[go: up one dir, main page]

WO2010078724A1 - Local authentication method in mobile communication system - Google Patents

Local authentication method in mobile communication system Download PDF

Info

Publication number
WO2010078724A1
WO2010078724A1 PCT/CN2009/070083 CN2009070083W WO2010078724A1 WO 2010078724 A1 WO2010078724 A1 WO 2010078724A1 CN 2009070083 W CN2009070083 W CN 2009070083W WO 2010078724 A1 WO2010078724 A1 WO 2010078724A1
Authority
WO
WIPO (PCT)
Prior art keywords
value
packet data
terminal
convergence protocol
data convergence
Prior art date
Application number
PCT/CN2009/070083
Other languages
French (fr)
Chinese (zh)
Inventor
和峰
甘露
杜忠达
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Priority to PCT/CN2009/070083 priority Critical patent/WO2010078724A1/en
Publication of WO2010078724A1 publication Critical patent/WO2010078724A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the present invention relates to a wireless cellular communication system, and more particularly to a method for local authentication in a Long Term Evolution (LTE) mobile communication system.
  • LTE Long Term Evolution
  • LTE Long Term Evolution
  • E-UTRAN Evolved Universal Terrestrial Radio Access Network
  • EPC Evolved Packet Core
  • EPC Evolved Grouping Center
  • the eNB may have an illegal intrusion attack from the outside of the communication system.
  • the intruder may insert an illegal data packet in the connection between the eNB and the UE (User Equipment), which may threaten the entire connection or system.
  • Security or affect the overall performance of the system, but also may pose a threat or impact on the user experience.
  • the 3GPP (The 3rd Generation Partnership Project) protocol 33401-811 proposes a periodic local authentication process, also known as the Counter Check process.
  • the eNB will always monitor the PDCP COUNT value (PDCP: Packet Data Convergence Protocol; COUNT: Counter) for each radio.
  • the PDCP COUNT value is HFN (Hyper Frame Number) and SN. (Session Number) A combination of counts that reflect the amount of data transmitted or received by the radio bearers in each active state.
  • PDCP COUNT Packet Data Convergence Protocol
  • PDCP COUNT Packet Data Convergence Protocol
  • SN Session Number
  • the eNB sends a counter check message to the UE, and the counter check message contains the MSB (most Significant Bits) portion of the PDCP COUNT value of each activated radio bearer.
  • the UE compares the PDCP COUNT value in the received counter check message with the PDCP COUNT MSB value of the corresponding radio bearer (including the PDCP uplink COUNT MSB and the PDCP downlink COUNT MSB). If there is a difference, the PDCP COUNT value of the bearer with the deviation will be included in the counter check reply message.
  • the process terminates. If the eNB receives a counter check reply message containing one or several PDCP COUNT values, the eNB may release the connection or report the difference to the serving MME (Mobility Management Entity) or O&M (Operation and Maintenance, Operation and Maintenance) Maintenance) for subsequent transmission security analysis.
  • MME Mobility Management Entity
  • O&M Operaation and Maintenance, Operation and Maintenance
  • the signaling of the periodic local authentication process is transmitted through the control plane.
  • the PDCP COUNT value of the eNB may continue to change during the process of receiving the counter check message verification by the UE side.
  • the PDCP COUNT of the eNB and the UE side is inconsistent.
  • the receiving process is relatively short, and the PDCP COUNT value change is limited in a short time. Therefore, the protocol provides some fault-tolerant protection for the process: Only the MSB part of the PDCP COUNT is transmitted, and the change in the least significant bit can be ignored.
  • the above prior art may result in false detection.
  • the most significant bit of its PDCP COUNT value is positive at a critical threshold, ie, the least significant bit is at the threshold for the carry to the most significant bit, at which time the counter is received at the UE side.
  • the least significant bit may be carried over, resulting in the change of the most significant bit, resulting in the final misdetection.
  • the same error detection condition may also occur between the uplink and downlink counts of the same bearer (ie, between PDCP downlink COUNT and PDCP uplink COUNT).
  • the most significant bit of the PDCP uplink count of a bearer changes at this time.
  • the periodic local authentication process is triggered.
  • the most significant bit of the PDCP downlink count of the bearer is positively changed at a critical value, and the aforementioned false detection may also occur.
  • the technical problem to be solved by the present invention is to provide a method for local authentication in a mobile communication system, which reduces false detection and leakage detection and improves system security.
  • the present invention provides a local authentication method.
  • an evolved base station transmits a packet data convergence protocol counter value of a radio bearer to a terminal, and the terminal compares its own packet data convergence protocol counter value and And receiving, by the packet data convergence protocol counter value, if the deviation exceeds the set deviation range, the terminal sends the packet data convergence protocol counter value of the radio bearer to the evolved base station.
  • the above method may further have the following characteristics, wherein the deviation between the two exceeds the set deviation range means that the absolute value of the difference is greater than a deviation value.
  • the foregoing method may further have the following feature: the deviation value is transmitted to the terminal by the evolved base station when transmitting the packet data convergence protocol counter value, or is transmitted to the terminal through terminal dedicated signaling or system information broadcast, or Fixed configuration.
  • the above method may further have the following characteristics, the deviation value is 2 to the power of n, and the value of n is any integer value of 0 to 15.
  • the foregoing method may further have the following feature: the evolved base station sends the packet data convergence protocol counter value of the radio bearer to the terminal, where the all-bit or least significant part of the packet data convergence protocol counter value of the radio bearer is sent.
  • the corresponding bits are compared using all bits or the least significant part of the packet data convergence protocol counter value.
  • the above method may further have the following feature, wherein the least significant bit portion has a bit number ranging from 1 to 32.
  • the packet data convergence protocol counter value includes an uplink packet data convergence protocol counter value, and when the terminal compares, if the terminal's own uplink packet data convergence protocol counter value d is received The uplink packet data convergence protocol counter value is sent, and the terminal sends the packet data convergence protocol counter value of the radio bearer to the evolved base station.
  • the evolved base station divides the radio bearer
  • the sending of the group data convergence protocol counter value to the terminal means that the most significant bit portion of the packet data convergence protocol counter value of the radio bearer is sent to the terminal, and when the terminal compares, the corresponding packet data convergence protocol counter value is used accordingly. The most significant bit portion is compared, and the deviation value is 1.
  • the radio bearer is all activated radio bearers.
  • the foregoing method may further have the following feature: in the periodic local authentication process, the evolved base station only triggers the high-bit of the uplink or downlink packet data convergence protocol counter value of the radio bearer that triggers the periodic local authentication process. Partially transmitted to the terminal, the deviation range is zero.
  • the foregoing method may further have the following feature: in the periodic local authentication process, the evolved base station sends a counter check message to the terminal, where the counter check message carries the packet data convergence protocol counter value; If the bearer identifier carried in the counter check message is not established locally, or the bearer identifier of the radio bearer of the terminal is not in the counter check message, the radio bearer is asynchronous.
  • the invention improves the false detection which may occur in the verification process of the prior art, enhances the stability of the whole system, reduces the error handling of normal user communication, and can also reduce the system signaling through effective system configuration. Payload. BRIEF abstract
  • Figure 1 is an eNB periodic local verification process
  • FIG. 2 is a signaling flow chart of Embodiment 1 of a periodic local authentication process in the present invention
  • FIG. 3 is a second implementation manner of the optimized periodic local authentication process of the present invention
  • FIG. 5 is a fourth implementation manner of the optimized periodic local authentication process of the present invention.
  • Figure 8 is a flow chart of the counter check comparison judgment of the present invention
  • 9 is a flow chart of comparing and evaluating the low effective bit of the counter of the present invention
  • Fig. 10 is a flow chart showing the comparison judgment of the counter high effective bit of the present invention.
  • the basic idea of the present invention is to set a deviation range.
  • the terminal compares the PDCP COUNT and the local PDCP COUNT received from the evolved base station, if the set deviation range is exceeded (for example, the difference between the two)
  • the absolute value of the radio bearer is greater than a set offset value, and the PDCP COUNT of the non-synchronized radio bearer is sent to the base station.
  • the eNB transmits the entire PDCP COUNT value during the periodic local authentication process, ie, transmits
  • Tolerance is a non-negative integer.
  • Tolerance can take 2 ⁇ ⁇ , where ⁇ is the number of bits in Tolerance, such as n.
  • the value is 0, 1, 2, ... 15, and the following conditions are used by Tolerance.
  • the UE comparison process as long as the PDCP COUNT value deviation between the eNB side and the UE side is greater than Tolerance, it is considered to be asynchronous. Otherwise, Think it is synchronous.
  • the eNB only transmits the PDCP COUNT MSB value during the periodic local authentication process.
  • the allowed offset value 1 is verified, ie Tolerance is equal to 1 (ie The value of n is 0, and the default configuration of Tolerance is 1).
  • the deviation of the PDCP COUNT MSB value between the eNB side and the UE side is less than or equal to 1, it is considered to be synchronous, otherwise it is considered to be asynchronous.
