present application. For convenience of description, a core network device implementation example will be described below.

The communication method comprises the steps that core network equipment receives an eighth security mode completion message from terminal equipment, the eighth security mode completion message comprises a fourth parameter, the core network equipment deduces to obtain a fourth key according to the fourth parameter and sends the fourth key to access network equipment, the core network equipment receives a ninth security mode completion message from the terminal equipment, the ninth security mode completion message comprises a fifth parameter, the core network equipment receives a first request message from the access network equipment, the first request message is used for requesting the key, the core network equipment sends a fifth key to the access network equipment, and the fifth key is deduced according to the fifth parameter.

With reference to the twelfth aspect, in some implementations of the twelfth aspect, before the core network device receives the eighth security mode complete message from the terminal device, the method further includes the core network device sending an eighth security mode command message to the terminal device and starting the first timer, and after the first timer expires, the core network device sending a ninth security mode command message to the terminal device, where the ninth security mode command message is a retransmission message of the eighth security mode command message.

With reference to the twelfth aspect, in some implementations of the twelfth aspect, the method further includes the core network device deriving the fifth key according to the fifth parameter. Optionally, the deriving the fifth key is performed after receiving the first request message. Alternatively, the deriving of the fifth key may not be limited to being performed after the first request message is received, for example, the deriving is performed after the ninth security mode complete message is received.

With reference to the twelfth aspect, in some implementations of the twelfth aspect, the method further includes the core network device storing the fifth key and/or the fifth parameter.

With reference to the twelfth aspect, in some implementations of the twelfth aspect, the core network device is an access mobility management network element.

In a thirteenth aspect, a communication device is provided for implementing the method shown in the eleventh aspect. The device comprises a receiving and transmitting unit and a processing unit, wherein the receiving and transmitting unit is used for receiving and transmitting information, and the processing unit is used for executing internal processing actions.

In a fourteenth aspect, a communications device is provided for implementing the method of the twelfth aspect described above. The device comprises a receiving and transmitting unit and a processing unit, wherein the receiving and transmitting unit is used for receiving and transmitting information, and the processing unit is used for executing internal processing actions.

In a fifteenth aspect, a method of communication is provided. The method may be performed by the access network device or may be performed by a component (e.g., a chip or a circuit) of the access network device, which is not limited by the present application. For ease of description, the following description will be given by taking an access network device implementation as an example.

The communication method comprises the steps that access network equipment receives a fourth key from core network equipment, after the access network equipment performs integrity protection on an access layer security mode command message based on the fourth key, the access network equipment sends the access layer security mode command message to terminal equipment, the access network equipment receives an access layer security mode failure message from the terminal equipment, and the access network equipment starts a fourth timer;

in case the fourth timer has expired without receiving the fifth key from the core network device, the access network device sends a radio resource control release message to the terminal device, or

And before the fourth timer is overtime, the access network equipment receives a fifth key from the core network equipment, and the access network equipment carries out the access layer security mode control flow again based on the fifth key.

Based on the above scheme, when the access network device receives the security mode failure message from the terminal device, the access network device may temporarily not feed back the connection release message, but start a fourth timer such as a fourth timer to send the connection release message to the terminal device after the fourth timer times out, so as to release the connection between the terminal device and the access network device. Or other keys provided by the core network are received before the fourth timer expires, and the access layer security mode control flow can be retried to be initiated based on the received keys, so that the possibility of success of the access layer security check is improved.

With reference to the fifteenth aspect, in certain implementations of the fifteenth aspect, the fourth key is derived based on a fourth parameter in an eighth secure mode complete message, the fifth key is derived based on a fifth parameter in a ninth secure mode complete message, the eighth secure mode complete message and the ninth secure mode complete message are sent in a non-access stratum secure mode control flow, and the eighth secure mode complete message is sent before the ninth secure mode complete message. In the technical scheme, the key used by the access network equipment for initiating the access layer security mode control flow twice is derived based on different parameters, and the different parameters are carried in different security mode completion messages, wherein the different security mode completion messages are security mode completion messages sent by the terminal equipment to the core network equipment in the security mode control flow. Specifically, the core network device performs key deduction based on parameters in the different security mode completion messages to obtain corresponding keys, and provides the deduced keys to the access network device, so that the access network device can perform subsequent access layer security verification based on the corresponding keys.

That is, the key at the access network device side is provided by the core network device, and the core network device receives a plurality of security mode completion messages from the terminal device, the parameter used by the core network device to derive the key may be a parameter carried in a certain security mode completion message in the plurality of security mode completion messages, and the parameter may be different from the parameter used by the terminal device to derive the key, so if the access network device receives the access layer security mode failure message, the access layer security mode control procedure is initiated again based on the obtained key, and the used key may be exactly the same as the key based on which the terminal device verifies the access layer security mode command message, so that the terminal device and the access network device side can perform subsequent access layer security verification based on the same key, thereby improving the possibility of success of the access layer security verification.

With reference to the fifteenth aspect, in certain implementations of the fifteenth aspect, the fourth timer is stopped after the access network device receives the fifth key.

In a fifteenth aspect, a communications apparatus is provided for implementing the method of the fourteenth aspect described above. The device comprises a receiving and transmitting unit and a processing unit, wherein the receiving and transmitting unit is used for receiving and transmitting information, and the processing unit is used for executing internal processing actions.

A sixteenth aspect provides a communication system comprising a core network device for performing the method of the first aspect and a terminal device for performing the method of the second aspect.

A seventeenth aspect provides a communication device comprising a memory for storing a program, and a processor for executing the program stored in the memory, the processor being adapted to perform the method provided in the above aspects when the program stored in the memory is executed.

In an eighteenth aspect, the present application provides a processor configured to perform the method provided in the above aspects. In executing these methods, the process of transmitting the above information and acquiring/receiving the above information in the above methods can be understood as a process of outputting the above information by a processor and a process of receiving the above information inputted by the processor. When outputting the information, the processor outputs the information to the transceiver for transmission by the transceiver. This information, after being output by the processor, may also require additional processing before reaching the transceiver. Similarly, when the processor receives the input of the above information, the transceiver acquires/receives the above information and inputs it to the processor. Further, after the transceiver receives the information, the information may need to be further processed and then input to the processor.

Based on the above principle, for example, the reception request message mentioned in the foregoing method may be understood as information that the processor receives input.

With respect to operations such as transmitting, transmitting and acquiring/receiving, etc., that are referred to by a processor, unless specifically stated otherwise or if not contradicted by actual or inherent logic in the relevant description, the operations such as outputting and receiving, inputting, etc., by the processor are more generally understood as being operations such as transmitting, transmitting and receiving, rather than directly by radio frequency circuitry and antennas.

In implementation, the processor may be a processor dedicated to performing the methods, or may be a processor that executes computer instructions in a memory to perform the methods, e.g., a general purpose processor. The memory may be a non-transitory (non-transitory) memory, such as a Read Only Memory (ROM), which may be integrated on the same chip as the processor, or may be separately provided on different chips, and the type of the memory and the manner in which the memory and the processor are provided are not limited in the embodiments of the present application.

In a nineteenth aspect, there is provided a computer readable storage medium storing program code for execution by a device, the program code comprising instructions for performing the methods provided in the above aspects.

In a twentieth aspect, there is provided a computer program product containing instructions that, when run on a computer, cause the computer to perform the method provided in the above aspects.

In a twenty-first aspect, a chip is provided, the chip comprising a processor and a communication interface, the processor reading instructions stored on a memory via the communication interface for performing the methods provided in the above aspects.

Optionally, as an implementation manner, the chip may further include a memory, where the memory stores instructions, and the processor is configured to execute the instructions stored on the memory, and when the instructions are executed, the processor is configured to perform the method provided in the above aspects.

Drawings

Fig. 1 is a schematic diagram of a network architecture 100 provided by the present application.

Fig. 2 is a specific flow chart of a security mode command procedure in the case that the UE has an underlying abnormality.

Fig. 3 is a schematic flow chart of a communication method provided by the present application.

Fig. 4 is a schematic flow chart of another communication method provided by the present application.

Fig. 5 is a schematic flow chart of yet another communication method provided by the present application.

Fig. 6 is a schematic flow chart of yet another communication method provided by the present application.

Fig. 7 is a schematic flow chart of yet another communication method provided by the present application.

Fig. 8 is a schematic flow chart of yet another communication method provided by the present application.

Fig. 9 is a schematic flow chart of yet another communication method provided by the present application.

Fig. 10 is a schematic flow chart of yet another communication method provided by the present application.

Fig. 11 is a schematic flow chart of yet another communication method provided by the present application.

Fig. 12 is a schematic flow chart of yet another communication method provided by the present application.

Fig. 13 is a schematic block diagram of a communication device 10 provided in an embodiment of the present application.

Fig. 14 is a schematic diagram of another communication device 20 according to an embodiment of the present application.

Fig. 15 is a schematic diagram of a chip system 30 according to an embodiment of the present application.

Detailed Description

The technical scheme of the application will be described below with reference to the accompanying drawings.

The technical scheme provided by the application can be applied to various communication systems, such as a New Radio (NR) system, a long term evolution (long term evolution, LTE) system, an LTE frequency division duplex (frequency division duplex, FDD) system, an LTE time division duplex (time division duplex, TDD) system and the like. The technical solution provided by the present application may also be applied to device-to-device (D2D) communication, vehicle-to-everything (V2X) communication, machine-to-machine (machine to machine, M2M) communication, machine type communication (machine typecommunication, MTC), and internet of things (internet of things, ioT) communication systems or other communication systems.

In a communication system, the part operated by an operator may be referred to as a public land mobile network (public land mobilenetwork, PLMN), also may be referred to as an operator network, etc. PLMNs are networks established and operated by governments or operators licensed thereto for the purpose of providing land mobile services to the public, and are mainly public networks in which mobile network operators (mobilenetwork operator, MNOs) provide mobile broadband access services to subscribers. The PLMN described in the embodiment of the present application may specifically be a network meeting the requirements of the 3GPP standard, abbreviated as a 3GPP network. The 3GPP network generally includes, but is not limited to, a 5G network, a fourth generation mobile communication (4G) network, and other communication systems in the future, such as a (6 th-generation, 6G) network, etc. The technical scheme is simultaneously applicable to SNPN (Stand-aloneNon-Public Network).

For convenience of description, the PLMN or 5G network will be used as an example in the embodiments of the present application.

Fig. 1 is a schematic diagram of a network architecture 100 provided in the present application, taking a 5G network architecture based on a service architecture as an example in a non-roaming scenario defined in a 3GPP standardization process. As shown, the network architecture may include three parts, a terminal device part, a DN and an operator network PLMN part, respectively. The function of the network elements of each part will be briefly described below.

The terminal device part may include a terminal device 110, which terminal device 110 may also be referred to as a User Equipment (UE). The terminal device 110 in the present application is a device having a radio transceiver function, and may communicate with one or more Core Network (CN) devices via an access network device (or may also be referred to as an access device) in a radio access network (radio access network, RAN) 140. Terminal equipment 110 may also be called an access terminal, subscriber unit, subscriber station, mobile station, remote terminal, mobile device, user terminal, user agent, user device, or the like. Terminal device 110 may be deployed on land, including indoor or outdoor, hand-held or vehicle-mounted, on water (e.g., ship, etc.), and in air (e.g., airplane, balloon, satellite, etc.). The terminal device 110 may be a cellular phone (cellular phone), a cordless phone, a session initiation protocol (sessioninitiation protocol) phone, a smart phone (smart phone), a mobile phone (mobile phone), a wireless local loop (wireless local loop, WLL) station, a Personal Digital Assistant (PDA), etc. Or the terminal device 110 may also be a handheld device, a computing device or other device connected to a wireless modem, an in-vehicle device, a wearable device, an unmanned aerial vehicle device or an internet of things, a terminal in the internet of things, a terminal in any form of a 5G network and a future network, a relay user device or a terminal in a future evolution 6G network, etc. with wireless communication functions. The relay user equipment may be, for example, a 5G home gateway (RESIDENTIAL GATEWAY, RG). For example, the terminal device 110 may be a Virtual Reality (VR) terminal, an augmented reality (augmented reality, AR) terminal, a wireless terminal in industrial control (industrial control), a wireless terminal in unmanned (SELF DRIVING), a wireless terminal in telemedicine (remote media), a wireless terminal in smart grid (SMART GRID), a wireless terminal in transportation security (transportation safety), a wireless terminal in smart city (SMART CITY), a wireless terminal in smart home (smart home), and the like. The terminal equipment herein refers to a 3GPP terminal. The embodiment of the application is not limited to the type or the kind of the terminal equipment and the like. For convenience of explanation, the present application will be described below with reference to UE referring to a terminal device.

The operator network PLMN portion may include, but is not limited to, (radio) access network (R) AN) 120 and Core Network (CN) portions.

(R) AN 120 may be considered as a sub-network of AN operator network, AN implementation system between a service node and terminal equipment 110 in the operator network. The terminal device 110 is to access the operator network, and first passes through the (R) AN 120, and then can connect with a service node of the operator network through the (R) AN 120. An access network device (RAN device) in an embodiment of the present application is a device that provides a wireless communication function for a terminal device 110, and may also be referred to as a network device, where the RAN device includes, but is not limited to, a next generation base station node (next generation node base station, gNB) in a 5G system, an evolved node B (eNB) in long term evolution (long term evolution, LTE), a radio network controller (radio network controller, RNC), a Node B (NB), a base station controller (base stationcontroller, BSC), a base transceiver station (base transceiver station, BTS), a home base station (e.g., homeevolved nodeB, or home node B, HNB), a baseband unit (BBU), a transmission point (TRANSMITTING AND RECEIVING point, TRP), a transmission point (TRANSMITTING POINT, TP), a small base station device (pico), a mobile switching center, or a network device in a future network, and the like. In systems employing different radio access technologies, the names of access network device-capable devices may vary. For convenience of description, in all embodiments of the present application, the above-mentioned means for providing the terminal device 110 with a wireless communication function is collectively referred to as AN access network device or RAN or AN for short. It should be understood that the specific type of access network device is not limited herein.

The CN components may include, but are not limited to NF, a user plane function (user plane function, UPF) 130, a network open function (network exposure function, NEF) 131, a network function repository function (network functionrepository function, NRF) 132, a policy control function (policy control function, PCF) 133, a unified data management function (unified DATA MANAGEMENT, UDM) 134, a unified data repository function (unified datarepository, UDR) 135, a network DATA ANALYTICS function, NWDAF) 136, an authentication server function (authentication server function, AUSF) 137, an access and mobility management function (ACCESSAND MOBILITY MANAGEMENT FUNCTION, AMF) 138, a session management function (session management function, SMF) 139.

The data network DN 140, which may also be referred to as a Packet Data Network (PDN), is typically a network located outside the operator network, for example a third party network. Of course, in some implementations, the DN may also be deployed by the operator, i.e., the DN is part of the PLMN. The application does not limit whether the DN belongs to a PLMN. The operator network PLMN may access a plurality of data networks DN 140, and a plurality of services may be deployed on the data networks DN 140, so as to provide services such as data and/or voice for the terminal device 110. For example, the data network DN 140 may be a private network of an intelligent plant, the sensors installed in the plant of the intelligent plant may be the terminal devices 110, and the control servers of the sensors deployed in the data network DN 140 may provide services for the sensors. The sensor may communicate with the control server, obtain instructions from the control server, transmit collected sensor data to the control server, etc., according to the instructions. For another example, the data network DN 140 may be an internal office network of a company, where a mobile phone or a computer of a staff member may be the terminal device 110, and the mobile phone or the computer of the staff member may access information, data resources, etc. on the internal office network of the company. Terminal device 110 may establish a connection with an operator network via an interface (e.g., N1, etc.) provided by the operator network, using data and/or voice services provided by the operator network. Terminal device 110 may also access data network DN 140 via an operator network, use operator services deployed on data network DN 140, and/or services provided by third parties.

The NF functions comprised by the CN are briefly described further below.

1. The UPF 130 is a gateway provided by the operator and is a gateway for the operator network to communicate with the data network DN 140. The UPF 130 includes functions related to the user plane such as packet routing and transmission, packet detection, traffic reporting, quality of service (quality of service, qoS) handling, lawful interception, uplink packet detection, downlink packet storage, etc.

2. The NEF 131 is a control plane function provided by an operator, and mainly enables a third party to use services provided by a network, supports the network to open its capability, event and data analysis, applies external applications to PLMN security configuration information, conversion of information between the interior and the exterior of the PLMN, provides an API interface for the operator network to open the exterior, provides interaction between an external service end and an internal operator network, and the like.

3. NRF 132 is a control plane function provided by an operator and can be used to maintain real-time information of network functions and services in a network. Such as supporting network service discovery, maintaining NF configuration data (NF profile) supported services for NF instances, supporting service discovery for communication agents (service communication proxy, SCP), maintaining SCP configuration data (SCP profile) for SCP instances, sending notifications about new registrations, de-registrations, updated NF and SCP, maintaining the health of NF and SCP operation, etc.

