[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2016101617A1 - Security information processing method in switching procedure, access gateway, and base station - Google Patents

Security information processing method in switching procedure, access gateway, and base station Download PDF

Info

Publication number
WO2016101617A1
WO2016101617A1 PCT/CN2015/085363 CN2015085363W WO2016101617A1 WO 2016101617 A1 WO2016101617 A1 WO 2016101617A1 CN 2015085363 W CN2015085363 W CN 2015085363W WO 2016101617 A1 WO2016101617 A1 WO 2016101617A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
response message
handover
path switch
base station
Prior art date
Application number
PCT/CN2015/085363
Other languages
French (fr)
Chinese (zh)
Inventor
高音
和峰
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016101617A1 publication Critical patent/WO2016101617A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
    • H04W36/0038Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • H04W12/42Security arrangements using identity modules using virtual identity modules

Definitions

  • the present invention relates to a handover technology, and in particular, to a method, a access gateway, and a base station for processing security information in a handover process under an access gateway.
  • LTE Long Term Evolution
  • LTE Advanced enhanced advanced long-term evolution
  • eNB evolved base station
  • RLC Radio Link Control
  • MAC Medium Access Control
  • PHY Physical layer
  • LPN Low-power node
  • a cell Small Cell
  • Pico eNB micro base station
  • hotspot enhancement As the number of LPN cells increases, the network deployment environment becomes more complicated. It also brought some problems. First, because the number of LPN cells is relatively large, when a UE or a terminal moves within the network, frequent inter-cell handovers may occur, resulting in frequent data service terminals and even dropped calls, which may also result in The user's data throughput and user experience are declining.
  • the terminal and the network may also cause a large amount of signaling impact, which may cause system resources to be congested or even paralyzed.
  • the LPN base stations are all connected to the core network (ie, the S1 interface), and the number of interfaces that the core network needs to process is increasing.
  • the core network needs to send data on all relevant interfaces, which also poses great challenges to the processing power of the core network. This situation will become more and more serious with the increase in the number of LPN cells deployed by operators and individuals in the future. Therefore, a solution is needed to alleviate or solve the above problems.
  • a mobility anchor acts as an interface proxy between the base station eNB and the mobility management entity (MME) of the core network, and shields the core network from the existence of the eNB, namely: From the perspective of the base station, the access gateway is equivalent to the MME; from the perspective of the MME, the access gateway is equivalent to the ordinary base station.
  • the MA acts as the gateway of the access network, and carries data transmission between the serving gateway (S-GW) and the base station. From the perspective of the base station, the MA is equivalent to the S-GW; from the perspective of the S-GW, the MA is equivalent to Ordinary base station.
  • the path switching request procedure may be terminated at the access gateway to reduce the handover signaling pair.
  • the core network carries the UE security text information ⁇ NCC, NH ⁇ to the target base station in the S1 handover request message, and the target base station calculates the current handover usage key according to the foregoing security information.
  • the path switch request response message carries the UE security text information ⁇ NCC, NH ⁇ for the next X2. Key generation for handover or internal handover of the base station.
  • the access gateway terminates the path switching request process in the X2 handover, how to handle the security information is a problem to be solved.
  • the embodiment of the present invention is to provide a method for processing security information in a handover procedure, an access gateway, and a base station, and at least implements a scheme for processing security information in a scenario of a path switching request in an X2 handover.
  • a method for processing security information in a handover process includes:
  • the first response message is sent;
  • the user equipment UE security text information or the setting cell is not sent in the first response message, so that the target base station of the opposite end ignores the UE security text information or delivers the reset UE security text information.
  • the first request message is a path switch request message
  • the first response message is a path switch request response message, and the UE security text information is not sent in the path switch request response message.
  • the first request message is a path switch request message
  • the first response message is a path switch request response message
  • the UE security text information is set to a specified value in the path switch request response message, where the specified value is used to cause the target base station of the opposite end to ignore the UE security text. information.
  • the first request message is a path switch request message
  • the first response message is a path switch request response message, and the indication message is newly added in the path switch request response message, and the UE security text information is arbitrarily written, and the indication cell is used to ignore the target base station of the opposite end.
  • the UE security text information is arbitrarily written.
  • the first request message is a bearer modification indication message
  • the first response message is a bearer modification confirmation message, and the bearer modification confirmation message does not include the self-attribute of the UE security text information, and the UE security text information is not sent in the bearer modification confirmation message;
  • the bearer modification confirmation message is a message in the existing handover or a new message.
  • the first request message is a path switch request message
  • the first response message is a path switch request response message
  • the reset UE security text information is encapsulated in the path switch request response message, where the reset UE security text information is used for next handover or internal base station Switched key generation.
  • a method for processing security information in a handover process includes:
  • the current handover is a handover between the base station and the base station, and the processing corresponding to the analysis result is performed.
  • the first request message is a path switch request message
  • the first response message is a path switch request response message
  • the path switch request response message is parsed to obtain that the UE security text information is not sent in the path switch request response message, and the current switch is determined to be the same
  • the handover of the gateway under the gateway and the processing corresponding to the parsing result are:
  • the current handover is a handover between the base station and the base station, and the current process is ended.
  • the first request message is a path switch request message
  • the first response message is a path switch request response message, and the path switch request response message is parsed, and the UE security text information is obtained in the path switch request response message. If the value is determined, the process of determining that the current handover is the same gateway cross-base station handover and executing the corresponding analysis result is:
  • the current handover is the handover of the base station under the same gateway, and the UE security text information is ignored according to the specified value, and the current process is ended.
  • the first request message is a path switch request message
  • the first response message is a path switch request response message
  • the path switch request response message is parsed to obtain that a new indication cell exists in the path switch request response message, and the current switch is determined to be the same gateway.
  • the process of switching across base stations and performing the corresponding parsing result is:
  • the first request message is a bearer modification indication message
  • the first response message is a bearer modification confirmation message, and the bearer modification confirmation message is parsed, so that the UE security text information is not sent in the bearer modification confirmation message, and the current handover is determined to be the same gateway downlink.
  • the handover of the base station and the processing corresponding to the parsing result are:
  • the current handover is a handover between the base station and the base station, and the current process is ended.
  • the first request message is a path switch request message
  • the first response message is a path switch request response message, and the path switch request response message is parsed, and the path switch request response message includes the key used for key generation for next handover or base station internal handover. If the UE security text information is reset, the process of determining that the current handover is the same gateway cross-base station handover and performing the corresponding analysis result is:
  • the current handover is the handover of the base station under the same gateway, and the reset UE security text information is used for key generation of the next handover or internal handover of the base station, and the current procedure is ended.
  • An access gateway according to an embodiment of the present invention, where the access gateway includes:
  • the first receiving unit is configured to receive the first request message, and determine, according to the result obtained by parsing the first request message, whether the current handover is a handover of the same gateway under the base station;
  • the determining and sending unit configured to determine that the current handover is the handover of the same gateway, the first response message, where the user equipment UE security text information is not sent or the set cell is set to be the peer end
  • the target base station ignores the UE security text information or delivers the reset UE security text information.
  • the first request message is a path switch request message
  • the determining and sending unit is further configured to: the first response message is a path switch request response message, and the UE security text information is not sent in the path switch request response message.
  • the first request message is a path switch request message
  • the determining and transmitting unit is further configured to: the first response message is a path switch request response message, and the path switch request response is sent after the UE security text information is set to a specified value in the path switch request response message.
  • the message, the specified value is used to cause the target base station of the opposite end to ignore the UE security text information.
  • the first request message is a path switch request message
  • the determining and transmitting unit is further configured to: the first response message is a path switch request response message, add an indication cell in the path switch request response message, and arbitrarily write the UE security text information, and then send the A path switch request response message, where the indication cell is used to cause the target base station of the opposite end to ignore the UE security text information.
  • the first request message is a bearer modification indication message
  • the determining and sending unit is further configured to: the first response message is a bearer modification confirmation message, and the bearer modification confirmation message does not include the self-attribute of the UE security text information, and is not included in the bearer modification confirmation message. Sending the UE security text information;
  • the bearer modification confirmation message is a message in the existing handover or a new message.
  • the first receiving unit, the determining and transmitting unit may use a central processing unit (CPU), a digital signal processor (DSP, Digital Singnal Processor) or a programmable logic array (FPGA) when performing processing.
  • CPU central processing unit
  • DSP digital signal processor
  • FPGA programmable logic array
  • Field-Programmable Gate Array implementation.
  • a first sending unit configured to send a first request message
  • the first request message is a path switch request message
  • the processing unit is further configured to: the first response message is a path switch request response message, and the path switch request response message is parsed, so that the UE security text information is not sent in the path switch request response message, and the current Switch to the switchover between the base stations and the base station to end the current process.
  • the first request message is a path switch request message
  • the processing unit is further configured to: the first response message is a path switch request response message, parse the path switch request response message, and obtain, in the path switch request response message, the UE security text information is a specified value, and determine Currently switching to the handover of the base station under the same gateway, The UE security text information is ignored according to the specified value, and the current flow is ended.
  • the first request message is a path switch request message
  • the processing unit is further configured to: the first response message is a path switch request response message, parse the path switch request response message, and obtain a new indication cell in the path switch request response message, and determine that the current switch is The handover between the same gateway and the base station ignores the UE security text information according to the newly added indicator cell, and ends the current process.
  • the first request message is a bearer modification indication message
  • the processing unit is further configured to: the first response message is a bearer modification confirmation message, and the bearer modification confirmation message is parsed, so that the UE security text information is not sent in the bearer modification confirmation message, and the current handover is determined to be the same
  • the handover between the gateways and the base station ends the current process.
  • the first response message is a path switch request response message, and the path switch request response message is parsed, and the path switch request response message includes the key used for key generation for next handover or base station internal handover.
  • the reset UE security text information determines that the current handover is the handover of the same gateway under the base station, and the reset UE security text information is used for the next handover or key handover of the base station internal handover, and the current flow is ended.
  • the first sending unit and the processing unit may use a central processing unit (CPU), a digital signal processor (DSP), or a programmable logic array (FPGA, Field-) when performing processing. Programmable Gate Array) implementation.
  • CPU central processing unit
  • DSP digital signal processor
  • FPGA programmable logic array
  • Field- Programmable Gate Array
  • the method for processing the security information in the handover process of the access gateway in the embodiment of the present invention includes: receiving the first request message, determining, according to the result obtained by parsing the first request message, whether the current handover is a handover of the same gateway under the base station; The first response message is sent when the current handover is the same as the cross-base station of the same gateway; the user equipment UE security text information is not sent in the first response message, or the set cell is configured to make the target base station of the opposite end ignore the UE security text. Information or delivery Reset UE security text information.
  • the user equipment UE security text information is not sent in the first response message or the setting cell is configured to cause the peer target base station to ignore the UE security text information, so that the path switching request procedure can be terminated at the access gateway to reduce the handover information.
  • the impact on the core network is achieved, and the security information processing in the scenario of the path switching request process in the X2 handover is terminated by the access gateway.
  • FIG. 1 is a schematic structural diagram of an access gateway system in the prior art
  • FIG. 2 is a schematic diagram of an implementation process of an embodiment of a method according to the present invention.
  • FIG. 4 is a schematic diagram of a security information processing flow of application scenario 2 in which an embodiment of the present invention is applied;
  • FIG. 5 is a schematic diagram of a security information processing flow of an application scenario 3 in which an embodiment of the present invention is applied;
  • FIG. 7 is a schematic diagram of a security information processing flow of an application scenario 5 in which an embodiment of the present invention is applied;
  • FIG. 8 is a schematic structural diagram of an embodiment of an access gateway according to the present invention.
  • a method for processing security information in a handover process of an access gateway specifically relates to an access gateway architecture and a function implementation method in a mobile communication system, which is a long-term evolution system in which an access network is introduced under an anchor point.
  • the processing scheme for switching security information in the process is a long-term evolution system in which an access network is introduced under an anchor point.
  • FIG. 2 A method for processing security information in a handover process of an access gateway in an embodiment of the present invention is as shown in FIG. 2, where the method includes:
  • Step 102 When it is determined that the current handover is a handover of the same gateway under the base station, the first response message is sent.
  • Step 103 The user equipment UE security text information or the setting cell is not sent in the first response message, so that the target base station of the opposite end ignores the UE security text information or delivers the reset UE security text information.
  • the first request message is a path switch request message; correspondingly, the first response message is a path switch request response message, and is not sent in the path switch request response message.
  • the UE security text information is not sent in the path switch request response message.
  • the first request message is a path switch request message; correspondingly, the first response message is a path switch request response message, and the path is set in the path switch request response message.
  • the UE security text information is a specified value, and the specified value is used to cause the target base station of the opposite end to ignore the UE security text information.
  • the first request message is a path switch request message; correspondingly, the first response message is a path switch request response message, and an indication cell is added in the path switch request response message.
  • the indication information element is used to cause the target base station of the opposite end to ignore the UE security text information.
  • the first request message is a bearer modification indication message; correspondingly, the first response message is a bearer modification acknowledgement message, and the bearer modification acknowledgement message does not include the UE security.
  • the UE security text information is not sent in the bearer modification confirmation message; the bearer modification confirmation message is an existing handover message or a new message.
  • the first request message is a path switch request message; correspondingly, the first response message is a path switch request response message, and the path is encapsulated in the path switch request response message.
  • the reset UE security text information is used for key handover of the next handover or base station internal handover.
  • a method for processing security information in a handover process of an access gateway includes:
  • Step 201 Send a first request message.
  • Step 202 Receive a first response message, parse the first response message, and obtain a cell that does not include the user equipment UE security text information or parsing the first response message to ignore the UE security text information or parse the re Set the UE security text information.
  • Step 203 Determine that the current handover is a handover of the same gateway under the base station and perform processing corresponding to the analysis result.