  • the eNB may only transmit the LSB (Least Significant Bits) part of the PDCP COUNT during the periodic local authentication process, that is, select the LSB carrying only the PDCP COUNT in the counter check message.
  • the LSB ranges from 1 bit to 32 bits, for example, the LSB can take 7 bits or 12 bits.
  • the UE also uses the LSB part of the PDCP COUNT carried by the UE side. In the comparison process of the UE, the value deviation of the PDCP COUNT LSB part of the eNB side and the UE side is greater than Tolerance, and is considered to be asynchronous, otherwise it is considered to be synchronous. of.
  • comparing PDCP COU T In the case of the uplink count in the same bearer, that is, PDCP uplink COUNT (upstream packet data convergence protocol counter), different decision methods are used.
  • the uplink because the sender is in the UE, in some cases, the UE can explicitly detect whether an attacker has blocked illegal data on a certain bearer, that is, if the PDCP uplink COUNT value on the UE is greater than or equal to the PDCP uplink in the signaling.
  • COUNT ie PDCP uplink COUNT on the eNB
  • the base station has received an illegal packet. That is, if an illegal intruder imposes illegal data on the bearer, the UE needs to report the eNB.
  • the downlink count that is, the PDCP downlink COUNT value
  • the tolerance value Tolerance allowed in the verification process may be selected not to be carried by the counter check message, but may be configured by a fixed configuration or by other means, for example
  • the signaling load is reduced by UE-specific signaling or system information broadcasting.
  • the message When the eNB initiates a counter check, the message includes only one PDCP COUNT MSB information of the bearer that triggers the message (ie, only PDCP downlink COUNT or only PDCP uplink COUNT value), and only the PDCP of the bearer is verified after receiving the UE. COUNT MSB information, the tolerance value is 0 at this time. If it is not synchronized, the PDCP COUNT value of the bearer is included in the counter check reply message. Other bearers are not of concern, which also ensures the reliability of the verification.
  • the eNB sends a counter check message to the UE, where the counter check message includes the PDCP COUNT value of each activated radio bearer, and the allowed in the verification.
  • Deviation value Tolerance or the deviation The number of bits corresponding to the value n (for example, Tolerance can be 128, that is, n is 7 bits; or Tolerance takes 4096, that is, n is 12 bits).
  • the UE compares the PDCP COUNT value in the received counter check message with the PDCP COUNT value of the radio bearer saved by the UE side. If the PDCP COUNT value is not synchronized, the UE will include the non-synchronized bearer identity and the bearer PDCP COUNT value saved by the UE in the counter check reply message. See Figure 8 for the principle of judging whether or not to synchronize.
  • the process terminates; if the eNB receives a counter check reply message containing one or several PDCP COUNT values, the eNB may release the connection or report the difference. Serve the MME or O&M for subsequent transmission security analysis.
  • Step 301 When the most significant bit of the PDCP COUNT of the bearer in the UE transmission bearer changes, the eNB initiates a periodic local authentication process, and the eNB sends a counter check message to the UE, where the counter check message includes each activated radio bearer.
  • the LSB part of the PDCP COUNT value for example, the LSB is 7 bits or 12 bits
  • the tolerance value Tolerance allowed in the verification or its corresponding bit number n the Tolerance value should be smaller than the LSB, so the corresponding Tolerance can take values 32, that is, n is 5 bits; or Tolerance is 1024, that is, n is taken as 10 bits, or other suitable value).
  • Step 302 The UE compares the PDCP COUNT LSB value in the received counter check message with the value PDCP COUNT LSB of the radio bearer saved on the UE side. If the two are not synchronized, the UE will include the non-synchronized bearer ID and PDCP COUNT value in the counter check reply message. See Figure 9 for the principle of judging whether or not to synchronize.
  • Step 303 If the eNB receives a counter check reply message that does not contain any PDCP COUNT value, the process terminates. If the eNB receives a counter check reply message containing one or several PDCP COUNT values, the eNB may release the connection or report the difference to the serving MME or O&M for subsequent transmission security analysis. Referring to FIG. 4, the third embodiment is described as follows:
  • the local verification tolerance value Tolerance is configured by a fixed configuration, or by UE dedicated signaling or system information broadcast (Tolerance can take values of 64, 128, 256...4096, and the corresponding n value is 6, 7, 8, ...12).
  • the eNB sends a counter check message to the UE, where the counter check message includes the PDCP COUNT value of each activated radio bearer.
  • the UE compares the PDCP COUNT value in the received counter check message with the counter value PDCP COUNT of the corresponding radio bearer saved by the UE side. If the two are not synchronized, the UE will include the non-synchronized bearer ID and PDCP COUNT value in the counter check reply message. See Figure 8 for the principle of judging whether or not to synchronize.
  • the process terminates. If the eNB receives a counter check reply message containing one or several PDCP COUNT values, the eNB may release the connection or report the difference to the serving MME or O&M for subsequent transmission security analysis.
  • Local Verification Tolerance Value Tolerance is configured in a fixed configuration, or through UE-specific signaling or system information broadcast (Tolerance can be 64, 128, 256...4096).
  • the eNB sends a counter check message to the UE, where the counter check message includes an LSB part (such as an LSB) of the PDCP COUNT value of each activated radio bearer. It is 7 bits or 12 bits).
  • the UE compares the received PDCP COUNT LSB value in the counter check message with the counter value PDCP COUNT LSB of the radio bearer stored on the UE side. If the two are not synchronized, the UE will include the non-synchronized bearer identifier and the PDCP COUNT value of the bearer in the counter check reply message. See Figure 9 for the principle of judging whether or not to synchronize.
  • the process terminates. If the eNB receives a count containing one or several PDCP COUNT values The device checks the reply message, and the eNB may release the connection or report the difference to the serving MME or O&M for subsequent transmission security analysis.
  • the eNB sends a counter check message to the UE, where the counter check message includes the MSB part of the PDCP COUNT value of each activated radio bearer (the MSB may Take 20 bits, or 25 bits, or other values between 1 and 32 bits).
  • the UE compares the received PDCP COUNT MSB value in the counter check message with the PDCP COUNT MSB value of the radio bearer saved by the UE side. If the two are not synchronized, the UE will include the non-synchronized bearer ID and PDCP COUNT value in the counter check reply message. See Figure 10 for the principle of judging whether or not to synchronize. The specific process is as follows.
  • the process terminates. If the eNB receives a counter check reply message containing one or several PDCP COUNT values, the eNB may release the connection or report the difference to the serving MME or O&M for subsequent transmission security analysis.
  • the eNB sends a counter check message to the UE, where the counter check message only includes the radio bearer.
  • the MSB portion of the PDCP COUNT value ie, with only the PDCP downlink COUNT or PDCP uplink COUNT value
  • the MSB may take 20 bits, or 25 bits, or other value between 1 and 32 bits.
  • the UE compares the PDCP COUNT MSB value in the received counter check message with the count value PDCP COUNT MSB of the radio bearer saved by the UE side. If not, the UE will include the PDCP COUNT value of the bearer in the counter check reply message.
  • the principle for judging whether to synchronize is: If the counter checks the PDCP COUNT MSB value in the message (ie, the eNB side) (upstream or If the PDCP COUNT MSB value (upstream or downlink) saved on the UE side is equal, it is considered to be synchronous, otherwise it is considered to be asynchronous, that is, the offset value is 0 at this time.
  • the process terminates. If the eNB receives a counter check reply message containing the PDCP COUNT value, the eNB may release the connection or report the difference to the serving MME or O&M for subsequent transmission security analysis.
  • the PDCPdownlink COUNT eNB biases ' is equal to H (fixed configuration, or can be configured by system information broadcast or UE-specific signaling), the allowable deviation value Tolerance, namely:
  • the tolerance value Tolerance is:
  • up count PDCPuplinkCOUNT UE UE side is smaller than the count up PDCuplinkCOUNT eNB eNB side, or both the deviation is greater than the permissible deviation value setting Tolerance, ie:
  • the downlink count is considered to be synchronous.
  • H Tolerance ie:
  • the upstream side of the UE uplink significant bit of the count is less than the eNB side PDCPuplinkCOUNTLSBuE significant bit count PDCuplinkCOUNTLSB eNB, or both the permissible deviation is greater than the set value deviation Tolerance, namely:
  • PDCPuplinkCOUNTLSB UE - PDCPuplinkCOUNTLSB eNB ⁇ 0 is considered to be asynchronous, and the bearer comparison ends.
  • the UE After the UE receives the counter check message, it determines that the bearer counter has a high effective bit.
  • the UE has a high row count, and the PDCPuplinkCOUNTMSB UE is smaller than the eNB.
  • the side of the upstream count is the high significant bit ⁇ 0 ⁇ / « 0 ⁇ 3 ⁇ 4»3 ⁇ 4 ⁇ , or the deviation between the two is greater than 1, ie:
  • PDCPuplinkCOUNTMSB UE - PDCPuplinkCOUNTMSB eNB ⁇ 0 is considered to be asynchronous, and the bearer comparison ends.
  • the invention improves the false detection which may occur in the verification process of the prior art, enhances the stability of the whole system, reduces the error handling of normal user communication, and can also reduce the system signaling through effective system configuration. Payload.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A local authentication method is provided in the present invention. In a periodic local authentication procedure, an eNB transmits packet data convergence protocol (PDCP) COUNT value of a radio bearer to a UE; the UE compares the PDCP COUNT value of itself with the received PDCP COUNT value; if a tolerance between both exceeds a predetermined tolerance range, the UE transmits the PDCP COUNT value of the radio bearer to the eNB. By applying of the present invention, misdetection which occurs possibly in checking procedure of prior art is improved, stability of the whole system is enhanced, and mistake processing for normal user communication is reduced. By effective system configuration, effective load of system signaling can be reduced.