4. PCF 133 is a control plane function provided by an operator that supports a unified policy framework to govern network behavior, provide policy rules, policy decision-related subscription information, etc. to other control functions.

5. The UDM 134 is a control plane function provided by an operator, and is responsible for storing information such as a subscriber permanent identifier (SUPI) of an signing subscriber in an operator network, a subscription identifier (generic public subscription identifier, GPSI) of a public use of a subscriber, and a credentials (credit). Wherein the SUPI is encrypted during transmission, the encrypted SUPI is referred to as a hidden subscriber subscription identifier (subscriptionconcealed identifier, SUCI). This information stored by the UDM 134 may be used for authentication and authorization of the terminal device 110 to access the operator network. The subscriber of the operator network may be a subscriber using a service provided by the operator network, for example, a subscriber using a mobile phone core card (subscriber identity module, SIM) of china telecom, or a subscriber using a mobile phone core card of china mobile. The credentials of the subscriber may be a long-term key stored in the mobile phone core card or a small file stored in information related to encryption of the mobile phone core card, for authentication and/or authorization. It should be noted that, in the embodiment of the present application, the permanent identifier, the credentials, the security context, the authentication data (cookie), and the token equivalent verification/authentication, authorization related information are not distinguished and limited for convenience of description.

6. UDR 135 is a control plane function provided by the operator, providing a function of storing and acquiring subscription data for UDM, providing storage and acquiring policy data for PCF, storing and acquiring NF group ID (group ID) information of the user, and the like.

7. NWDAF 136 is a control plane function provided by an operator, and its main functions are to collect data from NF, external application function AF, and operation and maintenance AND MAINTENANCE (OAM) system, to provide NWDAF service registration, data opening, and analysis data for NF and AF, and the like. In the present application NWDAF is mainly responsible for security related data analysis, so NWDAF may also be understood as a network element with security analysis function, which is called NWDAF as an example, and other network element names may be used later, which is not limited in this application.

8. AUSF 137 to 137 is a control plane function provided by the operator and is typically used for a level of authentication, i.e. authentication between the terminal device 110 (subscriber) and the operator network. AUSF 137 upon receipt of a subscriber initiated authentication request, the subscriber may be authenticated and/or authorized by authentication information and/or authorization information stored in the UDM 134, or generated by the UDM 134. AUSF 137 may feed back authentication information and/or authorization information to the subscriber.

9. The AMF 138 is a control plane network function provided by the operator network, and is responsible for access control and mobility management of the terminal device 110 accessing the operator network, including, for example, mobility state management, allocation of a temporary identity of a user, authentication and authorization of the user, and the like.

The AMF 138 is used for NAS connection with the UE, having the same 5G NAS security context as the UE. The 5G NAS security context includes KAMF, the same key identification information as the NAS level key, UE security capabilities, and an uplink NAS COUNT value, a downlink NAS COUNT value. The NAS level keys include a NAS encryption key and a NAS integrity protection key for confidentiality protection and integrity protection of NAS messages, respectively.

10. SMF 139 is a control plane network function provided by the operator network and is responsible for managing PDU sessions of terminal device 110. The PDU session is a channel for transmitting PDUs, and the terminal device needs to transmit PDUs to each other through the PDU session and the data network DN 140. PDU sessions are responsible for setup, maintenance, deletion, etc. by the SMF 139. The SMF 139 includes session-related functions such as session establishment, modification and release, including tunnel maintenance between the user plane functions UPF 130 and (R) AN 120, selection and control of the UPF 130, traffic and session continuity (SERVICE AND session continuity, SSC) mode selection, roaming, etc.

11. The AF 141 is a control plane network function provided by an operator network, for providing application layer information, and may interact with a policy framework or interact directly with the policy framework through a network element of a network open function to make policy decision requests, etc. May be located within the operator network or outside the operator network.

It will be appreciated that the network elements or functions described above may be either physical entities in hardware devices, software instances running on dedicated hardware, or virtualized functions instantiated on a shared platform (e.g., a cloud platform). In brief, an NF may be implemented by hardware or software.

Nnef, nnrf, npcf, nudm, nudr, nnwdaf, nausf, namf, nsmf, N1, N2, N3, N4, and N6 in fig. 1 are interface serial numbers. Illustratively, the meaning of the above-mentioned interface serial number may be referred to the meaning defined in the 3GPP standard protocol, and the present application is not limited to the meaning of the above-mentioned interface serial number. It should be noted that the interface names between the network functions in the figures are merely an example, and in a specific implementation, the interface names of the system architecture may also be other names, which is not limited by the present application. Furthermore, the names of the transmitted messages (or signaling) between the various network elements described above are also merely an example, and do not constitute any limitation on the function of the message itself.

For convenience of explanation, network functions (such as NEF 131..smf 139) are collectively referred to/simply referred to as NF in the embodiment of the present application, that is, NF described later in the embodiment of the present application may be replaced with any one of the network functions. In addition, fig. 1 schematically depicts only a part of the network functions, and NF described later is not limited to the network functions shown in fig. 1.

It should be understood that the network architecture applied to the embodiment of the present application is only a network architecture described from the viewpoint of a server architecture, and the network architecture to which the embodiment of the present application is applied is not limited to this, and any network architecture capable of implementing the functions of each network element described above is applicable to the embodiment of the present application.

It should also be understood that AMF, SMF, UPF, NEF, AUSF, NRF, PCF, UDM shown in the figures may be understood as network elements in the core network for implementing different functions, e.g. may be combined into network slices as required. The core network elements can be independent devices or integrated in the same device to realize different functions, and the application is not limited to the specific form of the network elements.

It should also be understood that the above designations are merely intended to facilitate distinguishing between different functions and should not be construed as limiting the application in any way. The application does not exclude the possibility of using other designations in 5G networks as well as in other networks in the future. For example, in a 6G network, some or all of the individual network elements may follow the terminology in 5G, possibly by other names, etc.

For the purposes of facilitating an understanding of the embodiments of the present application, some basic concepts to which the present application relates are briefly described.

1. The network Non-Access Stratum (NAS) security mode command flow (Security mode controlprocedure) includes a round trip of messages between the AMF and the UE. The AMF sends a security mode command (Security mode command) message to the UE and the UE replies with a security mode complete (Security mode complete) message. The specific process of security mode command procedure in the present application is not described in detail, and reference may be made to the description of the related section (6.7.2 in TS 33.501) in the present protocol, which is not described herein.

2. Base station key (K _gNB) key K _gNB can be derived from K _AMF and the uplink count value in UE and AMF. The generation manner of K _gNB in the present application is not described in detail, and reference may be made to the description of the related section (a.9 in TS 33.501) in the present protocol, which is not described herein.

Specifically, the uplink count value required to derive K _gNB may be determined through the above-described Security mode control procedure negotiation.

The application mainly relates to influence on deduction K _gNB when uplink count values obtained by negotiation of UE and AMF are inconsistent under the condition that abnormality of the UE can not be fed back Security mode complete in time in security mode command procedure.

3. Security mode command procedure when the UE is abnormal, as shown in fig. 2, if the UE has an abnormal bottom layer (such as a signal difference, a high error rate, etc.) in the security modecommand procedure process, the uplink count value obtained by negotiation between the UE and the AMF may be inconsistent.

Security mode command procedure shown in fig. 2 includes the following steps:

S210, the AMF sends Security mode command a message, and after receiving the message, the UE processes and replies Security mode complete a (uplink count is 0), but Security mode complete a is not sent to the AMF in time due to the UE bottom layer abnormality (e.g. small uplink grant, poor signal, high error code, etc.).

S220, after the AMF protection timer T3560 expires, the network Securitymode complete2 is retransmitted Security mode command (different from the downlink count value in Security mode command1, and the rest is the same), that is, security modecommand is a Security mode command1 retransmission message, and after the UE processes normally, the UE replies to the network Securitymode complete2 (uplink count is 1).

S230, the UE bottom layer is restored to be normal, security mode complete in step S210 is successfully transmitted, and the AMF is successfully received, and the AMF refreshing uplink count value is 0.

S240, the UE transmits the success Security mode complete1, and performs first key deduction based on the uplink count value 0 to obtain K _gNB #1.

S250, AMF sends Security mode command3, carrying information such as security algorithm, and after receiving the information, UE processes normally and replies AMF Security mode complete (up count is 2).

S260, AMF receives Security mode complete2 sent by UE in step S220, and the refresh count value is 1.

S270, the UE transmits the success Security mode complete2, and performs second key deduction based on the uplink count value 1 to obtain K _gNB #2.

S271, the AMF receives Security mode complete successfully, performs key derivation based on the uplink count value 1, obtains K _gNB #2, and provides it to the base station.

S280, the AMF receives Security mode complete3 sent by the UE in step S250, and discards Security modecomplete.

S290, the UE transmits the success Security mode complete to the UE, and performs third key deduction based on the uplink count value 2 to obtain K _gNB #3.

In the flow shown in fig. 2, the UE side sends 3 pieces Security mode complete, the uplink count value maintained by the UE side is 2, but the AMF receives the first two pieces Security mode complete, the maintained uplink count value is 1, and the discarded uplink count value is 2 in Security mode complete 3. The uplink count values maintained by the UE side and the network side are not uniform, so that the uplink count values used by the UE and the AMF deduction K _gNB are different, and finally the deduction K _gNB is different, so that the RRC side security procedure fails. Note that, the scenario of the AMF retransmission Security mode command shown in fig. 2 is merely an example, and the protection scope of the present application is not limited in any way, and the AMF retransmission Security modecommand may occur in other situations, for example, the case of poor communication quality, abnormal communication link, etc., and the AMF retransmission Security mode command may also occur, and the present application does not limit the cause of the AMF retransmission Security mode command.

In addition, in order to facilitate understanding of the embodiments of the present application, the following description is made.

First, in the present application, "for indicating" may include both for direct indication and for indirect indication. When describing that certain indication information is used for indicating a, the indication information may be included to directly indicate a or indirectly indicate a, and does not necessarily indicate that a is included in the indication information.

The information indicated by the indication information is called information to be indicated, and in a specific implementation process, various ways for indicating the information to be indicated exist. The information to be indicated can be sent together as a whole or can be divided into a plurality of pieces of sub-information to be sent separately, and the sending periods and/or sending occasions of the sub-information can be the same or different. Specific transmission method the present application is not limited. The transmission period and/or the transmission timing of the sub-information may be predefined, for example, predefined according to a protocol, or may be configured by the transmitting end device by transmitting configuration information to the receiving end device.

Second, the term "at least one" as used herein means one or more, and the term "plurality" means two or more. In addition, in the embodiments of the present application, "first", "second", and various numerical numbers (e.g., "#1", "#2", etc.) are merely for convenience of description and are not intended to limit the scope of the embodiments of the present application. The following sequence numbers of the processes do not mean the order of execution, which should be determined by the functions and internal logic thereof, but should not constitute any limitation on the implementation process of the embodiments of the present application, and it should be understood that the objects thus described may be interchanged where appropriate so as to be able to describe schemes other than the embodiments of the present application. In addition, in the embodiments of the present application, words "310", "320", and the like are merely identifiers for convenience of description, and do not limit the order of executing steps.

Third, in the present application, words such as "exemplary" or "such as" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "for example" should not be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion.

Fourth, references to "save" in embodiments of the present application may refer to saving in one or more memories. The one or more memories may be provided separately or may be integrated in an encoder or decoder, processor, or communication device. The one or more memories may also be provided separately in part, and integrated in the decoder, processor, or communication device. The type of memory may be any form of storage medium, and the application is not limited in this regard.

Fifth, the "protocol" referred to in the embodiments of the present application may refer to a standard protocol in the field of communications, and may include, for example, an LTE protocol, an NR protocol, and related protocols applied in future communication systems, which is not limited in the present application.

Sixth, in the present embodiment, "in the case of.," when., "if.," can sometimes be used in combination, it should be noted that the meaning to be expressed is consistent when the distinction is not emphasized.

Seventh, in the embodiment of the present application, terms and english abbreviations, such as Radio Resource Control (RRC), etc., are given as exemplary examples for convenience of description, and should not be construed as limiting the present application in any way. The present application does not exclude the possibility of defining other terms in existing or future protocols that perform the same or similar functions.

Eighth, the term "and/or" is merely an association relationship describing the association object, and means that three relationships may exist, for example, a and/or B, and that a exists alone, while a and B exist alone, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.

The scenario that the communication method provided by the embodiment of the present application can be applied is simply described above in conjunction with fig. 1, and the basic concept possibly involved in the embodiment of the present application is described, and the security mode control procedure flow when the UE is abnormal is described in conjunction with fig. 2 in the basic concept, according to the above-mentioned fig. 2 flow, it can be known that if the uplink count values maintained by the UE side and the network side are not uniform, the uplink count values used by the UE and the AMF deduction K _gNB are different, and finally K _gNB is generated differently, resulting in failure of the RRC side security flow.

The application provides a communication method which can be applied to a communication system shown in fig. 1 to reduce the possibility of access layer security check failure caused by non-uniform keys at a UE side and a network side.

It should be understood that the embodiments shown below are not particularly limited to the specific structure of the execution body of the method provided by the embodiments of the present application, as long as communication can be performed by the method provided according to the embodiments of the present application by running a program in which the code of the method provided by the embodiments of the present application is recorded. For example, the execution body of the method provided by the embodiment of the application may be a network element, or a functional module in the network element that can call a program and execute the program.

Fig. 3 is a schematic flow chart of a communication method provided by the present application. In the communication method shown in fig. 3, the security mode command message sent by the core network device carries the value of the first identifier, so as to identify the security mode command message. And, a response message (such as a security mode completion message or a security mode failure message) of the security mode command message sent by the terminal device carries a value of the second identifier, so as to identify the response message. And the value of the second identifier carried in the response message responding to a certain security mode command message is the same as the value of the first identifier carried in the security mode command message. For convenience of description, the embodiment shown in fig. 3 is illustrated by taking a response message of the security mode command message as a security mode complete message. When the response message of the security mode command message is a security mode failure message, the description of the security mode completion message may be referred to, and will not be repeated.

The value of the first identifier is different in different security mode command messages sent by the core network equipment, and the value of the second identifier is different in different security mode completion messages sent by the terminal equipment.

Illustratively, the first identifier may be understood as field #1 in the secure mode command message and the second identifier may be understood as field #2 in the secure mode complete message, wherein field #1 and field #2 may be fields representing the same physical meaning or fields of different physical meanings. For example, field #1 may be a flow interaction identifier (proceduretransaction identity, PTI) field in the secure mode command message, and field #2 may also be a PTI field in the secure mode complete message. In the embodiment shown in fig. 3, it is not limited whether the meaning of the field #1 and the field #2 is the same.

Specifically, the communication method shown in fig. 3 includes the steps of:

s310, the core network device sends a first security mode command message to the terminal device, or the terminal device receives the first security mode command message from the core network device.

The core network device may be an AMF as previously shown in fig. 1. It should be understood that the name of the core network device in this embodiment is not limited, and that network elements that can be used for access control and mobility management in charge of access of the terminal device to the operator network may be considered as the core network devices involved in this embodiment. For convenience of description, the core network device is hereinafter described as an AMF.

The security mode command message sent by the core network device to the terminal device is, for example, a non-access stratum security mode command message.

The security mode command flow is used to activate a security mechanism between the terminal device and the core network device, and may be described in particular with reference to section 6.7.2 in standard TS 33.501 version 18.1.0. The secure mode command flow includes a pair of messages, a secure mode command message and a secure mode complete/failure message. The network device triggers the secure mode command flow by sending a secure mode command message to the terminal device.

Specifically, the first security mode command message includes a first value of the first identifier. The first value of the first identification is used to identify the first secure mode command message. The first security mode command message is an integrity protected security mode command message.

Illustratively, the first value of the first identifier is used to identify the first secure mode command message, which may be understood as having a one-to-one correspondence with the first secure mode command message.

There are various implementations of the AMF generating the first value of the first identifier, including but not limited to the following two possible implementations:

As a possible implementation, if the first security mode command message is a first security mode command message sent by the AMF, the first value of the first identifier may be set to an initial value, e.g., the first value of the first identifier is 0, 1, or k.

As another possible implementation manner, if the first security mode command message is an nth security mode command message sent by the AMF, the first value of the first identifier is added by one on the basis of the value of the first identifier of the N-1 th security mode command message, and if the value of the first identifier of the N-1 th security mode command message is N-1, the first value of the first identifier is N.

The first value of the first identifier carried in the first security mode command message may be understood as that the first security mode command message carries the first identifier, and the value of the first identifier is the first value. Thus, the manner in which the first value of the first identifier is carried in the first secure mode command message in this embodiment may be understood as the manner in which the first identifier is carried in the first secure mode command message.

The manner in which the first identifier is carried in the first security mode command message includes, but is not limited to, the following several possible implementations:

As a possible implementation manner, the first identifier is field #1 in the first secure mode command message, and an existing option-necessary information element (information element, IE) in the first secure mode command message may be used as the first identifier, where the content of the first secure mode command message may refer to the table 8.2.25.1.1 in the current protocol TS 24.501. The first value of the first identifier, field #1, is valued.