  • the first request message is a path switch request message; correspondingly, the first response message is a path switch request response message, and the path switch request response message is parsed to obtain If the UE security text information is not sent in the path switch request response message, the process of determining that the current handover is the same gateway cross-base station handover and performing the analysis result is: determining that the current handover is the same gateway. Switching across base stations ends the current process.
  • the first request message is a path switch request message; correspondingly, the first response message is a path switch request response message, and the path switch request response message is parsed to obtain If the UE security text information in the path switch request response message is a specified value, the process of determining that the current handover is the same gateway cross-base station handover and executing the analysis result is: determining that the current handover is the same gateway. The handover of the base station is performed, and the UE security text information is ignored according to the specified value, and the current process is ended.
  • the first request message is a path switch request message; correspondingly, the first response message is a path switch request response message, and the path switch request response message is parsed to obtain If there is a new indication cell in the path switch request response message, the process of determining that the current handover is the same gateway cross-base station handover and performing the analysis result is: determining that the current handover is the same gateway downlink base station Switching according to the The new indicator cell ignores the UE security text information and ends the current process.
  • the first request message is a bearer modification indication message; correspondingly, the first response message is a bearer modification confirmation message, and the bearer modification confirmation message is parsed, and the bearer is obtained in the bearer. If the UE security text information is not sent in the modification confirmation message, the process of determining that the current handover is the same gateway cross-base station handover and performing the analysis result is: determining that the current handover is the same gateway cross-base station Switch to end the current process.
  • the first request message is a path switch request message; correspondingly, the first response message is a path switch request response message, and the path switch request response message is parsed to obtain the
  • the path switch request response message includes the reset UE security text information used for key generation of the next handover or the base station internal handover, and the determining that the current handover is the handover of the same gateway and the execution of the cross-base station
  • the processing corresponding to the analysis result is: determining that the current handover is the same gateway cross-base station handover, and the reset UE security text information is used for next handover or key handover of the base station internal handover, and the current procedure is ended.
  • the embodiment of the present invention interacts between the access gateway and the target base station, and is applicable to the cross-base station X2 handover of the UE under the same gateway, and at least the following five specific implementation schemes.
  • the target base station sends a path switch request message to the access gateway, and the access gateway determines that the current switch is the same gateway cross-base station X2 handover, and sets the UE security text information to a special value, such as NULL, in the path switch request response message.
  • a special value such as NULL
  • the target base station sends a path switch request message to the access gateway, and the access gateway determines that the current switch is the same gateway cross-base station X2 handover, then adds an indication cell in the path switch request response message, and arbitrarily fills in the UE security text information.
  • the target base station receives the path switch request response message sent by the access gateway, the UE secure text information is ignored according to the indication cell content.
  • the target base station determines that the current handover is the same gateway cross-base station X2 handover, and sends a bearer modification indication message to the access gateway, where the message includes the S1 interface connection identifier information, the Source MME UE S1AP ID, and/or the MME allocated to the UE.
  • S1 interface connection flag information assigned by the gateway to the UE, source MA UE S1AP ID.
  • the access gateway sends a bearer modification confirmation message, where the message includes the information of the service bearer that is successfully modified and the service bearer information that fails to be modified.
  • the bearer modification indication/confirmation message may use an existing S1AP message or a new message.
  • the target base station sends a path switch request message to the access gateway, and the access gateway determines that the current switch is the same gateway cross-base station X2 handover, and then resets the UE security text information in the path switch request response message, for example, calculates a new ⁇ NCC, NH ⁇ .
  • the target base station receives the path switch request response message sent by the access gateway, the target cell is parsed and used for key generation of the next X2 handover or base station internal handover.
  • the X2 handover procedure under the same access gateway can be terminated on the access gateway, and the impact on the core network due to frequent handover of the user equipment between the cells is avoided.
  • the processing of the security information of the handover process is realized, and the processing load of the core network is alleviated.
  • the architecture of the access gateway in the following application scenarios includes: the access gateway acts as an interface proxy between the base station and the core network, respectively connects the base station and the core network, and shields the impact of the access network on the core network; The screening is performed to ensure that the UE is used as an access anchor of the user equipment in the access network, as shown in FIG. 1 .
  • the access gateway is used as an access anchor of the user equipment in the access network. When the user equipment moves between cells served by the access gateway, the access gateway remains unchanged.
  • the X2 handover procedure may terminate at the access gateway, the source SeNB is an instance of the source base station, the target SeNB is an instance of the target base station, and the access anchor MA is connected. An instance of the gateway.
  • the specific implementation steps in the application scenario 1 include:
  • Step 301 After the X2 handover preparation, the air interface reconfiguration, and the ground data forwarding are completed, the target base station sends a path switch request message to the access gateway.
  • Step 302 The access gateway determines that the current handover is the same gateway, and the UE security text information is not sent in the path switch request response message sent by the target base station.
  • the specific implementation steps in the application scenario 2 include:
  • Step 401 After the X2 handover preparation, the air interface reconfiguration, and the ground data forwarding are completed, the target base station sends a path switch request message to the access gateway.
  • Step 402 The access gateway determines that the current handover is the same gateway cross-base station X2 handover, and sets the UE security text information to a special value, such as NULL, in the path switch request response message sent to the target base station.
  • a special value such as NULL
  • Step 403 When the target base station receives the path switch request response message sent by the access gateway, if the cell is determined to be a specified special value, it is determined that the current switch is the same gateway. Change, the cell information is ignored.
  • the specific implementation steps in the application scenario 3 include:
  • Step 501 After the X2 handover preparation, the air interface reconfiguration, and the ground data forwarding are completed, the target base station sends a path switch request message to the access gateway.
  • Step 502 The access gateway determines that the current handover is the same gateway cross-base station X2 handover, and adds a security information ignore indication cell in the path switch request response message, for example, the presence of the cell indicates that the UE security text information needs to be ignored, or The cell is set to TRUE, indicating that the UE security text information needs to be ignored; or the handover type indication cell is added, for example, indicating that the current handover is a handover under the same access gateway; and the UE security text information is arbitrarily filled.
  • a security information ignore indication cell in the path switch request response message, for example, the presence of the cell indicates that the UE security text information needs to be ignored, or The cell is set to TRUE, indicating that the UE security text information needs to be ignored; or the handover type indication cell is added, for example, indicating that the current handover is a handover under the same access gateway; and the UE security text information is arbitrarily filled.
  • Step 503 When the target base station receives the path switch request response message sent by the access gateway, the secure text information of the UE is ignored according to the newly added indication cell.
  • the specific implementation steps in the application scenario 4 include:
  • Step 601 After the X2 handover preparation, the air interface reconfiguration, and the ground data forwarding are completed, the target base station determines that the current handover is the same gateway cross-base station X2 handover, and sends a bearer modification indication message to the access gateway, where the message includes the MME to allocate to the UE.
  • Step 602 The access gateway sends a bearer modification confirmation message, where the message includes the information of the service bearer that is successfully modified and the service bearer information that fails to be modified. And the S1 interface connection flag information that is allocated by the MME to the UE, and/or the S1 interface connection flag information that the access gateway allocates to the UE. Does not contain UE security text information.
  • the bearer modification indication/confirmation message may use an existing S1AP message or a new message.
  • Step 701 After the X2 handover preparation, the air interface reconfiguration, and the ground data forwarding are completed, the target base station sends a path switch request message to the access gateway.
  • Step 702 The access gateway determines that the current handover is the same gateway cross-base station X2 handover, and then resets the UE security text information in the path switch request response message, for example, calculates a new ⁇ NCC, NH ⁇ .
  • the target base station receives the path switch request response message sent by the access gateway, the target cell is parsed and used for key generation of the next X2 handover or base station internal handover.
  • the access gateway of the embodiment of the present invention includes:
  • the first receiving unit 11 is configured to receive the first request message, and determine, according to the result obtained by parsing the first request message, whether the current handover is a handover of the same gateway under the base station;
  • the determining and transmitting unit 12 is configured to send a first response message when the current handover is the same as the handover of the same gateway, and the user response message is not sent in the first response message.
  • the target base station of the terminal ignores the UE security text information or delivers the reset UE security text information.
  • the first request message is a path switch request message
  • the determining and sending unit is further configured to: the first response message is a path switch request response message, and the UE security text information is not sent in the path switch request response message.
  • the first request message is a path switch request message
  • the determining and transmitting unit is further configured to: the first response message is a path switch request response message, and the path switch request response is sent after the UE security text information is set to a specified value in the path switch request response message.
  • the message, the specified value is used to cause the target base station of the opposite end to ignore the UE security text information.
  • the first request message is a path switch request message
  • the determining and transmitting unit is further configured to: the first response message is a path switching request In response to the message, the indication cell is newly added in the path switch request response message, and the path switch request response message is sent after the security text information is arbitrarily written, and the indication cell is used to make the target base station of the opposite end ignore the The UE security text information.
  • the first request message is a bearer modification indication message
  • the determining and sending unit is further configured to: the first response message is a bearer modification confirmation message, and the bearer modification confirmation message does not include the self-attribute of the UE security text information, and is not included in the bearer modification confirmation message. Sending the UE security text information;
  • the bearer modification confirmation message is a message in the existing handover or a new message.
  • the first request message is a path switch request message
  • the determining and sending unit is further configured to: the first response message is a path switch request response message, and the path switch request response is sent after the reset UE security text information is encapsulated in the path switch request response message The message, the reset UE security text information is used for key generation of the next handover or internal handover of the base station.
  • the base station is a target base station, and includes:
  • a first sending unit configured to send a first request message
  • the processing unit is configured to receive the first response message, parse the first response message, and obtain a cell that does not include the user equipment UE security text information or parse the first response message to ignore the UE security text information.
  • the analysis result or the reconfigured UE security text information is analyzed, and it is determined that the current handover is the handover of the same gateway under the base station and the processing corresponding to the analysis result is executed.
  • the first request message is a path switch request message
  • the processing unit is further configured to: the first response message is a path switch request response message, and the path switch request response message is parsed, so that the UE security text information is not sent in the path switch request response message, and the current Switch to the switchover between the base stations and the base station to end the current process.
  • the first request message is a path switch request message
  • the processing unit is further configured to: the first response message is a path switch request response message, parse the path switch request response message, and obtain, in the path switch request response message, the UE security text information is a specified value, and determine Currently, switching to the handover of the base station under the same gateway, omitting the UE security text information according to the specified value, and ending the current process.
  • the first request message is a path switch request message
  • the processing unit is further configured to: the first response message is a path switch request response message, parse the path switch request response message, and obtain a new indication cell in the path switch request response message, and determine that the current switch is The handover between the same gateway and the base station ignores the UE security text information according to the newly added indicator cell, and ends the current process.
  • the first request message is a bearer modification indication message
  • the processing unit is further configured to: the first response message is a bearer modification confirmation message, and the bearer modification confirmation message is parsed, so that the UE security text information is not sent in the bearer modification confirmation message, and the current handover is determined to be the same
  • the handover between the gateways and the base station ends the current process.
  • the first request message is a path switch request message
  • the first response message is a path switch request response message, and the path switch request response message is parsed, and the path switch request response message includes the key used for key generation for next handover or base station internal handover.
  • the reset UE security text information determines that the current handover is the handover of the same gateway under the base station, and the reset UE security text information is used for the next handover or key handover of the base station internal handover, and the current flow is ended.
  • Mobility anchor A Mobility anchor A;
  • Mobility anchor B Mobility anchor B
  • Macro eNB Enhanced Macro Base Station
  • MME mobile management entity
  • S-GW Service Gateway
  • SeNB1 a base station 1 under the mobility anchor
  • SeNB2 a base station 2 under the mobility anchor point
  • SeNB3 a base station 3 under the mobility anchor
  • UE User equipment.
  • the integrated modules described in the embodiments of the present invention may also be stored in a computer readable storage medium if they are implemented in the form of software functional modules and sold or used as separate products. Based on such understanding, the technical solution of the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product stored in a storage medium, including a plurality of instructions.
  • a computer device (which may be a personal computer, server, or network device, etc.) is caused to perform all or part of the methods described in various embodiments of the present invention.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .
  • embodiments of the invention are not limited to any specific combination of hardware and software.
  • the embodiment of the present invention further provides a computer storage medium, wherein the computer program is used to execute a method for processing security information in a handover process under the access gateway according to the embodiment of the present invention.
  • the method for processing the security information in the handover process of the access gateway in the embodiment of the present invention includes: receiving the first request message, determining, according to the result obtained by parsing the first request message, whether the current handover is a handover of the same gateway under the base station; The first response message is sent when the current handover to the handover of the same gateway is performed, and the user equipment UE security text is not sent in the first response message.
  • the information or setting cell is such that the target base station of the opposite end ignores the UE security text information or delivers the reset UE security text information.
  • the user equipment UE security text information is not sent in the first response message or the setting cell is configured to cause the peer target base station to ignore the UE security text information, so that the path switching request procedure can be terminated at the access gateway to reduce the handover information.
  • the impact on the core network is achieved, and the security information processing in the scenario of the path switching request process in the X2 handover is terminated by the access gateway.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Disclosed are a security information processing method in a switching procedure, an access gateway, and a base station. The method comprises: receiving a first request message, and determining, according to a result obtained by parsing the first request message, whether current switching is cross-base station switching in a same gateway; and when it is determined that the current switching is cross-base station switching in a same gateway, sending a first response message, in the first response message, security text information of user equipment (UE) is not delivered or an information element being set, so as to enable a target base station at a peer end to ignore the security text information of the UE or deliver reset security text information of the UE.