Description

一种在移动通信系统中本地认证的方法  Method for local authentication in mobile communication system
技术领域 Technical field
本发明涉及无线蜂窝通信系统, 更具体地说, 是长期演进(LTE )移动 通信系统中, 用于本地认证的方法。 背景技术  The present invention relates to a wireless cellular communication system, and more particularly to a method for local authentication in a Long Term Evolution (LTE) mobile communication system. Background technique
LTE ( Long Term Evolution , 长期演进) 网络由 E-UTRAN(Evolved Universal Terrestrial Radio Access Network, 演进全球陆地无线接入网)基站 eNB ( Evolved NodeB, 演进基站)和演进分组交换中心 EPC ( Evolved Packet Core, 演进分组中心)组成。 在 LTE中系统的安全性能被提到了一个很高的 高度, 保证网络及用户安全是 LTE的重要工作之一。  LTE (Long Term Evolution) network consists of E-UTRAN (Evolved Universal Terrestrial Radio Access Network) base station eNB (Evolved NodeB) and Evolved Packet Core (EPC). Evolved Grouping Center). The security performance of the system in LTE has been mentioned to a very high level, and ensuring network and user security is one of the important tasks of LTE.
eNB在传输数据过程中, 可能会有来自通信系统外部的非法入侵攻击, 入侵者会在该 eNB与 UE ( User Equipment, 用户设备 )的连接中插入非法数 据包, 从而可能会威胁整个连接或系统的安全性, 或者影响系统的整体性能, 同时也可能对用户体验产生威胁或者影响。  During the process of transmitting data, the eNB may have an illegal intrusion attack from the outside of the communication system. The intruder may insert an illegal data packet in the connection between the eNB and the UE (User Equipment), which may threaten the entire connection or system. Security, or affect the overall performance of the system, but also may pose a threat or impact on the user experience.
为此在 3GPP(The 3rd Generation Partnership Project,第三代合作伙伴计划) 协议 33401-811中提出了周期性本地认证( eriodic Local Authentication )过程, 又称 Counter Check (计数器检查 )过程。 在传输过程中 eNB会一直监视每条 无线 载的 PDCP COUNT值 (PDCP: Packet Data Convergence Protocol, 分组 数据汇聚协议; COUNT: 计数器), PDCP COUNT值是 HFN ( Hyper Frame Number, 超帧号)和 SN ( Sequence Number, 序列号)计数的综合, 它反映 了每个激活状态中的无线承载发送或接收的数据量, 对于发送和接收的数据 包分别有一个独立的计数器: PDCP downlink COUNT ( PDCP下行计数)和 PDCP uplink COUNT ( PDCP上行计数) 。 需要指出, 后文中提到的 PDCP COUNT是这两个计数器的总称。 当其中有的 PDCP COUNT值的最高有效位 发生变化时, 就会触发周期性本地认证过程。 具体过程如下 (参见附图 1 ) :  To this end, the 3GPP (The 3rd Generation Partnership Project) protocol 33401-811 proposes a periodic local authentication process, also known as the Counter Check process. During transmission, the eNB will always monitor the PDCP COUNT value (PDCP: Packet Data Convergence Protocol; COUNT: Counter) for each radio. The PDCP COUNT value is HFN (Hyper Frame Number) and SN. (Session Number) A combination of counts that reflect the amount of data transmitted or received by the radio bearers in each active state. There is a separate counter for the transmitted and received packets: PDCP downlink COUNT (PDCP downlink count) ) and PDCP uplink COUNT (PDCP uplink count). It should be noted that the PDCP COUNT mentioned later is a general term for these two counters. The periodic local authentication process is triggered when the most significant bit of the PDCP COUNT value changes. The specific process is as follows (see Figure 1):
101 , 当 UE传输承载中一个承载的 PDCP COUNT值的最高有效位发生 变化时, eNB发送计数器检查消息给 UE,计数器检查消息中包含了每条激活 的无线承载的 PDCP COUNT值的 MSB ( Most Significant Bits , 最高有效位 ) 部分。 101, when the most significant bit of the PDCP COUNT value of one bearer in the UE transmission bearer occurs When changing, the eNB sends a counter check message to the UE, and the counter check message contains the MSB (most Significant Bits) portion of the PDCP COUNT value of each activated radio bearer.
102, UE将收到的计数器检查消息中的 PDCP COUNT值与自身相应的 无线承载的 PDCP COUNT MSB值(包括 PDCP uplink COUNT MSB和 PDCP downlink COUNT MSB ) 比较。 如果有不同, 将在计数器检查回复消息中包 含出现偏差的承载的 PDCP COUNT值。  102. The UE compares the PDCP COUNT value in the received counter check message with the PDCP COUNT MSB value of the corresponding radio bearer (including the PDCP uplink COUNT MSB and the PDCP downlink COUNT MSB). If there is a difference, the PDCP COUNT value of the bearer with the deviation will be included in the counter check reply message.
103 ,如果 eNB收到没有包含任何 PDCP COUNT值的计数器检查回复消 息, 过程终止。 如果 eNB收到了包含一个或若干个 PDCP COUNT值的计数 器检查回复消息, eNB 可能会释放该连接或者将该差别报告给服务 MME ( Mobility Management Entity , 移动管理实体) 或 O&M ( Operation and Maintenance, 操作和维护) , 以供后续传输安全分析。  103. If the eNB receives a counter check response message that does not contain any PDCP COUNT value, the process terminates. If the eNB receives a counter check reply message containing one or several PDCP COUNT values, the eNB may release the connection or report the difference to the serving MME (Mobility Management Entity) or O&M (Operation and Maintenance, Operation and Maintenance) Maintenance) for subsequent transmission security analysis.
周期性本地认证过程的信令是通过控制面传输的, 但是由于用户面数据 传输是独立于控制面的, 因此在 UE侧接收计数器检查消息验证的过程中, 可能 eNB的 PDCP COUNT值会继续变化 , 从而导致 eNB和 UE侧的 PDCP COUNT不一致。 但是, 接收过程比较短, 在短时间内 PDCP COUNT值变化 是有限的。 因此协议中给该过程提供一定的容错性保护: 只传输 PDCP COUNT的 MSB部分, 在最低有效位产生的变化就可以被忽略。  The signaling of the periodic local authentication process is transmitted through the control plane. However, since the user plane data transmission is independent of the control plane, the PDCP COUNT value of the eNB may continue to change during the process of receiving the counter check message verification by the UE side. Thus, the PDCP COUNT of the eNB and the UE side is inconsistent. However, the receiving process is relatively short, and the PDCP COUNT value change is limited in a short time. Therefore, the protocol provides some fault-tolerant protection for the process: Only the MSB part of the PDCP COUNT is transmitted, and the change in the least significant bit can be ignored.
但是上述现有技术可能导致误检测。 例如, 对于另外一个无线承载, 有 可能其 PDCP COUNT值的最高有效位正好处在一个变化的临界值,即最低有 效位处在向最高有效位进行进位的临界值, 此时在 UE侧接收计数器检查消 息验证的过程中, 即使短时间内 PDCP COUNT值变化是有限的,其最低有效 位也可能会发生进位, 导致最高有效位发生变化, 导致最终误检测。 同样的 误检测情况也有可能发生在同一个承载的上下行两个计数之间 (即 PDCP downlink COUNT和 PDCP uplink COUNT之间),比如说此时某承载的 PDCP 上行计数的最高有效位发生了改变, 触发了周期性本地认证过程, 而此时该 承载的 PDCP下行计数最高有效位正好处在一个变化的临界值, 此时前述的 误检测也有可能会发生。 发明内容 However, the above prior art may result in false detection. For example, for another radio bearer, it is possible that the most significant bit of its PDCP COUNT value is positive at a critical threshold, ie, the least significant bit is at the threshold for the carry to the most significant bit, at which time the counter is received at the UE side. During the check of the message verification, even if the PDCP COUNT value change is limited in a short time, the least significant bit may be carried over, resulting in the change of the most significant bit, resulting in the final misdetection. The same error detection condition may also occur between the uplink and downlink counts of the same bearer (ie, between PDCP downlink COUNT and PDCP uplink COUNT). For example, the most significant bit of the PDCP uplink count of a bearer changes at this time. The periodic local authentication process is triggered. At this time, the most significant bit of the PDCP downlink count of the bearer is positively changed at a critical value, and the aforementioned false detection may also occur. Summary of the invention
本发明要解决的技术问题是提供一种移动通信系统中本地认证的方法, 降低误检测和漏检测的情况, 提高系统安全性。  The technical problem to be solved by the present invention is to provide a method for local authentication in a mobile communication system, which reduces false detection and leakage detection and improves system security.
为了解决上述问题, 本发明提供了一种本地认证方法, 在周期性本地认 证过程中, 演进基站将无线承载的分组数据汇聚协议计数器值传送给终端, 终端比较自己的分组数据汇聚协议计数器值和接收到的所述分组数据汇聚协 议计数器值, 如果二者偏差超过设定的偏差范围, 则所述终端将该无线承载 的分组数据汇聚协议计数器值发送给演进基站。  In order to solve the above problem, the present invention provides a local authentication method. In a periodic local authentication process, an evolved base station transmits a packet data convergence protocol counter value of a radio bearer to a terminal, and the terminal compares its own packet data convergence protocol counter value and And receiving, by the packet data convergence protocol counter value, if the deviation exceeds the set deviation range, the terminal sends the packet data convergence protocol counter value of the radio bearer to the evolved base station.