Illustratively, the mandatory option SPARE HALF ott field defined in the first secure mode command message is modified as the first identifier, i.e., a field carrying the first identifier at the location of the original mandatory option SPARE HALF ott field. For ease of understanding, how the mandatory option IE defined in the first secure mode command message is modified so that it can be the first identity is described in connection with table 1.

TABLE 1

As another possible implementation, the first identifier is a field #1 in the first security mode command message, and the field #1 may be an additional mandatory option IE in the first security mode command message. The first value of the first identifier, field #1, is valued.

For example, a 1-byte mandatory option IE is added as a first identifier in the first security mode command message. For ease of understanding, how the necessary option IE is added to the first security mode command message is described in connection with table 2 so that the newly added necessary option IE can be used as the first identity.

TABLE 2

As yet another possible implementation, the first identifier is a field #1 in the first security mode command message, where the field #1 may be carried in the first security mode command message as an optional IE of the first security mode command message. The first value of the first identifier, field #1, is valued.

For example, a1 byte optional IE is added as a first identifier in the first security mode command message. For ease of understanding, how the selectable item IE is newly added to the first security mode command message is described in connection with table 3 so that the selectable item IE can be used as the first identity.

TABLE 3 Table 3

The above description in connection with tables 1 to 3 describes how the first identification is carried in the first secure mode command message. Illustratively, the first identification may be a flow interaction identifier (procedure transactionidentity, PTI) field in the first secure mode command message, i.e., 9.X in tables 1-3 above represents a PTI field. Specifically, in the case that the first identifier is the PTI field, the value of the first identifier includes, but is not limited to, the following two possible implementations:

As a possible implementation, the PTI field in the first security mode command message takes 8 bits, and each bit may take a value of 0 or 1, so that the PTI field may have 256 different values.

As another possible implementation, the PTI field in the first secure mode command message occupies 4 bits, and each bit may take a value of 0 or1, so that the PTI field may have 8 different values.

It should be appreciated that in this embodiment, after the AMF sends the first secure mode command message, the AMF may store a first value of the first identifier so as to determine whether the received secure mode complete message is a response to the first secure mode command message based on the first value of the first identifier.

The terminal device verifies the first security mode command message after receiving the first security mode command message. And under the condition that the verification is successful, the terminal equipment generates a first security mode completion message. The first security mode complete message is a response message to the first security mode command message.

The terminal equipment verifies the first security mode command message, including checking whether the security capability information of the terminal equipment carried in the first security mode completion message is correct or not, and verifying whether the integrity protection of the first security mode command message is correct or not. It should be understood that in this embodiment, how the terminal device verifies the received first security mode command message is not limited, and reference may be made to a description of the terminal device verification security mode command message in the existing protocol, which is not repeated in the present application.

Specifically, the first security mode completion message includes a first value of the second identifier, and since the first security mode completion message is a security mode completion message generated for the first security mode command message, the first value of the second identifier is equal to the first value of the first identifier.

The first value of the second identifier carried in the first security mode completion message may be understood as that the first security mode completion message carries the second identifier, and the value of the second identifier is the first value. Thus, the manner in which the first value of the second identifier is carried in the first secure mode complete message in this embodiment may be understood as the manner in which the second identifier is carried in the first secure mode command message.

The manner in which the second identifier is carried in the first security mode complete message includes, but is not limited to, the following several possible implementations:

as a possible implementation manner, the second identifier is field #2 in the first security mode complete message, where the content of the first security mode complete message may refer to table 8.2.26.1.1 in the current protocol TS24.501, and the first security mode complete message has the necessary option IE as the second identifier. The first value of the second identifier is the value of field # 2.

Illustratively, the SPARE bit in the first security mode complete message is modified as the second identifier, i.e. a field carrying the second identifier at the location of the SPARE field of the original mandatory option. For ease of understanding, how the mandatory option IE in the first security mode complete message is modified so that it can be used as the second identity is described in connection with table 4.

TABLE 4 Table 4

It should be appreciated that when the first identifier carried in the first secure mode command message received by the terminal device is as described in table 1 above, the terminal device may carry the second identifier as shown in table 4 in the first secure mode complete message in response to the first secure mode command message.

As another possible implementation, the second identifier is a field #2 in the first security mode complete message, and the field #2 may be an additional mandatory option IE in the first security mode complete message.

For example, a 1-byte mandatory option IE is added as the second identifier in the first security mode complete message. For ease of understanding, how the mandatory option IE in the first security mode complete message is newly added is described in connection with table 5 so that the newly added mandatory option IE can be used as the second identity.

TABLE 5

It should be appreciated that when the first identifier carried in the first secure mode command message received by the terminal device is as described in table 2 above, the terminal device may carry the second identifier as shown in table 5 in the first secure mode complete message in response to the first secure mode command message.

As yet another possible implementation, the second identifier is a field #2 in the first secure mode secure message, and the field #2 may be an optional IE of the first secure mode complete message.

For example, a 1-byte optional IE is newly added to the first security mode complete message as the second identifier, and for convenience of understanding, how the optional IE is newly added to the first security mode complete message is described in connection with table 6 so that the optional IE can be used as the second identifier.

TABLE 6

It should be appreciated that when the first identifier carried in the first secure mode command message received by the terminal device is as described in table 3 above, the terminal device may carry the second identifier as shown in table 6 in the first secure mode complete message in response to the first secure mode command message.

The above description in connection with tables 4 to 6 describes how the second identity is carried in the first security mode complete message. Illustratively, the second identification may be a flow interaction identifier (procedure transactionidentity, PTI) field in the first secure mode complete message, i.e., 9.X in tables 4 through 6 above represents the PTI field. Specifically, in the case that the second identifier is the PTI field, the value of the second identifier includes, but is not limited to, the following two possible implementations:

as a possible implementation, the PTI field in the first security mode complete message takes 8 bits, and each bit may take a value of 0 or 1, so that the PTI field may have 256 different values.

As another possible implementation, the PTI field in the first security mode complete message takes 4 bits, and each bit may take a value of 0 or 1, so that the PTI field may have 8 different values. In addition, the encrypted message of the first security mode completion message further carries an uplink parameter, where the uplink parameter may be uplink count value information, for example, the security mode completion message includes a sequence number, which is the lower 8 bits of the NAS counter value. For convenience of description, the uplink count value information carried in the security mode completion message is hereinafter abbreviated as uplink count, e.g. the first security mode completion message carries uplink count #1. In this embodiment, a detailed description is not given of a specific form of the uplink parameter carried in the security mode completion message, and the description of the uplink parameter carried in the security mode completion message in the existing protocol TS24.501 is referred to.

S320, the terminal device sends a first security mode completion message to the AMF, or the AMF receives the first security mode completion message from the terminal device.

S330, the terminal device derives a key according to the parameters included in the first security mode completion message.

Specifically, the terminal device performs key (e.g., K _gNB) deduction based on an uplink parameter (e.g., uplink count#1) corresponding to the first security mode completion message, to obtain K _gNB #1. It should be understood that the terminal device derives the key and sends the first security mode completion message without limitation, and the terminal device may perform the key derivation after determining the uplink parameter corresponding to the first security mode completion message, or may perform the key derivation after sending the first security mode completion message.

In this embodiment, after the terminal device derives the key, the integrity protection check and/or decryption may be performed on the subsequently received access layer security mode command message from the access network device according to the key. The terminal device can further generate an access layer signaling surface integrity protection key and/or an access layer signaling surface confidentiality protection key according to the key, and respectively use the access layer signaling surface integrity protection key and/or the access layer signaling surface confidentiality protection key to carry out integrity protection check and/or decryption on the subsequently received access layer security mode command message from the access network device. The present embodiments are not limited to a particular method of integrity protection verification and/or decryption.

S340, the AMF derives a key according to the parameters included in the first security mode completion message.

Specifically, in the case that the first value of the first identifier and the first value of the second identifier are the same, the AMF derives the key according to the parameter included in the first security mode complete message.

Illustratively, after the AMF receives the first security mode complete message, a first value of the second identifier carried in the first security mode complete message is obtained, and a first value of the first identifier stored locally is obtained. And determining that the first value of the second identifier contained in the first security mode completion message is the same as the first value of the first identifier stored locally, thereby determining that the first security mode completion message is a response message of the first security mode command message.

Further, the AMF performs a key (e.g., K _gNB) derivation based on an uplink parameter (e.g., uplink count#1), where the AMF derivation key is a base station derivation key, e.g., the AMF derives K _gNB #1 based on the uplink parameter. After the AMF derives the key, the derived key may be provided to the access network device, and the method flow shown in fig. 3 further includes:

s350, the AMF sends the key to the access network device.

In this embodiment, after receiving the key from the AMF, the access network device may perform integrity protection and/or encryption protection on the access layer security mode command message that is subsequently sent to the terminal device according to the key. The access network device can further generate an access layer signaling surface integrity protection key and/or an access layer signaling surface confidentiality protection key according to the key, and the access layer signaling surface integrity protection key and/or the access layer signaling surface confidentiality protection key are used for carrying out integrity protection and/or encryption protection on the access layer security mode command message which is subsequently sent to the terminal device. The present embodiments are not limited to a particular method of integrity protection and/or encryption.

The deduction K _gNB is taken as an example for convenience of description. Other scenarios requiring key deduction by using the uplink parameters are similar to those of the uplink parameter deduction K _gNB, and are not repeated in the present application.

In the embodiment shown in fig. 3, the AMF may determine whether the received first security mode complete message is a response message of the transmitted first security mode command message according to the first value of the first identifier of the transmitted first security mode command message and the first value of the second identifier of the received first security mode complete message, and deduce the key and send the key to the access network device if the first value of the first identifier and the first value of the second identifier are the same, so that the terminal side and the access network device side can perform subsequent access layer security verification based on the same key, and improve the possibility of success of the access layer security verification.

Under the condition that the stored first value of the first identifier is the same as the received first value of the second identifier, the AMF derives the key according to the parameters included in the first security mode completion message, and can be further understood that when the AMF determines that the first security mode completion message is the response message of the first security mode command message according to the first value of the first identifier and the first value of the second identifier, the AMF derives the key according to the parameters included in the first security mode completion message.

In addition, in the case that the stored first value of the first identifier and the received first value of the second identifier are not the same, the AMF determines that the first security mode complete message is not a response message to the first security mode command message, and may discard the first security mode complete message. Specifically, in case the AMF determines that the first security mode completion message is lost, the AMF may continue to wait for receiving other security mode completion messages except for the first security mode completion message and continue to determine whether to execute the above steps S340 and S350 after receiving the other security mode completion messages, or the AMF may consider that the current security mode flow command procedure fails and no longer execute the above steps S340 and S350.

It should be noted that, in the above embodiment, the terminal device sends the first security mode completion message as an example, and the protection scope of the present application is not limited in any way, and the terminal device may send the first security mode rejection message after receiving the first security mode command message and failing to verify, and carry the third identifier in the first security mode rejection message, where the value of the third identifier indicates whether the first security mode rejection message is a message responding to the first security mode command message. The AMF determines that the security mode flow fails after receiving the first security mode rejection message.

Specifically, the communication method shown in fig. 3 may be applied in the scenario of the AMF retransmitting the security mode command message, so that the AMF and the terminal device may derive the key according to the same parameter, thereby improving the accuracy of key derivation. Illustratively, the AMF resends the secure mode command message includes, but is not limited to, the following two implementations:

in the implementation #1, the first security mode command message is the security mode command message retransmitted by the AMF.

The security mode command message retransmitted by the AMF means that the AMF sends one or more security mode command messages to the terminal device before sending the first security mode command message. And, the content contained in the one or more sent security mode command messages is different from the first security mode command message only in downlink NAS COUNT value.

The present implementation #1 is described by taking a secure mode command message sent before as an example, that is, in the case shown in the implementation #1, before the AMF sends the first secure mode command message to the terminal device, the AMF has sent a second secure mode command message to the terminal device, where the second secure mode command message includes a second value of the first identifier, and the second value of the first identifier is used to identify the second secure mode command message. Wherein the first value of the first identifier carried by the first secure mode command message is different from the second value of the first identifier carried by the second secure mode command message, e.g., the first value of the first identifier carried by the first secure mode command message is greater than the second value of the first identifier carried by the second secure mode command message.

Optionally, before the AMF receives the first security mode complete message, a second security mode complete message from the terminal device is also received, where the second security mode complete message includes a second value of the second identifier. The second value of the second identifier is the same as the second value of the first identifier contained in the second secure mode command message, the AMF may determine therefrom that the second secure mode complete message is a response to the second secure mode command message. And/or, since the second value of the second identifier carried by the second secure mode complete message is different from the first value of the first identifier of the first secure mode command message (stored by the AMF), the AMF determines that the second secure mode complete message is not a response to the first secure mode command message, so the AMF discards the second secure mode complete message without performing a key derivation based on parameters in the second secure mode complete message.

For ease of understanding, it is described below how the AMF derives the key using the same parameters as the terminal device in the case shown in implementation #1 in connection with a specific example.

Example one:

as shown in fig. 4, the method comprises the following steps:

s410, the AMF sends a security mode command message #1 to the terminal device.

The security mode command message #1 corresponds to the second security mode command message related to the case shown in the above-described implementation # 1.

Optionally, a timer (e.g., T3560) may also be started when the AMF sends the security mode command message # 1.

Optionally, the security mode command message #1 carries the security capability information of the terminal device, the selected encryption algorithm and the selected integrity protection algorithm. The security capability information of the terminal device is used for the terminal device to determine that the security capability information of the terminal device has not been tampered with during transmission. The selected encryption algorithm and the selected integrity protection algorithm are used for security protection of specific non-access stratum messages.

In this example, the security mode command message #1 carries a second value of the first identifier, for example, PTI #2, and the security mode command message #1 also carries a downlink parameter, such as a downlink count #0. Alternatively, the secure mode command message #1 may be encrypted.

It should be appreciated that, in this embodiment, after the AMF sends the security mode command message #1, the AMF may save the second value (e.g., PTI # 2) of the first identifier carried in the security mode command message #1, so as to determine whether the received security mode complete message is a response of the security mode command message #1 based on the second value of the first identifier.

S420, the terminal equipment verifies the security mode command message #1, and generates a security mode completion message #1 replying to the security mode command message #1 when the verification is successful.

The security mode complete message #1 corresponds to the second security mode complete message related to the case shown in the above-described implementation # 1.

Specifically, the secure mode complete message #1 includes a second value (e.g., PTI # 2) of the second flag, which is equal to the second value of the first flag.

In addition, the encrypted message of the security mode completion message #1 also carries an uplink parameter, such as uplink count #0.

In this embodiment, after receiving the security mode command message #1, the terminal device processes and replies the security mode complete message #1 normally, but the security mode complete message #1 may not reach the AMF in time due to some abnormal situation. The abnormal conditions include that the bottom layer of the terminal equipment is abnormal (such as small uplink grant, poor signal, high error code and the like), and the quality of an air interface between the terminal equipment and the base station is unstable, and the base station is confused in processing.

In the case that the AMF does not timely receive the security mode complete message #1 of the terminal device for the security mode command message #1, for example, if the protection timer (e.g., T3560) of the AMF has expired and has not yet received the security mode complete message #1, the AMF may resend the security mode command message to the terminal device, and the method shown in fig. 4 further includes:

s430, the AMF sends a security mode command message #2 to the terminal device.

The security mode command message #2 corresponds to the first security mode command message involved in the case shown in the above-described implementation # 1. The security mode command message #2 is a retransmission message of the security mode command message # 1.

Optionally, the security mode command message #2 carries an activation key, an encryption algorithm and an integrity protection algorithm.

In this example, the secure mode command message #2 carries a first value of a first identifier, for example, PTI #1, and the encrypted secure mode command message #2 also carries a downlink parameter, for example, downlink count #1.

It should be appreciated that, in this embodiment, after the AMF sends the security mode command message #2, the AMF locally stores the first value (e.g., PTI # 1) of the first identifier carried in the security mode command message #2, so as to determine whether the received security mode complete message is a response of the security mode command message #2 based on the first value of the first identifier.

As an alternative implementation, when the AMF locally saves the first value of the first identifier of the secure mode command message #2, the AMF discards the second value of the first identifier carried by the locally saved secure mode command message # 1. Or the AMF updates the second value of the first identifier carried by the locally stored security mode command message #1 to the first value of the first identifier of the security mode command message # 2. That is, the AMF locally stores the value of the first identifier carried in the last sent security mode command message. For example, after the timer (e.g., T3560) expires, the AMF deletes the locally stored second value of the first identifier, and for example, after the AMF locally stores the first value of the first identifier, the locally stored second value of the first identifier is set to invalid or directly deleted.

S440, the terminal equipment verifies the security mode command message #2, and generates a security mode completion message #2 replying to the security mode command message #2 if the verification is successful.

The security mode complete message #2 corresponds to the first security mode complete message involved in the case shown in the above-described implementation # 1.