Description

一种切换流程中安全信息的处理方法、接入网关及基站Method for processing safety information in switching process, access gateway and base station 技术领域Technical field
本发明涉及切换技术,尤其涉及一种接入网关下切换流程中安全信息的处理方法、接入网关及基站。The present invention relates to a handover technology, and in particular, to a method, a access gateway, and a base station for processing security information in a handover process under an access gateway.
背景技术Background technique
本申请发明人在实现本申请实施例技术方案的过程中,至少发现相关技术中存在如下技术问题:In the process of implementing the technical solutions of the embodiments of the present application, at least the following technical problems exist in the related technologies:
随着无线通信技术和标准的不断演进,移动分组业务得到了巨大的发展,单终端的数据吞吐能力不断在提升。以长期演进(LTE,Long Term Evolution)系统为例,在20M带宽内可以支持下行最大速率100Mbps的数据传输,后续的增强的高级长期演进(LTE,LTE Advanced)网络中,数据的传输速率将进一步提升,甚至可以达到1Gbps。With the continuous evolution of wireless communication technologies and standards, mobile packet services have been greatly developed, and the data throughput capability of single terminals is constantly improving. Taking the Long Term Evolution (LTE) system as an example, data transmission with a maximum downlink rate of 100 Mbps can be supported in a 20 M bandwidth. In subsequent enhanced advanced long-term evolution (LTE, LTE Advanced) networks, the data transmission rate will be further advanced. Upgrade, even up to 1Gbps.
根据现有LTE的用户面数据协议栈设计可知:演进基站(eNB,Evolved Node B)从核心网经用户层面GPRS隧道协议(GTP-U,GPRS Tunnelling Protocol for the User Plane)收到的下行数据,经解包后通过分组数据汇聚协议(PDCP,Packet Data Convergence Protocol)子层、无线链路控制(RLC,Radio Link Control)协议子层、媒体接入控制(MAC,Medium Access Control)协议子层和物理层(PHY)处理发送给用户设备(UE,User Equipment);上行数据的处理过程与下行数据处理相同,只是发送方向相反。According to the design of the user plane data protocol stack of the existing LTE, the downlink data received by the evolved base station (eNB, Evolved Node B) from the core network via the GPRS Tunneling Protocol for the User Plane (GTP-U), After unpacking, the Packet Data Convergence Protocol (PDCP) sublayer, the Radio Link Control (RLC) protocol sublayer, and the Medium Access Control (MAC) sublayer and The physical layer (PHY) process is sent to the user equipment (UE, User Equipment); the processing of the uplink data is the same as the downlink data processing, except that the transmission direction is reversed.
为了满足数据业务量的增长需求,以及业务在地域上不平均的特点,运营商在部署新一代通信网络,比如LTE的过程中,也在增加低功率节点(LPN,Low Power Node)或称小小区(Small Cell)或微基站(Pico eNB)来进行热点增强。随着LPN小区的增加,网络部署环境变得更加复杂,同 时也带来了一些问题。首先,由于LPN小区数量比较多,因此UE或称终端在网络内发生移动时,会导致频繁的小区间切换(Handover),从而导致频繁的数据业务终端甚至是掉话等问题,这也会导致用户的数据吞吐量和用户体验的下降。同时这种频繁的切换也会导致终端与网络,尤其是核心网会收到大量的信令冲击,从而可能导致系统资源拥塞甚至瘫痪。另外,LPN基站都同核心网保持连接(即S1接口),核心网需要处理的接口数量越来越多。在某些场景下,比如寻呼(Paging)或其他广播业务场景下,核心网需要在所有相关接口上做数据发送,这也给核心网的处理能力带来了极大挑战。随着将来运营商以及个人部署的LPN小区数量的增加,上述情况会愈来愈严重。因此需要一种解决方案,能缓解或解决上述问题。其中一种接入锚点架构方案,可以有效解决上述问题。如图2所示,在控制面,移动性锚点(MA,Mobility anchor)作为基站eNB与核心网的移动性管理实体(MME)的接口代理,对核心网屏蔽下辖eNB的存在,即:从基站的角度看,接入网关等同于MME;从MME角度看,接入网关等同于普通基站。在用户面,MA作为接入网的网关,承载服务网关(S-GW)与基站间的数据传递,从基站的角度看,MA等同于S-GW;从S-GW角度看,MA等同于普通基站。In order to meet the growing demand for data traffic and the geographically uneven nature of services, operators are also adding low-power nodes (LPN, Low Power Node) or small in the process of deploying next-generation communication networks, such as LTE. A cell (Small Cell) or a micro base station (Pico eNB) is used for hotspot enhancement. As the number of LPN cells increases, the network deployment environment becomes more complicated. It also brought some problems. First, because the number of LPN cells is relatively large, when a UE or a terminal moves within the network, frequent inter-cell handovers may occur, resulting in frequent data service terminals and even dropped calls, which may also result in The user's data throughput and user experience are declining. At the same time, such frequent handovers may also cause the terminal and the network, especially the core network, to receive a large amount of signaling impact, which may cause system resources to be congested or even paralyzed. In addition, the LPN base stations are all connected to the core network (ie, the S1 interface), and the number of interfaces that the core network needs to process is increasing. In some scenarios, such as paging (Paging) or other broadcast services, the core network needs to send data on all relevant interfaces, which also poses great challenges to the processing power of the core network. This situation will become more and more serious with the increase in the number of LPN cells deployed by operators and individuals in the future. Therefore, a solution is needed to alleviate or solve the above problems. One of the access anchor architecture schemes can effectively solve the above problems. As shown in FIG. 2, on the control plane, a mobility anchor (MA) acts as an interface proxy between the base station eNB and the mobility management entity (MME) of the core network, and shields the core network from the existence of the eNB, namely: From the perspective of the base station, the access gateway is equivalent to the MME; from the perspective of the MME, the access gateway is equivalent to the ordinary base station. On the user side, the MA acts as the gateway of the access network, and carries data transmission between the serving gateway (S-GW) and the base station. From the perspective of the base station, the MA is equivalent to the S-GW; from the perspective of the S-GW, the MA is equivalent to Ordinary base station.
在引入接入锚点(或者我们称为接入网关)后,UE在同一个接入网关下的进行X2切换的时候,路径切换请求流程可以终止在接入网关,用以减少切换信令对核心网的冲击。然而,在现有切换流程中,而在X2切换或者基站内部切换的时候,源侧会将当前密钥KeNB和NCC信息发送给目标侧,目标侧根据上述安全信息计算当前切换使用密钥。在S1切换流程中,则核心网在S1切换请求消息中携带UE安全文本信息{NCC,NH}给目标基站,目标基站根据上述安全信息计算当前切换使用密钥。在X2切换流程中,路径切换请求响应消息中会携带UE安全文本信息{NCC,NH},用于下次X2 切换或者基站内部切换的密钥生成。当接入网关终止X2切换中路径切换请求流程的场景下,如何处理安全信息是需要解决的问题。After the access anchor (or the access gateway) is introduced, when the UE performs the X2 handover under the same access gateway, the path switching request procedure may be terminated at the access gateway to reduce the handover signaling pair. The impact of the core network. However, in the existing handover procedure, when the X2 handover or the intra-base station handover, the source side sends the current key KeNB and NCC information to the target side, and the target side calculates the current handover usage key according to the security information. In the S1 handover process, the core network carries the UE security text information {NCC, NH} to the target base station in the S1 handover request message, and the target base station calculates the current handover usage key according to the foregoing security information. In the X2 handover process, the path switch request response message carries the UE security text information {NCC, NH} for the next X2. Key generation for handover or internal handover of the base station. When the access gateway terminates the path switching request process in the X2 handover, how to handle the security information is a problem to be solved.
发明内容Summary of the invention
有鉴于此,本发明实施例希望提供一种切换流程中安全信息的处理方法、接入网关及基站,至少实现了接入网关终止X2切换中路径切换请求流程场景下处理安全信息的方案。In view of this, the embodiment of the present invention is to provide a method for processing security information in a handover procedure, an access gateway, and a base station, and at least implements a scheme for processing security information in a scenario of a path switching request in an X2 handover.
本发明实施例的技术方案是这样实现的:The technical solution of the embodiment of the present invention is implemented as follows:
本发明实施例的一种切换流程中安全信息的处理方法,所述方法包括:A method for processing security information in a handover process according to an embodiment of the present invention, where the method includes:
接收第一请求消息,根据解析所述第一请求消息得到的结果判断当前切换是否为同一网关下跨基站的切换;Receiving a first request message, and determining, according to a result obtained by parsing the first request message, whether the current handover is a handover of a base station under the same gateway;
判断出当前切换为同一网关下跨基站的切换时,发送第一响应消息;When it is determined that the current handover is a handover between the same gateway and the base station, the first response message is sent;
所述第一响应消息中不下发用户设备UE安全文本信息或设置信元为使对端的目标基站忽略所述UE安全文本信息或下发重新设置的UE安全文本信息。The user equipment UE security text information or the setting cell is not sent in the first response message, so that the target base station of the opposite end ignores the UE security text information or delivers the reset UE security text information.
上述方案中,所述第一请求消息为路径切换请求消息;In the above solution, the first request message is a path switch request message;
所述第一响应消息为路径切换请求响应消息,在所述路径切换请求响应消息中不下发所述UE安全文本信息。The first response message is a path switch request response message, and the UE security text information is not sent in the path switch request response message.
上述方案中,所述第一请求消息为路径切换请求消息;In the above solution, the first request message is a path switch request message;
所述第一响应消息为路径切换请求响应消息,在所述路径切换请求响应消息中设置所述UE安全文本信息为指定值,所述指定值用于使对端的目标基站忽略所述UE安全文本信息。The first response message is a path switch request response message, and the UE security text information is set to a specified value in the path switch request response message, where the specified value is used to cause the target base station of the opposite end to ignore the UE security text. information.
上述方案中,所述第一请求消息为路径切换请求消息;In the above solution, the first request message is a path switch request message;
所述第一响应消息为路径切换请求响应消息,在路径切换请求响应消息中新增指示信元,并任意写入所述UE安全文本信息,所述指示信元用于使对端的目标基站忽略所述UE安全文本信息。 The first response message is a path switch request response message, and the indication message is newly added in the path switch request response message, and the UE security text information is arbitrarily written, and the indication cell is used to ignore the target base station of the opposite end. The UE security text information.
上述方案中,所述第一请求消息为承载修改指示消息;In the above solution, the first request message is a bearer modification indication message;
所述第一响应消息为承载修改确认消息,利用所述承载修改确认消息不包含所述UE安全文本信息的自身属性,在所述承载修改确认消息中不下发所述UE安全文本信息;The first response message is a bearer modification confirmation message, and the bearer modification confirmation message does not include the self-attribute of the UE security text information, and the UE security text information is not sent in the bearer modification confirmation message;
所述承载修改确认消息为现有切换中的消息或新增消息。The bearer modification confirmation message is a message in the existing handover or a new message.
上述方案中,所述第一请求消息为路径切换请求消息;In the above solution, the first request message is a path switch request message;
所述第一响应消息为路径切换请求响应消息,在所述路径切换请求响应消息中封装所述重新设置的UE安全文本信息,所述重新设置的UE安全文本信息用于下次切换或者基站内部切换的密钥生成。The first response message is a path switch request response message, and the reset UE security text information is encapsulated in the path switch request response message, where the reset UE security text information is used for next handover or internal base station Switched key generation.
本发明实施例的一种切换流程中安全信息的处理方法,所述方法包括:A method for processing security information in a handover process according to an embodiment of the present invention, where the method includes:
发送第一请求消息;Sending a first request message;
接收第一响应消息,解析所述第一响应消息,得到所述第一响应消息中不包含用户设备UE安全文本信息或解析设置的信元以忽略所述UE安全文本信息或解析重新设置的UE安全文本信息;Receiving the first response message, parsing the first response message, and obtaining a UE that does not include the user equipment UE security text information or parsing the set in the first response message to ignore the UE security text information or parse the reset UE Secure text information;
判断出当前切换为同一网关下跨基站的切换并执行对应所述解析结果的处理。It is determined that the current handover is a handover between the base station and the base station, and the processing corresponding to the analysis result is performed.
上述方案中,所述第一请求消息为路径切换请求消息;In the above solution, the first request message is a path switch request message;
所述第一响应消息为路径切换请求响应消息,解析所述路径切换请求响应消息,得到在所述路径切换请求响应消息中不下发所述UE安全文本信息,则所述判断出当前切换为同一网关下跨基站的切换并执行对应所述解析结果的处理为:The first response message is a path switch request response message, and the path switch request response message is parsed to obtain that the UE security text information is not sent in the path switch request response message, and the current switch is determined to be the same The handover of the gateway under the gateway and the processing corresponding to the parsing result are:
判断出当前切换为同一网关下跨基站的切换,结束当前流程。It is determined that the current handover is a handover between the base station and the base station, and the current process is ended.
上述方案中,所述第一请求消息为路径切换请求消息;In the above solution, the first request message is a path switch request message;
所述第一响应消息为路径切换请求响应消息,解析所述路径切换请求响应消息,得到在所述路径切换请求响应消息中所述UE安全文本信息为指 定值,则所述判断出当前切换为同一网关下跨基站的切换并执行对应所述解析结果的处理为:The first response message is a path switch request response message, and the path switch request response message is parsed, and the UE security text information is obtained in the path switch request response message. If the value is determined, the process of determining that the current handover is the same gateway cross-base station handover and executing the corresponding analysis result is:
判断出当前切换为同一网关下跨基站的切换,根据所述指定值忽略所述UE安全文本信息,结束当前流程。It is determined that the current handover is the handover of the base station under the same gateway, and the UE security text information is ignored according to the specified value, and the current process is ended.
上述方案中,所述第一请求消息为路径切换请求消息;In the above solution, the first request message is a path switch request message;
所述第一响应消息为路径切换请求响应消息,解析所述路径切换请求响应消息,得到在所述路径切换请求响应消息中存在新增指示信元,则所述判断出当前切换为同一网关下跨基站的切换并执行对应所述解析结果的处理为:The first response message is a path switch request response message, and the path switch request response message is parsed to obtain that a new indication cell exists in the path switch request response message, and the current switch is determined to be the same gateway. The process of switching across base stations and performing the corresponding parsing result is:
判断出当前切换为同一网关下跨基站的切换,根据所述新增指示信元忽略所述UE安全文本信息,结束当前流程。Determining that the current handover is a handover of the same gateway under the same base station, and omitting the UE security text information according to the newly added indication cell, and ending the current process.
上述方案中,所述第一请求消息为承载修改指示消息;In the above solution, the first request message is a bearer modification indication message;
所述第一响应消息为承载修改确认消息,解析所述承载修改确认消息,得到在所述承载修改确认消息中不下发所述UE安全文本信息,则所述判断出当前切换为同一网关下跨基站的切换并执行对应所述解析结果的处理为:The first response message is a bearer modification confirmation message, and the bearer modification confirmation message is parsed, so that the UE security text information is not sent in the bearer modification confirmation message, and the current handover is determined to be the same gateway downlink. The handover of the base station and the processing corresponding to the parsing result are:
判断出当前切换为同一网关下跨基站的切换,结束当前流程。It is determined that the current handover is a handover between the base station and the base station, and the current process is ended.
上述方案中,所述第一请求消息为路径切换请求消息;In the above solution, the first request message is a path switch request message;
所述第一响应消息为路径切换请求响应消息,解析所述路径切换请求响应消息,得到所述路径切换请求响应消息中包含用于下次切换或者基站内部切换的密钥生成所采用的所述重新设置的UE安全文本信息,则所述判断出当前切换为同一网关下跨基站的切换并执行对应所述解析结果的处理为:The first response message is a path switch request response message, and the path switch request response message is parsed, and the path switch request response message includes the key used for key generation for next handover or base station internal handover. If the UE security text information is reset, the process of determining that the current handover is the same gateway cross-base station handover and performing the corresponding analysis result is:
判断出当前切换为同一网关下跨基站的切换,将所述重新设置的UE安全文本信息用于下次切换或者基站内部切换的密钥生成,结束当前流程。 It is determined that the current handover is the handover of the base station under the same gateway, and the reset UE security text information is used for key generation of the next handover or internal handover of the base station, and the current procedure is ended.
本发明实施例的一种接入网关,所述接入网关包括:An access gateway according to an embodiment of the present invention, where the access gateway includes:
第一接收单元,配置为接收第一请求消息,根据解析所述第一请求消息得到的结果判断当前切换是否为同一网关下跨基站的切换;The first receiving unit is configured to receive the first request message, and determine, according to the result obtained by parsing the first request message, whether the current handover is a handover of the same gateway under the base station;
判断及发送单元,配置为判断出当前切换为同一网关下跨基站的切换时,发送第一响应消息,所述第一响应消息中不下发用户设备UE安全文本信息或设置信元为使对端的目标基站忽略所述UE安全文本信息或下发重新设置的UE安全文本信息。The determining and sending unit, configured to determine that the current handover is the handover of the same gateway, the first response message, where the user equipment UE security text information is not sent or the set cell is set to be the peer end The target base station ignores the UE security text information or delivers the reset UE security text information.
上述方案中,所述第一请求消息为路径切换请求消息;In the above solution, the first request message is a path switch request message;
所述判断及发送单元,还配置为所述第一响应消息为路径切换请求响应消息,在所述路径切换请求响应消息中不下发所述UE安全文本信息。The determining and sending unit is further configured to: the first response message is a path switch request response message, and the UE security text information is not sent in the path switch request response message.
上述方案中,所述第一请求消息为路径切换请求消息;In the above solution, the first request message is a path switch request message;
所述判断及发送单元,还配置为所述第一响应消息为路径切换请求响应消息,在所述路径切换请求响应消息中设置所述UE安全文本信息为指定值后发送所述路径切换请求响应消息,所述指定值用于使对端的目标基站忽略所述UE安全文本信息。The determining and transmitting unit is further configured to: the first response message is a path switch request response message, and the path switch request response is sent after the UE security text information is set to a specified value in the path switch request response message. The message, the specified value is used to cause the target base station of the opposite end to ignore the UE security text information.
上述方案中,所述第一请求消息为路径切换请求消息;In the above solution, the first request message is a path switch request message;
所述判断及发送单元,还配置为所述第一响应消息为路径切换请求响应消息,在路径切换请求响应消息中新增指示信元,并任意写入所述UE安全文本信息后发送所述路径切换请求响应消息,所述指示信元用于使对端的目标基站忽略所述UE安全文本信息。The determining and transmitting unit is further configured to: the first response message is a path switch request response message, add an indication cell in the path switch request response message, and arbitrarily write the UE security text information, and then send the A path switch request response message, where the indication cell is used to cause the target base station of the opposite end to ignore the UE security text information.
上述方案中,所述第一请求消息为承载修改指示消息;In the above solution, the first request message is a bearer modification indication message;
所述判断及发送单元,还配置为所述第一响应消息为承载修改确认消息,利用所述承载修改确认消息不包含所述UE安全文本信息的自身属性,在所述承载修改确认消息中不下发所述UE安全文本信息;The determining and sending unit is further configured to: the first response message is a bearer modification confirmation message, and the bearer modification confirmation message does not include the self-attribute of the UE security text information, and is not included in the bearer modification confirmation message. Sending the UE security text information;
所述承载修改确认消息为现有切换中的消息或新增消息。 The bearer modification confirmation message is a message in the existing handover or a new message.
上述方案中,所述第一请求消息为路径切换请求消息;In the above solution, the first request message is a path switch request message;
所述判断及发送单元,还配置为所述第一响应消息为路径切换请求响应消息,在所述路径切换请求响应消息中封装所述重新设置的UE安全文本信息后发送所述路径切换请求响应消息,所述重新设置的UE安全文本信息用于下次切换或者基站内部切换的密钥生成。The determining and sending unit is further configured to: the first response message is a path switch request response message, and the path switch request response is sent after the reset UE security text information is encapsulated in the path switch request response message The message, the reset UE security text information is used for key generation of the next handover or internal handover of the base station.
所述第一接收单元、所述判断及发送单元在执行处理时,可以采用中央处理器(CPU,Central Processing Unit)、数字信号处理器(DSP,Digital Singnal Processor)或可编程逻辑阵列(FPGA,Field-Programmable Gate Array)实现。The first receiving unit, the determining and transmitting unit may use a central processing unit (CPU), a digital signal processor (DSP, Digital Singnal Processor) or a programmable logic array (FPGA) when performing processing. Field-Programmable Gate Array) implementation.
本发明实施例的一种基站,所述基站为目标基站,包括:A base station, where the base station is a target base station, includes:
第一发送单元,配置为发送第一请求消息;a first sending unit, configured to send a first request message;
处理单元,配置为接收第一响应消息,解析所述第一响应消息,得到所述第一响应消息中不包含用户设备UE安全文本信息或解析设置的信元以忽略所述UE安全文本信息的解析结果或解析重新设置的UE安全文本信息,判断出当前切换为同一网关下跨基站的切换并执行对应所述解析结果的处理。The processing unit is configured to receive the first response message, parse the first response message, and obtain a cell that does not include the user equipment UE security text information or parse the first response message to ignore the UE security text information. The result of the analysis or the parsed UE security text information is parsed, and it is determined that the current handover is the handover of the same gateway under the base station and the processing corresponding to the analysis result is executed.
上述方案中,所述第一请求消息为路径切换请求消息;In the above solution, the first request message is a path switch request message;
处理单元,还配置为所述第一响应消息为路径切换请求响应消息,解析所述路径切换请求响应消息,得到在所述路径切换请求响应消息中不下发所述UE安全文本信息,判断出当前切换为同一网关下跨基站的切换,结束当前流程。The processing unit is further configured to: the first response message is a path switch request response message, and the path switch request response message is parsed, so that the UE security text information is not sent in the path switch request response message, and the current Switch to the switchover between the base stations and the base station to end the current process.
上述方案中,所述第一请求消息为路径切换请求消息;In the above solution, the first request message is a path switch request message;
处理单元,还配置为所述第一响应消息为路径切换请求响应消息,解析所述路径切换请求响应消息,得到在所述路径切换请求响应消息中所述UE安全文本信息为指定值,判断出当前切换为同一网关下跨基站的切换, 根据所述指定值忽略所述UE安全文本信息,结束当前流程。The processing unit is further configured to: the first response message is a path switch request response message, parse the path switch request response message, and obtain, in the path switch request response message, the UE security text information is a specified value, and determine Currently switching to the handover of the base station under the same gateway, The UE security text information is ignored according to the specified value, and the current flow is ended.
上述方案中,所述第一请求消息为路径切换请求消息;In the above solution, the first request message is a path switch request message;
处理单元,还配置为所述第一响应消息为路径切换请求响应消息,解析所述路径切换请求响应消息,得到在所述路径切换请求响应消息中存在新增指示信元,判断出当前切换为同一网关下跨基站的切换,根据所述新增指示信元忽略所述UE安全文本信息,结束当前流程。The processing unit is further configured to: the first response message is a path switch request response message, parse the path switch request response message, and obtain a new indication cell in the path switch request response message, and determine that the current switch is The handover between the same gateway and the base station ignores the UE security text information according to the newly added indicator cell, and ends the current process.
上述方案中,所述第一请求消息为承载修改指示消息;In the above solution, the first request message is a bearer modification indication message;
处理单元,还配置为所述第一响应消息为承载修改确认消息,解析所述承载修改确认消息,得到在所述承载修改确认消息中不下发所述UE安全文本信息,判断出当前切换为同一网关下跨基站的切换,结束当前流程。The processing unit is further configured to: the first response message is a bearer modification confirmation message, and the bearer modification confirmation message is parsed, so that the UE security text information is not sent in the bearer modification confirmation message, and the current handover is determined to be the same The handover between the gateways and the base station ends the current process.
上述方案中,所述第一请求消息为路径切换请求消息;In the above solution, the first request message is a path switch request message;
所述第一响应消息为路径切换请求响应消息,解析所述路径切换请求响应消息,得到所述路径切换请求响应消息中包含用于下次切换或者基站内部切换的密钥生成所采用的所述重新设置的UE安全文本信息,判断出当前切换为同一网关下跨基站的切换,将所述重新设置的UE安全文本信息用于下次切换或者基站内部切换的密钥生成,结束当前流程。The first response message is a path switch request response message, and the path switch request response message is parsed, and the path switch request response message includes the key used for key generation for next handover or base station internal handover. The reset UE security text information determines that the current handover is the handover of the same gateway under the base station, and the reset UE security text information is used for the next handover or key handover of the base station internal handover, and the current flow is ended.
所述第一发送单元、所述处理单元在执行处理时,可以采用中央处理器(CPU,Central Processing Unit)、数字信号处理器(DSP,Digital Singnal Processor)或可编程逻辑阵列(FPGA,Field-Programmable Gate Array)实现。The first sending unit and the processing unit may use a central processing unit (CPU), a digital signal processor (DSP), or a programmable logic array (FPGA, Field-) when performing processing. Programmable Gate Array) implementation.
本发明实施例的接入网关下切换流程中安全信息的处理方法包括:接收第一请求消息,根据解析所述第一请求消息得到的结果判断当前切换是否为同一网关下跨基站的切换;判断出当前切换为同一网关下跨基站的切换时,发送第一响应消息;所述第一响应消息中不下发用户设备UE安全文本信息或设置信元为使对端的目标基站忽略所述UE安全文本信息或下发 重新设置的UE安全文本信息。The method for processing the security information in the handover process of the access gateway in the embodiment of the present invention includes: receiving the first request message, determining, according to the result obtained by parsing the first request message, whether the current handover is a handover of the same gateway under the base station; The first response message is sent when the current handover is the same as the cross-base station of the same gateway; the user equipment UE security text information is not sent in the first response message, or the set cell is configured to make the target base station of the opposite end ignore the UE security text. Information or delivery Reset UE security text information.
由于第一响应消息中不下发用户设备UE安全文本信息或设置信元为使对端的目标基站忽略所述UE安全文本信息,因此使得路径切换请求流程可以终止在接入网关,用以减少切换信令对核心网的冲击,同时实现了接入网关终止X2切换中路径切换请求流程场景下的安全信息的处理。The user equipment UE security text information is not sent in the first response message or the setting cell is configured to cause the peer target base station to ignore the UE security text information, so that the path switching request procedure can be terminated at the access gateway to reduce the handover information. The impact on the core network is achieved, and the security information processing in the scenario of the path switching request process in the X2 handover is terminated by the access gateway.
附图说明DRAWINGS
图1为现有技术中接入网关系统架构示意图;1 is a schematic structural diagram of an access gateway system in the prior art;
图2为本发明方法实施例的实现流程示意图;2 is a schematic diagram of an implementation process of an embodiment of a method according to the present invention;
图3为应用本发明实施例的应用场景一的安全信息处理流程示意图;3 is a schematic diagram of a security information processing flow of an application scenario 1 in which an embodiment of the present invention is applied;
图4为应用本发明实施例的应用场景二的安全信息处理流程示意图;4 is a schematic diagram of a security information processing flow of application scenario 2 in which an embodiment of the present invention is applied;
图5为应用本发明实施例的应用场景三的安全信息处理流程示意图;FIG. 5 is a schematic diagram of a security information processing flow of an application scenario 3 in which an embodiment of the present invention is applied;
图6为应用本发明实施例的应用场景四的安全信息处理流程示意图;6 is a schematic flowchart of a security information processing process of an application scenario 4 in which an embodiment of the present invention is applied;
图7为应用本发明实施例的应用场景五的安全信息处理流程示意图;7 is a schematic diagram of a security information processing flow of an application scenario 5 in which an embodiment of the present invention is applied;
图8为本发明接入网关实施例的组成结构示意图。FIG. 8 is a schematic structural diagram of an embodiment of an access gateway according to the present invention.
具体实施方式detailed description
下面结合附图对技术方案的实施作进一步的详细描述。The implementation of the technical solution will be further described in detail below with reference to the accompanying drawings.
本发明实施例的一种接入网关下切换流程中安全信息的处理方法具体涉及在移动通信系统中接入网关架构和功能实现方法,是一种长期演进系统中在接入网引入锚点下切换流程中安全信息的处理方案。A method for processing security information in a handover process of an access gateway according to an embodiment of the present invention specifically relates to an access gateway architecture and a function implementation method in a mobile communication system, which is a long-term evolution system in which an access network is introduced under an anchor point. The processing scheme for switching security information in the process.
本发明实施例的接入网关下切换流程中安全信息的处理方法,如图2所示,所述方法包括:A method for processing security information in a handover process of an access gateway in an embodiment of the present invention is as shown in FIG. 2, where the method includes:
步骤101、接收第一请求消息。Step 101: Receive a first request message.
步骤102、判断出当前切换为同一网关下跨基站的切换时,发送第一响应消息。 Step 102: When it is determined that the current handover is a handover of the same gateway under the base station, the first response message is sent.
这里,根据解析所述第一请求消息得到的结果判断当前切换是否为同一网关下跨基站的切换;Here, determining, according to the result obtained by parsing the first request message, whether the current handover is a handover of the same gateway under the base station;
步骤103、所述第一响应消息中不下发用户设备UE安全文本信息或设置信元为使对端的目标基站忽略所述UE安全文本信息或下发重新设置的UE安全文本信息。Step 103: The user equipment UE security text information or the setting cell is not sent in the first response message, so that the target base station of the opposite end ignores the UE security text information or delivers the reset UE security text information.
在本发明实施例一实施方式中,所述第一请求消息为路径切换请求消息;相应的,所述第一响应消息为路径切换请求响应消息,在所述路径切换请求响应消息中不下发所述UE安全文本信息。In an embodiment of the present invention, the first request message is a path switch request message; correspondingly, the first response message is a path switch request response message, and is not sent in the path switch request response message. The UE security text information.
在本发明实施例一实施方式中,所述第一请求消息为路径切换请求消息;相应的,所述第一响应消息为路径切换请求响应消息,在所述路径切换请求响应消息中设置所述UE安全文本信息为指定值,所述指定值用于使对端的目标基站忽略所述UE安全文本信息。In an embodiment of the present invention, the first request message is a path switch request message; correspondingly, the first response message is a path switch request response message, and the path is set in the path switch request response message. The UE security text information is a specified value, and the specified value is used to cause the target base station of the opposite end to ignore the UE security text information.
在本发明实施例一实施方式中,所述第一请求消息为路径切换请求消息;相应的,所述第一响应消息为路径切换请求响应消息,在路径切换请求响应消息中新增指示信元,并任意写入所述UE安全文本信息,所述指示信元用于使对端的目标基站忽略所述UE安全文本信息。In an embodiment of the present invention, the first request message is a path switch request message; correspondingly, the first response message is a path switch request response message, and an indication cell is added in the path switch request response message. And writing the UE security text information arbitrarily, the indication information element is used to cause the target base station of the opposite end to ignore the UE security text information.