进一步地, 上述方法还可具有以下特点, 所述二者偏差超过设定的偏差 范围是指, 二者差值的绝对值大于一偏差值。  Further, the above method may further have the following characteristics, wherein the deviation between the two exceeds the set deviation range means that the absolute value of the difference is greater than a deviation value.
进一步地, 上述方法还可具有以下特点, 所述偏差值由所述演进基站在 传送所述分组数据汇聚协议计数器值时传送给终端, 或者通过终端专用信令 或者系统信息广播传送给终端, 或者固定配置。  Further, the foregoing method may further have the following feature: the deviation value is transmitted to the terminal by the evolved base station when transmitting the packet data convergence protocol counter value, or is transmitted to the terminal through terminal dedicated signaling or system information broadcast, or Fixed configuration.
进一步地, 上述方法还可具有以下特点, 所述偏差值为 2 的 n次方, n 的值为 0至 15中任一整数值。  Further, the above method may further have the following characteristics, the deviation value is 2 to the power of n, and the value of n is any integer value of 0 to 15.
进一步地, 上述方法还可具有以下特点, 所述演进基站将无线承载的分 组数据汇聚协议计数器值发送给终端是指, 将无线承载的分组数据汇聚协议 计数器值的全部比特或者最低有效位部分发送给终端,所述终端进行比较时, 相应的使用自己的分组数据汇聚协议计数器值的全部比特或者最低有效位部 分进行比较。  Further, the foregoing method may further have the following feature: the evolved base station sends the packet data convergence protocol counter value of the radio bearer to the terminal, where the all-bit or least significant part of the packet data convergence protocol counter value of the radio bearer is sent. When comparing the terminals to the terminal, the corresponding bits are compared using all bits or the least significant part of the packet data convergence protocol counter value.
进一步地, 上述方法还可具有以下特点, 所述最低有效位部分的位数为 1到 32中任一整数值。  Further, the above method may further have the following feature, wherein the least significant bit portion has a bit number ranging from 1 to 32.
进一步地, 上述方法还可具有以下特点, 所述分组数据汇聚协议计数器 值包含上行分组数据汇聚协议计数器值, 所述终端进行比较时, 如果终端自 己的上行分组数据汇聚协议计数器值 d、于接收到的上行分组数据汇聚协议计 数器值, 则所述终端将该无线承载的分组数据汇聚协议计数器值发送给演进 基站。  Further, the foregoing method may further have the following feature: the packet data convergence protocol counter value includes an uplink packet data convergence protocol counter value, and when the terminal compares, if the terminal's own uplink packet data convergence protocol counter value d is received The uplink packet data convergence protocol counter value is sent, and the terminal sends the packet data convergence protocol counter value of the radio bearer to the evolved base station.
进一步地, 上述方法还可具有以下特点, 所述演进基站将无线承载的分 组数据汇聚协议计数器值发送给终端是指, 将无线承载的分组数据汇聚协议 计数器值的最高有效位部分发送给终端, 所述终端进行比较时, 相应的使用 自己的分组数据汇聚协议计数器值的最高有效位部分进行比较, 所述偏差值 为 1。 Further, the foregoing method may further have the following feature: the evolved base station divides the radio bearer The sending of the group data convergence protocol counter value to the terminal means that the most significant bit portion of the packet data convergence protocol counter value of the radio bearer is sent to the terminal, and when the terminal compares, the corresponding packet data convergence protocol counter value is used accordingly. The most significant bit portion is compared, and the deviation value is 1.
进一步地, 上述方法还可具有以下特点, 所述无线承载为所有激活的无 线承载。  Further, the foregoing method may further have the following feature: the radio bearer is all activated radio bearers.
进一步地, 上述方法还可具有以下特点, 在周期性本地认证过程中, 所 述演进基站只将触发所述周期性本地认证过程的无线承载的上行或下行分组 数据汇聚协议计数器值的高有效位部分传送给终端, 所述偏差范围为 0。  Further, the foregoing method may further have the following feature: in the periodic local authentication process, the evolved base station only triggers the high-bit of the uplink or downlink packet data convergence protocol counter value of the radio bearer that triggers the periodic local authentication process. Partially transmitted to the terminal, the deviation range is zero.
进一步地, 上述方法还可具有以下特点, 在周期性本地认证过程中, 所 述演进基站发送计数器检查消息给终端, 通过所述计数器检查消息携带所述 分组数据汇聚协议计数器值; 所述终端比较时, 如果所述计数器检查消息中 携带的承载标识在终端本地未建立, 或者所述终端自己的无线承载的承载标 识不在所述计数器检查消息中, 则该无线承载为非同步的。  Further, the foregoing method may further have the following feature: in the periodic local authentication process, the evolved base station sends a counter check message to the terminal, where the counter check message carries the packet data convergence protocol counter value; If the bearer identifier carried in the counter check message is not established locally, or the bearer identifier of the radio bearer of the terminal is not in the counter check message, the radio bearer is asynchronous.
应用本发明改进了现有技术的验证过程中可能会出现的误检测, 增强整 个系统的稳定性, 减少对正常用户通讯的错误处理, 另外, 通过有效的系统 配置, 还可以降低系统信令的有效负荷。 附图概述  The invention improves the false detection which may occur in the verification process of the prior art, enhances the stability of the whole system, reduces the error handling of normal user communication, and can also reduce the system signaling through effective system configuration. Payload. BRIEF abstract
图 1是 eNB周期本地验证过程;  Figure 1 is an eNB periodic local verification process;
图 2是本发明中周期性本地认证过程实施方式一的信令流程图; 图 3是本发明优化周期性本地认证过程实施方式二;  2 is a signaling flow chart of Embodiment 1 of a periodic local authentication process in the present invention; FIG. 3 is a second implementation manner of the optimized periodic local authentication process of the present invention;
图 4是本发明优化周期性本地认证过程实施方式三;  4 is a third implementation manner of the optimized periodic local authentication process of the present invention;
图 5是本发明优化周期性本地认证过程实施方式四;  FIG. 5 is a fourth implementation manner of the optimized periodic local authentication process of the present invention; FIG.
图 6是本发明优化周期性本地认证过程实施方式五;  6 is a fifth implementation manner of the optimized periodic local authentication process of the present invention;
图 7是本发明优化周期性本地认证过程实施方式六;  7 is a sixth implementation manner of the optimized periodic local authentication process of the present invention;
图 8是本发明计数器检查比较判断流程; 图 9是本发明计数器低有效位检查比较判断流程; Figure 8 is a flow chart of the counter check comparison judgment of the present invention; 9 is a flow chart of comparing and evaluating the low effective bit of the counter of the present invention;
图 10是本发明计数器高有效位检查比较判断流程。 本发明的较佳实施方式  Fig. 10 is a flow chart showing the comparison judgment of the counter high effective bit of the present invention. Preferred embodiment of the invention
本发明的基本思想是, 设置一偏差范围, 在周期性本地认证过程中, 终 端比较从演进基站接收到的 PDCP COUNT和本地的 PDCP COUNT, 如果超 过设定的偏差范围 (例如二者的差值的绝对值大于一设定的偏差值) , 则将 该非同步的无线承载的 PDCP COUNT发送给基站。  The basic idea of the present invention is to set a deviation range. In the periodic local authentication process, the terminal compares the PDCP COUNT and the local PDCP COUNT received from the evolved base station, if the set deviation range is exceeded (for example, the difference between the two) The absolute value of the radio bearer is greater than a set offset value, and the PDCP COUNT of the non-synchronized radio bearer is sent to the base station.
方法一:  method one:
( a ) eNB在周期性本地认证过程中传送整个 PDCP COUNT值, 即传送 (a) The eNB transmits the entire PDCP COUNT value during the periodic local authentication process, ie, transmits
PDCP COUNT 的全部比特, 在比较过程中引入一个验证容许的偏差值 Tolerance ( Tolerance为一个非负整数, 实现中 Tolerance可以取值为 2Λη, 其 中 η为 Tolerance的二进制比特位数, 比如 n可以取值为 0,1,2,...15, 后文 Tolerance使用同样的条件) , 在 UE的比较过程中, 只要 eNB侧与 UE侧的 PDCP COUNT值偏差大于 Tolerance就认为是非同步的, 否则认为是同步的。 All bits of PDCP COUNT are introduced into a verification tolerance value Tolerance (Tolerance is a non-negative integer. In the implementation, Tolerance can take 2 Λ η, where η is the number of bits in Tolerance, such as n. The value is 0, 1, 2, ... 15, and the following conditions are used by Tolerance. In the UE comparison process, as long as the PDCP COUNT value deviation between the eNB side and the UE side is greater than Tolerance, it is considered to be asynchronous. Otherwise, Think it is synchronous.
( b ) eNB在周期性本地认证过程中只传送 PDCP COUNT MSB值,在比 较过程中为了避免因为前述的延迟或其他问题引起误检测, 此时验证容许的 偏差值 1 , 即 Tolerance等于 1 (即 n取值为 0, Tolerance釆用默认配置 1 ) , 在 UE的比较过程中 , 只要 eNB侧与 UE侧的 PDCP COUNT MSB值偏差小 于等于 1就认为是同步的, 否则认为是非同步的。  (b) The eNB only transmits the PDCP COUNT MSB value during the periodic local authentication process. In order to avoid false detection due to the aforementioned delay or other problems during the comparison process, the allowed offset value 1 is verified, ie Tolerance is equal to 1 (ie The value of n is 0, and the default configuration of Tolerance is 1). In the comparison process of the UE, as long as the deviation of the PDCP COUNT MSB value between the eNB side and the UE side is less than or equal to 1, it is considered to be synchronous, otherwise it is considered to be asynchronous.