Specifically, the security mode complete message #2 includes a first value of a second identifier, where the first value of the second identifier is used to identify the security mode complete message #2. The first value of the second flag (e.g., PTI # 1) is the same as the first value of the first flag (e.g., PTI # 1) carried by the replied secure mode command message #2.

In addition, the encrypted message of the security mode completion message #2 also carries an uplink parameter, such as uplink count #1.

For example, if the bottom layer of the terminal device returns to normal, the security mode complete message #1 generated for the security mode command message #1 in step S420 may be sent to the AMF before the security mode complete message #2, and the method shown in fig. 4 further includes:

s450, the terminal device sends the security mode complete message #1 to the AMF, or the AMF receives the security mode complete message #1 from the terminal device.

S451, the terminal device derives a key from the parameters included in the security mode complete message #1.

The terminal equipment performs first key deduction based on the uplink count #0 to obtain K _gNB #0. It should be understood that the terminal device derives the key and sends the security mode complete message #1 without limitation, and the terminal device may perform the key derivation after determining the uplink parameter corresponding to the security mode complete message #1, or may perform the key derivation after sending the security mode complete message # 1.

As can be seen from the description of the security mode complete message #1 generated and replied to by the terminal device with respect to the security mode command message #1 in the above step S420, the security mode complete message #1 carries the second value (e.g., PTI # 2) of the second identifier.

S460, the AMF determines to discard the security mode completion message #1 according to the first value of the first identifier stored locally and the second value of the second identifier of the received security mode completion message #1.

In this embodiment, after the AMF sends the security mode command message #2, the value of the locally stored first identifier is refreshed to be the first value of the first identifier carried by the security mode command message #2, and after the AMF receives the security mode completion message #1 carrying the second value of the second identifier (for example, PTI # 2), it is determined that the second value of the second identifier is different from the first value of the locally stored first identifier, so that it may be determined that the security mode completion message #1 is not a reply to the security mode command message #2 that is sent to the UE last by the AMF, and thus the security mode completion message #1 may be discarded, that is, the AMF does not perform key deduction based on the uplink parameter in the security mode completion message # 1.

S470, the terminal device sends a security mode complete message #2 to the AMF, or the AMF receives the security mode complete message #2 from the terminal device.

S471, the terminal device derives the key according to the parameters included in the security mode complete message # 2. And the terminal equipment performs second key deduction based on the uplink count #1 to obtain K _gNB #1. It should be understood that the terminal device derives the key and sends the security mode complete message #1 without limitation, and the terminal device may perform the key derivation after determining the uplink parameter corresponding to the security mode complete message #2, or may perform the key derivation after sending the security mode complete message #1.

As can be seen from the description of the security mode complete message #2 generated and replied by the terminal device with respect to the security mode command message #2 in the above step S440, the security mode complete message #2 carries the first value (e.g. PTI # 1) of the second identifier.

S480, the AMF derives a key according to the parameters included in the security mode complete message # 2.

Specifically, the AMF derives the key from the parameter included in the security mode complete message #2 in case that the first value of the first identifier and the first value of the second identifier are the same.

Illustratively, after the AMF receives the security mode complete message #2, a first value of the second identifier carried in the security mode complete message #2 is obtained, and a first value of the first identifier stored locally is obtained. The first value of the second identifier included in the security mode completion message #2 is determined to be the same as the first value of the locally stored first identifier, so that the security mode completion message #2 is determined to be the response message of the security mode command message # 2.

In this embodiment, since the value of the first identifier stored locally is refreshed to the first value of the first identifier of the secure mode command message #2 after the AMF sends the secure mode command message #2, when the AMF receives the secure mode complete message #2 carrying the first value of the second identifier (e.g., PTI # 1), it is determined that the first value of the second identifier is the same as the first value of the first identifier stored locally, it can be determined that the secure mode complete message #2 is a reply to the secure mode command message #2, and thus the key can be deduced based on the parameters included in the secure mode complete message # 2.

S490, the AMF sends the key to the access network device.

The AMF performs key (e.g., K _gNB) deduction based on the uplink parameters (e.g., uplink count # 1) to obtain K _gNB #1. And provides K _gNB #1 to the base station. The specific description may refer to the description of step S350 in the embodiment shown in fig. 3, and will not be repeated here.

In the communication method shown in fig. 4, by carrying identification information in the security mode command message and the security mode completion message, so that the network side determines whether the security mode completion message is a reply to the last sent security mode command message according to the value of the second identification carried in the security mode completion message, and avoids the network side from discarding errors, so that the uplink count values maintained by the terminal device and the network side are uniform (e.g., both are uplink count # 1), so that the terminal device and the network generate the same K _gNB (e.g., both are K _gNB # 1).

It should be understood that the above-mentioned AMF transmits the security mode command message #1 and the security mode command message #2 are only examples, and the protection scope of the present application is not limited in any way, and the AMF may also transmit more than two security mode command messages. For example, the AMF may retransmit the security mode command message #1 multiple times, and for example, the AMF may also send other security mode command messages to the terminal device before sending the security mode command message #1 (e.g., the AMF may first send the security mode command message to activate the security key, encryption algorithm, and integrity protection algorithm, and then configure the EPS encryption algorithm and integrity protection algorithm via the security mode command message # 1).

Implementation # 2. Amf retransmits a security mode command message before sending the first security mode command message. For example, the first security mode command message is used to configure EPS encryption and integrity protection algorithms.

In the case shown in the implementation #2, before the AMF sends the first security mode command message to the terminal device, the AMF sends a third security mode command message to the terminal device, the third security mode command message including a third value of the first identifier (e.g., PTI # 3) for identifying the third security mode command message, the third security mode command message being used to activate the security mode command flow, and the AMF sends a fourth security mode command message to the terminal device, the fourth security mode command message including a fourth value of the first identifier, the fourth security mode command message being a retransmission message of the third security mode command message, the third value of the first identifier of the fourth security mode command message being different from the fourth value of the first identifier of the third security mode command message.

Further, in the case shown in the implementation #2, the AMF receives a fourth security mode complete message from the terminal device, where the fourth security mode complete message includes a fourth value of the second identifier, the AMF sends a first security mode command message to the terminal device, where the fourth value of the second identifier is the same as the fourth value of the first identifier, and the fourth security mode complete message is used to instruct the terminal device to support LTE communication, and the AMF sends the first security mode command message to the terminal device.

In addition, before the AMF receives the fourth security mode completion message from the terminal equipment, the method further comprises the step that the AMF receives a third security mode completion message from the terminal equipment, the third security mode completion message comprises a third value of a second identifier, the third value of the second identifier is used for identifying the third security mode completion message, and the AMF discards the third security mode completion message when the third value of the second identifier is different from the fourth value of the first identifier.

For ease of understanding, it is described below how the AMF derives the key using the same parameters as the terminal device in the case shown in implementation #2 in connection with a specific example.

Example two:

as shown in fig. 5, the method comprises the following steps:

S510, the terminal equipment sends an initial NAS message to the AMF.

The initial NAS message is an initial message sent by the terminal device to the AMF, where the initial NAS message includes a capability currently supported by the terminal device, for example, whether the terminal device supports S1 (i.e., a capability of LTE communication), which indicates whether the terminal device supports an IE of S1 cannot carry out plaintext.

S520, the AMF sends an authentication request message to the terminal equipment. The authentication request message is used to request generation of the security key parameters.

S530, the terminal equipment sends an authentication response message to the AMF. The authentication response message indicates that the generation of the security key parameters is complete.

S540, the AMF sends a security mode command message #3 to the terminal device.

The security mode command message #3 corresponds to the third security mode command message related to the case shown in the above-described implementation # 2.

Optionally, the security mode command message #3 carries security capability information of the terminal device, a selected encryption algorithm and a selected integrity protection algorithm. The security capability information of the terminal device is used for the terminal device to determine that the security capability information of the terminal device has not been tampered with during transmission. The selected encryption algorithm and the selected integrity protection algorithm are used for security protection of specific non-access stratum messages.

In this example, the third value of the first identifier (e.g., PTI # 3) is carried in the security mode command message #3, and the downlink parameter, such as downlink count #2, is also carried in the security mode command message # 3. Alternatively, the secure mode command message #3 may be encrypted. It should be appreciated that, in this embodiment, after the AMF sends the security mode command message #3, the AMF may save a third value (e.g., PTI # 3) of the first identifier carried in the security mode command message #3, so as to distinguish and determine whether the received security mode complete message is a response of the security mode command message #3 based on the third value of the first identifier.

S550, the terminal equipment verifies the security mode command message #3, and generates a security mode completion message #3 replying to the security mode command message #3 if the verification is successful.

Optionally, a timer (e.g., T3560) may also be started when the AMF sends the security mode command message #3.

The security mode complete message #3 corresponds to the third security mode complete message related to the case shown in the above-described implementation # 2.

Specifically, the security mode complete message #3 includes a third value of the second flag (e.g., PTI # 3), which is equal to the third value of the first flag.

In addition, the encrypted message of the security mode completion message #3 also carries an uplink parameter, such as uplink count #2.

In this embodiment, after receiving the security mode command message #3, the terminal device processes and replies the security mode command message #3 normally, but the security mode complete message #3 may not reach the AMF in time due to some abnormal situation. The abnormal conditions include that the bottom layer of the terminal equipment is abnormal (such as small uplink grant, poor signal, high error code and the like), and the quality of an air interface between the terminal equipment and the base station is unstable, and the base station is confused in processing.

The security mode complete message #3 of the terminal device for the security mode command message #3 is not received in time at the AMF. For example, in the case where the AMF protection timer (e.g., T3560) expires without receiving the security mode complete message #3, the AMF may resend the security mode command message to the terminal device, and the method shown in fig. 5 further includes:

s560, the AMF sends a security mode command message #4 to the terminal device.

The security mode command message #4 corresponds to the fourth security mode command message related to the case shown in the above-described implementation # 2. The security mode command message #4 is a retransmission message of the security mode command message # 3.

In this example, the secure mode command message #4 carries a fourth value of the first identification (e.g., PTI # 4), and the encrypted secure mode command message #4 also carries a downstream parameter, such as downstream count #2.

It should be appreciated that, in this embodiment, after the AMF sends the security mode command message #4, the AMF locally saves the fourth value (e.g., PTI # 4) of the first identifier carried in the security mode command message #4, so as to determine whether the received security mode complete message is a response of the security mode command message #4 based on the fourth value of the first identifier.

As an alternative implementation, when the AMF locally stores the fourth value of the first identifier, the AMF discards the locally stored third value of the first identifier. Or the AMF updates the third value of the first identifier stored locally to the fourth value of the first identifier. That is, the AMF locally stores the value of the first identifier carried in the last sent security mode command message. For example, after the timer (e.g., T3560) expires, the AMF deletes the third value of the locally stored first identification, and for example, after the AMF locally stores the fourth value of the first identification, the third value of the locally stored first identification is set to invalid or directly deleted.

S570, the terminal device verifies the security mode command message #4, and generates a security mode complete message #4 replying to the security mode command message #4 if the verification is successful.

The security mode complete message #4 corresponds to the fourth security mode complete message related to the case shown in the above-described implementation # 2.

Specifically, the security mode complete message #4 includes a fourth value of the second identifier, which is used to identify the security mode complete message #4. The fourth value of the second flag (e.g., PTI # 4) is the same as the fourth value of the first flag (e.g., PTI # 4) carried by the replied secure mode command message #4.

In addition, the encrypted message of the security mode completion message #4 also carries an uplink parameter, such as uplink count #3.

For example, if the bottom layer of the terminal device returns to normal, the security mode complete message #3 generated for the security mode command message #3 in step S550 may be sent to the AMF before the security mode complete message #4, and the method shown in fig. 5 further includes:

S580, the terminal device sends the security mode complete message #3 to the AMF, or the AMF receives the security mode complete message #3 from the terminal device.

S581, the terminal device derives a key from the parameters included in the security mode complete message # 3.

The terminal equipment performs first key deduction based on the uplink count #2 to obtain K _gNB #2. It should be understood that the terminal device derives the key and sends the security mode complete message #3 without limitation, and the terminal device may perform the key derivation after determining the uplink parameter corresponding to the security mode complete message #3, or may perform the key derivation after sending the security mode complete message #3.

As can be seen from the description of the security mode complete message #3 generated and replied to by the terminal device with respect to the security mode command message #3 in the above step S550, the security mode complete message #3 carries the third value (e.g., PTI # 3) of the second identifier.

S590, the AMF determines the discarding security mode complete message #3 according to the fourth value of the first identifier and the third value of the second identifier.

In this embodiment, since after the AMF sends the security mode command message #4, the value of the locally stored first identifier is refreshed to be the fourth value (e.g., PTI # 4) of the first identifier carried in the security mode command message #4, when the AMF receives the security mode completion message #3 carrying the third value (e.g., PTI # 3) of the second identifier, it is determined that the third value of the second identifier is different from the fourth value of the locally stored first identifier, it may be determined that the security mode completion message #3 is not a reply to the security mode command message #4 that was sent to the UE last by the AMF, so that the security mode completion message #3 may be discarded, i.e., the AMF may not perform key deduction based on the uplink parameter in the security mode completion message # 3.

S591, the terminal device sends a security mode complete message #4 to the AMF, or the AMF receives the security mode complete message #4 from the terminal device.

S592, the terminal device derives a key based on parameters included in the security mode complete message # 4.

And the terminal equipment performs second key deduction based on the uplink count #3 to obtain K _gNB #3. It should be understood that the terminal device derives the key and sends the security mode complete message #4 without limitation, and the terminal device may perform the key derivation after determining the uplink parameter corresponding to the security mode complete message #4, or may perform the key derivation after sending the security mode complete message # 4.

As can be seen from the description of the security mode complete message #4 generated and replied to by the terminal device with respect to the security mode command message #4 in the above step S570, the security mode complete message #4 carries the fourth value (e.g., PTI # 4) of the second identifier.

S593, the AMF determines to send the security mode command message #2.

In this embodiment, since the value of the first identifier stored locally is refreshed to the fourth value (e.g., pti#4) of the first identifier carried in the security mode command message #4 after the AMF sends the security mode command message #4, when the AMF receives the security mode complete message #4 carrying the fourth value (e.g., pti#4) of the second identifier, it is determined that the fourth value of the second identifier is the same as the fourth value of the first identifier stored locally, and it may be determined that the security mode complete message #4 is a reply to the security mode command message # 4.

Further, after the AMF accepts the security mode complete message #4, the AMF parses the complete initial NAS message carried in the security mode complete message #4, discovers that the terminal device supports the S1 capability, and sends an SMC message again when the current N26 interface exists, and configures an EPS encryption complete protection algorithm, where the method flow shown in fig. 5 further includes:

the AMF sends a security mode command message #2 to the terminal device S594.

The security mode command message #2 corresponds to the first security mode command message involved in the case shown in the above-described implementation # 2. Reference is made to the description of step S310 in fig. 3, and a detailed description thereof is omitted.

Specifically, the terminal device verifies the security mode command message #2, and in the case of verification success, generates a security mode complete message #2 replying to the security mode command message #2.

The security mode complete message #2 corresponds to the first security mode complete message involved in the case shown in the above-described implementation # 2.

In addition, it should be noted that, in this embodiment, if the terminal device receives the security mode command message #2 carrying the first value of the first identifier (for example, PTI # 1), it is determined that the first value of the first identifier is greater than the third value carrying the first identifier in the security mode command message #3 (for example, PTI #1 is 3, PTI #3 is 1). The terminal device immediately transmits the security mode complete message #2 to the AMF, so that the terminal device may not receive the above-mentioned security mode command message #4 (e.g., the security mode command message #4 arrives later than the security mode command message #2 due to channel quality problems), or may discard the security mode command message #4 according to the fourth value of the first identifier (e.g., PTI #2 is 2) carried in the security mode command message #4, without processing, thereby saving authentication overhead of the terminal device.

S595, the terminal device sends a security mode complete message #2 to the AMF, or the AMF receives the security mode complete message #2 from the terminal device.

Reference is made to the description of step S320 in fig. 3, and a detailed description thereof will be omitted.

S596, the terminal device derives a key from the parameters included in the security mode complete message #2.

Reference is made to the description of step S330 in fig. 3, and a detailed description thereof is omitted.

S597, the AMF derives a key from the parameters included in the security mode complete message # 2.

Reference is made to the description of step S340 in fig. 3, and a detailed description thereof will be omitted.

S598, the AMF sends the key to the access network device.

Reference is made to the description of step S350 in fig. 3, and a detailed description thereof will be omitted.

S599, the AMF sends a registration success message to the terminal device.