在本发明实施例一实施方式中,所述第一请求消息为承载修改指示消息;相应的,所述第一响应消息为承载修改确认消息,利用所述承载修改确认消息不包含所述UE安全文本信息的自身属性,在所述承载修改确认消息中不下发所述UE安全文本信息;所述承载修改确认消息为现有切换中的消息或新增消息。In an embodiment of the present invention, the first request message is a bearer modification indication message; correspondingly, the first response message is a bearer modification acknowledgement message, and the bearer modification acknowledgement message does not include the UE security. The UE security text information is not sent in the bearer modification confirmation message; the bearer modification confirmation message is an existing handover message or a new message.
在本发明实施例一实施方式中,所述第一请求消息为路径切换请求消息;相应的,所述第一响应消息为路径切换请求响应消息,在所述路径切换请求响应消息中封装所述重新设置的UE安全文本信息,所述重新设置的所述UE安全文本信息用于下次切换或者基站内部切换的密钥生成。 In an embodiment of the present invention, the first request message is a path switch request message; correspondingly, the first response message is a path switch request response message, and the path is encapsulated in the path switch request response message. The reset UE security text information is used for key handover of the next handover or base station internal handover.
本发明实施例的接入网关下切换流程中安全信息的处理方法,所述方法包括:A method for processing security information in a handover process of an access gateway according to an embodiment of the present invention, where the method includes:
步骤201、发送第一请求消息。Step 201: Send a first request message.
步骤202、接收第一响应消息,解析所述第一响应消息,得到所述第一响应消息中不包含用户设备UE安全文本信息或解析设置的信元以忽略所述UE安全文本信息或解析重新设置的UE安全文本信息。Step 202: Receive a first response message, parse the first response message, and obtain a cell that does not include the user equipment UE security text information or parsing the first response message to ignore the UE security text information or parse the re Set the UE security text information.
步骤203、判断出当前切换为同一网关下跨基站的切换并执行对应所述解析结果的处理。Step 203: Determine that the current handover is a handover of the same gateway under the base station and perform processing corresponding to the analysis result.
在本发明实施例一实施方式中,所述第一请求消息为路径切换请求消息;相应的,所述第一响应消息为路径切换请求响应消息,解析所述路径切换请求响应消息,得到在所述路径切换请求响应消息中不下发所述UE安全文本信息,则所述判断出当前切换为同一网关下跨基站的切换并执行对应所述解析结果的处理为:判断出当前切换为同一网关下跨基站的切换,结束当前流程。In an embodiment of the present invention, the first request message is a path switch request message; correspondingly, the first response message is a path switch request response message, and the path switch request response message is parsed to obtain If the UE security text information is not sent in the path switch request response message, the process of determining that the current handover is the same gateway cross-base station handover and performing the analysis result is: determining that the current handover is the same gateway. Switching across base stations ends the current process.
在本发明实施例一实施方式中,所述第一请求消息为路径切换请求消息;相应的,所述第一响应消息为路径切换请求响应消息,解析所述路径切换请求响应消息,得到在所述路径切换请求响应消息中所述UE安全文本信息为指定值,则所述判断出当前切换为同一网关下跨基站的切换并执行对应所述解析结果的处理为:判断出当前切换为同一网关下跨基站的切换,根据所述指定值忽略所述UE安全文本信息,结束当前流程。In an embodiment of the present invention, the first request message is a path switch request message; correspondingly, the first response message is a path switch request response message, and the path switch request response message is parsed to obtain If the UE security text information in the path switch request response message is a specified value, the process of determining that the current handover is the same gateway cross-base station handover and executing the analysis result is: determining that the current handover is the same gateway. The handover of the base station is performed, and the UE security text information is ignored according to the specified value, and the current process is ended.
在本发明实施例一实施方式中,所述第一请求消息为路径切换请求消息;相应的,所述第一响应消息为路径切换请求响应消息,解析所述路径切换请求响应消息,得到在所述路径切换请求响应消息中存在新增指示信元,则所述判断出当前切换为同一网关下跨基站的切换并执行对应所述解析结果的处理为:判断出当前切换为同一网关下跨基站的切换,根据所述 新增指示信元忽略所述UE安全文本信息,结束当前流程。In an embodiment of the present invention, the first request message is a path switch request message; correspondingly, the first response message is a path switch request response message, and the path switch request response message is parsed to obtain If there is a new indication cell in the path switch request response message, the process of determining that the current handover is the same gateway cross-base station handover and performing the analysis result is: determining that the current handover is the same gateway downlink base station Switching according to the The new indicator cell ignores the UE security text information and ends the current process.
在本发明实施例一实施方式中,所述第一请求消息为承载修改指示消息;相应的,所述第一响应消息为承载修改确认消息,解析所述承载修改确认消息,得到在所述承载修改确认消息中不下发所述UE安全文本信息,则所述判断出当前切换为同一网关下跨基站的切换并执行对应所述解析结果的处理为:判断出当前切换为同一网关下跨基站的切换,结束当前流程。In an embodiment of the present invention, the first request message is a bearer modification indication message; correspondingly, the first response message is a bearer modification confirmation message, and the bearer modification confirmation message is parsed, and the bearer is obtained in the bearer. If the UE security text information is not sent in the modification confirmation message, the process of determining that the current handover is the same gateway cross-base station handover and performing the analysis result is: determining that the current handover is the same gateway cross-base station Switch to end the current process.
在本发明实施例一实施方式中,所述第一请求消息为路径切换请求消息;相应的,所述第一响应消息为路径切换请求响应消息,解析所述路径切换请求响应消息,得到所述路径切换请求响应消息中包含用于下次切换或者基站内部切换的密钥生成所采用的所述重新设置的UE安全文本信息,则所述判断出当前切换为同一网关下跨基站的切换并执行对应所述解析结果的处理为:判断出当前切换为同一网关下跨基站的切换,将所述重新设置的UE安全文本信息用于下次切换或者基站内部切换的密钥生成,结束当前流程。In an embodiment of the present invention, the first request message is a path switch request message; correspondingly, the first response message is a path switch request response message, and the path switch request response message is parsed to obtain the The path switch request response message includes the reset UE security text information used for key generation of the next handover or the base station internal handover, and the determining that the current handover is the handover of the same gateway and the execution of the cross-base station The processing corresponding to the analysis result is: determining that the current handover is the same gateway cross-base station handover, and the reset UE security text information is used for next handover or key handover of the base station internal handover, and the current procedure is ended.
采用本发明实施例在接入网关与目标基站之间交互,适用于UE在同一网关下的跨基站X2切换,至少有以下五种具体实现方案。The embodiment of the present invention interacts between the access gateway and the target base station, and is applicable to the cross-base station X2 handover of the UE under the same gateway, and at least the following five specific implementation schemes.
方案一:Option One:
目标基站给接入网关发送路径切换请求消息,接入网关判断当前切换为同一网关下跨基站X2切换,则在路径切换请求响应消息中不下发UE安全文本信息。The target base station sends a path switch request message to the access gateway, and the access gateway determines that the current switch is the same gateway cross-base station X2 handover, and the UE security text information is not sent in the path switch request response message.
方案二:Option II:
目标基站给接入网关发送路径切换请求消息,接入网关判断当前切换为同一网关下跨基站X2切换,则在路径切换请求响应消息中设置UE安全文本信息为特殊值,比如NULL。当目标基站接受到接入网关下发的路径切换请求响应消息,若解出该信元为指定特殊值,则判断当前切换为同一 网关下跨基站X2切换,对该信元信息进行忽略。The target base station sends a path switch request message to the access gateway, and the access gateway determines that the current switch is the same gateway cross-base station X2 handover, and sets the UE security text information to a special value, such as NULL, in the path switch request response message. When the target base station receives the path switch request response message sent by the access gateway, if the target cell is determined to be a specified special value, it is determined that the current switch is the same. The gateway switches across the base station X2, and the cell information is ignored.
方案三:third solution:
目标基站给接入网关发送路径切换请求消息,接入网关判断当前切换为同一网关下跨基站X2切换,则在路径切换请求响应消息中新增指示信元,并任意填写UE安全文本信息。当目标基站接受到接入网关下发的路径切换请求响应消息,根据指示信元内容对该UE安全文本信息进行忽略。The target base station sends a path switch request message to the access gateway, and the access gateway determines that the current switch is the same gateway cross-base station X2 handover, then adds an indication cell in the path switch request response message, and arbitrarily fills in the UE security text information. When the target base station receives the path switch request response message sent by the access gateway, the UE secure text information is ignored according to the indication cell content.
方案四:Option 4:
目标基站判断出当前切换为同一网关下跨基站X2切换,则给接入网关发送承载修改指示消息,消息中包含MME给UE分配的S1接口连接标志信息,Source MME UE S1AP ID,和/或接入网关给UE分配的S1接口连接标志信息,source MA UE S1AP ID。以及需要修改的业务承载信息。接入网关下发承载修改确认消息,消息中包含修改成功的业务承载的信息和/修改失败的业务承载信息。以及包含MME给UE分配的S1接口连接标志信息,和/或接入网关给UE分配的S1接口连接标志信息。不包含UE安全文本信息。The target base station determines that the current handover is the same gateway cross-base station X2 handover, and sends a bearer modification indication message to the access gateway, where the message includes the S1 interface connection identifier information, the Source MME UE S1AP ID, and/or the MME allocated to the UE. S1 interface connection flag information assigned by the gateway to the UE, source MA UE S1AP ID. And the service bearer information that needs to be modified. The access gateway sends a bearer modification confirmation message, where the message includes the information of the service bearer that is successfully modified and the service bearer information that fails to be modified. And the S1 interface connection flag information that is allocated by the MME to the UE, and/or the S1 interface connection flag information that the access gateway allocates to the UE. Does not contain UE security text information.
上述承载修改指示/确认消息可以利用现有S1AP消息,也可以是新增消息。The bearer modification indication/confirmation message may use an existing S1AP message or a new message.
方案五:Option 5:
目标基站给接入网关发送路径切换请求消息,接入网关判断当前切换为同一网关下跨基站X2切换,则在路径切换请求响应消息中重新设置UE安全文本信息,比如计算新的{NCC,NH}。当目标基站接受到接入网关下发的路径切换请求响应消息,解析该信元并用于下次X2切换或者基站内部切换的密钥生成。The target base station sends a path switch request message to the access gateway, and the access gateway determines that the current switch is the same gateway cross-base station X2 handover, and then resets the UE security text information in the path switch request response message, for example, calculates a new {NCC, NH }. When the target base station receives the path switch request response message sent by the access gateway, the target cell is parsed and used for key generation of the next X2 handover or base station internal handover.
采用上述实施例及其具体实现,可以使得同一接入网关下的X2切换流程终止在接入网关,避免因为用户设备在小区间频繁切换对核心网的影响。 同时实现了切换过程安全信息的处理,减轻核心网处理负荷。With the foregoing embodiment and its specific implementation, the X2 handover procedure under the same access gateway can be terminated on the access gateway, and the impact on the core network due to frequent handover of the user equipment between the cells is avoided. At the same time, the processing of the security information of the handover process is realized, and the processing load of the core network is alleviated.
以下对采用本发明实施例的各个应用场景进行具体阐述。The various application scenarios of the embodiments of the present invention are specifically described below.
以下各个应用场景中涉及接入网关的架构包括:接入网关作为基站与核心网之间的接口代理,分别连接基站和核心网,屏蔽接入网对核心网的影响;对控制面接口信令进行筛选,确保UE在接入网关作为用户设备在接入网的接入锚点,如图1所示。其中所述接入网关作为用户设备在接入网的接入锚点是指,当用户设备在接入网关服务的小区间移动时,接入网关保持不变。当UE在接入网关下发生跨基站的X2切换,则X2切换流程可以终止在接入网关,源SeNB为源基站的一个实例,目标SeNB为目标基站的一个实例,接入锚点MA为接入网关的一个实例。The architecture of the access gateway in the following application scenarios includes: the access gateway acts as an interface proxy between the base station and the core network, respectively connects the base station and the core network, and shields the impact of the access network on the core network; The screening is performed to ensure that the UE is used as an access anchor of the user equipment in the access network, as shown in FIG. 1 . The access gateway is used as an access anchor of the user equipment in the access network. When the user equipment moves between cells served by the access gateway, the access gateway remains unchanged. When the UE performs X2 handover across the base station under the access gateway, the X2 handover procedure may terminate at the access gateway, the source SeNB is an instance of the source base station, the target SeNB is an instance of the target base station, and the access anchor MA is connected. An instance of the gateway.
应用场景一:Application scenario 1:
如图3,采用本发明实施例,应用场景一中的具体实现步骤包括:As shown in FIG. 3, in the embodiment of the present invention, the specific implementation steps in the application scenario 1 include:
步骤301:X2切换准备、空口重配和地面数据转发完成后,目标基站给接入网关发送路径切换请求消息;Step 301: After the X2 handover preparation, the air interface reconfiguration, and the ground data forwarding are completed, the target base station sends a path switch request message to the access gateway.
步骤302:接入网关判断当前切换为同一网关下跨基站X2切换,则在给目标基站发送的路径切换请求响应消息中不下发UE安全文本信息。Step 302: The access gateway determines that the current handover is the same gateway, and the UE security text information is not sent in the path switch request response message sent by the target base station.
应用场景二:Application scenario 2:
如图4,采用本发明实施例,应用场景二中的具体实现步骤包括:As shown in Figure 4, in the embodiment of the present invention, the specific implementation steps in the application scenario 2 include:
步骤401:X2切换准备、空口重配和地面数据转发完成后,目标基站给接入网关发送路径切换请求消息;Step 401: After the X2 handover preparation, the air interface reconfiguration, and the ground data forwarding are completed, the target base station sends a path switch request message to the access gateway.
步骤402:接入网关判断当前切换为同一网关下跨基站X2切换,则在给目标基站发送的路径切换请求响应消息中设置UE安全文本信息为特殊值,比如NULL。Step 402: The access gateway determines that the current handover is the same gateway cross-base station X2 handover, and sets the UE security text information to a special value, such as NULL, in the path switch request response message sent to the target base station.
步骤403:当目标基站接受到接入网关下发的路径切换请求响应消息,若解出该信元为指定特殊值,则判断当前切换为同一网关下跨基站X2切 换,对该信元信息进行忽略。Step 403: When the target base station receives the path switch request response message sent by the access gateway, if the cell is determined to be a specified special value, it is determined that the current switch is the same gateway. Change, the cell information is ignored.
应用场景三:Application scenario three:
如图5,采用本发明实施例,应用场景三中的具体实现步骤包括:As shown in Figure 5, in the embodiment of the present invention, the specific implementation steps in the application scenario 3 include:
步骤501:X2切换准备、空口重配和地面数据转发完成后,目标基站给接入网关发送路径切换请求消息;Step 501: After the X2 handover preparation, the air interface reconfiguration, and the ground data forwarding are completed, the target base station sends a path switch request message to the access gateway.
步骤502:接入网关判断当前切换为同一网关下跨基站X2切换,则在路径切换请求响应消息中新增安全信息忽略指示信元,比如该信元存在表示UE安全文本信息需要忽略,或者该信元设置为TRUE,表示UE安全文本信息需要忽略;或者新增切换类型指示信元,比如指示当前切换为同一接入网关下的切换;并任意填写UE安全文本信息。Step 502: The access gateway determines that the current handover is the same gateway cross-base station X2 handover, and adds a security information ignore indication cell in the path switch request response message, for example, the presence of the cell indicates that the UE security text information needs to be ignored, or The cell is set to TRUE, indicating that the UE security text information needs to be ignored; or the handover type indication cell is added, for example, indicating that the current handover is a handover under the same access gateway; and the UE security text information is arbitrarily filled.