( c )为了降低信令的负荷, 可以让 eNB在周期性本地认证过程中只传 送 PDCP COUNT的 LSB ( Least Significant Bits, 最低有效位)部分, 即选择 在计数器检查消息中只携带 PDCP COUNT的 LSB部分, LSB的取值范围是 1比特到 32比特, 比如 LSB可以取 7比特或 12比特。 UE在比较判断时, 也 是用 UE侧承载的 PDCP COUNT的 LSB部分, 在 UE的比较过程中 , eNB 侧与 UE侧的 PDCP COUNT LSB部分的值偏差大于 Tolerance就认为是非同 步的, 否则认为是同步的。  (c) In order to reduce the signaling load, the eNB may only transmit the LSB (Least Significant Bits) part of the PDCP COUNT during the periodic local authentication process, that is, select the LSB carrying only the PDCP COUNT in the counter check message. In part, the LSB ranges from 1 bit to 32 bits, for example, the LSB can take 7 bits or 12 bits. In the comparison judgment, the UE also uses the LSB part of the PDCP COUNT carried by the UE side. In the comparison process of the UE, the value deviation of the PDCP COUNT LSB part of the eNB side and the UE side is greater than Tolerance, and is considered to be asynchronous, otherwise it is considered to be synchronous. of.
进一步地,在上述实施方式(a ) , ( b ) , ( c )中,在比较 PDCP COU T 时, 对于同一个承载中的上行计数, 即 PDCP uplink COUNT (上行分组数据 汇聚协议计数器), 釆用不同的判决方法。 对于上行, 因为发送方在 UE, 因 此在有些情况下 UE可以明确检测出是否有攻击者在某承载上加塞了非法数 据,即如果 UE上的 PDCP uplink COUNT值大于或等于信令中的 PDCP uplink COUNT (即 eNB上的 PDCP uplink COUNT ) , 那么可能是因为信令或其他 延迟导致的; 但是如果 UE上的 PDCP uplink COUNT值小于信令中的 PDCP uplink COUNT, 就说明基站收到了非法的数据包, 即有非法入侵者在承载上 加塞了非法的数据, 此时 UE就需要报告 eNB。 对于下行计数, 即 PDCP downlink COUNT值, 只要保证 UE上的 PDCP downlink COUNT值与信令中 的 PDCP downlink COUNT (即 eNB上 PDCP downlink COUNT )之间的偏差 小于等于允许的偏差值即认为是同步的。 Further, in the above embodiments (a), (b), (c), comparing PDCP COU T In the case of the uplink count in the same bearer, that is, PDCP uplink COUNT (upstream packet data convergence protocol counter), different decision methods are used. For the uplink, because the sender is in the UE, in some cases, the UE can explicitly detect whether an attacker has blocked illegal data on a certain bearer, that is, if the PDCP uplink COUNT value on the UE is greater than or equal to the PDCP uplink in the signaling. COUNT (ie PDCP uplink COUNT on the eNB), which may be due to signaling or other delays; but if the PDCP uplink COUNT value on the UE is less than the PDCP uplink COUNT in the signaling, the base station has received an illegal packet. That is, if an illegal intruder imposes illegal data on the bearer, the UE needs to report the eNB. For the downlink count, that is, the PDCP downlink COUNT value, it is considered to be synchronous as long as the deviation between the PDCP downlink COUNT value on the UE and the PDCP downlink COUNT in the signaling (ie, the PDCP downlink COUNT on the eNB) is less than or equal to the allowed offset value. .
进一步地, 上述实施方式(a ) , ( b ) , ( c ) 中, 可以选择验证过程中 允许的偏差值 Tolerance不通过计数器检查消息携带, 而是釆用固定配置, 或 者其他方式配置, 比如说通过 UE专用信令或系统信息广播, 从而降低信令 负荷。  Further, in the above embodiments (a), (b), (c), the tolerance value Tolerance allowed in the verification process may be selected not to be carried by the counter check message, but may be configured by a fixed configuration or by other means, for example The signaling load is reduced by UE-specific signaling or system information broadcasting.
方法二: Method Two:
eNB在发起计数器检查时, 消息中只包含触发该消息的承载的其中一个 PDCP COUNT MSB信息 (即只带 PDCP downlink COUNT或者只带 PDCP uplink COUNT值), UE收到后也只验证该承载的 PDCP COUNT MSB信息, 此时允许偏差值为 0。 如果不同步, 则在计数器检查回复消息中包含该承载 的 PDCP COUNT值。 其他的承载不予关心, 这样也可以保证验证的可靠性。  When the eNB initiates a counter check, the message includes only one PDCP COUNT MSB information of the bearer that triggers the message (ie, only PDCP downlink COUNT or only PDCP uplink COUNT value), and only the PDCP of the bearer is verified after receiving the UE. COUNT MSB information, the tolerance value is 0 at this time. If it is not synchronized, the PDCP COUNT value of the bearer is included in the counter check reply message. Other bearers are not of concern, which also ensures the reliability of the verification.
下面通过附图和实施例进一步详细说明本发明。 The invention will now be described in further detail by means of the drawings and embodiments.
结合图 2, 具体实施方式一描述如下:  Referring to FIG. 2, a specific embodiment 1 is described as follows:
201 , 当 UE传输承载中一个承载的 PDCP COUNT的最高有效位发生变 化时, eNB发送计数器检查消息给 UE,计数器检查消息中包含了每条激活的 无线承载的 PDCP COUNT值, 和验证中允许的偏差值 Tolerance或者该偏差 值对应的比特位数 n (例如 Tolerance可以取值为 128, 即 n为 7比特; 或者 Tolerance取值为 4096, 即取 n为 12比特) 。 201. When the most significant bit of the PDCP COUNT of one bearer in the UE transmission bearer changes, the eNB sends a counter check message to the UE, where the counter check message includes the PDCP COUNT value of each activated radio bearer, and the allowed in the verification. Deviation value Tolerance or the deviation The number of bits corresponding to the value n (for example, Tolerance can be 128, that is, n is 7 bits; or Tolerance takes 4096, that is, n is 12 bits).
202, UE将收到的计数器检查消息中的 PDCP COUNT值与 UE侧保存的 无线承载的 PDCP COUNT值比较。 如果 PDCP COUNT值不同步, UE将在 计数器检查回复消息中包含非同步承载标识和 UE 保存的该承载 PDCP COUNT值。 判断是否同步的原则参见图 8, 具体过程见后。  202. The UE compares the PDCP COUNT value in the received counter check message with the PDCP COUNT value of the radio bearer saved by the UE side. If the PDCP COUNT value is not synchronized, the UE will include the non-synchronized bearer identity and the bearer PDCP COUNT value saved by the UE in the counter check reply message. See Figure 8 for the principle of judging whether or not to synchronize.
203 ,如果 eNB收到没有包含任何 PDCP COUNT值的计数器检查回复消 息, 过程终止; 如果 eNB收到了包含一个或若干个 PDCP COUNT值的计数 器检查回复消息, eNB可能会释放该连接或者将该差别报告给服务 MME或 0&M, 以供后续传输安全分析。  203. If the eNB receives a counter check reply message that does not contain any PDCP COUNT value, the process terminates; if the eNB receives a counter check reply message containing one or several PDCP COUNT values, the eNB may release the connection or report the difference. Serve the MME or O&M for subsequent transmission security analysis.
结合图 3 , 具体实施方式二描述如下: Referring to FIG. 3, the second embodiment is described as follows:
步骤 301 , 当 UE传输承载中一个承载的 PDCP COUNT的最高有效位发 生变化时, eNB发起周期性本地认证过程, eNB发送计数器检查消息给 UE, 该计数器检查消息中包含了每条激活的无线承载的 PDCP COUNT值的 LSB 部分(例如 LSB为 7比特或者 12比特) , 和验证中允许的偏差值 Tolerance 或者其对应的比特位数 n( Tolerance取值应该比 LSB小,因此相应的 Tolerance 可以取值为 32, 即取 n为 5比特; 或 Tolerance取值为 1024, 即 n取为 10 比特, 或其他合适值) 。  Step 301: When the most significant bit of the PDCP COUNT of the bearer in the UE transmission bearer changes, the eNB initiates a periodic local authentication process, and the eNB sends a counter check message to the UE, where the counter check message includes each activated radio bearer. The LSB part of the PDCP COUNT value (for example, the LSB is 7 bits or 12 bits), and the tolerance value Tolerance allowed in the verification or its corresponding bit number n (the Tolerance value should be smaller than the LSB, so the corresponding Tolerance can take values 32, that is, n is 5 bits; or Tolerance is 1024, that is, n is taken as 10 bits, or other suitable value).
步骤 302 , UE将收到的计数器检查消息中的 PDCP COUNT LSB值与 UE 侧保存的无线承载的值 PDCP COUNT LSB比较。 如果二者不同步, UE将在 计数器检查回复消息中包含非同步的承载标识和 PDCP COUNT值。判断是否 同步的原则参见图 9, 具体过程见后。  Step 302: The UE compares the PDCP COUNT LSB value in the received counter check message with the value PDCP COUNT LSB of the radio bearer saved on the UE side. If the two are not synchronized, the UE will include the non-synchronized bearer ID and PDCP COUNT value in the counter check reply message. See Figure 9 for the principle of judging whether or not to synchronize.
步骤 303 , 如果 eNB收到没有包含任何 PDCP COUNT值的计数器检查 回复消息, 过程终止。 如果 eNB收到了包含一个或若干个 PDCP COUNT值 的计数器检查回复消息, eNB 可能会释放该连接或者将该差别报告给服务 MME或 0&M , 以供后续传输安全分析。 结合图 4, 具体实施方式三描述如下: Step 303: If the eNB receives a counter check reply message that does not contain any PDCP COUNT value, the process terminates. If the eNB receives a counter check reply message containing one or several PDCP COUNT values, the eNB may release the connection or report the difference to the serving MME or O&M for subsequent transmission security analysis. Referring to FIG. 4, the third embodiment is described as follows:
400, 本地验证容许偏差值 Tolerance釆用固定配置, 或通过 UE专用信 令或系统信息广播配置(Tolerance可以取值为 64, 128, 256...4096, 相应的 n取值为 6, 7, 8, ...12 ) 。  400, the local verification tolerance value Tolerance is configured by a fixed configuration, or by UE dedicated signaling or system information broadcast (Tolerance can take values of 64, 128, 256...4096, and the corresponding n value is 6, 7, 8, ...12).
401 , 当 UE传输承载中一个承载的 PDCP COUNT的最高有效位发生变 化时, eNB发送计数器检查消息给 UE,计数器检查消息中包含了每条激活的 无线承载的 PDCP COUNT值。  401. When the most significant bit of the PDCP COUNT of one bearer in the UE transmission bearer changes, the eNB sends a counter check message to the UE, where the counter check message includes the PDCP COUNT value of each activated radio bearer.
402, UE将收到的计数器检查消息中的 PDCP COUNT值与 UE侧保存的 相应的无线承载的计数器值 PDCP COUNT比较。 如果二者不同步, UE将在 计数器检查回复消息中包含非同步的承载标识和 PDCP COUNT值。判断是否 同步的原则参见图 8, 具体过程见后。  402. The UE compares the PDCP COUNT value in the received counter check message with the counter value PDCP COUNT of the corresponding radio bearer saved by the UE side. If the two are not synchronized, the UE will include the non-synchronized bearer ID and PDCP COUNT value in the counter check reply message. See Figure 8 for the principle of judging whether or not to synchronize.
403 ,如果 eNB收到没有包含任何 PDCP COUNT值的计数器检查回复消 息, 过程终止。 如果 eNB收到了包含一个或若干个 PDCP COUNT值的计数 器检查回复消息, eNB可能会释放该连接或者将该差别报告给服务 MME或 0&M, 以供后续传输安全分析。  403. If the eNB receives a counter check response message that does not contain any PDCP COUNT value, the process terminates. If the eNB receives a counter check reply message containing one or several PDCP COUNT values, the eNB may release the connection or report the difference to the serving MME or O&M for subsequent transmission security analysis.
结合图 5, 具体实施方式四描述如下: Referring to FIG. 5, the fourth embodiment is described as follows:
500, 本地验证容许偏差值 Tolerance釆用固定配置, 或通过 UE专用信 令或系统信息广播配置 (Tolerance可以取值为 64, 128, 256...4096 ) 。  500, Local Verification Tolerance Value Tolerance is configured in a fixed configuration, or through UE-specific signaling or system information broadcast (Tolerance can be 64, 128, 256...4096).
501 , 当 UE传输承载中一个承载的 PDCP COUNT的最高有效位发生变 化时, eNB发送计数器检查消息给 UE,计数器检查消息中包含了每条激活的 无线承载的 PDCP COUNT值的 LSB部分(比如 LSB为 7比特或者 12比特)。  501. When the most significant bit of the PDCP COUNT of one bearer in the UE transmission bearer changes, the eNB sends a counter check message to the UE, where the counter check message includes an LSB part (such as an LSB) of the PDCP COUNT value of each activated radio bearer. It is 7 bits or 12 bits).
502, UE将收到的计数器检查消息中的 PDCP COUNT LSB值与 UE侧保 存的无线承载的计数器值 PDCP COUNT LSB比较。 如果二者不同步, UE将 在计数器检查回复消息中包含非同步的承载标识和该承载的 PDCP COUNT 值。 判断是否同步的原则参见图 9, 具体过程见后。  502. The UE compares the received PDCP COUNT LSB value in the counter check message with the counter value PDCP COUNT LSB of the radio bearer stored on the UE side. If the two are not synchronized, the UE will include the non-synchronized bearer identifier and the PDCP COUNT value of the bearer in the counter check reply message. See Figure 9 for the principle of judging whether or not to synchronize.
503 ,如果 eNB收到没有包含任何 PDCP COUNT值的计数器检查回复消 息, 过程终止。 如果 eNB收到了包含一个或若干个 PDCP COUNT值的计数 器检查回复消息, eNB可能会释放该连接或者将该差别报告给服务 MME或 0&M, 以供后续传输安全分析。 503. If the eNB receives a counter check reply message that does not contain any PDCP COUNT value, the process terminates. If the eNB receives a count containing one or several PDCP COUNT values The device checks the reply message, and the eNB may release the connection or report the difference to the serving MME or O&M for subsequent transmission security analysis.
结合图 6, 具体实施方式五描述如下: Referring to FIG. 6, the specific embodiment 5 is described as follows:
601 , 当 UE传输承载中一个承载的 PDCP COUNT的最高有效位发生变 化时, eNB发送计数器检查消息给 UE,计数器检查消息中包含了每条激活的 无线承载的 PDCP COUNT值的 MSB部分(MSB可以取 20比特, 或者 25 比特, 或其他介于 1到 32比特之间的值 ) 。  601. When the most significant bit of the PDCP COUNT of one bearer in the UE transmission bearer changes, the eNB sends a counter check message to the UE, where the counter check message includes the MSB part of the PDCP COUNT value of each activated radio bearer (the MSB may Take 20 bits, or 25 bits, or other values between 1 and 32 bits).
602, UE将收到的计数器检查消息中的 PDCP COUNT MSB值与 UE侧 保存的无线承载的 PDCP COUNT MSB值比较。如果二者不同步, UE将在计 数器检查回复消息中包含非同步的承载标识和 PDCP COUNT值。判断是否同 步的原则参见图 10, 具体过程见后。  602. The UE compares the received PDCP COUNT MSB value in the counter check message with the PDCP COUNT MSB value of the radio bearer saved by the UE side. If the two are not synchronized, the UE will include the non-synchronized bearer ID and PDCP COUNT value in the counter check reply message. See Figure 10 for the principle of judging whether or not to synchronize. The specific process is as follows.
603 ,如果 eNB收到没有包含任何 PDCP COUNT值的计数器检查回复消 息, 过程终止。 如果 eNB收到了包含一个或若干个 PDCP COUNT值的计数 器检查回复消息, eNB可能会释放该连接或者将该差别报告给服务 MME或 0&M, 以供后续传输安全分析。  603. If the eNB receives a counter check response message that does not contain any PDCP COUNT value, the process terminates. If the eNB receives a counter check reply message containing one or several PDCP COUNT values, the eNB may release the connection or report the difference to the serving MME or O&M for subsequent transmission security analysis.
结合图 7, 具体实施方式六描述如下: Referring to Figure 7, the specific embodiment 6 is described as follows:
701 , 当 UE传输承载中一个承载的 PDCP COUNT值 ( PDCP downlink COUNT值或者 PDCP uplink COUNT值) 的最高有效位发生变化时, eNB发 送计数器检查消息给 UE, 计数器检查消息中只包含该无线承载的 PDCP COUNT值的 MSB部分(即只带 PDCP downlink COUNT或者 PDCP uplink COUNT值 ) , MSB可以取 20比特, 或者 25比特, 或其他介于 1到 32比特 之间的值。  701. When the most significant bit of the PDCP COUNT value (the PDCP downlink COUNT value or the PDCP uplink COUNT value) of the bearer in the UE transmission bearer changes, the eNB sends a counter check message to the UE, where the counter check message only includes the radio bearer. The MSB portion of the PDCP COUNT value (ie, with only the PDCP downlink COUNT or PDCP uplink COUNT value), the MSB may take 20 bits, or 25 bits, or other value between 1 and 32 bits.
702 , UE将收到的计数器检查消息中的 PDCP COUNT MSB值与 UE侧 保存的无线承载的计数值 PDCP COUNT MSB比较。如果不同步, UE将在计 数器检查回复消息中包含该承载的 PDCP COUNT值。 判断是否同步的原则 是: 如果计数器检查消息中 (即 eNB侧)的 PDCP COUNT MSB值(上行或 者下行)与 UE侧保存的 PDCP COUNT MSB值(上行或者下行)相等, 则 认为是同步的, 否则认为是非同步的, 即此时偏差值为 0。 702. The UE compares the PDCP COUNT MSB value in the received counter check message with the count value PDCP COUNT MSB of the radio bearer saved by the UE side. If not, the UE will include the PDCP COUNT value of the bearer in the counter check reply message. The principle for judging whether to synchronize is: If the counter checks the PDCP COUNT MSB value in the message (ie, the eNB side) (upstream or If the PDCP COUNT MSB value (upstream or downlink) saved on the UE side is equal, it is considered to be synchronous, otherwise it is considered to be asynchronous, that is, the offset value is 0 at this time.
703 ,如果 eNB收到没有包含任何 PDCP COUNT值的计数器检查回复消 息, 过程终止。 如果 eNB收到了包含 PDCP COUNT值的计数器检查回复消 息, eNB可能会释放该连接或者将该差别报告给服务 MME或 0&M, 以供后 续传输安全分析。  703. If the eNB receives a counter check response message that does not contain any PDCP COUNT value, the process terminates. If the eNB receives a counter check reply message containing the PDCP COUNT value, the eNB may release the connection or report the difference to the serving MME or O&M for subsequent transmission security analysis.
结合图 8 , 即 UE收到计数器检查消息后, 判断承载 PDCP COUNT是否 同步的流程如下: Referring to FIG. 8, after the UE receives the counter check message, it is determined that the process of whether the PDCP COUNT is synchronized is as follows:
对于 UE每条待比较的专用承载,  For each dedicated bearer to be compared by the UE,
1 )如果在计数器检查消息检查的列表里面某条承载标识, 在 UE侧没有 建立, 则认为该承载是非同步的, 该承载比较结束。  1) If a bearer identifier is not established on the UE side in the list of the counter check message check, the bearer is considered to be asynchronous, and the bearer comparison ends.
2 )如果某条承载标识没有出现在计数器检查消息检查的列表里面, 认为 该承载是非同步的, 该承载比较结束。  2) If a bearer identifier does not appear in the list of counter check message checks, it is considered that the bearer is asynchronous, and the bearer comparison ends.