In the communication methods shown in fig. 3 to fig. 5, the identifier information may be carried in the security mode command message sent by the network side to identify different security mode command messages, and the security mode completion message replied by the terminal device carries the identifier carried in the aimed security mode command message to identify that the security mode completion message is a reply to a certain security mode command message, so that the network side may determine, according to the value of the second identifier carried in the received security mode completion message and the value of the first identifier carried in the latest sent security mode command message, whether the received security mode completion message is a response of the latest sent security mode command message, so that parameters of the deduction key of the core network device may be the same as parameters of the deduction key of the terminal device, and the core network device may provide the deduction key to the access network device, so that the terminal side and the access network device side may perform subsequent access layer security verification based on the same key, thereby improving the possibility of success of access layer security verification.

The present application also provides another communication method, by redefining the logic of the terminal device deduction key K _gNB (for example, in the case that the terminal device deducts the key K _gNB based on the latest uplink count value and causes the AS layer security procedure to fail, the terminal device may use the key K _gNB obtained by the last deduction to attempt to re-execute the AS layer security procedure), so that the AS layer security procedure is successfully executed, and the communication method will be described in detail below with reference to fig. 6.

Fig. 6 is a schematic flow chart of another communication method provided by the present application. The method comprises the following steps:

s601, the access network device receives the key from the AMF.

In this embodiment, after receiving the key from the AMF, the access network device may perform integrity protection and/or encryption protection on the access layer security mode command message that is subsequently sent to the terminal device according to the key. The access network device can further generate an access layer signaling surface integrity protection key and/or an access layer signaling surface confidentiality protection key according to the key, and the access layer signaling surface integrity protection key and/or the access layer signaling surface confidentiality protection key are used for carrying out integrity protection and/or encryption protection on the access layer security mode command message which is subsequently sent to the terminal device.

For example, the access network device receives a second key from the AMF.

S610, the access network device sends a fifth security mode command message to the terminal device.

Optionally, the fifth security mode command message is integrity protected and/or cryptographically protected based on the second key. The access network device further generates an access layer signaling surface integrity protection key and/or an access layer signaling surface confidentiality protection key according to the second key, and performs integrity protection and/or encryption protection on the fifth security mode command message by using the access layer signaling surface integrity protection key and/or the access layer signaling surface confidentiality protection key respectively. It should be understood that, in this embodiment, the timing of further generating, by the access network device, the access layer signaling plane integrity protection key and/or the access layer signaling plane confidentiality protection key according to the first key is not limited, and may be generated after sending the fifth security mode command message or after receiving the first key.

The security mode command message sent by the access network device to the terminal device is, for example, in particular an access layer security mode command message.

S620, the terminal equipment performs integrity protection checking and/or decryption on the fifth security mode command message based on the first key.

Specifically, the terminal device performs integrity protection checking and/or decrypting on the fifth security mode command message based on the first key, including:

the terminal device may further generate an access layer signaling plane integrity protection key and/or an access layer signaling plane confidentiality protection key according to the first key, and perform integrity protection verification and/or decryption on the received fifth security mode command message from the access network device by using the access layer signaling plane integrity protection key and/or the access layer signaling plane confidentiality protection key, respectively. It should be understood that, in this embodiment, the timing of further generating the access layer signaling plane integrity protection key and/or the access layer signaling plane confidentiality protection key by the terminal device according to the first key is not limited, and may be generated after receiving the fifth security mode command message or after the deduced first key.

Specifically, in this embodiment, if the terminal device fails to perform the integrity protection check and/or decryption on the fifth security mode command message based on the first key, the terminal device may perform the integrity protection check and/or decryption on the fifth security mode command message again based on at least one key other than the first key, and the method flow shown in fig. 3 further includes:

S630, the terminal equipment performs integrity protection checking and/or decryption on the fifth security mode command message based on the second key.

Specifically, the terminal device performs integrity protection checking and/or decrypting on the fifth security mode command message based on the second key, including:

The terminal device may further generate an access layer signaling plane integrity protection key and/or an access layer signaling plane confidentiality protection key according to the first key, and perform integrity protection verification and/or decryption on the received fifth security mode command message from the access network device by using the access layer signaling plane integrity protection key and/or the access layer signaling plane confidentiality protection key, respectively. It should be understood that, in this embodiment, the timing of further generating the access layer signaling plane integrity protection key and/or the access layer signaling plane confidentiality protection key by the terminal device according to the second key is not limited, and may be generated after the integrity protection check and/or decryption failure of the fifth security mode command message based on the first key, or may be generated after the deduced second key.

The first key based on the integrity protection check and/or decryption of the fifth security mode command message by the terminal equipment side is obtained by deducting the first parameter in the completion message of the seventh security mode by the terminal equipment, and the second key is obtained by deducting the second parameter in the completion message of the sixth security mode by the terminal equipment.

For easy understanding, the following describes a case of sending the sixth security mode complete message and the seventh security mode complete message, and before the access network device sends the fifth security mode command message to the terminal device, the method flow shown in fig. 6 further includes:

s611, the AMF sends a sixth security mode command message to the terminal device.

The sixth security mode command message carries a first parameter, where the first parameter is used to derive the first key.

S612, the terminal equipment sends a sixth security mode completion message to the AMF.

After receiving the sixth secure mode command message, the terminal device verifies the sixth secure mode command message, and generates a sixth secure mode completion message in reply to the sixth secure mode command message if verification is successful.

S613, the terminal device derives a key according to the parameters included in the sixth security mode complete message.

Specifically, the terminal device performs key (e.g., K _gNB) deduction based on an uplink parameter (e.g., uplink count) corresponding to the sixth security mode completion message, to obtain the second key. It should be understood that the time for the terminal device to derive the second key and send the sixth security mode completion message is not limited, and the terminal device may perform key derivation after determining the uplink parameter corresponding to the sixth security mode completion message, or may perform key derivation after sending the sixth security mode completion message.

S614, the AMF derives a key from the parameters included in the sixth security mode complete message.

Specifically, the AMF performs key (e.g., K _gNB) deduction based on an uplink parameter (e.g., uplink count) corresponding to the sixth security mode complete message, to obtain the second key. And providing the deduced second key to the access network device.

S615, the AMF sends a seventh security mode command message to the terminal device.

Optionally, the seventh security mode command message is a retransmission message of the sixth security mode complete message.

S616, the terminal device sends a seventh security mode complete message to the AMF.

After receiving the seventh security mode command message, the terminal device verifies the seventh security mode command message, and generates a seventh security mode completion message in reply to the sixth security mode command message if the verification is successful.

S617, the terminal device derives a key from the parameters included in the seventh security mode complete message.

Specifically, the terminal device performs key (e.g., K _gNB) deduction based on an uplink parameter (e.g., uplink count) corresponding to the seventh security mode completion message, to obtain the first key. It should be understood that the time for the terminal device to derive the first key and send the seventh security mode completion message is not limited, and the terminal device may perform key derivation after determining the uplink parameter corresponding to the seventh security mode completion message, or may perform key derivation after sending the seventh security mode completion message.

It should be noted that, in this embodiment, the integrity protection check of the security mode command message received from the access network device by the terminal device based on the first key and the second key is merely an example, and the protection scope of the present application is not limited in any way, and the terminal device may also perform the integrity protection check of the security mode command message received from the access network device based on keys other than the first key and the second key.

For example, if the integrity protection check of the fifth security mode command message by the terminal device based on the second key fails, the terminal device may further perform the integrity protection check of the fifth security mode command message based on a third key, where the third key is derived based on a third parameter in a fifth security mode completion message, the fifth security mode completion message is a security mode completion message sent by the terminal device to the AMF in the non-access stratum security mode control flow, and the fifth security mode completion message is sent earlier than the sixth security mode completion message.

As known from the above-mentioned integrity protection checking procedure of the terminal device for the security mode command message received from the access network device, the terminal device may perform integrity protection checking for the security mode command message received from the access network device based on different keys, and in this embodiment, the manner in which the terminal device obtains the different keys includes, but is not limited to, the following two implementation manners:

As one possible implementation, after sending the security mode complete message to the AMF, the terminal device derives and saves the key locally based on parameters in the security mode complete message. The key is used to generate the key required for access stratum security check.

For example, after the terminal device sends a seventh security mode completion message to the AMF in response to the seventh security mode command message, the terminal device derives a first key according to the first parameter and stores the first key, and for example, after the terminal device sends a sixth security mode completion message to the AMF in response to the sixth security mode command message, the terminal device derives a second key according to the second parameter and stores the second key.

In addition, it should be noted that, in the embodiment shown in fig. 6, the scenario in which the AMF sends multiple security mode command messages (for example, the scenario in which the AMF retransmits the security mode command messages) is mainly taken as an example, the terminal device performs integrity protection verification on the security mode command messages received from the access network device based on different key verification, so that the protection scope of the present application is not limited, and the terminal device performs integrity protection verification on the security mode command messages received from the access network device based on different keys may also be applied in other scenarios, including, but not limited to, that the terminal device locally stores multiple keys, or that the terminal device locally stores multiple parameters for deriving the keys, and the obtaining mode of the keys and parameters required by the deriving the keys is not limited.

In this implementation manner, when the subsequent terminal device performs integrity protection verification on the security mode command message received from the access network device according to the method shown in fig. 6, the integrity protection verification process can be directly performed based on the stored key, which consumes less time, but requires a larger memory space for storing the key. In addition, if the key is continuously used for integrity protection verification, a large number of keys need to be saved to occupy a large amount of memory, and certain security risks possibly exist, so that in order to save memory expenditure and ensure security, in the implementation mode, the terminal equipment can save the key obtained by the last deduction, if the integrity protection verification fails, the key saved before the key is used for integrity protection verification again, if the integrity protection verification fails again, the integrity protection verification of the access network equipment is returned, and if the integrity protection verification of the access network equipment is successful, the integrity protection verification of the access network equipment is returned to be successful.

As another possible implementation, after the terminal device sends the security mode complete message to the AMF, the terminal device locally saves the parameters in the security mode complete message.

The terminal device saves the first parameter after, for example, the terminal device sends a seventh security mode complete message to the AMF in response to the seventh security mode command message, and saves the second parameter after, for example, the terminal device sends a sixth security mode complete message to the AMF in response to the sixth security mode command message.

In this implementation manner, when the subsequent terminal device performs integrity protection verification on the security mode command message received from the access network device according to the method shown in fig. 6, it needs to perform key deduction according to different parameters, and performs integrity protection verification processing based on the deduced key, where the saved parameter occupies less memory, but the processing time is longer. And if the previous parameters are continuously used for carrying out key deduction, and the integrity protection verification processing is carried out based on the key obtained by deduction, a large amount of parameters need to be saved to occupy a large amount of memory, and certain security risks possibly exist for long processing time, so that in order to save memory expenditure and ensure security, in the implementation mode, the terminal equipment can save the previous parameters, if the integrity protection verification fails, the parameter saved before is used for deducting the key again for carrying out the integrity protection verification, if the integrity protection verification fails again, the integrity protection verification of the access network equipment is returned to failure, and if the integrity protection verification of the access network equipment is successful, the integrity protection verification of the access network equipment is returned to success.

In this embodiment, to avoid the problems of high memory overhead and security risk caused by continuously repeating the attempt to perform integrity protection checking on the security mode command message received from the access network device, the terminal device may determine whether the number of repeated attempts has reached the threshold before performing the integrity protection checking on the security mode command message again.

For example, before the terminal device performs integrity protection checking on the fifth security mode command message based on the second key, the terminal device determines that the number of times the integrity protection checking is performed on the fifth security mode command message is less than a first threshold.

Optionally, the value of the first threshold is N (e.g., n=5), which can be understood that when the RRC at the terminal device side receives the security mode command message of the access network device, integrity protection checking is performed, if the checking fails, the integrity protection checking is performed again by using the key that was derived before (or the key that was derived based on the previous parameter), the checking of the access network device is returned if the keys (or parameters) that can be tried N times or that are stored locally have all been tried, and if the checking of the access network device fails, the checking of the access network device is returned if the checking of the access network device is successful, and the set of keys that is successfully completed by the RRC at the terminal device side is started.

In the communication method shown in fig. 6, after the integrity protection verification of the security mode command message sent by the access network device fails, the terminal device may also use the key (or the key re-deduced by the previous uplink count value) deduced and stored before to verify, so as to support the terminal device to perform multiple integrity protection verification, thereby improving the probability of success of the integrity protection verification of the terminal device.

The application also provides a communication method, in which the network side delays the deduction key so that the terminal device and the network side can generate the same key, and the communication method will be described in detail below with reference to fig. 7.

Fig. 7 is a schematic flow chart of yet another communication method provided by the present application. The method comprises the following steps:

S710, the terminal equipment sends an eighth security mode completion message to the AMF.

Specifically, the eighth security mode complete message includes a fourth parameter (e.g., a fourth uplink count).

The AMF delays deriving the key and/or delays sending the key to the access network device S720.

The AMF receives the eighth security mode complete message. Further, if the AMF retransmits the security mode command message due to the expiration of the first timer (e.g., T3560 timer) before receiving the eighth security mode complete message, the AMF may delay deduction of the key and/or delay sending the key to the access network device after receiving the eighth security mode complete message, thereby waiting for whether other security mode complete messages can be received.

The retransmission of the security mode command message before the AMF receives the eighth security mode completion message may specifically be that the AMF sends the eighth security mode command message to the terminal device and starts the first timer before the AMF receives the eighth security mode completion message from the terminal device, and after the first timer times out, the AMF sends the ninth security mode command message to the terminal device, where the ninth security mode command message is a retransmission message of the eighth security mode command message.

In the case that retransmission of the security mode command message has occurred, the AMF may delay deduction of the key and/or delay sending of the key to the access network device after receiving the security mode complete message from the terminal device, including but not limited to the following two implementations:

As a possible implementation, in case no further security mode complete message from the terminal device is received yet when the second timer expires, the AMF derives a fourth key and sends the fourth key to the access network device, the fourth key being derived from the fourth parameter.

As another possible implementation, the AMF sends a fourth key to the access network device, the fourth key being derived from the fourth parameter, in case no further security mode complete message from the terminal device has been received at the time of expiration of the second timer. In this implementation, the timing of obtaining the fourth key by the AMF deduction is not limited, and may be when the second timer expires or after receiving the fourth parameter.

As yet another possible implementation manner, before the second timer expires, a ninth security mode complete message is received from the terminal device, and the AMF derives a fifth key according to a fifth parameter (e.g., a fifth uplink count) in the ninth security mode complete message, and sends the fifth key to the access network device.

For ease of understanding, how the AMF delays the derived key is described below in connection with a specific implementation:

The security mode command message sent by the amf to the terminal device in implementation #3 includes an eighth security mode command message and a ninth security mode command message, and the ninth security mode command message is a retransmission message of the eighth security mode command message.

How the AMF derives keys in the case shown in implementation #3 is described in detail below in connection with fig. 8. As shown in fig. 8, the method comprises the following steps:

s811, the AMF sends an eighth security mode command message to the terminal device and starts a first timer.

S812, the first timer (e.g., T3560) of the AMF times out, a ninth security mode command message is sent to the terminal device, and the first timer is restarted.

In this embodiment, in case that the first timer (e.g., T3560) expires without receiving a response message of the eighth security mode command message, the AMF may retransmit the security mode command message to the terminal device, i.e., the ninth security mode command message is a retransmission message of the eighth security mode command message.

S813, the terminal device sends an eighth security mode completion message to the AMF. The eighth secure mode complete message is a message of the terminal device in response to the eighth secure mode command message. As a possible implementation, the AMF may start the second timer at the moment when the eighth security mode complete message is received, and the AMF derives the key and/or sends the key according to the second timer timeout condition. In this implementation, the AMF starts the second timer at the time the eighth secure mode complete message is received. How the AMF derives the key and/or the send key based on the second timer timeout condition will be described in detail below and will not be described in detail here.

As another possible implementation, the AMF may start the second timer at the moment of sending the ninth security mode command message to the terminal device, and the AMF derives the key and/or sends the key according to the second timer timeout condition. In this implementation, the AMF starts the second timer at the moment the ninth security mode command message is sent to the terminal device. How the AMF derives the key and/or the send key based on the second timer timeout condition will be described in detail below and will not be described in detail here.

By way of example and not limitation, the second timer may be a first timer, e.g., the second timer is T3560. Or the second timer is a different timer from the T3560, for example, the timing duration of the second timer is smaller than the timing duration of the first timer, for example, the timing duration of the second timer is greater than the timing duration of the first timer, which is not limited in this embodiment, and may be set with reference to the historical communication data.

The AMF derives the key and/or sends the key according to the condition of the second timer timeout, and specifically includes the following possible implementation manners:

As a possible implementation, in case a ninth security mode complete message in response to the ninth security mode command message from the terminal device is not yet received when the second timer expires, the AMF derives a fourth key and sends the fourth key to the access network device, the fourth key being derived from the fourth parameter.

As another possible implementation, the AMF sends a fourth key to the access network device, the fourth key being derived from the fourth parameter, in case a ninth security mode complete message from the response to the ninth security mode command message has not been received yet when the second timer expires. In this implementation, the timing of obtaining the fourth key by the AMF deduction is not limited, and may be when the second timer expires or after receiving the fourth parameter.