步骤503:当目标基站接受到接入网关下发的路径切换请求响应消息,根据上述新增指示信元,对该UE安全文本信息进行忽略。Step 503: When the target base station receives the path switch request response message sent by the access gateway, the secure text information of the UE is ignored according to the newly added indication cell.
应用场景四:Application scenario four:
如图6,采用本发明实施例,应用场景四中的具体实现步骤包括:As shown in Figure 6, in the embodiment of the present invention, the specific implementation steps in the application scenario 4 include:
步骤601:X2切换准备、空口重配和地面数据转发完成后,目标基站判断出当前切换为同一网关下跨基站X2切换,则给接入网关发送承载修改指示消息,消息中包含MME给UE分配的S1接口连接标志信息,Source MME UE S1AP ID,和/或接入网关给UE分配的S1接口连接标志信息,source MA UE S1AP ID。以及需要修改的业务承载信息;Step 601: After the X2 handover preparation, the air interface reconfiguration, and the ground data forwarding are completed, the target base station determines that the current handover is the same gateway cross-base station X2 handover, and sends a bearer modification indication message to the access gateway, where the message includes the MME to allocate to the UE. The S1 interface connection flag information, the Source MME UE S1AP ID, and/or the S1 interface connection flag information allocated by the access gateway to the UE, the source MA UE S1AP ID. And service bearer information that needs to be modified;
步骤602:接入网关下发承载修改确认消息,消息中包含修改成功的业务承载的信息和/修改失败的业务承载信息。以及包含MME给UE分配的S1接口连接标志信息,和/或接入网关给UE分配的S1接口连接标志信息。不包含UE安全文本信息。Step 602: The access gateway sends a bearer modification confirmation message, where the message includes the information of the service bearer that is successfully modified and the service bearer information that fails to be modified. And the S1 interface connection flag information that is allocated by the MME to the UE, and/or the S1 interface connection flag information that the access gateway allocates to the UE. Does not contain UE security text information.
上述承载修改指示/确认消息可以利用现有S1AP消息,也可以是新增消息。 The bearer modification indication/confirmation message may use an existing S1AP message or a new message.
应用场景五:Application scenario five:
如图7,采用本发明实施例,应用场景五中的具体实现步骤包括:As shown in Figure 7, the specific implementation steps in the application scenario 5 include:
步骤701:X2切换准备、空口重配和地面数据转发完成后,目标基站给接入网关发送路径切换请求消息;Step 701: After the X2 handover preparation, the air interface reconfiguration, and the ground data forwarding are completed, the target base station sends a path switch request message to the access gateway.
步骤702:接入网关判断当前切换为同一网关下跨基站X2切换,则在路径切换请求响应消息中重新设置UE安全文本信息,比如计算新的{NCC,NH}。当目标基站接受到接入网关下发的路径切换请求响应消息,解析该信元并用于下次X2切换或者基站内部切换的密钥生成。Step 702: The access gateway determines that the current handover is the same gateway cross-base station X2 handover, and then resets the UE security text information in the path switch request response message, for example, calculates a new {NCC, NH}. When the target base station receives the path switch request response message sent by the access gateway, the target cell is parsed and used for key generation of the next X2 handover or base station internal handover.
本发明实施例的接入网关,如图8所示,所述接入网关包括:As shown in FIG. 8, the access gateway of the embodiment of the present invention includes:
第一接收单元11,配置为接收第一请求消息,根据解析所述第一请求消息得到的结果判断当前切换是否为同一网关下跨基站的切换;The first receiving unit 11 is configured to receive the first request message, and determine, according to the result obtained by parsing the first request message, whether the current handover is a handover of the same gateway under the base station;
判断及发送单元12,配置为判断出当前切换为同一网关下跨基站的切换时,发送第一响应消息,所述第一响应消息中不下发用户设备UE安全文本信息或设置信元为使对端的目标基站忽略所述UE安全文本信息或下发重新设置的UE安全文本信息。The determining and transmitting unit 12 is configured to send a first response message when the current handover is the same as the handover of the same gateway, and the user response message is not sent in the first response message. The target base station of the terminal ignores the UE security text information or delivers the reset UE security text information.
本发明实施例一实施方式中,所述第一请求消息为路径切换请求消息;In an embodiment of the present invention, the first request message is a path switch request message;
所述判断及发送单元,还配置为所述第一响应消息为路径切换请求响应消息,在所述路径切换请求响应消息中不下发所述UE安全文本信息。The determining and sending unit is further configured to: the first response message is a path switch request response message, and the UE security text information is not sent in the path switch request response message.
本发明实施例一实施方式中,所述第一请求消息为路径切换请求消息;In an embodiment of the present invention, the first request message is a path switch request message;
所述判断及发送单元,还配置为所述第一响应消息为路径切换请求响应消息,在所述路径切换请求响应消息中设置所述UE安全文本信息为指定值后发送所述路径切换请求响应消息,所述指定值用于使对端的目标基站忽略所述UE安全文本信息。The determining and transmitting unit is further configured to: the first response message is a path switch request response message, and the path switch request response is sent after the UE security text information is set to a specified value in the path switch request response message. The message, the specified value is used to cause the target base station of the opposite end to ignore the UE security text information.
本发明实施例一实施方式中,所述第一请求消息为路径切换请求消息;In an embodiment of the present invention, the first request message is a path switch request message;
所述判断及发送单元,还配置为所述第一响应消息为路径切换请求响 应消息,在路径切换请求响应消息中新增指示信元,并任意写入所述UE安全文本信息后发送所述路径切换请求响应消息,所述指示信元用于使对端的目标基站忽略所述UE安全文本信息。The determining and transmitting unit is further configured to: the first response message is a path switching request In response to the message, the indication cell is newly added in the path switch request response message, and the path switch request response message is sent after the security text information is arbitrarily written, and the indication cell is used to make the target base station of the opposite end ignore the The UE security text information.
本发明实施例一实施方式中,所述第一请求消息为承载修改指示消息;In an embodiment of the present invention, the first request message is a bearer modification indication message;
所述判断及发送单元,还配置为所述第一响应消息为承载修改确认消息,利用所述承载修改确认消息不包含所述UE安全文本信息的自身属性,在所述承载修改确认消息中不下发所述UE安全文本信息;The determining and sending unit is further configured to: the first response message is a bearer modification confirmation message, and the bearer modification confirmation message does not include the self-attribute of the UE security text information, and is not included in the bearer modification confirmation message. Sending the UE security text information;
所述承载修改确认消息为现有切换中的消息或新增消息。The bearer modification confirmation message is a message in the existing handover or a new message.
本发明实施例一实施方式中,所述第一请求消息为路径切换请求消息;In an embodiment of the present invention, the first request message is a path switch request message;
所述判断及发送单元,还配置为所述第一响应消息为路径切换请求响应消息,在所述路径切换请求响应消息中封装所述重新设置的UE安全文本信息后发送所述路径切换请求响应消息,所述重新设置的UE安全文本信息用于下次切换或者基站内部切换的密钥生成。The determining and sending unit is further configured to: the first response message is a path switch request response message, and the path switch request response is sent after the reset UE security text information is encapsulated in the path switch request response message The message, the reset UE security text information is used for key generation of the next handover or internal handover of the base station.
本发明实施例的基站,所述基站为目标基站,包括:In the base station of the embodiment of the present invention, the base station is a target base station, and includes:
第一发送单元,配置为发送第一请求消息;a first sending unit, configured to send a first request message;
处理单元,配置为接收第一响应消息,解析所述第一响应消息,得到所述第一响应消息中不包含用户设备UE安全文本信息或或解析设置的信元以忽略所述UE安全文本信息的解析结果或解析重新设置的UE安全文本信息,判断出当前切换为同一网关下跨基站的切换并执行对应所述解析结果的处理。The processing unit is configured to receive the first response message, parse the first response message, and obtain a cell that does not include the user equipment UE security text information or parse the first response message to ignore the UE security text information. The analysis result or the reconfigured UE security text information is analyzed, and it is determined that the current handover is the handover of the same gateway under the base station and the processing corresponding to the analysis result is executed.
本发明实施例一实施方式中,所述第一请求消息为路径切换请求消息;In an embodiment of the present invention, the first request message is a path switch request message;
处理单元,还配置为所述第一响应消息为路径切换请求响应消息,解析所述路径切换请求响应消息,得到在所述路径切换请求响应消息中不下发所述UE安全文本信息,判断出当前切换为同一网关下跨基站的切换,结束当前流程。 The processing unit is further configured to: the first response message is a path switch request response message, and the path switch request response message is parsed, so that the UE security text information is not sent in the path switch request response message, and the current Switch to the switchover between the base stations and the base station to end the current process.
本发明实施例一实施方式中,所述第一请求消息为路径切换请求消息;In an embodiment of the present invention, the first request message is a path switch request message;
处理单元,还配置为所述第一响应消息为路径切换请求响应消息,解析所述路径切换请求响应消息,得到在所述路径切换请求响应消息中所述UE安全文本信息为指定值,判断出当前切换为同一网关下跨基站的切换,根据所述指定值忽略所述UE安全文本信息,结束当前流程。The processing unit is further configured to: the first response message is a path switch request response message, parse the path switch request response message, and obtain, in the path switch request response message, the UE security text information is a specified value, and determine Currently, switching to the handover of the base station under the same gateway, omitting the UE security text information according to the specified value, and ending the current process.
本发明实施例一实施方式中,所述第一请求消息为路径切换请求消息;In an embodiment of the present invention, the first request message is a path switch request message;
处理单元,还配置为所述第一响应消息为路径切换请求响应消息,解析所述路径切换请求响应消息,得到在所述路径切换请求响应消息中存在新增指示信元,判断出当前切换为同一网关下跨基站的切换,根据所述新增指示信元忽略所述UE安全文本信息,结束当前流程。The processing unit is further configured to: the first response message is a path switch request response message, parse the path switch request response message, and obtain a new indication cell in the path switch request response message, and determine that the current switch is The handover between the same gateway and the base station ignores the UE security text information according to the newly added indicator cell, and ends the current process.
本发明实施例一实施方式中,所述第一请求消息为承载修改指示消息;In an embodiment of the present invention, the first request message is a bearer modification indication message;
处理单元,还配置为所述第一响应消息为承载修改确认消息,解析所述承载修改确认消息,得到在所述承载修改确认消息中不下发所述UE安全文本信息,判断出当前切换为同一网关下跨基站的切换,结束当前流程。The processing unit is further configured to: the first response message is a bearer modification confirmation message, and the bearer modification confirmation message is parsed, so that the UE security text information is not sent in the bearer modification confirmation message, and the current handover is determined to be the same The handover between the gateways and the base station ends the current process.
本发明实施例一实施方式中,所述第一请求消息为路径切换请求消息;In an embodiment of the present invention, the first request message is a path switch request message;
所述第一响应消息为路径切换请求响应消息,解析所述路径切换请求响应消息,得到所述路径切换请求响应消息中包含用于下次切换或者基站内部切换的密钥生成所采用的所述重新设置的UE安全文本信息,判断出当前切换为同一网关下跨基站的切换,将所述重新设置的UE安全文本信息用于下次切换或者基站内部切换的密钥生成,结束当前流程。The first response message is a path switch request response message, and the path switch request response message is parsed, and the path switch request response message includes the key used for key generation for next handover or base station internal handover. The reset UE security text information determines that the current handover is the handover of the same gateway under the base station, and the reset UE security text information is used for the next handover or key handover of the base station internal handover, and the current flow is ended.
这里,对说明书附图中涉及的英文做中英文对照解释如下:Here, the English-Chinese comparison of the English in the drawings of the specification is as follows:
Mobility anchor A:移动性锚点A;Mobility anchor A: Mobility anchor A;
Mobility anchor B:移动性锚点B;Mobility anchor B: Mobility anchor B;
Macro eNB:增强型宏基站Macro eNB: Enhanced Macro Base Station
MME:移动管理实体; MME: mobile management entity;
S-GW:服务网关S-GW: Service Gateway
SeNB1:移动性锚点下辖的基站1;SeNB1: a base station 1 under the mobility anchor;
SeNB2:移动性锚点下辖的基站2;SeNB2: a base station 2 under the mobility anchor point;
SeNB3:移动性锚点下辖的基站3;SeNB3: a base station 3 under the mobility anchor;
UE:用户设备。UE: User equipment.
本发明实施例所述集成的模块如果以软件功能模块的形式实现并作为独立的产品销售或使用时,也可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明实施例的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机、服务器、或者网络设备等)执行本发明各个实施例所述方法的全部或部分。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。这样,本发明实施例不限制于任何特定的硬件和软件结合。The integrated modules described in the embodiments of the present invention may also be stored in a computer readable storage medium if they are implemented in the form of software functional modules and sold or used as separate products. Based on such understanding, the technical solution of the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product stored in a storage medium, including a plurality of instructions. A computer device (which may be a personal computer, server, or network device, etc.) is caused to perform all or part of the methods described in various embodiments of the present invention. The foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. . Thus, embodiments of the invention are not limited to any specific combination of hardware and software.
相应的,本发明实施例还提供一种计算机存储介质,其中存储有计算机程序,该计算机程序用于执行本发明实施例的接入网关下切换流程中安全信息的处理方法。Correspondingly, the embodiment of the present invention further provides a computer storage medium, wherein the computer program is used to execute a method for processing security information in a handover process under the access gateway according to the embodiment of the present invention.
以上所述,仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围。The above is only the preferred embodiment of the present invention and is not intended to limit the scope of the present invention.
工业实用性Industrial applicability
本发明实施例的接入网关下切换流程中安全信息的处理方法包括:接收第一请求消息,根据解析所述第一请求消息得到的结果判断当前切换是否为同一网关下跨基站的切换;判断出当前切换为同一网关下跨基站的切换时,发送第一响应消息;所述第一响应消息中不下发用户设备UE安全文 本信息或设置信元为使对端的目标基站忽略所述UE安全文本信息或下发重新设置的UE安全文本信息。由于第一响应消息中不下发用户设备UE安全文本信息或设置信元为使对端的目标基站忽略所述UE安全文本信息,因此使得路径切换请求流程可以终止在接入网关,用以减少切换信令对核心网的冲击,同时实现了接入网关终止X2切换中路径切换请求流程场景下的安全信息的处理。 The method for processing the security information in the handover process of the access gateway in the embodiment of the present invention includes: receiving the first request message, determining, according to the result obtained by parsing the first request message, whether the current handover is a handover of the same gateway under the base station; The first response message is sent when the current handover to the handover of the same gateway is performed, and the user equipment UE security text is not sent in the first response message. The information or setting cell is such that the target base station of the opposite end ignores the UE security text information or delivers the reset UE security text information. The user equipment UE security text information is not sent in the first response message or the setting cell is configured to cause the peer target base station to ignore the UE security text information, so that the path switching request procedure can be terminated at the access gateway to reduce the handover information. The impact on the core network is achieved, and the security information processing in the scenario of the path switching request process in the X2 handover is terminated by the access gateway.