3 )如果 UE侧的下行计数 PDCPdownlinkCOUNTUE和 eNB侧的下行计数3) If the UE side downlink counts the PDCPdownlink COUNT UE and the eNB side downlink count
PDCPdownlinkCOUNTeNB偏 Ά'、于等于 H (固定配置, 或者可以通过系统 信息广播或 UE专用信令配置) 的允许的偏差值 Tolerance , 即: The PDCPdownlink COUNT eNB biases ', is equal to H (fixed configuration, or can be configured by system information broadcast or UE-specific signaling), the allowable deviation value Tolerance, namely:
I PDCPdownlinkCOU TuE - PDCPdownlinkCOU TeNB I <= Tolerance , 则认为该下行计数是同步的。 I PDCPdownlinkCOU TuE - PDCPdownlinkCOU T eNB I <= Tolerance , then the downlink count is considered to be synchronous.
否则认为是非同步的, 该承载比较结束。  Otherwise it is considered to be asynchronous, and the bearer comparison ends.
4 )如果 UE 的 行 i 数 PDCPuplinkCOUNT 大于等于 eNB侧的上行 PDCPuplmkCOUNTeNB, 且偏差小于等于设定(固定配置, 或者可以通 过系统信息广播或 UE专用信令配置) 的允许的偏差值 Tolerance , 即:4) If the UE's row i number PDCPuplinkCOUNT is greater than or equal to the uplink PDCPuplmkCOUNT eNB on the eNB side, and the deviation is less than or equal to the set (fixed configuration, or can be configured by system information broadcast or UE-specific signaling), the tolerance value Tolerance is:
0 <= PDCPuplinkCOU TuE - PDCPuplinkCOU TeNB <= Tolerance 则认为是同步的, 0 <= PDCPuplinkCOU TuE - PDCPuplinkCOU T eNB <= Tolerance is considered to be synchronous,
否则, 即: UE侧的上行计数 PDCPuplinkCOUNTUE小于 eNB侧的上行计 数 PDCuplinkCOUNTeNB , 或者是两者偏差大于设定的允许的偏差值 Tolerance , 即: Otherwise, namely: up count PDCPuplinkCOUNT UE UE side is smaller than the count up PDCuplinkCOUNT eNB eNB side, or both the deviation is greater than the permissible deviation value setting Tolerance, ie:
PDCPuplinkCOU TuE - PDCPuplinkCOU TeNB > Tolerance 或 PDCPuplinkCOU TuE - PDCPuplinkCOU T eNB > Tolerance or
PDCPuplinkCOUNTuE - PDCPuplinkCOU TeNB < 0 PDCPuplinkCOUNTuE - PDCPuplinkCOU T eNB < 0
则认为是非同步的, 该承载比较结束。 结合图 9 ,即 UE收到计数器检查消息后,判断承载计数器低有效位 PDCP COUNT LSB是否同步的流程如下:  It is considered to be asynchronous, and the bearer comparison ends. Referring to FIG. 9, after the UE receives the counter check message, the process of determining whether the bearer counter low effective bit PDCP COUNT LSB is synchronized is as follows:
对于 UE每条待比较的专用承载,  For each dedicated bearer to be compared by the UE,
1 )如果在计数器检查消息检查的列表里面某条承载标识, 在 UE侧没有 建立, 则认为该承载是非同步的, 该承载比较结束。  1) If a bearer identifier is not established on the UE side in the list of the counter check message check, the bearer is considered to be asynchronous, and the bearer comparison ends.
2 )如果某条承载标识没有出现在计数器检查消息检查的列表里面, 认为 该承载是非同步的, 该承载比较结束。  2) If a bearer identifier does not appear in the list of counter check message checks, it is considered that the bearer is asynchronous, and the bearer comparison ends.
3 )如果 UE侧的下行计数低有效位 PDCPdownlinkCOUNTLSBUE和 eNB 侧的下行计数低有效位 PDCPdownlinkCOUNTLSBeNB偏差小于等于设定(固 定配置, 或者可以通过系统信息广播或 UE专用信令配置) 的允许的偏差值 Tolerance , 即: 3) If the downlink side of the UE downlink significant bits of the count PDCPdownlinkCOUNTLSB UE and eNB side significant bits of the count is less than equal to the set PDCPdownlinkCOUNTLSB eNB deviation (fixed configuration, or may be configured through system information broadcast or dedicated signaling UE) permitted deviation The value Tolerance, ie:
PDCPdownlinkCOUNTLSBuE― PDCPdownlinkCOUNTLSBeNB \ < = PDCPdownlinkCOUNTLSBuE― PDCPdownlinkCOUNTLSB eNB \ <=
Tolerance, 则认为该下行计数是同步的。  Tolerance, the downlink count is considered to be synchronous.
否则认为是非同步的, 该承载比较结束。  Otherwise it is considered to be asynchronous, and the bearer comparison ends.
4 )如果 UE侧的上行计数低有效位 PDCPuplinkCOUNTLSBuE大于等于 eNB侧的上行计数低有 i位 PDCPuplinkCOUNTLSBeNB,且偏差小于等于设定4) If the uplink count low effective bit PDCPuplinkCOUNTLSBuE on the UE side is greater than or equal to the uplink count low on the eNB side, there is an i bit PDCPuplinkCOUNTLSB eNB , and the deviation is less than or equal to the setting.
(固定配置, 或者可以通过系统信息广播或 UE专用信令配置) 的允许的偏 H Tolerance, 即: (Fixed configuration, or can be configured through system information broadcast or UE-specific signaling) H Tolerance, ie:
0 < = PDCPuplinkCOUNTLSBuE― PDCPuplinkCOUNTLSBeNB < = 0 <= PDCPuplinkCOUNTLSBuE― PDCPuplinkCOUNTLSB eNB <=
Tolerance 则认为是同步的, Tolerance Then think it is synchronous,
否则,即: UE侧的上行计数低有效位 PDCPuplinkCOUNTLSBuE小于 eNB 侧的上行计数低有效位 PDCuplinkCOUNTLSBeNB, 或者是两者偏差大于设定 的允许的偏差值 Tolerance , 即: Otherwise, namely: the upstream side of the UE uplink significant bit of the count is less than the eNB side PDCPuplinkCOUNTLSBuE significant bit count PDCuplinkCOUNTLSB eNB, or both the permissible deviation is greater than the set value deviation Tolerance, namely:
PDCPuplinkCOUNTLSBuE - PDCPuplinkCOUNTLSBeNB > Tolerance 或 PDCPuplinkCOUNTLSBuE - PDCPuplinkCOUNTLSB eNB > Tolerance or
PDCPuplinkCOUNTLSBUE - PDCPuplinkCOUNTLSBeNB < 0 则认为是非同步的, 该承载比较结束。 PDCPuplinkCOUNTLSB UE - PDCPuplinkCOUNTLSB eNB < 0 is considered to be asynchronous, and the bearer comparison ends.
结合图 10 , 即 UE 收到计数器检查消息后, 判断承载计数器高有效位Referring to FIG. 10, after the UE receives the counter check message, it determines that the bearer counter has a high effective bit.
PDCP COUNT MSB是否同步的流程如下: The process of synchronizing PDCP COUNT MSB is as follows:
对于 UE每条待比较的专用承载,  For each dedicated bearer to be compared by the UE,
1 )如果在计数器检查消息检查的列表里面某条承载标识, 在 UE侧没有 建立, 则认为该承载是非同步的, 该承载比较结束。  1) If a bearer identifier is not established on the UE side in the list of the counter check message check, the bearer is considered to be asynchronous, and the bearer comparison ends.
2 )如果某条承载标识没有出现在计数器检查消息检查的列表里面, 认为 该承载是非同步的, 该承载比较结束。  2) If a bearer identifier does not appear in the list of counter check message checks, it is considered that the bearer is asynchronous, and the bearer comparison ends.
3 )如果 UE侧的下行计数高有效位 PDCPdownlinkCOUNTMSBUE和 eNB 侧的下行计数高有效位 PDCPdownlinkCOUNTMSB eNB偏差小于等于 1 , 即: PDCPdownlinkCOUNTMSBUE― PDCPdownlinkCOUNTMSB eNB < = 1 , 则认为该下行计数是同步的。 3) If the UE side downlink count high significant bit PDCPdownlink COUNTMSB UE and the eNB side downlink count high significant bit PDCPdownlink COUNTMSB eNB deviation is less than or equal to 1, ie: PDCPdownlinkCOUNTMSB UE - PDCPdownlinkCOUNTMSB eNB < = 1, then the downlink count is considered to be synchronous.
否则认为是非同步的, 该承载比较结束。  Otherwise it is considered to be asynchronous, and the bearer comparison ends.
4 )如果 UE侧的上行计数高有效位 PDCPuplinkCOUNTMSBuE大于等于 eNB侧的上行计数高有效位 PDCPuplinkCOUNTMSB eNB . 且偏差小于等于 1 , 即: 4) If the uplink count high significant bit PDCPuplinkCOUNTMSBuE on the UE side is greater than or equal to the uplink count high significant bit PDCPuplinkCOUNTMSB eNB on the eNB side, and the deviation is less than or equal to 1, that is:
0 < = PDCPuplinkCOUNTMSBuE― PDCPuplinkCOUNTMSB eNB < = 1 则认为是同步的, 0 <= PDCPuplinkCOUNTMSBuE― PDCPuplinkCOUNTMSB eNB < = 1 is considered to be synchronous,
否则,即: UE 的 行计数高有故位 PDCPuplinkCOUNTMSBUE小于 eNB 侧的上行计数高有效位 ^0^/ « 0 ^ ¾»¾^, 或者是两者偏差大于 1 , 即: Otherwise, that is, the UE has a high row count, and the PDCPuplinkCOUNTMSB UE is smaller than the eNB. The side of the upstream count is the high significant bit ^0^/ « 0 ^ 3⁄4»3⁄4^, or the deviation between the two is greater than 1, ie:
PDCPuplinkCOUNTMSBuE - PDCPuplinkCOUNTMSBeNB > 1 或 PDCPuplinkCOUNTMSBuE - PDCPuplinkCOUNTMSB eNB > 1 or
PDCPuplinkCOUNTMSBUE - PDCPuplinkCOUNTMSBeNB < 0 则认为是非同步的, 该承载比较结束。 PDCPuplinkCOUNTMSB UE - PDCPuplinkCOUNTMSB eNB < 0 is considered to be asynchronous, and the bearer comparison ends.
最后需要说明以上实施方式仅用于说明本发明, 而非用于限定本发明。 如果不脱离本发明的精神和范围的对本发明进行修改或者等同替换, 均应涵 盖在本发明的权利要求范围当中。  Finally, the above embodiments are merely illustrative of the invention and are not intended to limit the invention. Modifications or equivalents of the invention are intended to be included within the scope of the appended claims.
工业实用性 Industrial applicability
应用本发明改进了现有技术的验证过程中可能会出现的误检测, 增强整 个系统的稳定性, 减少对正常用户通讯的错误处理, 另外, 通过有效的系统 配置, 还可以降低系统信令的有效负荷。  The invention improves the false detection which may occur in the verification process of the prior art, enhances the stability of the whole system, reduces the error handling of normal user communication, and can also reduce the system signaling through effective system configuration. Payload.