As yet another possible implementation, before the second timer expires, a ninth security mode complete message is received from the terminal device in response to the ninth security mode command message, and the AMF derives a fifth key according to a fifth parameter (e.g., a fifth uplink count) in the ninth security mode complete message, and sends the fifth key to the access network device.

If the AMF receives a ninth security mode completion message from the terminal device in response to the ninth security mode command message before the second timer expires, the AMF derives a fifth key according to a fifth parameter in the ninth security mode completion message, and sends the fifth key to the access network device, a method flow shown in fig. 8 may further include:

S814, the terminal device sends a ninth security mode completion message to the AMF. The ninth security mode complete message is a message of the terminal device in response to the ninth security mode command message, the ninth security mode complete message including the fifth parameter.

At S815, the AMF derives a key from the fifth parameter.

Before the second timer times out, the AMF receives a ninth security mode complete message. The AMF further derives the key according to the fifth parameter and sends the derived key to the access network device.

The AMF sends the key to the access network device S816.

If the second timer times out, the AMF may send the fourth key derived from the fourth parameter included in the eighth security mode completion message to the access network device, which may not limit the timing of obtaining the fourth key by the AMF, or may perform multiple key derivation sequentially when the second timer times out, or may obtain multiple keys (e.g., perform key derivation after the AMF receives the eighth security mode completion message, obtain the fourth key, perform key derivation after receiving the ninth security mode completion message, and obtain the fifth key), where the AMF provides the access network device with the key obtained by the latest derivation.

In addition, it should be noted that, if the AMF determines that the key is not required to be sent to the access network device according to the received eighth security mode completion message, the AMF may not need to start the second timer. For example, the AMF determines, according to the information of the terminal device carried in the eighth security mode completion message, that security protection is not required when the terminal device subsequently performs access layer message transmission with the access network device.

The security mode command message sent by the amf to the terminal device in turn includes an eighth security mode command message, a ninth security mode command message, and a tenth security mode command message, where the ninth security mode command message is a retransmission message of the eighth security mode command message.

How the AMF derives keys in the case shown in implementation #4 is described in detail below in connection with fig. 9. As shown in fig. 9, the method comprises the following steps:

S911, the AMF sends the eighth security mode command message to the terminal device and starts the first timer.

S912, the first timer (e.g., T3560) of the AMF times out, a ninth security mode command message is sent to the terminal device, and the first timer is restarted.

In this embodiment, in case that the first timer (e.g., T3560) expires without receiving a response message of the eighth security mode command message, the AMF may retransmit the security mode command message to the terminal device, i.e., the ninth security mode command message is a retransmission message of the eighth security mode command message.

S913, the terminal device sends a security mode complete message #a to the AMF. The security mode complete message #a is a message of the terminal device responding to the eighth security mode command message, and the AMF stops the first timer.

S914, the AMF sends a tenth security mode command message to the terminal device and restarts the first timer.

S915, the terminal device sends a security mode completion message #b to the AMF. The security mode complete message #b is a message of the terminal device in response to the ninth security mode command message. The security mode completion message #b corresponds to the eighth security mode completion message shown in fig. 7.

As one possible implementation, the AMF may start the second timer at the moment the security mode complete message #b is received.

As another possible implementation, the AMF may start the second timer at the moment the tenth security mode command message is sent to the terminal device.

The descriptions of the first timer and the second timer may refer to the descriptions in the above example three, and are not repeated here.

Further, if before the second timer expires, the AMF receives a security mode complete message #c from the terminal device in response to the tenth security mode command message, the AMF derives a fifth key according to a fifth parameter in the security mode complete message #c, and sends the fifth key to the access network device, a method flow shown in fig. 9 may further include:

s916, the terminal device sends a security mode complete message #C to the AMF. The security mode complete message #c is a message of the terminal device in response to the tenth security mode command message.

S917, AMF derives the key according to the fifth parameter.

Before the second timer times out, the AMF receives a security mode complete message #c. The AMF further derives the key according to the fifth parameter and sends the derived key to the access network device.

The AMF provides the key to the access network device S918.

It should be noted that, if after the second timer expires, the AMF does not receive any other security mode completion message except the security mode completion message #b, the AMF may derive a fourth key according to a fourth parameter included in the security mode completion message #b, and send the fourth key to the access network device.

In addition, the communication methods shown in fig. 6 and 7 may be used in combination. For example, the AMF side may not derive the same key as the terminal device side (e.g., the T3560 timer times out again, and the AMF side has not received the security mode complete message), and the terminal device may perform the integrity protection check by using the method shown in fig. 6.

In the communication method shown in fig. 7, after the AMF receives the security mode complete message from the terminal device, the provision of the key to the access network device may be deferred and the second timer started. If the AMF does not receive other security mode completion messages when the second timer is overtime, the AMF provides keys for the access network equipment, or receives other security mode completion messages when the second timer is not overtime, the AMF performs key deduction based on parameters in the latest received security mode completion messages, and provides the deduced keys for the access network equipment. The parameters of the key deduction by the core network equipment can be the same as those of the key deduction by the terminal, and the core network equipment can provide the key obtained by deduction for the access network equipment, so that the terminal side and the access network equipment side can carry out subsequent access layer security check based on the same key, and the possibility of success of the access layer security check is improved.

The application also provides a communication method, when the security mode command message sequentially sent by the AMF to the terminal device comprises an eighth security mode command message, a ninth security mode command message and a tenth security mode command message, and the ninth security mode command message is a retransmission message of the eighth security mode command message, the sending moment of the tenth security mode command message is deferred, so that after receiving a response message of the retransmitted security mode command message (such as the ninth security mode command message), the AMF can send a subsequent security mode command message, thereby avoiding that the AMF misjudges that the received response message of the ninth security mode command message is the response message of the tenth security mode command message, and using a parameter different from a terminal device side to deduce a secret key to cause the failure of the security check of the access layer. The communication method will be described in detail with reference to fig. 10.

Fig. 10 is a schematic flow chart of yet another communication method provided by the present application. The method comprises the following steps:

s1011, the AMF sends an eighth security mode command message to the terminal device and starts a first timer.

S1012, the first timer (e.g., T3560) of the AMF times out, a ninth security mode command message is sent to the terminal device, and the first timer is restarted.

In this embodiment, in case that the first timer (e.g., T3560) expires without receiving a response message of the eighth security mode command message, the AMF may retransmit the security mode command message to the terminal device, i.e., the ninth security mode command message is a retransmission message of the eighth security mode command message.

S1013, the terminal device sends an eighth security mode completion message to the AMF. The eighth secure mode complete message is a message of the terminal device in response to the eighth secure mode command message.

In this embodiment, the AMF may stop the first timer and start the third timer at the time when the eighth secure mode complete message is received.

By way of example and not limitation, the third timer may be the first timer, e.g., the third timer is T3560. Or the third timer is a different timer from T3560, for example, the timing duration of the third timer is smaller than the timing duration of the first timer, for example, the timing duration of the third timer is greater than the timing duration of the first timer, which is not limited in this embodiment, and may be set with reference to the historical communication data.

S1014, the terminal device transmits a ninth security mode complete message to the AMF. The ninth secure mode complete message is a message of the terminal device in response to the ninth secure mode command message.

As a possible implementation manner, if the AMF receives the UE to send the ninth security mode complete message before the third timer expires, the AMF sends the tenth security mode command message to the terminal device based on the ninth security mode complete message, and restarts the first timer.

As another possible implementation, if the AMF does not receive the ninth security mode complete message before the third timer expires, after the third timer expires, the AMF sends a tenth security mode command message to the terminal device.

S1015, the AMF sends a tenth security mode command message to the terminal device and restarts the first timer.

S1016, the terminal device sends a tenth security mode completion message to the AMF. The tenth secure mode complete message is a message of the terminal device in response to the tenth secure mode command message.

S1017, the AMF derives the key according to the parameters in the tenth security mode command message.

S1018, the AMF provides the key to the access network device.

The application also provides a communication method, when the access network device receives the security mode failure message from the terminal device, the access network device can re-request the AMF to provide the key, and re-initiate the access layer security mode control flow based on the re-acquired key, so as to improve the possibility of successful access layer security check, and the communication method will be described in detail below with reference to fig. 11.

Fig. 11 is a schematic flow chart of yet another communication method provided by the present application. The method comprises the following steps:

S1111, AMF sends an eighth security mode command message to the terminal device and starts a first timer.

S1112, the first timer (e.g., T3560) of the AMF times out, a ninth security mode command message is sent to the terminal device, and the first timer is restarted.

In this embodiment, in case that the first timer (e.g., T3560) expires without receiving a response message of the eighth security mode command message, the AMF may retransmit the security mode command message to the terminal device, i.e., the ninth security mode command message is a retransmission message of the eighth security mode command message.

S1113, the terminal device sends an eighth security mode completion message to the AMF. The eighth secure mode complete message is a message of the terminal device in response to the eighth secure mode command message.

S1114, the terminal device derives a key from the parameters included in the eighth security mode complete message.

Specifically, the terminal device performs key (e.g., K _gNB) deduction based on an uplink parameter (e.g., uplink count) corresponding to the eighth security mode completion message, to obtain a fourth key. It should be understood that the time for the terminal device to derive the fourth key and send the eighth security mode complete message is not limited, and the terminal device may perform key derivation after determining the uplink parameter corresponding to the eighth security mode complete message, or may perform key derivation after sending the eighth security mode complete message.

In this embodiment, the AMF may stop the first timer at the time when the eighth security mode complete message is received and generate a fourth key, which is provided to the access network device.

In this embodiment, after receiving the fourth key, the access network device may send an access layer security mode command message to the terminal device. See, in particular, S1117.

S1115, the terminal device sends a ninth security mode complete message to the AMF. The ninth secure mode complete message is a message of the terminal device in response to the ninth secure mode command message.

S1116, the terminal device derives a key according to the parameters included in the ninth security mode complete message.

Specifically, the terminal device performs key (e.g., K _gNB) deduction based on an uplink parameter (e.g., uplink count) corresponding to the ninth security mode completion message, to obtain a fifth key. It should be understood that the time for the terminal device to derive the fifth key and send the ninth security mode completion message is not limited, and the terminal device may perform key derivation after determining the uplink parameter corresponding to the ninth security mode completion message, or may perform key derivation after sending the ninth security mode completion message. As a possible implementation manner, after receiving the ninth security mode completion message, the AMF saves the uplink parameter in the ninth security mode command message.

As another possible implementation, after receiving the ninth security mode complete message, the AMF derives the fifth key based on the uplink parameter in the ninth security mode command message, but does not need to provide the fifth key to the access network device.

S1117, the access network device sends an access layer security mode command message to the terminal device.

In this embodiment, after receiving the fourth key from the AMF, the access network device may perform integrity protection and/or encryption protection on the access layer security mode command message that is subsequently sent to the terminal device according to the fourth key. The access network device can further generate an access layer signaling surface integrity protection key and/or an access layer signaling surface confidentiality protection key according to the fourth key, and respectively use the access layer signaling surface integrity protection key and/or the access layer signaling surface confidentiality protection key to carry out integrity protection and/or encryption protection on the access layer security mode command message which is subsequently sent to the terminal device.

Because the access network device performs integrity protection and/or encryption protection on the access layer security mode command message according to the fourth key, and the terminal device obtains the fifth key based on deduction of the uplink parameter in the ninth security mode command message, which is stored at the terminal device side, the terminal device fails to perform integrity check on the access layer security mode command message based on the fifth key.

S1118, the terminal device sends an access layer security mode failure message to the access network device.

Optionally, the access layer security mode failure message includes a cause value, where the cause value is used to instruct the terminal device to verify that the access layer security mode command message fails in integrity protection.

In this embodiment, after the access network device receives the access stratum security mode failure message, the access stratum security mode failure message may be sent to the AMF again to request the key, instead of directly sending the connection failure message to the terminal device.

Alternatively, the access network device may determine whether to request a key from the AMF. For example, if the access stratum security mode failure message carries a cause value, it is determined whether to request a key from the AMF according to the cause value (e.g., when the cause value indicates a key error, the key is requested from the AMF, or, when the cause value indicates that the terminal device is abnormal, the key is not requested from the AMF), or the access network device may also determine whether to request a key from the AMF according to a local policy.

Illustratively, in the case where the access network device decides to request the key from the AMF, the method flow shown in fig. 1 further includes:

S1119, the access network device sends a first request message to the AMF. The first request message is for requesting a key.

S1101, the AMF sends a first response message to the access network device. The fifth key is included in the first response message.

Specifically, the time when the access network device sends the access layer security mode command message is later than the time when the AMF receives the ninth security mode completion message, that is, the time when the AMF receives the first request message, the uplink parameters required by the fifth key or deduction of the fifth key are already stored locally.

The AMF regenerates the fifth key according to the locally stored uplink parameter value or sends the generated fifth key to the access network equipment. For example, if the AMF locally stores the uplink parameter, the fifth key is derived according to the uplink parameter, and for example, if the AMF locally stores the fifth key, the fifth key is directly used.

In this embodiment, after the access network device obtains the fifth key, the access layer security mode control procedure may be reinitiated based on the fifth key. For example, the access network device may perform integrity protection and/or encryption protection on the access layer security mode command message subsequently sent to the terminal device according to the fifth key. The access network device can further generate an access layer signaling surface integrity protection key and/or an access layer signaling surface confidentiality protection key according to the key, and respectively use the access layer signaling surface integrity protection key and/or the access layer signaling surface confidentiality protection key to carry out integrity protection and/or encryption protection on the access layer security mode command message which is subsequently sent to the terminal device.

In this embodiment, the key used by the access network device to initiate the access layer security mode control procedure twice is derived based on different parameters, and the different parameters are carried in different security mode completion messages, where the different security mode completion messages are security mode completion messages sent by the terminal device to the core network device in the security mode control procedure. Specifically, the core network device performs key deduction based on parameters in the different security mode completion messages to obtain a corresponding key, and provides the deduced key to the access network device, so that the access network device can perform subsequent access layer security check based on the corresponding key, the key at the access network device side is provided by the core network device, the core network device receives a plurality of security mode completion messages from the terminal device, the parameters used by the core network device to deduce the key may be parameters carried in one of the plurality of security mode completion messages, and the parameters used by the parameter and the parameters used by the terminal device to deduce the key may be different, therefore, if the access network device receives the access layer security mode failure message, the access layer device acquires the key again, and initiates the access layer security mode control flow again based on the acquired key, the used key may be exactly the same as the key on which the terminal device checks the access layer security mode command message is based, so that the terminal side and the access network device side can perform subsequent access layer security check based on the same key, and the possibility of success of the access layer security check is improved.

It should be understood that, in the method flow shown in fig. 11, the access network device may re-acquire the key from the AMF through the first request message after receiving the access layer security mode failure message, and re-initiate the access layer security mode control flow based on the acquired key, where the flow after re-initiating the access layer security mode control flow is not limited in the present application, for example, if the access network device receives the access layer security mode failure message again, the access network device may send an RRC release message to the terminal device, or may also be the access network device may re-acquire the key from the AMF, and re-initiate the access layer security mode control flow based on the acquired key, where the number of times that the access network device re-initiates the access layer security mode control flow may be one or multiple times in this embodiment. In addition, the number of times of retransmission of the security mode command message in the security mode control flow of the non-access layer is not limited in the present application.

The application also provides a communication method, when the access network device receives the security mode failure message from the terminal device, the access network device can start a timer, and after the timer is overtime, the RRC release message is sent, if the key from the AMF is received before the timer is overtime, the access layer security mode control flow can be restarted based on the received key, so as to improve the possibility of successful access layer security check, and the communication method will be described in detail below with reference to FIG. 12.

Fig. 12 is a schematic flow chart of yet another communication method provided by the present application. The method comprises the following steps:

S1211, the AMF sends an eighth security mode command message to the terminal device and starts the first timer.

S1212, the first timer (e.g., T3560) of the AMF times out, a ninth security mode command message is sent to the terminal device, and the first timer is restarted.

In this embodiment, in case that the first timer (e.g., T3560) expires without receiving a response message of the eighth security mode command message, the AMF may retransmit the security mode command message to the terminal device, i.e., the ninth security mode command message is a retransmission message of the eighth security mode command message.

S1213, the terminal device transmits an eighth security mode completion message to the AMF. The eighth secure mode complete message is a message of the terminal device in response to the eighth secure mode command message.

S1214, the terminal device derives a key according to the parameters included in the eighth security mode complete message.

Specifically, the terminal device performs key (e.g., K _gNB) deduction based on an uplink parameter (e.g., uplink count) corresponding to the eighth security mode completion message, to obtain a fourth key. It should be understood that the time for the terminal device to derive the fourth key and send the eighth security mode complete message is not limited, and the terminal device may perform key derivation after determining the uplink parameter corresponding to the eighth security mode complete message, or may perform key derivation after sending the eighth security mode complete message.

In this embodiment, the AMF may stop the first timer at the time when the eighth security mode complete message is received and generate a fourth key, which is provided to the access network device.

In this embodiment, after receiving the fourth key, the access network device may send an access layer security mode command message to the terminal device. See in particular S1215.