Claims (24)

  1. 一种切换流程中安全信息的处理方法,所述方法包括:A method for processing security information in a handover process, the method comprising:
    接收第一请求消息,根据解析所述第一请求消息得到的结果判断当前切换是否为同一网关下跨基站的切换;Receiving a first request message, and determining, according to a result obtained by parsing the first request message, whether the current handover is a handover of a base station under the same gateway;
    判断出当前切换为同一网关下跨基站的切换时,发送第一响应消息;When it is determined that the current handover is a handover between the same gateway and the base station, the first response message is sent;
    所述第一响应消息中不下发用户设备UE安全文本信息或设置信元为使对端的目标基站忽略所述UE安全文本信息或下发重新设置的UE安全文本信息。The user equipment UE security text information or the setting cell is not sent in the first response message, so that the target base station of the opposite end ignores the UE security text information or delivers the reset UE security text information.
  2. 根据权利要求1所述的方法,其中,所述第一请求消息为路径切换请求消息;The method of claim 1, wherein the first request message is a path switch request message;
    所述第一响应消息为路径切换请求响应消息,在所述路径切换请求响应消息中不下发所述UE安全文本信息。The first response message is a path switch request response message, and the UE security text information is not sent in the path switch request response message.
  3. 根据权利要求1所述的方法,其中,所述第一请求消息为路径切换请求消息;The method of claim 1, wherein the first request message is a path switch request message;
    所述第一响应消息为路径切换请求响应消息,在所述路径切换请求响应消息中设置所述UE安全文本信息为指定值,所述指定值用于使对端的目标基站忽略所述UE安全文本信息。The first response message is a path switch request response message, and the UE security text information is set to a specified value in the path switch request response message, where the specified value is used to cause the target base station of the opposite end to ignore the UE security text. information.
  4. 根据权利要求1所述的方法,其中,所述第一请求消息为路径切换请求消息;The method of claim 1, wherein the first request message is a path switch request message;
    所述第一响应消息为路径切换请求响应消息,在路径切换请求响应消息中新增指示信元,并任意写入所述UE安全文本信息,所述指示信元用于使对端的目标基站忽略所述UE安全文本信息。The first response message is a path switch request response message, and the indication message is newly added in the path switch request response message, and the UE security text information is arbitrarily written, and the indication cell is used to ignore the target base station of the opposite end. The UE security text information.
  5. 根据权利要求1所述的方法,其中,所述第一请求消息为承载修改指示消息;The method of claim 1, wherein the first request message is a bearer modification indication message;
    所述第一响应消息为承载修改确认消息,利用所述承载修改确认消息 不包含所述UE安全文本信息的自身属性,在所述承载修改确认消息中不下发所述UE安全文本信息;The first response message is a bearer modification acknowledgement message, and the acknowledgement message is modified by using the bearer. The UE security text information is not sent in the bearer modification confirmation message, and the UE security text information is not included in the bearer modification confirmation message;
    所述承载修改确认消息为现有切换中的消息或新增消息。The bearer modification confirmation message is a message in the existing handover or a new message.
  6. 根据权利要求1所述的方法,其中,所述第一请求消息为路径切换请求消息;The method of claim 1, wherein the first request message is a path switch request message;
    所述第一响应消息为路径切换请求响应消息,在所述路径切换请求响应消息中封装所述重新设置的UE安全文本信息,所述重新设置的UE安全文本信息用于下次切换或者基站内部切换的密钥生成。The first response message is a path switch request response message, and the reset UE security text information is encapsulated in the path switch request response message, where the reset UE security text information is used for next handover or internal base station Switched key generation.
  7. 一种切换流程中安全信息的处理方法,所述方法包括:A method for processing security information in a handover process, the method comprising:
    发送第一请求消息;Sending a first request message;
    接收第一响应消息,解析所述第一响应消息,得到所述第一响应消息中不包含用户设备UE安全文本信息或解析设置的信元以忽略所述UE安全文本信息或解析重新设置的UE安全文本信息;Receiving the first response message, parsing the first response message, and obtaining a UE that does not include the user equipment UE security text information or parsing the set in the first response message to ignore the UE security text information or parse the reset UE Secure text information;
    判断出当前切换为同一网关下跨基站的切换并执行对应所述解析结果的处理。It is determined that the current handover is a handover between the base station and the base station, and the processing corresponding to the analysis result is performed.
  8. 根据权利要求7所述的方法,其中,所述第一请求消息为路径切换请求消息;The method of claim 7, wherein the first request message is a path switch request message;
    所述第一响应消息为路径切换请求响应消息,解析所述路径切换请求响应消息,得到在所述路径切换请求响应消息中不下发所述UE安全文本信息,则所述判断出当前切换为同一网关下跨基站的切换并执行对应所述解析结果的处理为:The first response message is a path switch request response message, and the path switch request response message is parsed to obtain that the UE security text information is not sent in the path switch request response message, and the current switch is determined to be the same The handover of the gateway under the gateway and the processing corresponding to the parsing result are:
    判断出当前切换为同一网关下跨基站的切换,结束当前流程。It is determined that the current handover is a handover between the base station and the base station, and the current process is ended.
  9. 根据权利要求7所述的方法,其中,所述第一请求消息为路径切换请求消息;The method of claim 7, wherein the first request message is a path switch request message;
    所述第一响应消息为路径切换请求响应消息,解析所述路径切换请求 响应消息,得到在所述路径切换请求响应消息中所述UE安全文本信息为指定值,则所述判断出当前切换为同一网关下跨基站的切换并执行对应所述解析结果的处理为:The first response message is a path switch request response message, and the path switch request is parsed And in response to the message, if the UE security text information is a specified value in the path switch request response message, the process of determining that the current handover is the same gateway cross-base station handover and performing the parsing result is:
    判断出当前切换为同一网关下跨基站的切换,根据所述指定值忽略所述UE安全文本信息,结束当前流程。It is determined that the current handover is the handover of the base station under the same gateway, and the UE security text information is ignored according to the specified value, and the current process is ended.
  10. 根据权利要求7所述的方法,其中,所述第一请求消息为路径切换请求消息;The method of claim 7, wherein the first request message is a path switch request message;
    所述第一响应消息为路径切换请求响应消息,解析所述路径切换请求响应消息,得到在所述路径切换请求响应消息中存在新增指示信元,则所述判断出当前切换为同一网关下跨基站的切换并执行对应所述解析结果的处理为:The first response message is a path switch request response message, and the path switch request response message is parsed to obtain that a new indication cell exists in the path switch request response message, and the current switch is determined to be the same gateway. The process of switching across base stations and performing the corresponding parsing result is:
    判断出当前切换为同一网关下跨基站的切换,根据所述新增指示信元忽略所述UE安全文本信息,结束当前流程。Determining that the current handover is a handover of the same gateway under the same base station, and omitting the UE security text information according to the newly added indication cell, and ending the current process.
  11. 根据权利要求7所述的方法,其中,所述第一请求消息为承载修改指示消息;The method according to claim 7, wherein the first request message is a bearer modification indication message;
    所述第一响应消息为承载修改确认消息,解析所述承载修改确认消息,得到在所述承载修改确认消息中不下发所述UE安全文本信息,则所述判断出当前切换为同一网关下跨基站的切换并执行对应所述解析结果的处理为:The first response message is a bearer modification confirmation message, and the bearer modification confirmation message is parsed, so that the UE security text information is not sent in the bearer modification confirmation message, and the current handover is determined to be the same gateway downlink. The handover of the base station and the processing corresponding to the parsing result are:
    判断出当前切换为同一网关下跨基站的切换,结束当前流程。It is determined that the current handover is a handover between the base station and the base station, and the current process is ended.
  12. 根据权利要求7所述的方法,其中,所述第一请求消息为路径切换请求消息;The method of claim 7, wherein the first request message is a path switch request message;
    所述第一响应消息为路径切换请求响应消息,解析所述路径切换请求响应消息,得到所述路径切换请求响应消息中包含用于下次切换或者基站内部切换的密钥生成所采用的所述重新设置的UE安全文本信息,则所述判 断出当前切换为同一网关下跨基站的切换并执行对应所述解析结果的处理为:The first response message is a path switch request response message, and the path switch request response message is parsed, and the path switch request response message includes the key used for key generation for next handover or base station internal handover. Reset the UE security text information, then the judgment The process of disconnecting the current handover to the base station under the same gateway and performing the corresponding parsing result is:
    判断出当前切换为同一网关下跨基站的切换,将所述重新设置的UE安全文本信息用于下次切换或者基站内部切换的密钥生成,结束当前流程。It is determined that the current handover is the handover of the base station under the same gateway, and the reset UE security text information is used for key generation of the next handover or internal handover of the base station, and the current procedure is ended.
  13. 一种接入网关,所述接入网关包括:An access gateway, the access gateway includes:
    第一接收单元,配置为接收第一请求消息,根据解析所述第一请求消息得到的结果判断当前切换是否为同一网关下跨基站的切换;The first receiving unit is configured to receive the first request message, and determine, according to the result obtained by parsing the first request message, whether the current handover is a handover of the same gateway under the base station;
    判断及发送单元,配置为判断出当前切换为同一网关下跨基站的切换时,发送第一响应消息,所述第一响应消息中不下发用户设备UE安全文本信息或设置信元为使对端的目标基站忽略所述UE安全文本信息或下发重新设置的UE安全文本信息。The determining and sending unit, configured to determine that the current handover is the handover of the same gateway, the first response message, where the user equipment UE security text information is not sent or the set cell is set to be the peer end The target base station ignores the UE security text information or delivers the reset UE security text information.
  14. 根据权利要求13所述的接入网关,其中,所述第一请求消息为路径切换请求消息;The access gateway according to claim 13, wherein the first request message is a path switch request message;
    所述判断及发送单元,还配置为所述第一响应消息为路径切换请求响应消息,在所述路径切换请求响应消息中不下发所述UE安全文本信息。The determining and sending unit is further configured to: the first response message is a path switch request response message, and the UE security text information is not sent in the path switch request response message.
  15. 根据权利要求13所述的接入网关,其中,所述第一请求消息为路径切换请求消息;The access gateway according to claim 13, wherein the first request message is a path switch request message;
    所述判断及发送单元,还配置为所述第一响应消息为路径切换请求响应消息,在所述路径切换请求响应消息中设置所述UE安全文本信息为指定值后发送所述路径切换请求响应消息,所述指定值用于使对端的目标基站忽略所述UE安全文本信息。The determining and transmitting unit is further configured to: the first response message is a path switch request response message, and the path switch request response is sent after the UE security text information is set to a specified value in the path switch request response message. The message, the specified value is used to cause the target base station of the opposite end to ignore the UE security text information.
  16. 根据权利要求13所述的接入网关,其中,所述第一请求消息为路径切换请求消息;The access gateway according to claim 13, wherein the first request message is a path switch request message;
    所述判断及发送单元,还配置为所述第一响应消息为路径切换请求响应消息,在路径切换请求响应消息中新增指示信元,并任意写入所述UE 安全文本信息后发送所述路径切换请求响应消息,所述指示信元用于使对端的目标基站忽略所述UE安全文本信息。The determining and sending unit is further configured to: the first response message is a path switch request response message, add an indication cell in the path switch request response message, and arbitrarily write the UE The path switch request response message is sent after the security text information is used, and the indication cell is used to cause the target base station of the opposite end to ignore the UE security text information.
  17. 根据权利要求13所述的接入网关,其中,所述第一请求消息为承载修改指示消息;The access gateway according to claim 13, wherein the first request message is a bearer modification indication message;
    所述判断及发送单元,还配置为所述第一响应消息为承载修改确认消息,利用所述承载修改确认消息不包含所述UE安全文本信息的自身属性,在所述承载修改确认消息中不下发所述UE安全文本信息;The determining and sending unit is further configured to: the first response message is a bearer modification confirmation message, and the bearer modification confirmation message does not include the self-attribute of the UE security text information, and is not included in the bearer modification confirmation message. Sending the UE security text information;
    所述承载修改确认消息为现有切换中的消息或新增消息。The bearer modification confirmation message is a message in the existing handover or a new message.
  18. 根据权利要求13所述的接入网关,其中,所述第一请求消息为路径切换请求消息;The access gateway according to claim 13, wherein the first request message is a path switch request message;
    所述判断及发送单元,还配置为所述第一响应消息为路径切换请求响应消息,在所述路径切换请求响应消息中封装所述重新设置的UE安全文本信息后发送所述路径切换请求响应消息,所述重新设置的UE安全文本信息用于下次切换或者基站内部切换的密钥生成。The determining and sending unit is further configured to: the first response message is a path switch request response message, and the path switch request response is sent after the reset UE security text information is encapsulated in the path switch request response message The message, the reset UE security text information is used for key generation of the next handover or internal handover of the base station.
  19. 一种基站,所述基站为目标基站,包括:A base station, where the base station is a target base station, including:
    第一发送单元,配置为发送第一请求消息;a first sending unit, configured to send a first request message;
    处理单元,配置为接收第一响应消息,解析所述第一响应消息,得到所述第一响应消息中不包含用户设备UE安全文本信息或解析设置的信元以忽略所述UE安全文本信息的解析结果或解析重新设置的UE安全文本信息,判断出当前切换为同一网关下跨基站的切换并执行对应所述解析结果的处理。The processing unit is configured to receive the first response message, parse the first response message, and obtain a cell that does not include the user equipment UE security text information or parse the first response message to ignore the UE security text information. The result of the analysis or the parsed UE security text information is parsed, and it is determined that the current handover is the handover of the same gateway under the base station and the processing corresponding to the analysis result is executed.
  20. 根据权利要求19所述的基站,其中,所述第一请求消息为路径切换请求消息;The base station according to claim 19, wherein the first request message is a path switch request message;
    处理单元,还配置为所述第一响应消息为路径切换请求响应消息,解析所述路径切换请求响应消息,得到在所述路径切换请求响应消息中不下 发所述UE安全文本信息,判断出当前切换为同一网关下跨基站的切换,结束当前流程。The processing unit is further configured to: the first response message is a path switch request response message, and the path switch request response message is parsed, and is obtained in the path switch request response message. Sending the UE security text information, determining that the current handover is the handover of the same gateway under the base station, and ending the current process.
  21. 根据权利要求19所述的基站,其中,所述第一请求消息为路径切换请求消息;The base station according to claim 19, wherein the first request message is a path switch request message;
    处理单元,还配置为所述第一响应消息为路径切换请求响应消息,解析所述路径切换请求响应消息,得到在所述路径切换请求响应消息中所述UE安全文本信息为指定值,判断出当前切换为同一网关下跨基站的切换,根据所述指定值忽略所述UE安全文本信息,结束当前流程。The processing unit is further configured to: the first response message is a path switch request response message, parse the path switch request response message, and obtain, in the path switch request response message, the UE security text information is a specified value, and determine Currently, switching to the handover of the base station under the same gateway, omitting the UE security text information according to the specified value, and ending the current process.
  22. 根据权利要求19所述的基站,其中,所述第一请求消息为路径切换请求消息;The base station according to claim 19, wherein the first request message is a path switch request message;
    处理单元,还配置为所述第一响应消息为路径切换请求响应消息,解析所述路径切换请求响应消息,得到在所述路径切换请求响应消息中存在新增指示信元,判断出当前切换为同一网关下跨基站的切换,根据所述新增指示信元忽略所述UE安全文本信息,结束当前流程。The processing unit is further configured to: the first response message is a path switch request response message, parse the path switch request response message, and obtain a new indication cell in the path switch request response message, and determine that the current switch is The handover between the same gateway and the base station ignores the UE security text information according to the newly added indicator cell, and ends the current process.
  23. 根据权利要求19所述的基站,其中,所述第一请求消息为承载修改指示消息;The base station according to claim 19, wherein the first request message is a bearer modification indication message;
    处理单元,还配置为所述第一响应消息为承载修改确认消息,解析所述承载修改确认消息,得到在所述承载修改确认消息中不下发所述UE安全文本信息,判断出当前切换为同一网关下跨基站的切换,结束当前流程。The processing unit is further configured to: the first response message is a bearer modification confirmation message, and the bearer modification confirmation message is parsed, so that the UE security text information is not sent in the bearer modification confirmation message, and the current handover is determined to be the same The handover between the gateways and the base station ends the current process.
  24. 根据权利要求19所述的基站,其中,所述第一请求消息为路径切换请求消息;The base station according to claim 19, wherein the first request message is a path switch request message;
    所述第一响应消息为路径切换请求响应消息,解析所述路径切换请求响应消息,得到所述路径切换请求响应消息中包含用于下次切换或者基站内部切换的密钥生成所采用的所述重新设置的UE安全文本信息,判断出当前切换为同一网关下跨基站的切换,将所述重新设置的UE安全文本信息用 于下次切换或者基站内部切换的密钥生成,结束当前流程。 The first response message is a path switch request response message, and the path switch request response message is parsed, and the path switch request response message includes the key used for key generation for next handover or base station internal handover. Resetting the UE security text information, determining that the current handover is the handover of the same gateway under the base station, and using the reset UE security text information The key is generated for the next handover or internal handover of the base station, and the current flow is ended.
PCT/CN2015/085363 2014-12-26 2015-07-28 Security information processing method in switching procedure, access gateway, and base station WO2016101617A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410837576.3A CN105792189A (en) 2014-12-26 2014-12-26 Processing method of security information in handover flow, access gateway and base station
CN201410837576.3 2014-12-26