Claims

权 利 要 求 书 Claim
1、 一种本地认证方法, 其特征在于, 在周期性本地认证过程中, 演进 基站将无线承载的分组数据汇聚协议计数器值传送给终端, 终端比较自己的 分组数据汇聚协议计数器值和接收到的所述分组数据汇聚协议计数器值, 如 果二者偏差超过设定的偏差范围, 则所述终端将该无线承载的分组数据汇聚 协议计数器值发送给演进基站。  A local authentication method, characterized in that, in a periodic local authentication process, an evolved base station transmits a packet data convergence protocol counter value of a radio bearer to a terminal, and the terminal compares its own packet data convergence protocol counter value with the received value. The packet data convergence protocol counter value, if the deviation between the two exceeds the set deviation range, the terminal sends the packet data convergence protocol counter value of the radio bearer to the evolved base station.
2、 如权利要求 1所述的方法,其特征在于, 所述二者偏差超过设定的 偏差范围是指, 二者差值的绝对值大于一偏差值。  2. The method according to claim 1, wherein the deviation between the two exceeds the set deviation range means that the absolute value of the difference is greater than a deviation value.
3、 如权利要求 2所述的方法,其特征在于, 所述偏差值由所述演进基 站在传送所述分组数据汇聚协议计数器值时传送给终端, 或者通过终端专用 信令或者系统信息广播传送给终端, 或者固定配置。  3. The method according to claim 2, wherein the deviation value is transmitted to the terminal by the evolved base station when transmitting the packet data convergence protocol counter value, or transmitted by terminal dedicated signaling or system information broadcast. Give the terminal, or a fixed configuration.
4、 如权利要求 2所述的方法,其特征在于,所述偏差值为 2的 n次方, n的值为 0至 15中任一整数值。  4. The method of claim 2, wherein the offset value is 2 to the power of n, and the value of n is any integer value from 0 to 15.
5、 如权利要求 1所述的方法,其特征在于, 所述演进基站将无线承载 的分组数据汇聚协议计数器值发送给终端是指, 将无线承载的分组数据汇聚 协议计数器值的全部比特或者最低有效位部分发送给终端, 所述终端进行比 较时, 相应的使用自己的分组数据汇聚协议计数器值的全部比特或者最低有 效位部分进行比较。  The method according to claim 1, wherein the transmitting, by the evolved base station, the packet data convergence protocol counter value of the radio bearer to the terminal refers to all bits or lowest of the packet data convergence protocol counter value of the radio bearer. The valid bit portion is sent to the terminal, and when the terminal compares, the corresponding bit or the least significant bit portion of the own packet data convergence protocol counter value is used for comparison.
6、 如权利要求 5所述的方法,其特征在于, 所述最低有效位部分的位 数为 1到 32中任一整数值。  The method according to claim 5, wherein the least significant bit portion has a bit number of any one of 1 to 32.
7、 如权利要求 1或 2或 5所述的方法, 其特征在于, 所述分组数据汇 聚协议计数器值包含上行分组数据汇聚协议计数器值,所述终端进行比较时, 如果终端自己的上行分组数据汇聚协议计数器值小于接收到的上行分组数据 汇聚协议计数器值, 则所述终端将该无线承载的分组数据汇聚协议计数器值 发送给演进基站。  The method according to claim 1 or 2 or 5, wherein the packet data convergence protocol counter value comprises an uplink packet data convergence protocol counter value, and if the terminal compares, if the terminal owns uplink packet data The convergence protocol counter value is smaller than the received uplink packet data convergence protocol counter value, and the terminal sends the packet data convergence protocol counter value of the radio bearer to the evolved base station.
8、 如权利要求 2所述的方法, 其特征在于, 所述演进基站将无线承 载的分组数据汇聚协议计数器值发送给终端是指, 将无线承载的分组数据汇 聚协议计数器值的最高有效位部分发送给终端, 所述终端进行比较时, 相应 的使用自己的分组数据汇聚协议计数器值的最高有效位部分进行比较, 所述 偏差值为 1。 The method according to claim 2, wherein the transmitting, by the evolved base station, the value of the packet data convergence protocol counter of the radio bearer to the terminal means that the packet data of the radio bearer is aggregated to the most significant part of the protocol counter value. Sended to the terminal, when the terminal compares, corresponding The comparison is performed using the most significant bit portion of its own packet data convergence protocol counter value, which is one.
9、 如权利要求 1或 2或 5任一所述的方法, 其特征在于, 所述无线承 载为所有激活的无线承载。  9. The method of any of claims 1 or 2 or 5 wherein the wireless bearer is all active radio bearers.
10、 如权利要求 1或 2所述的方法,其特征在于,在周期性本地认证过 程中, 所述演进基站只将触发所述周期性本地认证过程的无线承载的上行或 下行分组数据汇聚协议计数器值的高有效位部分传送给终端, 所述偏差范围 为 0。  The method according to claim 1 or 2, wherein in the periodic local authentication process, the evolved base station only transmits an uplink or downlink packet data convergence protocol of the radio bearer that triggers the periodic local authentication process. The high significant bit portion of the counter value is transmitted to the terminal, the offset range being zero.
11、 如权利要求 1所述的方法,其特征在于,在周期性本地认证过程中 , 所述演进基站发送计数器检查消息给终端 , 通过所述计数器检查消息携带所 述分组数据汇聚协议计数器值; 所述终端比较时, 如果所述计数器检查消息 中携带的承载标识在终端本地未建立, 或者所述终端自己的无线承载的承载 标识不在所述计数器检查消息中, 则该无线承载为非同步的。  The method according to claim 1, wherein in the periodic local authentication process, the evolved base station sends a counter check message to the terminal, and the counter check message carries the packet data convergence protocol counter value; When the terminal compares, if the bearer identifier carried in the counter check message is not established locally, or the bearer identifier of the radio bearer of the terminal is not in the counter check message, the radio bearer is asynchronous. .
PCT/CN2009/070083 2009-01-08 2009-01-08 Local authentication method in mobile communication system WO2010078724A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2009/070083 WO2010078724A1 (en) 2009-01-08 2009-01-08 Local authentication method in mobile communication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2009/070083 WO2010078724A1 (en) 2009-01-08 2009-01-08 Local authentication method in mobile communication system

Publications (1)

Publication Number Publication Date
WO2010078724A1 true WO2010078724A1 (en) 2010-07-15

Family

ID=42316207

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/070083 WO2010078724A1 (en) 2009-01-08 2009-01-08 Local authentication method in mobile communication system

Country Status (1)

Country Link
WO (1) WO2010078724A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102572880A (en) * 2011-12-29 2012-07-11 中兴通讯股份有限公司 Counter check method, counter check device and counter check system
CN115297507A (en) * 2017-06-16 2022-11-04 三星电子株式会社 Method and apparatus for processing packet in next generation mobile communication system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1941990A (en) * 2005-09-30 2007-04-04 北京三星通信技术研究有限公司 Method for verifying between user terminal apparatus and network in wireless telecommunication system
CN101039314A (en) * 2006-03-16 2007-09-19 华为技术有限公司 Method for realizing safety warranty in evolution accessing network
WO2008005162A2 (en) * 2006-06-19 2008-01-10 Interdigital Technology Corporation Method and apparatus for security protection of an original user identity in an initial signaling message

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1941990A (en) * 2005-09-30 2007-04-04 北京三星通信技术研究有限公司 Method for verifying between user terminal apparatus and network in wireless telecommunication system
CN101039314A (en) * 2006-03-16 2007-09-19 华为技术有限公司 Method for realizing safety warranty in evolution accessing network
WO2008005162A2 (en) * 2006-06-19 2008-01-10 Interdigital Technology Corporation Method and apparatus for security protection of an original user identity in an initial signaling message

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"Technical Specification Group Radio Access Network;Evolved Universal Terrestrial Radio Access (E-UTRA); Packet Data Convergence Protocol(PDCP) specification (release 8)", 3GPP TS 36.323 V8.2.1 3RD GENERATION PARTNERSHIP PROJECT, 31 May 2008 (2008-05-31) *
"Technical Specification Group Services and System Aspects;3GPP System Architecture Evolution (SAE):Security Architecture ; (release 8)", 3GPP TS 33.401 V8.2.0 3RD GENERATION PARTNERSHIP PROJECT, 31 December 2008 (2008-12-31) *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102572880A (en) * 2011-12-29 2012-07-11 中兴通讯股份有限公司 Counter check method, counter check device and counter check system
WO2013097422A1 (en) * 2011-12-29 2013-07-04 中兴通讯股份有限公司 Counter check method, device and system
CN102572880B (en) * 2011-12-29 2019-01-04 上海中兴软件有限责任公司 Serial number detection method, apparatus and system
CN115297507A (en) * 2017-06-16 2022-11-04 三星电子株式会社 Method and apparatus for processing packet in next generation mobile communication system
EP4210257A1 (en) * 2017-06-16 2023-07-12 Samsung Electronics Co., Ltd. Method and apparatus for processing packet in next-generation mobile communication system

Similar Documents

Publication Publication Date Title
CN110915249B (en) System and method for dynamic activation and deactivation of user plane integrity in a wireless network
JP5036868B2 (en) Security error detection method and apparatus in mobile communication system
US20160219458A1 (en) Methods and apparatus for radio link control switching
US8832449B2 (en) Security considerations for the LTE of UMTS
KR100865357B1 (en) Method and apparatus of modifying integrity protection configuration in a mobile user equipment of a wireless communications system
US8804742B2 (en) PDCP packet transmission method
US9113385B2 (en) Method and arrangements for reducing the number of failed handover procedures
EP2795819B1 (en) Systems and methods for improved recovery for the downlink
US9084125B2 (en) Method of performing polling procedure in a wireless communication system
US20150280905A1 (en) Method and apparatus for detecting and correcting pdcp hyper frame number (hfn) desynchronization
US20160352469A1 (en) Communication methods performed by secondary base station and master base station and associated base stations
JP5056944B2 (en) Confidential processing device, confidential processing method, and confidential processing program
EP3065456A1 (en) User equipment and method
AU2018254323B2 (en) Radio link recovery for user equipment
WO2007104259A1 (en) method for implementing secure assurance in an Enhanced Access Network and the system thereof
CN104684030B (en) The method that security parameter synchronizes is realized in a kind of group system
KR20190018706A (en) Securing Ciphering and Integrity Protection
EP3354110B1 (en) Network node and method for avoiding drop of a connection due to rtp timeout
WO2010078724A1 (en) Local authentication method in mobile communication system
US10064237B2 (en) Communication apparatus, and layer 2 state control method
WO2007078169A1 (en) Apparatus and method for transmitting/receiving arq packet in mobile communication system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09837282

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09837282

Country of ref document: EP

Kind code of ref document: A1