S1215, the access network device sends an access layer security mode command message #1 to the terminal device.

In this embodiment, after receiving the fourth key from the AMF, the access network device may perform integrity protection and/or encryption protection on the access layer security mode command message that is subsequently sent to the terminal device according to the fourth key. The access network device can further generate an access layer signaling surface integrity protection key and/or an access layer signaling surface confidentiality protection key according to the fourth key, and respectively use the access layer signaling surface integrity protection key and/or the access layer signaling surface confidentiality protection key to carry out integrity protection and/or encryption protection on the access layer security mode command message which is subsequently sent to the terminal device.

S1216, the terminal device sends an access stratum security mode failure message #1 to the access network device.

Optionally, the access network device starts a fourth timer for waiting if the AMF will send the newly generated key.

In case the fourth timer has expired without receiving the fifth key from the AMF, the access network device sends a radio resource control release message to the terminal device, or

And before the fourth timer is overtime, the access network equipment receives a fifth key from the AMF, and the access network equipment carries out access layer security mode control flow again based on the fifth key.

S1217, the terminal device transmits a ninth security mode complete message to the AMF. The ninth secure mode complete message is a message of the terminal device in response to the ninth secure mode command message.

S1218, the terminal device derives a key from the parameters included in the ninth security mode complete message.

Specifically, the terminal device performs key (e.g., K _gNB) deduction based on an uplink parameter (e.g., uplink count) corresponding to the ninth security mode completion message, to obtain a fifth key. It should be understood that the time for the terminal device to derive the fifth key and send the ninth security mode completion message is not limited, and the terminal device may perform key derivation after determining the uplink parameter corresponding to the ninth security mode completion message, or may perform key derivation after sending the ninth security mode completion message.

After receiving the ninth security mode completion message, the AMF derives a fifth key based on the uplink parameter in the ninth security mode command message, and provides the fifth key to the access network device.

S1219, the AMF sends the fifth key to the access network device.

S1201, the access network device sends an access layer security mode command message #2 to the terminal device.

In this embodiment, after receiving the fifth key from the AMF, the access network device may perform integrity protection and/or encryption protection on the access layer security mode command message that is subsequently sent to the terminal device according to the fifth key. The access network device can further generate an access layer signaling surface integrity protection key and/or an access layer signaling surface confidentiality protection key according to the fourth key, and respectively use the access layer signaling surface integrity protection key and/or the access layer signaling surface confidentiality protection key to carry out integrity protection and/or encryption protection on the access layer security mode command message which is subsequently sent to the terminal device.

Further, in the case of starting the fourth timer, this step S1201 is performed in the case where the fourth timer has not expired, and the access network device stops the fourth timer.

S1202, the terminal equipment sends an access layer security mode completion message to the access network equipment.

The access network equipment verifies that the access layer security mode completion message is successful and completes the air interface security activation process between the terminal equipment and the access network equipment.

In the embodiment shown in fig. 12, when the access network device receives the security mode failure message from the terminal device, the access network device may temporarily not feed back the RRC release message, but start a fourth timer such as a fourth timer to timeout and then send the RRC release message to the terminal device, so as to release the connection between the terminal device and the access network device. Or other keys provided by the core network may be received before the fourth timer expires, the access stratum security mode control procedure may be re-attempted based on the received keys.

It should be understood that the sequence numbers of the above processes do not mean the order of execution, and the execution order of the processes should be determined by the functions and internal logic of the processes, and should not be construed as limiting the implementation process of the embodiments of the present application.

It is also to be understood that in the various embodiments of the application, where no special description or logic conflict exists, the terms and/or descriptions between the various embodiments are consistent and may reference each other, and features of the various embodiments may be combined to form new embodiments in accordance with their inherent logic relationships.

It should also be understood that in some of the foregoing embodiments, the devices in the existing network architecture are mainly described as examples (such as AMF, access network device, and terminal device, etc.), and it should be understood that the embodiments of the present application are not limited to specific forms of the devices. For example, devices that can achieve the same functions in the future are applicable to the embodiments of the present application.

It will be appreciated that in the foregoing embodiments of the methods and operations implemented by devices (such as AMFs, access network devices, and terminal devices, etc.), the methods and operations may also be implemented by components (such as chips or circuits) of the devices.

The communication method provided by the embodiment of the application is described in detail above with reference to fig. 3 to 12. The communication method is mainly introduced from the interaction angle among protocol layers of the terminal equipment. It will be appreciated that, in order to implement the above-mentioned functions, the terminal device includes corresponding hardware structures and/or software modules for performing the respective functions.

Those of skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is implemented as hardware or computer software driven hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

The following describes the communication device provided by the present application in detail with reference to fig. 13 to 15. It should be understood that the descriptions of apparatus embodiments and the descriptions of method embodiments correspond to each other. Therefore, reference may be made to the above method embodiments for details, and some of these are not described again for brevity.

The embodiment of the application can divide the function modules of the transmitting end equipment or the receiving end equipment according to the method example, for example, each function module can be divided corresponding to each function, and two or more functions can be integrated in one processing module. The integrated modules may be implemented in hardware or in software functional modules. It should be noted that, in the embodiment of the present application, the division of the modules is schematic, which is merely a logic function division, and other division manners may be implemented in actual implementation. The following description will take an example of dividing each functional module into corresponding functions.

Fig. 13 is a schematic block diagram of a communication device 10 provided in an embodiment of the present application. The device 10 comprises a transceiver module 11 and a processing module 12. The transceiver module 11 may implement a corresponding communication function, the processing module 12 is configured to perform data processing, or the transceiver module 11 is configured to perform operations related to reception and transmission, and the processing module 12 is configured to perform operations other than reception and transmission. The transceiver module 11 may also be referred to as a communication interface or a communication unit.

Optionally, the apparatus 10 may further include a storage module 13, where the storage module 13 may be configured to store instructions and/or data, and the processing module 12 may read the instructions and/or data in the storage module, so that the apparatus implements the actions of the devices in the foregoing method embodiments.

In one design, the apparatus 10 may correspond to the AMF of the method embodiments above, or may be a component (e.g., a chip) of the AMF.

The apparatus 10 may implement steps or processes corresponding to those performed by the AMF in the above method embodiment, where the transceiver module 11 may be configured to perform operations related to the transmission and reception of the AMF in the above method embodiment, and the processing module 12 may be configured to perform operations related to the processing of the AMF in the above method embodiment.

In a possible implementation manner, the transceiver module 11 is configured to send a first security mode command message to the terminal device, where the first security mode command message includes a first value of a first identifier, and the first value of the first identifier is used to identify the first security mode command message. The transceiver module 11 is further configured to receive a first security mode complete message from the terminal device, where the first security mode complete message includes a first value of a second identifier, and the first value of the second identifier is used to identify the first security complete message. And a processing module 12, configured to derive a key according to a parameter included in the first security mode completion message, where the first value of the first identifier and the first value of the second identifier are the same, where the key is used to generate a key required for access layer security check. The transceiver module 11 is further configured to send the key to an access network device.

In another possible implementation, the transceiver module 11 is configured to receive an eighth security mode completion message from the terminal device, where the eighth security mode completion message includes a fourth parameter, and if the security mode command message is retransmitted due to a timeout of the first timer before the eighth security mode completion message is received, the processing module 12 is configured to start a second timer, and if the second timer has not yet been timed out, the transceiver module 11 is configured to send a fourth key to the access network device, where the fourth key is derived according to the fourth parameter, or

Before the second timer expires, the transceiver module 11 receives a ninth security mode completion message from the terminal device, and the processing module 12 is configured to derive a fifth key according to a fifth parameter in the ninth security mode completion message, and the transceiver module 11 is configured to send the fifth key to an access network device.

In yet another possible implementation, the transceiver module 11 is configured to receive an eighth security mode complete message from the terminal device. If the secure mode command message is retransmitted due to the expiration of the first timer before the eighth secure mode complete message is received, the processing module 12 is configured to start a third timer.

In case the third timer has expired without receiving further security mode complete messages from the terminal device, the transceiver module 11 sends a tenth security mode command message to the terminal device, the processing module 12 restarts the first timer, or

Before the third timer expires, the transceiver module 11 receives a ninth security mode completion message from the terminal device, and after receiving the ninth security mode completion message, sends a tenth security mode command message to the terminal device, and the processing module 12 restarts the first timing.

In yet another possible implementation manner, the transceiver module 11 is configured to receive an eighth security mode complete message from the terminal device, where the eighth security mode complete message includes the fourth parameter. The processing module 12 is configured to derive a fourth key according to the fourth parameter, the transceiver module 11 sends the fourth key to the access network device, the transceiver module 11 receives a ninth security mode completion message from the terminal device, where the ninth security mode completion message includes a fifth parameter, the transceiver module 11 receives a first request message from the access network device, where the first request message is used to request the key, and the transceiver module 11 sends a fifth key to the access network device, where the fifth key is derived according to the fifth parameter.

When the apparatus 10 is used to perform the method in fig. 3, the transceiver module 11 may be used to perform steps of receiving and transmitting information in the method, such as steps S310, S320 and S350, and the processing module 12 may be used to perform processing steps in the method, such as step S340.

When the apparatus 10 is used to perform the method of fig. 4, the transceiver module 11 may be used to perform steps of receiving and transmitting information in the method, such as steps S410, S430, S450, S470 and S490, and the processing module 12 may be used to perform processing steps in the method, such as steps S460 and S480.

When the apparatus 10 is used to perform the method of fig. 5, the transceiver module 11 may be used to perform steps of receiving and transmitting information in the method, such as steps S510, S520, S530, S540, S560, S580, S591, S594, S595, S598, and S599, and the processing module 12 may be used to perform processing steps in the method, such as steps S590, S593, and S597.

When the apparatus 10 is used to perform the method of fig. 6, the transceiver module 11 may be used to perform steps of receiving and transmitting information in the method, such as steps S611, S612, S601, S615, and S616, and the processing module 12 may be used to perform processing steps in the method, such as step S614.

When the apparatus 10 is used to perform the method of fig. 7, the transceiver module 11 may be used to perform the steps of receiving and transmitting information in the method, as in step S710, and the processing module 12 may be used to perform the processing steps in the method, as in step S720.

When the apparatus 10 is used to perform the method of fig. 8, the transceiver module 11 may be used to perform steps of receiving and transmitting information in the method, such as steps S811, S812, S813, S814 and S816, and the processing module 12 may be used to perform processing steps in the method, such as step S815.

When the apparatus 10 is used to perform the method of fig. 9, the transceiver module 11 may be used to perform steps of receiving and transmitting information in the method, such as steps S911, S912, S913, S914, S915, S916, and S918, and the processing module 12 may be used to perform processing steps in the method, such as step S917.

When the apparatus 10 is used to perform the method of fig. 10, the transceiver module 11 may be used to perform steps of receiving and transmitting information in the method, such as steps S1011, S1012, S1013, S1014, S1015, S1016, and S1018, and the processing module 12 may be used to perform processing steps in the method, such as step S1017.

When the apparatus 10 is used to perform the method of fig. 11, the transceiver module 11 may be used to perform steps of receiving and transmitting information in the method, such as steps S1111, S1112, S1113, S1114, S1115, S1117, S1118, S1101 and S1119, and the processing module 12 may be used to perform processing steps in the method.

When the apparatus 10 is used to perform the method of fig. 12, the transceiving module 11 may be used to perform steps of transceiving information in the method, such as steps S1211, S1212, S1213, S1217 and S1219, and the processing module 12 may be used to perform processing steps in the method.

It should be understood that the specific process of each unit performing the corresponding steps has been described in detail in the above method embodiments, and is not described herein for brevity.

In another design, the apparatus 10 may correspond to the terminal device in the above method embodiment, or may be a component part (e.g., a chip) of the terminal device.

The apparatus 10 may implement steps or processes performed by a terminal device in the above method embodiment, where the transceiver module 11 may be configured to perform operations related to the transceiver of the terminal device in the above method embodiment, and the processing module 12 may be configured to perform operations related to the processing of the terminal device in the above method embodiment.

In a possible implementation manner, the transceiver module 11 is configured to receive a first security mode command message from a core network device, where the first security mode command message includes an identified first value, where the first identified first value is used to identify the first security mode command message, and the transceiver module 11 is configured to send a first security mode complete message to the core network device in response to the first security mode command message, where the first security mode complete message includes a second identified first value, where the second identified first value is used to identify the first security complete message, and where the first identified first value is the same as the second identified first value, and the processing module 12 is configured to derive a key according to parameters included in the first security mode complete message, where the key is used to generate a key required for access layer security check.

In another possible implementation, the transceiver module 11 is configured to receive a fifth security mode command message from an access network device, the processing module 12 is configured to perform integrity protection checking on the fifth security mode command message based on a first key, and the processing module 12 is further configured to perform integrity protection checking on the fifth security mode command message based on a second key if the checking fails, where the first key is derived based on a first parameter in a seventh security mode complete message, the second key is derived based on a second parameter in a sixth security mode complete message, the seventh security mode complete message and the sixth security mode complete message are sent in a security mode control procedure, and the sixth security mode complete message is sent before the seventh security mode complete message.

When the apparatus 10 is used to perform the method in fig. 3, the transceiver module 11 may be used to perform steps of receiving and transmitting information in the method, such as steps S310 and S320, and the processing module 12 may be used to perform processing steps in the method, such as step S330.

When the apparatus 10 is used to perform the method of fig. 4, the transceiver module 11 may be used to perform steps of receiving and transmitting information in the method, such as steps S410, S430, S450 and S470, and the processing module 12 may be used to perform processing steps in the method, such as steps S420, S451, S471 and S440.

When the apparatus 10 is used to perform the method of fig. 5, the transceiver module 11 may be used to perform steps of receiving and transmitting information in the method, such as steps S510, S520, S530, S540, S560, S580, S591, S594, S595, and S598, and the processing module 12 may be used to perform processing steps in the method, such as steps S550, S570, S581, S592, and S596.

When the apparatus 10 is used to perform the method of fig. 6, the transceiver module 11 may be used to perform steps of receiving and transmitting information in the method, such as steps S611, S612, S613, S615, and S616, and the processing module 12 may be used to perform processing steps in the method, such as steps S613, S617, S620, and S630.

When the apparatus 10 is used to perform the method of fig. 7, the transceiver module 11 may be used to perform the steps of receiving and transmitting information in the method, as in step S710, and the processing module 12 may be used to perform the processing steps in the method.

When the apparatus 10 is used to perform the method in fig. 8, the transceiver module 11 may be used to perform steps of receiving and transmitting information in the method, such as steps S811, S812, S813, S814, and the processing module 12 may be used to perform processing steps in the method.

When the apparatus 10 is used to perform the method in fig. 9, the transceiver module 11 may be used to perform steps of receiving and transmitting information in the method, such as steps S911, S912, S913, S914, S915, S916, and the processing module 12 may be used to perform processing steps in the method.

When the apparatus 10 is used to perform the method of fig. 10, the transceiver module 11 may be used to perform steps of receiving and transmitting information in the method, such as steps S1011, S1012, S1013, S1014, S1015, S1016, and the processing module 12 may be used to perform processing steps in the method.

When the apparatus 10 is used to perform the method of fig. 11, the transceiver module 11 may be used to perform steps of receiving and transmitting information in the method, such as steps S1111, S1112, S1113, S1115, S1117, S1118, and the processing module 12 may be used to perform processing steps in the method, such as steps S1114, S1116.

When the apparatus 10 is used to perform the method of fig. 12, the transceiver module 11 may be used to perform steps of receiving and transmitting information in the method, such as steps S1211, S1212, S1213, S1215, S1216, S1217, S1201 and S1202, and the processing module 12 may be used to perform processing steps in the method, such as steps S1214, S1218.

It should be understood that the specific process of each unit performing the corresponding steps has been described in detail in the above method embodiments, and is not described herein for brevity.

In yet another design, the apparatus 10 may correspond to the access network device in the above method embodiments, or may be a component (e.g., a chip) of the access network device.

The apparatus 10 may implement steps or procedures performed by the access network device in the above method embodiment, where the transceiver module 11 may be configured to perform operations related to the transceiver of the access network device in the above method embodiment, and the processing module 12 may be configured to perform operations related to the processing of the access network device in the above method embodiment.

In a possible implementation, the transceiver module 11 is configured to receive a fourth key from the core network device, the processing module 12 is configured to integrity protect the access stratum security mode command message based on the fourth key, the transceiver module 11 is configured to send the access stratum security mode command message to the terminal device, the transceiver module 11 is configured to receive an access stratum security mode failure message from the terminal device, the transceiver module 11 is configured to send a first request message to the core network device, the first request message is configured to request a key, the transceiver module 11 is configured to receive a fifth key from the core network device, the processing module 12 is configured to perform the access stratum security mode control procedure again based on the fifth key,

The fourth key is derived based on a fourth parameter in an eighth secure mode completion message, the fifth key is derived based on a fifth parameter in a ninth secure mode completion message, the eighth secure mode completion message and the ninth secure mode completion message are sent in a secure mode control flow, and the eighth secure mode completion message is sent before the ninth secure mode completion message.