Publications (1)

Publication Number Publication Date
WO2016101617A1 true WO2016101617A1 (en) 2016-06-30

Family

ID=56149161

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/085363 WO2016101617A1 (en) 2014-12-26 2015-07-28 Security information processing method in switching procedure, access gateway, and base station

Country Status (2)

Country Link
CN (1) CN105792189A (en)
WO (1) WO2016101617A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110383885A (en) * 2017-01-11 2019-10-25 瑞典爱立信有限公司 5G QoS flow remaps to radio bearer
WO2020142884A1 (en) * 2019-01-07 2020-07-16 华为技术有限公司 Method and device for switching between transmission paths

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101841807A (en) * 2009-03-19 2010-09-22 大唐移动通信设备有限公司 Execution method and system of security process
CN102572816A (en) * 2011-12-27 2012-07-11 电信科学技术研究院 Method and device for mobile switching
CN102598786A (en) * 2011-11-11 2012-07-18 华为技术有限公司 Switching method between base stations, base stations and communication system
CN102638858A (en) * 2007-08-22 2012-08-15 华为技术有限公司 Method and system for switching evolution network

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109890032B (en) * 2012-01-26 2022-12-02 瑞典爱立信有限公司 Operation of a service node in a network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102638858A (en) * 2007-08-22 2012-08-15 华为技术有限公司 Method and system for switching evolution network
CN101841807A (en) * 2009-03-19 2010-09-22 大唐移动通信设备有限公司 Execution method and system of security process
CN102598786A (en) * 2011-11-11 2012-07-18 华为技术有限公司 Switching method between base stations, base stations and communication system
CN102572816A (en) * 2011-12-27 2012-07-11 电信科学技术研究院 Method and device for mobile switching

Also Published As

Publication number Publication date
CN105792189A (en) 2016-07-20

Similar Documents

Publication Publication Date Title
US11950314B2 (en) Configuration method and apparatus, and system
EP3032871B1 (en) Data transmission method, device and system
US20180049091A1 (en) Method, apparatus, and system for transmitting data during handover procedure
US10798766B2 (en) Multi-connectivity communication method and device
US9853987B2 (en) Method, apparatus and system for realizing security detection in heterogeneous network
JP6635973B2 (en) Methods and devices for data shunting
US11696180B2 (en) Base station, wireless communication system, and communication method
EP3267724A1 (en) Data transmission method for use during base station handover, user device and base station, and storage medium
KR20240004972A (en) A first node, a second node, and a method executed by the same for processing migration of a node
CN105792292B (en) Base station switching method, system and related device
WO2022082543A1 (en) Iab-node migration method and apparatus
WO2016101617A1 (en) Security information processing method in switching procedure, access gateway, and base station
US20230397055A1 (en) Inter-system handover involving e1 interface
WO2022151086A1 (en) Integrated access and backhaul communication method and apparatus
WO2022082691A1 (en) Rlf recovery method and apparatus for iab network, and related device
WO2023150968A1 (en) Signal transceiving method and apparatus, and communication system
WO2015042883A1 (en) Uplink service transmission method, downlink service transmission method and device
KR20150061856A (en) Message processing method and apparatus for call setup and mobile telecommunication system for the same

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15871691

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15871691

Country of ref document: EP

Kind code of ref document: A1