In another possible implementation, the transceiver module 11 is configured to receive a fourth key from the core network device, the transceiver module 11 is configured to integrity protect the access stratum security mode command message based on the fourth key, the transceiver module 11 is configured to send the access stratum security mode command message to the terminal device, the transceiver module 11 is configured to receive the access stratum security mode failure message from the terminal device, the processing module 12 is configured to start a fourth timer, the transceiver module 11 is configured to send a radio resource control release message to the terminal device if the fourth timer expires without receiving a fifth key from the core network device, or

Before the fourth timer expires, the transceiver module 11 receives a fifth key from the core network device, the processing module 12 performs the access stratum security mode control procedure again based on the fifth key,

The fourth key is derived based on a fourth parameter in an eighth security mode completion message, the fifth key is derived based on a fifth parameter in a ninth security mode completion message, the eighth security mode completion message and the ninth security mode completion message are sent in a non-access stratum security mode control flow, and the eighth security mode completion message is sent before the ninth security mode completion message.

When the apparatus 10 is used for executing the method in fig. 3, the transceiver module 11 may be used for executing the steps of receiving and transmitting information in the method, as shown in step S350, and the processing module 12 may be used for executing the processing steps in the method.

When the apparatus 10 is used to perform the method of fig. 4, the transceiver module 11 may be used to perform the steps of receiving and transmitting information in the method, as in step S490, and the processing module 12 may be used to perform the processing steps in the method.

When the apparatus 10 is used to perform the method of fig. 5, the transceiver module 11 may be used to perform the steps of transceiving information in the method, as in step S599, and the processing module 12 may be used to perform the processing steps in the method.

When the apparatus 10 is used to perform the method in fig. 6, the transceiver module 11 may be used to perform steps of receiving and transmitting information in the method, as in steps S601 and S610, and the processing module 12 may be used to perform processing steps in the method.

When the apparatus 10 is used to perform the method of fig. 8, the transceiver module 11 may be used to perform the steps of transceiving information in the method, as in step S816, and the processing module 12 may be used to perform the processing steps in the method.

When the apparatus 10 is used to perform the method of fig. 9, the transceiver module 11 may be used to perform the steps of transceiving information in the method, as in step S918, and the processing module 12 may be used to perform the processing steps in the method.

When the apparatus 10 is used to perform the method of fig. 10, the transceiver module 11 may be used to perform the steps of receiving and transmitting information in the method, as in step S1018, and the processing module 12 may be used to perform the processing steps in the method.

When the apparatus 10 is used to perform the method of fig. 11, the transceiver module 11 may be used to perform steps of receiving and transmitting information in the method, such as steps S1117, S1118, S1119, S1101, and the processing module 12 may be used to perform processing steps in the method.

When the apparatus 10 is used to perform the method of fig. 12, the transceiving module 11 may be used to perform steps of transceiving information in the method, such as steps S1215, S1216, S1219, S1201 and S1202, and the processing module 12 may be used to perform processing steps in the method.

It should also be appreciated that the apparatus 10 herein is embodied in the form of functional modules. The term module herein may refer to an Application Specific Integrated Circuit (ASIC), an electronic circuit, a processor (e.g., a shared, dedicated, or group processor, etc.) and memory that execute one or more software or firmware programs, a combinational logic circuit, and/or other suitable components that support the described functionality. In an alternative example, it will be understood by those skilled in the art that the apparatus 10 may be specifically configured to be a mobility management element in the foregoing embodiments of the method and may be configured to perform each flow and/or step corresponding to the mobility management element in the foregoing embodiments of the method, or the apparatus 10 may be specifically configured to be a terminal device in the foregoing embodiments and may be configured to perform each flow and/or step corresponding to the terminal device in the foregoing embodiments of the method, which are not repeated herein for avoiding repetition.

The apparatus 10 of each of the above embodiments has a function of implementing the corresponding steps performed by the devices (e.g., terminal device, network device) in the above method. The functions can be realized by hardware, and can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the functions described above, for example, the transceiver module may be replaced by a transceiver (for example, a transmitting unit in the transceiver module may be replaced by a transmitter, a receiving unit in the transceiver module may be replaced by a receiver), and other units, such as a processing module, may be replaced by a processor, to perform the transceiver operations and related processing operations in the respective method embodiments, respectively.

The transceiver module 11 may be a transceiver circuit (for example, may include a receiving circuit and a transmitting circuit), and the processing module may be a processing circuit.

Fig. 14 is a schematic diagram of another communication device 20 according to an embodiment of the present application. The apparatus 20 comprises a processor 21, the processor 21 being arranged to execute computer programs or instructions stored in a memory 22 or to read data/signalling stored in the memory 22 for performing the methods of the method embodiments above. Optionally, the processor 21 is one or more.

Optionally, as shown in fig. 14, the apparatus 20 further comprises a memory 22, the memory 22 being for storing computer programs or instructions and/or data. The memory 22 may be integrated with the processor 21 or may be provided separately. Optionally, the memory 22 is one or more.

Optionally, as shown in fig. 14, the apparatus 20 further comprises a transceiver 23, the transceiver 23 being used for receiving and/or transmitting signals. For example, the processor 21 is configured to control the transceiver 23 to receive and/or transmit signals.

As an option, the apparatus 20 is configured to implement the operations performed by the AMF in the various method embodiments above.

Alternatively, the apparatus 20 is configured to implement the operations performed by the terminal device in the above method embodiments.

Alternatively, the apparatus 20 is configured to implement the operations performed by the access network device in the method embodiments above.

It should be appreciated that the processor referred to in the embodiments of the present application may be a central processing unit (central processing unit, CPU), but may also be other general purpose processors, digital signal processors (DIGITAL SIGNAL processors, DSPs), application Specific Integrated Circuits (ASICs), off-the-shelf programmable gate arrays (fieldprogrammable GATE ARRAY, FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

It should also be understood that the memory referred to in embodiments of the present application may be volatile memory and/or nonvolatile memory. The nonvolatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an erasable programmable ROM (erasable PROM), an electrically erasable programmable EPROM (EEPROM), or a flash memory. The volatile memory may be random access memory (random access memory, RAM). For example, RAM may be used as an external cache. By way of example, and not limitation, RAM includes various forms of static random access memory (STATIC RAM, SRAM), dynamic random access memory (DYNAMIC RAM, DRAM), synchronous Dynamic Random Access Memory (SDRAM), double data rate synchronous dynamic random access memory (double DATA RATESDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (ENHANCED SDRAM, ESDRAM), synchronous link dynamic random access memory (SYNCHLINK DRAM, SLDRAM), and direct memory bus random access memory (direct rambus RAM, DR RAM).

It should be noted that when the processor is a general purpose processor, DSP, ASIC, FPGA or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, the memory (storage module) may be integrated into the processor.

It should also be noted that the memory described herein is intended to comprise, without being limited to, these and any other suitable types of memory.

Fig. 15 is a schematic diagram of a chip system 30 according to an embodiment of the present application. The system-on-chip 30 (or may also be referred to as a processing system) includes logic circuitry 31 and an input/output interface 32.

The logic circuit 31 may be a processing circuit in the chip system 30. Logic circuitry 31 may be coupled to the memory unit to invoke instructions in the memory unit so that system-on-chip 30 may implement the methods and functions of embodiments of the present application. The input/output interface 32 may be an input/output circuit in the chip system 30, and outputs information processed by the chip system 30, or inputs data or signaling information to be processed into the chip system 30 for processing.

As an option, the chip system 30 is configured to implement the operations performed by the AMF, the terminal device, or the access network device in the above method embodiments.

For example, the logic 31 is configured to implement operations related to processing performed by the AMF, the terminal device, or the access network device in the above method embodiments, and the input/output interface 32 is configured to implement operations related to transmission and/or reception performed by the AMF, the terminal device, or the access network device in the above method embodiments.

The embodiment of the application also provides a computer readable storage medium, on which computer instructions for implementing the method executed by the AMF, the terminal device or the access network device in the above method embodiments are stored.

For example, the computer program when executed by a computer, enables the computer to implement the method performed by the AMF, the terminal device or the access network device in the embodiments of the method described above.

The embodiment of the application also provides a computer program product, which contains instructions, and the instructions are executed by a computer to realize the method executed by the AMF, the terminal equipment or the access network equipment in the method embodiments.

The embodiment of the application also provides a communication system which comprises one or more devices such as the AMF, the terminal device and/or the access network device.

The explanation and beneficial effects of the related content in any of the above-mentioned devices can refer to the corresponding method embodiments provided above, and are not repeated here.

In the several embodiments provided by the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Furthermore, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interface, device or unit indirect coupling or communication connection, which may be in electrical, mechanical or other form.

In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the present application, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. For example, the computer may be a personal computer, a server, or a network device, etc. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, by wired (e.g., coaxial cable, optical fiber, digital Subscriber Line (DSL)), or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. For example, the aforementioned usable medium may include, but is not limited to, a U disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic disk or an optical disk, etc. various media that can store program codes.

The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (23)

1. A method of communication, comprising:

transmitting a first security mode command message to a terminal device, wherein the first security mode command message comprises a first value of a first identifier, and the first value of the first identifier is used for identifying the first security mode command message;

receiving a first security mode completion message from the terminal device, the first security mode completion message including a first value of a second identifier, the first value of the second identifier being used to identify the first security completion message;

Deducing a key according to parameters included in the first security mode completion message under the condition that the first value of the first identifier is the same as the first value of the second identifier;

And sending the key to access network equipment.

2. The method of claim 1, wherein prior to the sending the first security mode command message to the terminal device, the method further comprises:

Transmitting a second security mode command message to the terminal device, wherein the second security mode command message comprises a second value of the first identifier, and the second value of the first identifier is used for identifying the second security mode command message;

Wherein the first secure mode command message is a retransmission message of the second secure mode command message, and the first value of the first identifier is different from the second value of the first identifier.

3. The method of claim 2, wherein prior to receiving the first security mode complete message from the terminal device, the method further comprises:

Receiving a second security mode completion message from the terminal device, the second security mode completion message including a second value of the second identifier, the second value of the second identifier being used to identify the second security mode completion message;

Wherein the second value of the second identifier is the same as the second value of the first identifier.

4. The method of claim 1, wherein prior to said sending the first secure mode command message to the terminal device, the method further comprises:

transmitting a third security mode command message to the terminal device, wherein the third security mode command message comprises a third value of the first identifier, and the third value of the first identifier is used for identifying the third security mode command message;

sending a fourth security mode command message to the terminal device, the fourth security mode command message comprising a fourth value of the first identity, the fourth value of the first identity being used to identify the fourth security mode command message,

The fourth security mode command message is a retransmission message of the third security mode command message, and the fourth value of the first identifier is different from the third value of the first identifier;

Receiving a fourth security mode complete message from the terminal device, the fourth security mode complete message comprising a fourth value of the second identity, the fourth value of the second identity being used to identify the fourth security mode complete message,

The sending the first security mode command message to the terminal device includes:

And the fourth value of the second identifier is the same as the fourth value of the first identifier, and the fourth security mode completion message is used for indicating that the terminal equipment supports Long Term Evolution (LTE) communication and sending the first security mode command message to the terminal equipment.

5. The method of claim 4, wherein prior to said receiving a fourth secure mode complete message from said terminal device, said method further comprises:

Receiving a third security mode completion message from the terminal device, the third security mode completion message including a third value of the second identifier, the third value of the second identifier being used to identify the third security mode completion message;

And discarding the third security mode completion message when the third value of the second identifier is different from the fourth value of the first identifier.

6. The method according to any one of claims 1 to 5, wherein the first security mode complete message includes a parameter that is uplink count value information.

7. The method according to any of claims 1 to 6, characterized in that the method is performed by an access mobility management network element or the method is performed by a chip for the access mobility management network element.

8. A method of communication, comprising:

receiving a first security mode command message from a core network device, the first security mode command message including a first value of a first identity, the first value of the first identity being used to identify the first security mode command message; transmitting a first security mode completion message to the core network device in response to the first security mode command message, the first security mode completion message including a first value of a second identity, the first value of the second identity being used to identify the first security mode completion message, wherein the first value of the first identity and the first value of the second identity are the same;

and deducing a secret key according to parameters included in the first security mode completion message.

9. The method of claim 8, wherein prior to receiving the first security mode command message from the core network device, the method further comprises:

receiving a second security mode command message from the core network device, the second security mode command message including a second value of the first identification, the second value of the first identification identifying the second security mode command message,

Transmitting a second security mode complete message to the core network device in response to the second security mode command message, the second security mode complete message including a second value of the second identifier, the second value of the second identifier being used to identify the second security mode complete message;

Wherein the first value of the first identifier and the second value of the first identifier are different, and the second value of the first identifier and the second value of the second identifier are the same.

10. The method of claim 9, wherein prior to receiving the first security mode command message from the core network device, the method further comprises:

receiving a third security mode command message from the core network device, the third security mode command message including a third value of the first identity, the third value of the first identity being used to identify the third security mode command message;

Transmitting a third security mode complete message to the core network device in response to the third security mode command message, the third security mode complete message including a third value of the second identifier, the third value of the second identifier being used to identify the third security mode complete message;

Receiving a fourth security mode command message from the core network device, the fourth security mode command message including a fourth value of the first identity, the fourth value of the first identity being used to identify the fourth security mode command message, the fourth value of the first identity being different from the third value of the first identity;

And sending a fourth security mode completion message to the core network device in response to the fourth security mode command message, wherein the fourth security mode completion message comprises a fourth value of the second identifier, the fourth value of the second identifier is used for identifying the fourth security mode completion message, and the fourth security mode completion message is used for indicating the terminal device to support Long Term Evolution (LTE) communication and triggering the core network device to send the first security mode command message.

11. A method of communication, comprising:

Receiving a fifth security mode command message from the access network device;

performing integrity protection verification and/or decryption on the fifth security mode command message based on the first key;

if the integrity protection check and/or decryption fails, performing the integrity protection check and/or decryption on the fifth security mode command message based on the second key,

The first key is derived based on a first parameter in a seventh security mode completion message, the second key is derived based on a second parameter in a sixth security mode completion message, the seventh security mode completion message and the sixth security mode completion message are sent in a non-access stratum security mode control flow, and the sixth security mode completion message is sent before the seventh security mode completion message.

12. The method of claim 11, wherein the method further comprises:

In the non-access layer security mode control flow, receiving a sixth security mode command message from a core network device;

transmitting the sixth security mode completion message to the core network device in response to the sixth security mode command message, deriving the second key based on a second parameter;

Receiving a seventh security mode command message from a core network device, after sending the sixth security mode completion message, sending the seventh security mode completion message to the core network device in response to the seventh security mode command message, and deriving the first key based on the first parameter.

13. The method according to claim 11 or 12, characterized in that the method further comprises:

And storing the second key, wherein the second key is deduced after the sixth security mode complete message is generated or after the sixth security mode complete message is sent.

14. The method according to any one of claims 11 to 13, wherein after generating the sixth secure mode complete message or after sending the sixth secure mode complete message, the method further comprises:

Saving the second parameter;

deriving the second key based on the second parameter is performed after the integrity protection check and/or decryption fails.

15. The method according to any of claims 11 to 14, wherein before integrity protection checking the fifth secure mode command message based on a second key, the method further comprises:

and determining that the number of times of carrying out integrity protection check on the fifth security mode command message is smaller than a first threshold value.

16. The method according to any of claims 11 to 15, wherein if the integrity protection check and/or decryption of the fifth secure mode command message based on the second key fails, the method further comprises:

Determining integrity protection check and/or decryption failure, or

And carrying out integrity protection checking and/or decryption on the fifth security mode command message based on a third key, wherein the third key is derived based on a third parameter in a fifth security mode completion message, the fifth security mode completion message is sent in the non-access layer security mode control flow, and the fifth security mode completion message is sent before the sixth security mode completion message.

17. The method of claim 16, wherein the first parameter is first up-link count value information, the second parameter is second up-link count value information, and the third parameter is third up-link count value information.

18. The method of claim 12, wherein the core network device is an access mobility management network element.

19. A communication device comprising one or more functional modules for performing the method of any one of claims 1 to 6, or for performing the method of any one of claims 7 to 10, or for performing the method of any one of claims 11 to 18.

20. A communication device, comprising:

A processor for executing a computer program stored in a memory to cause the apparatus to perform the method of any one of claims 1 to 6 or to cause the apparatus to perform the method of any one of claims 7 to 10 or to cause the apparatus to perform the method of any one of claims 11 to 18.

21. A computer program product, characterized in that the computer program product comprises instructions for performing the method of any of claims 1 to 18.

22. A computer readable storage medium, comprising a computer program stored thereon, which when run on a computer causes the computer to perform the method according to any of claims 1 to 18.

23. A chip, wherein the chip is mounted in a communication device, the chip comprising a processor and a communication interface, the processor, when reading instructions and running through the communication interface, causing the communication device to perform the method of any one of claims 1 to 18.